X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=crypto%2Finclude%2Finternal%2Fevp_int.h;h=71833fa49ec17340ab6cf6ae8928110394044844;hp=24c6870628c58dbbdfc7cf7af7b7e85833c63fbf;hb=ff64702b3d83d4c77756e0fd7b624e2165dbbdf0;hpb=349807608f31b20af01a342d0072bb92e0b036e2 diff --git a/crypto/include/internal/evp_int.h b/crypto/include/internal/evp_int.h index 24c6870628..71833fa49e 100644 --- a/crypto/include/internal/evp_int.h +++ b/crypto/include/internal/evp_int.h @@ -1,62 +1,28 @@ /* - * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project - * 2015. - */ -/* ==================================================================== - * Copyright (c) 2015 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). + * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include "internal/refcount.h" + +/* + * Don't free up md_ctx->pctx in EVP_MD_CTX_reset, use the reserved flag + * values in evp.h */ +#define EVP_MD_CTX_FLAG_KEEP_PKEY_CTX 0x0400 struct evp_pkey_ctx_st { + EVP_KEYEXCH *exchange; + void *exchprovctx; + + /* Legacy fields below */ + /* Method associated with this operation */ const EVP_PKEY_METHOD *pmeth; /* Engine that implements this method or NULL if builtin */ @@ -84,7 +50,7 @@ struct evp_pkey_method_st { int pkey_id; int flags; int (*init) (EVP_PKEY_CTX *ctx); - int (*copy) (EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src); + int (*copy) (EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src); void (*cleanup) (EVP_PKEY_CTX *ctx); int (*paramgen_init) (EVP_PKEY_CTX *ctx); int (*paramgen) (EVP_PKEY_CTX *ctx, EVP_PKEY *pkey); @@ -117,6 +83,16 @@ struct evp_pkey_method_st { int (*derive) (EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen); int (*ctrl) (EVP_PKEY_CTX *ctx, int type, int p1, void *p2); int (*ctrl_str) (EVP_PKEY_CTX *ctx, const char *type, const char *value); + int (*digestsign) (EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen, + const unsigned char *tbs, size_t tbslen); + int (*digestverify) (EVP_MD_CTX *ctx, const unsigned char *sig, + size_t siglen, const unsigned char *tbs, + size_t tbslen); + int (*check) (EVP_PKEY *pkey); + int (*public_check) (EVP_PKEY *pkey); + int (*param_check) (EVP_PKEY *pkey); + + int (*digest_custom) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx); } /* EVP_PKEY_METHOD */ ; DEFINE_STACK_OF_CONST(EVP_PKEY_METHOD) @@ -128,12 +104,88 @@ extern const EVP_PKEY_METHOD dh_pkey_meth; extern const EVP_PKEY_METHOD dhx_pkey_meth; extern const EVP_PKEY_METHOD dsa_pkey_meth; extern const EVP_PKEY_METHOD ec_pkey_meth; +extern const EVP_PKEY_METHOD sm2_pkey_meth; +extern const EVP_PKEY_METHOD ecx25519_pkey_meth; +extern const EVP_PKEY_METHOD ecx448_pkey_meth; +extern const EVP_PKEY_METHOD ed25519_pkey_meth; +extern const EVP_PKEY_METHOD ed448_pkey_meth; extern const EVP_PKEY_METHOD hmac_pkey_meth; extern const EVP_PKEY_METHOD rsa_pkey_meth; +extern const EVP_PKEY_METHOD rsa_pss_pkey_meth; +extern const EVP_PKEY_METHOD scrypt_pkey_meth; extern const EVP_PKEY_METHOD tls1_prf_pkey_meth; +extern const EVP_PKEY_METHOD hkdf_pkey_meth; +extern const EVP_PKEY_METHOD poly1305_pkey_meth; +extern const EVP_PKEY_METHOD siphash_pkey_meth; + +/* struct evp_mac_impl_st is defined by the implementation */ +typedef struct evp_mac_impl_st EVP_MAC_IMPL; +struct evp_mac_st { + int type; + EVP_MAC_IMPL *(*new) (void); + EVP_MAC_IMPL *(*dup) (const EVP_MAC_IMPL *macsrc); + void (*free) (EVP_MAC_IMPL *macctx); + size_t (*size) (EVP_MAC_IMPL *macctx); + int (*init) (EVP_MAC_IMPL *macctx); + int (*update) (EVP_MAC_IMPL *macctx, const unsigned char *data, + size_t datalen); + int (*final) (EVP_MAC_IMPL *macctx, unsigned char *out); + int (*ctrl) (EVP_MAC_IMPL *macctx, int cmd, va_list args); + int (*ctrl_str) (EVP_MAC_IMPL *macctx, const char *type, const char *value); +}; + +extern const EVP_MAC blake2b_mac_meth; +extern const EVP_MAC blake2s_mac_meth; +extern const EVP_MAC cmac_meth; +extern const EVP_MAC gmac_meth; +extern const EVP_MAC hmac_meth; +extern const EVP_MAC kmac128_meth; +extern const EVP_MAC kmac256_meth; +extern const EVP_MAC siphash_meth; +extern const EVP_MAC poly1305_meth; + +/* Internal keccak algorithms used for KMAC */ +const EVP_MD *evp_keccak_kmac128(void); +const EVP_MD *evp_keccak_kmac256(void); + +/* + * This function is internal for now, but can be made external when needed. + * The documentation would read: + * + * EVP_add_mac() adds the MAC implementation C to the internal + * object database. + */ +int EVP_add_mac(const EVP_MAC *mac); +int EVP_add_kdf(const EVP_KDF *kdf); + +/* struct evp_kdf_impl_st is defined by the implementation */ +typedef struct evp_kdf_impl_st EVP_KDF_IMPL; +struct evp_kdf_st { + int type; + EVP_KDF_IMPL *(*new) (void); + void (*free) (EVP_KDF_IMPL *impl); + void (*reset) (EVP_KDF_IMPL *impl); + int (*ctrl) (EVP_KDF_IMPL *impl, int cmd, va_list args); + int (*ctrl_str) (EVP_KDF_IMPL *impl, const char *type, const char *value); + size_t (*size) (EVP_KDF_IMPL *impl); + int (*derive) (EVP_KDF_IMPL *impl, unsigned char *key, size_t keylen); +}; + +extern const EVP_KDF pbkdf2_kdf_meth; +extern const EVP_KDF scrypt_kdf_meth; +extern const EVP_KDF tls1_prf_kdf_meth; +extern const EVP_KDF hkdf_kdf_meth; +extern const EVP_KDF sshkdf_kdf_meth; +extern const EVP_KDF ss_kdf_meth; +extern const EVP_KDF x963_kdf_meth; +extern const EVP_KDF x942_kdf_meth; struct evp_md_st { + /* nid */ int type; + + /* Legacy structure members */ + /* TODO(3.0): Remove these */ int pkey_type; int md_size; unsigned long flags; @@ -146,14 +198,36 @@ struct evp_md_st { int ctx_size; /* how big does the ctx->md_data need to be */ /* control function */ int (*md_ctrl) (EVP_MD_CTX *ctx, int cmd, int p1, void *p2); + + /* New structure members */ + /* TODO(3.0): Remove above comment when legacy has gone */ + OSSL_PROVIDER *prov; + CRYPTO_REF_COUNT refcnt; + CRYPTO_RWLOCK *lock; + OSSL_OP_digest_newctx_fn *newctx; + OSSL_OP_digest_init_fn *dinit; + OSSL_OP_digest_update_fn *dupdate; + OSSL_OP_digest_final_fn *dfinal; + OSSL_OP_digest_digest_fn *digest; + OSSL_OP_digest_freectx_fn *freectx; + OSSL_OP_digest_dupctx_fn *dupctx; + OSSL_OP_digest_size_fn *size; + OSSL_OP_digest_block_size_fn *dblock_size; + OSSL_OP_digest_set_params_fn *set_params; + OSSL_OP_digest_get_params_fn *get_params; + } /* EVP_MD */ ; struct evp_cipher_st { int nid; + int block_size; /* Default value for variable length ciphers */ int key_len; int iv_len; + + /* Legacy structure members */ + /* TODO(3.0): Remove these */ /* Various flags */ unsigned long flags; /* init key */ @@ -174,20 +248,38 @@ struct evp_cipher_st { int (*ctrl) (EVP_CIPHER_CTX *, int type, int arg, void *ptr); /* Application data */ void *app_data; + + /* New structure members */ + /* TODO(3.0): Remove above comment when legacy has gone */ + OSSL_PROVIDER *prov; + CRYPTO_REF_COUNT refcnt; + CRYPTO_RWLOCK *lock; + OSSL_OP_cipher_newctx_fn *newctx; + OSSL_OP_cipher_encrypt_init_fn *einit; + OSSL_OP_cipher_decrypt_init_fn *dinit; + OSSL_OP_cipher_update_fn *cupdate; + OSSL_OP_cipher_final_fn *cfinal; + OSSL_OP_cipher_cipher_fn *ccipher; + OSSL_OP_cipher_freectx_fn *freectx; + OSSL_OP_cipher_dupctx_fn *dupctx; + OSSL_OP_cipher_get_params_fn *get_params; + OSSL_OP_cipher_ctx_get_params_fn *ctx_get_params; + OSSL_OP_cipher_ctx_set_params_fn *ctx_set_params; } /* EVP_CIPHER */ ; /* Macros to code block cipher wrappers */ /* Wrapper functions for each cipher mode */ -#define EVP_C_DATA(kstruct, ctx) ((kstruct *)EVP_CIPHER_CTX_cipher_data(ctx)) +#define EVP_C_DATA(kstruct, ctx) \ + ((kstruct *)EVP_CIPHER_CTX_get_cipher_data(ctx)) #define BLOCK_CIPHER_ecb_loop() \ size_t i, bl; \ bl = EVP_CIPHER_CTX_cipher(ctx)->block_size; \ - if(inl < bl) return 1;\ + if (inl < bl) return 1;\ inl -= bl; \ - for(i=0; i <= inl; i+=bl) + for (i=0; i <= inl; i+=bl) #define BLOCK_CIPHER_func_ecb(cname, cprefix, kstruct, ksched) \ static int cname##_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \ @@ -236,20 +328,25 @@ static int cname##_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const uns #define BLOCK_CIPHER_func_cfb(cname, cprefix, cbits, kstruct, ksched) \ static int cname##_cfb##cbits##_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \ {\ - size_t chunk=EVP_MAXCHUNK;\ - if (cbits==1) chunk>>=3;\ - if (inl=chunk)\ - {\ - int num = EVP_CIPHER_CTX_num(ctx);\ - cprefix##_cfb##cbits##_encrypt(in, out, (long)((cbits==1) && !EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS) ?inl*8:inl), &EVP_C_DATA(kstruct,ctx)->ksched, EVP_CIPHER_CTX_iv_noconst(ctx), &num, EVP_CIPHER_CTX_encrypting(ctx)); \ - EVP_CIPHER_CTX_set_num(ctx, num);\ - inl-=chunk;\ - in +=chunk;\ - out+=chunk;\ - if(inl>= 3;\ + if (inl < chunk) chunk = inl;\ + while (inl && inl >= chunk)\ + {\ + int num = EVP_CIPHER_CTX_num(ctx);\ + cprefix##_cfb##cbits##_encrypt(in, out, (long) \ + ((cbits == 1) \ + && !EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS) \ + ? chunk*8 : chunk), \ + &EVP_C_DATA(kstruct, ctx)->ksched, EVP_CIPHER_CTX_iv_noconst(ctx),\ + &num, EVP_CIPHER_CTX_encrypting(ctx));\ + EVP_CIPHER_CTX_set_num(ctx, num);\ + inl -= chunk;\ + in += chunk;\ + out += chunk;\ + if (inl < chunk) chunk = inl;\ + }\ + return 1;\ } #define BLOCK_CIPHER_all_funcs(cname, cprefix, cbits, kstruct, ksched) \ @@ -387,6 +484,21 @@ const EVP_CIPHER *EVP_##cname##_ecb(void) { return &cname##_ecb; } cipher##_init_key, NULL, NULL, NULL, NULL) +# ifndef OPENSSL_NO_EC + +#define X25519_KEYLEN 32 +#define X448_KEYLEN 56 +#define ED448_KEYLEN 57 + +#define MAX_KEYLEN ED448_KEYLEN + +typedef struct { + unsigned char pubkey[MAX_KEYLEN]; + unsigned char *privkey; +} ECX_KEY; + +#endif + /* * Type needs to be a bit field Sub-type needs to be for variations on the * method, as in, can it do arbitrary encryption.... @@ -394,11 +506,12 @@ const EVP_CIPHER *EVP_##cname##_ecb(void) { return &cname##_ecb; } struct evp_pkey_st { int type; int save_type; - int references; + CRYPTO_REF_COUNT references; const EVP_PKEY_ASN1_METHOD *ameth; ENGINE *engine; + ENGINE *pmeth_engine; /* If not NULL public key ENGINE to use */ union { - char *ptr; + void *ptr; # ifndef OPENSSL_NO_RSA struct rsa_st *rsa; /* RSA */ # endif @@ -410,8 +523,33 @@ struct evp_pkey_st { # endif # ifndef OPENSSL_NO_EC struct ec_key_st *ec; /* ECC */ + ECX_KEY *ecx; /* X25519, X448, Ed25519, Ed448 */ # endif } pkey; int save_parameters; STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */ + CRYPTO_RWLOCK *lock; } /* EVP_PKEY */ ; + + +void openssl_add_all_ciphers_int(void); +void openssl_add_all_digests_int(void); +void openssl_add_all_macs_int(void); +void openssl_add_all_kdfs_int(void); +void evp_cleanup_int(void); +void evp_app_cleanup_int(void); + +/* Pulling defines out of C source files */ + +#define EVP_RC4_KEY_SIZE 16 +#ifndef TLS1_1_VERSION +# define TLS1_1_VERSION 0x0302 +#endif + +void evp_encode_ctx_set_flags(EVP_ENCODE_CTX *ctx, unsigned int flags); + +/* EVP_ENCODE_CTX flags */ +/* Don't generate new lines when encoding */ +#define EVP_ENCODE_CTX_NO_NEWLINES 1 +/* Use the SRP base64 alphabet instead of the standard one */ +#define EVP_ENCODE_CTX_USE_SRP_ALPHABET 2