Implement FIPS CMAC.

[openssl.git] / crypto / evp / evp.h

diff --git a/crypto/evp/evp.h b/crypto/evp/evp.h
index 96f83b8f62b3cf7da8fe540457da816182178052..8e041c56d1a0b09fbb832d32584a07615a9e6950 100644 (file)
--- a/crypto/evp/evp.h
+++ b/crypto/evp/evp.h
@@ -217,6 +217,8 @@ typedef int evp_verify_method(int type,const unsigned char *m,
 
 #define EVP_MD_FLAG_DIGALGID_CUSTOM            0x0018
 
+#define EVP_MD_FLAG_FIPS       0x0400 /* Note if suitable for use in FIPS mode */
+
 /* Digest ctrls */
 
 #define        EVP_MD_CTRL_DIGALGID                    0x1
@@ -326,7 +328,9 @@ struct evp_cipher_st
 #define                EVP_CIPH_CBC_MODE               0x2
 #define                EVP_CIPH_CFB_MODE               0x3
 #define                EVP_CIPH_OFB_MODE               0x4
-#define        EVP_CIPH_MODE                   0x7
+#define                EVP_CIPH_CTR_MODE               0x5
+#define                EVP_CIPH_GCM_MODE               0x6
+#define        EVP_CIPH_MODE                   0xF0007
 /* Set if variable length cipher */
 #define        EVP_CIPH_VARIABLE_LENGTH        0x8
 /* Set if the iv handling should be done by the cipher itself */
@@ -343,6 +347,18 @@ struct evp_cipher_st
 #define        EVP_CIPH_RAND_KEY               0x200
 /* cipher has its own additional copying logic */
 #define        EVP_CIPH_CUSTOM_COPY            0x400
+/* Allow use default ASN1 get/set iv */
+#define                EVP_CIPH_FLAG_DEFAULT_ASN1      0x1000
+/* Buffer length in bits not bytes: CFB1 mode only */
+#define                EVP_CIPH_FLAG_LENGTH_BITS       0x2000
+/* Note if suitable for use in FIPS mode */
+#define                EVP_CIPH_FLAG_FIPS              0x4000
+/* Allow non FIPS cipher in FIPS mode */
+#define                EVP_CIPH_FLAG_NON_FIPS_ALLOW    0x8000
+/* Cipher handles any and all padding logic as well
+ * as finalisation.
+ */
+#define        EVP_CIPH_FLAG_CUSTOM_CIPHER     0x10000
 
 /* ctrl() values */
 
@@ -355,6 +371,11 @@ struct evp_cipher_st
 #define        EVP_CTRL_RAND_KEY               0x6
 #define        EVP_CTRL_PBE_PRF_NID            0x7
 #define        EVP_CTRL_COPY                   0x8
+#define        EVP_CTRL_GCM_SET_IVLEN          0x9
+#define        EVP_CTRL_GCM_GET_TAG            0x10
+#define        EVP_CTRL_GCM_SET_TAG            0x11
+#define                EVP_CTRL_GCM_SET_IV_FIXED       0x12
+#define                EVP_CTRL_GCM_IV_GEN             0x13
 
 typedef struct evp_cipher_info_st
        {
@@ -427,6 +448,33 @@ typedef int (EVP_PBE_KEYGEN)(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
 #define EVP_get_cipherbynid(a) EVP_get_cipherbyname(OBJ_nid2sn(a))
 #define EVP_get_cipherbyobj(a) EVP_get_cipherbynid(OBJ_obj2nid(a))
 
+/* Macros to reduce FIPS dependencies: do NOT use in applications */
+#define M_EVP_MD_size(e)               ((e)->md_size)
+#define M_EVP_MD_block_size(e)         ((e)->block_size)
+#define M_EVP_MD_CTX_set_flags(ctx,flgs) ((ctx)->flags|=(flgs))
+#define M_EVP_MD_CTX_clear_flags(ctx,flgs) ((ctx)->flags&=~(flgs))
+#define M_EVP_MD_CTX_test_flags(ctx,flgs) ((ctx)->flags&(flgs))
+#define M_EVP_MD_type(e)                       ((e)->type)
+#define M_EVP_MD_CTX_type(e)           M_EVP_MD_type(M_EVP_MD_CTX_md(e))
+#define M_EVP_MD_CTX_md(e)                     ((e)->digest)
+
+#define M_EVP_CIPHER_CTX_iv_length(e)  ((e)->cipher->iv_len)
+#define M_EVP_CIPHER_CTX_flags(e)      ((e)->cipher->flags)
+#define M_EVP_CIPHER_CTX_block_size(e) ((e)->cipher->block_size)
+#define M_EVP_CIPHER_CTX_cipher(e)     ((e)->cipher)
+#define M_EVP_CIPHER_CTX_mode(e)       (M_EVP_CIPHER_CTX_flags(e) & EVP_CIPH_MODE)
+
+#define M_EVP_CIPHER_CTX_set_flags(ctx,flgs) ((ctx)->flags|=(flgs))
+
+#define M_EVP_EncryptInit(ctx,ciph,key,iv) \
+       (EVP_CipherInit(ctx,ciph,key,iv,1))
+#define M_EVP_EncryptInit_ex(ctx,ciph,impl,key,iv) \
+       (EVP_CipherInit_ex(ctx,ciph,impl,key,iv,1))
+#define M_EVP_DecryptInit(ctx,ciph,key,iv) \
+       (EVP_CipherInit(ctx,ciph,key,iv,0))
+#define M_EVP_DecryptInit_ex(ctx,ciph,impl,key,iv) \
+       (EVP_CipherInit_ex(ctx,ciph,impl,key,iv,0))
+
 int EVP_MD_type(const EVP_MD *md);
 #define EVP_MD_nid(e)                  EVP_MD_type(e)
 #define EVP_MD_name(e)                 OBJ_nid2sn(EVP_MD_nid(e))
@@ -519,6 +567,7 @@ __owur int  EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type);
 __owur int     EVP_DigestFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s);
 
 int    EVP_read_pw_string(char *buf,int length,const char *prompt,int verify);
+int    EVP_read_pw_string_min(char *buf,int minlen,int maxlen,const char *prompt,int verify);
 void   EVP_set_pw_prompt(const char *prompt);
 char * EVP_get_pw_prompt(void);
 
@@ -737,9 +786,8 @@ const EVP_CIPHER *EVP_aes_128_cfb8(void);
 const EVP_CIPHER *EVP_aes_128_cfb128(void);
 # define EVP_aes_128_cfb EVP_aes_128_cfb128
 const EVP_CIPHER *EVP_aes_128_ofb(void);
-#if 0
 const EVP_CIPHER *EVP_aes_128_ctr(void);
-#endif
+const EVP_CIPHER *EVP_aes_128_gcm(void);
 const EVP_CIPHER *EVP_aes_192_ecb(void);
 const EVP_CIPHER *EVP_aes_192_cbc(void);
 const EVP_CIPHER *EVP_aes_192_cfb1(void);
@@ -747,9 +795,8 @@ const EVP_CIPHER *EVP_aes_192_cfb8(void);
 const EVP_CIPHER *EVP_aes_192_cfb128(void);
 # define EVP_aes_192_cfb EVP_aes_192_cfb128
 const EVP_CIPHER *EVP_aes_192_ofb(void);
-#if 0
 const EVP_CIPHER *EVP_aes_192_ctr(void);
-#endif
+const EVP_CIPHER *EVP_aes_192_gcm(void);
 const EVP_CIPHER *EVP_aes_256_ecb(void);
 const EVP_CIPHER *EVP_aes_256_cbc(void);
 const EVP_CIPHER *EVP_aes_256_cfb1(void);
@@ -757,9 +804,8 @@ const EVP_CIPHER *EVP_aes_256_cfb8(void);
 const EVP_CIPHER *EVP_aes_256_cfb128(void);
 # define EVP_aes_256_cfb EVP_aes_256_cfb128
 const EVP_CIPHER *EVP_aes_256_ofb(void);
-#if 0
 const EVP_CIPHER *EVP_aes_256_ctr(void);
-#endif
+const EVP_CIPHER *EVP_aes_256_gcm(void);
 #endif
 #ifndef OPENSSL_NO_CAMELLIA
 const EVP_CIPHER *EVP_camellia_128_ecb(void);
@@ -1056,6 +1102,9 @@ void EVP_PKEY_asn1_set_ctrl(EVP_PKEY_ASN1_METHOD *ameth,
 
 const EVP_PKEY_METHOD *EVP_PKEY_meth_find(int type);
 EVP_PKEY_METHOD* EVP_PKEY_meth_new(int id, int flags);
+void EVP_PKEY_meth_get0_info(int *ppkey_id, int *pflags,
+                               const EVP_PKEY_METHOD *meth);
+void EVP_PKEY_meth_copy(EVP_PKEY_METHOD *dst, const EVP_PKEY_METHOD *src);
 void EVP_PKEY_meth_free(EVP_PKEY_METHOD *pmeth);
 int EVP_PKEY_meth_add0(const EVP_PKEY_METHOD *pmeth);
 
@@ -1073,7 +1122,7 @@ int EVP_PKEY_CTX_get_operation(EVP_PKEY_CTX *ctx);
 void EVP_PKEY_CTX_set0_keygen_info(EVP_PKEY_CTX *ctx, int *dat, int datlen);
 
 EVP_PKEY *EVP_PKEY_new_mac_key(int type, ENGINE *e,
-                               unsigned char *key, int keylen);
+                               const unsigned char *key, int keylen);
 
 void EVP_PKEY_CTX_set_data(EVP_PKEY_CTX *ctx, void *data);
 void *EVP_PKEY_CTX_get_data(EVP_PKEY_CTX *ctx);
@@ -1249,6 +1298,12 @@ void ERR_load_EVP_strings(void);
 #define EVP_F_EVP_RIJNDAEL                              126
 #define EVP_F_EVP_SIGNFINAL                             107
 #define EVP_F_EVP_VERIFYFINAL                           108
+#define EVP_F_FIPS_CIPHERINIT                           166
+#define EVP_F_FIPS_CIPHER_CTX_COPY                      170
+#define EVP_F_FIPS_CIPHER_CTX_CTRL                      167
+#define EVP_F_FIPS_CIPHER_CTX_SET_KEY_LENGTH            171
+#define EVP_F_FIPS_DIGESTINIT                           168
+#define EVP_F_FIPS_MD_CTX_COPY                          169
 #define EVP_F_INT_CTX_NEW                               157
 #define EVP_F_PKCS5_PBE_KEYIVGEN                        117
 #define EVP_F_PKCS5_V2_PBE_KEYIVGEN                     118
@@ -1259,6 +1314,7 @@ void ERR_load_EVP_strings(void);
 #define EVP_F_RC5_CTRL                                  125
 
 /* Reason codes. */
+#define EVP_R_AES_IV_SETUP_FAILED                       162
 #define EVP_R_AES_KEY_SETUP_FAILED                      143
 #define EVP_R_ASN1_LIB                                  140
 #define EVP_R_BAD_BLOCK_LENGTH                          136
@@ -1276,6 +1332,7 @@ void ERR_load_EVP_strings(void);
 #define EVP_R_DECODE_ERROR                              114
 #define EVP_R_DIFFERENT_KEY_TYPES                       101
 #define EVP_R_DIFFERENT_PARAMETERS                      153
+#define EVP_R_DISABLED_FOR_FIPS                                 163
 #define EVP_R_ENCODE_ERROR                              115
 #define EVP_R_EVP_PBE_CIPHERINIT_ERROR                  119
 #define EVP_R_EXPECTING_AN_RSA_KEY                      127