xref: /freebsd/crypto/openssl/include/crypto/evp.h (revision b077aed33b7b6aefca7b17ddb250cf521f938613)
1 /*
2  * Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved.
3  *
4  * Licensed under the Apache License 2.0 (the "License").  You may not use
5  * this file except in compliance with the License.  You can obtain a copy
6  * in the file LICENSE in the source distribution or at
7  * https://www.openssl.org/source/license.html
8  */
9 
10 #ifndef OSSL_CRYPTO_EVP_H
11 # define OSSL_CRYPTO_EVP_H
12 # pragma once
13 
14 # include <openssl/evp.h>
15 # include <openssl/core_dispatch.h>
16 # include "internal/refcount.h"
17 # include "crypto/ecx.h"
18 
19 /*
20  * Don't free up md_ctx->pctx in EVP_MD_CTX_reset, use the reserved flag
21  * values in evp.h
22  */
23 #define EVP_MD_CTX_FLAG_KEEP_PKEY_CTX   0x0400
24 
25 #define evp_pkey_ctx_is_legacy(ctx)                             \
26     ((ctx)->keymgmt == NULL)
27 #define evp_pkey_ctx_is_provided(ctx)                           \
28     (!evp_pkey_ctx_is_legacy(ctx))
29 
30 struct evp_pkey_ctx_st {
31     /* Actual operation */
32     int operation;
33 
34     /*
35      * Library context, property query, keytype and keymgmt associated with
36      * this context
37      */
38     OSSL_LIB_CTX *libctx;
39     char *propquery;
40     const char *keytype;
41     /* If |pkey| below is set, this field is always a reference to its keymgmt */
42     EVP_KEYMGMT *keymgmt;
43 
44     union {
45         struct {
46             void *genctx;
47         } keymgmt;
48 
49         struct {
50             EVP_KEYEXCH *exchange;
51             /*
52              * Opaque ctx returned from a providers exchange algorithm
53              * implementation OSSL_FUNC_keyexch_newctx()
54              */
55             void *algctx;
56         } kex;
57 
58         struct {
59             EVP_SIGNATURE *signature;
60             /*
61              * Opaque ctx returned from a providers signature algorithm
62              * implementation OSSL_FUNC_signature_newctx()
63              */
64             void *algctx;
65         } sig;
66 
67         struct {
68             EVP_ASYM_CIPHER *cipher;
69             /*
70              * Opaque ctx returned from a providers asymmetric cipher algorithm
71              * implementation OSSL_FUNC_asym_cipher_newctx()
72              */
73             void *algctx;
74         } ciph;
75         struct {
76             EVP_KEM *kem;
77             /*
78              * Opaque ctx returned from a providers KEM algorithm
79              * implementation OSSL_FUNC_kem_newctx()
80              */
81             void *algctx;
82         } encap;
83     } op;
84 
85     /*
86      * Cached parameters.  Inits of operations that depend on these should
87      * call evp_pkey_ctx_use_delayed_data() when the operation has been set
88      * up properly.
89      */
90     struct {
91         /* Distinguishing Identifier, ISO/IEC 15946-3, FIPS 196 */
92         char *dist_id_name; /* The name used with EVP_PKEY_CTX_ctrl_str() */
93         void *dist_id;      /* The distinguishing ID itself */
94         size_t dist_id_len; /* The length of the distinguishing ID */
95 
96         /* Indicators of what has been set.  Keep them together! */
97         unsigned int dist_id_set : 1;
98     } cached_parameters;
99 
100     /* Application specific data, usually used by the callback */
101     void *app_data;
102     /* Keygen callback */
103     EVP_PKEY_gen_cb *pkey_gencb;
104     /* implementation specific keygen data */
105     int *keygen_info;
106     int keygen_info_count;
107 
108     /* Legacy fields below */
109 
110     /* EVP_PKEY identity */
111     int legacy_keytype;
112     /* Method associated with this operation */
113     const EVP_PKEY_METHOD *pmeth;
114     /* Engine that implements this method or NULL if builtin */
115     ENGINE *engine;
116     /* Key: may be NULL */
117     EVP_PKEY *pkey;
118     /* Peer key for key agreement, may be NULL */
119     EVP_PKEY *peerkey;
120     /* Algorithm specific data */
121     void *data;
122     /* Indicator if digest_custom needs to be called */
123     unsigned int flag_call_digest_custom:1;
124     /*
125      * Used to support taking custody of memory in the case of a provider being
126      * used with the deprecated EVP_PKEY_CTX_set_rsa_keygen_pubexp() API. This
127      * member should NOT be used for any other purpose and should be removed
128      * when said deprecated API is excised completely.
129      */
130     BIGNUM *rsa_pubexp;
131 } /* EVP_PKEY_CTX */ ;
132 
133 #define EVP_PKEY_FLAG_DYNAMIC   1
134 
135 struct evp_pkey_method_st {
136     int pkey_id;
137     int flags;
138     int (*init) (EVP_PKEY_CTX *ctx);
139     int (*copy) (EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src);
140     void (*cleanup) (EVP_PKEY_CTX *ctx);
141     int (*paramgen_init) (EVP_PKEY_CTX *ctx);
142     int (*paramgen) (EVP_PKEY_CTX *ctx, EVP_PKEY *pkey);
143     int (*keygen_init) (EVP_PKEY_CTX *ctx);
144     int (*keygen) (EVP_PKEY_CTX *ctx, EVP_PKEY *pkey);
145     int (*sign_init) (EVP_PKEY_CTX *ctx);
146     int (*sign) (EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
147                  const unsigned char *tbs, size_t tbslen);
148     int (*verify_init) (EVP_PKEY_CTX *ctx);
149     int (*verify) (EVP_PKEY_CTX *ctx,
150                    const unsigned char *sig, size_t siglen,
151                    const unsigned char *tbs, size_t tbslen);
152     int (*verify_recover_init) (EVP_PKEY_CTX *ctx);
153     int (*verify_recover) (EVP_PKEY_CTX *ctx,
154                            unsigned char *rout, size_t *routlen,
155                            const unsigned char *sig, size_t siglen);
156     int (*signctx_init) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx);
157     int (*signctx) (EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
158                     EVP_MD_CTX *mctx);
159     int (*verifyctx_init) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx);
160     int (*verifyctx) (EVP_PKEY_CTX *ctx, const unsigned char *sig, int siglen,
161                       EVP_MD_CTX *mctx);
162     int (*encrypt_init) (EVP_PKEY_CTX *ctx);
163     int (*encrypt) (EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen,
164                     const unsigned char *in, size_t inlen);
165     int (*decrypt_init) (EVP_PKEY_CTX *ctx);
166     int (*decrypt) (EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen,
167                     const unsigned char *in, size_t inlen);
168     int (*derive_init) (EVP_PKEY_CTX *ctx);
169     int (*derive) (EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
170     int (*ctrl) (EVP_PKEY_CTX *ctx, int type, int p1, void *p2);
171     int (*ctrl_str) (EVP_PKEY_CTX *ctx, const char *type, const char *value);
172     int (*digestsign) (EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen,
173                        const unsigned char *tbs, size_t tbslen);
174     int (*digestverify) (EVP_MD_CTX *ctx, const unsigned char *sig,
175                          size_t siglen, const unsigned char *tbs,
176                          size_t tbslen);
177     int (*check) (EVP_PKEY *pkey);
178     int (*public_check) (EVP_PKEY *pkey);
179     int (*param_check) (EVP_PKEY *pkey);
180 
181     int (*digest_custom) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx);
182 } /* EVP_PKEY_METHOD */ ;
183 
184 DEFINE_STACK_OF_CONST(EVP_PKEY_METHOD)
185 
186 void evp_pkey_set_cb_translate(BN_GENCB *cb, EVP_PKEY_CTX *ctx);
187 
188 const EVP_PKEY_METHOD *ossl_dh_pkey_method(void);
189 const EVP_PKEY_METHOD *ossl_dhx_pkey_method(void);
190 const EVP_PKEY_METHOD *ossl_dsa_pkey_method(void);
191 const EVP_PKEY_METHOD *ossl_ec_pkey_method(void);
192 const EVP_PKEY_METHOD *ossl_ecx25519_pkey_method(void);
193 const EVP_PKEY_METHOD *ossl_ecx448_pkey_method(void);
194 const EVP_PKEY_METHOD *ossl_ed25519_pkey_method(void);
195 const EVP_PKEY_METHOD *ossl_ed448_pkey_method(void);
196 const EVP_PKEY_METHOD *ossl_rsa_pkey_method(void);
197 const EVP_PKEY_METHOD *ossl_rsa_pss_pkey_method(void);
198 
199 struct evp_mac_st {
200     OSSL_PROVIDER *prov;
201     int name_id;
202     char *type_name;
203     const char *description;
204 
205     CRYPTO_REF_COUNT refcnt;
206     CRYPTO_RWLOCK *lock;
207 
208     OSSL_FUNC_mac_newctx_fn *newctx;
209     OSSL_FUNC_mac_dupctx_fn *dupctx;
210     OSSL_FUNC_mac_freectx_fn *freectx;
211     OSSL_FUNC_mac_init_fn *init;
212     OSSL_FUNC_mac_update_fn *update;
213     OSSL_FUNC_mac_final_fn *final;
214     OSSL_FUNC_mac_gettable_params_fn *gettable_params;
215     OSSL_FUNC_mac_gettable_ctx_params_fn *gettable_ctx_params;
216     OSSL_FUNC_mac_settable_ctx_params_fn *settable_ctx_params;
217     OSSL_FUNC_mac_get_params_fn *get_params;
218     OSSL_FUNC_mac_get_ctx_params_fn *get_ctx_params;
219     OSSL_FUNC_mac_set_ctx_params_fn *set_ctx_params;
220 };
221 
222 struct evp_kdf_st {
223     OSSL_PROVIDER *prov;
224     int name_id;
225     char *type_name;
226     const char *description;
227     CRYPTO_REF_COUNT refcnt;
228     CRYPTO_RWLOCK *lock;
229 
230     OSSL_FUNC_kdf_newctx_fn *newctx;
231     OSSL_FUNC_kdf_dupctx_fn *dupctx;
232     OSSL_FUNC_kdf_freectx_fn *freectx;
233     OSSL_FUNC_kdf_reset_fn *reset;
234     OSSL_FUNC_kdf_derive_fn *derive;
235     OSSL_FUNC_kdf_gettable_params_fn *gettable_params;
236     OSSL_FUNC_kdf_gettable_ctx_params_fn *gettable_ctx_params;
237     OSSL_FUNC_kdf_settable_ctx_params_fn *settable_ctx_params;
238     OSSL_FUNC_kdf_get_params_fn *get_params;
239     OSSL_FUNC_kdf_get_ctx_params_fn *get_ctx_params;
240     OSSL_FUNC_kdf_set_ctx_params_fn *set_ctx_params;
241 };
242 
243 #define EVP_ORIG_DYNAMIC    0
244 #define EVP_ORIG_GLOBAL     1
245 #define EVP_ORIG_METH       2
246 
247 struct evp_md_st {
248     /* nid */
249     int type;
250 
251     /* Legacy structure members */
252     int pkey_type;
253     int md_size;
254     unsigned long flags;
255     int origin;
256     int (*init) (EVP_MD_CTX *ctx);
257     int (*update) (EVP_MD_CTX *ctx, const void *data, size_t count);
258     int (*final) (EVP_MD_CTX *ctx, unsigned char *md);
259     int (*copy) (EVP_MD_CTX *to, const EVP_MD_CTX *from);
260     int (*cleanup) (EVP_MD_CTX *ctx);
261     int block_size;
262     int ctx_size;               /* how big does the ctx->md_data need to be */
263     /* control function */
264     int (*md_ctrl) (EVP_MD_CTX *ctx, int cmd, int p1, void *p2);
265 
266     /* New structure members */
267     /* Above comment to be removed when legacy has gone */
268     int name_id;
269     char *type_name;
270     const char *description;
271     OSSL_PROVIDER *prov;
272     CRYPTO_REF_COUNT refcnt;
273     CRYPTO_RWLOCK *lock;
274     OSSL_FUNC_digest_newctx_fn *newctx;
275     OSSL_FUNC_digest_init_fn *dinit;
276     OSSL_FUNC_digest_update_fn *dupdate;
277     OSSL_FUNC_digest_final_fn *dfinal;
278     OSSL_FUNC_digest_digest_fn *digest;
279     OSSL_FUNC_digest_freectx_fn *freectx;
280     OSSL_FUNC_digest_dupctx_fn *dupctx;
281     OSSL_FUNC_digest_get_params_fn *get_params;
282     OSSL_FUNC_digest_set_ctx_params_fn *set_ctx_params;
283     OSSL_FUNC_digest_get_ctx_params_fn *get_ctx_params;
284     OSSL_FUNC_digest_gettable_params_fn *gettable_params;
285     OSSL_FUNC_digest_settable_ctx_params_fn *settable_ctx_params;
286     OSSL_FUNC_digest_gettable_ctx_params_fn *gettable_ctx_params;
287 
288 } /* EVP_MD */ ;
289 
290 struct evp_cipher_st {
291     int nid;
292 
293     int block_size;
294     /* Default value for variable length ciphers */
295     int key_len;
296     int iv_len;
297 
298     /* Legacy structure members */
299     /* Various flags */
300     unsigned long flags;
301     /* How the EVP_CIPHER was created. */
302     int origin;
303     /* init key */
304     int (*init) (EVP_CIPHER_CTX *ctx, const unsigned char *key,
305                  const unsigned char *iv, int enc);
306     /* encrypt/decrypt data */
307     int (*do_cipher) (EVP_CIPHER_CTX *ctx, unsigned char *out,
308                       const unsigned char *in, size_t inl);
309     /* cleanup ctx */
310     int (*cleanup) (EVP_CIPHER_CTX *);
311     /* how big ctx->cipher_data needs to be */
312     int ctx_size;
313     /* Populate a ASN1_TYPE with parameters */
314     int (*set_asn1_parameters) (EVP_CIPHER_CTX *, ASN1_TYPE *);
315     /* Get parameters from a ASN1_TYPE */
316     int (*get_asn1_parameters) (EVP_CIPHER_CTX *, ASN1_TYPE *);
317     /* Miscellaneous operations */
318     int (*ctrl) (EVP_CIPHER_CTX *, int type, int arg, void *ptr);
319     /* Application data */
320     void *app_data;
321 
322     /* New structure members */
323     /* Above comment to be removed when legacy has gone */
324     int name_id;
325     char *type_name;
326     const char *description;
327     OSSL_PROVIDER *prov;
328     CRYPTO_REF_COUNT refcnt;
329     CRYPTO_RWLOCK *lock;
330     OSSL_FUNC_cipher_newctx_fn *newctx;
331     OSSL_FUNC_cipher_encrypt_init_fn *einit;
332     OSSL_FUNC_cipher_decrypt_init_fn *dinit;
333     OSSL_FUNC_cipher_update_fn *cupdate;
334     OSSL_FUNC_cipher_final_fn *cfinal;
335     OSSL_FUNC_cipher_cipher_fn *ccipher;
336     OSSL_FUNC_cipher_freectx_fn *freectx;
337     OSSL_FUNC_cipher_dupctx_fn *dupctx;
338     OSSL_FUNC_cipher_get_params_fn *get_params;
339     OSSL_FUNC_cipher_get_ctx_params_fn *get_ctx_params;
340     OSSL_FUNC_cipher_set_ctx_params_fn *set_ctx_params;
341     OSSL_FUNC_cipher_gettable_params_fn *gettable_params;
342     OSSL_FUNC_cipher_gettable_ctx_params_fn *gettable_ctx_params;
343     OSSL_FUNC_cipher_settable_ctx_params_fn *settable_ctx_params;
344 } /* EVP_CIPHER */ ;
345 
346 /* Macros to code block cipher wrappers */
347 
348 /* Wrapper functions for each cipher mode */
349 
350 #define EVP_C_DATA(kstruct, ctx) \
351         ((kstruct *)EVP_CIPHER_CTX_get_cipher_data(ctx))
352 
353 #define BLOCK_CIPHER_ecb_loop() \
354         size_t i, bl; \
355         bl = EVP_CIPHER_CTX_get0_cipher(ctx)->block_size;    \
356         if (inl < bl) return 1;\
357         inl -= bl; \
358         for (i=0; i <= inl; i+=bl)
359 
360 #define BLOCK_CIPHER_func_ecb(cname, cprefix, kstruct, ksched) \
361 static int cname##_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \
362 {\
363         BLOCK_CIPHER_ecb_loop() \
364             cprefix##_ecb_encrypt(in + i, out + i, &EVP_C_DATA(kstruct,ctx)->ksched, EVP_CIPHER_CTX_is_encrypting(ctx)); \
365         return 1;\
366 }
367 
368 #define EVP_MAXCHUNK ((size_t)1 << 30)
369 
370 #define BLOCK_CIPHER_func_ofb(cname, cprefix, cbits, kstruct, ksched) \
371     static int cname##_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \
372 {\
373         while(inl>=EVP_MAXCHUNK) {\
374             int num = EVP_CIPHER_CTX_get_num(ctx);\
375             cprefix##_ofb##cbits##_encrypt(in, out, (long)EVP_MAXCHUNK, &EVP_C_DATA(kstruct,ctx)->ksched, ctx->iv, &num); \
376             EVP_CIPHER_CTX_set_num(ctx, num);\
377             inl-=EVP_MAXCHUNK;\
378             in +=EVP_MAXCHUNK;\
379             out+=EVP_MAXCHUNK;\
380         }\
381         if (inl) {\
382             int num = EVP_CIPHER_CTX_get_num(ctx);\
383             cprefix##_ofb##cbits##_encrypt(in, out, (long)inl, &EVP_C_DATA(kstruct,ctx)->ksched, ctx->iv, &num); \
384             EVP_CIPHER_CTX_set_num(ctx, num);\
385         }\
386         return 1;\
387 }
388 
389 #define BLOCK_CIPHER_func_cbc(cname, cprefix, kstruct, ksched) \
390 static int cname##_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \
391 {\
392         while(inl>=EVP_MAXCHUNK) \
393             {\
394             cprefix##_cbc_encrypt(in, out, (long)EVP_MAXCHUNK, &EVP_C_DATA(kstruct,ctx)->ksched, ctx->iv, EVP_CIPHER_CTX_is_encrypting(ctx));\
395             inl-=EVP_MAXCHUNK;\
396             in +=EVP_MAXCHUNK;\
397             out+=EVP_MAXCHUNK;\
398             }\
399         if (inl)\
400             cprefix##_cbc_encrypt(in, out, (long)inl, &EVP_C_DATA(kstruct,ctx)->ksched, ctx->iv, EVP_CIPHER_CTX_is_encrypting(ctx));\
401         return 1;\
402 }
403 
404 #define BLOCK_CIPHER_func_cfb(cname, cprefix, cbits, kstruct, ksched)  \
405 static int cname##_cfb##cbits##_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \
406 {\
407     size_t chunk = EVP_MAXCHUNK;\
408     if (cbits == 1)  chunk >>= 3;\
409     if (inl < chunk) chunk = inl;\
410     while (inl && inl >= chunk)\
411     {\
412         int num = EVP_CIPHER_CTX_get_num(ctx);\
413         cprefix##_cfb##cbits##_encrypt(in, out, (long) \
414             ((cbits == 1) \
415                 && !EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS) \
416                 ? chunk*8 : chunk), \
417             &EVP_C_DATA(kstruct, ctx)->ksched, ctx->iv,\
418             &num, EVP_CIPHER_CTX_is_encrypting(ctx));\
419         EVP_CIPHER_CTX_set_num(ctx, num);\
420         inl -= chunk;\
421         in += chunk;\
422         out += chunk;\
423         if (inl < chunk) chunk = inl;\
424     }\
425     return 1;\
426 }
427 
428 #define BLOCK_CIPHER_all_funcs(cname, cprefix, cbits, kstruct, ksched) \
429         BLOCK_CIPHER_func_cbc(cname, cprefix, kstruct, ksched) \
430         BLOCK_CIPHER_func_cfb(cname, cprefix, cbits, kstruct, ksched) \
431         BLOCK_CIPHER_func_ecb(cname, cprefix, kstruct, ksched) \
432         BLOCK_CIPHER_func_ofb(cname, cprefix, cbits, kstruct, ksched)
433 
434 #define BLOCK_CIPHER_def1(cname, nmode, mode, MODE, kstruct, nid, block_size, \
435                           key_len, iv_len, flags, init_key, cleanup, \
436                           set_asn1, get_asn1, ctrl) \
437 static const EVP_CIPHER cname##_##mode = { \
438         nid##_##nmode, block_size, key_len, iv_len, \
439         flags | EVP_CIPH_##MODE##_MODE, \
440         EVP_ORIG_GLOBAL, \
441         init_key, \
442         cname##_##mode##_cipher, \
443         cleanup, \
444         sizeof(kstruct), \
445         set_asn1, get_asn1,\
446         ctrl, \
447         NULL \
448 }; \
449 const EVP_CIPHER *EVP_##cname##_##mode(void) { return &cname##_##mode; }
450 
451 #define BLOCK_CIPHER_def_cbc(cname, kstruct, nid, block_size, key_len, \
452                              iv_len, flags, init_key, cleanup, set_asn1, \
453                              get_asn1, ctrl) \
454 BLOCK_CIPHER_def1(cname, cbc, cbc, CBC, kstruct, nid, block_size, key_len, \
455                   iv_len, flags, init_key, cleanup, set_asn1, get_asn1, ctrl)
456 
457 #define BLOCK_CIPHER_def_cfb(cname, kstruct, nid, key_len, \
458                              iv_len, cbits, flags, init_key, cleanup, \
459                              set_asn1, get_asn1, ctrl) \
460 BLOCK_CIPHER_def1(cname, cfb##cbits, cfb##cbits, CFB, kstruct, nid, 1, \
461                   key_len, iv_len, flags, init_key, cleanup, set_asn1, \
462                   get_asn1, ctrl)
463 
464 #define BLOCK_CIPHER_def_ofb(cname, kstruct, nid, key_len, \
465                              iv_len, cbits, flags, init_key, cleanup, \
466                              set_asn1, get_asn1, ctrl) \
467 BLOCK_CIPHER_def1(cname, ofb##cbits, ofb, OFB, kstruct, nid, 1, \
468                   key_len, iv_len, flags, init_key, cleanup, set_asn1, \
469                   get_asn1, ctrl)
470 
471 #define BLOCK_CIPHER_def_ecb(cname, kstruct, nid, block_size, key_len, \
472                              flags, init_key, cleanup, set_asn1, \
473                              get_asn1, ctrl) \
474 BLOCK_CIPHER_def1(cname, ecb, ecb, ECB, kstruct, nid, block_size, key_len, \
475                   0, flags, init_key, cleanup, set_asn1, get_asn1, ctrl)
476 
477 #define BLOCK_CIPHER_defs(cname, kstruct, \
478                           nid, block_size, key_len, iv_len, cbits, flags, \
479                           init_key, cleanup, set_asn1, get_asn1, ctrl) \
480 BLOCK_CIPHER_def_cbc(cname, kstruct, nid, block_size, key_len, iv_len, flags, \
481                      init_key, cleanup, set_asn1, get_asn1, ctrl) \
482 BLOCK_CIPHER_def_cfb(cname, kstruct, nid, key_len, iv_len, cbits, \
483                      flags, init_key, cleanup, set_asn1, get_asn1, ctrl) \
484 BLOCK_CIPHER_def_ofb(cname, kstruct, nid, key_len, iv_len, cbits, \
485                      flags, init_key, cleanup, set_asn1, get_asn1, ctrl) \
486 BLOCK_CIPHER_def_ecb(cname, kstruct, nid, block_size, key_len, flags, \
487                      init_key, cleanup, set_asn1, get_asn1, ctrl)
488 
489 /*-
490 #define BLOCK_CIPHER_defs(cname, kstruct, \
491                                 nid, block_size, key_len, iv_len, flags,\
492                                  init_key, cleanup, set_asn1, get_asn1, ctrl)\
493 static const EVP_CIPHER cname##_cbc = {\
494         nid##_cbc, block_size, key_len, iv_len, \
495         flags | EVP_CIPH_CBC_MODE,\
496         EVP_ORIG_GLOBAL,\
497         init_key,\
498         cname##_cbc_cipher,\
499         cleanup,\
500         sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\
501                 sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\
502         set_asn1, get_asn1,\
503         ctrl, \
504         NULL \
505 };\
506 const EVP_CIPHER *EVP_##cname##_cbc(void) { return &cname##_cbc; }\
507 static const EVP_CIPHER cname##_cfb = {\
508         nid##_cfb64, 1, key_len, iv_len, \
509         flags | EVP_CIPH_CFB_MODE,\
510         EVP_ORIG_GLOBAL,\
511         init_key,\
512         cname##_cfb_cipher,\
513         cleanup,\
514         sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\
515                 sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\
516         set_asn1, get_asn1,\
517         ctrl,\
518         NULL \
519 };\
520 const EVP_CIPHER *EVP_##cname##_cfb(void) { return &cname##_cfb; }\
521 static const EVP_CIPHER cname##_ofb = {\
522         nid##_ofb64, 1, key_len, iv_len, \
523         flags | EVP_CIPH_OFB_MODE,\
524         EVP_ORIG_GLOBAL,\
525         init_key,\
526         cname##_ofb_cipher,\
527         cleanup,\
528         sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\
529                 sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\
530         set_asn1, get_asn1,\
531         ctrl,\
532         NULL \
533 };\
534 const EVP_CIPHER *EVP_##cname##_ofb(void) { return &cname##_ofb; }\
535 static const EVP_CIPHER cname##_ecb = {\
536         nid##_ecb, block_size, key_len, iv_len, \
537         flags | EVP_CIPH_ECB_MODE,\
538         EVP_ORIG_GLOBAL,\
539         init_key,\
540         cname##_ecb_cipher,\
541         cleanup,\
542         sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\
543                 sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\
544         set_asn1, get_asn1,\
545         ctrl,\
546         NULL \
547 };\
548 const EVP_CIPHER *EVP_##cname##_ecb(void) { return &cname##_ecb; }
549 */
550 
551 #define IMPLEMENT_BLOCK_CIPHER(cname, ksched, cprefix, kstruct, nid, \
552                                block_size, key_len, iv_len, cbits, \
553                                flags, init_key, \
554                                cleanup, set_asn1, get_asn1, ctrl) \
555         BLOCK_CIPHER_all_funcs(cname, cprefix, cbits, kstruct, ksched) \
556         BLOCK_CIPHER_defs(cname, kstruct, nid, block_size, key_len, iv_len, \
557                           cbits, flags, init_key, cleanup, set_asn1, \
558                           get_asn1, ctrl)
559 
560 #define IMPLEMENT_CFBR(cipher,cprefix,kstruct,ksched,keysize,cbits,iv_len,fl) \
561         BLOCK_CIPHER_func_cfb(cipher##_##keysize,cprefix,cbits,kstruct,ksched) \
562         BLOCK_CIPHER_def_cfb(cipher##_##keysize,kstruct, \
563                              NID_##cipher##_##keysize, keysize/8, iv_len, cbits, \
564                              (fl)|EVP_CIPH_FLAG_DEFAULT_ASN1, \
565                              cipher##_init_key, NULL, NULL, NULL, NULL)
566 
567 typedef struct {
568     unsigned char iv[EVP_MAX_IV_LENGTH];
569     unsigned int iv_len;
570     unsigned int tag_len;
571 } evp_cipher_aead_asn1_params;
572 
573 int evp_cipher_param_to_asn1_ex(EVP_CIPHER_CTX *c, ASN1_TYPE *type,
574                                 evp_cipher_aead_asn1_params *params);
575 
576 int evp_cipher_asn1_to_param_ex(EVP_CIPHER_CTX *c, ASN1_TYPE *type,
577                                 evp_cipher_aead_asn1_params *params);
578 
579 /*
580  * To support transparent execution of operation in backends other
581  * than the "origin" key, we support transparent export/import to
582  * those providers, and maintain a cache of the imported keydata,
583  * so we don't need to redo the export/import every time we perform
584  * the same operation in that same provider.
585  * This requires that the "origin" backend (whether it's a legacy or a
586  * provider "origin") implements exports, and that the target provider
587  * has an EVP_KEYMGMT that implements import.
588  */
589 typedef struct {
590     EVP_KEYMGMT *keymgmt;
591     void *keydata;
592     int selection;
593 } OP_CACHE_ELEM;
594 
595 DEFINE_STACK_OF(OP_CACHE_ELEM)
596 
597 /*
598  * An EVP_PKEY can have the following states:
599  *
600  * untyped & empty:
601  *
602  *     type == EVP_PKEY_NONE && keymgmt == NULL
603  *
604  * typed & empty:
605  *
606  *     (type != EVP_PKEY_NONE && pkey.ptr == NULL)      ## legacy (libcrypto only)
607  *     || (keymgmt != NULL && keydata == NULL)          ## provider side
608  *
609  * fully assigned:
610  *
611  *     (type != EVP_PKEY_NONE && pkey.ptr != NULL)      ## legacy (libcrypto only)
612  *     || (keymgmt != NULL && keydata != NULL)          ## provider side
613  *
614  * The easiest way to detect a legacy key is:
615  *
616  *     keymgmt == NULL && type != EVP_PKEY_NONE
617  *
618  * The easiest way to detect a provider side key is:
619  *
620  *     keymgmt != NULL
621  */
622 #define evp_pkey_is_blank(pk)                                   \
623     ((pk)->type == EVP_PKEY_NONE && (pk)->keymgmt == NULL)
624 #define evp_pkey_is_typed(pk)                                   \
625     ((pk)->type != EVP_PKEY_NONE || (pk)->keymgmt != NULL)
626 #ifndef FIPS_MODULE
627 # define evp_pkey_is_assigned(pk)                               \
628     ((pk)->pkey.ptr != NULL || (pk)->keydata != NULL)
629 #else
630 # define evp_pkey_is_assigned(pk)                               \
631     ((pk)->keydata != NULL)
632 #endif
633 #define evp_pkey_is_legacy(pk)                                  \
634     ((pk)->type != EVP_PKEY_NONE && (pk)->keymgmt == NULL)
635 #define evp_pkey_is_provided(pk)                                \
636     ((pk)->keymgmt != NULL)
637 
638 union legacy_pkey_st {
639     void *ptr;
640     struct rsa_st *rsa;     /* RSA */
641 #  ifndef OPENSSL_NO_DSA
642     struct dsa_st *dsa;     /* DSA */
643 #  endif
644 #  ifndef OPENSSL_NO_DH
645     struct dh_st *dh;       /* DH */
646 #  endif
647 #  ifndef OPENSSL_NO_EC
648     struct ec_key_st *ec;   /* ECC */
649     ECX_KEY *ecx;           /* X25519, X448, Ed25519, Ed448 */
650 #  endif
651 };
652 
653 struct evp_pkey_st {
654     /* == Legacy attributes == */
655     int type;
656     int save_type;
657 
658 # ifndef FIPS_MODULE
659     /*
660      * Legacy key "origin" is composed of a pointer to an EVP_PKEY_ASN1_METHOD,
661      * a pointer to a low level key and possibly a pointer to an engine.
662      */
663     const EVP_PKEY_ASN1_METHOD *ameth;
664     ENGINE *engine;
665     ENGINE *pmeth_engine; /* If not NULL public key ENGINE to use */
666 
667     /* Union to store the reference to an origin legacy key */
668     union legacy_pkey_st pkey;
669 
670     /* Union to store the reference to a non-origin legacy key */
671     union legacy_pkey_st legacy_cache_pkey;
672 # endif
673 
674     /* == Common attributes == */
675     CRYPTO_REF_COUNT references;
676     CRYPTO_RWLOCK *lock;
677 #ifndef FIPS_MODULE
678     STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */
679     int save_parameters;
680     unsigned int foreign:1; /* the low-level key is using an engine or an app-method */
681     CRYPTO_EX_DATA ex_data;
682 #endif
683 
684     /* == Provider attributes == */
685 
686     /*
687      * Provider keydata "origin" is composed of a pointer to an EVP_KEYMGMT
688      * and a pointer to the provider side key data.  This is never used at
689      * the same time as the legacy key data above.
690      */
691     EVP_KEYMGMT *keymgmt;
692     void *keydata;
693     /*
694      * If any libcrypto code does anything that may modify the keydata
695      * contents, this dirty counter must be incremented.
696      */
697     size_t dirty_cnt;
698 
699     /*
700      * To support transparent execution of operation in backends other
701      * than the "origin" key, we support transparent export/import to
702      * those providers, and maintain a cache of the imported keydata,
703      * so we don't need to redo the export/import every time we perform
704      * the same operation in that same provider.
705      */
706     STACK_OF(OP_CACHE_ELEM) *operation_cache;
707 
708     /*
709      * We keep a copy of that "origin"'s dirty count, so we know if the
710      * operation cache needs flushing.
711      */
712     size_t dirty_cnt_copy;
713 
714     /* Cache of key object information */
715     struct {
716         int bits;
717         int security_bits;
718         int size;
719     } cache;
720 } /* EVP_PKEY */ ;
721 
722 #define EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx) \
723     ((ctx)->operation == EVP_PKEY_OP_SIGN \
724      || (ctx)->operation == EVP_PKEY_OP_SIGNCTX \
725      || (ctx)->operation == EVP_PKEY_OP_VERIFY \
726      || (ctx)->operation == EVP_PKEY_OP_VERIFYCTX \
727      || (ctx)->operation == EVP_PKEY_OP_VERIFYRECOVER)
728 
729 #define EVP_PKEY_CTX_IS_DERIVE_OP(ctx) \
730     ((ctx)->operation == EVP_PKEY_OP_DERIVE)
731 
732 #define EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(ctx) \
733     ((ctx)->operation == EVP_PKEY_OP_ENCRYPT \
734      || (ctx)->operation == EVP_PKEY_OP_DECRYPT)
735 
736 #define EVP_PKEY_CTX_IS_GEN_OP(ctx) \
737     ((ctx)->operation == EVP_PKEY_OP_PARAMGEN \
738      || (ctx)->operation == EVP_PKEY_OP_KEYGEN)
739 
740 #define EVP_PKEY_CTX_IS_FROMDATA_OP(ctx) \
741     ((ctx)->operation == EVP_PKEY_OP_FROMDATA)
742 
743 #define EVP_PKEY_CTX_IS_KEM_OP(ctx) \
744     ((ctx)->operation == EVP_PKEY_OP_ENCAPSULATE \
745      || (ctx)->operation == EVP_PKEY_OP_DECAPSULATE)
746 
747 void openssl_add_all_ciphers_int(void);
748 void openssl_add_all_digests_int(void);
749 void evp_cleanup_int(void);
750 void evp_app_cleanup_int(void);
751 void *evp_pkey_export_to_provider(EVP_PKEY *pk, OSSL_LIB_CTX *libctx,
752                                   EVP_KEYMGMT **keymgmt,
753                                   const char *propquery);
754 #ifndef FIPS_MODULE
755 int evp_pkey_copy_downgraded(EVP_PKEY **dest, const EVP_PKEY *src);
756 void *evp_pkey_get_legacy(EVP_PKEY *pk);
757 void evp_pkey_free_legacy(EVP_PKEY *x);
758 EVP_PKEY *evp_pkcs82pkey_legacy(const PKCS8_PRIV_KEY_INFO *p8inf,
759                                 OSSL_LIB_CTX *libctx, const char *propq);
760 #endif
761 
762 /*
763  * KEYMGMT utility functions
764  */
765 
766 /*
767  * Key import structure and helper function, to be used as an export callback
768  */
769 struct evp_keymgmt_util_try_import_data_st {
770     EVP_KEYMGMT *keymgmt;
771     void *keydata;
772 
773     int selection;
774 };
775 int evp_keymgmt_util_try_import(const OSSL_PARAM params[], void *arg);
776 int evp_keymgmt_util_assign_pkey(EVP_PKEY *pkey, EVP_KEYMGMT *keymgmt,
777                                  void *keydata);
778 EVP_PKEY *evp_keymgmt_util_make_pkey(EVP_KEYMGMT *keymgmt, void *keydata);
779 
780 int evp_keymgmt_util_export(const EVP_PKEY *pk, int selection,
781                             OSSL_CALLBACK *export_cb, void *export_cbarg);
782 void *evp_keymgmt_util_export_to_provider(EVP_PKEY *pk, EVP_KEYMGMT *keymgmt,
783                                           int selection);
784 OP_CACHE_ELEM *evp_keymgmt_util_find_operation_cache(EVP_PKEY *pk,
785                                                      EVP_KEYMGMT *keymgmt,
786                                                      int selection);
787 int evp_keymgmt_util_clear_operation_cache(EVP_PKEY *pk, int locking);
788 int evp_keymgmt_util_cache_keydata(EVP_PKEY *pk, EVP_KEYMGMT *keymgmt,
789                                    void *keydata, int selection);
790 void evp_keymgmt_util_cache_keyinfo(EVP_PKEY *pk);
791 void *evp_keymgmt_util_fromdata(EVP_PKEY *target, EVP_KEYMGMT *keymgmt,
792                                 int selection, const OSSL_PARAM params[]);
793 int evp_keymgmt_util_has(EVP_PKEY *pk, int selection);
794 int evp_keymgmt_util_match(EVP_PKEY *pk1, EVP_PKEY *pk2, int selection);
795 int evp_keymgmt_util_copy(EVP_PKEY *to, EVP_PKEY *from, int selection);
796 void *evp_keymgmt_util_gen(EVP_PKEY *target, EVP_KEYMGMT *keymgmt,
797                            void *genctx, OSSL_CALLBACK *cb, void *cbarg);
798 int evp_keymgmt_util_get_deflt_digest_name(EVP_KEYMGMT *keymgmt,
799                                            void *keydata,
800                                            char *mdname, size_t mdname_sz);
801 const char *evp_keymgmt_util_query_operation_name(EVP_KEYMGMT *keymgmt,
802                                                   int op_id);
803 
804 /*
805  * KEYMGMT provider interface functions
806  */
807 void *evp_keymgmt_newdata(const EVP_KEYMGMT *keymgmt);
808 void evp_keymgmt_freedata(const EVP_KEYMGMT *keymgmt, void *keyddata);
809 int evp_keymgmt_get_params(const EVP_KEYMGMT *keymgmt,
810                            void *keydata, OSSL_PARAM params[]);
811 int evp_keymgmt_set_params(const EVP_KEYMGMT *keymgmt,
812                            void *keydata, const OSSL_PARAM params[]);
813 void *evp_keymgmt_gen_init(const EVP_KEYMGMT *keymgmt, int selection,
814                            const OSSL_PARAM params[]);
815 int evp_keymgmt_gen_set_template(const EVP_KEYMGMT *keymgmt, void *genctx,
816                                  void *template);
817 int evp_keymgmt_gen_set_params(const EVP_KEYMGMT *keymgmt, void *genctx,
818                                const OSSL_PARAM params[]);
819 void *evp_keymgmt_gen(const EVP_KEYMGMT *keymgmt, void *genctx,
820                       OSSL_CALLBACK *cb, void *cbarg);
821 void evp_keymgmt_gen_cleanup(const EVP_KEYMGMT *keymgmt, void *genctx);
822 
823 int evp_keymgmt_has_load(const EVP_KEYMGMT *keymgmt);
824 void *evp_keymgmt_load(const EVP_KEYMGMT *keymgmt,
825                        const void *objref, size_t objref_sz);
826 
827 int evp_keymgmt_has(const EVP_KEYMGMT *keymgmt, void *keyddata, int selection);
828 int evp_keymgmt_validate(const EVP_KEYMGMT *keymgmt, void *keydata,
829                          int selection, int checktype);
830 int evp_keymgmt_match(const EVP_KEYMGMT *keymgmt,
831                       const void *keydata1, const void *keydata2,
832                       int selection);
833 
834 int evp_keymgmt_import(const EVP_KEYMGMT *keymgmt, void *keydata,
835                        int selection, const OSSL_PARAM params[]);
836 const OSSL_PARAM *evp_keymgmt_import_types(const EVP_KEYMGMT *keymgmt,
837                                            int selection);
838 int evp_keymgmt_export(const EVP_KEYMGMT *keymgmt, void *keydata,
839                        int selection, OSSL_CALLBACK *param_cb, void *cbarg);
840 const OSSL_PARAM *evp_keymgmt_export_types(const EVP_KEYMGMT *keymgmt,
841                                            int selection);
842 void *evp_keymgmt_dup(const EVP_KEYMGMT *keymgmt,
843                       const void *keydata_from, int selection);
844 EVP_KEYMGMT *evp_keymgmt_fetch_from_prov(OSSL_PROVIDER *prov,
845                                          const char *name,
846                                          const char *properties);
847 
848 /* Pulling defines out of C source files */
849 
850 # define EVP_RC4_KEY_SIZE 16
851 # ifndef TLS1_1_VERSION
852 #  define TLS1_1_VERSION   0x0302
853 # endif
854 
855 void evp_encode_ctx_set_flags(EVP_ENCODE_CTX *ctx, unsigned int flags);
856 
857 /* EVP_ENCODE_CTX flags */
858 /* Don't generate new lines when encoding */
859 #define EVP_ENCODE_CTX_NO_NEWLINES          1
860 /* Use the SRP base64 alphabet instead of the standard one */
861 #define EVP_ENCODE_CTX_USE_SRP_ALPHABET     2
862 
863 const EVP_CIPHER *evp_get_cipherbyname_ex(OSSL_LIB_CTX *libctx,
864                                           const char *name);
865 const EVP_MD *evp_get_digestbyname_ex(OSSL_LIB_CTX *libctx,
866                                       const char *name);
867 
868 int ossl_pkcs5_pbkdf2_hmac_ex(const char *pass, int passlen,
869                               const unsigned char *salt, int saltlen, int iter,
870                               const EVP_MD *digest, int keylen,
871                               unsigned char *out,
872                               OSSL_LIB_CTX *libctx, const char *propq);
873 
874 # ifndef FIPS_MODULE
875 /*
876  * Internal helpers for stricter EVP_PKEY_CTX_{set,get}_params().
877  *
878  * Return 1 on success, 0 or negative for errors.
879  *
880  * In particular they return -2 if any of the params is not supported.
881  *
882  * They are not available in FIPS_MODULE as they depend on
883  *      - EVP_PKEY_CTX_{get,set}_params()
884  *      - EVP_PKEY_CTX_{gettable,settable}_params()
885  *
886  */
887 int evp_pkey_ctx_set_params_strict(EVP_PKEY_CTX *ctx, OSSL_PARAM *params);
888 int evp_pkey_ctx_get_params_strict(EVP_PKEY_CTX *ctx, OSSL_PARAM *params);
889 
890 EVP_MD_CTX *evp_md_ctx_new_ex(EVP_PKEY *pkey, const ASN1_OCTET_STRING *id,
891                               OSSL_LIB_CTX *libctx, const char *propq);
892 int evp_pkey_name2type(const char *name);
893 const char *evp_pkey_type2name(int type);
894 
895 int evp_pkey_ctx_set1_id_prov(EVP_PKEY_CTX *ctx, const void *id, int len);
896 int evp_pkey_ctx_get1_id_prov(EVP_PKEY_CTX *ctx, void *id);
897 int evp_pkey_ctx_get1_id_len_prov(EVP_PKEY_CTX *ctx, size_t *id_len);
898 
899 int evp_pkey_ctx_use_cached_data(EVP_PKEY_CTX *ctx);
900 # endif /* !defined(FIPS_MODULE) */
901 
902 int evp_method_store_cache_flush(OSSL_LIB_CTX *libctx);
903 int evp_method_store_remove_all_provided(const OSSL_PROVIDER *prov);
904 
905 int evp_default_properties_enable_fips_int(OSSL_LIB_CTX *libctx, int enable,
906                                            int loadconfig);
907 int evp_set_default_properties_int(OSSL_LIB_CTX *libctx, const char *propq,
908                                    int loadconfig, int mirrored);
909 char *evp_get_global_properties_str(OSSL_LIB_CTX *libctx, int loadconfig);
910 
911 void evp_md_ctx_clear_digest(EVP_MD_CTX *ctx, int force, int keep_digest);
912 
913 /* Three possible states: */
914 # define EVP_PKEY_STATE_UNKNOWN         0
915 # define EVP_PKEY_STATE_LEGACY          1
916 # define EVP_PKEY_STATE_PROVIDER        2
917 int evp_pkey_ctx_state(const EVP_PKEY_CTX *ctx);
918 
919 /* These two must ONLY be called for provider side operations */
920 int evp_pkey_ctx_ctrl_to_param(EVP_PKEY_CTX *ctx,
921                                int keytype, int optype,
922                                int cmd, int p1, void *p2);
923 int evp_pkey_ctx_ctrl_str_to_param(EVP_PKEY_CTX *ctx,
924                                    const char *name, const char *value);
925 
926 /* These two must ONLY be called for legacy operations */
927 int evp_pkey_ctx_set_params_to_ctrl(EVP_PKEY_CTX *ctx, const OSSL_PARAM *params);
928 int evp_pkey_ctx_get_params_to_ctrl(EVP_PKEY_CTX *ctx, OSSL_PARAM *params);
929 
930 /* This must ONLY be called for legacy EVP_PKEYs */
931 int evp_pkey_get_params_to_ctrl(const EVP_PKEY *pkey, OSSL_PARAM *params);
932 
933 /* Same as the public get0 functions but are not const */
934 # ifndef OPENSSL_NO_DEPRECATED_3_0
935 DH *evp_pkey_get0_DH_int(const EVP_PKEY *pkey);
936 EC_KEY *evp_pkey_get0_EC_KEY_int(const EVP_PKEY *pkey);
937 RSA *evp_pkey_get0_RSA_int(const EVP_PKEY *pkey);
938 # endif
939 
940 /* Get internal identification number routines */
941 int evp_asym_cipher_get_number(const EVP_ASYM_CIPHER *cipher);
942 int evp_cipher_get_number(const EVP_CIPHER *cipher);
943 int evp_kdf_get_number(const EVP_KDF *kdf);
944 int evp_kem_get_number(const EVP_KEM *wrap);
945 int evp_keyexch_get_number(const EVP_KEYEXCH *keyexch);
946 int evp_keymgmt_get_number(const EVP_KEYMGMT *keymgmt);
947 int evp_mac_get_number(const EVP_MAC *mac);
948 int evp_md_get_number(const EVP_MD *md);
949 int evp_rand_get_number(const EVP_RAND *rand);
950 int evp_signature_get_number(const EVP_SIGNATURE *signature);
951 
952 #endif /* OSSL_CRYPTO_EVP_H */
953