xref: /freebsd/crypto/openssl/include/internal/passphrase.h (revision e1e636193db45630c7881246d25902e57c43d24e)
1 /*
2  * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
3  *
4  * Licensed under the Apache License 2.0 (the "License").  You may not use
5  * this file except in compliance with the License.  You can obtain a copy
6  * in the file LICENSE in the source distribution or at
7  * https://www.openssl.org/source/license.html
8  */
9 
10 #ifndef OSSL_INTERNAL_PASSPHRASE_H
11 # define OSSL_INTERNAL_PASSPHRASE_H
12 # pragma once
13 
14 /*
15  * This is a passphrase reader bridge with bells and whistles.
16  *
17  * On one hand, an API may wish to offer all sorts of passphrase callback
18  * possibilities to users, or may have to do so for historical reasons.
19  * On the other hand, that same API may have demands from other interfaces,
20  * notably from the libcrypto <-> provider interface, which uses
21  * OSSL_PASSPHRASE_CALLBACK consistently.
22  *
23  * The structure and functions below are the fundaments for bridging one
24  * passphrase callback form to another.
25  *
26  * In addition, extra features are included (this may be a growing list):
27  *
28  * -   password caching.  This is to be used by APIs where it's likely
29  *     that the same passphrase may be asked for more than once, but the
30  *     user shouldn't get prompted more than once.  For example, this is
31  *     useful for OSSL_DECODER, which may have to use a passphrase while
32  *     trying to find out what input it has.
33  */
34 
35 /*
36  * Structure to hold whatever the calling user may specify.  This structure
37  * is intended to be integrated into API specific structures or to be used
38  * as a local on-stack variable type.  Therefore, no functions to allocate
39  * or freed it on the heap is offered.
40  */
41 struct ossl_passphrase_data_st {
42     enum {
43         is_expl_passphrase = 1, /* Explicit passphrase given by user */
44         is_pem_password,        /* pem_password_cb given by user */
45         is_ossl_passphrase,     /* OSSL_PASSPHRASE_CALLBACK given by user */
46         is_ui_method            /* UI_METHOD given by user */
47     } type;
48     union {
49         struct {
50             char *passphrase_copy;
51             size_t passphrase_len;
52         } expl_passphrase;
53 
54         struct {
55             pem_password_cb *password_cb;
56             void *password_cbarg;
57         } pem_password;
58 
59         struct {
60             OSSL_PASSPHRASE_CALLBACK *passphrase_cb;
61             void *passphrase_cbarg;
62         } ossl_passphrase;
63 
64         struct {
65             const UI_METHOD *ui_method;
66             void *ui_method_data;
67         } ui_method;
68     } _;
69 
70     /*-
71      * Flags section
72      */
73 
74     /* Set to indicate that caching should be done */
75     unsigned int flag_cache_passphrase:1;
76 
77     /*-
78      * Misc section: caches and other
79      */
80 
81     char *cached_passphrase;
82     size_t cached_passphrase_len;
83 };
84 
85 /* Structure manipulation */
86 
87 void ossl_pw_clear_passphrase_data(struct ossl_passphrase_data_st *data);
88 void ossl_pw_clear_passphrase_cache(struct ossl_passphrase_data_st *data);
89 
90 int ossl_pw_set_passphrase(struct ossl_passphrase_data_st *data,
91                            const unsigned char *passphrase,
92                            size_t passphrase_len);
93 int ossl_pw_set_pem_password_cb(struct ossl_passphrase_data_st *data,
94                                 pem_password_cb *cb, void *cbarg);
95 int ossl_pw_set_ossl_passphrase_cb(struct ossl_passphrase_data_st *data,
96                                    OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg);
97 int ossl_pw_set_ui_method(struct ossl_passphrase_data_st *data,
98                           const UI_METHOD *ui_method, void *ui_data);
99 
100 int ossl_pw_enable_passphrase_caching(struct ossl_passphrase_data_st *data);
101 int ossl_pw_disable_passphrase_caching(struct ossl_passphrase_data_st *data);
102 
103 /* Central function for direct calls */
104 
105 int ossl_pw_get_passphrase(char *pass, size_t pass_size, size_t *pass_len,
106                            const OSSL_PARAM params[], int verify,
107                            struct ossl_passphrase_data_st *data);
108 
109 /* Callback functions */
110 
111 /*
112  * All of these callback expect that the callback argument is a
113  * struct ossl_passphrase_data_st
114  */
115 
116 pem_password_cb ossl_pw_pem_password;
117 pem_password_cb ossl_pw_pvk_password;
118 /* One callback for encoding (verification prompt) and one for decoding */
119 OSSL_PASSPHRASE_CALLBACK ossl_pw_passphrase_callback_enc;
120 OSSL_PASSPHRASE_CALLBACK ossl_pw_passphrase_callback_dec;
121 
122 #endif
123