kris
/
boringssl
1
0
Förgrening 0
Kod Ärenden 0 Pull-förfrågningar 0 Släpp 0 Wiki Aktiviteter
Du kan inte välja fler än 25 ämnen Ämnen måste starta med en bokstav eller siffra, kan innehålla bindestreck ('-') och vara max 35 tecken långa.
4047 Incheckningar
12 Grenar
38 MiB
Träd: 2c673f15f6
Grenar Taggar
${ item.name }
Skapa branchen ${ searchTerm }
från '2c673f15f6'
${ noResults }
boringssl/crypto/evp/internal.h

internal.h 10 KiB
Normal vy Historik

Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
10 år sedan
Pull EVP_PKEY print hooks out of the main method table. This allows the static linker to drop it in consumers which don't need this stuff (i.e. all sane ones), once crypto/x509 falls off. This cuts down on a number of dependencies from the core crypto bits on crypto/asn1 and crypto/x509. BUG=499653 Change-Id: I76a10a04dcc444c1ded31683df9f87725a95a4e6 Reviewed-on: https://boringssl-review.googlesource.com/5660 Reviewed-by: Adam Langley <agl@google.com>
9 år sedan
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
10 år sedan
Decouple crypto/evp from the OID table. BUG=chromium:499653 Change-Id: I4e8d4af3129dbf61d4a8846ec9db685e83999d5e Reviewed-on: https://boringssl-review.googlesource.com/7565 Reviewed-by: Steven Valdez <svaldez@google.com> Reviewed-by: David Benjamin <davidben@google.com>
8 år sedan
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
10 år sedan
Implement new SPKI parsers. Many consumers need SPKI support (X.509, TLS, QUIC, WebCrypto), each with different ways to set signature parameters. SPKIs themselves can get complex with id-RSASSA-PSS keys which come with various constraints in the key parameters. This suggests we want a common in-library representation of an SPKI. This adds two new functions EVP_parse_public_key and EVP_marshal_public_key which converts EVP_PKEY to and from SPKI and implements X509_PUBKEY functions with them. EVP_PKEY seems to have been intended to be able to express the supported SPKI types with full-fidelity, so these APIs will continue this. This means future support for id-RSASSA-PSS would *not* repurpose EVP_PKEY_RSA. I'm worried about code assuming EVP_PKEY_RSA implies acting on the RSA* is legal. Instead, it'd add an EVP_PKEY_RSA_PSS and the data pointer would be some (exposed, so the caller may still check key size, etc.) RSA_PSS_KEY struct. Internally, the EVP_PKEY_CTX implementation would enforce the key constraints. If RSA_PSS_KEY would later need its own API, that code would move there, but that seems unlikely. Ideally we'd have a 1:1 correspondence with key OID, although we may have to fudge things if mistakes happen in standardization. (Whether or not X.509 reuses id-ecPublicKey for Ed25519, we'll give it a separate EVP_PKEY type.) DSA parsing hooks are still implemented, missing parameters and all for now. This isn't any worse than before. Decoupling from the giant crypto/obj OID table will be a later task. BUG=522228 Change-Id: I0e3964edf20cb795a18b0991d17e5ca8bce3e28c Reviewed-on: https://boringssl-review.googlesource.com/6861 Reviewed-by: Adam Langley <agl@google.com>
8 år sedan
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
10 år sedan
Implement new PKCS#8 parsers. As with SPKI parsers, the intent is make EVP_PKEY capture the key's constraints in full fidelity, so we'd have to add new types or store the information in the underlying key object if people introduce variant key types with weird constraints on them. Note that because PKCS#8 has a space for arbitrary attributes, this parser must admit a hole. I'm assuming for now that we don't need an API that enforces no attributes and just ignore trailing data in the structure for simplicity. BUG=499653 Change-Id: I6fc641355e87136c7220f5d7693566d1144a68e8 Reviewed-on: https://boringssl-review.googlesource.com/6866 Reviewed-by: Adam Langley <agl@google.com>
8 år sedan
Introduce EVP_PKEY_is_opaque to replace RSA_METHOD_FLAG_NO_CHECK. Custom RSA and ECDSA keys may not expose the key material. Plumb and "opaque" bit out of the *_METHOD up to EVP_PKEY. Query that in ssl_rsa.c to skip the sanity checks for certificate and key matching. Change-Id: I362a2d5116bfd1803560dfca1d69a91153e895fc Reviewed-on: https://boringssl-review.googlesource.com/1255 Reviewed-by: Adam Langley <agl@google.com>
10 år sedan
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
10 år sedan
Remove EVP_PKEY_HMAC. This removes EVP_PKEY_HMAC and all the support code around it. EVP_MD requires a lot of extra glue to support HMAC. This lets us prune it all away. As a bonus, it removes a (minor) dependency from EVP to the legacy ASN.1 stack. Change-Id: I5a9e3e39f518429828dbf13d14647fb37d9dc35a Reviewed-on: https://boringssl-review.googlesource.com/5120 Reviewed-by: Adam Langley <agl@google.com>
9 år sedan
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
10 år sedan
Remove unused EVP_PKEY_METHOD hooks. foo_init hooks are never implemented. Even upstream never uses them. The flags member is also never used. We also don't expose paramgen, so remove it. Change-Id: I51d9439316c5163520ab7168693c457f33e59417 Reviewed-on: https://boringssl-review.googlesource.com/6846 Reviewed-by: Adam Langley <alangley@gmail.com>
8 år sedan
Remove EVP_PKEY_HMAC. This removes EVP_PKEY_HMAC and all the support code around it. EVP_MD requires a lot of extra glue to support HMAC. This lets us prune it all away. As a bonus, it removes a (minor) dependency from EVP to the legacy ASN.1 stack. Change-Id: I5a9e3e39f518429828dbf13d14647fb37d9dc35a Reviewed-on: https://boringssl-review.googlesource.com/5120 Reviewed-by: Adam Langley <agl@google.com>
9 år sedan
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
10 år sedan
Remove unused EVP_PKEY_METHOD hooks. foo_init hooks are never implemented. Even upstream never uses them. The flags member is also never used. We also don't expose paramgen, so remove it. Change-Id: I51d9439316c5163520ab7168693c457f33e59417 Reviewed-on: https://boringssl-review.googlesource.com/6846 Reviewed-by: Adam Langley <alangley@gmail.com>
8 år sedan
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
10 år sedan
Normalize all EVP_PKEY_CTX_ctrl return values. No code within BoringSSL or Google (grep for EVP_PKEY_CTX_(ctrl|get|set)) is sensitive to the various failure cases. Normalize it all to 0/1 for simplicity. This does carry a slight risk: any new ctrl hooks we import from upstream that, like EVP_PKEY_CTX_get_rsa_oaep_md, return something other than success/failure cannot be called directly via EVP_PKEY_CTX_ctrl. They instead need to internally be routed through a struct like CBS and only called through the wrappers. To that end, unexport EVP_PKEY_CTX_ctrl and require that callers use the wrappers. No code in Google uses it directly and, if need be, switching to the wrapper would be an incredibly upstreamable patch. Change-Id: I3fd4e5a1a0f3d4d1c4122c52d4c74a5105b99cd5 Reviewed-on: https://boringssl-review.googlesource.com/3874 Reviewed-by: Adam Langley <agl@google.com>
9 år sedan
Remove EVP_PKEY_HMAC. This removes EVP_PKEY_HMAC and all the support code around it. EVP_MD requires a lot of extra glue to support HMAC. This lets us prune it all away. As a bonus, it removes a (minor) dependency from EVP to the legacy ASN.1 stack. Change-Id: I5a9e3e39f518429828dbf13d14647fb37d9dc35a Reviewed-on: https://boringssl-review.googlesource.com/5120 Reviewed-by: Adam Langley <agl@google.com>
9 år sedan
Normalize all EVP_PKEY_CTX_ctrl return values. No code within BoringSSL or Google (grep for EVP_PKEY_CTX_(ctrl|get|set)) is sensitive to the various failure cases. Normalize it all to 0/1 for simplicity. This does carry a slight risk: any new ctrl hooks we import from upstream that, like EVP_PKEY_CTX_get_rsa_oaep_md, return something other than success/failure cannot be called directly via EVP_PKEY_CTX_ctrl. They instead need to internally be routed through a struct like CBS and only called through the wrappers. To that end, unexport EVP_PKEY_CTX_ctrl and require that callers use the wrappers. No code in Google uses it directly and, if need be, switching to the wrapper would be an incredibly upstreamable patch. Change-Id: I3fd4e5a1a0f3d4d1c4122c52d4c74a5105b99cd5 Reviewed-on: https://boringssl-review.googlesource.com/3874 Reviewed-by: Adam Langley <agl@google.com>
9 år sedan
Remove EVP_PKEY_HMAC. This removes EVP_PKEY_HMAC and all the support code around it. EVP_MD requires a lot of extra glue to support HMAC. This lets us prune it all away. As a bonus, it removes a (minor) dependency from EVP to the legacy ASN.1 stack. Change-Id: I5a9e3e39f518429828dbf13d14647fb37d9dc35a Reviewed-on: https://boringssl-review.googlesource.com/5120 Reviewed-by: Adam Langley <agl@google.com>
9 år sedan
Normalize all EVP_PKEY_CTX_ctrl return values. No code within BoringSSL or Google (grep for EVP_PKEY_CTX_(ctrl|get|set)) is sensitive to the various failure cases. Normalize it all to 0/1 for simplicity. This does carry a slight risk: any new ctrl hooks we import from upstream that, like EVP_PKEY_CTX_get_rsa_oaep_md, return something other than success/failure cannot be called directly via EVP_PKEY_CTX_ctrl. They instead need to internally be routed through a struct like CBS and only called through the wrappers. To that end, unexport EVP_PKEY_CTX_ctrl and require that callers use the wrappers. No code in Google uses it directly and, if need be, switching to the wrapper would be an incredibly upstreamable patch. Change-Id: I3fd4e5a1a0f3d4d1c4122c52d4c74a5105b99cd5 Reviewed-on: https://boringssl-review.googlesource.com/3874 Reviewed-by: Adam Langley <agl@google.com>
9 år sedan
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
10 år sedan
Support EVP_PKEY_{sign,verify}_message with Ed25519. It's amazing how short p_ed25519.c is. BUG=187 Change-Id: Ib2a5fa7a4acf2087ece954506f81e91a1ed483e1 Reviewed-on: https://boringssl-review.googlesource.com/14449 Commit-Queue: David Benjamin <davidben@google.com> Reviewed-by: Adam Langley <agl@google.com>
7 år sedan
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
10 år sedan
Parse RSAPrivateKey with CBS. This removes the version field from RSA and instead handles versioning as part of parsing. (As a bonus, we now correctly limit multi-prime RSA to version 1 keys.) Most consumers are also converted. old_rsa_priv_{de,en}code are left alone for now. Those hooks are passed in parameters which match the old d2i/i2d pattern (they're only used in d2i_PrivateKey and i2d_PrivateKey). Include a test which, among other things, checks that public keys being serialized as private keys are handled properly. BUG=499653 Change-Id: Icdd5f0382c4a84f9c8867024f29756e1a306ba08 Reviewed-on: https://boringssl-review.googlesource.com/5273 Reviewed-by: Adam Langley <agl@google.com>
9 år sedan
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
10 år sedan
Support EVP_PKEY_{sign,verify}_message with Ed25519. It's amazing how short p_ed25519.c is. BUG=187 Change-Id: Ib2a5fa7a4acf2087ece954506f81e91a1ed483e1 Reviewed-on: https://boringssl-review.googlesource.com/14449 Commit-Queue: David Benjamin <davidben@google.com> Reviewed-by: Adam Langley <agl@google.com>
7 år sedan
Parse RSAPrivateKey with CBS. This removes the version field from RSA and instead handles versioning as part of parsing. (As a bonus, we now correctly limit multi-prime RSA to version 1 keys.) Most consumers are also converted. old_rsa_priv_{de,en}code are left alone for now. Those hooks are passed in parameters which match the old d2i/i2d pattern (they're only used in d2i_PrivateKey and i2d_PrivateKey). Include a test which, among other things, checks that public keys being serialized as private keys are handled properly. BUG=499653 Change-Id: Icdd5f0382c4a84f9c8867024f29756e1a306ba08 Reviewed-on: https://boringssl-review.googlesource.com/5273 Reviewed-by: Adam Langley <agl@google.com>
9 år sedan
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
10 år sedan
Support EVP_PKEY_{sign,verify}_message with Ed25519. It's amazing how short p_ed25519.c is. BUG=187 Change-Id: Ib2a5fa7a4acf2087ece954506f81e91a1ed483e1 Reviewed-on: https://boringssl-review.googlesource.com/14449 Commit-Queue: David Benjamin <davidben@google.com> Reviewed-by: Adam Langley <agl@google.com>
7 år sedan
Tweaks for node.js node.js is, effectively, another bindings library. However, it's better written than most and, with these changes, only a couple of tiny fixes are needed in node.js. Some of these changes are a little depressing however so we'll need to push node.js to use APIs where possible. Changes: ∙ Support verify_recover. This is very obscure and the motivation appears to be https://github.com/nodejs/node/issues/477 – where it's not clear that anyone understands what it means :( ∙ Add a few, no-op #defines ∙ Add some members to |SSL_CTX| and |SSL| – node.js needs to not reach into these structs in the future. ∙ Add EC_get_builtin_curves. ∙ Add EVP_[CIPHER|MD]_do_all_sorted – these functions are limited to decrepit. Change-Id: I9a3566054260d6c4db9d430beb7c46cc970a9d46 Reviewed-on: https://boringssl-review.googlesource.com/6952 Reviewed-by: Adam Langley <agl@google.com>
8 år sedan
Parse RSAPrivateKey with CBS. This removes the version field from RSA and instead handles versioning as part of parsing. (As a bonus, we now correctly limit multi-prime RSA to version 1 keys.) Most consumers are also converted. old_rsa_priv_{de,en}code are left alone for now. Those hooks are passed in parameters which match the old d2i/i2d pattern (they're only used in d2i_PrivateKey and i2d_PrivateKey). Include a test which, among other things, checks that public keys being serialized as private keys are handled properly. BUG=499653 Change-Id: Icdd5f0382c4a84f9c8867024f29756e1a306ba08 Reviewed-on: https://boringssl-review.googlesource.com/5273 Reviewed-by: Adam Langley <agl@google.com>
9 år sedan
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
10 år sedan
Parse RSAPrivateKey with CBS. This removes the version field from RSA and instead handles versioning as part of parsing. (As a bonus, we now correctly limit multi-prime RSA to version 1 keys.) Most consumers are also converted. old_rsa_priv_{de,en}code are left alone for now. Those hooks are passed in parameters which match the old d2i/i2d pattern (they're only used in d2i_PrivateKey and i2d_PrivateKey). Include a test which, among other things, checks that public keys being serialized as private keys are handled properly. BUG=499653 Change-Id: Icdd5f0382c4a84f9c8867024f29756e1a306ba08 Reviewed-on: https://boringssl-review.googlesource.com/5273 Reviewed-by: Adam Langley <agl@google.com>
9 år sedan
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
10 år sedan
Parse RSAPrivateKey with CBS. This removes the version field from RSA and instead handles versioning as part of parsing. (As a bonus, we now correctly limit multi-prime RSA to version 1 keys.) Most consumers are also converted. old_rsa_priv_{de,en}code are left alone for now. Those hooks are passed in parameters which match the old d2i/i2d pattern (they're only used in d2i_PrivateKey and i2d_PrivateKey). Include a test which, among other things, checks that public keys being serialized as private keys are handled properly. BUG=499653 Change-Id: Icdd5f0382c4a84f9c8867024f29756e1a306ba08 Reviewed-on: https://boringssl-review.googlesource.com/5273 Reviewed-by: Adam Langley <agl@google.com>
9 år sedan
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
10 år sedan
Support EVP_PKEY_{sign,verify}_message with Ed25519. It's amazing how short p_ed25519.c is. BUG=187 Change-Id: Ib2a5fa7a4acf2087ece954506f81e91a1ed483e1 Reviewed-on: https://boringssl-review.googlesource.com/14449 Commit-Queue: David Benjamin <davidben@google.com> Reviewed-by: Adam Langley <agl@google.com>
7 år sedan
Become partially -Wmissing-variable-declarations-clean. There's a few things that will be kind of a nuisance and possibly not worth it (crypto/asn1 dumps a lot of undeclared things, etc.). But it caught some mistakes. Even without the warning, making sure to include the externs before defining a function helps catch type mismatches. Change-Id: I3dab282aaba6023e7cebc94ed7a767a5d7446b08 Reviewed-on: https://boringssl-review.googlesource.com/6484 Reviewed-by: Adam Langley <agl@google.com>
9 år sedan
Implement draft-ietf-curdle-pkix-04's serialization. The resulting EVP_PKEYs do not do anything useful yet, but we are able to parse them. Teaching them to sign will be done in a follow-up. Creating these from in-memory keys is also slightly different from other types. We don't have or need a public ED25519_KEY struct in curve25519.h, so I've added tighter constructor functions which should hopefully be easier to use anyway. BUG=187 Change-Id: I0bbeea37350d4fdca05b6c6c0f152c15e6ade5bb Reviewed-on: https://boringssl-review.googlesource.com/14446 Commit-Queue: David Benjamin <davidben@google.com> Reviewed-by: Adam Langley <agl@google.com>
7 år sedan
Become partially -Wmissing-variable-declarations-clean. There's a few things that will be kind of a nuisance and possibly not worth it (crypto/asn1 dumps a lot of undeclared things, etc.). But it caught some mistakes. Even without the warning, making sure to include the externs before defining a function helps catch type mismatches. Change-Id: I3dab282aaba6023e7cebc94ed7a767a5d7446b08 Reviewed-on: https://boringssl-review.googlesource.com/6484 Reviewed-by: Adam Langley <agl@google.com>
9 år sedan
Support EVP_PKEY_{sign,verify}_message with Ed25519. It's amazing how short p_ed25519.c is. BUG=187 Change-Id: Ib2a5fa7a4acf2087ece954506f81e91a1ed483e1 Reviewed-on: https://boringssl-review.googlesource.com/14449 Commit-Queue: David Benjamin <davidben@google.com> Reviewed-by: Adam Langley <agl@google.com>
7 år sedan
Become partially -Wmissing-variable-declarations-clean. There's a few things that will be kind of a nuisance and possibly not worth it (crypto/asn1 dumps a lot of undeclared things, etc.). But it caught some mistakes. Even without the warning, making sure to include the externs before defining a function helps catch type mismatches. Change-Id: I3dab282aaba6023e7cebc94ed7a767a5d7446b08 Reviewed-on: https://boringssl-review.googlesource.com/6484 Reviewed-by: Adam Langley <agl@google.com>
9 år sedan
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
10 år sedan
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252 
  1. /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)

  2.  * All rights reserved.

  3.  *

  4.  * This package is an SSL implementation written

  5.  * by Eric Young (eay@cryptsoft.com).

  6.  * The implementation was written so as to conform with Netscapes SSL.

  7.  *

  8.  * This library is free for commercial and non-commercial use as long as

  9.  * the following conditions are aheared to.  The following conditions

  10.  * apply to all code found in this distribution, be it the RC4, RSA,

  11.  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

  12.  * included with this distribution is covered by the same copyright terms

  13.  * except that the holder is Tim Hudson (tjh@cryptsoft.com).

  14.  *

  15.  * Copyright remains Eric Young's, and as such any Copyright notices in

  16.  * the code are not to be removed.

  17.  * If this package is used in a product, Eric Young should be given attribution

  18.  * as the author of the parts of the library used.

  19.  * This can be in the form of a textual message at program startup or

  20.  * in documentation (online or textual) provided with the package.

  21.  *

  22.  * Redistribution and use in source and binary forms, with or without

  23.  * modification, are permitted provided that the following conditions

  24.  * are met:

  25.  * 1. Redistributions of source code must retain the copyright

  26.  *    notice, this list of conditions and the following disclaimer.

  27.  * 2. Redistributions in binary form must reproduce the above copyright

  28.  *    notice, this list of conditions and the following disclaimer in the

  29.  *    documentation and/or other materials provided with the distribution.

  30.  * 3. All advertising materials mentioning features or use of this software

  31.  *    must display the following acknowledgement:

  32.  *    "This product includes cryptographic software written by

  33.  *     Eric Young (eay@cryptsoft.com)"

  34.  *    The word 'cryptographic' can be left out if the rouines from the library

  35.  *    being used are not cryptographic related :-).

  36.  * 4. If you include any Windows specific code (or a derivative thereof) from

  37.  *    the apps directory (application code) you must include an acknowledgement:

  38.  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"

  39.  *

  40.  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

  41.  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

  42.  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

  43.  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

  44.  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

  45.  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

  46.  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

  47.  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

  48.  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

  49.  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

  50.  * SUCH DAMAGE.

  51.  *

  52.  * The licence and distribution terms for any publically available version or

  53.  * derivative of this code cannot be changed.  i.e. this code cannot simply be

  54.  * copied and put under another distribution licence

  55.  * [including the GNU Public Licence.] */

  56. 

  57. #ifndef OPENSSL_HEADER_EVP_INTERNAL_H

  58. #define OPENSSL_HEADER_EVP_INTERNAL_H

  59. 

  60. #include <openssl/base.h>

  61. 

  62. #include <openssl/rsa.h>

  63. 

  64. #if defined(__cplusplus)

  65. extern "C" {

  66. #endif

  67. 

  68. 

  69. struct evp_pkey_asn1_method_st {

  70.   int pkey_id;

  71.   uint8_t oid[9];

  72.   uint8_t oid_len;

  73. 

  74.   /* pub_decode decodes |params| and |key| as a SubjectPublicKeyInfo

  75.    * and writes the result into |out|. It returns one on success and zero on

  76.    * error. |params| is the AlgorithmIdentifier after the OBJECT IDENTIFIER

  77.    * type field, and |key| is the contents of the subjectPublicKey with the

  78.    * leading padding byte checked and removed. Although X.509 uses BIT STRINGs

  79.    * to represent SubjectPublicKeyInfo, every key type defined encodes the key

  80.    * as a byte string with the same conversion to BIT STRING. */

  81.   int (*pub_decode)(EVP_PKEY *out, CBS *params, CBS *key);

  82. 

  83.   /* pub_encode encodes |key| as a SubjectPublicKeyInfo and appends the result

  84.    * to |out|. It returns one on success and zero on error. */

  85.   int (*pub_encode)(CBB *out, const EVP_PKEY *key);

  86. 

  87.   int (*pub_cmp)(const EVP_PKEY *a, const EVP_PKEY *b);

  88. 

  89.   /* priv_decode decodes |params| and |key| as a PrivateKeyInfo and writes the

  90.    * result into |out|. It returns one on success and zero on error. |params| is

  91.    * the AlgorithmIdentifier after the OBJECT IDENTIFIER type field, and |key|

  92.    * is the contents of the OCTET STRING privateKey field. */

  93.   int (*priv_decode)(EVP_PKEY *out, CBS *params, CBS *key);

  94. 

  95.   /* priv_encode encodes |key| as a PrivateKeyInfo and appends the result to

  96.    * |out|. It returns one on success and zero on error. */

  97.   int (*priv_encode)(CBB *out, const EVP_PKEY *key);

  98. 

  99.   /* pkey_opaque returns 1 if the |pk| is opaque. Opaque keys are backed by

  100.    * custom implementations which do not expose key material and parameters.*/

  101.   int (*pkey_opaque)(const EVP_PKEY *pk);

  102. 

  103.   int (*pkey_size)(const EVP_PKEY *pk);

  104.   int (*pkey_bits)(const EVP_PKEY *pk);

  105. 

  106.   int (*param_missing)(const EVP_PKEY *pk);

  107.   int (*param_copy)(EVP_PKEY *to, const EVP_PKEY *from);

  108.   int (*param_cmp)(const EVP_PKEY *a, const EVP_PKEY *b);

  109. 

  110.   void (*pkey_free)(EVP_PKEY *pkey);

  111. } /* EVP_PKEY_ASN1_METHOD */;

  112. 

  113. 

  114. #define EVP_PKEY_OP_UNDEFINED 0

  115. #define EVP_PKEY_OP_KEYGEN (1 << 2)

  116. #define EVP_PKEY_OP_SIGN (1 << 3)

  117. #define EVP_PKEY_OP_VERIFY (1 << 4)

  118. #define EVP_PKEY_OP_VERIFYRECOVER (1 << 5)

  119. #define EVP_PKEY_OP_ENCRYPT (1 << 6)

  120. #define EVP_PKEY_OP_DECRYPT (1 << 7)

  121. #define EVP_PKEY_OP_DERIVE (1 << 8)

  122. 

  123. #define EVP_PKEY_OP_TYPE_SIG \

  124.   (EVP_PKEY_OP_SIGN | EVP_PKEY_OP_VERIFY | EVP_PKEY_OP_VERIFYRECOVER)

  125. 

  126. #define EVP_PKEY_OP_TYPE_CRYPT (EVP_PKEY_OP_ENCRYPT | EVP_PKEY_OP_DECRYPT)

  127. 

  128. #define EVP_PKEY_OP_TYPE_NOGEN \

  129.   (EVP_PKEY_OP_SIG | EVP_PKEY_OP_CRYPT | EVP_PKEY_OP_DERIVE)

  130. 

  131. #define EVP_PKEY_OP_TYPE_GEN EVP_PKEY_OP_KEYGEN

  132. 

  133. /* EVP_PKEY_CTX_ctrl performs |cmd| on |ctx|. The |keytype| and |optype|

  134.  * arguments can be -1 to specify that any type and operation are acceptable,

  135.  * otherwise |keytype| must match the type of |ctx| and the bits of |optype|

  136.  * must intersect the operation flags set on |ctx|.

  137.  *

  138.  * The |p1| and |p2| arguments depend on the value of |cmd|.

  139.  *

  140.  * It returns one on success and zero on error. */

  141. OPENSSL_EXPORT int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype,

  142.                                      int cmd, int p1, void *p2);

  143. 

  144. #define EVP_PKEY_CTRL_MD 1

  145. #define EVP_PKEY_CTRL_GET_MD 2

  146. 

  147. /* EVP_PKEY_CTRL_PEER_KEY is called with different values of |p1|:

  148.  *   0: Is called from |EVP_PKEY_derive_set_peer| and |p2| contains a peer key.

  149.  *      If the return value is <= 0, the key is rejected.

  150.  *   1: Is called at the end of |EVP_PKEY_derive_set_peer| and |p2| contains a

  151.  *      peer key. If the return value is <= 0, the key is rejected.

  152.  *   2: Is called with |p2| == NULL to test whether the peer's key was used.

  153.  *      (EC)DH always return one in this case.

  154.  *   3: Is called with |p2| == NULL to set whether the peer's key was used.

  155.  *      (EC)DH always return one in this case. This was only used for GOST. */

  156. #define EVP_PKEY_CTRL_PEER_KEY 3

  157. 

  158. /* EVP_PKEY_ALG_CTRL is the base value from which key-type specific ctrl

  159.  * commands are numbered. */

  160. #define EVP_PKEY_ALG_CTRL 0x1000

  161. 

  162. #define EVP_PKEY_CTRL_RSA_PADDING (EVP_PKEY_ALG_CTRL + 1)

  163. #define EVP_PKEY_CTRL_GET_RSA_PADDING (EVP_PKEY_ALG_CTRL + 2)

  164. #define EVP_PKEY_CTRL_RSA_PSS_SALTLEN (EVP_PKEY_ALG_CTRL + 3)

  165. #define EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN (EVP_PKEY_ALG_CTRL + 4)

  166. #define EVP_PKEY_CTRL_RSA_KEYGEN_BITS (EVP_PKEY_ALG_CTRL + 5)

  167. #define EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP (EVP_PKEY_ALG_CTRL + 6)

  168. #define EVP_PKEY_CTRL_RSA_OAEP_MD (EVP_PKEY_ALG_CTRL + 7)

  169. #define EVP_PKEY_CTRL_GET_RSA_OAEP_MD (EVP_PKEY_ALG_CTRL + 8)

  170. #define EVP_PKEY_CTRL_RSA_MGF1_MD (EVP_PKEY_ALG_CTRL + 9)

  171. #define EVP_PKEY_CTRL_GET_RSA_MGF1_MD (EVP_PKEY_ALG_CTRL + 10)

  172. #define EVP_PKEY_CTRL_RSA_OAEP_LABEL (EVP_PKEY_ALG_CTRL + 11)

  173. #define EVP_PKEY_CTRL_GET_RSA_OAEP_LABEL (EVP_PKEY_ALG_CTRL + 12)

  174. 

  175. struct evp_pkey_ctx_st {

  176.   /* Method associated with this operation */

  177.   const EVP_PKEY_METHOD *pmeth;

  178.   /* Engine that implements this method or NULL if builtin */

  179.   ENGINE *engine;

  180.   /* Key: may be NULL */

  181.   EVP_PKEY *pkey;

  182.   /* Peer key for key agreement, may be NULL */

  183.   EVP_PKEY *peerkey;

  184.   /* operation contains one of the |EVP_PKEY_OP_*| values. */

  185.   int operation;

  186.   /* Algorithm specific data */

  187.   void *data;

  188. } /* EVP_PKEY_CTX */;

  189. 

  190. struct evp_pkey_method_st {

  191.   int pkey_id;

  192. 

  193.   int (*init)(EVP_PKEY_CTX *ctx);

  194.   int (*copy)(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src);

  195.   void (*cleanup)(EVP_PKEY_CTX *ctx);

  196. 

  197.   int (*keygen)(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey);

  198. 

  199.   int (*sign)(EVP_PKEY_CTX *ctx, uint8_t *sig, size_t *siglen,

  200.               const uint8_t *tbs, size_t tbslen);

  201. 

  202.   int (*sign_message)(EVP_PKEY_CTX *ctx, uint8_t *sig, size_t *siglen,

  203.                       const uint8_t *tbs, size_t tbslen);

  204. 

  205.   int (*verify)(EVP_PKEY_CTX *ctx, const uint8_t *sig, size_t siglen,

  206.                 const uint8_t *tbs, size_t tbslen);

  207. 

  208.   int (*verify_message)(EVP_PKEY_CTX *ctx, const uint8_t *sig, size_t siglen,

  209.                         const uint8_t *tbs, size_t tbslen);

  210. 

  211.   int (*verify_recover)(EVP_PKEY_CTX *ctx, uint8_t *out, size_t *out_len,

  212.                         const uint8_t *sig, size_t sig_len);

  213. 

  214.   int (*encrypt)(EVP_PKEY_CTX *ctx, uint8_t *out, size_t *outlen,

  215.                  const uint8_t *in, size_t inlen);

  216. 

  217.   int (*decrypt)(EVP_PKEY_CTX *ctx, uint8_t *out, size_t *outlen,

  218.                  const uint8_t *in, size_t inlen);

  219. 

  220.   int (*derive)(EVP_PKEY_CTX *ctx, uint8_t *key, size_t *keylen);

  221. 

  222.   int (*ctrl)(EVP_PKEY_CTX *ctx, int type, int p1, void *p2);

  223. } /* EVP_PKEY_METHOD */;

  224. 

  225. typedef struct {

  226.   union {

  227.     uint8_t priv[64];

  228.     struct {

  229.       /* Shift the location of the public key to align with where it is in the

  230.        * private key representation. */

  231.       uint8_t pad[32];

  232.       uint8_t value[32];

  233.     } pub;

  234.   } key;

  235.   char has_private;

  236. } ED25519_KEY;

  237. 

  238. extern const EVP_PKEY_ASN1_METHOD dsa_asn1_meth;

  239. extern const EVP_PKEY_ASN1_METHOD ec_asn1_meth;

  240. extern const EVP_PKEY_ASN1_METHOD rsa_asn1_meth;

  241. extern const EVP_PKEY_ASN1_METHOD ed25519_asn1_meth;

  242. 

  243. extern const EVP_PKEY_METHOD rsa_pkey_meth;

  244. extern const EVP_PKEY_METHOD ec_pkey_meth;

  245. extern const EVP_PKEY_METHOD ed25519_pkey_meth;

  246. 

  247. 

  248. #if defined(__cplusplus)

  249. }  /* extern C */

  250. #endif

  251. 

  252. #endif  /* OPENSSL_HEADER_EVP_INTERNAL_H */