kris
/
boringssl
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2230 Commits
12 Branches
38 MiB
 
 
 
 
 
 
Tree: acb2451807
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'acb2451807'
${ noResults }
boringssl/crypto/evp/internal.h

283 lines
12 KiB
Raw Blame History 

  1. /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)

  2.  * All rights reserved.

  3.  *

  4.  * This package is an SSL implementation written

  5.  * by Eric Young (eay@cryptsoft.com).

  6.  * The implementation was written so as to conform with Netscapes SSL.

  7.  *

  8.  * This library is free for commercial and non-commercial use as long as

  9.  * the following conditions are aheared to.  The following conditions

  10.  * apply to all code found in this distribution, be it the RC4, RSA,

  11.  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

  12.  * included with this distribution is covered by the same copyright terms

  13.  * except that the holder is Tim Hudson (tjh@cryptsoft.com).

  14.  *

  15.  * Copyright remains Eric Young's, and as such any Copyright notices in

  16.  * the code are not to be removed.

  17.  * If this package is used in a product, Eric Young should be given attribution

  18.  * as the author of the parts of the library used.

  19.  * This can be in the form of a textual message at program startup or

  20.  * in documentation (online or textual) provided with the package.

  21.  *

  22.  * Redistribution and use in source and binary forms, with or without

  23.  * modification, are permitted provided that the following conditions

  24.  * are met:

  25.  * 1. Redistributions of source code must retain the copyright

  26.  *    notice, this list of conditions and the following disclaimer.

  27.  * 2. Redistributions in binary form must reproduce the above copyright

  28.  *    notice, this list of conditions and the following disclaimer in the

  29.  *    documentation and/or other materials provided with the distribution.

  30.  * 3. All advertising materials mentioning features or use of this software

  31.  *    must display the following acknowledgement:

  32.  *    "This product includes cryptographic software written by

  33.  *     Eric Young (eay@cryptsoft.com)"

  34.  *    The word 'cryptographic' can be left out if the rouines from the library

  35.  *    being used are not cryptographic related :-).

  36.  * 4. If you include any Windows specific code (or a derivative thereof) from

  37.  *    the apps directory (application code) you must include an acknowledgement:

  38.  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"

  39.  *

  40.  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

  41.  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

  42.  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

  43.  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

  44.  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

  45.  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

  46.  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

  47.  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

  48.  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

  49.  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

  50.  * SUCH DAMAGE.

  51.  *

  52.  * The licence and distribution terms for any publically available version or

  53.  * derivative of this code cannot be changed.  i.e. this code cannot simply be

  54.  * copied and put under another distribution licence

  55.  * [including the GNU Public Licence.] */

  56. 

  57. #ifndef OPENSSL_HEADER_EVP_INTERNAL_H

  58. #define OPENSSL_HEADER_EVP_INTERNAL_H

  59. 

  60. #include <openssl/base.h>

  61. 

  62. #if defined(__cplusplus)

  63. extern "C" {

  64. #endif

  65. 

  66. 

  67. /* These values are flags for EVP_PKEY_ASN1_METHOD.flags. */

  68. 

  69. /* ASN1_PKEY_SIGPARAM_NULL controls whether the default behavior of

  70.  * EVP_DigestSignAlgorithm writes an explicit NULL parameter in the

  71.  * AlgorithmIdentifier. */

  72. #define ASN1_PKEY_SIGPARAM_NULL 0x1

  73. 

  74. /* evp_digest_sign_algorithm_result_t is the return value of the

  75.  * digest_sign_algorithm function in EVP_PKEY_ASN1_METHOD. */

  76. typedef enum {

  77.   /* EVP_DIGEST_SIGN_ALGORITHM_ERROR signals an error. */

  78.   EVP_DIGEST_SIGN_ALGORITHM_ERROR = 0,

  79.   /* EVP_DIGEST_SIGN_ALGORITHM_SUCCESS signals that the parameters were

  80.    * serialized in the AlgorithmIdentifier. */

  81.   EVP_DIGEST_SIGN_ALGORITHM_SUCCESS = 1,

  82.   /* EVP_DIGEST_SIGN_ALGORITHM_DEFAULT signals that the parameters are

  83.    * serialized using the default behavior. */

  84.   EVP_DIGEST_SIGN_ALGORITHM_DEFAULT = 2,

  85. } evp_digest_sign_algorithm_result_t;

  86. 

  87. struct evp_pkey_asn1_method_st {

  88.   int pkey_id;

  89.   int pkey_base_id;

  90.   unsigned long pkey_flags;

  91. 

  92.   const char *pem_str;

  93. 

  94.   int (*pub_decode)(EVP_PKEY *pk, X509_PUBKEY *pub);

  95.   int (*pub_encode)(X509_PUBKEY *pub, const EVP_PKEY *pk);

  96.   int (*pub_cmp)(const EVP_PKEY *a, const EVP_PKEY *b);

  97.   int (*pub_print)(BIO *out, const EVP_PKEY *pkey, int indent, ASN1_PCTX *pctx);

  98. 

  99.   int (*priv_decode)(EVP_PKEY *pk, PKCS8_PRIV_KEY_INFO *p8inf);

  100.   int (*priv_encode)(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pk);

  101.   int (*priv_print)(BIO *out, const EVP_PKEY *pkey, int indent,

  102.                     ASN1_PCTX *pctx);

  103. 

  104.   /* pkey_opaque returns 1 if the |pk| is opaque. Opaque keys are backed by

  105.    * custom implementations which do not expose key material and parameters.*/

  106.   int (*pkey_opaque)(const EVP_PKEY *pk);

  107. 

  108.   /* pkey_supports_digest returns one if |pkey| supports digests of

  109.    * type |md|. This is intended for use with EVP_PKEYs backing custom

  110.    * implementations which can't sign all digests. If null, it is

  111.    * assumed that all digests are supported. */

  112.   int (*pkey_supports_digest)(const EVP_PKEY *pkey, const EVP_MD *md);

  113. 

  114.   int (*pkey_size)(const EVP_PKEY *pk);

  115.   int (*pkey_bits)(const EVP_PKEY *pk);

  116. 

  117.   int (*param_decode)(EVP_PKEY *pkey, const uint8_t **pder, int derlen);

  118.   int (*param_encode)(const EVP_PKEY *pkey, uint8_t **pder);

  119.   int (*param_missing)(const EVP_PKEY *pk);

  120.   int (*param_copy)(EVP_PKEY *to, const EVP_PKEY *from);

  121.   int (*param_cmp)(const EVP_PKEY *a, const EVP_PKEY *b);

  122.   int (*param_print)(BIO *out, const EVP_PKEY *pkey, int indent,

  123.                      ASN1_PCTX *pctx);

  124.   int (*sig_print)(BIO *out, const X509_ALGOR *sigalg, const ASN1_STRING *sig,

  125.                    int indent, ASN1_PCTX *pctx);

  126. 

  127. 

  128.   void (*pkey_free)(EVP_PKEY *pkey);

  129. 

  130.   /* Legacy functions for old PEM */

  131. 

  132.   int (*old_priv_decode)(EVP_PKEY *pkey, const uint8_t **pder,

  133.                          int derlen);

  134.   int (*old_priv_encode)(const EVP_PKEY *pkey, uint8_t **pder);

  135. 

  136.   /* Converting parameters to/from AlgorithmIdentifier (X509_ALGOR). */

  137.   int (*digest_verify_init_from_algorithm)(EVP_MD_CTX *ctx,

  138.                                            X509_ALGOR *algor,

  139.                                            EVP_PKEY *pkey);

  140.   evp_digest_sign_algorithm_result_t (*digest_sign_algorithm)(

  141.       EVP_MD_CTX *ctx,

  142.       X509_ALGOR *algor);

  143. 

  144. } /* EVP_PKEY_ASN1_METHOD */;

  145. 

  146. 

  147. typedef int EVP_PKEY_gen_cb(EVP_PKEY_CTX *ctx);

  148. 

  149. #define EVP_PKEY_OP_UNDEFINED 0

  150. #define EVP_PKEY_OP_PARAMGEN (1 << 1)

  151. #define EVP_PKEY_OP_KEYGEN (1 << 2)

  152. #define EVP_PKEY_OP_SIGN (1 << 3)

  153. #define EVP_PKEY_OP_VERIFY (1 << 4)

  154. #define EVP_PKEY_OP_VERIFYRECOVER (1 << 5)

  155. #define EVP_PKEY_OP_ENCRYPT (1 << 6)

  156. #define EVP_PKEY_OP_DECRYPT (1 << 7)

  157. #define EVP_PKEY_OP_DERIVE (1 << 8)

  158. 

  159. #define EVP_PKEY_OP_TYPE_SIG                                           \

  160.   (EVP_PKEY_OP_SIGN | EVP_PKEY_OP_VERIFY | EVP_PKEY_OP_VERIFYRECOVER)

  161. 

  162. #define EVP_PKEY_OP_TYPE_CRYPT (EVP_PKEY_OP_ENCRYPT | EVP_PKEY_OP_DECRYPT)

  163. 

  164. #define EVP_PKEY_OP_TYPE_NOGEN \

  165.   (EVP_PKEY_OP_SIG | EVP_PKEY_OP_CRYPT | EVP_PKEY_OP_DERIVE)

  166. 

  167. #define EVP_PKEY_OP_TYPE_GEN (EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN)

  168. 

  169. /* EVP_PKEY_CTX_ctrl performs |cmd| on |ctx|. The |keytype| and |optype|

  170.  * arguments can be -1 to specify that any type and operation are acceptable,

  171.  * otherwise |keytype| must match the type of |ctx| and the bits of |optype|

  172.  * must intersect the operation flags set on |ctx|.

  173.  *

  174.  * The |p1| and |p2| arguments depend on the value of |cmd|.

  175.  *

  176.  * It returns one on success and zero on error. */

  177. OPENSSL_EXPORT int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype,

  178.                                      int cmd, int p1, void *p2);

  179. 

  180. #define EVP_PKEY_CTRL_MD 1

  181. #define EVP_PKEY_CTRL_GET_MD 2

  182. 

  183. /* EVP_PKEY_CTRL_PEER_KEY is called with different values of |p1|:

  184.  *   0: Is called from |EVP_PKEY_derive_set_peer| and |p2| contains a peer key.

  185.  *      If the return value is <= 0, the key is rejected.

  186.  *   1: Is called at the end of |EVP_PKEY_derive_set_peer| and |p2| contains a

  187.  *      peer key. If the return value is <= 0, the key is rejected.

  188.  *   2: Is called with |p2| == NULL to test whether the peer's key was used.

  189.  *      (EC)DH always return one in this case.

  190.  *   3: Is called with |p2| == NULL to set whether the peer's key was used.

  191.  *      (EC)DH always return one in this case. This was only used for GOST. */

  192. #define EVP_PKEY_CTRL_PEER_KEY 3

  193. 

  194. /* EVP_PKEY_ALG_CTRL is the base value from which key-type specific ctrl

  195.  * commands are numbered. */

  196. #define EVP_PKEY_ALG_CTRL 0x1000

  197. 

  198. #define EVP_PKEY_CTRL_RSA_PADDING (EVP_PKEY_ALG_CTRL + 1)

  199. #define EVP_PKEY_CTRL_GET_RSA_PADDING (EVP_PKEY_ALG_CTRL + 2)

  200. #define EVP_PKEY_CTRL_RSA_PSS_SALTLEN (EVP_PKEY_ALG_CTRL + 3)

  201. #define EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN (EVP_PKEY_ALG_CTRL + 4)

  202. #define EVP_PKEY_CTRL_RSA_KEYGEN_BITS (EVP_PKEY_ALG_CTRL + 5)

  203. #define EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP	(EVP_PKEY_ALG_CTRL + 6)

  204. #define EVP_PKEY_CTRL_RSA_OAEP_MD (EVP_PKEY_ALG_CTRL + 7)

  205. #define EVP_PKEY_CTRL_GET_RSA_OAEP_MD (EVP_PKEY_ALG_CTRL + 8)

  206. #define EVP_PKEY_CTRL_RSA_MGF1_MD (EVP_PKEY_ALG_CTRL + 9)

  207. #define EVP_PKEY_CTRL_GET_RSA_MGF1_MD (EVP_PKEY_ALG_CTRL + 10)

  208. #define EVP_PKEY_CTRL_RSA_OAEP_LABEL (EVP_PKEY_ALG_CTRL + 11)

  209. #define EVP_PKEY_CTRL_GET_RSA_OAEP_LABEL (EVP_PKEY_ALG_CTRL + 12)

  210. 

  211. #define EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID (EVP_PKEY_ALG_CTRL + 1)

  212. 

  213. struct evp_pkey_ctx_st {

  214.   /* Method associated with this operation */

  215.   const EVP_PKEY_METHOD *pmeth;

  216.   /* Engine that implements this method or NULL if builtin */

  217.   ENGINE *engine;

  218.   /* Key: may be NULL */

  219.   EVP_PKEY *pkey;

  220.   /* Peer key for key agreement, may be NULL */

  221.   EVP_PKEY *peerkey;

  222.   /* operation contains one of the |EVP_PKEY_OP_*| values. */

  223.   int operation;

  224.   /* Algorithm specific data */

  225.   void *data;

  226.   /* Application specific data */

  227.   void *app_data;

  228. } /* EVP_PKEY_CTX */;

  229. 

  230. struct evp_pkey_method_st {

  231.   int pkey_id;

  232.   int flags;

  233. 

  234.   int (*init)(EVP_PKEY_CTX *ctx);

  235.   int (*copy)(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src);

  236.   void (*cleanup)(EVP_PKEY_CTX *ctx);

  237. 

  238.   int (*paramgen_init)(EVP_PKEY_CTX *ctx);

  239.   int (*paramgen)(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey);

  240. 

  241.   int (*keygen_init)(EVP_PKEY_CTX *ctx);

  242.   int (*keygen)(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey);

  243. 

  244.   int (*sign_init)(EVP_PKEY_CTX *ctx);

  245.   int (*sign)(EVP_PKEY_CTX *ctx, uint8_t *sig, size_t *siglen,

  246.               const uint8_t *tbs, size_t tbslen);

  247. 

  248.   int (*verify_init)(EVP_PKEY_CTX *ctx);

  249.   int (*verify)(EVP_PKEY_CTX *ctx, const uint8_t *sig, size_t siglen,

  250.                 const uint8_t *tbs, size_t tbslen);

  251. 

  252.   int (*verify_recover_init)(EVP_PKEY_CTX *ctx);

  253.   int (*verify_recover)(EVP_PKEY_CTX *ctx, uint8_t *out, size_t *out_len,

  254.                         const uint8_t *sig, size_t sig_len);

  255. 

  256.   int (*encrypt_init)(EVP_PKEY_CTX *ctx);

  257.   int (*encrypt)(EVP_PKEY_CTX *ctx, uint8_t *out, size_t *outlen,

  258.                  const uint8_t *in, size_t inlen);

  259. 

  260.   int (*decrypt_init)(EVP_PKEY_CTX *ctx);

  261.   int (*decrypt)(EVP_PKEY_CTX *ctx, uint8_t *out, size_t *outlen,

  262.                  const uint8_t *in, size_t inlen);

  263. 

  264.   int (*derive_init)(EVP_PKEY_CTX *ctx);

  265.   int (*derive)(EVP_PKEY_CTX *ctx, uint8_t *key, size_t *keylen);

  266. 

  267.   int (*ctrl)(EVP_PKEY_CTX *ctx, int type, int p1, void *p2);

  268. } /* EVP_PKEY_METHOD */;

  269. 

  270. extern const EVP_PKEY_ASN1_METHOD dsa_asn1_meth;

  271. extern const EVP_PKEY_ASN1_METHOD ec_asn1_meth;

  272. extern const EVP_PKEY_ASN1_METHOD rsa_asn1_meth;

  273. 

  274. extern const EVP_PKEY_METHOD rsa_pkey_meth;

  275. extern const EVP_PKEY_METHOD ec_pkey_meth;

  276. 

  277. 

  278. #if defined(__cplusplus)

  279. }  /* extern C */

  280. #endif

  281. 

  282. #endif  /* OPENSSL_HEADER_EVP_INTERNAL_H */