1 /* Copyright (C) 1995-1998 Eric Young ([email protected]) 2 * All rights reserved. 3 * 4 * This package is an SSL implementation written 5 * by Eric Young ([email protected]). 6 * The implementation was written so as to conform with Netscapes SSL. 7 * 8 * This library is free for commercial and non-commercial use as long as 9 * the following conditions are aheared to. The following conditions 10 * apply to all code found in this distribution, be it the RC4, RSA, 11 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * included with this distribution is covered by the same copyright terms 13 * except that the holder is Tim Hudson ([email protected]). 14 * 15 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * the code are not to be removed. 17 * If this package is used in a product, Eric Young should be given attribution 18 * as the author of the parts of the library used. 19 * This can be in the form of a textual message at program startup or 20 * in documentation (online or textual) provided with the package. 21 * 22 * Redistribution and use in source and binary forms, with or without 23 * modification, are permitted provided that the following conditions 24 * are met: 25 * 1. Redistributions of source code must retain the copyright 26 * notice, this list of conditions and the following disclaimer. 27 * 2. Redistributions in binary form must reproduce the above copyright 28 * notice, this list of conditions and the following disclaimer in the 29 * documentation and/or other materials provided with the distribution. 30 * 3. All advertising materials mentioning features or use of this software 31 * must display the following acknowledgement: 32 * "This product includes cryptographic software written by 33 * Eric Young ([email protected])" 34 * The word 'cryptographic' can be left out if the rouines from the library 35 * being used are not cryptographic related :-). 36 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * the apps directory (application code) you must include an acknowledgement: 38 * "This product includes software written by Tim Hudson ([email protected])" 39 * 40 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 44 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 45 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 46 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 48 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * SUCH DAMAGE. 51 * 52 * The licence and distribution terms for any publically available version or 53 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * copied and put under another distribution licence 55 * [including the GNU Public Licence.] */ 56 57 #ifndef OPENSSL_HEADER_EVP_INTERNAL_H 58 #define OPENSSL_HEADER_EVP_INTERNAL_H 59 60 #include <openssl/base.h> 61 62 #include <openssl/rsa.h> 63 64 #if defined(__cplusplus) 65 extern "C" { 66 #endif 67 68 69 typedef struct evp_pkey_asn1_method_st EVP_PKEY_ASN1_METHOD; 70 typedef struct evp_pkey_method_st EVP_PKEY_METHOD; 71 72 struct evp_pkey_asn1_method_st { 73 int pkey_id; 74 uint8_t oid[9]; 75 uint8_t oid_len; 76 77 const EVP_PKEY_METHOD *pkey_method; 78 79 // pub_decode decodes |params| and |key| as a SubjectPublicKeyInfo 80 // and writes the result into |out|. It returns one on success and zero on 81 // error. |params| is the AlgorithmIdentifier after the OBJECT IDENTIFIER 82 // type field, and |key| is the contents of the subjectPublicKey with the 83 // leading padding byte checked and removed. Although X.509 uses BIT STRINGs 84 // to represent SubjectPublicKeyInfo, every key type defined encodes the key 85 // as a byte string with the same conversion to BIT STRING. 86 int (*pub_decode)(EVP_PKEY *out, CBS *params, CBS *key); 87 88 // pub_encode encodes |key| as a SubjectPublicKeyInfo and appends the result 89 // to |out|. It returns one on success and zero on error. 90 int (*pub_encode)(CBB *out, const EVP_PKEY *key); 91 92 int (*pub_cmp)(const EVP_PKEY *a, const EVP_PKEY *b); 93 94 // priv_decode decodes |params| and |key| as a PrivateKeyInfo and writes the 95 // result into |out|. It returns one on success and zero on error. |params| is 96 // the AlgorithmIdentifier after the OBJECT IDENTIFIER type field, and |key| 97 // is the contents of the OCTET STRING privateKey field. 98 int (*priv_decode)(EVP_PKEY *out, CBS *params, CBS *key); 99 100 // priv_encode encodes |key| as a PrivateKeyInfo and appends the result to 101 // |out|. It returns one on success and zero on error. 102 int (*priv_encode)(CBB *out, const EVP_PKEY *key); 103 104 int (*set_priv_raw)(EVP_PKEY *pkey, const uint8_t *in, size_t len); 105 int (*set_pub_raw)(EVP_PKEY *pkey, const uint8_t *in, size_t len); 106 int (*get_priv_raw)(const EVP_PKEY *pkey, uint8_t *out, size_t *out_len); 107 int (*get_pub_raw)(const EVP_PKEY *pkey, uint8_t *out, size_t *out_len); 108 109 // TODO(davidben): Can these be merged with the functions above? OpenSSL does 110 // not implement |EVP_PKEY_get_raw_public_key|, etc., for |EVP_PKEY_EC|, but 111 // the distinction seems unimportant. OpenSSL 3.0 has since renamed 112 // |EVP_PKEY_get1_tls_encodedpoint| to |EVP_PKEY_get1_encoded_public_key|, and 113 // what is the difference between "raw" and an "encoded" public key. 114 // 115 // One nuisance is the notion of "raw" is slightly ambiguous for EC keys. Is 116 // it a DER ECPrivateKey or just the scalar? 117 int (*set1_tls_encodedpoint)(EVP_PKEY *pkey, const uint8_t *in, size_t len); 118 size_t (*get1_tls_encodedpoint)(const EVP_PKEY *pkey, uint8_t **out_ptr); 119 120 // pkey_opaque returns 1 if the |pk| is opaque. Opaque keys are backed by 121 // custom implementations which do not expose key material and parameters. 122 int (*pkey_opaque)(const EVP_PKEY *pk); 123 124 int (*pkey_size)(const EVP_PKEY *pk); 125 int (*pkey_bits)(const EVP_PKEY *pk); 126 127 int (*param_missing)(const EVP_PKEY *pk); 128 int (*param_copy)(EVP_PKEY *to, const EVP_PKEY *from); 129 int (*param_cmp)(const EVP_PKEY *a, const EVP_PKEY *b); 130 131 void (*pkey_free)(EVP_PKEY *pkey); 132 } /* EVP_PKEY_ASN1_METHOD */; 133 134 struct evp_pkey_st { 135 CRYPTO_refcount_t references; 136 137 // type contains one of the EVP_PKEY_* values or NID_undef and determines 138 // the type of |pkey|. 139 int type; 140 141 // pkey contains a pointer to a structure dependent on |type|. 142 void *pkey; 143 144 // ameth contains a pointer to a method table that contains many ASN.1 145 // methods for the key type. 146 const EVP_PKEY_ASN1_METHOD *ameth; 147 } /* EVP_PKEY */; 148 149 #define EVP_PKEY_OP_UNDEFINED 0 150 #define EVP_PKEY_OP_KEYGEN (1 << 2) 151 #define EVP_PKEY_OP_SIGN (1 << 3) 152 #define EVP_PKEY_OP_VERIFY (1 << 4) 153 #define EVP_PKEY_OP_VERIFYRECOVER (1 << 5) 154 #define EVP_PKEY_OP_ENCRYPT (1 << 6) 155 #define EVP_PKEY_OP_DECRYPT (1 << 7) 156 #define EVP_PKEY_OP_DERIVE (1 << 8) 157 #define EVP_PKEY_OP_PARAMGEN (1 << 9) 158 159 #define EVP_PKEY_OP_TYPE_SIG \ 160 (EVP_PKEY_OP_SIGN | EVP_PKEY_OP_VERIFY | EVP_PKEY_OP_VERIFYRECOVER) 161 162 #define EVP_PKEY_OP_TYPE_CRYPT (EVP_PKEY_OP_ENCRYPT | EVP_PKEY_OP_DECRYPT) 163 164 #define EVP_PKEY_OP_TYPE_NOGEN \ 165 (EVP_PKEY_OP_SIG | EVP_PKEY_OP_CRYPT | EVP_PKEY_OP_DERIVE) 166 167 #define EVP_PKEY_OP_TYPE_GEN (EVP_PKEY_OP_KEYGEN | EVP_PKEY_OP_PARAMGEN) 168 169 // EVP_PKEY_CTX_ctrl performs |cmd| on |ctx|. The |keytype| and |optype| 170 // arguments can be -1 to specify that any type and operation are acceptable, 171 // otherwise |keytype| must match the type of |ctx| and the bits of |optype| 172 // must intersect the operation flags set on |ctx|. 173 // 174 // The |p1| and |p2| arguments depend on the value of |cmd|. 175 // 176 // It returns one on success and zero on error. 177 OPENSSL_EXPORT int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype, 178 int cmd, int p1, void *p2); 179 180 #define EVP_PKEY_CTRL_MD 1 181 #define EVP_PKEY_CTRL_GET_MD 2 182 183 // EVP_PKEY_CTRL_PEER_KEY is called with different values of |p1|: 184 // 0: Is called from |EVP_PKEY_derive_set_peer| and |p2| contains a peer key. 185 // If the return value is <= 0, the key is rejected. 186 // 1: Is called at the end of |EVP_PKEY_derive_set_peer| and |p2| contains a 187 // peer key. If the return value is <= 0, the key is rejected. 188 // 2: Is called with |p2| == NULL to test whether the peer's key was used. 189 // (EC)DH always return one in this case. 190 // 3: Is called with |p2| == NULL to set whether the peer's key was used. 191 // (EC)DH always return one in this case. This was only used for GOST. 192 #define EVP_PKEY_CTRL_PEER_KEY 3 193 194 // EVP_PKEY_ALG_CTRL is the base value from which key-type specific ctrl 195 // commands are numbered. 196 #define EVP_PKEY_ALG_CTRL 0x1000 197 198 #define EVP_PKEY_CTRL_RSA_PADDING (EVP_PKEY_ALG_CTRL + 1) 199 #define EVP_PKEY_CTRL_GET_RSA_PADDING (EVP_PKEY_ALG_CTRL + 2) 200 #define EVP_PKEY_CTRL_RSA_PSS_SALTLEN (EVP_PKEY_ALG_CTRL + 3) 201 #define EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN (EVP_PKEY_ALG_CTRL + 4) 202 #define EVP_PKEY_CTRL_RSA_KEYGEN_BITS (EVP_PKEY_ALG_CTRL + 5) 203 #define EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP (EVP_PKEY_ALG_CTRL + 6) 204 #define EVP_PKEY_CTRL_RSA_OAEP_MD (EVP_PKEY_ALG_CTRL + 7) 205 #define EVP_PKEY_CTRL_GET_RSA_OAEP_MD (EVP_PKEY_ALG_CTRL + 8) 206 #define EVP_PKEY_CTRL_RSA_MGF1_MD (EVP_PKEY_ALG_CTRL + 9) 207 #define EVP_PKEY_CTRL_GET_RSA_MGF1_MD (EVP_PKEY_ALG_CTRL + 10) 208 #define EVP_PKEY_CTRL_RSA_OAEP_LABEL (EVP_PKEY_ALG_CTRL + 11) 209 #define EVP_PKEY_CTRL_GET_RSA_OAEP_LABEL (EVP_PKEY_ALG_CTRL + 12) 210 #define EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID (EVP_PKEY_ALG_CTRL + 13) 211 #define EVP_PKEY_CTRL_HKDF_MODE (EVP_PKEY_ALG_CTRL + 14) 212 #define EVP_PKEY_CTRL_HKDF_MD (EVP_PKEY_ALG_CTRL + 15) 213 #define EVP_PKEY_CTRL_HKDF_KEY (EVP_PKEY_ALG_CTRL + 16) 214 #define EVP_PKEY_CTRL_HKDF_SALT (EVP_PKEY_ALG_CTRL + 17) 215 #define EVP_PKEY_CTRL_HKDF_INFO (EVP_PKEY_ALG_CTRL + 18) 216 #define EVP_PKEY_CTRL_DH_PAD (EVP_PKEY_ALG_CTRL + 19) 217 218 struct evp_pkey_ctx_st { 219 // Method associated with this operation 220 const EVP_PKEY_METHOD *pmeth; 221 // Engine that implements this method or NULL if builtin 222 ENGINE *engine; 223 // Key: may be NULL 224 EVP_PKEY *pkey; 225 // Peer key for key agreement, may be NULL 226 EVP_PKEY *peerkey; 227 // operation contains one of the |EVP_PKEY_OP_*| values. 228 int operation; 229 // Algorithm specific data 230 void *data; 231 } /* EVP_PKEY_CTX */; 232 233 struct evp_pkey_method_st { 234 int pkey_id; 235 236 int (*init)(EVP_PKEY_CTX *ctx); 237 int (*copy)(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src); 238 void (*cleanup)(EVP_PKEY_CTX *ctx); 239 240 int (*keygen)(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey); 241 242 int (*sign)(EVP_PKEY_CTX *ctx, uint8_t *sig, size_t *siglen, 243 const uint8_t *tbs, size_t tbslen); 244 245 int (*sign_message)(EVP_PKEY_CTX *ctx, uint8_t *sig, size_t *siglen, 246 const uint8_t *tbs, size_t tbslen); 247 248 int (*verify)(EVP_PKEY_CTX *ctx, const uint8_t *sig, size_t siglen, 249 const uint8_t *tbs, size_t tbslen); 250 251 int (*verify_message)(EVP_PKEY_CTX *ctx, const uint8_t *sig, size_t siglen, 252 const uint8_t *tbs, size_t tbslen); 253 254 int (*verify_recover)(EVP_PKEY_CTX *ctx, uint8_t *out, size_t *out_len, 255 const uint8_t *sig, size_t sig_len); 256 257 int (*encrypt)(EVP_PKEY_CTX *ctx, uint8_t *out, size_t *outlen, 258 const uint8_t *in, size_t inlen); 259 260 int (*decrypt)(EVP_PKEY_CTX *ctx, uint8_t *out, size_t *outlen, 261 const uint8_t *in, size_t inlen); 262 263 int (*derive)(EVP_PKEY_CTX *ctx, uint8_t *key, size_t *keylen); 264 265 int (*paramgen)(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey); 266 267 int (*ctrl)(EVP_PKEY_CTX *ctx, int type, int p1, void *p2); 268 } /* EVP_PKEY_METHOD */; 269 270 typedef struct { 271 // key is the concatenation of the private seed and public key. It is stored 272 // as a single 64-bit array to allow passing to |ED25519_sign|. If 273 // |has_private| is false, the first 32 bytes are uninitialized and the public 274 // key is in the last 32 bytes. 275 uint8_t key[64]; 276 char has_private; 277 } ED25519_KEY; 278 279 #define ED25519_PUBLIC_KEY_OFFSET 32 280 281 typedef struct { 282 uint8_t pub[32]; 283 uint8_t priv[32]; 284 char has_private; 285 } X25519_KEY; 286 287 extern const EVP_PKEY_ASN1_METHOD dsa_asn1_meth; 288 extern const EVP_PKEY_ASN1_METHOD ec_asn1_meth; 289 extern const EVP_PKEY_ASN1_METHOD rsa_asn1_meth; 290 extern const EVP_PKEY_ASN1_METHOD ed25519_asn1_meth; 291 extern const EVP_PKEY_ASN1_METHOD x25519_asn1_meth; 292 extern const EVP_PKEY_ASN1_METHOD dh_asn1_meth; 293 294 extern const EVP_PKEY_METHOD rsa_pkey_meth; 295 extern const EVP_PKEY_METHOD ec_pkey_meth; 296 extern const EVP_PKEY_METHOD ed25519_pkey_meth; 297 extern const EVP_PKEY_METHOD x25519_pkey_meth; 298 extern const EVP_PKEY_METHOD hkdf_pkey_meth; 299 extern const EVP_PKEY_METHOD dh_pkey_meth; 300 301 // evp_pkey_set_method behaves like |EVP_PKEY_set_type|, but takes a pointer to 302 // a method table. This avoids depending on every |EVP_PKEY_ASN1_METHOD|. 303 void evp_pkey_set_method(EVP_PKEY *pkey, const EVP_PKEY_ASN1_METHOD *method); 304 305 306 #if defined(__cplusplus) 307 } // extern C 308 #endif 309 310 #endif // OPENSSL_HEADER_EVP_INTERNAL_H 311