2
* Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan
3
* (Royal Institute of Technology, Stockholm, Sweden).
6
* Redistribution and use in source and binary forms, with or without
7
* modification, are permitted provided that the following conditions
10
* 1. Redistributions of source code must retain the above copyright
11
* notice, this list of conditions and the following disclaimer.
13
* 2. Redistributions in binary form must reproduce the above copyright
14
* notice, this list of conditions and the following disclaimer in the
15
* documentation and/or other materials provided with the distribution.
17
* 3. Neither the name of the Institute nor the names of its contributors
18
* may be used to endorse or promote products derived from this software
19
* without specific prior written permission.
21
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
41
#define HC_DEPRECATED_CRYPTO
43
#include <sys/types.h>
51
#include <krb5-types.h>
63
* @page page_evp EVP - generic crypto interface
65
* See the library functions here: @ref hcrypto_evp
67
* @section evp_cipher EVP Cipher
69
* The use of EVP_CipherInit_ex() and EVP_Cipher() is pretty easy to
70
* understand forward, then EVP_CipherUpdate() and
71
* EVP_CipherFinal_ex() really needs an example to explain @ref
72
* example_evp_cipher.c .
74
* @example example_evp_cipher.c
76
* This is an example how to use EVP_CipherInit_ex(),
77
* EVP_CipherUpdate() and EVP_CipherFinal_ex().
80
struct hc_EVP_MD_CTX {
88
* Return the output size of the message digest function.
90
* @param md the evp message
92
* @return size output size of the message digest function.
94
* @ingroup hcrypto_evp
98
EVP_MD_size(const EVP_MD *md)
100
return md->hash_size;
104
* Return the blocksize of the message digest function.
106
* @param md the evp message
108
* @return size size of the message digest block size
110
* @ingroup hcrypto_evp
114
EVP_MD_block_size(const EVP_MD *md)
116
return md->block_size;
120
* Allocate a messsage digest context object. Free with
121
* EVP_MD_CTX_destroy().
123
* @return a newly allocated message digest context object.
125
* @ingroup hcrypto_evp
129
EVP_MD_CTX_create(void)
131
return calloc(1, sizeof(EVP_MD_CTX));
135
* Initiate a messsage digest context object. Deallocate with
136
* EVP_MD_CTX_cleanup(). Please use EVP_MD_CTX_create() instead.
138
* @param ctx variable to initiate.
140
* @ingroup hcrypto_evp
144
EVP_MD_CTX_init(EVP_MD_CTX *ctx)
146
memset(ctx, 0, sizeof(*ctx));
150
* Free a messsage digest context object.
152
* @param ctx context to free.
154
* @ingroup hcrypto_evp
158
EVP_MD_CTX_destroy(EVP_MD_CTX *ctx)
160
EVP_MD_CTX_cleanup(ctx);
165
* Free the resources used by the EVP_MD context.
167
* @param ctx the context to free the resources from.
169
* @return 1 on success.
171
* @ingroup hcrypto_evp
175
EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
177
if (ctx->md && ctx->md->cleanup)
178
(ctx->md->cleanup)(ctx);
182
memset(ctx, 0, sizeof(*ctx));
187
* Get the EVP_MD use for a specified context.
189
* @param ctx the EVP_MD context to get the EVP_MD for.
191
* @return the EVP_MD used for the context.
193
* @ingroup hcrypto_evp
197
EVP_MD_CTX_md(EVP_MD_CTX *ctx)
203
* Return the output size of the message digest function.
205
* @param ctx the evp message digest context
207
* @return size output size of the message digest function.
209
* @ingroup hcrypto_evp
213
EVP_MD_CTX_size(EVP_MD_CTX *ctx)
215
return EVP_MD_size(ctx->md);
219
* Return the blocksize of the message digest function.
221
* @param ctx the evp message digest context
223
* @return size size of the message digest block size
225
* @ingroup hcrypto_evp
229
EVP_MD_CTX_block_size(EVP_MD_CTX *ctx)
231
return EVP_MD_block_size(ctx->md);
235
* Init a EVP_MD_CTX for use a specific message digest and engine.
237
* @param ctx the message digest context to init.
238
* @param md the message digest to use.
239
* @param engine the engine to use, NULL to use the default engine.
241
* @return 1 on success.
243
* @ingroup hcrypto_evp
247
EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *md, ENGINE *engine)
249
if (ctx->md != md || ctx->engine != engine) {
250
EVP_MD_CTX_cleanup(ctx);
252
ctx->engine = engine;
254
ctx->ptr = calloc(1, md->ctx_size);
255
if (ctx->ptr == NULL)
258
(ctx->md->init)(ctx->ptr);
263
* Update the digest with some data.
265
* @param ctx the context to update
266
* @param data the data to update the context with
267
* @param size length of data
269
* @return 1 on success.
271
* @ingroup hcrypto_evp
275
EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t size)
277
(ctx->md->update)(ctx->ptr, data, size);
282
* Complete the message digest.
284
* @param ctx the context to complete.
285
* @param hash the output of the message digest function. At least
287
* @param size the output size of hash.
289
* @return 1 on success.
291
* @ingroup hcrypto_evp
295
EVP_DigestFinal_ex(EVP_MD_CTX *ctx, void *hash, unsigned int *size)
297
(ctx->md->final)(hash, ctx->ptr);
299
*size = ctx->md->hash_size;
304
* Do the whole EVP_MD_CTX_create(), EVP_DigestInit_ex(),
305
* EVP_DigestUpdate(), EVP_DigestFinal_ex(), EVP_MD_CTX_destroy()
308
* @param data the data to update the context with
309
* @param dsize length of data
310
* @param hash output data of at least EVP_MD_size() length.
311
* @param hsize output length of hash.
312
* @param md message digest to use
313
* @param engine engine to use, NULL for default engine.
315
* @return 1 on success.
317
* @ingroup hcrypto_evp
321
EVP_Digest(const void *data, size_t dsize, void *hash, unsigned int *hsize,
322
const EVP_MD *md, ENGINE *engine)
327
ctx = EVP_MD_CTX_create();
330
ret = EVP_DigestInit_ex(ctx, md, engine);
332
EVP_MD_CTX_destroy(ctx);
335
ret = EVP_DigestUpdate(ctx, data, dsize);
337
EVP_MD_CTX_destroy(ctx);
340
ret = EVP_DigestFinal_ex(ctx, hash, hsize);
341
EVP_MD_CTX_destroy(ctx);
346
* The message digest SHA256
348
* @return the message digest type.
350
* @ingroup hcrypto_evp
356
static const struct hc_evp_md sha256 = {
360
(hc_evp_md_init)SHA256_Init,
361
(hc_evp_md_update)SHA256_Update,
362
(hc_evp_md_final)SHA256_Final,
368
static const struct hc_evp_md sha1 = {
372
(hc_evp_md_init)SHA1_Init,
373
(hc_evp_md_update)SHA1_Update,
374
(hc_evp_md_final)SHA1_Final,
379
* The message digest SHA1
381
* @return the message digest type.
383
* @ingroup hcrypto_evp
393
* The message digest SHA1
395
* @return the message digest type.
397
* @ingroup hcrypto_evp
407
* The message digest MD5
409
* @return the message digest type.
411
* @ingroup hcrypto_evp
417
static const struct hc_evp_md md5 = {
421
(hc_evp_md_init)MD5_Init,
422
(hc_evp_md_update)MD5_Update,
423
(hc_evp_md_final)MD5_Final,
430
* The message digest MD4
432
* @return the message digest type.
434
* @ingroup hcrypto_evp
440
static const struct hc_evp_md md4 = {
444
(hc_evp_md_init)MD4_Init,
445
(hc_evp_md_update)MD4_Update,
446
(hc_evp_md_final)MD4_Final,
453
* The message digest MD2
455
* @return the message digest type.
457
* @ingroup hcrypto_evp
463
static const struct hc_evp_md md2 = {
467
(hc_evp_md_init)MD2_Init,
468
(hc_evp_md_update)MD2_Update,
469
(hc_evp_md_final)MD2_Final,
484
null_Update (void *m, const void * data, size_t size)
488
null_Final(void *res, void *m)
493
* The null message digest
495
* @return the message digest type.
497
* @ingroup hcrypto_evp
503
static const struct hc_evp_md null = {
507
(hc_evp_md_init)null_Init,
508
(hc_evp_md_update)null_Update,
509
(hc_evp_md_final)null_Final,
516
int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type);
517
int EVP_DigestFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s);
518
int EVP_SignFinal(EVP_MD_CTX *, void *, size_t *, EVP_PKEY *);
519
int EVP_VerifyFinal(EVP_MD_CTX *, const void *, size_t, EVP_PKEY *);
523
* Return the block size of the cipher.
525
* @param c cipher to get the block size from.
527
* @return the block size of the cipher.
529
* @ingroup hcrypto_evp
533
EVP_CIPHER_block_size(const EVP_CIPHER *c)
535
return c->block_size;
539
* Return the key size of the cipher.
541
* @param c cipher to get the key size from.
543
* @return the key size of the cipher.
545
* @ingroup hcrypto_evp
549
EVP_CIPHER_key_length(const EVP_CIPHER *c)
555
* Return the IV size of the cipher.
557
* @param c cipher to get the IV size from.
559
* @return the IV size of the cipher.
561
* @ingroup hcrypto_evp
565
EVP_CIPHER_iv_length(const EVP_CIPHER *c)
571
* Initiate a EVP_CIPHER_CTX context. Clean up with
572
* EVP_CIPHER_CTX_cleanup().
574
* @param c the cipher initiate.
576
* @ingroup hcrypto_evp
580
EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *c)
582
memset(c, 0, sizeof(*c));
586
* Clean up the EVP_CIPHER_CTX context.
588
* @param c the cipher to clean up.
590
* @return 1 on success.
592
* @ingroup hcrypto_evp
596
EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c)
598
if (c->cipher && c->cipher->cleanup)
599
c->cipher->cleanup(c);
600
if (c->cipher_data) {
601
free(c->cipher_data);
602
c->cipher_data = NULL;
609
EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, int length)
615
EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *c, int pad)
622
* Return the EVP_CIPHER for a EVP_CIPHER_CTX context.
624
* @param ctx the context to get the cipher type from.
626
* @return the EVP_CIPHER pointer.
628
* @ingroup hcrypto_evp
632
EVP_CIPHER_CTX_cipher(EVP_CIPHER_CTX *ctx)
638
* Return the block size of the cipher context.
640
* @param ctx cipher context to get the block size from.
642
* @return the block size of the cipher context.
644
* @ingroup hcrypto_evp
648
EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx)
650
return EVP_CIPHER_block_size(ctx->cipher);
654
* Return the key size of the cipher context.
656
* @param ctx cipher context to get the key size from.
658
* @return the key size of the cipher context.
660
* @ingroup hcrypto_evp
664
EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx)
666
return EVP_CIPHER_key_length(ctx->cipher);
670
* Return the IV size of the cipher context.
672
* @param ctx cipher context to get the IV size from.
674
* @return the IV size of the cipher context.
676
* @ingroup hcrypto_evp
680
EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx)
682
return EVP_CIPHER_iv_length(ctx->cipher);
686
* Get the flags for an EVP_CIPHER_CTX context.
688
* @param ctx the EVP_CIPHER_CTX to get the flags from
690
* @return the flags for an EVP_CIPHER_CTX.
692
* @ingroup hcrypto_evp
696
EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *ctx)
698
return ctx->cipher->flags;
702
* Get the mode for an EVP_CIPHER_CTX context.
704
* @param ctx the EVP_CIPHER_CTX to get the mode from
706
* @return the mode for an EVP_CIPHER_CTX.
708
* @ingroup hcrypto_evp
712
EVP_CIPHER_CTX_mode(const EVP_CIPHER_CTX *ctx)
714
return EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_MODE;
718
* Get the app data for an EVP_CIPHER_CTX context.
720
* @param ctx the EVP_CIPHER_CTX to get the app data from
722
* @return the app data for an EVP_CIPHER_CTX.
724
* @ingroup hcrypto_evp
728
EVP_CIPHER_CTX_get_app_data(EVP_CIPHER_CTX *ctx)
730
return ctx->app_data;
734
* Set the app data for an EVP_CIPHER_CTX context.
736
* @param ctx the EVP_CIPHER_CTX to set the app data for
737
* @param data the app data to set for an EVP_CIPHER_CTX.
739
* @ingroup hcrypto_evp
743
EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *ctx, void *data)
745
ctx->app_data = data;
749
* Initiate the EVP_CIPHER_CTX context to encrypt or decrypt data.
750
* Clean up with EVP_CIPHER_CTX_cleanup().
752
* @param ctx context to initiate
753
* @param c cipher to use.
754
* @param engine crypto engine to use, NULL to select default.
755
* @param key the crypto key to use, NULL will use the previous value.
756
* @param iv the IV to use, NULL will use the previous value.
757
* @param encp non zero will encrypt, -1 use the previous value.
759
* @return 1 on success.
761
* @ingroup hcrypto_evp
765
EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *c, ENGINE *engine,
766
const void *key, const void *iv, int encp)
773
ctx->encrypt = (encp ? 1 : 0);
775
if (c && (c != ctx->cipher)) {
776
EVP_CIPHER_CTX_cleanup(ctx);
778
ctx->key_len = c->key_len;
780
ctx->cipher_data = malloc(c->ctx_size);
781
if (ctx->cipher_data == NULL && c->ctx_size != 0)
784
/* assume block size is a multiple of 2 */
785
ctx->block_mask = EVP_CIPHER_block_size(c) - 1;
787
} else if (ctx->cipher == NULL) {
788
/* reuse of cipher, but not any cipher ever set! */
792
switch (EVP_CIPHER_CTX_flags(ctx)) {
793
case EVP_CIPH_CBC_MODE:
795
assert(EVP_CIPHER_CTX_iv_length(ctx) <= sizeof(ctx->iv));
798
memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx));
799
memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx));
805
if (key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT))
806
ctx->cipher->init(ctx, key, iv, encp);
812
* Encipher/decipher partial data
814
* @param ctx the cipher context.
815
* @param out output data from the operation.
816
* @param outlen output length
817
* @param in input data to the operation.
818
* @param inlen length of data.
820
* The output buffer length should at least be EVP_CIPHER_block_size()
821
* byte longer then the input length.
823
* See @ref evp_cipher for an example how to use this function.
825
* @return 1 on success.
827
* @ingroup hcrypto_evp
831
EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, void *out, int *outlen,
832
void *in, size_t inlen)
834
int ret, left, blocksize;
839
* If there in no spare bytes in the left from last Update and the
840
* input length is on the block boundery, the EVP_CipherUpdate()
841
* function can take a shortcut (and preformance gain) and
842
* directly encrypt the data, otherwise we hav to fix it up and
843
* store extra it the EVP_CIPHER_CTX.
845
if (ctx->buf_len == 0 && (inlen & ctx->block_mask) == 0) {
846
ret = (*ctx->cipher->do_cipher)(ctx, out, in, inlen);
855
blocksize = EVP_CIPHER_CTX_block_size(ctx);
856
left = blocksize - ctx->buf_len;
861
/* if total buffer is smaller then input, store locally */
863
memcpy(ctx->buf + ctx->buf_len, in, inlen);
864
ctx->buf_len += inlen;
868
/* fill in local buffer and encrypt */
869
memcpy(ctx->buf + ctx->buf_len, in, left);
870
ret = (*ctx->cipher->do_cipher)(ctx, out, ctx->buf, blocksize);
871
memset(ctx->buf, 0, blocksize);
875
*outlen += blocksize;
877
in = ((unsigned char *)in) + left;
878
out = ((unsigned char *)out) + blocksize;
883
ctx->buf_len = (inlen & ctx->block_mask);
884
inlen &= ~ctx->block_mask;
886
ret = (*ctx->cipher->do_cipher)(ctx, out, in, inlen);
892
in = ((unsigned char *)in) + inlen;
893
memcpy(ctx->buf, in, ctx->buf_len);
900
* Encipher/decipher final data
902
* @param ctx the cipher context.
903
* @param out output data from the operation.
904
* @param outlen output length
906
* The input length needs to be at least EVP_CIPHER_block_size() bytes
909
* See @ref evp_cipher for an example how to use this function.
911
* @return 1 on success.
913
* @ingroup hcrypto_evp
917
EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, void *out, int *outlen)
922
int ret, left, blocksize;
924
blocksize = EVP_CIPHER_CTX_block_size(ctx);
926
left = blocksize - ctx->buf_len;
929
/* zero fill local buffer */
930
memset(ctx->buf + ctx->buf_len, 0, left);
931
ret = (*ctx->cipher->do_cipher)(ctx, out, ctx->buf, blocksize);
932
memset(ctx->buf, 0, blocksize);
936
*outlen += blocksize;
943
* Encipher/decipher data
945
* @param ctx the cipher context.
946
* @param out out data from the operation.
947
* @param in in data to the operation.
948
* @param size length of data.
950
* @return 1 on success.
954
EVP_Cipher(EVP_CIPHER_CTX *ctx, void *out, const void *in,size_t size)
956
return ctx->cipher->do_cipher(ctx, out, in, size);
964
enc_null_init(EVP_CIPHER_CTX *ctx,
965
const unsigned char * key,
966
const unsigned char * iv,
973
enc_null_do_cipher(EVP_CIPHER_CTX *ctx,
975
const unsigned char *in,
978
memmove(out, in, size);
983
enc_null_cleanup(EVP_CIPHER_CTX *ctx)
989
* The NULL cipher type, does no encryption/decryption.
991
* @return the null EVP_CIPHER pointer.
993
* @ingroup hcrypto_evp
999
static const EVP_CIPHER enc_null = {
1022
unsigned int maximum_effective_key;
1027
rc2_init(EVP_CIPHER_CTX *ctx,
1028
const unsigned char * key,
1029
const unsigned char * iv,
1032
struct rc2_cbc *k = ctx->cipher_data;
1033
k->maximum_effective_key = EVP_CIPHER_CTX_key_length(ctx) * 8;
1034
RC2_set_key(&k->key,
1035
EVP_CIPHER_CTX_key_length(ctx),
1037
k->maximum_effective_key);
1042
rc2_do_cipher(EVP_CIPHER_CTX *ctx,
1044
const unsigned char *in,
1047
struct rc2_cbc *k = ctx->cipher_data;
1048
RC2_cbc_encrypt(in, out, size, &k->key, ctx->iv, ctx->encrypt);
1053
rc2_cleanup(EVP_CIPHER_CTX *ctx)
1055
memset(ctx->cipher_data, 0, sizeof(struct rc2_cbc));
1060
* The RC2 cipher type
1062
* @return the RC2 EVP_CIPHER pointer.
1064
* @ingroup hcrypto_evp
1070
static const EVP_CIPHER rc2_cbc = {
1079
sizeof(struct rc2_cbc),
1089
* The RC2-40 cipher type
1091
* @return the RC2-40 EVP_CIPHER pointer.
1093
* @ingroup hcrypto_evp
1097
EVP_rc2_40_cbc(void)
1099
static const EVP_CIPHER rc2_40_cbc = {
1108
sizeof(struct rc2_cbc),
1118
* The RC2-64 cipher type
1120
* @return the RC2-64 EVP_CIPHER pointer.
1122
* @ingroup hcrypto_evp
1126
EVP_rc2_64_cbc(void)
1128
static const EVP_CIPHER rc2_64_cbc = {
1137
sizeof(struct rc2_cbc),
1147
* The RC4 cipher type
1149
* @return the RC4 EVP_CIPHER pointer.
1151
* @ingroup hcrypto_evp
1157
printf("evp rc4\n");
1163
* The RC4-40 cipher type
1165
* @return the RC4-40 EVP_CIPHER pointer.
1167
* @ingroup hcrypto_evp
1173
printf("evp rc4_40\n");
1183
des_cbc_init(EVP_CIPHER_CTX *ctx,
1184
const unsigned char * key,
1185
const unsigned char * iv,
1188
DES_key_schedule *k = ctx->cipher_data;
1190
memcpy(&deskey, key, sizeof(deskey));
1191
DES_set_key_unchecked(&deskey, k);
1196
des_cbc_do_cipher(EVP_CIPHER_CTX *ctx,
1198
const unsigned char *in,
1201
DES_key_schedule *k = ctx->cipher_data;
1202
DES_cbc_encrypt(in, out, size,
1203
k, (DES_cblock *)ctx->iv, ctx->encrypt);
1208
des_cbc_cleanup(EVP_CIPHER_CTX *ctx)
1210
memset(ctx->cipher_data, 0, sizeof(struct DES_key_schedule));
1215
* The DES cipher type
1217
* @return the DES-CBC EVP_CIPHER pointer.
1219
* @ingroup hcrypto_evp
1225
static const EVP_CIPHER des_ede3_cbc = {
1234
sizeof(DES_key_schedule),
1240
return &des_ede3_cbc;
1247
struct des_ede3_cbc {
1248
DES_key_schedule ks[3];
1252
des_ede3_cbc_init(EVP_CIPHER_CTX *ctx,
1253
const unsigned char * key,
1254
const unsigned char * iv,
1257
struct des_ede3_cbc *k = ctx->cipher_data;
1260
memcpy(&deskey, key, sizeof(deskey));
1261
DES_set_odd_parity(&deskey);
1262
DES_set_key_unchecked(&deskey, &k->ks[0]);
1264
memcpy(&deskey, key + 8, sizeof(deskey));
1265
DES_set_odd_parity(&deskey);
1266
DES_set_key_unchecked(&deskey, &k->ks[1]);
1268
memcpy(&deskey, key + 16, sizeof(deskey));
1269
DES_set_odd_parity(&deskey);
1270
DES_set_key_unchecked(&deskey, &k->ks[2]);
1276
des_ede3_cbc_do_cipher(EVP_CIPHER_CTX *ctx,
1278
const unsigned char *in,
1281
struct des_ede3_cbc *k = ctx->cipher_data;
1282
DES_ede3_cbc_encrypt(in, out, size,
1283
&k->ks[0], &k->ks[1], &k->ks[2],
1284
(DES_cblock *)ctx->iv, ctx->encrypt);
1289
des_ede3_cbc_cleanup(EVP_CIPHER_CTX *ctx)
1291
memset(ctx->cipher_data, 0, sizeof(struct des_ede3_cbc));
1296
* The tripple DES cipher type
1298
* @return the DES-EDE3-CBC EVP_CIPHER pointer.
1300
* @ingroup hcrypto_evp
1304
EVP_des_ede3_cbc(void)
1306
static const EVP_CIPHER des_ede3_cbc = {
1313
des_ede3_cbc_do_cipher,
1314
des_ede3_cbc_cleanup,
1315
sizeof(struct des_ede3_cbc),
1321
return &des_ede3_cbc;
1325
* The AES-128 cipher type
1327
* @return the AES-128 EVP_CIPHER pointer.
1329
* @ingroup hcrypto_evp
1333
EVP_aes_128_cbc(void)
1335
return EVP_hcrypto_aes_128_cbc();
1339
* The AES-192 cipher type
1341
* @return the AES-192 EVP_CIPHER pointer.
1343
* @ingroup hcrypto_evp
1347
EVP_aes_192_cbc(void)
1349
return EVP_hcrypto_aes_192_cbc();
1353
* The AES-256 cipher type
1355
* @return the AES-256 EVP_CIPHER pointer.
1357
* @ingroup hcrypto_evp
1361
EVP_aes_256_cbc(void)
1363
return EVP_hcrypto_aes_256_cbc();
1367
camellia_init(EVP_CIPHER_CTX *ctx,
1368
const unsigned char * key,
1369
const unsigned char * iv,
1372
CAMELLIA_KEY *k = ctx->cipher_data;
1373
k->bits = ctx->cipher->key_len * 8;
1374
CAMELLIA_set_key(key, ctx->cipher->key_len * 8, k);
1379
camellia_do_cipher(EVP_CIPHER_CTX *ctx,
1381
const unsigned char *in,
1384
CAMELLIA_KEY *k = ctx->cipher_data;
1385
CAMELLIA_cbc_encrypt(in, out, size, k, ctx->iv, ctx->encrypt);
1390
camellia_cleanup(EVP_CIPHER_CTX *ctx)
1392
memset(ctx->cipher_data, 0, sizeof(CAMELLIA_KEY));
1397
* The Camellia-128 cipher type
1399
* @return the Camellia-128 EVP_CIPHER pointer.
1401
* @ingroup hcrypto_evp
1405
EVP_camellia_128_cbc(void)
1407
static const EVP_CIPHER cipher = {
1416
sizeof(CAMELLIA_KEY),
1426
* The Camellia-198 cipher type
1428
* @return the Camellia-198 EVP_CIPHER pointer.
1430
* @ingroup hcrypto_evp
1434
EVP_camellia_192_cbc(void)
1436
static const EVP_CIPHER cipher = {
1445
sizeof(CAMELLIA_KEY),
1455
* The Camellia-256 cipher type
1457
* @return the Camellia-256 EVP_CIPHER pointer.
1459
* @ingroup hcrypto_evp
1463
EVP_camellia_256_cbc(void)
1465
static const EVP_CIPHER cipher = {
1474
sizeof(CAMELLIA_KEY),
1487
static const struct cipher_name {
1489
const EVP_CIPHER *(*func)(void);
1491
{ "des-ede3-cbc", EVP_des_ede3_cbc },
1492
{ "aes-128-cbc", EVP_aes_128_cbc },
1493
{ "aes-192-cbc", EVP_aes_192_cbc },
1494
{ "aes-256-cbc", EVP_aes_256_cbc },
1495
{ "camellia-128-cbc", EVP_camellia_128_cbc },
1496
{ "camellia-192-cbc", EVP_camellia_192_cbc },
1497
{ "camellia-256-cbc", EVP_camellia_256_cbc }
1501
* Get the cipher type using their name.
1503
* @param name the name of the cipher.
1505
* @return the selected EVP_CIPHER pointer or NULL if not found.
1507
* @ingroup hcrypto_evp
1511
EVP_get_cipherbyname(const char *name)
1514
for (i = 0; i < sizeof(cipher_name)/sizeof(cipher_name[0]); i++) {
1515
if (strcasecmp(cipher_name[i].name, name) == 0)
1516
return (*cipher_name[i].func)();
1527
#define min(a,b) (((a)>(b))?(b):(a))
1531
* Provides a legancy string to key function, used in PEM files.
1533
* New protocols should use new string to key functions like NIST
1534
* SP56-800A or PKCS#5 v2.0 (see PKCS5_PBKDF2_HMAC_SHA1()).
1536
* @param type type of cipher to use
1537
* @param md message digest to use
1538
* @param salt salt salt string, should be an binary 8 byte buffer.
1539
* @param data the password/input key string.
1540
* @param datalen length of data parameter.
1541
* @param count iteration counter.
1542
* @param keydata output keydata, needs to of the size EVP_CIPHER_key_length().
1543
* @param ivdata output ivdata, needs to of the size EVP_CIPHER_block_size().
1545
* @return the size of derived key.
1547
* @ingroup hcrypto_evp
1551
EVP_BytesToKey(const EVP_CIPHER *type,
1554
const void *data, size_t datalen,
1559
int ivlen, keylen, first = 0;
1560
unsigned int mds = 0, i;
1561
unsigned char *key = keydata;
1562
unsigned char *iv = ivdata;
1566
keylen = EVP_CIPHER_key_length(type);
1567
ivlen = EVP_CIPHER_iv_length(type);
1572
buf = malloc(EVP_MD_size(md));
1576
EVP_MD_CTX_init(&c);
1580
EVP_DigestInit_ex(&c, md, NULL);
1582
EVP_DigestUpdate(&c, buf, mds);
1584
EVP_DigestUpdate(&c,data,datalen);
1586
#define PKCS5_SALT_LEN 8
1589
EVP_DigestUpdate(&c, salt, PKCS5_SALT_LEN);
1591
EVP_DigestFinal_ex(&c, buf, &mds);
1592
assert(mds == EVP_MD_size(md));
1594
for (i = 1; i < count; i++) {
1595
EVP_DigestInit_ex(&c, md, NULL);
1596
EVP_DigestUpdate(&c, buf, mds);
1597
EVP_DigestFinal_ex(&c, buf, &mds);
1598
assert(mds == EVP_MD_size(md));
1603
size_t sz = min(keylen, mds);
1605
memcpy(key, buf, sz);
1611
if (ivlen && mds > i) {
1612
size_t sz = min(ivlen, (mds - i));
1614
memcpy(iv, &buf[i], sz);
1619
if (keylen == 0 && ivlen == 0)
1623
EVP_MD_CTX_cleanup(&c);
1626
return EVP_CIPHER_key_length(type);
1630
* Generate a random key for the specificed EVP_CIPHER.
1632
* @param ctx EVP_CIPHER_CTX type to build the key for.
1633
* @param key return key, must be at least EVP_CIPHER_key_length() byte long.
1635
* @return 1 for success, 0 for failure.
1637
* @ingroup hcrypto_core
1641
EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, void *key)
1643
if (ctx->cipher->flags & EVP_CIPH_RAND_KEY)
1644
return EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_RAND_KEY, 0, key);
1645
if (RAND_bytes(key, ctx->key_len) != 1)
1651
* Perform a operation on a ctx
1653
* @return 1 for success, 0 for failure.
1655
* @ingroup hcrypto_core
1659
EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *data)
1661
if (ctx->cipher == NULL || ctx->cipher->ctrl == NULL)
1663
return (*ctx->cipher->ctrl)(ctx, type, arg, data);
1667
* Add all algorithms to the crypto core.
1669
* @ingroup hcrypto_core
1673
OpenSSL_add_all_algorithms(void)
1679
* Add all algorithms to the crypto core using configuration file.
1681
* @ingroup hcrypto_core
1685
OpenSSL_add_all_algorithms_conf(void)
1691
* Add all algorithms to the crypto core, but don't use the
1692
* configuration file.
1694
* @ingroup hcrypto_core
1698
OpenSSL_add_all_algorithms_noconf(void)