]>
Commit | Line | Data |
---|---|---|
db9ecf05 | 1 | /* SPDX-License-Identifier: LGPL-2.1-or-later */ |
3f637019 LP |
2 | #pragma once |
3 | ||
bd1ae178 | 4 | #include "iovec-util.h" |
f2d5df8a | 5 | #include "macro.h" |
8939d335 DDM |
6 | #include "sha256.h" |
7 | ||
a73144bb LB |
8 | typedef enum KeySourceType { |
9 | OPENSSL_KEY_SOURCE_FILE, | |
10 | OPENSSL_KEY_SOURCE_ENGINE, | |
11 | OPENSSL_KEY_SOURCE_PROVIDER, | |
12 | _OPENSSL_KEY_SOURCE_MAX, | |
13 | _OPENSSL_KEY_SOURCE_INVALID = -EINVAL, | |
14 | } KeySourceType; | |
15 | ||
16 | int parse_openssl_key_source_argument(const char *argument, char **private_key_source, KeySourceType *private_key_source_type); | |
17 | ||
8939d335 | 18 | #define X509_FINGERPRINT_SIZE SHA256_DIGEST_SIZE |
f2d5df8a | 19 | |
b012a1f4 | 20 | #if HAVE_OPENSSL |
c2fa92e7 | 21 | # include <openssl/bio.h> |
57633d23 | 22 | # include <openssl/bn.h> |
900e73f8 | 23 | # include <openssl/crypto.h> |
57633d23 | 24 | # include <openssl/err.h> |
4ef65db3 | 25 | # include <openssl/evp.h> |
d9b5841d | 26 | # include <openssl/opensslv.h> |
c2fa92e7 LP |
27 | # include <openssl/pkcs7.h> |
28 | # include <openssl/ssl.h> | |
29 | # include <openssl/x509v3.h> | |
d9b5841d LP |
30 | # ifndef OPENSSL_VERSION_MAJOR |
31 | /* OPENSSL_VERSION_MAJOR macro was added in OpenSSL 3. Thus, if it doesn't exist, we must be before OpenSSL 3. */ | |
32 | # define OPENSSL_VERSION_MAJOR 1 | |
33 | # endif | |
34 | # if OPENSSL_VERSION_MAJOR >= 3 | |
35 | # include <openssl/core_names.h> | |
a65a25be | 36 | # include <openssl/kdf.h> |
dcec950c | 37 | # include <openssl/param_build.h> |
dba0afa1 LB |
38 | # include <openssl/provider.h> |
39 | # include <openssl/store.h> | |
d9b5841d | 40 | # endif |
3f637019 | 41 | |
900e73f8 | 42 | DEFINE_TRIVIAL_CLEANUP_FUNC_FULL_MACRO(void*, OPENSSL_free, NULL); |
fd421c4a ZJS |
43 | DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(X509_NAME*, X509_NAME_free, NULL); |
44 | DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EVP_PKEY_CTX*, EVP_PKEY_CTX_free, NULL); | |
45 | DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EVP_CIPHER_CTX*, EVP_CIPHER_CTX_free, NULL); | |
57633d23 ZJS |
46 | DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EC_POINT*, EC_POINT_free, NULL); |
47 | DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EC_GROUP*, EC_GROUP_free, NULL); | |
48 | DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(BIGNUM*, BN_free, NULL); | |
49 | DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(BN_CTX*, BN_CTX_free, NULL); | |
50 | DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(ECDSA_SIG*, ECDSA_SIG_free, NULL); | |
c2fa92e7 LP |
51 | DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(PKCS7*, PKCS7_free, NULL); |
52 | DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(SSL*, SSL_free, NULL); | |
53 | DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(BIO*, BIO_free, NULL); | |
18f568b8 | 54 | DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EVP_MD_CTX*, EVP_MD_CTX_free, NULL); |
85686b37 | 55 | DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(ASN1_OCTET_STRING*, ASN1_OCTET_STRING_free, NULL); |
81d61d6a | 56 | |
dcec950c | 57 | #if OPENSSL_VERSION_MAJOR >= 3 |
58f215a0 | 58 | DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EVP_CIPHER*, EVP_CIPHER_free, NULL); |
a65a25be DS |
59 | DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EVP_KDF*, EVP_KDF_free, NULL); |
60 | DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EVP_KDF_CTX*, EVP_KDF_CTX_free, NULL); | |
a95e8fa2 DS |
61 | DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EVP_MAC*, EVP_MAC_free, NULL); |
62 | DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EVP_MAC_CTX*, EVP_MAC_CTX_free, NULL); | |
c52a003d | 63 | DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EVP_MD*, EVP_MD_free, NULL); |
dcec950c DS |
64 | DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(OSSL_PARAM*, OSSL_PARAM_free, NULL); |
65 | DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(OSSL_PARAM_BLD*, OSSL_PARAM_BLD_free, NULL); | |
dba0afa1 LB |
66 | DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(OSSL_STORE_CTX*, OSSL_STORE_close, NULL); |
67 | DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(OSSL_STORE_INFO*, OSSL_STORE_INFO_free, NULL); | |
dcec950c DS |
68 | #else |
69 | DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EC_KEY*, EC_KEY_free, NULL); | |
a95e8fa2 | 70 | DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(HMAC_CTX*, HMAC_CTX_free, NULL); |
dcec950c DS |
71 | DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(RSA*, RSA_free, NULL); |
72 | #endif | |
c2fa92e7 LP |
73 | |
74 | static inline void sk_X509_free_allp(STACK_OF(X509) **sk) { | |
75 | if (!sk || !*sk) | |
76 | return; | |
77 | ||
78 | sk_X509_pop_free(*sk, X509_free); | |
79 | } | |
b012a1f4 | 80 | |
4af788c7 DS |
81 | int openssl_pkey_from_pem(const void *pem, size_t pem_size, EVP_PKEY **ret); |
82 | ||
c52a003d DS |
83 | int openssl_digest_size(const char *digest_alg, size_t *ret_digest_size); |
84 | ||
bed4831c DS |
85 | int openssl_digest_many(const char *digest_alg, const struct iovec data[], size_t n_data, void **ret_digest, size_t *ret_digest_size); |
86 | ||
87 | static inline int openssl_digest(const char *digest_alg, const void *buf, size_t len, void **ret_digest, size_t *ret_digest_size) { | |
88 | return openssl_digest_many(digest_alg, &IOVEC_MAKE((void*) buf, len), 1, ret_digest, ret_digest_size); | |
89 | } | |
90 | ||
a95e8fa2 DS |
91 | int openssl_hmac_many(const char *digest_alg, const void *key, size_t key_size, const struct iovec data[], size_t n_data, void **ret_digest, size_t *ret_digest_size); |
92 | ||
93 | static inline int openssl_hmac(const char *digest_alg, const void *key, size_t key_size, const void *buf, size_t len, void **ret_digest, size_t *ret_digest_size) { | |
94 | return openssl_hmac_many(digest_alg, key, key_size, &IOVEC_MAKE((void*) buf, len), 1, ret_digest, ret_digest_size); | |
95 | } | |
96 | ||
58f215a0 DS |
97 | int openssl_cipher_many(const char *alg, size_t bits, const char *mode, const void *key, size_t key_size, const void *iv, size_t iv_size, const struct iovec data[], size_t n_data, void **ret, size_t *ret_size); |
98 | ||
99 | static inline int openssl_cipher(const char *alg, size_t bits, const char *mode, const void *key, size_t key_size, const void *iv, size_t iv_size, const void *buf, size_t len, void **ret, size_t *ret_size) { | |
100 | return openssl_cipher_many(alg, bits, mode, key, key_size, iv, iv_size, &IOVEC_MAKE((void*) buf, len), 1, ret, ret_size); | |
101 | } | |
102 | ||
8c2205bb DS |
103 | int kdf_ss_derive(const char *digest, const void *key, size_t key_size, const void *salt, size_t salt_size, const void *info, size_t info_size, size_t derive_size, void **ret); |
104 | ||
a65a25be DS |
105 | int kdf_kb_hmac_derive(const char *mode, const char *digest, const void *key, size_t key_size, const void *salt, size_t salt_size, const void *info, size_t info_size, const void *seed, size_t seed_size, size_t derive_size, void **ret); |
106 | ||
f2d5df8a LP |
107 | int rsa_encrypt_bytes(EVP_PKEY *pkey, const void *decrypted_key, size_t decrypted_key_size, void **ret_encrypt_key, size_t *ret_encrypt_key_size); |
108 | ||
816b1dc4 DS |
109 | int rsa_oaep_encrypt_bytes(const EVP_PKEY *pkey, const char *digest_alg, const char *label, const void *decrypted_key, size_t decrypted_key_size, void **ret_encrypt_key, size_t *ret_encrypt_key_size); |
110 | ||
d041e4fc | 111 | int rsa_pkey_to_suitable_key_size(EVP_PKEY *pkey, size_t *ret_suitable_key_size); |
e8ccb5c7 | 112 | |
dcec950c DS |
113 | int rsa_pkey_new(size_t bits, EVP_PKEY **ret); |
114 | ||
115 | int rsa_pkey_from_n_e(const void *n, size_t n_size, const void *e, size_t e_size, EVP_PKEY **ret); | |
116 | ||
117 | int rsa_pkey_to_n_e(const EVP_PKEY *pkey, void **ret_n, size_t *ret_n_size, void **ret_e, size_t *ret_e_size); | |
118 | ||
900e73f8 DS |
119 | int ecc_pkey_from_curve_x_y(int curve_id, const void *x, size_t x_size, const void *y, size_t y_size, EVP_PKEY **ret); |
120 | ||
121 | int ecc_pkey_to_curve_x_y(const EVP_PKEY *pkey, int *ret_curve_id, void **ret_x, size_t *ret_x_size, void **ret_y, size_t *ret_y_size); | |
122 | ||
123 | int ecc_pkey_new(int curve_id, EVP_PKEY **ret); | |
124 | ||
779b80d8 DS |
125 | int ecc_ecdh(const EVP_PKEY *private_pkey, const EVP_PKEY *peer_pkey, void **ret_shared_secret, size_t *ret_shared_secret_size); |
126 | ||
85686b37 | 127 | int pkey_generate_volume_keys(EVP_PKEY *pkey, void **ret_decrypted_key, size_t *ret_decrypted_key_size, void **ret_saved_key, size_t *ret_saved_key_size); |
876206f2 | 128 | |
e8ccb5c7 LP |
129 | int pubkey_fingerprint(EVP_PKEY *pk, const EVP_MD *md, void **ret, size_t *ret_size); |
130 | ||
ef65c0f6 LP |
131 | int digest_and_sign(const EVP_MD *md, EVP_PKEY *privkey, const void *data, size_t size, void **ret, size_t *ret_size); |
132 | ||
a73144bb | 133 | int openssl_load_key_from_token(KeySourceType private_key_source_type, const char *private_key_source, const char *private_key, EVP_PKEY **ret); |
dba0afa1 | 134 | |
bc958a19 DDM |
135 | #else |
136 | ||
137 | typedef struct X509 X509; | |
138 | typedef struct EVP_PKEY EVP_PKEY; | |
139 | ||
140 | static inline void *X509_free(X509 *p) { | |
141 | assert(p == NULL); | |
142 | return NULL; | |
143 | } | |
144 | ||
145 | static inline void *EVP_PKEY_free(EVP_PKEY *p) { | |
146 | assert(p == NULL); | |
147 | return NULL; | |
148 | } | |
149 | ||
a73144bb LB |
150 | static inline int openssl_load_key_from_token( |
151 | KeySourceType private_key_source_type, | |
152 | const char *private_key_source, | |
153 | const char *private_key, | |
154 | EVP_PKEY **ret) { | |
155 | ||
dba0afa1 LB |
156 | return -EOPNOTSUPP; |
157 | } | |
158 | ||
57633d23 ZJS |
159 | #endif |
160 | ||
bc958a19 DDM |
161 | DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(X509*, X509_free, NULL); |
162 | DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EVP_PKEY*, EVP_PKEY_free, NULL); | |
163 | ||
8939d335 DDM |
164 | int x509_fingerprint(X509 *cert, uint8_t buffer[static X509_FINGERPRINT_SIZE]); |
165 | ||
57633d23 ZJS |
166 | #if PREFER_OPENSSL |
167 | /* The openssl definition */ | |
168 | typedef const EVP_MD* hash_md_t; | |
169 | typedef const EVP_MD* hash_algorithm_t; | |
170 | typedef int elliptic_curve_t; | |
171 | typedef EVP_MD_CTX* hash_context_t; | |
172 | # define OPENSSL_OR_GCRYPT(a, b) (a) | |
173 | ||
174 | #elif HAVE_GCRYPT | |
175 | ||
176 | # include <gcrypt.h> | |
d041e4fc | 177 | |
57633d23 ZJS |
178 | /* The gcrypt definition */ |
179 | typedef int hash_md_t; | |
180 | typedef const char* hash_algorithm_t; | |
181 | typedef const char* elliptic_curve_t; | |
182 | typedef gcry_md_hd_t hash_context_t; | |
183 | # define OPENSSL_OR_GCRYPT(a, b) (b) | |
b012a1f4 | 184 | #endif |
7e8facb3 ZJS |
185 | |
186 | #if PREFER_OPENSSL | |
11f7bc5e | 187 | int string_hashsum(const char *s, size_t len, const char *md_algorithm, char **ret); |
7e8facb3 ZJS |
188 | |
189 | static inline int string_hashsum_sha224(const char *s, size_t len, char **ret) { | |
11f7bc5e | 190 | return string_hashsum(s, len, "SHA224", ret); |
7e8facb3 ZJS |
191 | } |
192 | ||
193 | static inline int string_hashsum_sha256(const char *s, size_t len, char **ret) { | |
11f7bc5e | 194 | return string_hashsum(s, len, "SHA256", ret); |
7e8facb3 ZJS |
195 | } |
196 | #endif |