123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247 |
- =pod
- =head1 NAME
- provider-cipher - The cipher library E<lt>-E<gt> provider functions
- =head1 SYNOPSIS
- =for openssl multiple includes
- #include <openssl/core_dispatch.h>
- #include <openssl/core_names.h>
- /*
- * None of these are actual functions, but are displayed like this for
- * the function signatures for functions that are offered as function
- * pointers in OSSL_DISPATCH arrays.
- */
- /* Context management */
- void *OSSL_FUNC_cipher_newctx(void *provctx);
- void OSSL_FUNC_cipher_freectx(void *cctx);
- void *OSSL_FUNC_cipher_dupctx(void *cctx);
- /* Encryption/decryption */
- int OSSL_FUNC_cipher_encrypt_init(void *cctx, const unsigned char *key,
- size_t keylen, const unsigned char *iv,
- size_t ivlen, const OSSL_PARAM params[]);
- int OSSL_FUNC_cipher_decrypt_init(void *cctx, const unsigned char *key,
- size_t keylen, const unsigned char *iv,
- size_t ivlen, const OSSL_PARAM params[]);
- int OSSL_FUNC_cipher_update(void *cctx, unsigned char *out, size_t *outl,
- size_t outsize, const unsigned char *in, size_t inl);
- int OSSL_FUNC_cipher_final(void *cctx, unsigned char *out, size_t *outl,
- size_t outsize);
- int OSSL_FUNC_cipher_cipher(void *cctx, unsigned char *out, size_t *outl,
- size_t outsize, const unsigned char *in, size_t inl);
- /* Cipher parameter descriptors */
- const OSSL_PARAM *OSSL_FUNC_cipher_gettable_params(void *provctx);
- /* Cipher operation parameter descriptors */
- const OSSL_PARAM *OSSL_FUNC_cipher_gettable_ctx_params(void *cctx,
- void *provctx);
- const OSSL_PARAM *OSSL_FUNC_cipher_settable_ctx_params(void *cctx,
- void *provctx);
- /* Cipher parameters */
- int OSSL_FUNC_cipher_get_params(OSSL_PARAM params[]);
- /* Cipher operation parameters */
- int OSSL_FUNC_cipher_get_ctx_params(void *cctx, OSSL_PARAM params[]);
- int OSSL_FUNC_cipher_set_ctx_params(void *cctx, const OSSL_PARAM params[]);
- =head1 DESCRIPTION
- This documentation is primarily aimed at provider authors. See L<provider(7)>
- for further information.
- The CIPHER operation enables providers to implement cipher algorithms and make
- them available to applications via the API functions L<EVP_EncryptInit_ex(3)>,
- L<EVP_EncryptUpdate(3)> and L<EVP_EncryptFinal(3)> (as well as the decrypt
- equivalents and other related functions).
- All "functions" mentioned here are passed as function pointers between
- F<libcrypto> and the provider in B<OSSL_DISPATCH> arrays via
- B<OSSL_ALGORITHM> arrays that are returned by the provider's
- provider_query_operation() function
- (see L<provider-base(7)/Provider Functions>).
- All these "functions" have a corresponding function type definition
- named B<OSSL_FUNC_{name}_fn>, and a helper function to retrieve the
- function pointer from an B<OSSL_DISPATCH> element named
- B<OSSL_FUNC_{name}>.
- For example, the "function" OSSL_FUNC_cipher_newctx() has these:
- typedef void *(OSSL_FUNC_cipher_newctx_fn)(void *provctx);
- static ossl_inline OSSL_FUNC_cipher_newctx_fn
- OSSL_FUNC_cipher_newctx(const OSSL_DISPATCH *opf);
- B<OSSL_DISPATCH> arrays are indexed by numbers that are provided as
- macros in L<openssl-core_dispatch.h(7)>, as follows:
- OSSL_FUNC_cipher_newctx OSSL_FUNC_CIPHER_NEWCTX
- OSSL_FUNC_cipher_freectx OSSL_FUNC_CIPHER_FREECTX
- OSSL_FUNC_cipher_dupctx OSSL_FUNC_CIPHER_DUPCTX
- OSSL_FUNC_cipher_encrypt_init OSSL_FUNC_CIPHER_ENCRYPT_INIT
- OSSL_FUNC_cipher_decrypt_init OSSL_FUNC_CIPHER_DECRYPT_INIT
- OSSL_FUNC_cipher_update OSSL_FUNC_CIPHER_UPDATE
- OSSL_FUNC_cipher_final OSSL_FUNC_CIPHER_FINAL
- OSSL_FUNC_cipher_cipher OSSL_FUNC_CIPHER_CIPHER
- OSSL_FUNC_cipher_get_params OSSL_FUNC_CIPHER_GET_PARAMS
- OSSL_FUNC_cipher_get_ctx_params OSSL_FUNC_CIPHER_GET_CTX_PARAMS
- OSSL_FUNC_cipher_set_ctx_params OSSL_FUNC_CIPHER_SET_CTX_PARAMS
- OSSL_FUNC_cipher_gettable_params OSSL_FUNC_CIPHER_GETTABLE_PARAMS
- OSSL_FUNC_cipher_gettable_ctx_params OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS
- OSSL_FUNC_cipher_settable_ctx_params OSSL_FUNC_CIPHER_SETTABLE_CTX_PARAMS
- A cipher algorithm implementation may not implement all of these functions.
- In order to be a consistent set of functions there must at least be a complete
- set of "encrypt" functions, or a complete set of "decrypt" functions, or a
- single "cipher" function.
- In all cases both the OSSL_FUNC_cipher_newctx and OSSL_FUNC_cipher_freectx functions must be
- present.
- All other functions are optional.
- =head2 Context Management Functions
- OSSL_FUNC_cipher_newctx() should create and return a pointer to a provider side
- structure for holding context information during a cipher operation.
- A pointer to this context will be passed back in a number of the other cipher
- operation function calls.
- The parameter I<provctx> is the provider context generated during provider
- initialisation (see L<provider(7)>).
- OSSL_FUNC_cipher_freectx() is passed a pointer to the provider side cipher context in
- the I<cctx> parameter.
- This function should free any resources associated with that context.
- OSSL_FUNC_cipher_dupctx() should duplicate the provider side cipher context in the
- I<cctx> parameter and return the duplicate copy.
- =head2 Encryption/Decryption Functions
- OSSL_FUNC_cipher_encrypt_init() initialises a cipher operation for encryption given a
- newly created provider side cipher context in the I<cctx> parameter.
- The key to be used is given in I<key> which is I<keylen> bytes long.
- The IV to be used is given in I<iv> which is I<ivlen> bytes long.
- The I<params>, if not NULL, should be set on the context in a manner similar to
- using OSSL_FUNC_cipher_set_ctx_params().
- OSSL_FUNC_cipher_decrypt_init() is the same as OSSL_FUNC_cipher_encrypt_init() except that it
- initialises the context for a decryption operation.
- OSSL_FUNC_cipher_update() is called to supply data to be encrypted/decrypted as part of
- a previously initialised cipher operation.
- The I<cctx> parameter contains a pointer to a previously initialised provider
- side context.
- OSSL_FUNC_cipher_update() should encrypt/decrypt I<inl> bytes of data at the location
- pointed to by I<in>.
- The encrypted data should be stored in I<out> and the amount of data written to
- I<*outl> which should not exceed I<outsize> bytes.
- OSSL_FUNC_cipher_update() may be called multiple times for a single cipher operation.
- It is the responsibility of the cipher implementation to handle input lengths
- that are not multiples of the block length.
- In such cases a cipher implementation will typically cache partial blocks of
- input data until a complete block is obtained.
- I<out> may be the same location as I<in> but it should not partially overlap.
- The same expectations apply to I<outsize> as documented for
- L<EVP_EncryptUpdate(3)> and L<EVP_DecryptUpdate(3)>.
- OSSL_FUNC_cipher_final() completes an encryption or decryption started through previous
- OSSL_FUNC_cipher_encrypt_init() or OSSL_FUNC_cipher_decrypt_init(), and OSSL_FUNC_cipher_update()
- calls.
- The I<cctx> parameter contains a pointer to the provider side context.
- Any final encryption/decryption output should be written to I<out> and the
- amount of data written to I<*outl> which should not exceed I<outsize> bytes.
- The same expectations apply to I<outsize> as documented for
- L<EVP_EncryptFinal(3)> and L<EVP_DecryptFinal(3)>.
- OSSL_FUNC_cipher_cipher() performs encryption/decryption using the provider side cipher
- context in the I<cctx> parameter that should have been previously initialised via
- a call to OSSL_FUNC_cipher_encrypt_init() or OSSL_FUNC_cipher_decrypt_init().
- This should call the raw underlying cipher function without any padding.
- This will be invoked in the provider as a result of the application calling
- L<EVP_Cipher(3)>.
- The application is responsible for ensuring that the input is a multiple of the
- block length.
- The data to be encrypted/decrypted will be in I<in>, and it will be I<inl> bytes
- in length.
- The output from the encryption/decryption should be stored in I<out> and the
- amount of data stored should be put in I<*outl> which should be no more than
- I<outsize> bytes.
- =head2 Cipher Parameters
- See L<OSSL_PARAM(3)> for further details on the parameters structure used by
- these functions.
- OSSL_FUNC_cipher_get_params() gets details of the algorithm implementation
- and stores them in I<params>.
- OSSL_FUNC_cipher_set_ctx_params() sets cipher operation parameters for the
- provider side cipher context I<cctx> to I<params>.
- Any parameter settings are additional to any that were previously set.
- Passing NULL for I<params> should return true.
- OSSL_FUNC_cipher_get_ctx_params() gets cipher operation details details from
- the given provider side cipher context I<cctx> and stores them in I<params>.
- Passing NULL for I<params> should return true.
- OSSL_FUNC_cipher_gettable_params(), OSSL_FUNC_cipher_gettable_ctx_params(),
- and OSSL_FUNC_cipher_settable_ctx_params() all return constant B<OSSL_PARAM>
- arrays as descriptors of the parameters that OSSL_FUNC_cipher_get_params(),
- OSSL_FUNC_cipher_get_ctx_params(), and OSSL_FUNC_cipher_set_ctx_params()
- can handle, respectively. OSSL_FUNC_cipher_gettable_ctx_params() and
- OSSL_FUNC_cipher_settable_ctx_params() will return the parameters associated
- with the provider side context I<cctx> in its current state if it is
- not NULL. Otherwise, they return the parameters associated with the
- provider side algorithm I<provctx>.
- Parameters currently recognised by built-in ciphers are listed in
- L<EVP_EncryptInit(3)/PARAMETERS>.
- Not all parameters are relevant to, or are understood by all ciphers.
- =head1 RETURN VALUES
- OSSL_FUNC_cipher_newctx() and OSSL_FUNC_cipher_dupctx() should return the newly created
- provider side cipher context, or NULL on failure.
- OSSL_FUNC_cipher_encrypt_init(), OSSL_FUNC_cipher_decrypt_init(), OSSL_FUNC_cipher_update(),
- OSSL_FUNC_cipher_final(), OSSL_FUNC_cipher_cipher(), OSSL_FUNC_cipher_get_params(),
- OSSL_FUNC_cipher_get_ctx_params() and OSSL_FUNC_cipher_set_ctx_params() should return 1 for
- success or 0 on error.
- OSSL_FUNC_cipher_gettable_params(), OSSL_FUNC_cipher_gettable_ctx_params() and
- OSSL_FUNC_cipher_settable_ctx_params() should return a constant B<OSSL_PARAM>
- array, or NULL if none is offered.
- =head1 SEE ALSO
- L<provider(7)>, L<OSSL_PROVIDER-FIPS(7)>, L<OSSL_PROVIDER-default(7)>,
- L<OSSL_PROVIDER-legacy(7)>,
- L<EVP_CIPHER-AES(7)>, L<EVP_CIPHER-ARIA(7)>, L<EVP_CIPHER-BLOWFISH(7)>,
- L<EVP_CIPHER-CAMELLIA(7)>, L<EVP_CIPHER-CAST(7)>, L<EVP_CIPHER-CHACHA(7)>,
- L<EVP_CIPHER-DES(7)>, L<EVP_CIPHER-IDEA(7)>, L<EVP_CIPHER-RC2(7)>,
- L<EVP_CIPHER-RC4(7)>, L<EVP_CIPHER-RC5(7)>, L<EVP_CIPHER-SEED(7)>,
- L<EVP_CIPHER-SM4(7)>,
- L<life_cycle-cipher(7)>, L<EVP_EncryptInit(3)>
- =head1 HISTORY
- The provider CIPHER interface was introduced in OpenSSL 3.0.
- =head1 COPYRIGHT
- Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
- Licensed under the Apache License 2.0 (the "License"). You may not use
- this file except in compliance with the License. You can obtain a copy
- in the file LICENSE in the source distribution or at
- L<https://www.openssl.org/source/license.html>.
- =cut
|