/* crypto/evp/evp.h *//* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. *  * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to.  The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code.  The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). *  * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. *  * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the copyright *    notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright *    notice, this list of conditions and the following disclaimer in the *    documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software *    must display the following acknowledgement: *    "This product includes cryptographic software written by *     Eric Young (eay@cryptsoft.com)" *    The word 'cryptographic' can be left out if the rouines from the library *    being used are not cryptographic related :-). * 4. If you include any Windows specific code (or a derivative thereof) from  *    the apps directory (application code) you must include an acknowledgement: *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" *  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. *  * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed.  i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */#ifndef HEADER_ENVELOPE_H#define HEADER_ENVELOPE_H#ifdef OPENSSL_ALGORITHM_DEFINES# include <openssl/opensslconf.h>#else# define OPENSSL_ALGORITHM_DEFINES# include <openssl/opensslconf.h># undef OPENSSL_ALGORITHM_DEFINES#endif#include <openssl/ossl_typ.h>#include <openssl/symhacks.h>#ifndef OPENSSL_NO_BIO#include <openssl/bio.h>#endif#ifdef OPENSSL_FIPS#include <openssl/fips.h>#endif/*#define EVP_RC2_KEY_SIZE		16#define EVP_RC4_KEY_SIZE		16#define EVP_BLOWFISH_KEY_SIZE		16#define EVP_CAST5_KEY_SIZE		16#define EVP_RC5_32_12_16_KEY_SIZE	16*/#define EVP_MAX_MD_SIZE			64	/* longest known is SHA512 */#define EVP_MAX_KEY_LENGTH		32#define EVP_MAX_IV_LENGTH		16#define EVP_MAX_BLOCK_LENGTH		32#define PKCS5_SALT_LEN			8/* Default PKCS#5 iteration count */#define PKCS5_DEFAULT_ITER		2048#include <openssl/objects.h>#define EVP_PK_RSA	0x0001#define EVP_PK_DSA	0x0002#define EVP_PK_DH	0x0004#define EVP_PK_EC	0x0008#define EVP_PKT_SIGN	0x0010#define EVP_PKT_ENC	0x0020#define EVP_PKT_EXCH	0x0040#define EVP_PKS_RSA	0x0100#define EVP_PKS_DSA	0x0200#define EVP_PKS_EC	0x0400#define EVP_PKT_EXP	0x1000 /* <= 512 bit key */#define EVP_PKEY_NONE	NID_undef#define EVP_PKEY_RSA	NID_rsaEncryption#define EVP_PKEY_RSA2	NID_rsa#define EVP_PKEY_DSA	NID_dsa#define EVP_PKEY_DSA1	NID_dsa_2#define EVP_PKEY_DSA2	NID_dsaWithSHA#define EVP_PKEY_DSA3	NID_dsaWithSHA1#define EVP_PKEY_DSA4	NID_dsaWithSHA1_2#define EVP_PKEY_DH	NID_dhKeyAgreement#define EVP_PKEY_EC	NID_X9_62_id_ecPublicKey#ifdef	__cplusplusextern "C" {#endif/* Type needs to be a bit field * Sub-type needs to be for variations on the method, as in, can it do * arbitrary encryption.... */struct evp_pkey_st	{	int type;	int save_type;	int references;	union	{		char *ptr;#ifndef OPENSSL_NO_RSA		struct rsa_st *rsa;	/* RSA */#endif#ifndef OPENSSL_NO_DSA		struct dsa_st *dsa;	/* DSA */#endif#ifndef OPENSSL_NO_DH		struct dh_st *dh;	/* DH */#endif#ifndef OPENSSL_NO_EC		struct ec_key_st *ec;	/* ECC */#endif		} pkey;	int save_parameters;	STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */	} /* EVP_PKEY */;#define EVP_PKEY_MO_SIGN	0x0001#define EVP_PKEY_MO_VERIFY	0x0002#define EVP_PKEY_MO_ENCRYPT	0x0004#define EVP_PKEY_MO_DECRYPT	0x0008#if 0/* This structure is required to tie the message digest and signing together. * The lookup can be done by md/pkey_method, oid, oid/pkey_method, or * oid, md and pkey. * This is required because for various smart-card perform the digest and * signing/verification on-board.  To handle this case, the specific * EVP_MD and EVP_PKEY_METHODs need to be closely associated. * When a PKEY is created, it will have a EVP_PKEY_METHOD associated with it. * This can either be software or a token to provide the required low level * routines. */typedef struct evp_pkey_md_st	{	int oid;	EVP_MD *md;	EVP_PKEY_METHOD *pkey;	} EVP_PKEY_MD;#define EVP_rsa_md2() \		EVP_PKEY_MD_add(NID_md2WithRSAEncryption,\			EVP_rsa_pkcs1(),EVP_md2())#define EVP_rsa_md5() \		EVP_PKEY_MD_add(NID_md5WithRSAEncryption,\			EVP_rsa_pkcs1(),EVP_md5())#define EVP_rsa_sha0() \		EVP_PKEY_MD_add(NID_shaWithRSAEncryption,\			EVP_rsa_pkcs1(),EVP_sha())#define EVP_rsa_sha1() \		EVP_PKEY_MD_add(NID_sha1WithRSAEncryption,\			EVP_rsa_pkcs1(),EVP_sha1())#define EVP_rsa_ripemd160() \		EVP_PKEY_MD_add(NID_ripemd160WithRSA,\			EVP_rsa_pkcs1(),EVP_ripemd160())#define EVP_rsa_mdc2() \		EVP_PKEY_MD_add(NID_mdc2WithRSA,\			EVP_rsa_octet_string(),EVP_mdc2())#define EVP_dsa_sha() \		EVP_PKEY_MD_add(NID_dsaWithSHA,\			EVP_dsa(),EVP_sha())#define EVP_dsa_sha1() \		EVP_PKEY_MD_add(NID_dsaWithSHA1,\			EVP_dsa(),EVP_sha1())typedef struct evp_pkey_method_st	{	char *name;	int flags;	int type;		/* RSA, DSA, an SSLeay specific constant */	int oid;		/* For the pub-key type */	int encrypt_oid;	/* pub/priv key encryption */	int (*sign)();	int (*verify)();	struct	{		int (*set)();	/* get and/or set the underlying type */		int (*get)();		int (*encrypt)();		int (*decrypt)();		int (*i2d)();		int (*d2i)();		int (*dup)();		} pub,priv;	int (*set_asn1_parameters)();	int (*get_asn1_parameters)();	} EVP_PKEY_METHOD;#endif#ifndef EVP_MDstruct env_md_st	{	int type;	int pkey_type;	int md_size;	unsigned long flags;	int (*init)(EVP_MD_CTX *ctx);	int (*update)(EVP_MD_CTX *ctx,const void *data,size_t count);	int (*final)(EVP_MD_CTX *ctx,unsigned char *md);	int (*copy)(EVP_MD_CTX *to,const EVP_MD_CTX *from);	int (*cleanup)(EVP_MD_CTX *ctx);	/* FIXME: prototype these some day */	int (*sign)(int type, const unsigned char *m, unsigned int m_length,		    unsigned char *sigret, unsigned int *siglen, void *key);	int (*verify)(int type, const unsigned char *m, unsigned int m_length,		      const unsigned char *sigbuf, unsigned int siglen,		      void *key);	int required_pkey_type[5]; /*EVP_PKEY_xxx */	int block_size;	int ctx_size; /* how big does the ctx->md_data need to be */	} /* EVP_MD */;typedef int evp_sign_method(int type,const unsigned char *m,			    unsigned int m_length,unsigned char *sigret,			    unsigned int *siglen, void *key);typedef int evp_verify_method(int type,const unsigned char *m,			    unsigned int m_length,const unsigned char *sigbuf,			    unsigned int siglen, void *key);typedef struct	{	EVP_MD_CTX *mctx;	void *key;	} EVP_MD_SVCTX;#define EVP_MD_FLAG_ONESHOT	0x0001 /* digest can only handle a single					* block */#define EVP_MD_FLAG_FIPS	0x0400 /* Note if suitable for use in FIPS mode */#define EVP_MD_FLAG_SVCTX	0x0800 /* pass EVP_MD_SVCTX to sign/verify */#define EVP_PKEY_NULL_method	NULL,NULL,{0,0,0,0}#ifndef OPENSSL_NO_DSA#define EVP_PKEY_DSA_method	(evp_sign_method *)DSA_sign, \				(evp_verify_method *)DSA_verify, \				{EVP_PKEY_DSA,EVP_PKEY_DSA2,EVP_PKEY_DSA3, \					EVP_PKEY_DSA4,0}#else#define EVP_PKEY_DSA_method	EVP_PKEY_NULL_method#endif#ifndef OPENSSL_NO_ECDSA#define EVP_PKEY_ECDSA_method   (evp_sign_method *)ECDSA_sign, \				(evp_verify_method *)ECDSA_verify, \                                 {EVP_PKEY_EC,0,0,0}#else   #define EVP_PKEY_ECDSA_method   EVP_PKEY_NULL_method#endif#ifndef OPENSSL_NO_RSA#define EVP_PKEY_RSA_method	(evp_sign_method *)RSA_sign, \				(evp_verify_method *)RSA_verify, \				{EVP_PKEY_RSA,EVP_PKEY_RSA2,0,0}#define EVP_PKEY_RSA_ASN1_OCTET_STRING_method \				(evp_sign_method *)RSA_sign_ASN1_OCTET_STRING, \				(evp_verify_method *)RSA_verify_ASN1_OCTET_STRING, \				{EVP_PKEY_RSA,EVP_PKEY_RSA2,0,0}#else#define EVP_PKEY_RSA_method	EVP_PKEY_NULL_method#define EVP_PKEY_RSA_ASN1_OCTET_STRING_method EVP_PKEY_NULL_method#endif#endif /* !EVP_MD */struct env_md_ctx_st	{	const EVP_MD *digest;	ENGINE *engine; /* functional reference if 'digest' is ENGINE-provided */	unsigned long flags;	void *md_data;	} /* EVP_MD_CTX */;/* values for EVP_MD_CTX flags */#define EVP_MD_CTX_FLAG_ONESHOT		0x0001 /* digest update will be called						* once only */#define EVP_MD_CTX_FLAG_CLEANED		0x0002 /* context has already been						* cleaned */#define EVP_MD_CTX_FLAG_REUSE		0x0004 /* Don't free up ctx->md_data						* in EVP_MD_CTX_cleanup */#define EVP_MD_CTX_FLAG_NON_FIPS_ALLOW	0x0008	/* Allow use of non FIPS digest						 * in FIPS mode */#define EVP_MD_CTX_FLAG_PAD_MASK	0xF0	/* RSA mode to use */#define EVP_MD_CTX_FLAG_PAD_PKCS1	0x00	/* PKCS#1 v1.5 mode */#define EVP_MD_CTX_FLAG_PAD_X931	0x10	/* X9.31 mode */#define EVP_MD_CTX_FLAG_PAD_PSS		0x20	/* PSS mode */#define M_EVP_MD_CTX_FLAG_PSS_SALT(ctx) \		((ctx->flags>>16) &0xFFFF) /* seed length */#define EVP_MD_CTX_FLAG_PSS_MDLEN	0xFFFF	/* salt len same as digest */#define EVP_MD_CTX_FLAG_PSS_MREC	0xFFFE	/* salt max or auto recovered */struct evp_cipher_st	{	int nid;	int block_size;	int key_len;		/* Default value for variable length ciphers */	int iv_len;	unsigned long flags;	/* Various flags */	int (*init)(EVP_CIPHER_CTX *ctx, const unsigned char *key,		    const unsigned char *iv, int enc);	/* init key */	int (*do_cipher)(EVP_CIPHER_CTX *ctx, unsigned char *out,			 const unsigned char *in, unsigned int inl);/* encrypt/decrypt data */	int (*cleanup)(EVP_CIPHER_CTX *); /* cleanup ctx */	int ctx_size;		/* how big ctx->cipher_data needs to be */	int (*set_asn1_parameters)(EVP_CIPHER_CTX *, ASN1_TYPE *); /* Populate a ASN1_TYPE with parameters */	int (*get_asn1_parameters)(EVP_CIPHER_CTX *, ASN1_TYPE *); /* Get parameters from a ASN1_TYPE */	int (*ctrl)(EVP_CIPHER_CTX *, int type, int arg, void *ptr); /* Miscellaneous operations */	void *app_data;		/* Application data */	} /* EVP_CIPHER */;/* Values for cipher flags *//* Modes for ciphers */