"Fossies" - the Fresh Open Source Software Archive 
Member "cryptsetup-2.4.3/lib/crypto_backend/crypto_openssl.c" (13 Jan 2022, 18217 Bytes) of package /linux/misc/cryptsetup-2.4.3.tar.xz:
As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) C and C++ source code syntax highlighting (style:
standard) with prefixed line numbers and
code folding option.
Alternatively you can here
view or
download the uninterpreted source code file.
For more information about "crypto_openssl.c" see the
Fossies "Dox" file reference documentation and the last
Fossies "Diffs" side-by-side code changes report:
2.4.1_vs_2.4.2.
1 /*
2 * OPENSSL crypto backend implementation
3 *
4 * Copyright (C) 2010-2021 Red Hat, Inc. All rights reserved.
5 * Copyright (C) 2010-2021 Milan Broz
6 *
7 * This file is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU Lesser General Public
9 * License as published by the Free Software Foundation; either
10 * version 2.1 of the License, or (at your option) any later version.
11 *
12 * This file is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * Lesser General Public License for more details.
16 *
17 * You should have received a copy of the GNU Lesser General Public
18 * License along with this file; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * In addition, as a special exception, the copyright holders give
22 * permission to link the code of portions of this program with the
23 * OpenSSL library under certain conditions as described in each
24 * individual source file, and distribute linked combinations
25 * including the two.
26 *
27 * You must obey the GNU Lesser General Public License in all respects
28 * for all of the code used other than OpenSSL.
29 */
30
31 #include <string.h>
32 #include <errno.h>
33 #include <openssl/evp.h>
34 #include <openssl/hmac.h>
35 #include <openssl/rand.h>
36 #include "crypto_backend_internal.h"
37 #if OPENSSL_VERSION_MAJOR >= 3
38 #include <openssl/provider.h>
39 #include <openssl/kdf.h>
40 #include <openssl/core_names.h>
41 static OSSL_PROVIDER *ossl_legacy = NULL;
42 static OSSL_PROVIDER *ossl_default = NULL;
43 static OSSL_LIB_CTX *ossl_ctx = NULL;
44 static char backend_version[256] = "OpenSSL";
45 #endif
46
47 #define CONST_CAST(x) (x)(uintptr_t)
48
49 static int crypto_backend_initialised = 0;
50
51 struct crypt_hash {
52 EVP_MD_CTX *md;
53 const EVP_MD *hash_id;
54 int hash_len;
55 };
56
57 struct crypt_hmac {
58 #if OPENSSL_VERSION_MAJOR >= 3
59 EVP_MAC *mac;
60 EVP_MAC_CTX *md;
61 EVP_MAC_CTX *md_org;
62 #else
63 HMAC_CTX *md;
64 const EVP_MD *hash_id;
65 #endif
66 int hash_len;
67 };
68
69 struct crypt_cipher {
70 bool use_kernel;
71 union {
72 struct crypt_cipher_kernel kernel;
73 struct {
74 EVP_CIPHER_CTX *hd_enc;
75 EVP_CIPHER_CTX *hd_dec;
76 const EVP_CIPHER *cipher_type;
77 size_t iv_length;
78 } lib;
79 } u;
80 };
81
82 struct hash_alg {
83 const char *name;
84 const char *openssl_name;
85 };
86
87 /*
88 * Compatible wrappers for OpenSSL < 1.1.0 and LibreSSL < 2.7.0
89 */
90 #if OPENSSL_VERSION_NUMBER < 0x10100000L || \
91 (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)
92
93 static int openssl_backend_init(bool fips __attribute__((unused)))
94 {
95 OpenSSL_add_all_algorithms();
96 return 0;
97 }
98
99 static void openssl_backend_exit(void)
100 {
101 }
102
103 static const char *openssl_backend_version(void)
104 {
105 return SSLeay_version(SSLEAY_VERSION);
106 }
107
108 static EVP_MD_CTX *EVP_MD_CTX_new(void)
109 {
110 EVP_MD_CTX *md = malloc(sizeof(*md));
111
112 if (md)
113 EVP_MD_CTX_init(md);
114
115 return md;
116 }
117
118 static void EVP_MD_CTX_free(EVP_MD_CTX *md)
119 {
120 EVP_MD_CTX_cleanup(md);
121 free(md);
122 }
123
124 static HMAC_CTX *HMAC_CTX_new(void)
125 {
126 HMAC_CTX *md = malloc(sizeof(*md));
127
128 if (md)
129 HMAC_CTX_init(md);
130
131 return md;
132 }
133
134 static void HMAC_CTX_free(HMAC_CTX *md)
135 {
136 HMAC_CTX_cleanup(md);
137 free(md);
138 }
139 #else
140 static void openssl_backend_exit(void)
141 {
142 #if OPENSSL_VERSION_MAJOR >= 3
143 if (ossl_legacy)
144 OSSL_PROVIDER_unload(ossl_legacy);
145 if (ossl_default)
146 OSSL_PROVIDER_unload(ossl_default);
147 if (ossl_ctx)
148 OSSL_LIB_CTX_free(ossl_ctx);
149
150 ossl_legacy = NULL;
151 ossl_default = NULL;
152 ossl_ctx = NULL;
153 #endif
154 }
155
156 static int openssl_backend_init(bool fips)
157 {
158 /*
159 * OpenSSL >= 3.0.0 provides some algorithms in legacy provider
160 */
161 #if OPENSSL_VERSION_MAJOR >= 3
162 int r;
163
164 /*
165 * In FIPS mode we keep default OpenSSL context & global config
166 */
167 if (!fips) {
168 ossl_ctx = OSSL_LIB_CTX_new();
169 if (!ossl_ctx)
170 return -EINVAL;
171
172 ossl_default = OSSL_PROVIDER_try_load(ossl_ctx, "default", 0);
173 if (!ossl_default) {
174 OSSL_LIB_CTX_free(ossl_ctx);
175 return -EINVAL;
176 }
177
178 /* Optional */
179 ossl_legacy = OSSL_PROVIDER_try_load(ossl_ctx, "legacy", 0);
180 }
181
182 r = snprintf(backend_version, sizeof(backend_version), "%s %s%s%s",
183 OpenSSL_version(OPENSSL_VERSION),
184 ossl_default ? "[default]" : "",
185 ossl_legacy ? "[legacy]" : "",
186 fips ? "[fips]" : "");
187
188 if (r < 0 || (size_t)r >= sizeof(backend_version)) {
189 openssl_backend_exit();
190 return -EINVAL;
191 }
192 #endif
193 return 0;
194 }
195
196 static const char *openssl_backend_version(void)
197 {
198 #if OPENSSL_VERSION_MAJOR >= 3
199 return backend_version;
200 #else
201 return OpenSSL_version(OPENSSL_VERSION);
202 #endif
203 }
204 #endif
205
206 int crypt_backend_init(bool fips)
207 {
208 if (crypto_backend_initialised)
209 return 0;
210
211 if (openssl_backend_init(fips))
212 return -EINVAL;
213
214 crypto_backend_initialised = 1;
215 return 0;
216 }
217
218 void crypt_backend_destroy(void)
219 {
220 /*
221 * If Destructor was already called, we must not call it again
222 */
223 if (!crypto_backend_initialised)
224 return;
225
226 crypto_backend_initialised = 0;
227
228 openssl_backend_exit();
229 }
230
231 uint32_t crypt_backend_flags(void)
232 {
233 return 0;
234 }
235
236 const char *crypt_backend_version(void)
237 {
238 return openssl_backend_version();
239 }
240
241 static const char *crypt_hash_compat_name(const char *name)
242 {
243 const char *hash_name = name;
244 int i;
245 static struct hash_alg hash_algs[] = {
246 { "blake2b-512", "blake2b512" },
247 { "blake2s-256", "blake2s256" },
248 { NULL, NULL, }};
249
250 if (!name)
251 return NULL;
252
253 i = 0;
254 while (hash_algs[i].name) {
255 if (!strcasecmp(name, hash_algs[i].name)) {
256 hash_name = hash_algs[i].openssl_name;
257 break;
258 }
259 i++;
260 }
261
262 return hash_name;
263 }
264
265 static const EVP_MD *hash_id_get(const char *name)
266 {
267 #if OPENSSL_VERSION_MAJOR >= 3
268 return EVP_MD_fetch(ossl_ctx, crypt_hash_compat_name(name), NULL);
269 #else
270 return EVP_get_digestbyname(crypt_hash_compat_name(name));
271 #endif
272 }
273
274 static void hash_id_free(const EVP_MD *hash_id)
275 {
276 #if OPENSSL_VERSION_MAJOR >= 3
277 EVP_MD_free(CONST_CAST(EVP_MD*)hash_id);
278 #endif
279 }
280
281 static const EVP_CIPHER *cipher_type_get(const char *name)
282 {
283 #if OPENSSL_VERSION_MAJOR >= 3
284 return EVP_CIPHER_fetch(ossl_ctx, name, NULL);
285 #else
286 return EVP_get_cipherbyname(name);
287 #endif
288 }
289
290 static void cipher_type_free(const EVP_CIPHER *cipher_type)
291 {
292 #if OPENSSL_VERSION_MAJOR >= 3
293 EVP_CIPHER_free(CONST_CAST(EVP_CIPHER*)cipher_type);
294 #endif
295 }
296
297 /* HASH */
298 int crypt_hash_size(const char *name)
299 {
300 int size;
301 const EVP_MD *hash_id;
302
303 hash_id = hash_id_get(name);
304 if (!hash_id)
305 return -EINVAL;
306
307 size = EVP_MD_size(hash_id);
308 hash_id_free(hash_id);
309 return size;
310 }
311
312 int crypt_hash_init(struct crypt_hash **ctx, const char *name)
313 {
314 struct crypt_hash *h;
315
316 h = malloc(sizeof(*h));
317 if (!h)
318 return -ENOMEM;
319
320 h->md = EVP_MD_CTX_new();
321 if (!h->md) {
322 free(h);
323 return -ENOMEM;
324 }
325
326 h->hash_id = hash_id_get(name);
327 if (!h->hash_id) {
328 EVP_MD_CTX_free(h->md);
329 free(h);
330 return -EINVAL;
331 }
332
333 if (EVP_DigestInit_ex(h->md, h->hash_id, NULL) != 1) {
334 hash_id_free(h->hash_id);
335 EVP_MD_CTX_free(h->md);
336 free(h);
337 return -EINVAL;
338 }
339
340 h->hash_len = EVP_MD_size(h->hash_id);
341 *ctx = h;
342 return 0;
343 }
344
345 static int crypt_hash_restart(struct crypt_hash *ctx)
346 {
347 if (EVP_DigestInit_ex(ctx->md, ctx->hash_id, NULL) != 1)
348 return -EINVAL;
349
350 return 0;
351 }
352
353 int crypt_hash_write(struct crypt_hash *ctx, const char *buffer, size_t length)
354 {
355 if (EVP_DigestUpdate(ctx->md, buffer, length) != 1)
356 return -EINVAL;
357
358 return 0;
359 }
360
361 int crypt_hash_final(struct crypt_hash *ctx, char *buffer, size_t length)
362 {
363 unsigned char tmp[EVP_MAX_MD_SIZE];
364 unsigned int tmp_len = 0;
365
366 if (length > (size_t)ctx->hash_len)
367 return -EINVAL;
368
369 if (EVP_DigestFinal_ex(ctx->md, tmp, &tmp_len) != 1)
370 return -EINVAL;
371
372 memcpy(buffer, tmp, length);
373 crypt_backend_memzero(tmp, sizeof(tmp));
374
375 if (tmp_len < length)
376 return -EINVAL;
377
378 if (crypt_hash_restart(ctx))
379 return -EINVAL;
380
381 return 0;
382 }
383
384 void crypt_hash_destroy(struct crypt_hash *ctx)
385 {
386 hash_id_free(ctx->hash_id);
387 EVP_MD_CTX_free(ctx->md);
388 memset(ctx, 0, sizeof(*ctx));
389 free(ctx);
390 }
391
392 /* HMAC */
393 int crypt_hmac_size(const char *name)
394 {
395 return crypt_hash_size(name);
396 }
397
398 int crypt_hmac_init(struct crypt_hmac **ctx, const char *name,
399 const void *key, size_t key_length)
400 {
401 struct crypt_hmac *h;
402 #if OPENSSL_VERSION_MAJOR >= 3
403 OSSL_PARAM params[] = {
404 OSSL_PARAM_utf8_string(OSSL_MAC_PARAM_DIGEST, CONST_CAST(void*)name, 0),
405 OSSL_PARAM_END
406 };
407
408 h = malloc(sizeof(*h));
409 if (!h)
410 return -ENOMEM;
411
412 h->mac = EVP_MAC_fetch(ossl_ctx, OSSL_MAC_NAME_HMAC, NULL);
413 if (!h->mac) {
414 free(h);
415 return -EINVAL;
416 }
417
418 h->md = EVP_MAC_CTX_new(h->mac);
419 if (!h->md) {
420 EVP_MAC_free(h->mac);
421 free(h);
422 return -ENOMEM;
423 }
424
425 if (EVP_MAC_init(h->md, key, key_length, params) != 1) {
426 EVP_MAC_CTX_free(h->md);
427 EVP_MAC_free(h->mac);
428 free(h);
429 return -EINVAL;
430 }
431
432 h->hash_len = EVP_MAC_CTX_get_mac_size(h->md);
433 h->md_org = EVP_MAC_CTX_dup(h->md);
434 #else
435 h = malloc(sizeof(*h));
436 if (!h)
437 return -ENOMEM;
438
439 h->md = HMAC_CTX_new();
440 if (!h->md) {
441 free(h);
442 return -ENOMEM;
443 }
444
445 h->hash_id = hash_id_get(name);
446 if (!h->hash_id) {
447 HMAC_CTX_free(h->md);
448 free(h);
449 return -EINVAL;
450 }
451
452 HMAC_Init_ex(h->md, key, key_length, h->hash_id, NULL);
453
454 h->hash_len = EVP_MD_size(h->hash_id);
455 #endif
456 *ctx = h;
457 return 0;
458 }
459
460 static int crypt_hmac_restart(struct crypt_hmac *ctx)
461 {
462 #if OPENSSL_VERSION_MAJOR >= 3
463 EVP_MAC_CTX_free(ctx->md);
464 ctx->md = EVP_MAC_CTX_dup(ctx->md_org);
465 if (!ctx->md)
466 return -EINVAL;
467 #else
468 HMAC_Init_ex(ctx->md, NULL, 0, ctx->hash_id, NULL);
469 #endif
470 return 0;
471 }
472
473 int crypt_hmac_write(struct crypt_hmac *ctx, const char *buffer, size_t length)
474 {
475 #if OPENSSL_VERSION_MAJOR >= 3
476 return EVP_MAC_update(ctx->md, (const unsigned char *)buffer, length) == 1 ? 0 : -EINVAL;
477 #else
478 HMAC_Update(ctx->md, (const unsigned char *)buffer, length);
479 return 0;
480 #endif
481 }
482
483 int crypt_hmac_final(struct crypt_hmac *ctx, char *buffer, size_t length)
484 {
485 unsigned char tmp[EVP_MAX_MD_SIZE];
486 #if OPENSSL_VERSION_MAJOR >= 3
487 size_t tmp_len = 0;
488
489 if (length > (size_t)ctx->hash_len)
490 return -EINVAL;
491
492 if (EVP_MAC_final(ctx->md, tmp, &tmp_len, sizeof(tmp)) != 1)
493 return -EINVAL;
494 #else
495 unsigned int tmp_len = 0;
496
497 if (length > (size_t)ctx->hash_len)
498 return -EINVAL;
499
500 HMAC_Final(ctx->md, tmp, &tmp_len);
501 #endif
502 memcpy(buffer, tmp, length);
503 crypt_backend_memzero(tmp, sizeof(tmp));
504
505 if (tmp_len < length)
506 return -EINVAL;
507
508 if (crypt_hmac_restart(ctx))
509 return -EINVAL;
510
511 return 0;
512 }
513
514 void crypt_hmac_destroy(struct crypt_hmac *ctx)
515 {
516 #if OPENSSL_VERSION_MAJOR >= 3
517 EVP_MAC_CTX_free(ctx->md);
518 EVP_MAC_CTX_free(ctx->md_org);
519 EVP_MAC_free(ctx->mac);
520 #else
521 hash_id_free(ctx->hash_id);
522 HMAC_CTX_free(ctx->md);
523 #endif
524 memset(ctx, 0, sizeof(*ctx));
525 free(ctx);
526 }
527
528 /* RNG */
529 int crypt_backend_rng(char *buffer, size_t length,
530 int quality __attribute__((unused)), int fips __attribute__((unused)))
531 {
532 if (RAND_bytes((unsigned char *)buffer, length) != 1)
533 return -EINVAL;
534
535 return 0;
536 }
537
538 static int openssl_pbkdf2(const char *password, size_t password_length,
539 const char *salt, size_t salt_length, uint32_t iterations,
540 const char *hash, char *key, size_t key_length)
541 {
542 int r;
543 #if OPENSSL_VERSION_MAJOR >= 3
544 EVP_KDF_CTX *ctx;
545 EVP_KDF *pbkdf2;
546 OSSL_PARAM params[] = {
547 OSSL_PARAM_octet_string(OSSL_KDF_PARAM_PASSWORD,
548 CONST_CAST(void*)password, password_length),
549 OSSL_PARAM_octet_string(OSSL_KDF_PARAM_SALT,
550 CONST_CAST(void*)salt, salt_length),
551 OSSL_PARAM_uint32(OSSL_KDF_PARAM_ITER, &iterations),
552 OSSL_PARAM_utf8_string(OSSL_KDF_PARAM_DIGEST,
553 CONST_CAST(void*)hash, 0),
554 OSSL_PARAM_END
555 };
556
557 pbkdf2 = EVP_KDF_fetch(ossl_ctx, "pbkdf2", NULL);
558 if (!pbkdf2)
559 return -EINVAL;
560
561 ctx = EVP_KDF_CTX_new(pbkdf2);
562 if (!ctx) {
563 EVP_KDF_free(pbkdf2);
564 return -EINVAL;
565 }
566
567 r = EVP_KDF_derive(ctx, (unsigned char*)key, key_length, params);
568
569 EVP_KDF_CTX_free(ctx);
570 EVP_KDF_free(pbkdf2);
571 #else
572 const EVP_MD *hash_id = EVP_get_digestbyname(crypt_hash_compat_name(hash));
573 if (!hash_id)
574 return -EINVAL;
575
576 r = PKCS5_PBKDF2_HMAC(password, (int)password_length, (const unsigned char *)salt,
577 (int)salt_length, iterations, hash_id, (int)key_length, (unsigned char*) key);
578 #endif
579 return r == 1 ? 0 : -EINVAL;
580 }
581
582 static int openssl_argon2(const char *type, const char *password, size_t password_length,
583 const char *salt, size_t salt_length, char *key, size_t key_length,
584 uint32_t iterations, uint32_t memory, uint32_t parallel)
585 {
586 return argon2(type, password, password_length, salt, salt_length,
587 key, key_length, iterations, memory, parallel);
588 }
589
590 /* PBKDF */
591 int crypt_pbkdf(const char *kdf, const char *hash,
592 const char *password, size_t password_length,
593 const char *salt, size_t salt_length,
594 char *key, size_t key_length,
595 uint32_t iterations, uint32_t memory, uint32_t parallel)
596 {
597 if (!kdf)
598 return -EINVAL;
599
600 if (!strcmp(kdf, "pbkdf2"))
601 return openssl_pbkdf2(password, password_length, salt, salt_length,
602 iterations, hash, key, key_length);
603 if (!strncmp(kdf, "argon2", 6))
604 return openssl_argon2(kdf, password, password_length, salt, salt_length,
605 key, key_length, iterations, memory, parallel);
606 return -EINVAL;
607 }
608
609 /* Block ciphers */
610 static void _cipher_destroy(EVP_CIPHER_CTX **hd_enc, EVP_CIPHER_CTX **hd_dec, const EVP_CIPHER **cipher_type)
611 {
612 EVP_CIPHER_CTX_free(*hd_enc);
613 *hd_enc = NULL;
614
615 EVP_CIPHER_CTX_free(*hd_dec);
616 *hd_dec = NULL;
617
618 cipher_type_free(*cipher_type);
619 *cipher_type = NULL;
620 }
621
622 static int _cipher_init(EVP_CIPHER_CTX **hd_enc, EVP_CIPHER_CTX **hd_dec, const EVP_CIPHER **cipher_type, const char *name,
623 const char *mode, const void *key, size_t key_length, size_t *iv_length)
624 {
625 char cipher_name[256];
626 const EVP_CIPHER *type;
627 int r, key_bits;
628
629 key_bits = key_length * 8;
630 if (!strcmp(mode, "xts"))
631 key_bits /= 2;
632
633 r = snprintf(cipher_name, sizeof(cipher_name), "%s-%d-%s", name, key_bits, mode);
634 if (r < 0 || (size_t)r >= sizeof(cipher_name))
635 return -EINVAL;
636
637 type = cipher_type_get(cipher_name);
638 if (!type)
639 return -ENOENT;
640
641 if (EVP_CIPHER_key_length(type) != (int)key_length) {
642 cipher_type_free(type);
643 return -EINVAL;
644 }
645
646 *hd_enc = EVP_CIPHER_CTX_new();
647 *hd_dec = EVP_CIPHER_CTX_new();
648 *iv_length = EVP_CIPHER_iv_length(type);
649
650 if (!*hd_enc || !*hd_dec) {
651 cipher_type_free(type);
652 return -EINVAL;
653 }
654
655 if (EVP_EncryptInit_ex(*hd_enc, type, NULL, key, NULL) != 1 ||
656 EVP_DecryptInit_ex(*hd_dec, type, NULL, key, NULL) != 1) {
657 _cipher_destroy(hd_enc, hd_dec, &type);
658 return -EINVAL;
659 }
660
661 if (EVP_CIPHER_CTX_set_padding(*hd_enc, 0) != 1 ||
662 EVP_CIPHER_CTX_set_padding(*hd_dec, 0) != 1) {
663 _cipher_destroy(hd_enc, hd_dec, &type);
664 return -EINVAL;
665 }
666
667 *cipher_type = type;
668
669 return 0;
670 }
671
672 int crypt_cipher_init(struct crypt_cipher **ctx, const char *name,
673 const char *mode, const void *key, size_t key_length)
674 {
675 struct crypt_cipher *h;
676 int r;
677
678 h = malloc(sizeof(*h));
679 if (!h)
680 return -ENOMEM;
681
682 if (!_cipher_init(&h->u.lib.hd_enc, &h->u.lib.hd_dec, &h->u.lib.cipher_type, name, mode, key,
683 key_length, &h->u.lib.iv_length)) {
684 h->use_kernel = false;
685 *ctx = h;
686 return 0;
687 }
688
689 r = crypt_cipher_init_kernel(&h->u.kernel, name, mode, key, key_length);
690 if (r < 0) {
691 free(h);
692 return r;
693 }
694
695 h->use_kernel = true;
696 *ctx = h;
697 return 0;
698 }
699
700 void crypt_cipher_destroy(struct crypt_cipher *ctx)
701 {
702 if (ctx->use_kernel)
703 crypt_cipher_destroy_kernel(&ctx->u.kernel);
704 else
705 _cipher_destroy(&ctx->u.lib.hd_enc, &ctx->u.lib.hd_dec, &ctx->u.lib.cipher_type);
706 free(ctx);
707 }
708
709 static int _cipher_encrypt(struct crypt_cipher *ctx, const unsigned char *in, unsigned char *out,
710 int length, const unsigned char *iv, size_t iv_length)
711 {
712 int len;
713
714 if (ctx->u.lib.iv_length != iv_length)
715 return -EINVAL;
716
717 if (EVP_EncryptInit_ex(ctx->u.lib.hd_enc, NULL, NULL, NULL, iv) != 1)
718 return -EINVAL;
719
720 if (EVP_EncryptUpdate(ctx->u.lib.hd_enc, out, &len, in, length) != 1)
721 return -EINVAL;
722
723 if (EVP_EncryptFinal(ctx->u.lib.hd_enc, out + len, &len) != 1)
724 return -EINVAL;
725
726 return 0;
727 }
728
729 static int _cipher_decrypt(struct crypt_cipher *ctx, const unsigned char *in, unsigned char *out,
730 int length, const unsigned char *iv, size_t iv_length)
731 {
732 int len;
733
734 if (ctx->u.lib.iv_length != iv_length)
735 return -EINVAL;
736
737 if (EVP_DecryptInit_ex(ctx->u.lib.hd_dec, NULL, NULL, NULL, iv) != 1)
738 return -EINVAL;
739
740 if (EVP_DecryptUpdate(ctx->u.lib.hd_dec, out, &len, in, length) != 1)
741 return -EINVAL;
742
743 if (EVP_DecryptFinal(ctx->u.lib.hd_dec, out + len, &len) != 1)
744 return -EINVAL;
745
746 return 0;
747 }
748
749 int crypt_cipher_encrypt(struct crypt_cipher *ctx,
750 const char *in, char *out, size_t length,
751 const char *iv, size_t iv_length)
752 {
753 if (ctx->use_kernel)
754 return crypt_cipher_encrypt_kernel(&ctx->u.kernel, in, out, length, iv, iv_length);
755
756 return _cipher_encrypt(ctx, (const unsigned char*)in,
757 (unsigned char *)out, length, (const unsigned char*)iv, iv_length);
758 }
759
760 int crypt_cipher_decrypt(struct crypt_cipher *ctx,
761 const char *in, char *out, size_t length,
762 const char *iv, size_t iv_length)
763 {
764 if (ctx->use_kernel)
765 return crypt_cipher_decrypt_kernel(&ctx->u.kernel, in, out, length, iv, iv_length);
766
767 return _cipher_decrypt(ctx, (const unsigned char*)in,
768 (unsigned char *)out, length, (const unsigned char*)iv, iv_length);
769 }
770
771 bool crypt_cipher_kernel_only(struct crypt_cipher *ctx)
772 {
773 return ctx->use_kernel;
774 }
775
776 int crypt_bitlk_decrypt_key(const void *key, size_t key_length __attribute__((unused)),
777 const char *in, char *out, size_t length,
778 const char *iv, size_t iv_length,
779 const char *tag, size_t tag_length)
780 {
781 #ifdef EVP_CTRL_CCM_SET_IVLEN
782 EVP_CIPHER_CTX *ctx;
783 int len = 0, r = -EINVAL;
784
785 ctx = EVP_CIPHER_CTX_new();
786 if (!ctx)
787 return -EINVAL;
788
789 if (EVP_DecryptInit_ex(ctx, EVP_aes_256_ccm(), NULL, NULL, NULL) != 1)
790 goto out;
791
792 //EVP_CIPHER_CTX_key_length(ctx)
793 //EVP_CIPHER_CTX_iv_length(ctx)
794
795 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_IVLEN, iv_length, NULL) != 1)
796 goto out;
797 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_TAG, tag_length, CONST_CAST(void*)tag) != 1)
798 goto out;
799
800 if (EVP_DecryptInit_ex(ctx, NULL, NULL, key, (const unsigned char*)iv) != 1)
801 goto out;
802
803 if (EVP_DecryptUpdate(ctx, (unsigned char*)out, &len, (const unsigned char*)in, length) == 1)
804 r = 0;
805 out:
806 EVP_CIPHER_CTX_free(ctx);
807 return r;
808 #else
809 return -ENOTSUP;
810 #endif
811 }