Path: blob/main/crypto/openssl/include/internal/passphrase.h
34879 views
/*1* Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.2*3* Licensed under the Apache License 2.0 (the "License"). You may not use4* this file except in compliance with the License. You can obtain a copy5* in the file LICENSE in the source distribution or at6* https://www.openssl.org/source/license.html7*/89#ifndef OSSL_INTERNAL_PASSPHRASE_H10# define OSSL_INTERNAL_PASSPHRASE_H11# pragma once1213/*14* This is a passphrase reader bridge with bells and whistles.15*16* On one hand, an API may wish to offer all sorts of passphrase callback17* possibilities to users, or may have to do so for historical reasons.18* On the other hand, that same API may have demands from other interfaces,19* notably from the libcrypto <-> provider interface, which uses20* OSSL_PASSPHRASE_CALLBACK consistently.21*22* The structure and functions below are the fundaments for bridging one23* passphrase callback form to another.24*25* In addition, extra features are included (this may be a growing list):26*27* - password caching. This is to be used by APIs where it's likely28* that the same passphrase may be asked for more than once, but the29* user shouldn't get prompted more than once. For example, this is30* useful for OSSL_DECODER, which may have to use a passphrase while31* trying to find out what input it has.32*/3334/*35* Structure to hold whatever the calling user may specify. This structure36* is intended to be integrated into API specific structures or to be used37* as a local on-stack variable type. Therefore, no functions to allocate38* or freed it on the heap is offered.39*/40struct ossl_passphrase_data_st {41enum {42is_expl_passphrase = 1, /* Explicit passphrase given by user */43is_pem_password, /* pem_password_cb given by user */44is_ossl_passphrase, /* OSSL_PASSPHRASE_CALLBACK given by user */45is_ui_method /* UI_METHOD given by user */46} type;47union {48struct {49char *passphrase_copy;50size_t passphrase_len;51} expl_passphrase;5253struct {54pem_password_cb *password_cb;55void *password_cbarg;56} pem_password;5758struct {59OSSL_PASSPHRASE_CALLBACK *passphrase_cb;60void *passphrase_cbarg;61} ossl_passphrase;6263struct {64const UI_METHOD *ui_method;65void *ui_method_data;66} ui_method;67} _;6869/*-70* Flags section71*/7273/* Set to indicate that caching should be done */74unsigned int flag_cache_passphrase:1;7576/*-77* Misc section: caches and other78*/7980char *cached_passphrase;81size_t cached_passphrase_len;82};8384/* Structure manipulation */8586void ossl_pw_clear_passphrase_data(struct ossl_passphrase_data_st *data);87void ossl_pw_clear_passphrase_cache(struct ossl_passphrase_data_st *data);8889int ossl_pw_set_passphrase(struct ossl_passphrase_data_st *data,90const unsigned char *passphrase,91size_t passphrase_len);92int ossl_pw_set_pem_password_cb(struct ossl_passphrase_data_st *data,93pem_password_cb *cb, void *cbarg);94int ossl_pw_set_ossl_passphrase_cb(struct ossl_passphrase_data_st *data,95OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg);96int ossl_pw_set_ui_method(struct ossl_passphrase_data_st *data,97const UI_METHOD *ui_method, void *ui_data);9899int ossl_pw_enable_passphrase_caching(struct ossl_passphrase_data_st *data);100int ossl_pw_disable_passphrase_caching(struct ossl_passphrase_data_st *data);101102/* Central function for direct calls */103104int ossl_pw_get_passphrase(char *pass, size_t pass_size, size_t *pass_len,105const OSSL_PARAM params[], int verify,106struct ossl_passphrase_data_st *data);107108/* Callback functions */109110/*111* All of these callback expect that the callback argument is a112* struct ossl_passphrase_data_st113*/114115pem_password_cb ossl_pw_pem_password;116pem_password_cb ossl_pw_pvk_password;117/* One callback for encoding (verification prompt) and one for decoding */118OSSL_PASSPHRASE_CALLBACK ossl_pw_passphrase_callback_enc;119OSSL_PASSPHRASE_CALLBACK ossl_pw_passphrase_callback_dec;120121#endif122123124