1e1051a39Sopenharmony_ci/* 2e1051a39Sopenharmony_ci * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. 3e1051a39Sopenharmony_ci * 4e1051a39Sopenharmony_ci * Licensed under the Apache License 2.0 (the "License"). You may not use 5e1051a39Sopenharmony_ci * this file except in compliance with the License. You can obtain a copy 6e1051a39Sopenharmony_ci * in the file LICENSE in the source distribution or at 7e1051a39Sopenharmony_ci * https://www.openssl.org/source/license.html 8e1051a39Sopenharmony_ci */ 9e1051a39Sopenharmony_ci 10e1051a39Sopenharmony_ci#ifndef OSSL_INTERNAL_PASSPHRASE_H 11e1051a39Sopenharmony_ci# define OSSL_INTERNAL_PASSPHRASE_H 12e1051a39Sopenharmony_ci# pragma once 13e1051a39Sopenharmony_ci 14e1051a39Sopenharmony_ci/* 15e1051a39Sopenharmony_ci * This is a passphrase reader bridge with bells and whistles. 16e1051a39Sopenharmony_ci * 17e1051a39Sopenharmony_ci * On one hand, an API may wish to offer all sorts of passphrase callback 18e1051a39Sopenharmony_ci * possibilities to users, or may have to do so for historical reasons. 19e1051a39Sopenharmony_ci * On the other hand, that same API may have demands from other interfaces, 20e1051a39Sopenharmony_ci * notably from the libcrypto <-> provider interface, which uses 21e1051a39Sopenharmony_ci * OSSL_PASSPHRASE_CALLBACK consistently. 22e1051a39Sopenharmony_ci * 23e1051a39Sopenharmony_ci * The structure and functions below are the fundaments for bridging one 24e1051a39Sopenharmony_ci * passphrase callback form to another. 25e1051a39Sopenharmony_ci * 26e1051a39Sopenharmony_ci * In addition, extra features are included (this may be a growing list): 27e1051a39Sopenharmony_ci * 28e1051a39Sopenharmony_ci * - password caching. This is to be used by APIs where it's likely 29e1051a39Sopenharmony_ci * that the same passphrase may be asked for more than once, but the 30e1051a39Sopenharmony_ci * user shouldn't get prompted more than once. For example, this is 31e1051a39Sopenharmony_ci * useful for OSSL_DECODER, which may have to use a passphrase while 32e1051a39Sopenharmony_ci * trying to find out what input it has. 33e1051a39Sopenharmony_ci */ 34e1051a39Sopenharmony_ci 35e1051a39Sopenharmony_ci/* 36e1051a39Sopenharmony_ci * Structure to hold whatever the calling user may specify. This structure 37e1051a39Sopenharmony_ci * is intended to be integrated into API specific structures or to be used 38e1051a39Sopenharmony_ci * as a local on-stack variable type. Therefore, no functions to allocate 39e1051a39Sopenharmony_ci * or freed it on the heap is offered. 40e1051a39Sopenharmony_ci */ 41e1051a39Sopenharmony_cistruct ossl_passphrase_data_st { 42e1051a39Sopenharmony_ci enum { 43e1051a39Sopenharmony_ci is_expl_passphrase = 1, /* Explicit passphrase given by user */ 44e1051a39Sopenharmony_ci is_pem_password, /* pem_password_cb given by user */ 45e1051a39Sopenharmony_ci is_ossl_passphrase, /* OSSL_PASSPHRASE_CALLBACK given by user */ 46e1051a39Sopenharmony_ci is_ui_method /* UI_METHOD given by user */ 47e1051a39Sopenharmony_ci } type; 48e1051a39Sopenharmony_ci union { 49e1051a39Sopenharmony_ci struct { 50e1051a39Sopenharmony_ci char *passphrase_copy; 51e1051a39Sopenharmony_ci size_t passphrase_len; 52e1051a39Sopenharmony_ci } expl_passphrase; 53e1051a39Sopenharmony_ci 54e1051a39Sopenharmony_ci struct { 55e1051a39Sopenharmony_ci pem_password_cb *password_cb; 56e1051a39Sopenharmony_ci void *password_cbarg; 57e1051a39Sopenharmony_ci } pem_password; 58e1051a39Sopenharmony_ci 59e1051a39Sopenharmony_ci struct { 60e1051a39Sopenharmony_ci OSSL_PASSPHRASE_CALLBACK *passphrase_cb; 61e1051a39Sopenharmony_ci void *passphrase_cbarg; 62e1051a39Sopenharmony_ci } ossl_passphrase; 63e1051a39Sopenharmony_ci 64e1051a39Sopenharmony_ci struct { 65e1051a39Sopenharmony_ci const UI_METHOD *ui_method; 66e1051a39Sopenharmony_ci void *ui_method_data; 67e1051a39Sopenharmony_ci } ui_method; 68e1051a39Sopenharmony_ci } _; 69e1051a39Sopenharmony_ci 70e1051a39Sopenharmony_ci /*- 71e1051a39Sopenharmony_ci * Flags section 72e1051a39Sopenharmony_ci */ 73e1051a39Sopenharmony_ci 74e1051a39Sopenharmony_ci /* Set to indicate that caching should be done */ 75e1051a39Sopenharmony_ci unsigned int flag_cache_passphrase:1; 76e1051a39Sopenharmony_ci 77e1051a39Sopenharmony_ci /*- 78e1051a39Sopenharmony_ci * Misc section: caches and other 79e1051a39Sopenharmony_ci */ 80e1051a39Sopenharmony_ci 81e1051a39Sopenharmony_ci char *cached_passphrase; 82e1051a39Sopenharmony_ci size_t cached_passphrase_len; 83e1051a39Sopenharmony_ci}; 84e1051a39Sopenharmony_ci 85e1051a39Sopenharmony_ci/* Structure manipulation */ 86e1051a39Sopenharmony_ci 87e1051a39Sopenharmony_civoid ossl_pw_clear_passphrase_data(struct ossl_passphrase_data_st *data); 88e1051a39Sopenharmony_civoid ossl_pw_clear_passphrase_cache(struct ossl_passphrase_data_st *data); 89e1051a39Sopenharmony_ci 90e1051a39Sopenharmony_ciint ossl_pw_set_passphrase(struct ossl_passphrase_data_st *data, 91e1051a39Sopenharmony_ci const unsigned char *passphrase, 92e1051a39Sopenharmony_ci size_t passphrase_len); 93e1051a39Sopenharmony_ciint ossl_pw_set_pem_password_cb(struct ossl_passphrase_data_st *data, 94e1051a39Sopenharmony_ci pem_password_cb *cb, void *cbarg); 95e1051a39Sopenharmony_ciint ossl_pw_set_ossl_passphrase_cb(struct ossl_passphrase_data_st *data, 96e1051a39Sopenharmony_ci OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg); 97e1051a39Sopenharmony_ciint ossl_pw_set_ui_method(struct ossl_passphrase_data_st *data, 98e1051a39Sopenharmony_ci const UI_METHOD *ui_method, void *ui_data); 99e1051a39Sopenharmony_ci 100e1051a39Sopenharmony_ciint ossl_pw_enable_passphrase_caching(struct ossl_passphrase_data_st *data); 101e1051a39Sopenharmony_ciint ossl_pw_disable_passphrase_caching(struct ossl_passphrase_data_st *data); 102e1051a39Sopenharmony_ci 103e1051a39Sopenharmony_ci/* Central function for direct calls */ 104e1051a39Sopenharmony_ci 105e1051a39Sopenharmony_ciint ossl_pw_get_passphrase(char *pass, size_t pass_size, size_t *pass_len, 106e1051a39Sopenharmony_ci const OSSL_PARAM params[], int verify, 107e1051a39Sopenharmony_ci struct ossl_passphrase_data_st *data); 108e1051a39Sopenharmony_ci 109e1051a39Sopenharmony_ci/* Callback functions */ 110e1051a39Sopenharmony_ci 111e1051a39Sopenharmony_ci/* 112e1051a39Sopenharmony_ci * All of these callback expect that the callback argument is a 113e1051a39Sopenharmony_ci * struct ossl_passphrase_data_st 114e1051a39Sopenharmony_ci */ 115e1051a39Sopenharmony_ci 116e1051a39Sopenharmony_cipem_password_cb ossl_pw_pem_password; 117e1051a39Sopenharmony_cipem_password_cb ossl_pw_pvk_password; 118e1051a39Sopenharmony_ci/* One callback for encoding (verification prompt) and one for decoding */ 119e1051a39Sopenharmony_ciOSSL_PASSPHRASE_CALLBACK ossl_pw_passphrase_callback_enc; 120e1051a39Sopenharmony_ciOSSL_PASSPHRASE_CALLBACK ossl_pw_passphrase_callback_dec; 121e1051a39Sopenharmony_ci 122e1051a39Sopenharmony_ci#endif 123