/src/boringssl/crypto/evp/internal.h
Line | Count | Source |
1 | | // Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. |
2 | | // |
3 | | // Licensed under the Apache License, Version 2.0 (the "License"); |
4 | | // you may not use this file except in compliance with the License. |
5 | | // You may obtain a copy of the License at |
6 | | // |
7 | | // https://www.apache.org/licenses/LICENSE-2.0 |
8 | | // |
9 | | // Unless required by applicable law or agreed to in writing, software |
10 | | // distributed under the License is distributed on an "AS IS" BASIS, |
11 | | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
12 | | // See the License for the specific language governing permissions and |
13 | | // limitations under the License. |
14 | | |
15 | | #ifndef OPENSSL_HEADER_CRYPTO_EVP_INTERNAL_H |
16 | | #define OPENSSL_HEADER_CRYPTO_EVP_INTERNAL_H |
17 | | |
18 | | #include <openssl/evp.h> |
19 | | |
20 | | #include <array> |
21 | | |
22 | | #include <openssl/span.h> |
23 | | |
24 | | #include "../internal.h" |
25 | | #include "../mem_internal.h" |
26 | | |
27 | | |
28 | | DECLARE_OPAQUE_STRUCT(evp_pkey_st, EvpPkey) |
29 | | DECLARE_OPAQUE_STRUCT(evp_pkey_ctx_st, EvpPkeyCtx) |
30 | | |
31 | | BSSL_NAMESPACE_BEGIN |
32 | | |
33 | | typedef struct evp_pkey_asn1_method_st EVP_PKEY_ASN1_METHOD; |
34 | | typedef struct evp_pkey_ctx_method_st EVP_PKEY_CTX_METHOD; |
35 | | |
36 | | BSSL_NAMESPACE_END |
37 | | |
38 | | struct evp_pkey_alg_st { |
39 | | // method and pkey_method implement operations for this `EVP_PKEY_ALG`. |
40 | | const bssl::EVP_PKEY_ASN1_METHOD *method; |
41 | | const bssl::EVP_PKEY_CTX_METHOD *pkey_method; |
42 | | }; |
43 | | |
44 | | BSSL_NAMESPACE_BEGIN |
45 | | |
46 | | enum evp_decode_result_t { |
47 | | evp_decode_error = 0, |
48 | | evp_decode_ok = 1, |
49 | | evp_decode_unsupported = 2, |
50 | | }; |
51 | | |
52 | | struct evp_pkey_asn1_method_st { |
53 | | // pkey_id contains one of the `EVP_PKEY_*` values and corresponds to the OID |
54 | | // in the key type's AlgorithmIdentifier. |
55 | | int pkey_id; |
56 | | uint8_t oid[9]; |
57 | | uint8_t oid_len; |
58 | | |
59 | | const EVP_PKEY_CTX_METHOD *pkey_method; |
60 | | |
61 | | // pub_decode decodes `params` and `key` as a SubjectPublicKeyInfo |
62 | | // and writes the result into `out`. It returns `evp_decode_ok` on success, |
63 | | // and `evp_decode_error` on error, and `evp_decode_unsupported` if the input |
64 | | // was not supported by this `EVP_PKEY_ALG`. In case of |
65 | | // `evp_decode_unsupported`, it does not add an error to the error queue. May |
66 | | // modify `params` and `key`. Callers must make a copy if calling in a loop. |
67 | | // |
68 | | // `params` is the AlgorithmIdentifier after the OBJECT IDENTIFIER type field, |
69 | | // and `key` is the contents of the subjectPublicKey with the leading padding |
70 | | // byte checked and removed. Although X.509 uses BIT STRINGs to represent |
71 | | // SubjectPublicKeyInfo, every key type defined encodes the key as a byte |
72 | | // string with the same conversion to BIT STRING. |
73 | | evp_decode_result_t (*pub_decode)(const EVP_PKEY_ALG *alg, EvpPkey *out, |
74 | | CBS *params, CBS *key); |
75 | | |
76 | | // pub_encode encodes `key` as a SubjectPublicKeyInfo and appends the result |
77 | | // to `out`. It returns one on success and zero on error. |
78 | | int (*pub_encode)(CBB *out, const EvpPkey *key); |
79 | | |
80 | | bool (*pub_equal)(const EvpPkey *a, const EvpPkey *b); |
81 | | |
82 | | // pub_present returns true iff the `pk` has a public key. (If so, validity |
83 | | // is not guaranteed and should be checked separately.) |
84 | | bool (*pub_present)(const EvpPkey *pk); |
85 | | |
86 | | // pub_copy sets the key data of `out` to a newly allocated key data structure |
87 | | // which contains a copy of only the public key of `pk`, freeing any key |
88 | | // previously in `out`. Returns true on success or false on failure. |
89 | | bool (*pub_copy)(EvpPkey *out, const EvpPkey *pk); |
90 | | |
91 | | // priv_decode decodes `params` and `key` as a PrivateKeyInfo and writes the |
92 | | // result into `out`. It returns `evp_decode_ok` on success, and |
93 | | // `evp_decode_error` on error, and `evp_decode_unsupported` if the key type |
94 | | // was not supported by this `EVP_PKEY_ALG`. In case of |
95 | | // `evp_decode_unsupported`, it does not add an error to the error queue. May |
96 | | // modify `params` and `key`. Callers must make a copy if calling in a loop. |
97 | | // |
98 | | // `params` is the AlgorithmIdentifier after the OBJECT IDENTIFIER type field, |
99 | | // and `key` is the contents of the OCTET STRING privateKey field. |
100 | | evp_decode_result_t (*priv_decode)(const EVP_PKEY_ALG *alg, EvpPkey *out, |
101 | | CBS *params, CBS *key); |
102 | | |
103 | | // priv_encode encodes `key` as a PrivateKeyInfo and appends the result to |
104 | | // `out`. It returns one on success and zero on error. |
105 | | int (*priv_encode)(CBB *out, const EvpPkey *key); |
106 | | |
107 | | // priv_present returns true iff the `pk` has a private key. (If so, validity |
108 | | // is not guaranteed and should be checked separately.) |
109 | | bool (*priv_present)(const EvpPkey *pk); |
110 | | |
111 | | int (*set_priv_raw)(EvpPkey *pkey, const uint8_t *in, size_t len); |
112 | | int (*set_priv_seed)(EvpPkey *pkey, const uint8_t *in, size_t len); |
113 | | int (*set_pub_raw)(EvpPkey *pkey, const uint8_t *in, size_t len); |
114 | | int (*get_priv_raw)(const EvpPkey *pkey, uint8_t *out, size_t *out_len); |
115 | | int (*get_priv_seed)(const EvpPkey *pkey, uint8_t *out, size_t *out_len); |
116 | | int (*get_pub_raw)(const EvpPkey *pkey, uint8_t *out, size_t *out_len); |
117 | | |
118 | | // TODO(davidben): Can these be merged with the functions above? OpenSSL does |
119 | | // not implement `EVP_PKEY_get_raw_public_key`, etc., for `EVP_PKEY_EC`, but |
120 | | // the distinction seems unimportant. OpenSSL 3.0 has since renamed |
121 | | // `EVP_PKEY_get1_tls_encodedpoint` to `EVP_PKEY_get1_encoded_public_key`, and |
122 | | // what is the difference between "raw" and an "encoded" public key. |
123 | | // |
124 | | // One nuisance is the notion of "raw" is slightly ambiguous for EC keys. Is |
125 | | // it a DER ECPrivateKey or just the scalar? |
126 | | int (*set1_tls_encodedpoint)(EvpPkey *pkey, const uint8_t *in, size_t len); |
127 | | size_t (*get1_tls_encodedpoint)(const EvpPkey *pkey, uint8_t **out_ptr); |
128 | | |
129 | | // pkey_opaque returns 1 if the `pk` is opaque. Opaque keys are backed by |
130 | | // custom implementations which do not expose key material and parameters. |
131 | | int (*pkey_opaque)(const EvpPkey *pk); |
132 | | |
133 | | int (*pkey_size)(const EvpPkey *pk); |
134 | | int (*pkey_bits)(const EvpPkey *pk); |
135 | | |
136 | | int (*param_missing)(const EvpPkey *pk); |
137 | | int (*param_copy)(EvpPkey *to, const EvpPkey *from); |
138 | | bool (*param_equal)(const EvpPkey *a, const EvpPkey *b); |
139 | | |
140 | | void (*pkey_free)(EvpPkey *pkey); |
141 | | } /* EVP_PKEY_ASN1_METHOD */; |
142 | | |
143 | | class EvpPkey : public evp_pkey_st, public RefCounted<EvpPkey> { |
144 | | public: |
145 | | EvpPkey(); |
146 | | |
147 | | // pkey contains a pointer to a structure dependent on `ameth`. |
148 | | void *pkey = nullptr; |
149 | | |
150 | | // ameth contains a pointer to a method table that determines the key type, or |
151 | | // nullptr if the key is empty. |
152 | | const bssl::EVP_PKEY_ASN1_METHOD *ameth = nullptr; |
153 | | |
154 | | private: |
155 | | ~EvpPkey(); |
156 | | friend RefCounted; |
157 | | } /* EVP_PKEY */; |
158 | | |
159 | 163k | #define EVP_PKEY_OP_UNDEFINED 0 |
160 | 0 | #define EVP_PKEY_OP_KEYGEN (1 << 2) |
161 | 142k | #define EVP_PKEY_OP_SIGN (1 << 3) |
162 | 184k | #define EVP_PKEY_OP_VERIFY (1 << 4) |
163 | 63.8k | #define EVP_PKEY_OP_VERIFYRECOVER (1 << 5) |
164 | 0 | #define EVP_PKEY_OP_ENCRYPT (1 << 6) |
165 | 0 | #define EVP_PKEY_OP_DECRYPT (1 << 7) |
166 | 0 | #define EVP_PKEY_OP_DERIVE (1 << 8) |
167 | 0 | #define EVP_PKEY_OP_PARAMGEN (1 << 9) |
168 | 0 | #define EVP_PKEY_OP_ENCAPSULATE (1 << 10) |
169 | 0 | #define EVP_PKEY_OP_DECAPSULATE (1 << 11) |
170 | | |
171 | | #define EVP_PKEY_OP_TYPE_SIG \ |
172 | 63.8k | (EVP_PKEY_OP_SIGN | EVP_PKEY_OP_VERIFY | EVP_PKEY_OP_VERIFYRECOVER) |
173 | | |
174 | 0 | #define EVP_PKEY_OP_TYPE_CRYPT (EVP_PKEY_OP_ENCRYPT | EVP_PKEY_OP_DECRYPT) |
175 | | |
176 | 0 | #define EVP_PKEY_OP_TYPE_GEN (EVP_PKEY_OP_KEYGEN | EVP_PKEY_OP_PARAMGEN) |
177 | | |
178 | | // EVP_PKEY_CTX_ctrl performs `cmd` on `ctx`. The `keytype` and `optype` |
179 | | // arguments can be -1 to specify that any type and operation are acceptable, |
180 | | // otherwise `keytype` must match the type of `ctx` and the bits of `optype` |
181 | | // must intersect the operation flags set on `ctx`. |
182 | | // |
183 | | // The `p1` and `p2` arguments depend on the value of `cmd`. |
184 | | // |
185 | | // It returns one on success and zero on error. |
186 | | OPENSSL_EXPORT int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype, |
187 | | int cmd, int p1, void *p2); |
188 | | |
189 | 127k | #define EVP_PKEY_CTRL_MD 1 |
190 | 0 | #define EVP_PKEY_CTRL_GET_MD 2 |
191 | | |
192 | | // EVP_PKEY_CTRL_PEER_KEY is called with different values of `p1`: |
193 | | // 0: Is called from `EVP_PKEY_derive_set_peer` and `p2` contains a peer key. |
194 | | // If the return value is <= 0, the key is rejected. |
195 | | // 1: Is called at the end of `EVP_PKEY_derive_set_peer` and `p2` contains a |
196 | | // peer key. If the return value is <= 0, the key is rejected. |
197 | | // 2: Is called with `p2` == NULL to test whether the peer's key was used. |
198 | | // (EC)DH always return one in this case. |
199 | | // 3: Is called with `p2` == NULL to set whether the peer's key was used. |
200 | | // (EC)DH always return one in this case. This was only used for GOST. |
201 | 0 | #define EVP_PKEY_CTRL_PEER_KEY 3 |
202 | | |
203 | | // EVP_PKEY_ALG_CTRL is the base value from which key-type specific ctrl |
204 | | // commands are numbered. |
205 | 105k | #define EVP_PKEY_ALG_CTRL 0x1000 |
206 | | |
207 | 35.3k | #define EVP_PKEY_CTRL_RSA_PADDING (EVP_PKEY_ALG_CTRL + 1) |
208 | 0 | #define EVP_PKEY_CTRL_GET_RSA_PADDING (EVP_PKEY_ALG_CTRL + 2) |
209 | 35.3k | #define EVP_PKEY_CTRL_RSA_PSS_SALTLEN (EVP_PKEY_ALG_CTRL + 3) |
210 | 35.3k | #define EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN (EVP_PKEY_ALG_CTRL + 4) |
211 | 0 | #define EVP_PKEY_CTRL_RSA_KEYGEN_BITS (EVP_PKEY_ALG_CTRL + 5) |
212 | 0 | #define EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP (EVP_PKEY_ALG_CTRL + 6) |
213 | 0 | #define EVP_PKEY_CTRL_RSA_OAEP_MD (EVP_PKEY_ALG_CTRL + 7) |
214 | 0 | #define EVP_PKEY_CTRL_GET_RSA_OAEP_MD (EVP_PKEY_ALG_CTRL + 8) |
215 | 0 | #define EVP_PKEY_CTRL_RSA_MGF1_MD (EVP_PKEY_ALG_CTRL + 9) |
216 | 0 | #define EVP_PKEY_CTRL_GET_RSA_MGF1_MD (EVP_PKEY_ALG_CTRL + 10) |
217 | 0 | #define EVP_PKEY_CTRL_RSA_OAEP_LABEL (EVP_PKEY_ALG_CTRL + 11) |
218 | 0 | #define EVP_PKEY_CTRL_GET_RSA_OAEP_LABEL (EVP_PKEY_ALG_CTRL + 12) |
219 | 0 | #define EVP_PKEY_CTRL_EC_PARAMGEN_GROUP (EVP_PKEY_ALG_CTRL + 13) |
220 | 0 | #define EVP_PKEY_CTRL_HKDF_MODE (EVP_PKEY_ALG_CTRL + 14) |
221 | 0 | #define EVP_PKEY_CTRL_HKDF_MD (EVP_PKEY_ALG_CTRL + 15) |
222 | 0 | #define EVP_PKEY_CTRL_HKDF_KEY (EVP_PKEY_ALG_CTRL + 16) |
223 | 0 | #define EVP_PKEY_CTRL_HKDF_SALT (EVP_PKEY_ALG_CTRL + 17) |
224 | 0 | #define EVP_PKEY_CTRL_HKDF_INFO (EVP_PKEY_ALG_CTRL + 18) |
225 | 0 | #define EVP_PKEY_CTRL_DH_PAD (EVP_PKEY_ALG_CTRL + 19) |
226 | 0 | #define EVP_PKEY_CTRL_SIGNATURE_CONTEXT_STRING (EVP_PKEY_ALG_CTRL + 20) |
227 | | |
228 | | class EvpPkeyCtx : public evp_pkey_ctx_st { |
229 | | public: |
230 | | static constexpr bool kAllowUniquePtr = true; |
231 | | |
232 | | // Use an optional virtual destructor. This class does not (yet) have a need |
233 | | // for a vtable, but we intend to write code with vtables in the future. |
234 | | // Virtual destructors add a reference to symbols in the C++ runtime, so trial |
235 | | // the dependency here. This is, temporarily, gated on a build define. If this |
236 | | // breaks your build, build with `BORINGSSL_TEMPORARY_NO_CXX_RUNTIME` and then |
237 | | // contact the BoringSSL team, so we can help fix your build. |
238 | | // |
239 | | // TODO(crbug.com/486922845): Remove the `BORINGSSL_TEMPORARY_NO_CXX_RUNTIME` |
240 | | // case. |
241 | | #if defined(BORINGSSL_TEMPORARY_NO_CXX_RUNTIME) |
242 | | ~EvpPkeyCtx(); |
243 | | #else |
244 | | virtual ~EvpPkeyCtx(); |
245 | | #endif |
246 | | |
247 | | // Method associated with this operation |
248 | | const bssl::EVP_PKEY_CTX_METHOD *pmeth = nullptr; |
249 | | // Key: may be nullptr |
250 | | bssl::UniquePtr<EvpPkey> pkey; |
251 | | // Peer key for key agreement, may be nullptr |
252 | | bssl::UniquePtr<EvpPkey> peerkey; |
253 | | // operation contains one of the `EVP_PKEY_OP_*` values. |
254 | | int operation = EVP_PKEY_OP_UNDEFINED; |
255 | | // Algorithm specific data. |
256 | | // TODO(crbug.com/487376811): Since a `EVP_PKEY_CTX` never has its type change |
257 | | // after creation, this should instead be a base class, with the |
258 | | // algorithm-specific data on the subclass, coming from the same allocation. |
259 | | void *data = nullptr; |
260 | | }; |
261 | | |
262 | | struct evp_pkey_ctx_method_st { |
263 | | int pkey_id; |
264 | | |
265 | | // `alg` may be nullptr. If non-null, `ctx` will have a key set. |
266 | | int (*init)(EvpPkeyCtx *ctx, const EVP_PKEY_ALG *alg); |
267 | | int (*copy)(EvpPkeyCtx *dst, EvpPkeyCtx *src); |
268 | | void (*cleanup)(EvpPkeyCtx *ctx); |
269 | | |
270 | | int (*keygen)(EvpPkeyCtx *ctx, EvpPkey *pkey); |
271 | | |
272 | | int (*sign)(EvpPkeyCtx *ctx, uint8_t *sig, size_t *siglen, const uint8_t *tbs, |
273 | | size_t tbslen); |
274 | | |
275 | | int (*sign_message)(EvpPkeyCtx *ctx, uint8_t *sig, size_t *siglen, |
276 | | const uint8_t *tbs, size_t tbslen); |
277 | | |
278 | | int (*verify)(EvpPkeyCtx *ctx, const uint8_t *sig, size_t siglen, |
279 | | const uint8_t *tbs, size_t tbslen); |
280 | | |
281 | | int (*verify_message)(EvpPkeyCtx *ctx, const uint8_t *sig, size_t siglen, |
282 | | const uint8_t *tbs, size_t tbslen); |
283 | | |
284 | | int (*verify_recover)(EvpPkeyCtx *ctx, uint8_t *out, size_t *out_len, |
285 | | const uint8_t *sig, size_t sig_len); |
286 | | |
287 | | int (*encrypt)(EvpPkeyCtx *ctx, uint8_t *out, size_t *outlen, |
288 | | const uint8_t *in, size_t inlen); |
289 | | |
290 | | int (*decrypt)(EvpPkeyCtx *ctx, uint8_t *out, size_t *outlen, |
291 | | const uint8_t *in, size_t inlen); |
292 | | |
293 | | int (*derive)(EvpPkeyCtx *ctx, uint8_t *key, size_t *keylen); |
294 | | |
295 | | int (*paramgen)(EvpPkeyCtx *ctx, EvpPkey *pkey); |
296 | | |
297 | | int (*encap)(EvpPkeyCtx *ctx, uint8_t *out_ciphertext, |
298 | | size_t *out_ciphertext_len, uint8_t *out_secret, |
299 | | size_t *out_secret_len); |
300 | | |
301 | | int (*decap)(EvpPkeyCtx *ctx, uint8_t *out_secret, size_t *out_secret_len, |
302 | | const uint8_t *ciphertext, size_t ciphertext_len); |
303 | | |
304 | | int (*ctrl)(EvpPkeyCtx *ctx, int type, int p1, void *p2); |
305 | | } /* EVP_PKEY_CTX_METHOD */; |
306 | | |
307 | | BSSL_NAMESPACE_END |
308 | | |
309 | | // TODO(chlily): Make compatible with `EVP_HPKE_KEM`. |
310 | | struct evp_kem_st { |
311 | | // Identifies the type of EVP_PKEYs compatible with this KEM. |
312 | | int pkey_id; |
313 | | |
314 | | // Constant lengths of ciphertexts and secrets produced/consumed by this KEM. |
315 | | size_t ciphertext_len; |
316 | | size_t secret_len; |
317 | | |
318 | | int (*encap)(uint8_t *out_ciphertext, size_t ciphertext_len, |
319 | | uint8_t *out_secret, size_t secret_len, |
320 | | const EVP_PKEY *peer_key); |
321 | | int (*decap)(uint8_t *out_secret, size_t secret_len, |
322 | | const uint8_t *ciphertext, size_t ciphertext_len, |
323 | | const EVP_PKEY *key); |
324 | | } /* EVP_KEM */; |
325 | | |
326 | | BSSL_NAMESPACE_BEGIN |
327 | | |
328 | | // KemAdapter is templated on an instance of EVP_KEM, and generates static |
329 | | // methods matching the behavior and function signatures for `encap` and `decap` |
330 | | // in EVP_PKEY_CTX_METHOD. |
331 | | template <const evp_kem_st &KEM> |
332 | | struct KemAdapter { |
333 | | KemAdapter() = delete; |
334 | | |
335 | | static int EncapMethod(EvpPkeyCtx *ctx, uint8_t *out_ciphertext, |
336 | | size_t *out_ciphertext_len, uint8_t *out_secret, |
337 | 0 | size_t *out_secret_len) { |
338 | 0 | if (out_ciphertext == nullptr) { |
339 | 0 | if (out_ciphertext_len != nullptr) { |
340 | 0 | *out_ciphertext_len = KEM.ciphertext_len; |
341 | 0 | } |
342 | 0 | if (out_secret_len != nullptr) { |
343 | 0 | *out_secret_len = KEM.secret_len; |
344 | 0 | } |
345 | 0 | return 1; |
346 | 0 | } |
347 | 0 | if (*out_ciphertext_len < KEM.ciphertext_len || |
348 | 0 | *out_secret_len < KEM.secret_len) { |
349 | 0 | OPENSSL_PUT_ERROR(EVP, EVP_R_BUFFER_TOO_SMALL); |
350 | 0 | return 0; |
351 | 0 | } |
352 | 0 | if (KEM.encap(out_ciphertext, KEM.ciphertext_len, out_secret, |
353 | 0 | KEM.secret_len, ctx->pkey.get())) { |
354 | 0 | *out_ciphertext_len = KEM.ciphertext_len; |
355 | 0 | *out_secret_len = KEM.secret_len; |
356 | 0 | return 1; |
357 | 0 | } |
358 | 0 | return 0; |
359 | 0 | } Unexecuted instantiation: p_mlkem.cc:bssl::KemAdapter<(anonymous namespace)::MLKEMImplementation<(anonymous namespace)::MLKEM768Traits>::evp_kem>::EncapMethod(bssl::EvpPkeyCtx*, unsigned char*, unsigned long*, unsigned char*, unsigned long*) Unexecuted instantiation: p_mlkem.cc:bssl::KemAdapter<(anonymous namespace)::MLKEMImplementation<(anonymous namespace)::MLKEM1024Traits>::evp_kem>::EncapMethod(bssl::EvpPkeyCtx*, unsigned char*, unsigned long*, unsigned char*, unsigned long*) |
360 | | |
361 | | static int DecapMethod(EvpPkeyCtx *ctx, uint8_t *out_secret, |
362 | | size_t *out_secret_len, const uint8_t *ciphertext, |
363 | 0 | size_t ciphertext_len) { |
364 | 0 | if (out_secret == nullptr) { |
365 | 0 | *out_secret_len = KEM.secret_len; |
366 | 0 | return 1; |
367 | 0 | } |
368 | 0 | if (*out_secret_len < KEM.secret_len) { |
369 | 0 | OPENSSL_PUT_ERROR(EVP, EVP_R_BUFFER_TOO_SMALL); |
370 | 0 | return 0; |
371 | 0 | } |
372 | 0 | if (KEM.decap(out_secret, KEM.secret_len, ciphertext, ciphertext_len, |
373 | 0 | ctx->pkey.get())) { |
374 | 0 | *out_secret_len = KEM.secret_len; |
375 | 0 | return 1; |
376 | 0 | } |
377 | 0 | return 0; |
378 | 0 | } Unexecuted instantiation: p_mlkem.cc:bssl::KemAdapter<(anonymous namespace)::MLKEMImplementation<(anonymous namespace)::MLKEM768Traits>::evp_kem>::DecapMethod(bssl::EvpPkeyCtx*, unsigned char*, unsigned long*, unsigned char const*, unsigned long) Unexecuted instantiation: p_mlkem.cc:bssl::KemAdapter<(anonymous namespace)::MLKEMImplementation<(anonymous namespace)::MLKEM1024Traits>::evp_kem>::DecapMethod(bssl::EvpPkeyCtx*, unsigned char*, unsigned long*, unsigned char const*, unsigned long) |
379 | | }; |
380 | | |
381 | | // evp_pkey_ec_no_curve returns an internal curveless EC `EVP_PKEY_ALG`. This |
382 | | // cannot be used to parse anything and is only useful for key generation. |
383 | | const EVP_PKEY_ALG *evp_pkey_ec_no_curve(); |
384 | | |
385 | | // evp_pkey_hkdf returns an internal `EVP_PKEY_ALG` used to implement |
386 | | // `EVP_PKEY_HKDF`. It has no associated key type. |
387 | | const EVP_PKEY_ALG *evp_pkey_hkdf(); |
388 | | |
389 | | // evp_pkey_ctx_new_alg behaves like `EVP_PKEY_CTX_new_id` but takes an |
390 | | // `EVP_PKEY_ALG`. |
391 | | UniquePtr<EvpPkeyCtx> evp_pkey_ctx_new_alg(const EVP_PKEY_ALG *alg); |
392 | | |
393 | | // evp_pkey_set0 sets `pkey`'s method to `method` and data to `pkey_data`, |
394 | | // freeing any key that may previously have been configured. This function takes |
395 | | // ownership of `pkey_data`, which must be of the type expected by `method`. |
396 | | void evp_pkey_set0(EvpPkey *pkey, const EVP_PKEY_ASN1_METHOD *method, |
397 | | void *pkey_data); |
398 | | |
399 | 209k | inline auto GetDefaultEVPAlgorithms() { |
400 | | // A set of algorithms to use by default in `EVP_parse_public_key` and |
401 | | // `EVP_parse_private_key`. |
402 | 209k | return std::array{ |
403 | 209k | EVP_pkey_ec_p224(), |
404 | 209k | EVP_pkey_ec_p256(), |
405 | 209k | EVP_pkey_ec_p384(), |
406 | 209k | EVP_pkey_ec_p521(), |
407 | 209k | EVP_pkey_ed25519(), |
408 | 209k | EVP_pkey_rsa(), |
409 | 209k | EVP_pkey_x25519(), |
410 | 209k | EVP_pkey_ml_dsa_44(), |
411 | 209k | EVP_pkey_ml_dsa_65(), |
412 | 209k | EVP_pkey_ml_dsa_87(), |
413 | 209k | EVP_pkey_ml_kem_768(), |
414 | 209k | EVP_pkey_ml_kem_1024(), |
415 | | // TODO(crbug.com/438761503): Remove DSA from this set, after callers that |
416 | | // need DSA pass in `EVP_pkey_dsa` explicitly. |
417 | 209k | EVP_pkey_dsa(), |
418 | 209k | }; |
419 | 209k | } |
420 | | |
421 | | BSSL_NAMESPACE_END |
422 | | |
423 | | #endif // OPENSSL_HEADER_CRYPTO_EVP_INTERNAL_H |