| /* |
| * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. |
| * |
| * Licensed under the Apache License 2.0 (the "License"). You may not use |
| * this file except in compliance with the License. You can obtain a copy |
| * in the file LICENSE in the source distribution or at |
| * https://www.openssl.org/source/license.html |
| */ |
| |
| #ifndef OSSL_INTERNAL_PASSPHRASE_H |
| # define OSSL_INTERNAL_PASSPHRASE_H |
| # pragma once |
| |
| /* |
| * This is a passphrase reader bridge with bells and whistles. |
| * |
| * On one hand, an API may wish to offer all sorts of passphrase callback |
| * possibilities to users, or may have to do so for historical reasons. |
| * On the other hand, that same API may have demands from other interfaces, |
| * notably from the libcrypto <-> provider interface, which uses |
| * OSSL_PASSPHRASE_CALLBACK consistently. |
| * |
| * The structure and functions below are the fundaments for bridging one |
| * passphrase callback form to another. |
| * |
| * In addition, extra features are included (this may be a growing list): |
| * |
| * - password caching. This is to be used by APIs where it's likely |
| * that the same passphrase may be asked for more than once, but the |
| * user shouldn't get prompted more than once. For example, this is |
| * useful for OSSL_DECODER, which may have to use a passphrase while |
| * trying to find out what input it has. |
| */ |
| |
| /* |
| * Structure to hold whatever the calling user may specify. This structure |
| * is intended to be integrated into API specific structures or to be used |
| * as a local on-stack variable type. Therefore, no functions to allocate |
| * or freed it on the heap is offered. |
| */ |
| struct ossl_passphrase_data_st { |
| enum { |
| is_expl_passphrase = 1, /* Explicit passphrase given by user */ |
| is_pem_password, /* pem_password_cb given by user */ |
| is_ossl_passphrase, /* OSSL_PASSPHRASE_CALLBACK given by user */ |
| is_ui_method /* UI_METHOD given by user */ |
| } type; |
| union { |
| struct { |
| char *passphrase_copy; |
| size_t passphrase_len; |
| } expl_passphrase; |
| |
| struct { |
| pem_password_cb *password_cb; |
| void *password_cbarg; |
| } pem_password; |
| |
| struct { |
| OSSL_PASSPHRASE_CALLBACK *passphrase_cb; |
| void *passphrase_cbarg; |
| } ossl_passphrase; |
| |
| struct { |
| const UI_METHOD *ui_method; |
| void *ui_method_data; |
| } ui_method; |
| } _; |
| |
| /*- |
| * Flags section |
| */ |
| |
| /* Set to indicate that caching should be done */ |
| unsigned int flag_cache_passphrase:1; |
| |
| /*- |
| * Misc section: caches and other |
| */ |
| |
| char *cached_passphrase; |
| size_t cached_passphrase_len; |
| }; |
| |
| /* Structure manipulation */ |
| |
| void ossl_pw_clear_passphrase_data(struct ossl_passphrase_data_st *data); |
| void ossl_pw_clear_passphrase_cache(struct ossl_passphrase_data_st *data); |
| |
| int ossl_pw_set_passphrase(struct ossl_passphrase_data_st *data, |
| const unsigned char *passphrase, |
| size_t passphrase_len); |
| int ossl_pw_set_pem_password_cb(struct ossl_passphrase_data_st *data, |
| pem_password_cb *cb, void *cbarg); |
| int ossl_pw_set_ossl_passphrase_cb(struct ossl_passphrase_data_st *data, |
| OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg); |
| int ossl_pw_set_ui_method(struct ossl_passphrase_data_st *data, |
| const UI_METHOD *ui_method, void *ui_data); |
| |
| int ossl_pw_enable_passphrase_caching(struct ossl_passphrase_data_st *data); |
| int ossl_pw_disable_passphrase_caching(struct ossl_passphrase_data_st *data); |
| |
| /* Central function for direct calls */ |
| |
| int ossl_pw_get_passphrase(char *pass, size_t pass_size, size_t *pass_len, |
| const OSSL_PARAM params[], int verify, |
| struct ossl_passphrase_data_st *data); |
| |
| /* Callback functions */ |
| |
| /* |
| * All of these callback expect that the callback argument is a |
| * struct ossl_passphrase_data_st |
| */ |
| |
| pem_password_cb ossl_pw_pem_password; |
| pem_password_cb ossl_pw_pvk_password; |
| /* One callback for encoding (verification prompt) and one for decoding */ |
| OSSL_PASSPHRASE_CALLBACK ossl_pw_passphrase_callback_enc; |
| OSSL_PASSPHRASE_CALLBACK ossl_pw_passphrase_callback_dec; |
| |
| #endif |