1 /* Licensed to the Apache Software Foundation (ASF) under one or more
2 * contributor license agreements. See the NOTICE file distributed with
3 * this work for additional information regarding copyright ownership.
4 * The ASF licenses this file to You under the Apache License, Version 2.0
5 * (the "License"); you may not use this file except in compliance with
6 * the License. You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
19 #include "apu_errno.h"
25 #include "apr_strings.h"
27 #include "apr_buckets.h"
29 #include "apr_crypto_internal.h"
33 #include <openssl/evp.h>
34 #include <openssl/engine.h>
36 #define LOG_PREFIX "apr_crypto_openssl: "
40 const apr_crypto_driver_t *provider;
42 apr_array_header_t *keys;
43 apr_crypto_config_t *config;
48 struct apr_crypto_config_t {
52 struct apr_crypto_key_t {
54 const apr_crypto_driver_t *provider;
55 const apr_crypto_t *f;
56 const EVP_CIPHER * cipher;
63 struct apr_crypto_block_t {
65 const apr_crypto_driver_t *provider;
66 const apr_crypto_t *f;
67 EVP_CIPHER_CTX cipherCtx;
74 static int key_3des_192 = APR_KEY_3DES_192;
75 static int key_aes_128 = APR_KEY_AES_128;
76 static int key_aes_192 = APR_KEY_AES_192;
77 static int key_aes_256 = APR_KEY_AES_256;
79 static int mode_ecb = APR_MODE_ECB;
80 static int mode_cbc = APR_MODE_CBC;
83 * Fetch the most recent error from this driver.
85 static apr_status_t crypto_error(const apu_err_t **result,
86 const apr_crypto_t *f)
93 * Shutdown the crypto library and release resources.
95 static apr_status_t crypto_shutdown(void)
103 static apr_status_t crypto_shutdown_helper(void *data)
105 return crypto_shutdown();
109 * Initialise the crypto library and perform one time initialisation.
111 static apr_status_t crypto_init(apr_pool_t *pool, const char *params,
112 const apu_err_t **result)
114 CRYPTO_malloc_init();
115 ERR_load_crypto_strings();
116 /* SSL_load_error_strings(); */
117 OpenSSL_add_all_algorithms();
118 ENGINE_load_builtin_engines();
119 ENGINE_register_all_complete();
121 apr_pool_cleanup_register(pool, pool, crypto_shutdown_helper,
122 apr_pool_cleanup_null);
128 * @brief Clean encryption / decryption context.
129 * @note After cleanup, a context is free to be reused if necessary.
130 * @param ctx The block context to use.
131 * @return Returns APR_ENOTIMPL if not supported.
133 static apr_status_t crypto_block_cleanup(apr_crypto_block_t *ctx)
136 if (ctx->initialised) {
137 EVP_CIPHER_CTX_cleanup(&ctx->cipherCtx);
138 ctx->initialised = 0;
145 static apr_status_t crypto_block_cleanup_helper(void *data)
147 apr_crypto_block_t *block = (apr_crypto_block_t *) data;
148 return crypto_block_cleanup(block);
152 * @brief Clean encryption / decryption context.
153 * @note After cleanup, a context is free to be reused if necessary.
154 * @param f The context to use.
155 * @return Returns APR_ENOTIMPL if not supported.
157 static apr_status_t crypto_cleanup(apr_crypto_t *f)
160 if (f->config->engine) {
161 ENGINE_finish(f->config->engine);
162 ENGINE_free(f->config->engine);
163 f->config->engine = NULL;
169 static apr_status_t crypto_cleanup_helper(void *data)
171 apr_crypto_t *f = (apr_crypto_t *) data;
172 return crypto_cleanup(f);
176 * @brief Create a context for supporting encryption. Keys, certificates,
177 * algorithms and other parameters will be set per context. More than
178 * one context can be created at one time. A cleanup will be automatically
179 * registered with the given pool to guarantee a graceful shutdown.
180 * @param f - context pointer will be written here
181 * @param provider - provider to use
182 * @param params - array of key parameters
183 * @param pool - process pool
184 * @return APR_ENOENGINE when the engine specified does not exist. APR_EINITENGINE
185 * if the engine cannot be initialised.
187 static apr_status_t crypto_make(apr_crypto_t **ff,
188 const apr_crypto_driver_t *provider, const char *params,
191 apr_crypto_config_t *config = NULL;
192 apr_crypto_t *f = apr_pcalloc(pool, sizeof(apr_crypto_t));
194 const char *engine = NULL;
201 { "engine", NULL, 0 },
212 if (APR_SUCCESS != (status = apr_tokenize_to_argv(params, &elts, pool))) {
215 while ((elt = elts[i])) {
216 ptr = strchr(elt, '=');
218 for (klen = ptr - elt; klen && apr_isspace(elt[klen - 1]); --klen)
223 for (klen = strlen(elt); klen && apr_isspace(elt[klen - 1]); --klen)
228 for (j = 0; fields[j].field != NULL; ++j) {
229 if (!strcasecmp(fields[j].field, elt)) {
232 fields[j].value = ptr;
240 engine = fields[0].value;
248 f->provider = provider;
249 config = f->config = apr_pcalloc(pool, sizeof(apr_crypto_config_t));
254 f->result = apr_pcalloc(pool, sizeof(apu_err_t));
259 f->keys = apr_array_make(pool, 10, sizeof(apr_crypto_key_t));
264 f->types = apr_hash_make(pool);
268 apr_hash_set(f->types, "3des192", APR_HASH_KEY_STRING, &(key_3des_192));
269 apr_hash_set(f->types, "aes128", APR_HASH_KEY_STRING, &(key_aes_128));
270 apr_hash_set(f->types, "aes192", APR_HASH_KEY_STRING, &(key_aes_192));
271 apr_hash_set(f->types, "aes256", APR_HASH_KEY_STRING, &(key_aes_256));
273 f->modes = apr_hash_make(pool);
277 apr_hash_set(f->modes, "ecb", APR_HASH_KEY_STRING, &(mode_ecb));
278 apr_hash_set(f->modes, "cbc", APR_HASH_KEY_STRING, &(mode_cbc));
280 apr_pool_cleanup_register(pool, f, crypto_cleanup_helper,
281 apr_pool_cleanup_null);
284 config->engine = ENGINE_by_id(engine);
285 if (!config->engine) {
286 return APR_ENOENGINE;
288 if (!ENGINE_init(config->engine)) {
289 ENGINE_free(config->engine);
290 config->engine = NULL;
291 return APR_EINITENGINE;
300 * @brief Get a hash table of key types, keyed by the name of the type against
301 * an integer pointer constant.
303 * @param types - hashtable of key types keyed to constants.
304 * @param f - encryption context
305 * @return APR_SUCCESS for success
307 static apr_status_t crypto_get_block_key_types(apr_hash_t **types,
308 const apr_crypto_t *f)
315 * @brief Get a hash table of key modes, keyed by the name of the mode against
316 * an integer pointer constant.
318 * @param modes - hashtable of key modes keyed to constants.
319 * @param f - encryption context
320 * @return APR_SUCCESS for success
322 static apr_status_t crypto_get_block_key_modes(apr_hash_t **modes,
323 const apr_crypto_t *f)
330 * @brief Create a key from the given passphrase. By default, the PBKDF2
331 * algorithm is used to generate the key from the passphrase. It is expected
332 * that the same pass phrase will generate the same key, regardless of the
333 * backend crypto platform used. The key is cleaned up when the context
334 * is cleaned, and may be reused with multiple encryption or decryption
336 * @note If *key is NULL, a apr_crypto_key_t will be created from a pool. If
337 * *key is not NULL, *key must point at a previously created structure.
338 * @param key The key returned, see note.
339 * @param ivSize The size of the initialisation vector will be returned, based
340 * on whether an IV is relevant for this type of crypto.
341 * @param pass The passphrase to use.
342 * @param passLen The passphrase length in bytes
343 * @param salt The salt to use.
344 * @param saltLen The salt length in bytes
345 * @param type 3DES_192, AES_128, AES_192, AES_256.
346 * @param mode Electronic Code Book / Cipher Block Chaining.
347 * @param doPad Pad if necessary.
348 * @param iterations Iteration count
349 * @param f The context to use.
350 * @param p The pool to use.
351 * @return Returns APR_ENOKEY if the pass phrase is missing or empty, or if a backend
352 * error occurred while generating the key. APR_ENOCIPHER if the type or mode
353 * is not supported by the particular backend. APR_EKEYTYPE if the key type is
354 * not known. APR_EPADDING if padding was requested but is not supported.
355 * APR_ENOTIMPL if not implemented.
357 static apr_status_t crypto_passphrase(apr_crypto_key_t **k, apr_size_t *ivSize,
358 const char *pass, apr_size_t passLen, const unsigned char * salt,
359 apr_size_t saltLen, const apr_crypto_block_key_type_e type,
360 const apr_crypto_block_key_mode_e mode, const int doPad,
361 const int iterations, const apr_crypto_t *f, apr_pool_t *p)
363 apr_crypto_key_t *key = *k;
366 *k = key = apr_array_push(f->keys);
373 key->provider = f->provider;
375 /* determine the cipher to be used */
378 case (APR_KEY_3DES_192):
381 if (mode == APR_MODE_CBC) {
382 key->cipher = EVP_des_ede3_cbc();
385 key->cipher = EVP_des_ede3_ecb();
389 case (APR_KEY_AES_128):
391 if (mode == APR_MODE_CBC) {
392 key->cipher = EVP_aes_128_cbc();
395 key->cipher = EVP_aes_128_ecb();
399 case (APR_KEY_AES_192):
401 if (mode == APR_MODE_CBC) {
402 key->cipher = EVP_aes_192_cbc();
405 key->cipher = EVP_aes_192_ecb();
409 case (APR_KEY_AES_256):
411 if (mode == APR_MODE_CBC) {
412 key->cipher = EVP_aes_256_cbc();
415 key->cipher = EVP_aes_256_ecb();
421 /* unknown key type, give up */
426 /* find the length of the key we need */
427 key->keyLen = EVP_CIPHER_key_length(key->cipher);
429 /* make space for the key */
430 key->key = apr_pcalloc(p, key->keyLen);
434 apr_crypto_clear(p, key->key, key->keyLen);
436 /* generate the key */
437 if (PKCS5_PBKDF2_HMAC_SHA1(pass, passLen, (unsigned char *) salt, saltLen,
438 iterations, key->keyLen, key->key) == 0) {
444 /* note: openssl incorrectly returns non zero IV size values for ECB
445 * algorithms, so work around this by ignoring the IV size.
447 if (APR_MODE_ECB != mode) {
448 key->ivSize = EVP_CIPHER_iv_length(key->cipher);
451 *ivSize = key->ivSize;
458 * @brief Initialise a context for encrypting arbitrary data using the given key.
459 * @note If *ctx is NULL, a apr_crypto_block_t will be created from a pool. If
460 * *ctx is not NULL, *ctx must point at a previously created structure.
461 * @param ctx The block context returned, see note.
462 * @param iv Optional initialisation vector. If the buffer pointed to is NULL,
463 * an IV will be created at random, in space allocated from the pool.
464 * If the buffer pointed to is not NULL, the IV in the buffer will be
466 * @param key The key structure.
467 * @param blockSize The block size of the cipher.
468 * @param p The pool to use.
469 * @return Returns APR_ENOIV if an initialisation vector is required but not specified.
470 * Returns APR_EINIT if the backend failed to initialise the context. Returns
471 * APR_ENOTIMPL if not implemented.
473 static apr_status_t crypto_block_encrypt_init(apr_crypto_block_t **ctx,
474 const unsigned char **iv, const apr_crypto_key_t *key,
475 apr_size_t *blockSize, apr_pool_t *p)
477 unsigned char *usedIv;
478 apr_crypto_config_t *config = key->f->config;
479 apr_crypto_block_t *block = *ctx;
481 *ctx = block = apr_pcalloc(p, sizeof(apr_crypto_block_t));
488 block->provider = key->provider;
490 apr_pool_cleanup_register(p, block, crypto_block_cleanup_helper,
491 apr_pool_cleanup_null);
493 /* create a new context for encryption */
494 EVP_CIPHER_CTX_init(&block->cipherCtx);
495 block->initialised = 1;
497 /* generate an IV, if necessary */
504 usedIv = apr_pcalloc(p, key->ivSize);
508 apr_crypto_clear(p, usedIv, key->ivSize);
509 if (!((RAND_status() == 1)
510 && (RAND_bytes(usedIv, key->ivSize) == 1))) {
516 usedIv = (unsigned char *) *iv;
520 /* set up our encryption context */
521 #if CRYPTO_OPENSSL_CONST_BUFFERS
522 if (!EVP_EncryptInit_ex(&block->cipherCtx, key->cipher, config->engine,
525 if (!EVP_EncryptInit_ex(&block->cipherCtx, key->cipher, config->engine, (unsigned char *) key->key, (unsigned char *) usedIv)) {
530 /* Clear up any read padding */
531 if (!EVP_CIPHER_CTX_set_padding(&block->cipherCtx, key->doPad)) {
536 *blockSize = EVP_CIPHER_block_size(key->cipher);
544 * @brief Encrypt data provided by in, write it to out.
545 * @note The number of bytes written will be written to outlen. If
546 * out is NULL, outlen will contain the maximum size of the
547 * buffer needed to hold the data, including any data
548 * generated by apr_crypto_block_encrypt_finish below. If *out points
549 * to NULL, a buffer sufficiently large will be created from
550 * the pool provided. If *out points to a not-NULL value, this
551 * value will be used as a buffer instead.
552 * @param out Address of a buffer to which data will be written,
554 * @param outlen Length of the output will be written here.
555 * @param in Address of the buffer to read.
556 * @param inlen Length of the buffer to read.
557 * @param ctx The block context to use.
558 * @return APR_ECRYPT if an error occurred. Returns APR_ENOTIMPL if
561 static apr_status_t crypto_block_encrypt(unsigned char **out,
562 apr_size_t *outlen, const unsigned char *in, apr_size_t inlen,
563 apr_crypto_block_t *ctx)
566 unsigned char *buffer;
568 /* are we after the maximum size of the out buffer? */
570 *outlen = inlen + EVP_MAX_BLOCK_LENGTH;
574 /* must we allocate the output buffer from a pool? */
576 buffer = apr_palloc(ctx->pool, inlen + EVP_MAX_BLOCK_LENGTH);
580 apr_crypto_clear(ctx->pool, buffer, inlen + EVP_MAX_BLOCK_LENGTH);
584 #if CRYPT_OPENSSL_CONST_BUFFERS
585 if (!EVP_EncryptUpdate(&ctx->cipherCtx, (*out), &outl, in, inlen)) {
587 if (!EVP_EncryptUpdate(&ctx->cipherCtx, (*out), &outl,
588 (unsigned char *) in, inlen)) {
599 * @brief Encrypt final data block, write it to out.
600 * @note If necessary the final block will be written out after being
601 * padded. Typically the final block will be written to the
602 * same buffer used by apr_crypto_block_encrypt, offset by the
603 * number of bytes returned as actually written by the
604 * apr_crypto_block_encrypt() call. After this call, the context
605 * is cleaned and can be reused by apr_crypto_block_encrypt_init().
606 * @param out Address of a buffer to which data will be written. This
607 * buffer must already exist, and is usually the same
608 * buffer used by apr_evp_crypt(). See note.
609 * @param outlen Length of the output will be written here.
610 * @param ctx The block context to use.
611 * @return APR_ECRYPT if an error occurred.
612 * @return APR_EPADDING if padding was enabled and the block was incorrectly
614 * @return APR_ENOTIMPL if not implemented.
616 static apr_status_t crypto_block_encrypt_finish(unsigned char *out,
617 apr_size_t *outlen, apr_crypto_block_t *ctx)
621 if (EVP_EncryptFinal_ex(&ctx->cipherCtx, out, &len) == 0) {
631 * @brief Initialise a context for decrypting arbitrary data using the given key.
632 * @note If *ctx is NULL, a apr_crypto_block_t will be created from a pool. If
633 * *ctx is not NULL, *ctx must point at a previously created structure.
634 * @param ctx The block context returned, see note.
635 * @param blockSize The block size of the cipher.
636 * @param iv Optional initialisation vector. If the buffer pointed to is NULL,
637 * an IV will be created at random, in space allocated from the pool.
638 * If the buffer is not NULL, the IV in the buffer will be used.
639 * @param key The key structure.
640 * @param p The pool to use.
641 * @return Returns APR_ENOIV if an initialisation vector is required but not specified.
642 * Returns APR_EINIT if the backend failed to initialise the context. Returns
643 * APR_ENOTIMPL if not implemented.
645 static apr_status_t crypto_block_decrypt_init(apr_crypto_block_t **ctx,
646 apr_size_t *blockSize, const unsigned char *iv,
647 const apr_crypto_key_t *key, apr_pool_t *p)
649 apr_crypto_config_t *config = key->f->config;
650 apr_crypto_block_t *block = *ctx;
652 *ctx = block = apr_pcalloc(p, sizeof(apr_crypto_block_t));
659 block->provider = key->provider;
661 apr_pool_cleanup_register(p, block, crypto_block_cleanup_helper,
662 apr_pool_cleanup_null);
664 /* create a new context for encryption */
665 EVP_CIPHER_CTX_init(&block->cipherCtx);
666 block->initialised = 1;
668 /* generate an IV, if necessary */
675 /* set up our encryption context */
676 #if CRYPTO_OPENSSL_CONST_BUFFERS
677 if (!EVP_DecryptInit_ex(&block->cipherCtx, key->cipher, config->engine,
680 if (!EVP_DecryptInit_ex(&block->cipherCtx, key->cipher, config->engine, (unsigned char *) key->key, (unsigned char *) iv)) {
685 /* Clear up any read padding */
686 if (!EVP_CIPHER_CTX_set_padding(&block->cipherCtx, key->doPad)) {
691 *blockSize = EVP_CIPHER_block_size(key->cipher);
699 * @brief Decrypt data provided by in, write it to out.
700 * @note The number of bytes written will be written to outlen. If
701 * out is NULL, outlen will contain the maximum size of the
702 * buffer needed to hold the data, including any data
703 * generated by apr_crypto_block_decrypt_finish below. If *out points
704 * to NULL, a buffer sufficiently large will be created from
705 * the pool provided. If *out points to a not-NULL value, this
706 * value will be used as a buffer instead.
707 * @param out Address of a buffer to which data will be written,
709 * @param outlen Length of the output will be written here.
710 * @param in Address of the buffer to read.
711 * @param inlen Length of the buffer to read.
712 * @param ctx The block context to use.
713 * @return APR_ECRYPT if an error occurred. Returns APR_ENOTIMPL if
716 static apr_status_t crypto_block_decrypt(unsigned char **out,
717 apr_size_t *outlen, const unsigned char *in, apr_size_t inlen,
718 apr_crypto_block_t *ctx)
721 unsigned char *buffer;
723 /* are we after the maximum size of the out buffer? */
725 *outlen = inlen + EVP_MAX_BLOCK_LENGTH;
729 /* must we allocate the output buffer from a pool? */
731 buffer = apr_palloc(ctx->pool, inlen + EVP_MAX_BLOCK_LENGTH);
735 apr_crypto_clear(ctx->pool, buffer, inlen + EVP_MAX_BLOCK_LENGTH);
739 #if CRYPT_OPENSSL_CONST_BUFFERS
740 if (!EVP_DecryptUpdate(&ctx->cipherCtx, *out, &outl, in, inlen)) {
742 if (!EVP_DecryptUpdate(&ctx->cipherCtx, *out, &outl, (unsigned char *) in,
754 * @brief Decrypt final data block, write it to out.
755 * @note If necessary the final block will be written out after being
756 * padded. Typically the final block will be written to the
757 * same buffer used by apr_crypto_block_decrypt, offset by the
758 * number of bytes returned as actually written by the
759 * apr_crypto_block_decrypt() call. After this call, the context
760 * is cleaned and can be reused by apr_crypto_block_decrypt_init().
761 * @param out Address of a buffer to which data will be written. This
762 * buffer must already exist, and is usually the same
763 * buffer used by apr_evp_crypt(). See note.
764 * @param outlen Length of the output will be written here.
765 * @param ctx The block context to use.
766 * @return APR_ECRYPT if an error occurred.
767 * @return APR_EPADDING if padding was enabled and the block was incorrectly
769 * @return APR_ENOTIMPL if not implemented.
771 static apr_status_t crypto_block_decrypt_finish(unsigned char *out,
772 apr_size_t *outlen, apr_crypto_block_t *ctx)
777 if (EVP_DecryptFinal_ex(&ctx->cipherCtx, out, &len) == 0) {
789 APU_MODULE_DECLARE_DATA const apr_crypto_driver_t apr_crypto_openssl_driver = {
790 "openssl", crypto_init, crypto_make, crypto_get_block_key_types,
791 crypto_get_block_key_modes, crypto_passphrase,
792 crypto_block_encrypt_init, crypto_block_encrypt,
793 crypto_block_encrypt_finish, crypto_block_decrypt_init,
794 crypto_block_decrypt, crypto_block_decrypt_finish,
795 crypto_block_cleanup, crypto_cleanup, crypto_shutdown, crypto_error