michael@0: /* michael@0: * cipher.h michael@0: * michael@0: * common interface to ciphers michael@0: * michael@0: * David A. McGrew michael@0: * Cisco Systems, Inc. michael@0: */ michael@0: /* michael@0: * michael@0: * Copyright (c) 2001-2006, Cisco Systems, Inc. michael@0: * All rights reserved. michael@0: * michael@0: * Redistribution and use in source and binary forms, with or without michael@0: * modification, are permitted provided that the following conditions michael@0: * are met: michael@0: * michael@0: * Redistributions of source code must retain the above copyright michael@0: * notice, this list of conditions and the following disclaimer. michael@0: * michael@0: * Redistributions in binary form must reproduce the above michael@0: * copyright notice, this list of conditions and the following michael@0: * disclaimer in the documentation and/or other materials provided michael@0: * with the distribution. michael@0: * michael@0: * Neither the name of the Cisco Systems, Inc. nor the names of its michael@0: * contributors may be used to endorse or promote products derived michael@0: * from this software without specific prior written permission. michael@0: * michael@0: * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS michael@0: * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT michael@0: * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS michael@0: * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE michael@0: * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, michael@0: * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES michael@0: * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR michael@0: * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) michael@0: * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, michael@0: * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) michael@0: * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED michael@0: * OF THE POSSIBILITY OF SUCH DAMAGE. michael@0: * michael@0: */ michael@0: michael@0: michael@0: #ifndef CIPHER_H michael@0: #define CIPHER_H michael@0: michael@0: #include "datatypes.h" michael@0: #include "rdbx.h" /* for xtd_seq_num_t */ michael@0: #include "err.h" /* for error codes */ michael@0: #include "crypto.h" /* for cipher_type_id_t */ michael@0: #include "crypto_types.h" /* for values of cipher_type_id_t */ michael@0: michael@0: michael@0: /** michael@0: * @brief cipher_direction_t defines a particular cipher operation. michael@0: * michael@0: * A cipher_direction_t is an enum that describes a particular cipher michael@0: * operation, i.e. encryption or decryption. For some ciphers, this michael@0: * distinction does not matter, but for others, it is essential. michael@0: */ michael@0: michael@0: typedef enum { michael@0: direction_encrypt, /**< encryption (convert plaintext to ciphertext) */ michael@0: direction_decrypt, /**< decryption (convert ciphertext to plaintext) */ michael@0: direction_any /**< encryption or decryption */ michael@0: } cipher_direction_t; michael@0: michael@0: /* michael@0: * the cipher_pointer and cipher_type_pointer definitions are needed michael@0: * as cipher_t and cipher_type_t are not yet defined michael@0: */ michael@0: michael@0: typedef struct cipher_type_t *cipher_type_pointer_t; michael@0: typedef struct cipher_t *cipher_pointer_t; michael@0: michael@0: /* michael@0: * a cipher_alloc_func_t allocates (but does not initialize) a cipher_t michael@0: */ michael@0: michael@0: typedef err_status_t (*cipher_alloc_func_t) michael@0: (cipher_pointer_t *cp, int key_len); michael@0: michael@0: /* michael@0: * a cipher_init_func_t [re-]initializes a cipher_t with a given key michael@0: * and direction (i.e., encrypt or decrypt) michael@0: */ michael@0: michael@0: typedef err_status_t (*cipher_init_func_t) michael@0: (void *state, const uint8_t *key, int key_len, cipher_direction_t dir); michael@0: michael@0: /* a cipher_dealloc_func_t de-allocates a cipher_t */ michael@0: michael@0: typedef err_status_t (*cipher_dealloc_func_t)(cipher_pointer_t cp); michael@0: michael@0: /* a cipher_set_segment_func_t sets the segment index of a cipher_t */ michael@0: michael@0: typedef err_status_t (*cipher_set_segment_func_t) michael@0: (void *state, xtd_seq_num_t idx); michael@0: michael@0: /* a cipher_encrypt_func_t encrypts data in-place */ michael@0: michael@0: typedef err_status_t (*cipher_encrypt_func_t) michael@0: (void *state, uint8_t *buffer, unsigned int *octets_to_encrypt); michael@0: michael@0: /* a cipher_decrypt_func_t decrypts data in-place */ michael@0: michael@0: typedef err_status_t (*cipher_decrypt_func_t) michael@0: (void *state, uint8_t *buffer, unsigned int *octets_to_decrypt); michael@0: michael@0: /* michael@0: * a cipher_set_iv_func_t function sets the current initialization vector michael@0: */ michael@0: michael@0: typedef err_status_t (*cipher_set_iv_func_t) michael@0: (cipher_pointer_t cp, void *iv); michael@0: michael@0: /* michael@0: * cipher_test_case_t is a (list of) key, salt, xtd_seq_num_t, michael@0: * plaintext, and ciphertext values that are known to be correct for a michael@0: * particular cipher. this data can be used to test an implementation michael@0: * in an on-the-fly self test of the correcness of the implementation. michael@0: * (see the cipher_type_self_test() function below) michael@0: */ michael@0: michael@0: typedef struct cipher_test_case_t { michael@0: int key_length_octets; /* octets in key */ michael@0: uint8_t *key; /* key */ michael@0: uint8_t *idx; /* packet index */ michael@0: int plaintext_length_octets; /* octets in plaintext */ michael@0: uint8_t *plaintext; /* plaintext */ michael@0: int ciphertext_length_octets; /* octets in plaintext */ michael@0: uint8_t *ciphertext; /* ciphertext */ michael@0: struct cipher_test_case_t *next_test_case; /* pointer to next testcase */ michael@0: } cipher_test_case_t; michael@0: michael@0: /* cipher_type_t defines the 'metadata' for a particular cipher type */ michael@0: michael@0: typedef struct cipher_type_t { michael@0: cipher_alloc_func_t alloc; michael@0: cipher_dealloc_func_t dealloc; michael@0: cipher_init_func_t init; michael@0: cipher_encrypt_func_t encrypt; michael@0: cipher_encrypt_func_t decrypt; michael@0: cipher_set_iv_func_t set_iv; michael@0: char *description; michael@0: int ref_count; michael@0: cipher_test_case_t *test_data; michael@0: debug_module_t *debug; michael@0: cipher_type_id_t id; michael@0: } cipher_type_t; michael@0: michael@0: /* michael@0: * cipher_t defines an instantiation of a particular cipher, with fixed michael@0: * key length, key and salt values michael@0: */ michael@0: michael@0: typedef struct cipher_t { michael@0: cipher_type_t *type; michael@0: void *state; michael@0: int key_len; michael@0: #ifdef FORCE_64BIT_ALIGN michael@0: int pad; michael@0: #endif michael@0: } cipher_t; michael@0: michael@0: /* some syntactic sugar on these function types */ michael@0: michael@0: #define cipher_type_alloc(ct, c, klen) ((ct)->alloc((c), (klen))) michael@0: michael@0: #define cipher_dealloc(c) (((c)->type)->dealloc(c)) michael@0: michael@0: #define cipher_init(c, k, dir) (((c)->type)->init(((c)->state), (k), ((c)->key_len), (dir))) michael@0: michael@0: #define cipher_encrypt(c, buf, len) \ michael@0: (((c)->type)->encrypt(((c)->state), (buf), (len))) michael@0: michael@0: #define cipher_decrypt(c, buf, len) \ michael@0: (((c)->type)->decrypt(((c)->state), (buf), (len))) michael@0: michael@0: #define cipher_set_iv(c, n) \ michael@0: ((c) ? (((c)->type)->set_iv(((cipher_pointer_t)(c)->state), (n))) : \ michael@0: err_status_no_such_op) michael@0: michael@0: err_status_t michael@0: cipher_output(cipher_t *c, uint8_t *buffer, int num_octets_to_output); michael@0: michael@0: michael@0: /* some bookkeeping functions */ michael@0: michael@0: int michael@0: cipher_get_key_length(const cipher_t *c); michael@0: michael@0: michael@0: /* michael@0: * cipher_type_self_test() tests a cipher against test cases provided in michael@0: * an array of values of key/xtd_seq_num_t/plaintext/ciphertext michael@0: * that is known to be good michael@0: */ michael@0: michael@0: err_status_t michael@0: cipher_type_self_test(const cipher_type_t *ct); michael@0: michael@0: michael@0: /* michael@0: * cipher_type_test() tests a cipher against external test cases provided in michael@0: * an array of values of key/xtd_seq_num_t/plaintext/ciphertext michael@0: * that is known to be good michael@0: */ michael@0: michael@0: err_status_t michael@0: cipher_type_test(const cipher_type_t *ct, const cipher_test_case_t *test_data); michael@0: michael@0: michael@0: /* michael@0: * cipher_bits_per_second(c, l, t) computes (and estimate of) the michael@0: * number of bits that a cipher implementation can encrypt in a second michael@0: * michael@0: * c is a cipher (which MUST be allocated and initialized already), l michael@0: * is the length in octets of the test data to be encrypted, and t is michael@0: * the number of trials michael@0: * michael@0: * if an error is encountered, then the value 0 is returned michael@0: */ michael@0: michael@0: uint64_t michael@0: cipher_bits_per_second(cipher_t *c, int octets_in_buffer, int num_trials); michael@0: michael@0: #endif /* CIPHER_H */