michael@0: /* michael@0: * crypto_kernel.h michael@0: * michael@0: * header for the cryptographic kernel michael@0: * michael@0: * David A. McGrew michael@0: * Cisco Systems, Inc. michael@0: */ michael@0: /* michael@0: * michael@0: * Copyright(c) 2001-2006 Cisco Systems, Inc. michael@0: * All rights reserved. michael@0: * michael@0: * Redistribution and use in source and binary forms, with or without michael@0: * modification, are permitted provided that the following conditions michael@0: * are met: michael@0: * michael@0: * Redistributions of source code must retain the above copyright michael@0: * notice, this list of conditions and the following disclaimer. michael@0: * michael@0: * Redistributions in binary form must reproduce the above michael@0: * copyright notice, this list of conditions and the following michael@0: * disclaimer in the documentation and/or other materials provided michael@0: * with the distribution. michael@0: * michael@0: * Neither the name of the Cisco Systems, Inc. nor the names of its michael@0: * contributors may be used to endorse or promote products derived michael@0: * from this software without specific prior written permission. michael@0: * michael@0: * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS michael@0: * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT michael@0: * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS michael@0: * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE michael@0: * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, michael@0: * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES michael@0: * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR michael@0: * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) michael@0: * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, michael@0: * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) michael@0: * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED michael@0: * OF THE POSSIBILITY OF SUCH DAMAGE. michael@0: * michael@0: */ michael@0: michael@0: michael@0: #ifndef CRYPTO_KERNEL michael@0: #define CRYPTO_KERNEL michael@0: michael@0: #include "rand_source.h" michael@0: #include "prng.h" michael@0: #include "cipher.h" michael@0: #include "auth.h" michael@0: #include "cryptoalg.h" michael@0: #include "stat.h" michael@0: #include "err.h" michael@0: #include "crypto_types.h" michael@0: #include "key.h" michael@0: #include "crypto.h" michael@0: michael@0: /* michael@0: * crypto_kernel_state_t defines the possible states: michael@0: * michael@0: * insecure - not yet initialized michael@0: * secure - initialized and passed self-tests michael@0: */ michael@0: michael@0: typedef enum { michael@0: crypto_kernel_state_insecure, michael@0: crypto_kernel_state_secure michael@0: } crypto_kernel_state_t; michael@0: michael@0: /* michael@0: * linked list of cipher types michael@0: */ michael@0: michael@0: typedef struct kernel_cipher_type { michael@0: cipher_type_id_t id; michael@0: cipher_type_t *cipher_type; michael@0: struct kernel_cipher_type *next; michael@0: } kernel_cipher_type_t; michael@0: michael@0: /* michael@0: * linked list of auth types michael@0: */ michael@0: michael@0: typedef struct kernel_auth_type { michael@0: auth_type_id_t id; michael@0: auth_type_t *auth_type; michael@0: struct kernel_auth_type *next; michael@0: } kernel_auth_type_t; michael@0: michael@0: /* michael@0: * linked list of debug modules michael@0: */ michael@0: michael@0: typedef struct kernel_debug_module { michael@0: debug_module_t *mod; michael@0: struct kernel_debug_module *next; michael@0: } kernel_debug_module_t; michael@0: michael@0: michael@0: /* michael@0: * crypto_kernel_t is the data structure for the crypto kernel michael@0: * michael@0: * note that there is *exactly one* instance of this data type, michael@0: * a global variable defined in crypto_kernel.c michael@0: */ michael@0: michael@0: typedef struct { michael@0: crypto_kernel_state_t state; /* current state of kernel */ michael@0: kernel_cipher_type_t *cipher_type_list; /* list of all cipher types */ michael@0: kernel_auth_type_t *auth_type_list; /* list of all auth func types */ michael@0: kernel_debug_module_t *debug_module_list; /* list of all debug modules */ michael@0: } crypto_kernel_t; michael@0: michael@0: michael@0: /* michael@0: * crypto_kernel_t external api michael@0: */ michael@0: michael@0: michael@0: /* michael@0: * The function crypto_kernel_init() initialized the crypto kernel and michael@0: * runs the self-test operations on the random number generators and michael@0: * crypto algorithms. Possible return values are: michael@0: * michael@0: * err_status_ok initialization successful michael@0: * init failure michael@0: * michael@0: * If any value other than err_status_ok is returned, the michael@0: * crypto_kernel MUST NOT be used. michael@0: */ michael@0: michael@0: err_status_t michael@0: crypto_kernel_init(void); michael@0: michael@0: michael@0: /* michael@0: * The function crypto_kernel_shutdown() de-initializes the michael@0: * crypto_kernel, zeroizes keys and other cryptographic material, and michael@0: * deallocates any dynamically allocated memory. Possible return michael@0: * values are: michael@0: * michael@0: * err_status_ok shutdown successful michael@0: * shutdown failure michael@0: * michael@0: */ michael@0: michael@0: err_status_t michael@0: crypto_kernel_shutdown(void); michael@0: michael@0: /* michael@0: * The function crypto_kernel_stats() checks the the crypto_kernel, michael@0: * running tests on the ciphers, auth funcs, and rng, and prints out a michael@0: * status report. Possible return values are: michael@0: * michael@0: * err_status_ok all tests were passed michael@0: * a test failed michael@0: * michael@0: */ michael@0: michael@0: err_status_t michael@0: crypto_kernel_status(void); michael@0: michael@0: michael@0: /* michael@0: * crypto_kernel_list_debug_modules() outputs a list of debugging modules michael@0: * michael@0: */ michael@0: michael@0: err_status_t michael@0: crypto_kernel_list_debug_modules(void); michael@0: michael@0: /* michael@0: * crypto_kernel_load_cipher_type() michael@0: * michael@0: */ michael@0: michael@0: err_status_t michael@0: crypto_kernel_load_cipher_type(cipher_type_t *ct, cipher_type_id_t id); michael@0: michael@0: err_status_t michael@0: crypto_kernel_load_auth_type(auth_type_t *ct, auth_type_id_t id); michael@0: michael@0: /* michael@0: * crypto_kernel_replace_cipher_type(ct, id) michael@0: * michael@0: * replaces the crypto kernel's existing cipher for the cipher_type id michael@0: * with a new one passed in externally. The new cipher must pass all the michael@0: * existing cipher_type's self tests as well as its own. michael@0: */ michael@0: err_status_t michael@0: crypto_kernel_replace_cipher_type(cipher_type_t *ct, cipher_type_id_t id); michael@0: michael@0: michael@0: /* michael@0: * crypto_kernel_replace_auth_type(ct, id) michael@0: * michael@0: * replaces the crypto kernel's existing cipher for the auth_type id michael@0: * with a new one passed in externally. The new auth type must pass all the michael@0: * existing auth_type's self tests as well as its own. michael@0: */ michael@0: err_status_t michael@0: crypto_kernel_replace_auth_type(auth_type_t *ct, auth_type_id_t id); michael@0: michael@0: michael@0: err_status_t michael@0: crypto_kernel_load_debug_module(debug_module_t *new_dm); michael@0: michael@0: /* michael@0: * crypto_kernel_alloc_cipher(id, cp, key_len); michael@0: * michael@0: * allocates a cipher of type id at location *cp, with key length michael@0: * key_len octets. Return values are: michael@0: * michael@0: * err_status_ok no problems michael@0: * err_status_alloc_fail an allocation failure occured michael@0: * err_status_fail couldn't find cipher with identifier 'id' michael@0: */ michael@0: michael@0: err_status_t michael@0: crypto_kernel_alloc_cipher(cipher_type_id_t id, michael@0: cipher_pointer_t *cp, michael@0: int key_len); michael@0: michael@0: /* michael@0: * crypto_kernel_alloc_auth(id, ap, key_len, tag_len); michael@0: * michael@0: * allocates an auth function of type id at location *ap, with key michael@0: * length key_len octets and output tag length of tag_len. Return michael@0: * values are: michael@0: * michael@0: * err_status_ok no problems michael@0: * err_status_alloc_fail an allocation failure occured michael@0: * err_status_fail couldn't find auth with identifier 'id' michael@0: */ michael@0: michael@0: err_status_t michael@0: crypto_kernel_alloc_auth(auth_type_id_t id, michael@0: auth_pointer_t *ap, michael@0: int key_len, michael@0: int tag_len); michael@0: michael@0: michael@0: /* michael@0: * crypto_kernel_set_debug_module(mod_name, v) michael@0: * michael@0: * sets dynamic debugging to the value v (0 for off, 1 for on) for the michael@0: * debug module with the name mod_name michael@0: * michael@0: * returns err_status_ok on success, err_status_fail otherwise michael@0: */ michael@0: michael@0: err_status_t michael@0: crypto_kernel_set_debug_module(char *mod_name, int v); michael@0: michael@0: /** michael@0: * @brief writes a random octet string. michael@0: * michael@0: * The function call crypto_get_random(dest, len) writes len octets of michael@0: * random data to the location to which dest points, and returns an michael@0: * error code. This error code @b must be checked, and if a failure is michael@0: * reported, the data in the buffer @b must @b not be used. michael@0: * michael@0: * @warning If the return code is not checked, then non-random michael@0: * data may be in the buffer. This function will fail michael@0: * unless it is called after crypto_kernel_init(). michael@0: * michael@0: * @return michael@0: * - err_status_ok if no problems occured. michael@0: * - [other] a problem occured, and no assumptions should michael@0: * be made about the contents of the destination michael@0: * buffer. michael@0: * michael@0: * @ingroup SRTP michael@0: */ michael@0: err_status_t michael@0: crypto_get_random(unsigned char *buffer, unsigned int length); michael@0: michael@0: #endif /* CRYPTO_KERNEL */