cipher.h 8.4 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254
  1. /*
  2. * cipher.h
  3. *
  4. * common interface to ciphers
  5. *
  6. * David A. McGrew
  7. * Cisco Systems, Inc.
  8. */
  9. /*
  10. *
  11. * Copyright (c) 2001-2006,2013 Cisco Systems, Inc.
  12. * All rights reserved.
  13. *
  14. * Redistribution and use in source and binary forms, with or without
  15. * modification, are permitted provided that the following conditions
  16. * are met:
  17. *
  18. * Redistributions of source code must retain the above copyright
  19. * notice, this list of conditions and the following disclaimer.
  20. *
  21. * Redistributions in binary form must reproduce the above
  22. * copyright notice, this list of conditions and the following
  23. * disclaimer in the documentation and/or other materials provided
  24. * with the distribution.
  25. *
  26. * Neither the name of the Cisco Systems, Inc. nor the names of its
  27. * contributors may be used to endorse or promote products derived
  28. * from this software without specific prior written permission.
  29. *
  30. * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
  31. * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
  32. * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
  33. * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
  34. * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
  35. * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
  36. * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
  37. * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  38. * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
  39. * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  40. * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
  41. * OF THE POSSIBILITY OF SUCH DAMAGE.
  42. *
  43. */
  44. #ifndef CIPHER_H
  45. #define CIPHER_H
  46. #include "datatypes.h"
  47. #include "rdbx.h" /* for xtd_seq_num_t */
  48. #include "err.h" /* for error codes */
  49. #include "crypto.h" /* for cipher_type_id_t */
  50. #include "crypto_types.h" /* for values of cipher_type_id_t */
  51. /**
  52. * @brief cipher_direction_t defines a particular cipher operation.
  53. *
  54. * A cipher_direction_t is an enum that describes a particular cipher
  55. * operation, i.e. encryption or decryption. For some ciphers, this
  56. * distinction does not matter, but for others, it is essential.
  57. */
  58. typedef enum {
  59. direction_encrypt, /**< encryption (convert plaintext to ciphertext) */
  60. direction_decrypt, /**< decryption (convert ciphertext to plaintext) */
  61. direction_any /**< encryption or decryption */
  62. } cipher_direction_t;
  63. /*
  64. * the cipher_pointer and cipher_type_pointer definitions are needed
  65. * as cipher_t and cipher_type_t are not yet defined
  66. */
  67. typedef struct cipher_type_t *cipher_type_pointer_t;
  68. typedef struct cipher_t *cipher_pointer_t;
  69. /*
  70. * a cipher_alloc_func_t allocates (but does not initialize) a cipher_t
  71. */
  72. typedef err_status_t (*cipher_alloc_func_t)
  73. (cipher_pointer_t *cp, int key_len, int tag_len);
  74. /*
  75. * a cipher_init_func_t [re-]initializes a cipher_t with a given key
  76. */
  77. typedef err_status_t (*cipher_init_func_t)
  78. (void *state, const uint8_t *key, int key_len);
  79. /* a cipher_dealloc_func_t de-allocates a cipher_t */
  80. typedef err_status_t (*cipher_dealloc_func_t)(cipher_pointer_t cp);
  81. /* a cipher_set_segment_func_t sets the segment index of a cipher_t */
  82. typedef err_status_t (*cipher_set_segment_func_t)
  83. (void *state, xtd_seq_num_t idx);
  84. /*
  85. * a cipher_set_aad_func_t processes the AAD data for AEAD ciphers
  86. */
  87. typedef err_status_t (*cipher_set_aad_func_t)
  88. (void *state, uint8_t *aad, unsigned int aad_len);
  89. /* a cipher_encrypt_func_t encrypts data in-place */
  90. typedef err_status_t (*cipher_encrypt_func_t)
  91. (void *state, uint8_t *buffer, unsigned int *octets_to_encrypt);
  92. /* a cipher_decrypt_func_t decrypts data in-place */
  93. typedef err_status_t (*cipher_decrypt_func_t)
  94. (void *state, uint8_t *buffer, unsigned int *octets_to_decrypt);
  95. /*
  96. * a cipher_set_iv_func_t function sets the current initialization vector
  97. */
  98. typedef err_status_t (*cipher_set_iv_func_t)
  99. (cipher_pointer_t cp, void *iv, cipher_direction_t direction);
  100. /*
  101. * a cipher_get_tag_funct_t function is used to get the authentication
  102. * tag that was calculated by an AEAD cipher.
  103. */
  104. typedef err_status_t (*cipher_get_tag_func_t)
  105. (void *state, void *tag, int *len);
  106. /*
  107. * cipher_test_case_t is a (list of) key, salt, xtd_seq_num_t,
  108. * plaintext, and ciphertext values that are known to be correct for a
  109. * particular cipher. this data can be used to test an implementation
  110. * in an on-the-fly self test of the correcness of the implementation.
  111. * (see the cipher_type_self_test() function below)
  112. */
  113. typedef struct cipher_test_case_t {
  114. int key_length_octets; /* octets in key */
  115. uint8_t *key; /* key */
  116. uint8_t *idx; /* packet index */
  117. int plaintext_length_octets; /* octets in plaintext */
  118. uint8_t *plaintext; /* plaintext */
  119. int ciphertext_length_octets; /* octets in plaintext */
  120. uint8_t *ciphertext; /* ciphertext */
  121. int aad_length_octets; /* octets in AAD */
  122. uint8_t *aad; /* AAD */
  123. int tag_length_octets; /* Length of AEAD tag */
  124. struct cipher_test_case_t *next_test_case; /* pointer to next testcase */
  125. } cipher_test_case_t;
  126. /* cipher_type_t defines the 'metadata' for a particular cipher type */
  127. typedef struct cipher_type_t {
  128. cipher_alloc_func_t alloc;
  129. cipher_dealloc_func_t dealloc;
  130. cipher_init_func_t init;
  131. cipher_set_aad_func_t set_aad;
  132. cipher_encrypt_func_t encrypt;
  133. cipher_encrypt_func_t decrypt;
  134. cipher_set_iv_func_t set_iv;
  135. cipher_get_tag_func_t get_tag;
  136. char *description;
  137. int ref_count;
  138. cipher_test_case_t *test_data;
  139. debug_module_t *debug;
  140. cipher_type_id_t id;
  141. } cipher_type_t;
  142. /*
  143. * cipher_t defines an instantiation of a particular cipher, with fixed
  144. * key length, key and salt values
  145. */
  146. typedef struct cipher_t {
  147. cipher_type_t *type;
  148. void *state;
  149. int key_len;
  150. int algorithm;
  151. } cipher_t;
  152. /* some syntactic sugar on these function types */
  153. #define cipher_type_alloc(ct, c, klen, tlen) ((ct)->alloc((c), (klen), (tlen)))
  154. #define cipher_dealloc(c) (((c)->type)->dealloc(c))
  155. #define cipher_init(c, k) (((c)->type)->init(((c)->state), (k), ((c)->key_len)))
  156. #define cipher_encrypt(c, buf, len) \
  157. (((c)->type)->encrypt(((c)->state), (buf), (len)))
  158. #define cipher_get_tag(c, buf, len) \
  159. (((c)->type)->get_tag(((c)->state), (buf), (len)))
  160. #define cipher_decrypt(c, buf, len) \
  161. (((c)->type)->decrypt(((c)->state), (buf), (len)))
  162. #define cipher_set_iv(c, n, dir) \
  163. ((c) ? (((c)->type)->set_iv(((cipher_pointer_t)(c)->state), (n), (dir))) : \
  164. err_status_no_such_op)
  165. #define cipher_set_aad(c, a, l) \
  166. (((c) && (((c)->type)->set_aad)) ? \
  167. (((c)->type)->set_aad(((c)->state), (a), (l))) : \
  168. err_status_no_such_op)
  169. err_status_t
  170. cipher_output(cipher_t *c, uint8_t *buffer, int num_octets_to_output);
  171. /* some bookkeeping functions */
  172. int
  173. cipher_get_key_length(const cipher_t *c);
  174. /*
  175. * cipher_type_self_test() tests a cipher against test cases provided in
  176. * an array of values of key/xtd_seq_num_t/plaintext/ciphertext
  177. * that is known to be good
  178. */
  179. err_status_t
  180. cipher_type_self_test(const cipher_type_t *ct);
  181. /*
  182. * cipher_type_test() tests a cipher against external test cases provided in
  183. * an array of values of key/xtd_seq_num_t/plaintext/ciphertext
  184. * that is known to be good
  185. */
  186. err_status_t
  187. cipher_type_test(const cipher_type_t *ct, const cipher_test_case_t *test_data);
  188. /*
  189. * cipher_bits_per_second(c, l, t) computes (and estimate of) the
  190. * number of bits that a cipher implementation can encrypt in a second
  191. *
  192. * c is a cipher (which MUST be allocated and initialized already), l
  193. * is the length in octets of the test data to be encrypted, and t is
  194. * the number of trials
  195. *
  196. * if an error is encountered, then the value 0 is returned
  197. */
  198. uint64_t
  199. cipher_bits_per_second(cipher_t *c, int octets_in_buffer, int num_trials);
  200. #endif /* CIPHER_H */