summaryrefslogtreecommitdiffstats
path: root/netwerk/srtp/src/crypto/include/cipher.h
diff options
context:
space:
mode:
Diffstat (limited to 'netwerk/srtp/src/crypto/include/cipher.h')
-rw-r--r--netwerk/srtp/src/crypto/include/cipher.h230
1 files changed, 230 insertions, 0 deletions
diff --git a/netwerk/srtp/src/crypto/include/cipher.h b/netwerk/srtp/src/crypto/include/cipher.h
new file mode 100644
index 000000000..eff6dd154
--- /dev/null
+++ b/netwerk/srtp/src/crypto/include/cipher.h
@@ -0,0 +1,230 @@
+/*
+ * cipher.h
+ *
+ * common interface to ciphers
+ *
+ * David A. McGrew
+ * Cisco Systems, Inc.
+ */
+/*
+ *
+ * Copyright (c) 2001-2006, Cisco Systems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following
+ * disclaimer in the documentation and/or other materials provided
+ * with the distribution.
+ *
+ * Neither the name of the Cisco Systems, Inc. nor the names of its
+ * contributors may be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+
+#ifndef CIPHER_H
+#define CIPHER_H
+
+#include "datatypes.h"
+#include "rdbx.h" /* for xtd_seq_num_t */
+#include "err.h" /* for error codes */
+#include "crypto.h" /* for cipher_type_id_t */
+#include "crypto_types.h" /* for values of cipher_type_id_t */
+
+
+/**
+ * @brief cipher_direction_t defines a particular cipher operation.
+ *
+ * A cipher_direction_t is an enum that describes a particular cipher
+ * operation, i.e. encryption or decryption. For some ciphers, this
+ * distinction does not matter, but for others, it is essential.
+ */
+
+typedef enum {
+ direction_encrypt, /**< encryption (convert plaintext to ciphertext) */
+ direction_decrypt, /**< decryption (convert ciphertext to plaintext) */
+ direction_any /**< encryption or decryption */
+} cipher_direction_t;
+
+/*
+ * the cipher_pointer and cipher_type_pointer definitions are needed
+ * as cipher_t and cipher_type_t are not yet defined
+ */
+
+typedef struct cipher_type_t *cipher_type_pointer_t;
+typedef struct cipher_t *cipher_pointer_t;
+
+/*
+ * a cipher_alloc_func_t allocates (but does not initialize) a cipher_t
+ */
+
+typedef err_status_t (*cipher_alloc_func_t)
+ (cipher_pointer_t *cp, int key_len);
+
+/*
+ * a cipher_init_func_t [re-]initializes a cipher_t with a given key
+ * and direction (i.e., encrypt or decrypt)
+ */
+
+typedef err_status_t (*cipher_init_func_t)
+(void *state, const uint8_t *key, int key_len, cipher_direction_t dir);
+
+/* a cipher_dealloc_func_t de-allocates a cipher_t */
+
+typedef err_status_t (*cipher_dealloc_func_t)(cipher_pointer_t cp);
+
+/* a cipher_set_segment_func_t sets the segment index of a cipher_t */
+
+typedef err_status_t (*cipher_set_segment_func_t)
+ (void *state, xtd_seq_num_t idx);
+
+/* a cipher_encrypt_func_t encrypts data in-place */
+
+typedef err_status_t (*cipher_encrypt_func_t)
+ (void *state, uint8_t *buffer, unsigned int *octets_to_encrypt);
+
+/* a cipher_decrypt_func_t decrypts data in-place */
+
+typedef err_status_t (*cipher_decrypt_func_t)
+ (void *state, uint8_t *buffer, unsigned int *octets_to_decrypt);
+
+/*
+ * a cipher_set_iv_func_t function sets the current initialization vector
+ */
+
+typedef err_status_t (*cipher_set_iv_func_t)
+ (cipher_pointer_t cp, void *iv);
+
+/*
+ * cipher_test_case_t is a (list of) key, salt, xtd_seq_num_t,
+ * plaintext, and ciphertext values that are known to be correct for a
+ * particular cipher. this data can be used to test an implementation
+ * in an on-the-fly self test of the correcness of the implementation.
+ * (see the cipher_type_self_test() function below)
+ */
+
+typedef struct cipher_test_case_t {
+ int key_length_octets; /* octets in key */
+ uint8_t *key; /* key */
+ uint8_t *idx; /* packet index */
+ int plaintext_length_octets; /* octets in plaintext */
+ uint8_t *plaintext; /* plaintext */
+ int ciphertext_length_octets; /* octets in plaintext */
+ uint8_t *ciphertext; /* ciphertext */
+ struct cipher_test_case_t *next_test_case; /* pointer to next testcase */
+} cipher_test_case_t;
+
+/* cipher_type_t defines the 'metadata' for a particular cipher type */
+
+typedef struct cipher_type_t {
+ cipher_alloc_func_t alloc;
+ cipher_dealloc_func_t dealloc;
+ cipher_init_func_t init;
+ cipher_encrypt_func_t encrypt;
+ cipher_encrypt_func_t decrypt;
+ cipher_set_iv_func_t set_iv;
+ char *description;
+ int ref_count;
+ cipher_test_case_t *test_data;
+ debug_module_t *debug;
+ cipher_type_id_t id;
+} cipher_type_t;
+
+/*
+ * cipher_t defines an instantiation of a particular cipher, with fixed
+ * key length, key and salt values
+ */
+
+typedef struct cipher_t {
+ cipher_type_t *type;
+ void *state;
+ int key_len;
+#ifdef FORCE_64BIT_ALIGN
+ int pad;
+#endif
+} cipher_t;
+
+/* some syntactic sugar on these function types */
+
+#define cipher_type_alloc(ct, c, klen) ((ct)->alloc((c), (klen)))
+
+#define cipher_dealloc(c) (((c)->type)->dealloc(c))
+
+#define cipher_init(c, k, dir) (((c)->type)->init(((c)->state), (k), ((c)->key_len), (dir)))
+
+#define cipher_encrypt(c, buf, len) \
+ (((c)->type)->encrypt(((c)->state), (buf), (len)))
+
+#define cipher_decrypt(c, buf, len) \
+ (((c)->type)->decrypt(((c)->state), (buf), (len)))
+
+#define cipher_set_iv(c, n) \
+ ((c) ? (((c)->type)->set_iv(((cipher_pointer_t)(c)->state), (n))) : \
+ err_status_no_such_op)
+
+err_status_t
+cipher_output(cipher_t *c, uint8_t *buffer, int num_octets_to_output);
+
+
+/* some bookkeeping functions */
+
+int
+cipher_get_key_length(const cipher_t *c);
+
+
+/*
+ * cipher_type_self_test() tests a cipher against test cases provided in
+ * an array of values of key/xtd_seq_num_t/plaintext/ciphertext
+ * that is known to be good
+ */
+
+err_status_t
+cipher_type_self_test(const cipher_type_t *ct);
+
+
+/*
+ * cipher_type_test() tests a cipher against external test cases provided in
+ * an array of values of key/xtd_seq_num_t/plaintext/ciphertext
+ * that is known to be good
+ */
+
+err_status_t
+cipher_type_test(const cipher_type_t *ct, const cipher_test_case_t *test_data);
+
+
+/*
+ * cipher_bits_per_second(c, l, t) computes (and estimate of) the
+ * number of bits that a cipher implementation can encrypt in a second
+ *
+ * c is a cipher (which MUST be allocated and initialized already), l
+ * is the length in octets of the test data to be encrypted, and t is
+ * the number of trials
+ *
+ * if an error is encountered, then the value 0 is returned
+ */
+
+uint64_t
+cipher_bits_per_second(cipher_t *c, int octets_in_buffer, int num_trials);
+
+#endif /* CIPHER_H */