Return to crypter.h CVS log | Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libstrongswan / crypto / crypters |
1.1 misho 1: /* 2: * Copyright (C) 2005-2006 Martin Willi 3: * Copyright (C) 2005 Jan Hutter 4: * HSR Hochschule fuer Technik Rapperswil 5: * 6: * This program is free software; you can redistribute it and/or modify it 7: * under the terms of the GNU General Public License as published by the 8: * Free Software Foundation; either version 2 of the License, or (at your 9: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. 10: * 11: * This program is distributed in the hope that it will be useful, but 12: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY 13: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14: * for more details. 15: */ 16: 17: /** 18: * @defgroup crypter crypter 19: * @{ @ingroup crypto 20: */ 21: 22: #ifndef CRYPTER_H_ 23: #define CRYPTER_H_ 24: 25: typedef enum encryption_algorithm_t encryption_algorithm_t; 26: typedef struct crypter_t crypter_t; 27: 28: #include <library.h> 29: 30: /** 31: * Encryption algorithm, as in IKEv2 RFC 3.3.2. 32: */ 33: enum encryption_algorithm_t { 34: ENCR_DES_IV64 = 1, 35: ENCR_DES = 2, 36: ENCR_3DES = 3, 37: ENCR_RC5 = 4, 38: ENCR_IDEA = 5, 39: ENCR_CAST = 6, 40: ENCR_BLOWFISH = 7, 41: ENCR_3IDEA = 8, 42: ENCR_DES_IV32 = 9, 43: ENCR_NULL = 11, 44: ENCR_AES_CBC = 12, 45: /** CTR as specified for IPsec (RFC5930/RFC3686), nonce appended to key */ 46: ENCR_AES_CTR = 13, 47: ENCR_AES_CCM_ICV8 = 14, 48: ENCR_AES_CCM_ICV12 = 15, 49: ENCR_AES_CCM_ICV16 = 16, 50: ENCR_AES_GCM_ICV8 = 18, 51: ENCR_AES_GCM_ICV12 = 19, 52: ENCR_AES_GCM_ICV16 = 20, 53: ENCR_NULL_AUTH_AES_GMAC = 21, 54: ENCR_CAMELLIA_CBC = 23, 55: /* CTR as specified for IPsec (RFC5529), nonce appended to key */ 56: ENCR_CAMELLIA_CTR = 24, 57: ENCR_CAMELLIA_CCM_ICV8 = 25, 58: ENCR_CAMELLIA_CCM_ICV12 = 26, 59: ENCR_CAMELLIA_CCM_ICV16 = 27, 60: ENCR_CHACHA20_POLY1305 = 28, 61: ENCR_UNDEFINED = 1024, 62: ENCR_DES_ECB = 1025, 63: ENCR_SERPENT_CBC = 1026, 64: ENCR_TWOFISH_CBC = 1027, 65: /* see macros below to handle RC2 (effective) key length */ 66: ENCR_RC2_CBC = 1028, 67: ENCR_AES_ECB = 1029, 68: }; 69: 70: #define DES_BLOCK_SIZE 8 71: #define BLOWFISH_BLOCK_SIZE 8 72: #define AES_BLOCK_SIZE 16 73: #define CAMELLIA_BLOCK_SIZE 16 74: #define SERPENT_BLOCK_SIZE 16 75: #define TWOFISH_BLOCK_SIZE 16 76: 77: /** 78: * For RC2, if the effective key size in bits is not key_size * 8, it should 79: * be encoded with the macro below. It can be decoded with the other two macros. 80: * After decoding the value should be validated. 81: */ 82: #define RC2_KEY_SIZE(kl, eff) ((kl) | ((eff) << 8)) 83: #define RC2_EFFECTIVE_KEY_LEN(ks) ((ks) >> 8) 84: #define RC2_KEY_LEN(ks) ((ks) & 0xff) 85: 86: /** 87: * enum name for encryption_algorithm_t. 88: */ 89: extern enum_name_t *encryption_algorithm_names; 90: 91: /** 92: * Generic interface for symmetric encryption algorithms. 93: */ 94: struct crypter_t { 95: 96: /** 97: * Encrypt a chunk of data and allocate space for the encrypted value. 98: * 99: * The length of the iv must equal to get_iv_size(), while the length 100: * of data must be a multiple of get_block_size(). 101: * If encrypted is NULL, the encryption is done in-place (overwriting data). 102: * 103: * @param data data to encrypt 104: * @param iv initializing vector 105: * @param encrypted chunk to allocate encrypted data, or NULL 106: * @return TRUE if encryption successful 107: */ 108: bool (*encrypt)(crypter_t *this, chunk_t data, chunk_t iv, 109: chunk_t *encrypted) __attribute__((warn_unused_result)); 110: 111: /** 112: * Decrypt a chunk of data and allocate space for the decrypted value. 113: * 114: * The length of the iv must equal to get_iv_size(), while the length 115: * of data must be a multiple of get_block_size(). 116: * If decrypted is NULL, the encryption is done in-place (overwriting data). 117: * 118: * @param data data to decrypt 119: * @param iv initializing vector 120: * @param encrypted chunk to allocate decrypted data, or NULL 121: * @return TRUE if decryption successful 122: */ 123: bool (*decrypt)(crypter_t *this, chunk_t data, chunk_t iv, 124: chunk_t *decrypted) __attribute__((warn_unused_result)); 125: 126: /** 127: * Get the block size of the crypto algorithm. 128: * 129: * get_block_size() returns the smallest block the crypter can handle, 130: * not the block size of the underlying crypto algorithm. For counter mode, 131: * it is usually 1. 132: * 133: * @return block size in bytes 134: */ 135: size_t (*get_block_size)(crypter_t *this); 136: 137: /** 138: * Get the IV size of the crypto algorithm. 139: * 140: * @return initialization vector size in bytes 141: */ 142: size_t (*get_iv_size)(crypter_t *this); 143: 144: /** 145: * Get the key size of the crypto algorithm. 146: * 147: * get_key_size() might return a key length different from the key 148: * size passed to the factory constructor. For Counter Mode, the nonce 149: * is handled as a part of the key material and is passed to set_key(). 150: * 151: * @return key size in bytes 152: */ 153: size_t (*get_key_size)(crypter_t *this); 154: 155: /** 156: * Set the key. 157: * 158: * The length of the key must match get_key_size(). 159: * 160: * @param key key to set 161: * @return TRUE if key set successfully 162: */ 163: bool (*set_key)(crypter_t *this, 164: chunk_t key) __attribute__((warn_unused_result)); 165: 166: /** 167: * Destroys a crypter_t object. 168: */ 169: void (*destroy)(crypter_t *this); 170: }; 171: 172: /** 173: * Conversion of ASN.1 OID to encryption algorithm. 174: * 175: * @param oid ASN.1 OID 176: * @param key_size returns size of encryption key in bits 177: * @return encryption algorithm, ENCR_UNDEFINED if OID unsupported 178: */ 179: encryption_algorithm_t encryption_algorithm_from_oid(int oid, size_t *key_size); 180: 181: /** 182: * Conversion of encryption algorithm to ASN.1 OID. 183: * 184: * @param alg encryption algorithm 185: * @param key_size size of encryption key in bits 186: * @return ASN.1 OID, OID_UNKNOWN if OID is unknown 187: */ 188: int encryption_algorithm_to_oid(encryption_algorithm_t alg, size_t key_size); 189: 190: /** 191: * Check if an encryption algorithm identifier is an AEAD algorithm. 192: * 193: * @param alg algorithm identifier 194: * @return TRUE if it is an AEAD algorithm 195: */ 196: bool encryption_algorithm_is_aead(encryption_algorithm_t alg); 197: 198: #endif /** CRYPTER_H_ @}*/