Annotation of embedaddon/strongswan/src/libstrongswan/crypto/crypters/crypter.h, revision 1.1.1.1
1.1 misho 1: /*
2: * Copyright (C) 2005-2006 Martin Willi
3: * Copyright (C) 2005 Jan Hutter
4: * HSR Hochschule fuer Technik Rapperswil
5: *
6: * This program is free software; you can redistribute it and/or modify it
7: * under the terms of the GNU General Public License as published by the
8: * Free Software Foundation; either version 2 of the License, or (at your
9: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10: *
11: * This program is distributed in the hope that it will be useful, but
12: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14: * for more details.
15: */
16:
17: /**
18: * @defgroup crypter crypter
19: * @{ @ingroup crypto
20: */
21:
22: #ifndef CRYPTER_H_
23: #define CRYPTER_H_
24:
25: typedef enum encryption_algorithm_t encryption_algorithm_t;
26: typedef struct crypter_t crypter_t;
27:
28: #include <library.h>
29:
30: /**
31: * Encryption algorithm, as in IKEv2 RFC 3.3.2.
32: */
33: enum encryption_algorithm_t {
34: ENCR_DES_IV64 = 1,
35: ENCR_DES = 2,
36: ENCR_3DES = 3,
37: ENCR_RC5 = 4,
38: ENCR_IDEA = 5,
39: ENCR_CAST = 6,
40: ENCR_BLOWFISH = 7,
41: ENCR_3IDEA = 8,
42: ENCR_DES_IV32 = 9,
43: ENCR_NULL = 11,
44: ENCR_AES_CBC = 12,
45: /** CTR as specified for IPsec (RFC5930/RFC3686), nonce appended to key */
46: ENCR_AES_CTR = 13,
47: ENCR_AES_CCM_ICV8 = 14,
48: ENCR_AES_CCM_ICV12 = 15,
49: ENCR_AES_CCM_ICV16 = 16,
50: ENCR_AES_GCM_ICV8 = 18,
51: ENCR_AES_GCM_ICV12 = 19,
52: ENCR_AES_GCM_ICV16 = 20,
53: ENCR_NULL_AUTH_AES_GMAC = 21,
54: ENCR_CAMELLIA_CBC = 23,
55: /* CTR as specified for IPsec (RFC5529), nonce appended to key */
56: ENCR_CAMELLIA_CTR = 24,
57: ENCR_CAMELLIA_CCM_ICV8 = 25,
58: ENCR_CAMELLIA_CCM_ICV12 = 26,
59: ENCR_CAMELLIA_CCM_ICV16 = 27,
60: ENCR_CHACHA20_POLY1305 = 28,
61: ENCR_UNDEFINED = 1024,
62: ENCR_DES_ECB = 1025,
63: ENCR_SERPENT_CBC = 1026,
64: ENCR_TWOFISH_CBC = 1027,
65: /* see macros below to handle RC2 (effective) key length */
66: ENCR_RC2_CBC = 1028,
67: ENCR_AES_ECB = 1029,
68: };
69:
70: #define DES_BLOCK_SIZE 8
71: #define BLOWFISH_BLOCK_SIZE 8
72: #define AES_BLOCK_SIZE 16
73: #define CAMELLIA_BLOCK_SIZE 16
74: #define SERPENT_BLOCK_SIZE 16
75: #define TWOFISH_BLOCK_SIZE 16
76:
77: /**
78: * For RC2, if the effective key size in bits is not key_size * 8, it should
79: * be encoded with the macro below. It can be decoded with the other two macros.
80: * After decoding the value should be validated.
81: */
82: #define RC2_KEY_SIZE(kl, eff) ((kl) | ((eff) << 8))
83: #define RC2_EFFECTIVE_KEY_LEN(ks) ((ks) >> 8)
84: #define RC2_KEY_LEN(ks) ((ks) & 0xff)
85:
86: /**
87: * enum name for encryption_algorithm_t.
88: */
89: extern enum_name_t *encryption_algorithm_names;
90:
91: /**
92: * Generic interface for symmetric encryption algorithms.
93: */
94: struct crypter_t {
95:
96: /**
97: * Encrypt a chunk of data and allocate space for the encrypted value.
98: *
99: * The length of the iv must equal to get_iv_size(), while the length
100: * of data must be a multiple of get_block_size().
101: * If encrypted is NULL, the encryption is done in-place (overwriting data).
102: *
103: * @param data data to encrypt
104: * @param iv initializing vector
105: * @param encrypted chunk to allocate encrypted data, or NULL
106: * @return TRUE if encryption successful
107: */
108: bool (*encrypt)(crypter_t *this, chunk_t data, chunk_t iv,
109: chunk_t *encrypted) __attribute__((warn_unused_result));
110:
111: /**
112: * Decrypt a chunk of data and allocate space for the decrypted value.
113: *
114: * The length of the iv must equal to get_iv_size(), while the length
115: * of data must be a multiple of get_block_size().
116: * If decrypted is NULL, the encryption is done in-place (overwriting data).
117: *
118: * @param data data to decrypt
119: * @param iv initializing vector
120: * @param encrypted chunk to allocate decrypted data, or NULL
121: * @return TRUE if decryption successful
122: */
123: bool (*decrypt)(crypter_t *this, chunk_t data, chunk_t iv,
124: chunk_t *decrypted) __attribute__((warn_unused_result));
125:
126: /**
127: * Get the block size of the crypto algorithm.
128: *
129: * get_block_size() returns the smallest block the crypter can handle,
130: * not the block size of the underlying crypto algorithm. For counter mode,
131: * it is usually 1.
132: *
133: * @return block size in bytes
134: */
135: size_t (*get_block_size)(crypter_t *this);
136:
137: /**
138: * Get the IV size of the crypto algorithm.
139: *
140: * @return initialization vector size in bytes
141: */
142: size_t (*get_iv_size)(crypter_t *this);
143:
144: /**
145: * Get the key size of the crypto algorithm.
146: *
147: * get_key_size() might return a key length different from the key
148: * size passed to the factory constructor. For Counter Mode, the nonce
149: * is handled as a part of the key material and is passed to set_key().
150: *
151: * @return key size in bytes
152: */
153: size_t (*get_key_size)(crypter_t *this);
154:
155: /**
156: * Set the key.
157: *
158: * The length of the key must match get_key_size().
159: *
160: * @param key key to set
161: * @return TRUE if key set successfully
162: */
163: bool (*set_key)(crypter_t *this,
164: chunk_t key) __attribute__((warn_unused_result));
165:
166: /**
167: * Destroys a crypter_t object.
168: */
169: void (*destroy)(crypter_t *this);
170: };
171:
172: /**
173: * Conversion of ASN.1 OID to encryption algorithm.
174: *
175: * @param oid ASN.1 OID
176: * @param key_size returns size of encryption key in bits
177: * @return encryption algorithm, ENCR_UNDEFINED if OID unsupported
178: */
179: encryption_algorithm_t encryption_algorithm_from_oid(int oid, size_t *key_size);
180:
181: /**
182: * Conversion of encryption algorithm to ASN.1 OID.
183: *
184: * @param alg encryption algorithm
185: * @param key_size size of encryption key in bits
186: * @return ASN.1 OID, OID_UNKNOWN if OID is unknown
187: */
188: int encryption_algorithm_to_oid(encryption_algorithm_t alg, size_t key_size);
189:
190: /**
191: * Check if an encryption algorithm identifier is an AEAD algorithm.
192: *
193: * @param alg algorithm identifier
194: * @return TRUE if it is an AEAD algorithm
195: */
196: bool encryption_algorithm_is_aead(encryption_algorithm_t alg);
197:
198: #endif /** CRYPTER_H_ @}*/
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>