1 | /* |
2 | * Copyright (C) 2008-2012 Free Software Foundation, Inc. |
3 | * |
4 | * Author: Nikos Mavrogiannopoulos |
5 | * |
6 | * This file is part of GnuTLS. |
7 | * |
8 | * The GnuTLS is free software; you can redistribute it and/or |
9 | * modify it under the terms of the GNU Lesser General Public License |
10 | * as published by the Free Software Foundation; either version 2.1 of |
11 | * the License, or (at your option) any later version. |
12 | * |
13 | * This library is distributed in the hope that it will be useful, but |
14 | * WITHOUT ANY WARRANTY; without even the implied warranty of |
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
16 | * Lesser General Public License for more details. |
17 | * |
18 | * You should have received a copy of the GNU Lesser General Public License |
19 | * along with this program. If not, see <http://www.gnu.org/licenses/> |
20 | * |
21 | */ |
22 | |
23 | #ifndef GNUTLS_CRYPTO_H |
24 | #define GNUTLS_CRYPTO_H |
25 | |
26 | /* *INDENT-OFF* */ |
27 | #ifdef __cplusplus |
28 | extern "C" { |
29 | #endif |
30 | /* *INDENT-ON* */ |
31 | |
32 | typedef struct api_cipher_hd_st *gnutls_cipher_hd_t; |
33 | |
34 | int gnutls_cipher_init(gnutls_cipher_hd_t * handle, |
35 | gnutls_cipher_algorithm_t cipher, |
36 | const gnutls_datum_t * key, |
37 | const gnutls_datum_t * iv); |
38 | int gnutls_cipher_encrypt(const gnutls_cipher_hd_t handle, |
39 | void *text, size_t textlen); |
40 | int gnutls_cipher_decrypt(const gnutls_cipher_hd_t handle, |
41 | void *ciphertext, size_t ciphertextlen); |
42 | int gnutls_cipher_decrypt2(gnutls_cipher_hd_t handle, |
43 | const void *ciphertext, |
44 | size_t ciphertextlen, void *text, |
45 | size_t textlen); |
46 | int gnutls_cipher_encrypt2(gnutls_cipher_hd_t handle, |
47 | const void *text, size_t textlen, |
48 | void *ciphertext, size_t ciphertextlen); |
49 | |
50 | void gnutls_cipher_set_iv(gnutls_cipher_hd_t handle, void *iv, |
51 | size_t ivlen); |
52 | |
53 | int gnutls_cipher_tag(gnutls_cipher_hd_t handle, void *tag, |
54 | size_t tag_size); |
55 | int gnutls_cipher_add_auth(gnutls_cipher_hd_t handle, |
56 | const void *text, size_t text_size); |
57 | |
58 | void gnutls_cipher_deinit(gnutls_cipher_hd_t handle); |
59 | unsigned gnutls_cipher_get_block_size(gnutls_cipher_algorithm_t algorithm) __GNUTLS_CONST__; |
60 | unsigned gnutls_cipher_get_iv_size(gnutls_cipher_algorithm_t algorithm) __GNUTLS_CONST__; |
61 | unsigned gnutls_cipher_get_tag_size(gnutls_cipher_algorithm_t algorithm) __GNUTLS_CONST__; |
62 | |
63 | /* AEAD API |
64 | */ |
65 | typedef struct api_aead_cipher_hd_st *gnutls_aead_cipher_hd_t; |
66 | |
67 | int gnutls_aead_cipher_init(gnutls_aead_cipher_hd_t * handle, |
68 | gnutls_cipher_algorithm_t cipher, |
69 | const gnutls_datum_t * key); |
70 | int |
71 | gnutls_aead_cipher_decrypt(gnutls_aead_cipher_hd_t handle, |
72 | const void *nonce, size_t nonce_len, |
73 | const void *auth, size_t auth_len, |
74 | size_t tag_size, |
75 | const void *ctext, size_t ctext_len, |
76 | void *ptext, size_t *ptext_len); |
77 | int |
78 | gnutls_aead_cipher_encrypt(gnutls_aead_cipher_hd_t handle, |
79 | const void *nonce, size_t nonce_len, |
80 | const void *auth, size_t auth_len, |
81 | size_t tag_size, |
82 | const void *ptext, size_t ptext_len, |
83 | void *ctext, size_t *ctext_len); |
84 | |
85 | void gnutls_aead_cipher_deinit(gnutls_aead_cipher_hd_t handle); |
86 | |
87 | /* Hash - MAC API */ |
88 | |
89 | typedef struct hash_hd_st *gnutls_hash_hd_t; |
90 | typedef struct hmac_hd_st *gnutls_hmac_hd_t; |
91 | |
92 | size_t gnutls_mac_get_nonce_size(gnutls_mac_algorithm_t algorithm) __GNUTLS_CONST__; |
93 | int gnutls_hmac_init(gnutls_hmac_hd_t * dig, |
94 | gnutls_mac_algorithm_t algorithm, |
95 | const void *key, size_t keylen); |
96 | void gnutls_hmac_set_nonce(gnutls_hmac_hd_t handle, |
97 | const void *nonce, size_t nonce_len); |
98 | int gnutls_hmac(gnutls_hmac_hd_t handle, const void *text, size_t textlen); |
99 | void gnutls_hmac_output(gnutls_hmac_hd_t handle, void *digest); |
100 | void gnutls_hmac_deinit(gnutls_hmac_hd_t handle, void *digest); |
101 | unsigned gnutls_hmac_get_len(gnutls_mac_algorithm_t algorithm) __GNUTLS_CONST__; |
102 | int gnutls_hmac_fast(gnutls_mac_algorithm_t algorithm, |
103 | const void *key, size_t keylen, |
104 | const void *text, size_t textlen, void *digest); |
105 | |
106 | int gnutls_hash_init(gnutls_hash_hd_t * dig, |
107 | gnutls_digest_algorithm_t algorithm); |
108 | int gnutls_hash(gnutls_hash_hd_t handle, const void *text, size_t textlen); |
109 | void gnutls_hash_output(gnutls_hash_hd_t handle, void *digest); |
110 | void gnutls_hash_deinit(gnutls_hash_hd_t handle, void *digest); |
111 | unsigned gnutls_hash_get_len(gnutls_digest_algorithm_t algorithm) __GNUTLS_CONST__; |
112 | int gnutls_hash_fast(gnutls_digest_algorithm_t algorithm, |
113 | const void *text, size_t textlen, void *digest); |
114 | |
115 | /* register ciphers */ |
116 | |
117 | |
118 | /** |
119 | * gnutls_rnd_level_t: |
120 | * @GNUTLS_RND_NONCE: Non-predictable random number. Fatal in parts |
121 | * of session if broken, i.e., vulnerable to statistical analysis. |
122 | * @GNUTLS_RND_RANDOM: Pseudo-random cryptographic random number. |
123 | * Fatal in session if broken. |
124 | * @GNUTLS_RND_KEY: Fatal in many sessions if broken. |
125 | * |
126 | * Enumeration of random quality levels. |
127 | */ |
128 | typedef enum gnutls_rnd_level { |
129 | GNUTLS_RND_NONCE = 0, |
130 | GNUTLS_RND_RANDOM = 1, |
131 | GNUTLS_RND_KEY = 2 |
132 | } gnutls_rnd_level_t; |
133 | |
134 | int gnutls_rnd(gnutls_rnd_level_t level, void *data, size_t len); |
135 | |
136 | void gnutls_rnd_refresh(void); |
137 | |
138 | |
139 | /* API to override ciphers and MAC algorithms |
140 | */ |
141 | |
142 | typedef int (*gnutls_cipher_init_func) (gnutls_cipher_algorithm_t, void **ctx, int enc); |
143 | typedef int (*gnutls_cipher_setkey_func) (void *ctx, const void *key, size_t keysize); |
144 | /* old style ciphers */ |
145 | typedef int (*gnutls_cipher_setiv_func) (void *ctx, const void *iv, size_t ivsize); |
146 | typedef int (*gnutls_cipher_encrypt_func) (void *ctx, const void *plain, size_t plainsize, |
147 | void *encr, size_t encrsize); |
148 | typedef int (*gnutls_cipher_decrypt_func) (void *ctx, const void *encr, size_t encrsize, |
149 | void *plain, size_t plainsize); |
150 | |
151 | /* aead ciphers */ |
152 | typedef int (*gnutls_cipher_auth_func) (void *ctx, const void *data, size_t datasize); |
153 | typedef void (*gnutls_cipher_tag_func) (void *ctx, void *tag, size_t tagsize); |
154 | |
155 | typedef int (*gnutls_cipher_aead_encrypt_func) (void *ctx, |
156 | const void *nonce, size_t noncesize, |
157 | const void *auth, size_t authsize, |
158 | size_t tag_size, |
159 | const void *plain, size_t plainsize, |
160 | void *encr, size_t encrsize); |
161 | typedef int (*gnutls_cipher_aead_decrypt_func) (void *ctx, |
162 | const void *nonce, size_t noncesize, |
163 | const void *auth, size_t authsize, |
164 | size_t tag_size, |
165 | const void *encr, size_t encrsize, |
166 | void *plain, size_t plainsize); |
167 | typedef void (*gnutls_cipher_deinit_func) (void *ctx); |
168 | |
169 | int |
170 | gnutls_crypto_register_cipher(gnutls_cipher_algorithm_t algorithm, |
171 | int priority, |
172 | gnutls_cipher_init_func init, |
173 | gnutls_cipher_setkey_func setkey, |
174 | gnutls_cipher_setiv_func setiv, |
175 | gnutls_cipher_encrypt_func encrypt, |
176 | gnutls_cipher_decrypt_func decrypt, |
177 | gnutls_cipher_deinit_func deinit); |
178 | |
179 | int |
180 | gnutls_crypto_register_aead_cipher(gnutls_cipher_algorithm_t algorithm, |
181 | int priority, |
182 | gnutls_cipher_init_func init, |
183 | gnutls_cipher_setkey_func setkey, |
184 | gnutls_cipher_aead_encrypt_func aead_encrypt, |
185 | gnutls_cipher_aead_decrypt_func aead_decrypt, |
186 | gnutls_cipher_deinit_func deinit); |
187 | |
188 | typedef int (*gnutls_mac_init_func) (gnutls_mac_algorithm_t, void **ctx); |
189 | typedef int (*gnutls_mac_setkey_func) (void *ctx, const void *key, size_t keysize); |
190 | typedef int (*gnutls_mac_setnonce_func) (void *ctx, const void *nonce, size_t noncesize); |
191 | typedef int (*gnutls_mac_hash_func) (void *ctx, const void *text, size_t textsize); |
192 | typedef int (*gnutls_mac_output_func) (void *src_ctx, void *digest, size_t digestsize); |
193 | typedef void (*gnutls_mac_deinit_func) (void *ctx); |
194 | typedef int (*gnutls_mac_fast_func) (gnutls_mac_algorithm_t, const void *nonce, |
195 | size_t nonce_size, const void *key, size_t keysize, |
196 | const void *text, size_t textsize, void *digest); |
197 | |
198 | int |
199 | gnutls_crypto_register_mac(gnutls_mac_algorithm_t mac, |
200 | int priority, |
201 | gnutls_mac_init_func init, |
202 | gnutls_mac_setkey_func setkey, |
203 | gnutls_mac_setnonce_func setnonce, |
204 | gnutls_mac_hash_func hash, |
205 | gnutls_mac_output_func output, |
206 | gnutls_mac_deinit_func deinit, |
207 | gnutls_mac_fast_func hash_fast); |
208 | |
209 | typedef int (*gnutls_digest_init_func) (gnutls_digest_algorithm_t, void **ctx); |
210 | typedef int (*gnutls_digest_hash_func) (void *ctx, const void *text, size_t textsize); |
211 | typedef int (*gnutls_digest_output_func) (void *src_ctx, void *digest, size_t digestsize); |
212 | typedef void (*gnutls_digest_deinit_func) (void *ctx); |
213 | typedef int (*gnutls_digest_fast_func) (gnutls_digest_algorithm_t, |
214 | const void *text, size_t textsize, void *digest); |
215 | |
216 | int |
217 | gnutls_crypto_register_digest(gnutls_digest_algorithm_t digest, |
218 | int priority, |
219 | gnutls_digest_init_func init, |
220 | gnutls_digest_hash_func hash, |
221 | gnutls_digest_output_func output, |
222 | gnutls_digest_deinit_func deinit, |
223 | gnutls_digest_fast_func hash_fast); |
224 | |
225 | /* RSA-PKCS#1 1.5 helper functions */ |
226 | int |
227 | gnutls_encode_ber_digest_info(gnutls_digest_algorithm_t hash, |
228 | const gnutls_datum_t * digest, |
229 | gnutls_datum_t * output); |
230 | |
231 | int |
232 | gnutls_decode_ber_digest_info(const gnutls_datum_t * info, |
233 | gnutls_digest_algorithm_t *hash, |
234 | unsigned char *digest, unsigned int *digest_size); |
235 | |
236 | /* *INDENT-OFF* */ |
237 | #ifdef __cplusplus |
238 | } |
239 | #endif |
240 | /* *INDENT-ON* */ |
241 | #endif |
242 | |