/* * crypto_kernel.h * * header for the cryptographic kernel * * David A. McGrew * Cisco Systems, Inc. */ /* * * Copyright(c) 2001-2006 Cisco Systems, Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above * copyright notice, this list of conditions and the following * disclaimer in the documentation and/or other materials provided * with the distribution. * * Neither the name of the Cisco Systems, Inc. nor the names of its * contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * */ #ifndef CRYPTO_KERNEL #define CRYPTO_KERNEL #include "rand_source.h" #include "prng.h" #include "cipher.h" #include "auth.h" #include "cryptoalg.h" #include "stat.h" #include "err.h" #include "crypto_types.h" #include "key.h" #include "crypto.h" /* * crypto_kernel_state_t defines the possible states: * * insecure - not yet initialized * secure - initialized and passed self-tests */ typedef enum { crypto_kernel_state_insecure, crypto_kernel_state_secure } crypto_kernel_state_t; /* * linked list of cipher types */ typedef struct kernel_cipher_type { cipher_type_id_t id; cipher_type_t *cipher_type; struct kernel_cipher_type *next; } kernel_cipher_type_t; /* * linked list of auth types */ typedef struct kernel_auth_type { auth_type_id_t id; auth_type_t *auth_type; struct kernel_auth_type *next; } kernel_auth_type_t; /* * linked list of debug modules */ typedef struct kernel_debug_module { debug_module_t *mod; struct kernel_debug_module *next; } kernel_debug_module_t; /* * crypto_kernel_t is the data structure for the crypto kernel * * note that there is *exactly one* instance of this data type, * a global variable defined in crypto_kernel.c */ typedef struct { crypto_kernel_state_t state; /* current state of kernel */ kernel_cipher_type_t *cipher_type_list; /* list of all cipher types */ kernel_auth_type_t *auth_type_list; /* list of all auth func types */ kernel_debug_module_t *debug_module_list; /* list of all debug modules */ } crypto_kernel_t; /* * crypto_kernel_t external api */ /* * The function crypto_kernel_init() initialized the crypto kernel and * runs the self-test operations on the random number generators and * crypto algorithms. Possible return values are: * * err_status_ok initialization successful * <other> init failure * * If any value other than err_status_ok is returned, the * crypto_kernel MUST NOT be used. */ err_status_t crypto_kernel_init(void); /* * The function crypto_kernel_shutdown() de-initializes the * crypto_kernel, zeroizes keys and other cryptographic material, and * deallocates any dynamically allocated memory. Possible return * values are: * * err_status_ok shutdown successful * <other> shutdown failure * */ err_status_t crypto_kernel_shutdown(void); /* * The function crypto_kernel_stats() checks the the crypto_kernel, * running tests on the ciphers, auth funcs, and rng, and prints out a * status report. Possible return values are: * * err_status_ok all tests were passed * <other> a test failed * */ err_status_t crypto_kernel_status(void); /* * crypto_kernel_list_debug_modules() outputs a list of debugging modules * */ err_status_t crypto_kernel_list_debug_modules(void); /* * crypto_kernel_load_cipher_type() * */ err_status_t crypto_kernel_load_cipher_type(cipher_type_t *ct, cipher_type_id_t id); err_status_t crypto_kernel_load_auth_type(auth_type_t *ct, auth_type_id_t id); err_status_t crypto_kernel_load_debug_module(debug_module_t *new_dm); /* * crypto_kernel_alloc_cipher(id, cp, key_len); * * allocates a cipher of type id at location *cp, with key length * key_len octets. Return values are: * * err_status_ok no problems * err_status_alloc_fail an allocation failure occured * err_status_fail couldn't find cipher with identifier 'id' */ err_status_t crypto_kernel_alloc_cipher(cipher_type_id_t id, cipher_pointer_t *cp, int key_len); /* * crypto_kernel_alloc_auth(id, ap, key_len, tag_len); * * allocates an auth function of type id at location *ap, with key * length key_len octets and output tag length of tag_len. Return * values are: * * err_status_ok no problems * err_status_alloc_fail an allocation failure occured * err_status_fail couldn't find auth with identifier 'id' */ err_status_t crypto_kernel_alloc_auth(auth_type_id_t id, auth_pointer_t *ap, int key_len, int tag_len); /* * crypto_kernel_set_debug_module(mod_name, v) * * sets dynamic debugging to the value v (0 for off, 1 for on) for the * debug module with the name mod_name * * returns err_status_ok on success, err_status_fail otherwise */ err_status_t crypto_kernel_set_debug_module(char *mod_name, int v); /** * @brief writes a random octet string. * * The function call crypto_get_random(dest, len) writes len octets of * random data to the location to which dest points, and returns an * error code. This error code @b must be checked, and if a failure is * reported, the data in the buffer @b must @b not be used. * * @warning If the return code is not checked, then non-random * data may be in the buffer. This function will fail * unless it is called after crypto_kernel_init(). * * @return * - err_status_ok if no problems occured. * - [other] a problem occured, and no assumptions should * be made about the contents of the destination * buffer. * * @ingroup SRTP */ err_status_t crypto_get_random(unsigned char *buffer, unsigned int length); #endif /* CRYPTO_KERNEL */