BadVPN – Blame information for rev 1

Subversion Repositories:
Rev:
Rev Author Line No. Line
1 office 1 /**
2 * @file BEncryption.h
3 * @author Ambroz Bizjak <ambrop7@gmail.com>
4 *
5 * @section LICENSE
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions are met:
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
14 * 3. Neither the name of the author nor the
15 * names of its contributors may be used to endorse or promote products
16 * derived from this software without specific prior written permission.
17 *
18 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
19 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
20 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
21 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
22 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
23 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
24 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
25 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
27 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 *
29 * @section DESCRIPTION
30 *
31 * Block cipher encryption abstraction.
32 */
33  
34 #ifndef BADVPN_SECURITY_BENCRYPTION_H
35 #define BADVPN_SECURITY_BENCRYPTION_H
36  
37 #include <stdint.h>
38 #include <string.h>
39  
40 #ifdef BADVPN_USE_CRYPTODEV
41 #include <crypto/cryptodev.h>
42 #include <sys/types.h>
43 #include <sys/stat.h>
44 #include <fcntl.h>
45 #include <sys/ioctl.h>
46 #include <string.h>
47 #include <stdint.h>
48 #include <unistd.h>
49 #endif
50  
51 #include <openssl/blowfish.h>
52 #include <openssl/aes.h>
53  
54 #include <misc/debug.h>
55 #include <base/DebugObject.h>
56  
57 #define BENCRYPTION_MODE_ENCRYPT 1
58 #define BENCRYPTION_MODE_DECRYPT 2
59  
60 #define BENCRYPTION_MAX_BLOCK_SIZE 16
61 #define BENCRYPTION_MAX_KEY_SIZE 16
62  
63 #define BENCRYPTION_CIPHER_BLOWFISH 1
64 #define BENCRYPTION_CIPHER_BLOWFISH_BLOCK_SIZE 8
65 #define BENCRYPTION_CIPHER_BLOWFISH_KEY_SIZE 16
66  
67 #define BENCRYPTION_CIPHER_AES 2
68 #define BENCRYPTION_CIPHER_AES_BLOCK_SIZE 16
69 #define BENCRYPTION_CIPHER_AES_KEY_SIZE 16
70  
71 // NOTE: update the maximums above when adding a cipher!
72  
73 /**
74 * Block cipher encryption abstraction.
75 */
76 typedef struct {
77 DebugObject d_obj;
78 int mode;
79 int cipher;
80 #ifdef BADVPN_USE_CRYPTODEV
81 int use_cryptodev;
82 #endif
83 union {
84 BF_KEY blowfish;
85 struct {
86 AES_KEY encrypt;
87 AES_KEY decrypt;
88 } aes;
89 #ifdef BADVPN_USE_CRYPTODEV
90 struct {
91 int fd;
92 int cfd;
93 int cipher;
94 uint32_t ses;
95 } cryptodev;
96 #endif
97 };
98 } BEncryption;
99  
100 /**
101 * Checks if the given cipher number is valid.
102 *
103 * @param cipher cipher number
104 * @return 1 if valid, 0 if not
105 */
106 int BEncryption_cipher_valid (int cipher);
107  
108 /**
109 * Returns the block size of a cipher.
110 *
111 * @param cipher cipher number. Must be valid.
112 * @return block size in bytes
113 */
114 int BEncryption_cipher_block_size (int cipher);
115  
116 /**
117 * Returns the key size of a cipher.
118 *
119 * @param cipher cipher number. Must be valid.
120 * @return key size in bytes
121 */
122 int BEncryption_cipher_key_size (int cipher);
123  
124 /**
125 * Initializes the object.
126 * {@link BSecurity_GlobalInitThreadSafe} must have been done if this object
127 * will be used from a non-main thread.
128 *
129 * @param enc the object
130 * @param mode whether encryption or decryption is to be done, or both.
131 * Must be a bitwise-OR of at least one of BENCRYPTION_MODE_ENCRYPT
132 * and BENCRYPTION_MODE_DECRYPT.
133 * @param cipher cipher number. Must be valid.
134 * @param key encryption key
135 */
136 void BEncryption_Init (BEncryption *enc, int mode, int cipher, uint8_t *key);
137  
138 /**
139 * Frees the object.
140 *
141 * @param enc the object
142 */
143 void BEncryption_Free (BEncryption *enc);
144  
145 /**
146 * Encrypts data.
147 * The object must have been initialized with mode including
148 * BENCRYPTION_MODE_ENCRYPT.
149 *
150 * @param enc the object
151 * @param in data to encrypt
152 * @param out ciphertext output
153 * @param len number of bytes to encrypt. Must be >=0 and a multiple of
154 * block size.
155 * @param iv initialization vector. Updated such that continuing a previous encryption
156 * starting with the updated IV is equivalent to performing just one encryption.
157 */
158 void BEncryption_Encrypt (BEncryption *enc, uint8_t *in, uint8_t *out, int len, uint8_t *iv);
159  
160 /**
161 * Decrypts data.
162 * The object must have been initialized with mode including
163 * BENCRYPTION_MODE_DECRYPT.
164 *
165 * @param enc the object
166 * @param in data to decrypt
167 * @param out plaintext output
168 * @param len number of bytes to decrypt. Must be >=0 and a multiple of
169 * block size.
170 * @param iv initialization vector. Updated such that continuing a previous decryption
171 * starting with the updated IV is equivalent to performing just one decryption.
172 */
173 void BEncryption_Decrypt (BEncryption *enc, uint8_t *in, uint8_t *out, int len, uint8_t *iv);
174  
175 #endif