1 /* 2 * auth.h 3 * 4 * common interface to authentication functions 5 * 6 * David A. McGrew 7 * Cisco Systems, Inc. 8 */ 9 10 /* 11 * 12 * Copyright (c) 2001-2017, Cisco Systems, Inc. 13 * All rights reserved. 14 * 15 * Redistribution and use in source and binary forms, with or without 16 * modification, are permitted provided that the following conditions 17 * are met: 18 * 19 * Redistributions of source code must retain the above copyright 20 * notice, this list of conditions and the following disclaimer. 21 * 22 * Redistributions in binary form must reproduce the above 23 * copyright notice, this list of conditions and the following 24 * disclaimer in the documentation and/or other materials provided 25 * with the distribution. 26 * 27 * Neither the name of the Cisco Systems, Inc. nor the names of its 28 * contributors may be used to endorse or promote products derived 29 * from this software without specific prior written permission. 30 * 31 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 32 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 33 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 34 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 35 * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, 36 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 37 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 38 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 39 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 40 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 41 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 42 * OF THE POSSIBILITY OF SUCH DAMAGE. 43 * 44 */ 45 46 #ifndef SRTP_AUTH_H 47 #define SRTP_AUTH_H 48 49 #include "srtp.h" 50 #include "crypto_types.h" /* for values of auth_type_id_t */ 51 52 #ifdef __cplusplus 53 extern "C" { 54 #endif 55 56 typedef const struct srtp_auth_type_t *srtp_auth_type_pointer; 57 typedef struct srtp_auth_t *srtp_auth_pointer_t; 58 59 typedef srtp_err_status_t (*srtp_auth_alloc_func)(srtp_auth_pointer_t *ap, 60 int key_len, 61 int out_len); 62 63 typedef srtp_err_status_t (*srtp_auth_init_func)(void *state, 64 const uint8_t *key, 65 int key_len); 66 67 typedef srtp_err_status_t (*srtp_auth_dealloc_func)(srtp_auth_pointer_t ap); 68 69 typedef srtp_err_status_t (*srtp_auth_compute_func)(void *state, 70 const uint8_t *buffer, 71 int octets_to_auth, 72 int tag_len, 73 uint8_t *tag); 74 75 typedef srtp_err_status_t (*srtp_auth_update_func)(void *state, 76 const uint8_t *buffer, 77 int octets_to_auth); 78 79 typedef srtp_err_status_t (*srtp_auth_start_func)(void *state); 80 81 /* some syntactic sugar on these function types */ 82 #define srtp_auth_type_alloc(at, a, klen, outlen) \ 83 ((at)->alloc((a), (klen), (outlen))) 84 85 #define srtp_auth_init(a, key) \ 86 (((a)->type)->init((a)->state, (key), ((a)->key_len))) 87 88 #define srtp_auth_compute(a, buf, len, res) \ 89 (((a)->type)->compute((a)->state, (buf), (len), (a)->out_len, (res))) 90 91 #define srtp_auth_update(a, buf, len) \ 92 (((a)->type)->update((a)->state, (buf), (len))) 93 94 #define srtp_auth_start(a) (((a)->type)->start((a)->state)) 95 96 #define srtp_auth_dealloc(c) (((c)->type)->dealloc(c)) 97 98 /* functions to get information about a particular auth_t */ 99 int srtp_auth_get_key_length(const struct srtp_auth_t *a); 100 101 int srtp_auth_get_tag_length(const struct srtp_auth_t *a); 102 103 int srtp_auth_get_prefix_length(const struct srtp_auth_t *a); 104 105 /* 106 * srtp_auth_test_case_t is a (list of) key/message/tag values that are 107 * known to be correct for a particular cipher. this data can be used 108 * to test an implementation in an on-the-fly self test of the 109 * correctness of the implementation. (see the srtp_auth_type_self_test() 110 * function below) 111 */ 112 typedef struct srtp_auth_test_case_t { 113 int key_length_octets; /* octets in key */ 114 const uint8_t *key; /* key */ 115 int data_length_octets; /* octets in data */ 116 const uint8_t *data; /* data */ 117 int tag_length_octets; /* octets in tag */ 118 const uint8_t *tag; /* tag */ 119 const struct srtp_auth_test_case_t 120 *next_test_case; /* pointer to next testcase */ 121 } srtp_auth_test_case_t; 122 123 /* srtp_auth_type_t */ 124 typedef struct srtp_auth_type_t { 125 srtp_auth_alloc_func alloc; 126 srtp_auth_dealloc_func dealloc; 127 srtp_auth_init_func init; 128 srtp_auth_compute_func compute; 129 srtp_auth_update_func update; 130 srtp_auth_start_func start; 131 const char *description; 132 const srtp_auth_test_case_t *test_data; 133 srtp_auth_type_id_t id; 134 } srtp_auth_type_t; 135 136 typedef struct srtp_auth_t { 137 const srtp_auth_type_t *type; 138 void *state; 139 int out_len; /* length of output tag in octets */ 140 int key_len; /* length of key in octets */ 141 int prefix_len; /* length of keystream prefix */ 142 } srtp_auth_t; 143 144 /* 145 * srtp_auth_type_self_test() tests an auth_type against test cases 146 * provided in an array of values of key/message/tag that is known to 147 * be good 148 */ 149 srtp_err_status_t srtp_auth_type_self_test(const srtp_auth_type_t *at); 150 151 /* 152 * srtp_auth_type_test() tests an auth_type against external test cases 153 * provided in an array of values of key/message/tag that is known to 154 * be good 155 */ 156 srtp_err_status_t srtp_auth_type_test(const srtp_auth_type_t *at, 157 const srtp_auth_test_case_t *test_data); 158 159 /* 160 * srtp_replace_auth_type(ct, id) 161 * 162 * replaces srtp's kernel's auth type implementation for the auth_type id 163 * with a new one passed in externally. The new auth type must pass all the 164 * existing auth_type's self tests as well as its own. 165 */ 166 srtp_err_status_t srtp_replace_auth_type(const srtp_auth_type_t *ct, 167 srtp_auth_type_id_t id); 168 169 #ifdef __cplusplus 170 } 171 #endif 172 173 #endif /* SRTP_AUTH_H */ 174