1 /*
2  * crypto_kernel.h
3  *
4  * header for the cryptographic kernel
5  *
6  * David A. McGrew
7  * Cisco Systems, Inc.
8  */
9 /*
10  *
11  * Copyright(c) 2001-2006 Cisco Systems, Inc.
12  * All rights reserved.
13  *
14  * Redistribution and use in source and binary forms, with or without
15  * modification, are permitted provided that the following conditions
16  * are met:
17  *
18  *   Redistributions of source code must retain the above copyright
19  *   notice, this list of conditions and the following disclaimer.
20  *
21  *   Redistributions in binary form must reproduce the above
22  *   copyright notice, this list of conditions and the following
23  *   disclaimer in the documentation and/or other materials provided
24  *   with the distribution.
25  *
26  *   Neither the name of the Cisco Systems, Inc. nor the names of its
27  *   contributors may be used to endorse or promote products derived
28  *   from this software without specific prior written permission.
29  *
30  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
31  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
32  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
33  * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
34  * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
35  * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
36  * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
37  * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
38  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
39  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
40  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
41  * OF THE POSSIBILITY OF SUCH DAMAGE.
42  *
43  */
44 
45 
46 #ifndef CRYPTO_KERNEL
47 #define CRYPTO_KERNEL
48 
49 #include "rand_source.h"
50 #include "prng.h"
51 #include "cipher.h"
52 #include "auth.h"
53 #include "cryptoalg.h"
54 #include "stat.h"
55 #include "err.h"
56 #include "crypto_types.h"
57 #include "key.h"
58 #include "crypto.h"
59 
60 /*
61  * crypto_kernel_state_t defines the possible states:
62  *
63  *    insecure - not yet initialized
64  *    secure   - initialized and passed self-tests
65  */
66 
67 typedef enum {
68   crypto_kernel_state_insecure,
69   crypto_kernel_state_secure
70 } crypto_kernel_state_t;
71 
72 /*
73  * linked list of cipher types
74  */
75 
76 typedef struct kernel_cipher_type {
77   cipher_type_id_t  id;
78   cipher_type_t    *cipher_type;
79   struct kernel_cipher_type *next;
80 } kernel_cipher_type_t;
81 
82 /*
83  * linked list of auth types
84  */
85 
86 typedef struct kernel_auth_type {
87   auth_type_id_t  id;
88   auth_type_t    *auth_type;
89   struct kernel_auth_type *next;
90 } kernel_auth_type_t;
91 
92 /*
93  * linked list of debug modules
94  */
95 
96 typedef struct kernel_debug_module {
97   debug_module_t *mod;
98   struct kernel_debug_module *next;
99 } kernel_debug_module_t;
100 
101 
102 /*
103  * crypto_kernel_t is the data structure for the crypto kernel
104  *
105  * note that there is *exactly one* instance of this data type,
106  * a global variable defined in crypto_kernel.c
107  */
108 
109 typedef struct {
110   crypto_kernel_state_t state;              /* current state of kernel     */
111   kernel_cipher_type_t *cipher_type_list;   /* list of all cipher types    */
112   kernel_auth_type_t   *auth_type_list;     /* list of all auth func types */
113   kernel_debug_module_t *debug_module_list; /* list of all debug modules   */
114 } crypto_kernel_t;
115 
116 
117 /*
118  * crypto_kernel_t external api
119  */
120 
121 
122 /*
123  * The function crypto_kernel_init() initialized the crypto kernel and
124  * runs the self-test operations on the random number generators and
125  * crypto algorithms.  Possible return values are:
126  *
127  *    err_status_ok     initialization successful
128  *    <other>           init failure
129  *
130  * If any value other than err_status_ok is returned, the
131  * crypto_kernel MUST NOT be used.
132  */
133 
134 err_status_t
135 crypto_kernel_init(void);
136 
137 
138 /*
139  * The function crypto_kernel_shutdown() de-initializes the
140  * crypto_kernel, zeroizes keys and other cryptographic material, and
141  * deallocates any dynamically allocated memory.  Possible return
142  * values are:
143  *
144  *    err_status_ok     shutdown successful
145  *    <other>           shutdown failure
146  *
147  */
148 
149 err_status_t
150 crypto_kernel_shutdown(void);
151 
152 /*
153  * The function crypto_kernel_stats() checks the the crypto_kernel,
154  * running tests on the ciphers, auth funcs, and rng, and prints out a
155  * status report.  Possible return values are:
156  *
157  *    err_status_ok     all tests were passed
158  *    <other>           a test failed
159  *
160  */
161 
162 err_status_t
163 crypto_kernel_status(void);
164 
165 
166 /*
167  * crypto_kernel_list_debug_modules() outputs a list of debugging modules
168  *
169  */
170 
171 err_status_t
172 crypto_kernel_list_debug_modules(void);
173 
174 /*
175  * crypto_kernel_load_cipher_type()
176  *
177  */
178 
179 err_status_t
180 crypto_kernel_load_cipher_type(cipher_type_t *ct, cipher_type_id_t id);
181 
182 err_status_t
183 crypto_kernel_load_auth_type(auth_type_t *ct, auth_type_id_t id);
184 
185 err_status_t
186 crypto_kernel_load_debug_module(debug_module_t *new_dm);
187 
188 /*
189  * crypto_kernel_alloc_cipher(id, cp, key_len);
190  *
191  * allocates a cipher of type id at location *cp, with key length
192  * key_len octets.  Return values are:
193  *
194  *    err_status_ok           no problems
195  *    err_status_alloc_fail   an allocation failure occured
196  *    err_status_fail         couldn't find cipher with identifier 'id'
197  */
198 
199 err_status_t
200 crypto_kernel_alloc_cipher(cipher_type_id_t id,
201 			   cipher_pointer_t *cp,
202 			   int key_len);
203 
204 /*
205  * crypto_kernel_alloc_auth(id, ap, key_len, tag_len);
206  *
207  * allocates an auth function of type id at location *ap, with key
208  * length key_len octets and output tag length of tag_len.  Return
209  * values are:
210  *
211  *    err_status_ok           no problems
212  *    err_status_alloc_fail   an allocation failure occured
213  *    err_status_fail         couldn't find auth with identifier 'id'
214  */
215 
216 err_status_t
217 crypto_kernel_alloc_auth(auth_type_id_t id,
218 			 auth_pointer_t *ap,
219 			 int key_len,
220 			 int tag_len);
221 
222 
223 /*
224  * crypto_kernel_set_debug_module(mod_name, v)
225  *
226  * sets dynamic debugging to the value v (0 for off, 1 for on) for the
227  * debug module with the name mod_name
228  *
229  * returns err_status_ok on success, err_status_fail otherwise
230  */
231 
232 err_status_t
233 crypto_kernel_set_debug_module(char *mod_name, int v);
234 
235 /**
236  * @brief writes a random octet string.
237  *
238  * The function call crypto_get_random(dest, len) writes len octets of
239  * random data to the location to which dest points, and returns an
240  * error code.  This error code @b must be checked, and if a failure is
241  * reported, the data in the buffer @b must @b not be used.
242  *
243  * @warning If the return code is not checked, then non-random
244  *          data may be in the buffer.  This function will fail
245  *          unless it is called after crypto_kernel_init().
246  *
247  * @return
248  *     - err_status_ok    if no problems occured.
249  *     - [other]          a problem occured, and no assumptions should
250  *                        be made about the contents of the destination
251  *                        buffer.
252  *
253  * @ingroup SRTP
254  */
255 err_status_t
256 crypto_get_random(unsigned char *buffer, unsigned int length);
257 
258 #endif /* CRYPTO_KERNEL */
259