177 lines
5.4 KiB
C
177 lines
5.4 KiB
C
/*
|
|
* Copyright (C) 2020 Tobias Brunner
|
|
* HSR Hochschule fuer Technik Rapperswil
|
|
*
|
|
* Copyright (C) 2014 Martin Willi
|
|
* Copyright (C) 2014 revosec AG
|
|
*
|
|
* This program is free software; you can redistribute it and/or modify it
|
|
* under the terms of the GNU General Public License as published by the
|
|
* Free Software Foundation; either version 2 of the License, or (at your
|
|
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
|
|
*
|
|
* This program is distributed in the hope that it will be useful, but
|
|
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
|
|
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
|
* for more details.
|
|
*/
|
|
|
|
/**
|
|
* @defgroup tls_aead tls_aead
|
|
* @{ @ingroup tls
|
|
*/
|
|
|
|
#ifndef TLS_AEAD_H_
|
|
#define TLS_AEAD_H_
|
|
|
|
typedef struct tls_aead_t tls_aead_t;
|
|
|
|
#include "tls.h"
|
|
|
|
/**
|
|
* TLS specific AEAD interface, includes padding.
|
|
*
|
|
* As TLS uses sign-then-encrypt instead of the more modern encrypt-then-sign,
|
|
* we can't directly abstract traditional transforms using our aead_t interface.
|
|
* With traditional transforms, the AEAD operation has to manage padding, as
|
|
* the MAC is calculated over unpadded data.
|
|
*/
|
|
struct tls_aead_t {
|
|
|
|
/**
|
|
* Encrypt and sign a TLS record.
|
|
*
|
|
* The plain data chunk gets freed on success, and the data chunk
|
|
* gets updated with a new allocation of the encrypted data.
|
|
* If next_iv is given, it must contain the IV for this operation. It
|
|
* gets updated to the IV for the next record.
|
|
*
|
|
* @param version TLS version
|
|
* @param type TLS content type (may be changed)
|
|
* @param seq record sequence number
|
|
* @param data data to encrypt, encryption result
|
|
* @return TRUE if successfully encrypted
|
|
*/
|
|
bool (*encrypt)(tls_aead_t *this, tls_version_t version,
|
|
tls_content_type_t *type, uint64_t seq, chunk_t *data);
|
|
|
|
/**
|
|
* Decrypt and verify a TLS record.
|
|
*
|
|
* The passed encrypted data chunk gets updated to the decrypted record
|
|
* length, decryption is done inline.
|
|
*
|
|
* @param version TLS version
|
|
* @param type TLS content type (may be changed)
|
|
* @param seq record sequence number
|
|
* @param data data to decrypt, decrypted result
|
|
* @return TRUE if successfully decrypted
|
|
*/
|
|
bool (*decrypt)(tls_aead_t *this, tls_version_t version,
|
|
tls_content_type_t *type, uint64_t seq, chunk_t *data);
|
|
|
|
/**
|
|
* Get the authentication key size.
|
|
*
|
|
* @return key size, in bytes, 0 if not used
|
|
*/
|
|
size_t (*get_mac_key_size)(tls_aead_t *this);
|
|
|
|
/**
|
|
* Get the encryption key size, if used.
|
|
*
|
|
* @return key size, in bytes, 0 if not used
|
|
*/
|
|
size_t (*get_encr_key_size)(tls_aead_t *this);
|
|
|
|
/**
|
|
* Get the size of implicit IV (or AEAD salt), if used.
|
|
*
|
|
* @return IV/salt size, in bytes, 0 if not used
|
|
*/
|
|
size_t (*get_iv_size)(tls_aead_t *this);
|
|
|
|
/**
|
|
* Set the keys used by an AEAD transform.
|
|
*
|
|
* @param mac authentication key, if used
|
|
* @param encr encryption key, if used
|
|
* @param iv initial implicit IV or AEAD salt, if any
|
|
* @return TRUE if key valid and set
|
|
*/
|
|
bool (*set_keys)(tls_aead_t *this, chunk_t mac, chunk_t ecnr, chunk_t iv);
|
|
|
|
/**
|
|
* Destroy a tls_aead_t.
|
|
*/
|
|
void (*destroy)(tls_aead_t *this);
|
|
};
|
|
|
|
/**
|
|
* Create a tls_aead instance using traditional transforms, explicit IV.
|
|
*
|
|
* An explicit IV means that the IV is prepended to each TLS record. This is
|
|
* the mechanism used in TLS 1.1 and newer.
|
|
*
|
|
* @param mac integrity protection algorithm
|
|
* @param encr encryption algorithm
|
|
* @param encr_size encryption key size, in bytes
|
|
* @return TLS AEAD transform
|
|
*/
|
|
tls_aead_t *tls_aead_create_explicit(integrity_algorithm_t mac,
|
|
encryption_algorithm_t encr, size_t encr_size);
|
|
|
|
/**
|
|
* Create a tls_aead instance using traditional transforms, implicit IV.
|
|
*
|
|
* An implicit IV uses a first IV derived from the TLS keymat, which then
|
|
* gets replaced by the last encrypted records tail. This is the mechanism
|
|
* used for TLS 1.0 and older.
|
|
*
|
|
* @param mac integrity protection algorithm
|
|
* @param encr encryption algorithm
|
|
* @param encr_size encryption key size, in bytes
|
|
* @return TLS AEAD transform
|
|
*/
|
|
tls_aead_t *tls_aead_create_implicit(integrity_algorithm_t mac,
|
|
encryption_algorithm_t encr, size_t encr_size);
|
|
|
|
/**
|
|
* Create a tls_aead instance using NULL encryption.
|
|
*
|
|
* As no IV is involved with null encryption, this AEAD works with any
|
|
* version of TLS.
|
|
*
|
|
* @param mac integrity protection algorithm
|
|
* @return TLS AEAD transform
|
|
*/
|
|
tls_aead_t *tls_aead_create_null(integrity_algorithm_t mac);
|
|
|
|
/**
|
|
* Create a tls_aead instance using real a AEAD cipher.
|
|
*
|
|
* The sequence number is used as IV directly. The internally used nonce
|
|
* is derived from the key material. Used for TLS 1.2.
|
|
*
|
|
* @param encr AEAD encryption algorithm
|
|
* @param encr_size encryption key size, in bytes
|
|
* @return TLS AEAD transform
|
|
*/
|
|
tls_aead_t *tls_aead_create_aead(encryption_algorithm_t encr, size_t encr_size);
|
|
|
|
/**
|
|
* Create a tls_aead instance using real a AEAD cipher and sequence number
|
|
* as IV.
|
|
*
|
|
* The sequence number XORed with a static value of at least the same length
|
|
* that is derived from the key material is used as IV. This is what TLS 1.3
|
|
* and newer uses.
|
|
*
|
|
* @param encr AEAD encryption algorithm
|
|
* @param encr_size encryption key size, in bytes
|
|
* @return TLS AEAD transform
|
|
*/
|
|
tls_aead_t *tls_aead_create_seq(encryption_algorithm_t encr, size_t encr_size);
|
|
|
|
#endif /** TLS_AEAD_H_ @}*/
|