1 /*- 2 * Copyright (C) 2001-2003 by NBMK Encryption Technologies. 3 * All rights reserved. 4 * 5 * NBMK Encryption Technologies provides no support of any kind for 6 * this software. Questions or concerns about it may be addressed to 7 * the members of the relevant open-source community at 8 * <tech-crypto@netbsd.org>. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions are 12 * met: 13 * 14 * 1. Redistributions of source code must retain the above copyright 15 * notice, this list of conditions and the following disclaimer. 16 * 17 * 2. Redistributions in binary form must reproduce the above 18 * copyright notice, this list of conditions and the following 19 * disclaimer in the documentation and/or other materials provided 20 * with the distribution. 21 * 22 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 23 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 24 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 25 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 26 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 27 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 28 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 29 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 30 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 31 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 32 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 33 */ 34 35 /***************************************************************************** 36 * @(#) n8_pub_packet.h 1.21@(#) 37 *****************************************************************************/ 38 39 /*****************************************************************************/ 40 /** @file n8_pub_packet 41 * @brief Public declarations for packet operations. 42 * 43 * Public header file for packet) operations. 44 * 45 *****************************************************************************/ 46 47 /***************************************************************************** 48 * Revision history: 49 * 08/18/03 brr Combine Encrypt/Decrypt command block generators for SSL, 50 * TLS, & IPsec. 51 * 06/06/03 brr Brought useful IPSEC defines to this public include file. 52 * 05/20/03 brr Modified N8_PacketInitialize to setup function pointers & 53 * lengths used in the Encrypt/Decrypt operations. Eliminated 54 * several switch statements from Encrypt/Decrypt operations. 55 * 04/17/03 brr Moved key size constants to this public include file. 56 * 08/06/02 bac Made cipher infos const. 57 * 07/16/02 bac Removed trailing comma from last enum entry in 58 * N8_PacketMemoryMode. 59 * 06/14/02 hml Deleted request field and other unused fields from the 60 * packet object. Also added the N8_PacketMemoryMode_t enum 61 * and protos for the N8_SSLTLS*Memory API calls. 62 * 06/10/02 hml Added request field to packet object. 63 * 03/18/02 hml Added include of n8_pub_buffer.h. 64 * 02/12/02 hml Added proto for N8_PacketBuffersSet. 65 * 02/07/02 hml Added some fields for kernel buffers allocated by user. 66 * 01/22/02 bac Added a boolean to N8_Packet_t to control deferred loading of 67 * context memory. 68 * 11/28/01 mel Fixed bug #365 : ARC4 key type N8_RC4_t incorrectly declared 69 * 11/12/01 hml Added structureID to N8_Packet_t (Bug 261) and changed 70 * PI_PROTOCOL_* to N8_PROTOCOL_*. 71 * 10/25/01 dkm Changed PI_KeyInfo_t to use N8_RC4_t to remove OpenSSL 72 * dependency. 73 * 10/12/01 dkm Original version. 74 ****************************************************************************/ 75 #ifndef N8_PUB_PACKET_H 76 #define N8_PUB_PACKET_H 77 78 #ifdef __cplusplus 79 extern "C" 80 { 81 #endif 82 83 #include "n8_pub_common.h" 84 #include "n8_pub_buffer.h" 85 #include "n8_pub_request.h" 86 87 /***************************************************************************** 88 * #defines 89 *****************************************************************************/ 90 /* Maximum length for mac key */ 91 #define N8_MAC_SECRET_LENGTH 20 92 93 #define N8_PRECOMPUTE_SIZE 5 94 95 /* definitions for key size */ 96 #define ARC4_KEY_SIZE_BYTES_MAX 256 97 #define DES_KEY_SIZE_BYTES 24 98 99 #define N8_SSL_VERSION 0x0300 100 #define N8_TLS_VERSION 0x0301 101 102 #define N8_SSLTLS_MAX_DATA_SIZE_DECRYPT (18 * 1024) 103 #define N8_SSLTLS_MAX_DATA_SIZE_ENCRYPT (17 * 1024) 104 105 /* definitions for IPsec packets */ 106 #define IPSEC_DATA_LENGTH_MAX 18*1024 107 #define IPSEC_DATA_LENGTH_MIN 24 108 #define HMAC_LENGTH 12 109 #define IPSEC_PACKET_HEADER_LENGTH 16 110 #define IPSEC_IV_OFFSET 8 111 #define IPSEC_DATA_OFFSET 16 112 /***************************************************************************** 113 * Structures/type definitions 114 *****************************************************************************/ 115 116 /* 117 * SSL/TLS packet structure as defined by the protocol. 118 */ 119 typedef unsigned char N8_SSLTLSPacket_t; 120 121 /* 122 * IPSec packet structure as defined by the protocol. 123 */ 124 typedef unsigned char N8_IPSecPacket_t; 125 126 /* Specifies the DES keys and IV to use with IPSec */ 127 typedef struct 128 { 129 uint32_t ipad[N8_PRECOMPUTE_SIZE]; 130 uint32_t opad[N8_PRECOMPUTE_SIZE]; 131 uint32_t SPI; 132 uint32_t sequence_number; 133 } N8_IPsecKeyDES_t; 134 135 /* The three permissible values for Protocol are SSL, TLS, and IPSec */ 136 typedef enum 137 { 138 N8_PROTOCOL_SSL = 1, 139 N8_PROTOCOL_TLS, 140 N8_PROTOCOL_IPSEC 141 } N8_Protocol_t; 142 143 /* The memory modes for the packet ops */ 144 typedef enum 145 { 146 N8_PACKETMEMORY_NONE = 1, 147 N8_PACKETMEMORY_REQUEST 148 } N8_PacketMemoryMode_t; 149 150 151 /* cipher info */ 152 typedef union 153 { 154 unsigned char keyARC4[32]; /* specifies ARC4 key to use */ 155 N8_IPsecKeyDES_t IPsecKeyDES; /* specifies data to use with IPSec */ 156 } N8_KeyInfo_t; 157 158 /* N8_CipherInfo_t 159 This is the structure for passing key information during packet 160 initialization. 161 precompute1/2 - For internal use in calculations 162 macSecret - Secret for mac calculation in SSL 163 sequence_number - Initial sequence number for packet 164 IV - Initialization vector 165 key1/2/3 - DES key for initialization (SSL/TLS) 166 keySize - length of key 167 key - Union for initializing RC4 and IPsec DES key 168 hmac_key/_length - Secret and length for HMAC 169 */ 170 typedef struct 171 { 172 uint32_t precompute1[N8_PRECOMPUTE_SIZE]; 173 uint32_t precompute2[N8_PRECOMPUTE_SIZE]; 174 char macSecret[N8_MAC_SECRET_LENGTH]; 175 uint32_t sequence_number[2]; 176 char IV[N8_DES_KEY_LENGTH]; 177 char key1[N8_DES_KEY_LENGTH]; 178 char key2[N8_DES_KEY_LENGTH]; 179 char key3[N8_DES_KEY_LENGTH]; 180 int keySize; /* keys size for verification */ 181 N8_KeyInfo_t key; /* specific protocol data */ 182 N8_Buffer_t *hmac_key; 183 uint32_t hmacKeyLength; 184 N8_Unit_t unitID; /* execution unit */ 185 } N8_CipherInfo_t; 186 187 /* packet object */ 188 typedef struct 189 { 190 N8_Protocol_t packetProtocol; /* packet protocol to use: SSL, TLS, IPSec */ 191 N8_Cipher_t packetCipher; /* cipher: ARC4, DES*/ 192 N8_HashAlgorithm_t packetHashAlgorithm; 193 /* hash algorithm: MD5, SHA-1, HMAC-MD5, HMAC-SHA-1, 194 * HMAC-MD5-96, HMAC-SHA-1-96 */ 195 N8_ContextHandle_t contextHandle; 196 N8_CipherInfo_t cipherInfo; /* keys to use */ 197 N8_HashObject_t hashPacket; /* hash value and information */ 198 N8_Unit_t unitID; /* execution unit */ 199 unsigned int structureID; 200 N8_Boolean_t contextLoadNeeded; /* does the context need to be loaded? 201 * if so, this is done on the first use 202 * of the packet post-initialization.*/ 203 N8_PacketMemoryMode_t mode; /* Memory type for this packet */ 204 unsigned int encCommands; /* Number of cmds needed for encrypt */ 205 unsigned int decCommands; /* Number of cmds needed for decrypt */ 206 int minLength; /* Minimum packet length */ 207 int macLength; /* Hash result length */ 208 void *ctxLoadFcn; /* Context load cmd block generator */ 209 int ctxLoadCmds; /* Number of cmds needed to load ctx */ 210 void *SSLTLScmdFcn; /* cmd block generator function */ 211 unsigned int encOpCode; /* Op Code for encryption operation */ 212 unsigned int decOpCode; /* Op Code for decryption operation */ 213 } N8_Packet_t; 214 215 /***************************************************************************** 216 * Function prototypes 217 *****************************************************************************/ 218 N8_Status_t N8_PacketInitializeMemory(N8_Packet_t *packetObject_p, 219 const N8_ContextHandle_t *contextHandle_p, 220 const N8_Protocol_t protocol, 221 const N8_Cipher_t cipher, 222 const N8_CipherInfo_t *cipherInfo_p, 223 const N8_HashAlgorithm_t hashAlgorithm, 224 const N8_PacketMemoryMode_t mode, 225 N8_Event_t *event_p); 226 227 N8_Status_t N8_PacketInitialize(N8_Packet_t *packetObject_p, 228 const N8_ContextHandle_t *contextHandle_p, 229 const N8_Protocol_t protocol, 230 const N8_Cipher_t cipher, 231 const N8_CipherInfo_t *cipherInfo_p, 232 const N8_HashAlgorithm_t hashAlgorithm, 233 N8_Event_t *event_p); 234 235 N8_Status_t 236 N8_SSLTLSEncryptAuthenticateMemory(N8_Packet_t *packetObj_p, 237 const N8_SSLTLSPacket_t *packet_p, 238 N8_SSLTLSPacket_t *result_p, 239 N8_RequestHandle_t request, 240 N8_Event_t *event_p); 241 242 N8_Status_t 243 N8_SSLTLSDecryptVerifyMemory(N8_Packet_t *packetObj_p, 244 const N8_SSLTLSPacket_t *packet_p, 245 N8_Buffer_t *computedMAC_p, 246 N8_Boolean_t *verify_p, 247 N8_SSLTLSPacket_t *result_p, 248 N8_RequestHandle_t request, 249 N8_Event_t *event_p); 250 251 N8_Status_t N8_SSLTLSEncryptAuthenticate(N8_Packet_t *packetObj_p, 252 const N8_SSLTLSPacket_t *packet_p, 253 N8_SSLTLSPacket_t *result_p, 254 N8_Event_t *event_p); 255 256 N8_Status_t N8_SSLTLSDecryptVerify(N8_Packet_t *packetObj_p, 257 const N8_SSLTLSPacket_t *packet_p, 258 N8_Buffer_t *computedMAC_p, 259 N8_Boolean_t *verify_p, 260 N8_SSLTLSPacket_t *result_p, 261 N8_Event_t *event_p); 262 263 N8_Status_t N8_IPSecEncryptAuthenticate(N8_Packet_t *packetObject_p, 264 N8_IPSecPacket_t *packet_p, 265 int packetLength, 266 N8_IPSecPacket_t *result_p, 267 N8_Event_t *event_p ); 268 269 N8_Status_t N8_IPSecDecryptVerify(N8_Packet_t *packetObject_p, 270 N8_IPSecPacket_t *encryptedPacket_p, 271 int encryptedPacketLength, 272 N8_Buffer_t *computedHMAC_p, 273 N8_Boolean_t *verify, 274 N8_IPSecPacket_t *result_p, 275 N8_Event_t *event_p ); 276 277 #ifdef __cplusplus 278 } 279 #endif 280 281 #endif 282 283 284