1 /* 2 * SRT - Secure, Reliable, Transport 3 * Copyright (c) 2019 Haivision Systems Inc. 4 * 5 * This Source Code Form is subject to the terms of the Mozilla Public 6 * License, v. 2.0. If a copy of the MPL was not distributed with this 7 * file, You can obtain one at http://mozilla.org/MPL/2.0/. 8 * 9 */ 10 11 12 /***************************************************************************** 13 written by 14 Haivision Systems Inc. 15 16 2019-06-28 (jdube) 17 CRYSPR/4SRT Initial implementation. 18 *****************************************************************************/ 19 20 #ifndef CRYSPR_H 21 #define CRYSPR_H 22 23 #include <stdbool.h> 24 #include <sys/types.h> 25 26 #if !defined(HAISRT_VERSION_INT) 27 #include "haicrypt.h" 28 #include "hcrypt_msg.h" 29 #else 30 // Included by haisrt.h or similar 31 #include "haisrt/haicrypt.h" 32 #include "haisrt/hcrypt_msg.h" 33 #endif 34 35 #ifdef __cplusplus 36 extern "C" { 37 #endif 38 39 #include "cryspr-config.h" 40 41 typedef struct tag_CRYSPR_cb { 42 CRYSPR_AESCTX aes_kek; /* Key Encrypting Key (KEK) */ 43 CRYSPR_AESCTX aes_sek[2]; /* even/odd Stream Encrypting Key (SEK) */ 44 45 struct tag_CRYSPR_methods *cryspr; 46 47 #if !CRYSPR_HAS_AESCTR 48 /* Reserve room to build the counter stream ourself */ 49 #define HCRYPT_CTR_BLK_SZ CRYSPR_AESBLKSZ 50 #define HCRYPT_CTR_STREAM_SZ 2048 51 unsigned char * ctr_stream; 52 size_t ctr_stream_len; /* Content size */ 53 size_t ctr_stream_siz; /* Allocated length */ 54 #endif /* !CRYSPR_HAS_AESCTR */ 55 56 #define CRYSPR_OUTMSGMAX 6 57 uint8_t * outbuf; /* output circle buffer */ 58 size_t outbuf_ofs; /* write offset in circle buffer */ 59 size_t outbuf_siz; /* circle buffer size */ 60 } CRYSPR_cb; 61 62 typedef struct tag_CRYSPR_methods { 63 /* 64 * prng: 65 * Pseudo-Random Number Generator 66 */ 67 int (*prng)( 68 unsigned char *rn, /* out: pseudo random number */ 69 int rn_len); 70 71 int (*aes_set_key)( 72 bool bEncrypt, /* true Enxcrypt key, false: decrypt */ 73 const unsigned char *kstr,/* key string*/ 74 size_t kstr_len, /* kstr len in bytes (16, 24, or 32 bytes (for AES128,AES192, or AES256) */ 75 CRYSPR_AESCTX *aeskey); /* Cryptolib Specific AES key context */ 76 77 int (*aes_ecb_cipher)( 78 bool bEncrypt, /* true:encrypt false:decrypt */ 79 CRYSPR_AESCTX *aes_key, /* ctx */ 80 const unsigned char *indata, /* src (clear text)*/ 81 size_t inlen, /* src length */ 82 unsigned char *out_txt, /* dst (cipher text) */ 83 size_t *outlen); /* dst length */ 84 85 int (*aes_ctr_cipher)( 86 bool bEncrypt, /* true:encrypt false:decrypt (don't care with CTR) */ 87 CRYSPR_AESCTX *aes_key, /* ctx */ 88 unsigned char *iv, /* iv */ 89 const unsigned char *indata, /* src (clear text) */ 90 size_t inlen, /* src length */ 91 unsigned char *out_txt);/* dest */ 92 93 unsigned char *(*sha1_msg_digest)( 94 const unsigned char *m, /* in: message */ 95 size_t m_len, /* message length */ 96 unsigned char *md); /* out: message digest buffer *160 bytes */ 97 98 /* 99 * open: 100 * Create a cipher instance 101 * Allocate output buffers 102 */ 103 CRYSPR_cb *(*open)( 104 struct tag_CRYSPR_methods *cryspr, 105 size_t max_len); /* Maximum packet length that will be encrypted/decrypted */ 106 107 /* 108 * close: 109 * Release any cipher resources 110 */ 111 int (*close)( 112 CRYSPR_cb *cryspr_data); /* Cipher handle, internal data */ 113 114 /* 115 * pbkdf2_hmac_sha1 116 * Password-based Key Derivation Function 2 117 */ 118 int (*km_pbkdf2)( 119 CRYSPR_cb *cryspr_cb, /* Cryspr Control Block */ 120 char *passwd, /* passphrase */ 121 size_t passwd_len, /* passphrase len */ 122 unsigned char *salt, /* salt */ 123 size_t salt_len, /* salt_len */ 124 int itr, /* iterations */ 125 size_t out_len, /* key_len */ 126 unsigned char *out); /* derived key */ 127 128 /* 129 * km_setkey: 130 * Set the Key Encypting Key for Wrap (Encryption) or UnWrap (Decryption). 131 * Context (ctx) tells if it's for Wrap or Unwrap 132 * A Context flags (ctx->flags) also tells if this is for wrap(encryption) or unwrap(decryption) context (HCRYPT_CTX_F_ENCRYPT) 133 */ 134 int (*km_setkey)( 135 CRYSPR_cb *cryspr_cb, /* Cryspr Control Block */ 136 bool bWrap, /* True: Wrap KEK, False: Unwrap KEK */ 137 const unsigned char *kek, size_t kek_len); /* KEK: Key Encrypting Key */ 138 139 /* 140 * km_wrap: 141 * wrap media stream key 142 */ 143 int (*km_wrap)(CRYSPR_cb *cryspr_cb, 144 unsigned char *wrap, 145 const unsigned char *sek, 146 unsigned int seklen); 147 148 /* 149 * km_unwrap: 150 * wrap media stream key 151 */ 152 int (*km_unwrap)(CRYSPR_cb *cryspr_cb, 153 unsigned char *sek, 154 const unsigned char *wrap, 155 unsigned int wraplen); 156 /* 157 * setkey: 158 * Set the Odd or Even, Encryption or Decryption key. 159 * Context (ctx) tells if it's for Odd or Even key (hcryptCtx_GetKeyIndex(ctx)) 160 * A Context flags (ctx->flags) also tells if this is an encryption or decryption context (HCRYPT_CTX_F_ENCRYPT) 161 */ 162 int (*ms_setkey)( 163 CRYSPR_cb *cryspr_cb, /* Cryspr Control Block */ 164 hcrypt_Ctx *ctx, /* HaiCrypt Context (cipher, keys, Odd/Even, etc..) */ 165 const unsigned char *key, size_t kwelen); /* New Key */ 166 167 /* 168 * encrypt: 169 * Submit a list of nbin clear transport packets (hcrypt_DataDesc *in_data) to encryption 170 * returns *nbout encrypted data packets of length out_len_p[] into out_p[] 171 * 172 * If cipher implements deferred encryption (co-processor, async encryption), 173 * it may return no encrypted packets, or encrypted packets for clear text packets of a previous call. 174 */ 175 int (*ms_encrypt)( 176 CRYSPR_cb *cryspr_cb, /* Cryspr Control Block */ 177 hcrypt_Ctx *ctx, /* HaiCrypt Context (cipher, keys, Odd/Even, etc..) */ 178 hcrypt_DataDesc *in_data, int nbin, /* Clear text transport packets: header and payload */ 179 void *out_p[], size_t out_len_p[], int *nbout); /* Encrypted packets */ 180 181 /* 182 * decrypt: 183 * Submit a list of nbin encrypted transport packets (hcrypt_DataDesc *in_data) to decryption 184 * returns *nbout clear text data packets of length out_len_p[] into out_p[] 185 * 186 * If cipher implements deferred decryption (co-processor, async encryption), 187 * it may return no decrypted packets, or decrypted packets for encrypted packets of a previous call. 188 */ 189 int (*ms_decrypt)( 190 CRYSPR_cb *cryspr_cb, /* Cryspr Control Block */ 191 hcrypt_Ctx *ctx, /* HaiCrypt Context (cipher, keys, Odd/Even, etc..) */ 192 hcrypt_DataDesc *in_data, int nbin, /* Clear text transport packets: header and payload */ 193 void *out_p[], size_t out_len_p[], int *nbout); /* Encrypted packets */ 194 195 } CRYSPR_methods; 196 197 CRYSPR_methods *crysprInit(CRYSPR_methods *cryspr); 198 199 #ifdef __cplusplus 200 } 201 #endif 202 203 #endif /* CRYSPR_H */ 204