1/*
2 * auth.h
3 *
4 * common interface to authentication functions
5 *
6 * David A. McGrew
7 * Cisco Systems, Inc.
8 */
9
10/*
11 *
12 * Copyright (c) 2001-2006, Cisco Systems, Inc.
13 * All rights reserved.
14 *
15 * Redistribution and use in source and binary forms, with or without
16 * modification, are permitted provided that the following conditions
17 * are met:
18 *
19 *   Redistributions of source code must retain the above copyright
20 *   notice, this list of conditions and the following disclaimer.
21 *
22 *   Redistributions in binary form must reproduce the above
23 *   copyright notice, this list of conditions and the following
24 *   disclaimer in the documentation and/or other materials provided
25 *   with the distribution.
26 *
27 *   Neither the name of the Cisco Systems, Inc. nor the names of its
28 *   contributors may be used to endorse or promote products derived
29 *   from this software without specific prior written permission.
30 *
31 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
32 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
33 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
34 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
35 * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
36 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
37 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
38 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
39 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
40 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
41 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
42 * OF THE POSSIBILITY OF SUCH DAMAGE.
43 *
44 */
45
46#ifndef AUTH_H
47#define AUTH_H
48
49#include "datatypes.h"
50#include "err.h"                /* error codes    */
51#include "crypto.h"		/* for auth_type_id_t */
52#include "crypto_types.h"	/* for values of auth_type_id_t */
53
54typedef struct auth_type_t *auth_type_pointer;
55typedef struct auth_t      *auth_pointer_t;
56
57typedef err_status_t (*auth_alloc_func)
58     (auth_pointer_t *ap, int key_len, int out_len);
59
60typedef err_status_t (*auth_init_func)
61     (void *state, const uint8_t *key, int key_len);
62
63typedef err_status_t (*auth_dealloc_func)(auth_pointer_t ap);
64
65typedef err_status_t (*auth_compute_func)
66     (void *state, uint8_t *buffer, int octets_to_auth,
67      int tag_len, uint8_t *tag);
68
69typedef err_status_t (*auth_update_func)
70     (void *state, uint8_t *buffer, int octets_to_auth);
71
72typedef err_status_t (*auth_start_func)(void *state);
73
74/* some syntactic sugar on these function types */
75
76#define auth_type_alloc(at, a, klen, outlen)                        \
77                 ((at)->alloc((a), (klen), (outlen)))
78
79#define auth_init(a, key)                                           \
80                 (((a)->type)->init((a)->state, (key), ((a)->key_len)))
81
82#define auth_compute(a, buf, len, res)                              \
83       (((a)->type)->compute((a)->state, (buf), (len), (a)->out_len, (res)))
84
85#define auth_update(a, buf, len)                                    \
86       (((a)->type)->update((a)->state, (buf), (len)))
87
88#define auth_start(a)(((a)->type)->start((a)->state))
89
90#define auth_dealloc(c) (((c)->type)->dealloc(c))
91
92/* functions to get information about a particular auth_t */
93
94int
95auth_get_key_length(const struct auth_t *a);
96
97int
98auth_get_tag_length(const struct auth_t *a);
99
100int
101auth_get_prefix_length(const struct auth_t *a);
102
103/*
104 * auth_test_case_t is a (list of) key/message/tag values that are
105 * known to be correct for a particular cipher.  this data can be used
106 * to test an implementation in an on-the-fly self test of the
107 * correcness of the implementation.  (see the auth_type_self_test()
108 * function below)
109 */
110
111typedef struct auth_test_case_t {
112  int key_length_octets;                    /* octets in key            */
113  uint8_t *key;                             /* key                      */
114  int data_length_octets;                   /* octets in data           */
115  uint8_t *data;                            /* data                     */
116  int tag_length_octets;                    /* octets in tag            */
117  uint8_t *tag;                             /* tag                      */
118  struct auth_test_case_t *next_test_case;  /* pointer to next testcase */
119} auth_test_case_t;
120
121/* auth_type_t */
122
123typedef struct auth_type_t {
124  auth_alloc_func      alloc;
125  auth_dealloc_func    dealloc;
126  auth_init_func       init;
127  auth_compute_func    compute;
128  auth_update_func     update;
129  auth_start_func      start;
130  char                *description;
131  int                  ref_count;
132  auth_test_case_t    *test_data;
133  debug_module_t      *debug;
134  auth_type_id_t       id;
135} auth_type_t;
136
137typedef struct auth_t {
138  auth_type_t *type;
139  void        *state;
140  int          out_len;           /* length of output tag in octets */
141  int          key_len;           /* length of key in octets        */
142  int          prefix_len;        /* length of keystream prefix     */
143} auth_t;
144
145/*
146 * auth_type_self_test() tests an auth_type against test cases
147 * provided in an array of values of key/message/tag that is known to
148 * be good
149 */
150
151err_status_t
152auth_type_self_test(const auth_type_t *at);
153
154/*
155 * auth_type_test() tests an auth_type against external test cases
156 * provided in an array of values of key/message/tag that is known to
157 * be good
158 */
159
160err_status_t
161auth_type_test(const auth_type_t *at, const auth_test_case_t *test_data);
162
163/*
164 * auth_type_get_ref_count(at) returns the reference count (the number
165 * of instantiations) of the auth_type_t at
166 */
167
168int
169auth_type_get_ref_count(const auth_type_t *at);
170
171#endif /* AUTH_H */
172