/* $OpenBSD: xform.h,v 1.8 2001/08/28 12:20:43 ben Exp $ */12/*-3* The author of this code is Angelos D. Keromytis ([email protected])4*5* This code was written by Angelos D. Keromytis in Athens, Greece, in6* February 2000. Network Security Technologies Inc. (NSTI) kindly7* supported the development of this code.8*9* Copyright (c) 2000 Angelos D. Keromytis10* Copyright (c) 2014 The FreeBSD Foundation11* All rights reserved.12*13* Portions of this software were developed by John-Mark Gurney14* under sponsorship of the FreeBSD Foundation and15* Rubicon Communications, LLC (Netgate).16*17* Permission to use, copy, and modify this software without fee18* is hereby granted, provided that this entire notice is included in19* all source code copies of any software which is or includes a copy or20* modification of this software.21*22* THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR23* IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY24* REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE25* MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR26* PURPOSE.27*/2829#ifndef _CRYPTO_XFORM_ENC_H_30#define _CRYPTO_XFORM_ENC_H_3132#include <sys/types.h>3334#include <crypto/rijndael/rijndael.h>35#include <crypto/camellia/camellia.h>36#include <opencrypto/cryptodev.h>37#ifdef _STANDALONE38#include <stand.h>39#endif4041#define AESICM_BLOCKSIZE AES_BLOCK_LEN42#define AES_XTS_BLOCKSIZE 1643#define AES_XTS_IVSIZE 844#define AES_XTS_ALPHA 0x87 /* GF(2^128) generator polynomial */4546/* Declarations */47struct enc_xform {48int type;49const char *name;50size_t ctxsize;51uint16_t blocksize; /* Required input block size -- 1 for stream ciphers. */52uint16_t native_blocksize; /* Used for stream ciphers. */53uint16_t ivsize;54uint16_t minkey, maxkey;55uint16_t macsize; /* For AEAD ciphers. */5657/* Initialize context and set key. */58int (*setkey) (void *, const uint8_t *, int len);5960/* Supply context with nonce/IV. */61void (*reinit) (void *, const uint8_t *, size_t);6263/*64* Encrypt/decrypt a single block. For stream ciphers this65* encrypts/decrypts a single "native" block.66*/67void (*encrypt) (void *, const uint8_t *, uint8_t *);68void (*decrypt) (void *, const uint8_t *, uint8_t *);6970/*71* Encrypt/decrypt multiple blocks. For stream ciphers this72* encrypts/decrypts multiple "native" blocks. The fourth73* argument is a count of bytes.74*/75void (*encrypt_multi) (void *, const uint8_t *, uint8_t *, size_t);76void (*decrypt_multi) (void *, const uint8_t *, uint8_t *, size_t);7778/*79* For stream ciphers, encrypt/decrypt the final partial block80* of 'len' bytes.81*/82void (*encrypt_last) (void *, const uint8_t *, uint8_t *, size_t len);83void (*decrypt_last) (void *, const uint8_t *, uint8_t *, size_t len);8485/*86* For AEAD ciphers, update and generate MAC/tag.87*/88int (*update) (void *, const void *, u_int);89void (*final) (uint8_t *, void *);90};919293extern const struct enc_xform enc_xform_null;94extern const struct enc_xform enc_xform_aes_cbc;95extern const struct enc_xform enc_xform_aes_icm;96extern const struct enc_xform enc_xform_aes_nist_gcm;97extern const struct enc_xform enc_xform_aes_nist_gmac;98extern const struct enc_xform enc_xform_aes_xts;99extern const struct enc_xform enc_xform_camellia;100extern const struct enc_xform enc_xform_chacha20;101extern const struct enc_xform enc_xform_chacha20_poly1305;102extern const struct enc_xform enc_xform_xchacha20_poly1305;103extern const struct enc_xform enc_xform_ccm;104105struct aes_icm_ctx {106uint32_t ac_ek[4*(RIJNDAEL_MAXNR + 1)];107/* ac_block is initialized to IV */108uint8_t ac_block[AESICM_BLOCKSIZE];109int ac_nr;110};111112struct aes_xts_ctx {113rijndael_ctx key1;114rijndael_ctx key2;115uint8_t tweak[AES_XTS_BLOCKSIZE];116};117118#endif /* _CRYPTO_XFORM_ENC_H_ */119120121