1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
|
/*
* Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License").
* You may not use this file except in compliance with the License.
* A copy of the License is located at
*
* http://aws.amazon.com/apache2.0
*
* or in the "license" file accompanying this file. This file is distributed
* on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
* express or implied. See the License for the specific language governing
* permissions and limitations under the License.
*/
#pragma once
#include <openssl/evp.h>
#include <openssl/aes.h>
#include <openssl/rc4.h>
#include <openssl/des.h>
#include <openssl/rsa.h>
#include <openssl/dh.h>
#include "crypto/s2n_crypto.h"
#include "utils/s2n_blob.h"
#if defined(OPENSSL_IS_BORINGSSL) || defined(OPENSSL_IS_AWSLC)
#define S2N_CIPHER_AEAD_API_AVAILABLE
#endif
struct s2n_session_key {
EVP_CIPHER_CTX *evp_cipher_ctx;
#if defined(S2N_CIPHER_AEAD_API_AVAILABLE)
EVP_AEAD_CTX *evp_aead_ctx;
#endif
};
struct s2n_stream_cipher {
int (*decrypt) (struct s2n_session_key * key, struct s2n_blob * in, struct s2n_blob * out);
int (*encrypt) (struct s2n_session_key * key, struct s2n_blob * in, struct s2n_blob * out);
};
struct s2n_cbc_cipher {
uint8_t block_size;
uint8_t record_iv_size;
int (*decrypt) (struct s2n_session_key * key, struct s2n_blob * iv, struct s2n_blob * in, struct s2n_blob * out);
int (*encrypt) (struct s2n_session_key * key, struct s2n_blob * iv, struct s2n_blob * in, struct s2n_blob * out);
};
struct s2n_aead_cipher {
uint8_t fixed_iv_size;
uint8_t record_iv_size;
uint8_t tag_size;
int (*decrypt) (struct s2n_session_key * key, struct s2n_blob * iv, struct s2n_blob * add, struct s2n_blob * in, struct s2n_blob * out);
int (*encrypt) (struct s2n_session_key * key, struct s2n_blob * iv, struct s2n_blob * add, struct s2n_blob * in, struct s2n_blob * out);
};
struct s2n_composite_cipher {
uint8_t block_size;
uint8_t record_iv_size;
uint8_t mac_key_size;
int (*decrypt) (struct s2n_session_key *key, struct s2n_blob *iv, struct s2n_blob *in, struct s2n_blob *out);
int (*encrypt) (struct s2n_session_key *key, struct s2n_blob *iv, struct s2n_blob *in, struct s2n_blob *out);
int (*set_mac_write_key) (struct s2n_session_key *key, uint8_t *mac_key, uint32_t mac_size);
int (*initial_hmac) (struct s2n_session_key *key, uint8_t *sequence_number, uint8_t content_type, uint16_t protocol_version,
uint16_t payload_and_eiv_len, int *extra);
};
struct s2n_cipher {
enum { S2N_STREAM, S2N_CBC, S2N_AEAD, S2N_COMPOSITE } type;
union {
struct s2n_stream_cipher stream;
struct s2n_aead_cipher aead;
struct s2n_cbc_cipher cbc;
struct s2n_composite_cipher comp;
} io;
uint8_t key_material_size;
uint8_t (*is_available) (void);
int (*init) (struct s2n_session_key *key);
int (*set_decryption_key) (struct s2n_session_key *key, struct s2n_blob *in);
int (*set_encryption_key) (struct s2n_session_key *key, struct s2n_blob *in);
int (*destroy_key) (struct s2n_session_key *key);
};
extern int s2n_session_key_alloc(struct s2n_session_key *key);
extern int s2n_session_key_free(struct s2n_session_key *key);
extern struct s2n_cipher s2n_null_cipher;
extern struct s2n_cipher s2n_rc4;
extern struct s2n_cipher s2n_aes128;
extern struct s2n_cipher s2n_aes256;
extern struct s2n_cipher s2n_3des;
extern struct s2n_cipher s2n_aes128_gcm;
extern struct s2n_cipher s2n_aes256_gcm;
extern struct s2n_cipher s2n_aes128_sha;
extern struct s2n_cipher s2n_aes256_sha;
extern struct s2n_cipher s2n_aes128_sha256;
extern struct s2n_cipher s2n_aes256_sha256;
extern struct s2n_cipher s2n_chacha20_poly1305;
extern struct s2n_cipher s2n_tls13_aes128_gcm;
extern struct s2n_cipher s2n_tls13_aes256_gcm;
|
