1 /* 2 * crypto_types.h 3 * 4 * constants for cipher types and auth func types 5 * 6 * David A. McGrew 7 * Cisco Systems, Inc. 8 */ 9 /* 10 * 11 * Copyright(c) 2001-2006 Cisco Systems, Inc. 12 * All rights reserved. 13 * 14 * Redistribution and use in source and binary forms, with or without 15 * modification, are permitted provided that the following conditions 16 * are met: 17 * 18 * Redistributions of source code must retain the above copyright 19 * notice, this list of conditions and the following disclaimer. 20 * 21 * Redistributions in binary form must reproduce the above 22 * copyright notice, this list of conditions and the following 23 * disclaimer in the documentation and/or other materials provided 24 * with the distribution. 25 * 26 * Neither the name of the Cisco Systems, Inc. nor the names of its 27 * contributors may be used to endorse or promote products derived 28 * from this software without specific prior written permission. 29 * 30 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 31 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 32 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 33 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 34 * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, 35 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 36 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 37 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 38 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 39 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 40 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 41 * OF THE POSSIBILITY OF SUCH DAMAGE. 42 * 43 */ 44 45 #ifndef CRYPTO_TYPES_H 46 #define CRYPTO_TYPES_H 47 48 /** 49 * @defgroup Algos Cryptographic Algorithms 50 * 51 * 52 * This library provides several different cryptographic algorithms, 53 * each of which can be selected by using the cipher_type_id_t and 54 * auth_type_id_t. These algorithms are documented below. 55 * 56 * Authentication functions that use the Universal Security Transform 57 * (UST) must be used in conjunction with a cipher other than the null 58 * cipher. These functions require a per-message pseudorandom input 59 * that is generated by the cipher. 60 * 61 * The identifiers STRONGHOLD_AUTH and STRONGHOLD_CIPHER identify the 62 * strongest available authentication function and cipher, 63 * respectively. They are resolved at compile time to the strongest 64 * available algorithm. The stronghold algorithms can serve as did 65 * the keep of a medieval fortification; they provide the strongest 66 * defense (or the last refuge). 67 * 68 * @{ 69 */ 70 71 /** 72 * @defgroup Ciphers Cipher Types 73 * 74 * @brief Each cipher type is identified by an unsigned integer. The 75 * cipher types available in this edition of libSRTP are given 76 * by the #defines below. 77 * 78 * A cipher_type_id_t is an identifier for a cipher_type; only values 79 * given by the #defines above (or those present in the file 80 * crypto_types.h) should be used. 81 * 82 * The identifier STRONGHOLD_CIPHER indicates the strongest available 83 * cipher, allowing an application to choose the strongest available 84 * algorithm without any advance knowledge about the avaliable 85 * algorithms. 86 * 87 * @{ 88 */ 89 90 /** 91 * @brief The null cipher performs no encryption. 92 * 93 * The NULL_CIPHER leaves its inputs unaltered, during both the 94 * encryption and decryption operations. This cipher can be chosen 95 * to indicate that no encryption is to be performed. 96 */ 97 #define NULL_CIPHER 0 98 99 /** 100 * @brief AES Integer Counter Mode (AES ICM) 101 * 102 * AES ICM is the variant of counter mode that is used by Secure RTP. 103 * This cipher uses a 16-, 24-, or 32-octet key concatenated with a 104 * 14-octet offset (or salt) value. 105 */ 106 #define AES_ICM 1 107 108 /** 109 * @brief AES-128 Integer Counter Mode (AES ICM) 110 * AES-128 ICM is a deprecated alternate name for AES ICM. 111 */ 112 #define AES_128_ICM AES_ICM 113 114 /** 115 * @brief SEAL 3.0 116 * 117 * SEAL is the Software-Optimized Encryption Algorithm of Coppersmith 118 * and Rogaway. Nota bene: this cipher is IBM proprietary. 119 */ 120 #define SEAL 2 121 122 /** 123 * @brief AES Cipher Block Chaining mode (AES CBC) 124 * 125 * AES CBC is the AES Cipher Block Chaining mode. 126 * This cipher uses a 16-, 24-, or 32-octet key. 127 */ 128 #define AES_CBC 3 129 130 /** 131 * @brief AES-128 Cipher Block Chaining mode (AES CBC) 132 * 133 * AES-128 CBC is a deprecated alternate name for AES CBC. 134 */ 135 #define AES_128_CBC AES_CBC 136 137 /** 138 * @brief Strongest available cipher. 139 * 140 * This identifier resolves to the strongest cipher type available. 141 */ 142 #define STRONGHOLD_CIPHER AES_ICM 143 144 /** 145 * @} 146 */ 147 148 149 150 /** 151 * @defgroup Authentication Authentication Function Types 152 * 153 * @brief Each authentication function type is identified by an 154 * unsigned integer. The authentication function types available in 155 * this edition of libSRTP are given by the #defines below. 156 * 157 * An auth_type_id_t is an identifier for an authentication function type; 158 * only values given by the #defines above (or those present in the 159 * file crypto_types.h) should be used. 160 * 161 * The identifier STRONGHOLD_AUTH indicates the strongest available 162 * authentication function, allowing an application to choose the 163 * strongest available algorithm without any advance knowledge about 164 * the avaliable algorithms. The stronghold algorithms can serve as 165 * did the keep of a medieval fortification; they provide the 166 * strongest defense (or the last refuge). 167 * 168 * @{ 169 */ 170 171 /** 172 * @brief The null authentication function performs no authentication. 173 * 174 * The NULL_AUTH function does nothing, and can be selected to indicate 175 * that authentication should not be performed. 176 */ 177 #define NULL_AUTH 0 178 179 /** 180 * @brief UST with TMMH Version 2 181 * 182 * UST_TMMHv2 implements the Truncated Multi-Modular Hash using 183 * UST. This function must be used in conjunction with a cipher other 184 * than the null cipher. 185 * with a cipher. 186 */ 187 #define UST_TMMHv2 1 188 189 /** 190 * @brief (UST) AES-128 XORMAC 191 * 192 * UST_AES_128_XMAC implements AES-128 XORMAC, using UST. Nota bene: 193 * the XORMAC algorithm is IBM proprietary. 194 */ 195 #define UST_AES_128_XMAC 2 196 197 /** 198 * @brief HMAC-SHA1 199 * 200 * HMAC_SHA1 implements the Hash-based MAC using the NIST Secure 201 * Hash Algorithm version 1 (SHA1). 202 */ 203 #define HMAC_SHA1 3 204 205 /** 206 * @brief Strongest available authentication function. 207 * 208 * This identifier resolves to the strongest available authentication 209 * function. 210 */ 211 #define STRONGHOLD_AUTH HMAC_SHA1 212 213 /** 214 * @} 215 */ 216 /** 217 * @} 218 */ 219 220 #endif /* CRYPTO_TYPES_H */ 221
