cipher.h

IBE是一种非对称密码技术

/* Copyright 2003-2006, Voltage Security, all rights reserved.
 */

#include "vibecrypto.h"
#include "environment.h"
#include "base.h"
#include "libctx.h"
#include "algobj.h"
#include "keyobj.h"
#include "pad.h"

#ifndef _CIPHER_H
#define _CIPHER_H

#ifdef __cplusplus
extern "C" {
#endif

/* If the class is CIPHER, this is the classCtx (the data struct and
 * the types that are the fields).
 */

/* The Cipher class treats every algorithm as a block cipher. A stream
 * cipher is a 1-byte block cipher with no feedback and no padding, for
 * example.
 */

/* How big does the output buffer need to be to handle the input?
 * <p>The caller supplies the number of new bytes to process and
 * ignores any bytes in the unprocessedData buffer. This function will
 * determine the size needed based on the size of the input, the
 * number of bytes in the unprocessedData buffer, whether encrypting or
 * decrypting, whether Update or Final and whether padding or not.
 * <p>The caller must supply one of the following flags to indicate
 * whether the operation will be encrypt or decrypt and Update or Final.
 *
 *    VOLT_CALLER_ENCRYPT_UPDATE
 *    VOLT_CALLER_ENCRYPT_FINAL
 *    VOLT_CALLER_DECRYPT_UPDATE
 *    VOLT_CALLER_DECRYPT_FINAL
 *
 * <p>This function also determines the "leftovers", the number of
 * bytes of input not to Update. The caller passes in inputLen (the
 * number of new bytes), calls GetOutputSize and then does Update on
 * input - leftovers bytes (more input is allowed to Final, so it may
 * actually process data). The caller stores the leftover bytes in the
 * unprocessedData buffer. If Final, the caller will actually process
 * them.
 * <p>The impplementation of this typedef must also determine if the
 * input length is valid. For Final calls, the input length given may
 * be invalid depending on padding.
 * <p>The caller also supplies the new input bytes in case the
 * implementation wants to examine them. Most algorithms will ignore
 * them, but for some, the input may need to be of a particular format.
 *
 * @param obj The algorithm object.
 * @param input The new input to process.
 * @param inputLen The length of new input to be processed.
 * @param outputSize The address where the implementation will go to
 * deposit the size required.
 * @param leftovers The address where the implmentation will go to
 * deposit the number of leftover bytes.
 * @return an int, 0 if the function completed successfully or a
 * non-zero error code.
 */
typedef int VOLT_CALLING_CONV (*VGetOutputSize) VOLT_PROTO_LIST ((
   VoltAlgorithmObject *obj,
   unsigned int callFlag,
   unsigned char *input,
   unsigned int inputLen,
   unsigned int *outputSize,
   unsigned int *leftovers,
   VtRandomObject random
));

/* Initialize for encryption. Use the given key to set up the object to
 * perform encryption. With symmetric ciphers, this generally involves
 * building the key table from the key data inside the key object.
 * <p>The key object must match the algorithm object, both in algorithm
 * and platform (platform refers to, for example, software vs. hardware,
 * Acme HW accelerator vs. OtherCompany HW token.
 *
 * @param algObj The object to init.
 * @param keyObj The key object containing the key data (or handle) to
 * use.
 * @return an int, 0 if the function completed successfully or a
 * non-zero error code (e.g., key and object don't match).
 */
typedef int VOLT_CALLING_CONV (*VEncryptInit) VOLT_PROTO_LIST ((
   VoltAlgorithmObject *algObj,
   VoltKeyObject *keyObj
));

#define VOLT_CALLER_ENCRYPT_UPDATE  1
#define VOLT_CALLER_ENCRYPT_FINAL   2
#define VOLT_CALLER_DECRYPT_UPDATE  3
#define VOLT_CALLER_DECRYPT_FINAL   4

/* Encrypt the input data, placing any output (encrypted data) into the
 * output data buffer.
 * <p>This function expects the input length to be a multiple of the
 * block size. For example, if encrypting with AES, the input length
 * must be a multiple of 16 bytes. If encrypting with a stream cipher
 * (or a block cipher in CFB or OFB mode), the "block size" is one
 * byte, so any input length is allowed. The routine will not check the
 * input length, it is the responsibility of the caller to pass in the
 * appropriate length of data.
 * <p>This routine will encrypt all bytes presented. Padding issues
 * must be resolved by the caller.
 * <p>This routine does not return the number of bytes placed into the
 * output buffer. It is the caller's responsibility to know how many
 * bytes will be placed into the output buffer.
 * <p>For most ciphers, the output length is the same as the input
 * length (because the function expects the input to be a multiple of
 * the block size). For example, with AES, 32 bytes of input will
 * produce 32 bytes of output, with a stream cipher, 27 bytes of input
 * generates 27 bytes of output. However, there are ciphers for which
 * the encrypted data is larger than the plaintext. See the
 * VoltCipherCtx fields plainBlockSize and cipherBlockSize to see if
 * there is a difference in input and output sizes.
 * <p>This function will not check the output buffer, it is the
 * responsibility of the caller to make sure there is a buffer (no NULL
 * pointers) and that it is big enough.
 * <p>It is recommended that the input and output buffers not overlap.
 * If the output and input lengths are the same, then it is safe to
 * use the same buffer for both input and output.
 *
 * @param algObj The object initialized for encryption.
 * @param dataToEncrypt The buffer containing the data to encrypt.
 * @param dataToEncryptLen The length, in bytes, of the data to encrypt.
 * @param encryptedData The output buffer into which this routine will
 * place the result.
 * @return an int, 0 if the function completed successfully or a
 * non-zero error code.
 */
typedef int VOLT_CALLING_CONV (*VEncryptUpdate) VOLT_PROTO_LIST ((
   VoltAlgorithmObject *algObj,
   VtRandomObject random,
   unsigned char *dataToEncrypt,
   unsigned int dataToEncryptLen,
   unsigned char *encryptedData
));

/* Encrypt a key. The caller must call EncryptInit before calling this
 * function.
 * <p>Most algorithm objects will simply extract the key data from the
 * key object and encrypt the bytes. Furthermore, these objects may
 * only be able to encrypt symmetric keys. However, some hardware
 * implementations may not allow raw key data to leave the device and
 * so to encrypt the key (for an envelope or storage), it will be
 * necessary to pass the hardware key object to the hardware algorithm
 * object to encrypt the key.
 * <p>The function will place the encrypted key into encryptedKey, a
 * buffer bufferSize bytes big. This routine will go to the address
 * given by encryptedKeyLen and deposit the length of the output (the
 * number of bytes placed into the encryptedKey buffer). If the buffer
 * is not big enough, this function will return the 揃ufferTooSmall