summaryrefslogtreecommitdiff
path: root/cesar/cp2/secu/secu.h
diff options
context:
space:
mode:
Diffstat (limited to 'cesar/cp2/secu/secu.h')
-rw-r--r--cesar/cp2/secu/secu.h160
1 files changed, 160 insertions, 0 deletions
diff --git a/cesar/cp2/secu/secu.h b/cesar/cp2/secu/secu.h
new file mode 100644
index 0000000000..8ee67c700f
--- /dev/null
+++ b/cesar/cp2/secu/secu.h
@@ -0,0 +1,160 @@
+#ifndef secu__h__
+#define secu__h__
+/* Cesar project {{{
+ *
+ * Copyright (C) 2008 Spidcom
+ *
+ * <<<Licence>>>
+ *
+ * }}} */
+/**
+ * \file Cesare/cp/secu/secu.h
+ * \brief library of security related functions (crypto, ...)
+ * \ingroup cp/secu
+ *
+ * « long description »
+ */
+
+struct cp_secu_ctx_t
+
+
+BEGIN_DECLS
+
+/**
+ * start a new protocol run.
+ *
+ * \param PID PID of the futur protocol run
+ * \param p_run context of the current protocol run
+ */
+void
+cp_secu_start_new_protocol_run(const cp_pid_t pid, protocol_run_t *p_run);
+
+/**
+ * Check parameters of received protocol run.
+ *
+ * \param p_run security context of the current protocol run
+ * \param pid pid to compare with the current protocol run
+ * \param prn Protocol Run Number to check
+ * \param pmn Protocol Message Number to check
+ * \param nonce nonce to check
+ *
+ * \return error code or 0 if success
+ */
+E_ErrCode
+cp_secu_check_protocol_run_param (
+ const protocol_run_t p_run,
+ const cp_pid_t pid,
+ const s16 prn, // Protocol Run Number
+ const u8 pmn, // Protocol Message Number
+ const s32 nonce
+ );
+
+/**
+ * generate parameters for the protocol run.
+ *
+ * \param p_run security context of the current protocol run
+ * \param pid pid to use for this protocol run
+ * \param prn Protocol Run Number to use
+ * \param pmn Protocol Message Number to use
+ * \param nonce nonce to use
+ *
+ * \return error code or 0 if success
+ */
+E_ErrCode
+secu_gen_protocol_run_param (protocol_run_t *p_run, cp_pid_t *pid, s16 *prn, u8 *pmn, s32 *nonce);
+
+
+/**
+ * AES-CBC buffer encryption.
+ *
+ * \param ctx AES context
+ * \param iv initialization vector (modified after use) (16 bytes)
+ * \param input buffer holding the plaintext
+ * \param output buffer holding the ciphertext
+ * \param len length of the data to be encrypted
+ */
+void
+cp_secu_aes_cbc_encrypt (aes_context *ctx, unsigned char iv[16], unsigned char *input, unsigned char *output, int len);
+/**
+ * AES-CBC buffer decryption.
+ *
+ * \param ctx AES context
+ * \param iv initialization vector (modified after use)
+ * \param input buffer holding the ciphertext
+ * \param output buffer holding the plaintext
+ * \param len length of the data to be decrypted
+ */
+void
+cp_secu_aes_cbc_decrypt (aes_context *ctx, unsigned char iv[16], unsigned char *input, unsigned char *output, int len);
+
+/**
+ * set AES key.
+ *
+ * \param ctx AES context to be initialized
+ * \param key the secret key
+ * \param keysize must be 128, 192 or 256 bits long
+ */
+void
+cp_secu_aes_set_key (aes_context *ctx, unsigned char *key, int keysize);
+
+/**
+ * Output = SHA-256( input buffer ).
+ *
+ * \param input buffer holding the data
+ * \param ilen length of the input data
+ * \param output SHA-224/256 checksum result size is SHA256OutputSize bytes
+ * \param is224 0 = use SHA256, 1 = use SHA224
+ */
+void
+cp_secu_sha2 (unsigned char *input, int ilen, unsigned char *output, int is224);
+
+/**
+ * pbkdf1 function
+ * \param input the input data to hash (can be a clear ascii password)
+ * \param input_len length of input
+ * \param salt salt to apply to input data
+ * \param salt_len length of salt
+ * \param it_count iteration number for the hash function
+ * \param output_key result of hash
+ * \return error code or 0 if success
+ */
+E_ErrCode
+cp_secu_pbkdf1 (u8 input[], int input_len, u8 salt[], int salt_len, int it_count, u8 output_key[]);
+
+
+/**
+ * generate AES key (NEK, NMK or TEK).
+ * \param
+ * \return error code or 0 if success
+ *
+ * see 7.10.7.2 for details
+ */
+void
+cp_secu_gen_aes_key(void);
+
+/*
+ * Hash a 128 bits NMK key to generate a 54 bits NID.
+ * conforming to the security level specified.
+ * \param nmk, the NMK buffer pointer (input)
+ * \param security_level, the station security-level
+ * \param nid, the NID buffer pointer (output)
+ * \return E_ErrCode, return code (0 if success)
+ */
+E_ErrCode
+cp_secu_nmk2nid(u8 *nmk, u8 security_level, u8 *nid);
+
+/*
+ * Hash a NPW password (1 to 64 chars in the 0x20-0x7F standard ASCII interval)
+ * to generate a 16 octets (128 bits) NMK key.
+ * \param npw,the NPW buffer pointer (input)
+ * \param nmk, the NMK buffer pointer (output)
+ * \return E_ErrCode, return code (0 if success)
+ */
+E_ErrCode
+cp_secu_npw2nmk(char *npw, u8 *nmk);
+
+
+
+END_DECLS
+
+#endif \ No newline at end of file