blob: 32e3aac29893140b26b49fae802d257771dda1b9 [file] [log] [blame]
// Copyright 2017 The Cobalt Authors. All Rights Reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
// Module Overview: Starboard Cryptography module
//
// Hardware-accelerated cryptography. Platforms should **only** implement this
// when there are **hardware-accelerated** cryptography facilities. Applications
// must fall back to platform-independent CPU-based algorithms if the cipher
// algorithm isn't supported in hardware.
//
// # Tips for Porters
//
// You should implement cipher algorithms in this descending order of priority
// to maximize usage for SSL.
//
// 1. GCM - The preferred block cipher mode for OpenSSL, mainly due to speed.
// 2. CTR - This can be used internally with GCM, as long as the CTR
// implementation only uses the last 4 bytes of the IV for the
// counter. (i.e. 96-bit IV, 32-bit counter)
// 3. ECB - This can be used (with a null IV) with any of the other cipher
// block modes to accelerate the core AES algorithm if none of the
// streaming modes can be accelerated.
// 4. CBC - GCM is always preferred if the server and client both support
// it. If not, they will generally negotiate down to AES-CBC. If this
// happens, and CBC is supported by SbCryptography, then it will be
// accelerated appropriately. But, most servers should support GCM,
// so it is not likely to come up much, which is why it is the lowest
// priority.
//
// Further reading on block cipher modes:
//
// https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation
//
// https://crbug.com/442572
//
// https://crypto.stackexchange.com/questions/10775/practical-disadvantages-of-gcm-mode-encryption
//
#ifndef STARBOARD_CRYPTOGRAPHY_H_
#define STARBOARD_CRYPTOGRAPHY_H_
#include "starboard/configuration.h"
#include "starboard/export.h"
#include "starboard/types.h"
#if SB_API_VERSION >= 12
#error "Starboard Crypto API is deprecated"
#else
#ifdef __cplusplus
extern "C" {
#endif
// String literal for the AES symmetric block cipher.
// https://en.wikipedia.org/wiki/Advanced_Encryption_Standard
#define kSbCryptographyAlgorithmAes "aes"
// The direction of a cryptographic transformation.
typedef enum SbCryptographyDirection {
// Cryptographic transformations that encode/encrypt data into a
// target format.
kSbCryptographyDirectionEncode,
// Cryptographic transformations that decode/decrypt data into
// its original form.
kSbCryptographyDirectionDecode,
} SbCryptographyDirection;
// The method of chaining encrypted blocks in a sequence.
// https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation
typedef enum SbCryptographyBlockCipherMode {
// Cipher Block Chaining mode.
kSbCryptographyBlockCipherModeCbc,
// Cipher Feedback mode.
kSbCryptographyBlockCipherModeCfb,
// Counter mode: A nonce is combined with an increasing counter.
kSbCryptographyBlockCipherModeCtr,
// Electronic Code Book mode: No chaining.
kSbCryptographyBlockCipherModeEcb,
// Output Feedback mode.
kSbCryptographyBlockCipherModeOfb,
// Galois/Counter Mode.
kSbCryptographyBlockCipherModeGcm,
} SbCryptographyBlockCipherMode;
// Private structure representing a cryptographic transformer
// configuration and state.
typedef struct SbCryptographyTransformerPrivate
SbCryptographyTransformerPrivate;
// A handle to a cryptographic transformer.
typedef SbCryptographyTransformerPrivate* SbCryptographyTransformer;
// Well-defined value for an invalid transformer.
#define kSbCryptographyInvalidTransformer ((SbCryptographyTransformer)NULL)
// Returns whether the given transformer handle is valid.
static SB_C_INLINE bool SbCryptographyIsTransformerValid(
SbCryptographyTransformer transformer) {
return transformer != kSbCryptographyInvalidTransformer;
}
// Creates an SbCryptographyTransformer with the given initialization
// data. It can then be used to transform a series of data blocks.
// Returns kSbCryptographyInvalidTransformer if the algorithm isn't
// supported, or if the parameters are not compatible with the
// algorithm.
//
// An SbCryptographyTransformer contains all state to start decrypting
// a sequence of cipher blocks according to the cipher block mode. It
// is not thread-safe, but implementations must allow different
// SbCryptographyTransformer instances to operate on different threads.
//
// All parameters must not be assumed to live longer than the call to
// this function. They must be copied by the implementation to be
// retained.
//
// This function determines success mainly based on whether the combination of
// |algorithm|, |direction|, |block_size_bits|, and |mode| is supported and
// whether all the sizes passed in are sufficient for the selected
// parameters. In particular, this function cannot verify that the key and IV
// used were correct for the ciphertext, were it to be used in the decode
// direction. The caller must make that verification.
//
// For example, to decrypt AES-128-CTR:
// SbCryptographyCreateTransformer(kSbCryptographyAlgorithmAes, 128,
// kSbCryptographyDirectionDecode,
// kSbCryptographyBlockCipherModeCtr,
// ...);
//
// |algorithm|: A string that represents the cipher algorithm.
// |block_size_bits|: The block size variant of the algorithm to use, in bits.
// |direction|: The direction in which to transform the data.
// |mode|: The block cipher mode to use.
// |initialization_vector|: The Initialization Vector (IV) to use. May be NULL
// for block cipher modes that don't use it, or don't set it at init time.
// |initialization_vector_size|: The size, in bytes, of the IV.
// |key|: The key to use for this transformation.
// |key_size|: The size, in bytes, of the key.
//
// presubmit: allow sb_export mismatch
SB_EXPORT SbCryptographyTransformer
SbCryptographyCreateTransformer(const char* algorithm,
int block_size_bits,
SbCryptographyDirection direction,
SbCryptographyBlockCipherMode mode,
const void* initialization_vector,
int initialization_vector_size,
const void* key,
int key_size);
// Destroys the given |transformer| instance.
//
// presubmit: allow sb_export mismatch
SB_EXPORT void SbCryptographyDestroyTransformer(
SbCryptographyTransformer transformer);
// Transforms one or more |block_size_bits|-sized blocks of |in_data|, with the
// given |transformer|, placing the result in |out_data|. Returns the number of
// bytes that were written to |out_data|, unless there was an error, in which
// case it will return a negative number.
//
// |transformer|: A transformer initialized with an algorithm, IV, cipherkey,
// and so on.
// |in_data|: The data to be transformed.
// |in_data_size|: The size of the data to be transformed, in bytes. Must be a
// multiple of the transformer's |block-size_bits|, or an error will be
// returned.
// |out_data|: A buffer where the transformed data should be placed. Must have
// at least capacity for |in_data_size| bytes. May point to the same memory as
// |in_data|.
//
// presubmit: allow sb_export mismatch
SB_EXPORT int SbCryptographyTransform(
SbCryptographyTransformer transformer,
const void* in_data,
int in_data_size,
void* out_data);
// Sets the initialization vector (IV) for a transformer, replacing the
// internally-set IV. The block cipher mode algorithm will update the IV
// appropriately after every block, so this is not necessary unless the stream
// is discontiguous in some way. This happens with AES-GCM in TLS.
//
// presubmit: allow sb_export mismatch
SB_EXPORT void SbCryptographySetInitializationVector(
SbCryptographyTransformer transformer,
const void* initialization_vector,
int initialization_vector_size);
// Sets additional authenticated data (AAD) for a transformer, for chaining
// modes that support it (GCM). Returns whether the data was successfully
// set. This can fail if the chaining mode doesn't support AAD, if the
// parameters are invalid, or if the internal state is invalid for setting AAD.
//
// presubmit: allow sb_export mismatch
SB_EXPORT bool SbCryptographySetAuthenticatedData(
SbCryptographyTransformer transformer,
const void* data,
int data_size);
// Calculates the authenticator tag for a transformer and places up to
// |out_tag_size| bytes of it in |out_tag|. Returns whether it was able to get
// the tag, which mainly has to do with whether it is compatible with the
// current block cipher mode.
//
// presubmit: allow sb_export mismatch
SB_EXPORT bool SbCryptographyGetTag(
SbCryptographyTransformer transformer,
void* out_tag,
int out_tag_size);
#ifdef __cplusplus
} // extern "C"
#endif
#endif // SB_API_VERSION >= 12
#endif // STARBOARD_CRYPTOGRAPHY_H_