document rlm_otp fd leak fix

[freeradius.git] / src / modules / rlm_eap / types / rlm_eap_psk / EAX.h

/*\r
 * EAX.h\r
 *\r
 * The EAX authenticated encryption mode of operation,\r
 * designed by M. Bellare, P. Rogaway and D. Wagner.\r
 *\r
 * @author Paulo S. L. M. Barreto\r
 *\r
 * @version 2.0\r
 *\r
 * This software is hereby placed in the public domain.\r
 *\r
 * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS\r
 * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED\r
 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE\r
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE\r
 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR\r
 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF\r
 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\r
 * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\r
 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\r
 * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,\r
 * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\r
 */\r
#ifndef __EAX_H\r
#define __EAX_H\r
\r
#include "BlockCipher.h"\r
#include "OMAC.h"\r
#include "CTR.h"\r
\r
#ifndef USUAL_TYPES\r
#define USUAL_TYPES\r
typedef unsigned char   byte;\r
typedef unsigned long   uint;   /* assuming sizeof(uint) == 4 */\r
#endif /* USUAL_TYPES */\r
\r
class EAX {\r
public:\r
\r
        EAX();\r
\r
    /**\r
     * Key and parameter setup to init a EAX context data structure.\r
     */\r
    void initialize(const byte* K, uint k, uint t, BlockCipher* E);\r
\r
    /**\r
     * Session is over; destroy all key material and cleanup!\r
     */\r
    virtual ~EAX();\r
\r
    /*********************************************************************\r
     * Calls common to incremental and non-incremental API\r
     ********************************************************************/\r
\r
    /**\r
     * Supply a message header. The header "grows" with each call\r
     * until a eax_provide_header() call is made that follows a\r
     * eax_encrypt(), eax_decrypt(), eax_provide_plaintext(),\r
     * eax_provide_ciphertext() or eax_compute_plaintext() call.\r
     * That starts reinitializes the header.\r
     */\r
    void provideHeader(const byte* H, uint h);\r
\r
\r
    /*********************************************************************\r
     * All-in-one, non-incremental interface\r
     ********************************************************************/\r
\r
    /**\r
     * Encrypt the given message with the given key, nonce and header.\r
     * Specify the header (if nonempty) with eax_provide_header().\r
     */\r
    void encrypt(\r
            const byte* N,  // the nonce and\r
            uint n,         // its length (in bytes), and\r
            const byte* M,  // the plaintext and\r
            uint m,         // its length (in bytes).\r
            byte* C,        // The m-byte ciphertext\r
            byte* T);\r
\r
    /**\r
     * Decrypt the given ciphertext with the given key, nonce and header.\r
     * Specify the header (if nonempty) with eax_provide_header().\r
     * Returns 1 for a valid ciphertext, 0 for an invalid ciphertext and for invalid or missing parameters.\r
     */\r
    bool decrypt(\r
            const byte* N,  // the nonce and\r
            uint n,         // its length (in bytes), and\r
            const byte* C,  // the ciphertext and\r
            uint c,         // its length (in bytes), and\r
            const byte* T,  // the tag.\r
            byte* P);\r
\r
\r
    /*********************************************************************\r
     * Incremental interface\r
     ********************************************************************/\r
\r
    /**\r
     * Provide a nonce. For encryption, do this before calling\r
     * eax_compute_ciphertext() and eax_compute_tag();\r
     * for decryption, do this before calling\r
     * eax_provide_ciphertext(), eax_check_tag, or eax_compute_plaintext().\r
     */\r
    void provideNonce(const byte* N, uint n);\r
\r
    /**\r
     * Encrypt a message or a part of a message.\r
     * The nonce needs already to have been\r
     * specified by a call to eax_provide_nonce().\r
     */\r
    void computeCiphertext(const byte* M, uint m, byte* C);\r
\r
    /**\r
     * Message and header finished: compute the authentication tag that is a part\r
     * of the complete ciphertext.\r
     */\r
    void computeTag(byte* T);\r
\r
    /**\r
     * Supply the ciphertext, or the next piece of ciphertext.\r
     * This is used to check for the subsequent authenticity check eax_check_tag().\r
     */\r
    void provideCiphertext(const byte* C, uint c);\r
\r
    /**\r
     * The nonce, ciphertext and header have all been fully provided; check if\r
     * they are valid for the given tag.\r
     * Returns true for a valid ciphertext, false for an invalid ciphertext\r
     * (in which case plaintext/ciphertext might be zeroized as well).\r
     */\r
    bool checkTag(const byte* T);\r
\r
    /**\r
     * Recover the plaintext from the provided ciphertext.\r
     * A call to eax_provide_nonce() needs to precede this call.\r
     * The caller is responsible for separately checking if the ciphertext is valid.\r
     * Normally this would be done before computing the plaintext with\r
     * eax_compute_plaintext().\r
     */\r
    void computePlaintext(const byte* C, uint c, byte* P);\r
\r
private:\r
    BlockCipher* _E;// block cipher context\r
    uint tag_size;\r
    uint block_size;\r
    byte* t_n;      // [t]_n\r
    OMAC _N;        // nonce OMAC\r
    OMAC _H;        // header OMAC\r
    OMAC _M;        // message OMAC\r
    CTR* _C;        // CTR context\r
    byte* nt;\r
    byte* ht;\r
    byte* mt;\r
};\r
\r
#endif /* __EAX_H */\r
\r