/*
 * ekt.h
 *
 * interface to Encrypted Key Transport for SRTP
 *
 * David McGrew
 * Cisco Systems, Inc.
 */
/*
 *	
 * Copyright (c) 2001-2017 Cisco Systems, Inc.
 * All rights reserved.
 * 
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 
 *   Redistributions of source code must retain the above copyright
 *   notice, this list of conditions and the following disclaimer.
 * 
 *   Redistributions in binary form must reproduce the above
 *   copyright notice, this list of conditions and the following
 *   disclaimer in the documentation and/or other materials provided
 *   with the distribution.
 * 
 *   Neither the name of the Cisco Systems, Inc. nor the names of its
 *   contributors may be used to endorse or promote products derived
 *   from this software without specific prior written permission.
 * 
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
 * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 *
 */



/*
 * EKT implementation strategy 
 * 
 * use stream_template approach
 *
 * in srtp_unprotect, when a new stream appears, check if template has
 * EKT defined, and if it does, then apply EKT processing 
 *
 * question: will we want to allow key-sharing templates in addition
 * to EKT templates?  could define a new ssrc_type_t that's associated
 * with an EKT, e.g.  ssrc_any_ekt.
 *
 *
 */

#ifndef SRTP_EKT_H
#define SRTP_EKT_H

// left in commented out as reminder to not include private headers
//#include "srtp_priv.h"

#ifdef __cplusplus
extern "C" {
#endif

#define SRTP_EKT_CIPHER_DEFAULT           1
#define SRTP_EKT_CIPHER_AES_128_ECB       1
#define SRTP_EKT_CIPHER_AES_192_KEY_WRAP  2
#define SRTP_EKT_CIPHER_AES_256_KEY_WRAP  3

typedef uint16_t srtp_ekt_spi_t;


unsigned srtp_ekt_octets_after_base_tag(srtp_ekt_stream_t ekt);

/*
 * an srtp_policy_t structure can contain a pointer to an
 * srtp_ekt_policy_t structure
 *
 * this structure holds all of the high level EKT information, and it
 * is passed into libsrtp to indicate what policy should be in effect
 */

typedef struct srtp_ekt_policy_ctx_t {
  srtp_ekt_spi_t  spi;     /* security parameter index */
  uint8_t    ekt_cipher_type;
  uint8_t   *ekt_key;
  struct srtp_ekt_policy_ctx_t *next_ekt_policy;
} srtp_ekt_policy_ctx_t;


/*
 * an srtp_ekt_data_t structure holds the data corresponding to an ekt key,
 * spi, and so on
 */

typedef struct srtp_ekt_data_t {
  srtp_ekt_spi_t spi;
  uint8_t ekt_cipher_type;
  srtp_aes_expanded_key_t ekt_enc_key;
  srtp_aes_expanded_key_t ekt_dec_key;
  struct ekt_data_t *next_ekt_data;
} srtp_ekt_data_t;

/*
 * an srtp_stream_ctx_t can contain an srtp_ekt_stream_ctx_t
 *
 * an srtp_ekt_stream_ctx_t structure holds all of the EKT information for
 * a specific SRTP stream
 */

typedef struct srtp_ekt_stream_ctx_t {
  srtp_ekt_data_t   *data;    
  uint16_t	    isn;     /* initial sequence number  */
  uint8_t	    encrypted_master_key[SRTP_MAX_KEY_LEN];
} srtp_ekt_stream_ctx_t;



srtp_err_status_t srtp_ekt_alloc(srtp_ekt_stream_t *stream_data, srtp_ekt_policy_t policy);

srtp_err_status_t srtp_ekt_stream_init(srtp_ekt_stream_t e, srtp_ekt_spi_t spi, void *ekt_key, unsigned ekt_cipher_type);

srtp_err_status_t srtp_ekt_stream_init_from_policy(srtp_ekt_stream_t e, srtp_ekt_policy_t p);
  


srtp_err_status_t srtp_stream_init_from_ekt(srtp_stream_t stream, const void *srtcp_hdr, unsigned pkt_octet_len);
		

void srtp_ekt_write_data(srtp_ekt_stream_t ekt, uint8_t *base_tag, unsigned base_tag_len, int *packet_len, srtp_xtd_seq_num_t pkt_index);		

/*
 * We handle EKT by performing some additional steps before
 * authentication (copying the auth tag into a temporary location,
 * zeroizing the "base tag" field in the packet)
 *
 * With EKT, the tag_len parameter is actually the base tag
 * length
 */
srtp_err_status_t srtp_ekt_tag_verification_preproces(uint8_t *pkt_tag, uint8_t *pkt_tag_copy, unsigned tag_len);

srtp_err_status_t srtp_ekt_tag_verification_postproces(uint8_t *pkt_tag, uint8_t *pkt_tag_copy, unsigned tag_len);


/*
 * @brief EKT pre-processing for srtcp tag generation
 *
 * This function does the pre-processing of the SRTCP authentication
 * tag format.  When EKT is used, it consists of writing the Encrypted
 * Master Key, the SRTP ROC, the Initial Sequence Number, and SPI
 * fields.  The Base Authentication Tag field is set to the all-zero
 * value
 * 
 * When EKT is not used, this function is a no-op.
 * 
 */
srtp_err_status_t srtp_stream_srtcp_auth_tag_generation_preprocess(const srtp_stream_t *s, uint8_t *pkt_tag, unsigned pkt_octet_len);

/* it's not clear that a tag_generation_postprocess function is needed */
srtp_err_status_t srtcp_auth_tag_generation_postprocess(void);


#ifdef __cplusplus
}
#endif

#endif /* SRTP_EKT_H */