iPXE
crypto.h
Go to the documentation of this file.
1 #ifndef _IPXE_CRYPTO_H
2 #define _IPXE_CRYPTO_H
3 
4 /** @file
5  *
6  * Cryptographic API
7  *
8  */
9 
10 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
11 FILE_SECBOOT ( PERMITTED );
12 
13 #include <stdint.h>
14 #include <stddef.h>
15 #include <assert.h>
16 #include <ipxe/asn1.h>
17 
18 /** A message digest algorithm */
19 struct digest_algorithm {
20  /** Algorithm name */
21  const char *name;
22  /** Context size */
23  size_t ctxsize;
24  /** Block size */
25  size_t blocksize;
26  /** Digest size */
27  size_t digestsize;
28  /** Initialise digest
29  *
30  * @v ctx Context
31  */
32  void ( * init ) ( void *ctx );
33  /** Update digest with new data
34  *
35  * @v ctx Context
36  * @v src Data to digest
37  * @v len Length of data
38  *
39  * @v len is not necessarily a multiple of @c blocksize.
40  */
41  void ( * update ) ( void *ctx, const void *src, size_t len );
42  /** Finalise digest
43  *
44  * @v ctx Context
45  * @v out Buffer for digest output
46  */
47  void ( * final ) ( void *ctx, void *out );
48 };
49 
50 /** A cipher algorithm */
51 struct cipher_algorithm {
52  /** Algorithm name */
53  const char *name;
54  /** Context size */
55  size_t ctxsize;
56  /** Block size
57  *
58  * Every call to encrypt() or decrypt() must be for a multiple
59  * of this size.
60  */
61  size_t blocksize;
62  /** Alignment size
63  *
64  * Every call to encrypt() or decrypt() must begin at a
65  * multiple of this offset from the start of the stream.
66  * (Equivalently: all but the last call to encrypt() or
67  * decrypt() must be for a multiple of this size.)
68  *
69  * For ciphers supporting additional data, the main data
70  * stream and additional data stream are both considered to
71  * begin at offset zero.
72  */
73  size_t alignsize;
74  /** Authentication tag size */
75  size_t authsize;
76  /** Set key
77  *
78  * @v ctx Context
79  * @v key Key
80  * @v keylen Key length
81  * @ret rc Return status code
82  */
83  int ( * setkey ) ( void *ctx, const void *key, size_t keylen );
84  /** Set initialisation vector
85  *
86  * @v ctx Context
87  * @v iv Initialisation vector
88  * @v ivlen Initialisation vector length
89  */
90  void ( * setiv ) ( void *ctx, const void *iv, size_t ivlen );
91  /** Encrypt data
92  *
93  * @v ctx Context
94  * @v src Data to encrypt
95  * @v dst Buffer for encrypted data, or NULL for additional data
96  * @v len Length of data
97  *
98  * @v len is guaranteed to be a multiple of @c blocksize.
99  */
100  void ( * encrypt ) ( void *ctx, const void *src, void *dst,
101  size_t len );
102  /** Decrypt data
103  *
104  * @v ctx Context
105  * @v src Data to decrypt
106  * @v dst Buffer for decrypted data, or NULL for additional data
107  * @v len Length of data
108  *
109  * @v len is guaranteed to be a multiple of @c blocksize.
110  */
111  void ( * decrypt ) ( void *ctx, const void *src, void *dst,
112  size_t len );
113  /** Generate authentication tag
114  *
115  * @v ctx Context
116  * @v auth Authentication tag
117  */
118  void ( * auth ) ( void *ctx, void *auth );
119 };
120 
121 /** A public key algorithm */
122 struct pubkey_algorithm {
123  /** Algorithm name */
124  const char *name;
125  /** Encrypt
126  *
127  * @v key Key
128  * @v plaintext Plaintext
129  * @v ciphertext Ciphertext
130  * @ret rc Return status code
131  */
132  int ( * encrypt ) ( const struct asn1_cursor *key,
133  const struct asn1_cursor *plaintext,
134  struct asn1_builder *ciphertext );
135  /** Decrypt
136  *
137  * @v key Key
138  * @v ciphertext Ciphertext
139  * @v plaintext Plaintext
140  * @ret rc Return status code
141  */
142  int ( * decrypt ) ( const struct asn1_cursor *key,
143  const struct asn1_cursor *ciphertext,
144  struct asn1_builder *plaintext );
145  /** Sign digest value
146  *
147  * @v key Key
148  * @v digest Digest algorithm
149  * @v value Digest value
150  * @v signature Signature
151  * @ret rc Return status code
152  */
153  int ( * sign ) ( const struct asn1_cursor *key,
154  struct digest_algorithm *digest, const void *value,
155  struct asn1_builder *builder );
156  /** Verify signed digest value
157  *
158  * @v key Key
159  * @v digest Digest algorithm
160  * @v value Digest value
161  * @v signature Signature
162  * @ret rc Return status code
163  */
164  int ( * verify ) ( const struct asn1_cursor *key,
165  struct digest_algorithm *digest, const void *value,
166  const struct asn1_cursor *signature );
167  /** Check that public key matches private key
168  *
169  * @v private_key Private key
170  * @v public_key Public key
171  * @ret rc Return status code
172  */
173  int ( * match ) ( const struct asn1_cursor *private_key,
174  const struct asn1_cursor *public_key );
175 };
176 
177 /** An elliptic curve */
178 struct elliptic_curve {
179  /** Curve name */
180  const char *name;
181  /** Point (and public key) size */
182  size_t pointsize;
183  /** Scalar (and private key) size */
184  size_t keysize;
185  /** Generator base point */
186  const void *base;
187  /** Order of the generator (if prime) */
188  const void *order;
189  /** Check if this is the point at infinity
190  *
191  * @v point Curve point
192  * @ret is_infinity This is the point at infinity
193  *
194  * The point at infinity cannot be represented in affine
195  * coordinates. Each curve must choose a representation of
196  * the point at infinity (e.g. all zeroes).
197  */
198  int ( * is_infinity ) ( const void *point );
199  /** Multiply scalar by curve point
200  *
201  * @v base Base point
202  * @v scalar Scalar multiple
203  * @v result Result point to fill in
204  * @ret rc Return status code
205  */
206  int ( * multiply ) ( const void *base, const void *scalar,
207  void *result );
208  /** Add curve points (as a one-off operation)
209  *
210  * @v addend Curve point to add
211  * @v augend Curve point to add
212  * @v result Curve point to hold result
213  * @ret rc Return status code
214  */
215  int ( * add ) ( const void *addend, const void *augend, void *result );
216 };
217 
218 static inline __attribute__ (( always_inline )) void
219 digest_init ( struct digest_algorithm *digest, void *ctx ) {
220  digest->init ( ctx );
221 }
222 
223 static inline __attribute__ (( always_inline )) void
224 digest_update ( struct digest_algorithm *digest, void *ctx,
225  const void *data, size_t len ) {
226  digest->update ( ctx, data, len );
227 }
228 
229 static inline __attribute__ (( always_inline )) void
230 digest_final ( struct digest_algorithm *digest, void *ctx, void *out ) {
231  digest->final ( ctx, out );
232 }
233 
234 static inline __attribute__ (( always_inline )) int
235 cipher_setkey ( struct cipher_algorithm *cipher, void *ctx,
236  const void *key, size_t keylen ) {
237  return cipher->setkey ( ctx, key, keylen );
238 }
239 
240 static inline __attribute__ (( always_inline )) void
241 cipher_setiv ( struct cipher_algorithm *cipher, void *ctx,
242  const void *iv, size_t ivlen ) {
243  cipher->setiv ( ctx, iv, ivlen );
244 }
245 
246 static inline __attribute__ (( always_inline )) void
247 cipher_encrypt ( struct cipher_algorithm *cipher, void *ctx,
248  const void *src, void *dst, size_t len ) {
249  cipher->encrypt ( ctx, src, dst, len );
250 }
251 #define cipher_encrypt( cipher, ctx, src, dst, len ) do { \
252  assert ( ( (len) & ( (cipher)->blocksize - 1 ) ) == 0 ); \
253  cipher_encrypt ( (cipher), (ctx), (src), (dst), (len) ); \
254  } while ( 0 )
255 
256 static inline __attribute__ (( always_inline )) void
257 cipher_decrypt ( struct cipher_algorithm *cipher, void *ctx,
258  const void *src, void *dst, size_t len ) {
259  cipher->decrypt ( ctx, src, dst, len );
260 }
261 #define cipher_decrypt( cipher, ctx, src, dst, len ) do { \
262  assert ( ( (len) & ( (cipher)->blocksize - 1 ) ) == 0 ); \
263  cipher_decrypt ( (cipher), (ctx), (src), (dst), (len) ); \
264  } while ( 0 )
265 
266 static inline __attribute__ (( always_inline )) void
267 cipher_auth ( struct cipher_algorithm *cipher, void *ctx, void *auth ) {
268  cipher->auth ( ctx, auth );
269 }
270 
271 static inline __attribute__ (( always_inline )) int
272 is_stream_cipher ( struct cipher_algorithm *cipher ) {
273  return ( cipher->blocksize == 1 );
274 }
275 
276 static inline __attribute__ (( always_inline )) int
277 is_block_cipher ( struct cipher_algorithm *cipher ) {
278  return ( cipher->blocksize > 1 );
279 }
280 
281 static inline __attribute__ (( always_inline )) int
282 is_auth_cipher ( struct cipher_algorithm *cipher ) {
283  return cipher->authsize;
284 }
285 
286 static inline __attribute__ (( always_inline )) int
287 pubkey_encrypt ( struct pubkey_algorithm *pubkey, const struct asn1_cursor *key,
288  const struct asn1_cursor *plaintext,
289  struct asn1_builder *ciphertext ) {
290  return pubkey->encrypt ( key, plaintext, ciphertext );
291 }
292 
293 static inline __attribute__ (( always_inline )) int
294 pubkey_decrypt ( struct pubkey_algorithm *pubkey, const struct asn1_cursor *key,
295  const struct asn1_cursor *ciphertext,
296  struct asn1_builder *plaintext ) {
297  return pubkey->decrypt ( key, ciphertext, plaintext );
298 }
299 
300 static inline __attribute__ (( always_inline )) int
301 pubkey_sign ( struct pubkey_algorithm *pubkey, const struct asn1_cursor *key,
302  struct digest_algorithm *digest, const void *value,
303  struct asn1_builder *signature ) {
304  return pubkey->sign ( key, digest, value, signature );
305 }
306 
307 static inline __attribute__ (( always_inline )) int
308 pubkey_verify ( struct pubkey_algorithm *pubkey, const struct asn1_cursor *key,
309  struct digest_algorithm *digest, const void *value,
310  const struct asn1_cursor *signature ) {
311  return pubkey->verify ( key, digest, value, signature );
312 }
313 
314 static inline __attribute__ (( always_inline )) int
315 pubkey_match ( struct pubkey_algorithm *pubkey,
316  const struct asn1_cursor *private_key,
317  const struct asn1_cursor *public_key ) {
318  return pubkey->match ( private_key, public_key );
319 }
320 
321 static inline __attribute__ (( always_inline )) int
322 elliptic_is_infinity ( struct elliptic_curve *curve, const void *point ) {
323  return curve->is_infinity ( point );
324 }
325 
326 static inline __attribute__ (( always_inline )) int
327 elliptic_multiply ( struct elliptic_curve *curve,
328  const void *base, const void *scalar, void *result ) {
329  return curve->multiply ( base, scalar, result );
330 }
331 
332 static inline __attribute__ (( always_inline )) int
333 elliptic_add ( struct elliptic_curve *curve, const void *addend,
334  const void *augend, void *result ) {
335  return curve->add ( addend, augend, result );
336 }
337 
338 extern void digest_null_init ( void *ctx );
339 extern void digest_null_update ( void *ctx, const void *src, size_t len );
340 extern void digest_null_final ( void *ctx, void *out );
341 
342 extern int cipher_null_setkey ( void *ctx, const void *key, size_t keylen );
343 extern void cipher_null_setiv ( void *ctx, const void *iv, size_t ivlen );
344 extern void cipher_null_encrypt ( void *ctx, const void *src, void *dst,
345  size_t len );
346 extern void cipher_null_decrypt ( void *ctx, const void *src, void *dst,
347  size_t len );
348 extern void cipher_null_auth ( void *ctx, void *auth );
349 
350 extern int pubkey_null_encrypt ( const struct asn1_cursor *key,
351  const struct asn1_cursor *plaintext,
352  struct asn1_builder *ciphertext );
353 extern int pubkey_null_decrypt ( const struct asn1_cursor *key,
354  const struct asn1_cursor *ciphertext,
355  struct asn1_builder *plaintext );
356 extern int pubkey_null_sign ( const struct asn1_cursor *key,
357  struct digest_algorithm *digest,
358  const void *value,
359  struct asn1_builder *signature );
360 extern int pubkey_null_verify ( const struct asn1_cursor *key,
361  struct digest_algorithm *digest,
362  const void *value,
363  const struct asn1_cursor *signature );
364 
365 extern struct digest_algorithm digest_null;
366 extern struct cipher_algorithm cipher_null;
367 extern struct pubkey_algorithm pubkey_null;
368 
369 #endif /* _IPXE_CRYPTO_H */
elliptic_curve::multiply
int(* multiply)(const void *base, const void *scalar, void *result)
Multiply scalar by curve point.
Definition: crypto.h:206
pubkey_null_verify
int pubkey_null_verify(const struct asn1_cursor *key, struct digest_algorithm *digest, const void *value, const struct asn1_cursor *signature)
__attribute__
#define __attribute__(x)
Definition: compiler.h:10
base
uint32_t base
Base.
Definition: librm.h:138
is_auth_cipher
static int is_auth_cipher(struct cipher_algorithm *cipher)
Definition: crypto.h:282
cipher_algorithm::blocksize
size_t blocksize
Block size.
Definition: crypto.h:61
digest_update
static void digest_update(struct digest_algorithm *digest, void *ctx, const void *data, size_t len)
Definition: crypto.h:224
cipher_algorithm::decrypt
void(* decrypt)(void *ctx, const void *src, void *dst, size_t len)
Decrypt data.
Definition: crypto.h:111
elliptic_multiply
static int elliptic_multiply(struct elliptic_curve *curve, const void *base, const void *scalar, void *result)
Definition: crypto.h:327
elliptic_curve::is_infinity
int(* is_infinity)(const void *point)
Check if this is the point at infinity.
Definition: crypto.h:198
cipher_null
struct cipher_algorithm cipher_null
Definition: crypto_null.c:84
elliptic_curve::order
const void * order
Order of the generator (if prime)
Definition: crypto.h:188
elliptic_curve::add
int(* add)(const void *addend, const void *augend, void *result)
Add curve points (as a one-off operation)
Definition: crypto.h:215
elliptic_is_infinity
static int elliptic_is_infinity(struct elliptic_curve *curve, const void *point)
Definition: crypto.h:322
digest_final
static void digest_final(struct digest_algorithm *digest, void *ctx, void *out)
Definition: crypto.h:230
digest_algorithm::init
void(* init)(void *ctx)
Initialise digest.
Definition: crypto.h:32
cipher_algorithm::alignsize
size_t alignsize
Alignment size.
Definition: crypto.h:73
cipher_null_setiv
void cipher_null_setiv(void *ctx, const void *iv, size_t ivlen)
ctx
struct golan_eq_context ctx
Definition: CIB_PRM.h:28
pubkey_null_sign
int pubkey_null_sign(const struct asn1_cursor *key, struct digest_algorithm *digest, const void *value, struct asn1_builder *signature)
digest_algorithm::final
void(* final)(void *ctx, void *out)
Finalise digest.
Definition: crypto.h:47
out
__be32 out[4]
Definition: CIB_PRM.h:36
iv
u8 iv[16]
Initialization vector.
Definition: wpa.h:60
pubkey_match
static int pubkey_match(struct pubkey_algorithm *pubkey, const struct asn1_cursor *private_key, const struct asn1_cursor *public_key)
Definition: crypto.h:315
digest_null
struct digest_algorithm digest_null
Definition: crypto_null.c:49
cipher_null_auth
void cipher_null_auth(void *ctx, void *auth)
cipher_algorithm::encrypt
void(* encrypt)(void *ctx, const void *src, void *dst, size_t len)
Encrypt data.
Definition: crypto.h:100
cipher_encrypt
#define cipher_encrypt(cipher, ctx, src, dst, len)
Definition: crypto.h:251
cipher_algorithm::authsize
size_t authsize
Authentication tag size.
Definition: crypto.h:75
digest_algorithm::blocksize
size_t blocksize
Block size.
Definition: crypto.h:25
pubkey_sign
static int pubkey_sign(struct pubkey_algorithm *pubkey, const struct asn1_cursor *key, struct digest_algorithm *digest, const void *value, struct asn1_builder *signature)
Definition: crypto.h:301
cipher_algorithm::setiv
void(* setiv)(void *ctx, const void *iv, size_t ivlen)
Set initialisation vector.
Definition: crypto.h:90
assert.h
Assertions.
digest_null_update
void digest_null_update(void *ctx, const void *src, size_t len)
src
static const void * src
Definition: string.h:48
asn1.h
ASN.1 encoding.
value
pseudo_bit_t value[0x00020]
Definition: arbel.h:13
pubkey_algorithm::verify
int(* verify)(const struct asn1_cursor *key, struct digest_algorithm *digest, const void *value, const struct asn1_cursor *signature)
Verify signed digest value.
Definition: crypto.h:164
len
ring len
Length.
Definition: dwmac.h:231
digest_algorithm::update
void(* update)(void *ctx, const void *src, size_t len)
Update digest with new data.
Definition: crypto.h:41
pubkey_null
struct pubkey_algorithm pubkey_null
Definition: crypto_null.c:123
elliptic_curve::name
const char * name
Curve name.
Definition: crypto.h:180
pubkey_algorithm::match
int(* match)(const struct asn1_cursor *private_key, const struct asn1_cursor *public_key)
Check that public key matches private key.
Definition: crypto.h:173
digest_init
static void digest_init(struct digest_algorithm *digest, void *ctx)
Definition: crypto.h:219
elliptic_curve::keysize
size_t keysize
Scalar (and private key) size.
Definition: crypto.h:184
cipher_null_encrypt
void cipher_null_encrypt(void *ctx, const void *src, void *dst, size_t len)
cipher_setiv
static void cipher_setiv(struct cipher_algorithm *cipher, void *ctx, const void *iv, size_t ivlen)
Definition: crypto.h:241
asn1_builder
An ASN.1 object builder.
Definition: asn1.h:29
cipher_algorithm::auth
void(* auth)(void *ctx, void *auth)
Generate authentication tag.
Definition: crypto.h:118
pubkey_algorithm::decrypt
int(* decrypt)(const struct asn1_cursor *key, const struct asn1_cursor *ciphertext, struct asn1_builder *plaintext)
Decrypt.
Definition: crypto.h:142
is_stream_cipher
static int is_stream_cipher(struct cipher_algorithm *cipher)
Definition: crypto.h:272
cipher_algorithm::ctxsize
size_t ctxsize
Context size.
Definition: crypto.h:55
cipher_decrypt
#define cipher_decrypt(cipher, ctx, src, dst, len)
Definition: crypto.h:261
pubkey_null_decrypt
int pubkey_null_decrypt(const struct asn1_cursor *key, const struct asn1_cursor *ciphertext, struct asn1_builder *plaintext)
result
uint16_t result
Definition: hyperv.h:33
elliptic_add
static int elliptic_add(struct elliptic_curve *curve, const void *addend, const void *augend, void *result)
Definition: crypto.h:333
FILE_SECBOOT
FILE_SECBOOT(PERMITTED)
digest_null_final
void digest_null_final(void *ctx, void *out)
FILE_LICENCE
FILE_LICENCE(GPL2_OR_LATER_OR_UBDL)
elliptic_curve
An elliptic curve.
Definition: crypto.h:178
pubkey_verify
static int pubkey_verify(struct pubkey_algorithm *pubkey, const struct asn1_cursor *key, struct digest_algorithm *digest, const void *value, const struct asn1_cursor *signature)
Definition: crypto.h:308
digest_algorithm::ctxsize
size_t ctxsize
Context size.
Definition: crypto.h:23
pubkey_encrypt
static int pubkey_encrypt(struct pubkey_algorithm *pubkey, const struct asn1_cursor *key, const struct asn1_cursor *plaintext, struct asn1_builder *ciphertext)
Definition: crypto.h:287
cipher_algorithm::setkey
int(* setkey)(void *ctx, const void *key, size_t keylen)
Set key.
Definition: crypto.h:83
digest_algorithm::digestsize
size_t digestsize
Digest size.
Definition: crypto.h:27
digest_algorithm::name
const char * name
Algorithm name.
Definition: crypto.h:21
cipher_null_setkey
int cipher_null_setkey(void *ctx, const void *key, size_t keylen)
cipher_null_decrypt
void cipher_null_decrypt(void *ctx, const void *src, void *dst, size_t len)
pubkey_algorithm::encrypt
int(* encrypt)(const struct asn1_cursor *key, const struct asn1_cursor *plaintext, struct asn1_builder *ciphertext)
Encrypt.
Definition: crypto.h:132
digest_algorithm
A message digest algorithm.
Definition: crypto.h:19
data
uint8_t data[48]
Additional event data.
Definition: ena.h:22
cipher_algorithm
A cipher algorithm.
Definition: crypto.h:51
private_key
A private key.
Definition: privkey.h:17
elliptic_curve::base
const void * base
Generator base point.
Definition: crypto.h:186
digest_null_init
void digest_null_init(void *ctx)
cipher_auth
static void cipher_auth(struct cipher_algorithm *cipher, void *ctx, void *auth)
Definition: crypto.h:267
pubkey_null_encrypt
int pubkey_null_encrypt(const struct asn1_cursor *key, const struct asn1_cursor *plaintext, struct asn1_builder *ciphertext)
cipher_algorithm::name
const char * name
Algorithm name.
Definition: crypto.h:53
elliptic_curve::pointsize
size_t pointsize
Point (and public key) size.
Definition: crypto.h:182
signature
u8 signature
CPU signature.
Definition: CIB_PRM.h:35
private_key
struct private_key private_key
Private key.
Definition: privkey.c:68
asn1_cursor
An ASN.1 object cursor.
Definition: asn1.h:21
pubkey_algorithm::sign
int(* sign)(const struct asn1_cursor *key, struct digest_algorithm *digest, const void *value, struct asn1_builder *builder)
Sign digest value.
Definition: crypto.h:153
pubkey_algorithm
A public key algorithm.
Definition: crypto.h:122
key
union @391 key
Sense key.
Definition: scsi.h:18
pubkey_decrypt
static int pubkey_decrypt(struct pubkey_algorithm *pubkey, const struct asn1_cursor *key, const struct asn1_cursor *ciphertext, struct asn1_builder *plaintext)
Definition: crypto.h:294
pubkey_algorithm::name
const char * name
Algorithm name.
Definition: crypto.h:124
cipher_setkey
static int cipher_setkey(struct cipher_algorithm *cipher, void *ctx, const void *key, size_t keylen)
Definition: crypto.h:235
is_block_cipher
static int is_block_cipher(struct cipher_algorithm *cipher)
Definition: crypto.h:277
Generated by   doxygen 1.8.15