iPXE
crypto.h
Go to the documentation of this file.
1 #ifndef _IPXE_CRYPTO_H
2 #define _IPXE_CRYPTO_H
3 
4 /** @file
5  *
6  * Cryptographic API
7  *
8  */
9 
10 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
11 
12 #include <stdint.h>
13 #include <stddef.h>
14 #include <assert.h>
15 
16 /** A message digest algorithm */
17 struct digest_algorithm {
18  /** Algorithm name */
19  const char *name;
20  /** Context size */
21  size_t ctxsize;
22  /** Block size */
23  size_t blocksize;
24  /** Digest size */
25  size_t digestsize;
26  /** Initialise digest
27  *
28  * @v ctx Context
29  */
30  void ( * init ) ( void *ctx );
31  /** Update digest with new data
32  *
33  * @v ctx Context
34  * @v src Data to digest
35  * @v len Length of data
36  *
37  * @v len is not necessarily a multiple of @c blocksize.
38  */
39  void ( * update ) ( void *ctx, const void *src, size_t len );
40  /** Finalise digest
41  *
42  * @v ctx Context
43  * @v out Buffer for digest output
44  */
45  void ( * final ) ( void *ctx, void *out );
46 };
47 
48 /** A cipher algorithm */
49 struct cipher_algorithm {
50  /** Algorithm name */
51  const char *name;
52  /** Context size */
53  size_t ctxsize;
54  /** Block size
55  *
56  * Every call to encrypt() or decrypt() must be for a multiple
57  * of this size.
58  */
59  size_t blocksize;
60  /** Alignment size
61  *
62  * Every call to encrypt() or decrypt() must begin at a
63  * multiple of this offset from the start of the stream.
64  * (Equivalently: all but the last call to encrypt() or
65  * decrypt() must be for a multiple of this size.)
66  *
67  * For ciphers supporting additional data, the main data
68  * stream and additional data stream are both considered to
69  * begin at offset zero.
70  */
71  size_t alignsize;
72  /** Authentication tag size */
73  size_t authsize;
74  /** Set key
75  *
76  * @v ctx Context
77  * @v key Key
78  * @v keylen Key length
79  * @ret rc Return status code
80  */
81  int ( * setkey ) ( void *ctx, const void *key, size_t keylen );
82  /** Set initialisation vector
83  *
84  * @v ctx Context
85  * @v iv Initialisation vector
86  * @v ivlen Initialisation vector length
87  */
88  void ( * setiv ) ( void *ctx, const void *iv, size_t ivlen );
89  /** Encrypt data
90  *
91  * @v ctx Context
92  * @v src Data to encrypt
93  * @v dst Buffer for encrypted data, or NULL for additional data
94  * @v len Length of data
95  *
96  * @v len is guaranteed to be a multiple of @c blocksize.
97  */
98  void ( * encrypt ) ( void *ctx, const void *src, void *dst,
99  size_t len );
100  /** Decrypt data
101  *
102  * @v ctx Context
103  * @v src Data to decrypt
104  * @v dst Buffer for decrypted data, or NULL for additional data
105  * @v len Length of data
106  *
107  * @v len is guaranteed to be a multiple of @c blocksize.
108  */
109  void ( * decrypt ) ( void *ctx, const void *src, void *dst,
110  size_t len );
111  /** Generate authentication tag
112  *
113  * @v ctx Context
114  * @v auth Authentication tag
115  */
116  void ( * auth ) ( void *ctx, void *auth );
117 };
118 
119 /** A public key algorithm */
120 struct pubkey_algorithm {
121  /** Algorithm name */
122  const char *name;
123  /** Context size */
124  size_t ctxsize;
125  /** Initialise algorithm
126  *
127  * @v ctx Context
128  * @v key Key
129  * @v key_len Length of key
130  * @ret rc Return status code
131  */
132  int ( * init ) ( void *ctx, const void *key, size_t key_len );
133  /** Calculate maximum output length
134  *
135  * @v ctx Context
136  * @ret max_len Maximum output length
137  */
138  size_t ( * max_len ) ( void *ctx );
139  /** Encrypt
140  *
141  * @v ctx Context
142  * @v plaintext Plaintext
143  * @v plaintext_len Length of plaintext
144  * @v ciphertext Ciphertext
145  * @ret ciphertext_len Length of ciphertext, or negative error
146  */
147  int ( * encrypt ) ( void *ctx, const void *data, size_t len,
148  void *out );
149  /** Decrypt
150  *
151  * @v ctx Context
152  * @v ciphertext Ciphertext
153  * @v ciphertext_len Ciphertext length
154  * @v plaintext Plaintext
155  * @ret plaintext_len Plaintext length, or negative error
156  */
157  int ( * decrypt ) ( void *ctx, const void *data, size_t len,
158  void *out );
159  /** Sign digest value
160  *
161  * @v ctx Context
162  * @v digest Digest algorithm
163  * @v value Digest value
164  * @v signature Signature
165  * @ret signature_len Signature length, or negative error
166  */
167  int ( * sign ) ( void *ctx, struct digest_algorithm *digest,
168  const void *value, void *signature );
169  /** Verify signed digest value
170  *
171  * @v ctx Context
172  * @v digest Digest algorithm
173  * @v value Digest value
174  * @v signature Signature
175  * @v signature_len Signature length
176  * @ret rc Return status code
177  */
178  int ( * verify ) ( void *ctx, struct digest_algorithm *digest,
179  const void *value, const void *signature,
180  size_t signature_len );
181  /** Finalise algorithm
182  *
183  * @v ctx Context
184  */
185  void ( * final ) ( void *ctx );
186  /** Check that public key matches private key
187  *
188  * @v private_key Private key
189  * @v private_key_len Private key length
190  * @v public_key Public key
191  * @v public_key_len Public key length
192  * @ret rc Return status code
193  */
194  int ( * match ) ( const void *private_key, size_t private_key_len,
195  const void *public_key, size_t public_key_len );
196 };
197 
198 static inline void digest_init ( struct digest_algorithm *digest,
199  void *ctx ) {
200  digest->init ( ctx );
201 }
202 
203 static inline void digest_update ( struct digest_algorithm *digest,
204  void *ctx, const void *data, size_t len ) {
205  digest->update ( ctx, data, len );
206 }
207 
208 static inline void digest_final ( struct digest_algorithm *digest,
209  void *ctx, void *out ) {
210  digest->final ( ctx, out );
211 }
212 
213 static inline int cipher_setkey ( struct cipher_algorithm *cipher,
214  void *ctx, const void *key, size_t keylen ) {
215  return cipher->setkey ( ctx, key, keylen );
216 }
217 
218 static inline void cipher_setiv ( struct cipher_algorithm *cipher,
219  void *ctx, const void *iv, size_t ivlen ) {
220  cipher->setiv ( ctx, iv, ivlen );
221 }
222 
223 static inline void cipher_encrypt ( struct cipher_algorithm *cipher,
224  void *ctx, const void *src, void *dst,
225  size_t len ) {
226  cipher->encrypt ( ctx, src, dst, len );
227 }
228 #define cipher_encrypt( cipher, ctx, src, dst, len ) do { \
229  assert ( ( (len) & ( (cipher)->blocksize - 1 ) ) == 0 ); \
230  cipher_encrypt ( (cipher), (ctx), (src), (dst), (len) ); \
231  } while ( 0 )
232 
233 static inline void cipher_decrypt ( struct cipher_algorithm *cipher,
234  void *ctx, const void *src, void *dst,
235  size_t len ) {
236  cipher->decrypt ( ctx, src, dst, len );
237 }
238 #define cipher_decrypt( cipher, ctx, src, dst, len ) do { \
239  assert ( ( (len) & ( (cipher)->blocksize - 1 ) ) == 0 ); \
240  cipher_decrypt ( (cipher), (ctx), (src), (dst), (len) ); \
241  } while ( 0 )
242 
243 static inline void cipher_auth ( struct cipher_algorithm *cipher, void *ctx,
244  void *auth ) {
245  cipher->auth ( ctx, auth );
246 }
247 
248 static inline int is_stream_cipher ( struct cipher_algorithm *cipher ) {
249  return ( cipher->blocksize == 1 );
250 }
251 
252 static inline int is_block_cipher ( struct cipher_algorithm *cipher ) {
253  return ( cipher->blocksize > 1 );
254 }
255 
256 static inline int is_auth_cipher ( struct cipher_algorithm *cipher ) {
257  return cipher->authsize;
258 }
259 
260 static inline int pubkey_init ( struct pubkey_algorithm *pubkey, void *ctx,
261  const void *key, size_t key_len ) {
262  return pubkey->init ( ctx, key, key_len );
263 }
264 
265 static inline size_t pubkey_max_len ( struct pubkey_algorithm *pubkey,
266  void *ctx ) {
267  return pubkey->max_len ( ctx );
268 }
269 
270 static inline int pubkey_encrypt ( struct pubkey_algorithm *pubkey, void *ctx,
271  const void *data, size_t len, void *out ) {
272  return pubkey->encrypt ( ctx, data, len, out );
273 }
274 
275 static inline int pubkey_decrypt ( struct pubkey_algorithm *pubkey, void *ctx,
276  const void *data, size_t len, void *out ) {
277  return pubkey->decrypt ( ctx, data, len, out );
278 }
279 
280 static inline int pubkey_sign ( struct pubkey_algorithm *pubkey, void *ctx,
281  struct digest_algorithm *digest,
282  const void *value, void *signature ) {
283  return pubkey->sign ( ctx, digest, value, signature );
284 }
285 
286 static inline int pubkey_verify ( struct pubkey_algorithm *pubkey, void *ctx,
287  struct digest_algorithm *digest,
288  const void *value, const void *signature,
289  size_t signature_len ) {
290  return pubkey->verify ( ctx, digest, value, signature, signature_len );
291 }
292 
293 static inline void pubkey_final ( struct pubkey_algorithm *pubkey, void *ctx ) {
294  pubkey->final ( ctx );
295 }
296 
297 static inline int pubkey_match ( struct pubkey_algorithm *pubkey,
298  const void *private_key,
299  size_t private_key_len, const void *public_key,
300  size_t public_key_len ) {
301  return pubkey->match ( private_key, private_key_len, public_key,
302  public_key_len );
303 }
304 
305 extern void digest_null_init ( void *ctx );
306 extern void digest_null_update ( void *ctx, const void *src, size_t len );
307 extern void digest_null_final ( void *ctx, void *out );
308 
309 extern int cipher_null_setkey ( void *ctx, const void *key, size_t keylen );
310 extern void cipher_null_setiv ( void *ctx, const void *iv, size_t ivlen );
311 extern void cipher_null_encrypt ( void *ctx, const void *src, void *dst,
312  size_t len );
313 extern void cipher_null_decrypt ( void *ctx, const void *src, void *dst,
314  size_t len );
315 extern void cipher_null_auth ( void *ctx, void *auth );
316 
317 extern int pubkey_null_init ( void *ctx, const void *key, size_t key_len );
318 extern size_t pubkey_null_max_len ( void *ctx );
319 extern int pubkey_null_encrypt ( void *ctx, const void *plaintext,
320  size_t plaintext_len, void *ciphertext );
321 extern int pubkey_null_decrypt ( void *ctx, const void *ciphertext,
322  size_t ciphertext_len, void *plaintext );
323 extern int pubkey_null_sign ( void *ctx, struct digest_algorithm *digest,
324  const void *value, void *signature );
325 extern int pubkey_null_verify ( void *ctx, struct digest_algorithm *digest,
326  const void *value, const void *signature ,
327  size_t signature_len );
328 
329 extern struct digest_algorithm digest_null;
330 extern struct cipher_algorithm cipher_null;
331 extern struct pubkey_algorithm pubkey_null;
332 
333 #endif /* _IPXE_CRYPTO_H */
is_auth_cipher
static int is_auth_cipher(struct cipher_algorithm *cipher)
Definition: crypto.h:256
cipher_algorithm::blocksize
size_t blocksize
Block size.
Definition: crypto.h:59
digest_update
static void digest_update(struct digest_algorithm *digest, void *ctx, const void *data, size_t len)
Definition: crypto.h:203
cipher_algorithm::decrypt
void(* decrypt)(void *ctx, const void *src, void *dst, size_t len)
Decrypt data.
Definition: crypto.h:109
cipher_null
struct cipher_algorithm cipher_null
Definition: crypto_null.c:83
pubkey_decrypt
static int pubkey_decrypt(struct pubkey_algorithm *pubkey, void *ctx, const void *data, size_t len, void *out)
Definition: crypto.h:275
size_t
__SIZE_TYPE__ size_t
Definition: stdint.h:6
pubkey_match
static int pubkey_match(struct pubkey_algorithm *pubkey, const void *private_key, size_t private_key_len, const void *public_key, size_t public_key_len)
Definition: crypto.h:297
digest_final
static void digest_final(struct digest_algorithm *digest, void *ctx, void *out)
Definition: crypto.h:208
digest_algorithm::init
void(* init)(void *ctx)
Initialise digest.
Definition: crypto.h:30
pubkey_null_verify
int pubkey_null_verify(void *ctx, struct digest_algorithm *digest, const void *value, const void *signature, size_t signature_len)
cipher_algorithm::alignsize
size_t alignsize
Alignment size.
Definition: crypto.h:71
cipher_null_setiv
void cipher_null_setiv(void *ctx, const void *iv, size_t ivlen)
ctx
struct golan_eq_context ctx
Definition: CIB_PRM.h:28
digest
struct md4_digest digest
Digest of data already processed.
Definition: md4.h:12
pubkey_algorithm::ctxsize
size_t ctxsize
Context size.
Definition: crypto.h:124
digest_null
struct digest_algorithm digest_null
Definition: crypto_null.c:48
pubkey_algorithm::match
int(* match)(const void *private_key, size_t private_key_len, const void *public_key, size_t public_key_len)
Check that public key matches private key.
Definition: crypto.h:194
cipher_null_auth
void cipher_null_auth(void *ctx, void *auth)
cipher_algorithm::encrypt
void(* encrypt)(void *ctx, const void *src, void *dst, size_t len)
Encrypt data.
Definition: crypto.h:98
cipher_encrypt
#define cipher_encrypt(cipher, ctx, src, dst, len)
Definition: crypto.h:228
pubkey_algorithm::verify
int(* verify)(void *ctx, struct digest_algorithm *digest, const void *value, const void *signature, size_t signature_len)
Verify signed digest value.
Definition: crypto.h:178
cipher_algorithm::authsize
size_t authsize
Authentication tag size.
Definition: crypto.h:73
pubkey_max_len
static size_t pubkey_max_len(struct pubkey_algorithm *pubkey, void *ctx)
Definition: crypto.h:265
digest_algorithm::blocksize
size_t blocksize
Block size.
Definition: crypto.h:23
pubkey_verify
static int pubkey_verify(struct pubkey_algorithm *pubkey, void *ctx, struct digest_algorithm *digest, const void *value, const void *signature, size_t signature_len)
Definition: crypto.h:286
cipher_algorithm::setiv
void(* setiv)(void *ctx, const void *iv, size_t ivlen)
Set initialisation vector.
Definition: crypto.h:88
assert.h
Assertions.
digest_null_update
void digest_null_update(void *ctx, const void *src, size_t len)
private_key_len
char private_key_len[]
out
__be32 out[4]
Definition: CIB_PRM.h:36
digest_algorithm::update
void(* update)(void *ctx, const void *src, size_t len)
Update digest with new data.
Definition: crypto.h:39
pubkey_null
struct pubkey_algorithm pubkey_null
Definition: crypto_null.c:135
value
pseudo_bit_t value[0x00020]
Definition: arbel.h:13
pubkey_null_encrypt
int pubkey_null_encrypt(void *ctx, const void *plaintext, size_t plaintext_len, void *ciphertext)
src
static __always_inline void off_t userptr_t src
Definition: efi_uaccess.h:66
digest_init
static void digest_init(struct digest_algorithm *digest, void *ctx)
Definition: crypto.h:198
pubkey_algorithm::encrypt
int(* encrypt)(void *ctx, const void *data, size_t len, void *out)
Encrypt.
Definition: crypto.h:147
cipher_null_encrypt
void cipher_null_encrypt(void *ctx, const void *src, void *dst, size_t len)
pubkey_algorithm::final
void(* final)(void *ctx)
Finalise algorithm.
Definition: crypto.h:185
cipher_setiv
static void cipher_setiv(struct cipher_algorithm *cipher, void *ctx, const void *iv, size_t ivlen)
Definition: crypto.h:218
cipher_algorithm::auth
void(* auth)(void *ctx, void *auth)
Generate authentication tag.
Definition: crypto.h:116
pubkey_algorithm::max_len
size_t(* max_len)(void *ctx)
Calculate maximum output length.
Definition: crypto.h:138
pubkey_null_sign
int pubkey_null_sign(void *ctx, struct digest_algorithm *digest, const void *value, void *signature)
is_stream_cipher
static int is_stream_cipher(struct cipher_algorithm *cipher)
Definition: crypto.h:248
cipher_algorithm::ctxsize
size_t ctxsize
Context size.
Definition: crypto.h:53
cipher_decrypt
#define cipher_decrypt(cipher, ctx, src, dst, len)
Definition: crypto.h:238
pubkey_algorithm::decrypt
int(* decrypt)(void *ctx, const void *data, size_t len, void *out)
Decrypt.
Definition: crypto.h:157
digest_null_final
void digest_null_final(void *ctx, void *out)
FILE_LICENCE
FILE_LICENCE(GPL2_OR_LATER_OR_UBDL)
len
uint32_t len
Length.
Definition: ena.h:14
digest_algorithm::ctxsize
size_t ctxsize
Context size.
Definition: crypto.h:21
cipher_algorithm::setkey
int(* setkey)(void *ctx, const void *key, size_t keylen)
Set key.
Definition: crypto.h:81
digest_algorithm::digestsize
size_t digestsize
Digest size.
Definition: crypto.h:25
digest_algorithm::name
const char * name
Algorithm name.
Definition: crypto.h:19
iv
uint8_t iv[12]
Initialisation vector.
Definition: gcm.h:12
pubkey_sign
static int pubkey_sign(struct pubkey_algorithm *pubkey, void *ctx, struct digest_algorithm *digest, const void *value, void *signature)
Definition: crypto.h:280
pubkey_algorithm::init
int(* init)(void *ctx, const void *key, size_t key_len)
Initialise algorithm.
Definition: crypto.h:132
cipher_null_setkey
int cipher_null_setkey(void *ctx, const void *key, size_t keylen)
cipher_null_decrypt
void cipher_null_decrypt(void *ctx, const void *src, void *dst, size_t len)
digest_algorithm
A message digest algorithm.
Definition: crypto.h:17
data
uint8_t data[48]
Additional event data.
Definition: ena.h:22
cipher_algorithm
A cipher algorithm.
Definition: crypto.h:49
private_key
A private key.
Definition: privkey.h:16
pubkey_null_decrypt
int pubkey_null_decrypt(void *ctx, const void *ciphertext, size_t ciphertext_len, void *plaintext)
digest_null_init
void digest_null_init(void *ctx)
pubkey_encrypt
static int pubkey_encrypt(struct pubkey_algorithm *pubkey, void *ctx, const void *data, size_t len, void *out)
Definition: crypto.h:270
pubkey_final
static void pubkey_final(struct pubkey_algorithm *pubkey, void *ctx)
Definition: crypto.h:293
cipher_auth
static void cipher_auth(struct cipher_algorithm *cipher, void *ctx, void *auth)
Definition: crypto.h:243
pubkey_null_init
int pubkey_null_init(void *ctx, const void *key, size_t key_len)
cipher_algorithm::name
const char * name
Algorithm name.
Definition: crypto.h:51
pubkey_null_max_len
size_t pubkey_null_max_len(void *ctx)
signature
u8 signature
Signature.
Definition: CIB_PRM.h:35
private_key
struct private_key private_key
Private key.
Definition: privkey.c:67
pubkey_algorithm
A public key algorithm.
Definition: crypto.h:120
key
union @382 key
Sense key.
Definition: scsi.h:18
pubkey_algorithm::name
const char * name
Algorithm name.
Definition: crypto.h:122
cipher_setkey
static int cipher_setkey(struct cipher_algorithm *cipher, void *ctx, const void *key, size_t keylen)
Definition: crypto.h:213
pubkey_init
static int pubkey_init(struct pubkey_algorithm *pubkey, void *ctx, const void *key, size_t key_len)
Definition: crypto.h:260
is_block_cipher
static int is_block_cipher(struct cipher_algorithm *cipher)
Definition: crypto.h:252
pubkey_algorithm::sign
int(* sign)(void *ctx, struct digest_algorithm *digest, const void *value, void *signature)
Sign digest value.
Definition: crypto.h:167
Generated by   doxygen 1.8.15