iPXE
crypto.h
Go to the documentation of this file.
1#ifndef _IPXE_CRYPTO_H
2#define _IPXE_CRYPTO_H
3
4/** @file
5 *
6 * Cryptographic API
7 *
8 */
9
10FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
11FILE_SECBOOT ( PERMITTED );
12
13#include <stdint.h>
14#include <stddef.h>
15#include <assert.h>
16#include <ipxe/asn1.h>
17
18/** A message digest algorithm */
19struct digest_algorithm {
20 /** Algorithm name */
21 const char *name;
22 /** Context size */
23 size_t ctxsize;
24 /** Block size */
25 size_t blocksize;
26 /** Digest size */
27 size_t digestsize;
28 /** Initialise digest
29 *
30 * @v ctx Context
31 */
32 void ( * init ) ( void *ctx );
33 /** Update digest with new data
34 *
35 * @v ctx Context
36 * @v src Data to digest
37 * @v len Length of data
38 *
39 * @v len is not necessarily a multiple of @c blocksize.
40 */
41 void ( * update ) ( void *ctx, const void *src, size_t len );
42 /** Finalise digest
43 *
44 * @v ctx Context
45 * @v out Buffer for digest output
46 */
47 void ( * final ) ( void *ctx, void *out );
48};
49
50/** A cipher algorithm */
51struct cipher_algorithm {
52 /** Algorithm name */
53 const char *name;
54 /** Context size */
55 size_t ctxsize;
56 /** Block size
57 *
58 * Every call to encrypt() or decrypt() must be for a multiple
59 * of this size.
60 */
61 size_t blocksize;
62 /** Alignment size
63 *
64 * Every call to encrypt() or decrypt() must begin at a
65 * multiple of this offset from the start of the stream.
66 * (Equivalently: all but the last call to encrypt() or
67 * decrypt() must be for a multiple of this size.)
68 *
69 * For ciphers supporting additional data, the main data
70 * stream and additional data stream are both considered to
71 * begin at offset zero.
72 */
73 size_t alignsize;
74 /** Authentication tag size */
75 size_t authsize;
76 /** Set key
77 *
78 * @v ctx Context
79 * @v key Key
80 * @v keylen Key length
81 * @ret rc Return status code
82 */
83 int ( * setkey ) ( void *ctx, const void *key, size_t keylen );
84 /** Set initialisation vector
85 *
86 * @v ctx Context
87 * @v iv Initialisation vector
88 * @v ivlen Initialisation vector length
89 */
90 void ( * setiv ) ( void *ctx, const void *iv, size_t ivlen );
91 /** Encrypt data
92 *
93 * @v ctx Context
94 * @v src Data to encrypt
95 * @v dst Buffer for encrypted data, or NULL for additional data
96 * @v len Length of data
97 *
98 * @v len is guaranteed to be a multiple of @c blocksize.
99 */
100 void ( * encrypt ) ( void *ctx, const void *src, void *dst,
101 size_t len );
102 /** Decrypt data
103 *
104 * @v ctx Context
105 * @v src Data to decrypt
106 * @v dst Buffer for decrypted data, or NULL for additional data
107 * @v len Length of data
108 *
109 * @v len is guaranteed to be a multiple of @c blocksize.
110 */
111 void ( * decrypt ) ( void *ctx, const void *src, void *dst,
112 size_t len );
113 /** Generate authentication tag
114 *
115 * @v ctx Context
116 * @v auth Authentication tag
117 */
118 void ( * auth ) ( void *ctx, void *auth );
119};
120
121/** A public key algorithm */
122struct pubkey_algorithm {
123 /** Algorithm name */
124 const char *name;
125 /** Encrypt
126 *
127 * @v key Key
128 * @v plaintext Plaintext
129 * @v ciphertext Ciphertext
130 * @ret rc Return status code
131 */
132 int ( * encrypt ) ( const struct asn1_cursor *key,
133 const struct asn1_cursor *plaintext,
134 struct asn1_builder *ciphertext );
135 /** Decrypt
136 *
137 * @v key Key
138 * @v ciphertext Ciphertext
139 * @v plaintext Plaintext
140 * @ret rc Return status code
141 */
142 int ( * decrypt ) ( const struct asn1_cursor *key,
143 const struct asn1_cursor *ciphertext,
144 struct asn1_builder *plaintext );
145 /** Sign digest value
146 *
147 * @v key Key
148 * @v digest Digest algorithm
149 * @v value Digest value
150 * @v signature Signature
151 * @ret rc Return status code
152 */
153 int ( * sign ) ( const struct asn1_cursor *key,
154 struct digest_algorithm *digest, const void *value,
155 struct asn1_builder *builder );
156 /** Verify signed digest value
157 *
158 * @v key Key
159 * @v digest Digest algorithm
160 * @v value Digest value
161 * @v signature Signature
162 * @ret rc Return status code
163 */
164 int ( * verify ) ( const struct asn1_cursor *key,
165 struct digest_algorithm *digest, const void *value,
166 const struct asn1_cursor *signature );
167 /** Check that public key matches private key
168 *
169 * @v private_key Private key
170 * @v public_key Public key
171 * @ret rc Return status code
172 */
173 int ( * match ) ( const struct asn1_cursor *private_key,
174 const struct asn1_cursor *public_key );
175};
176
177/** An elliptic curve */
178struct elliptic_curve {
179 /** Curve name */
180 const char *name;
181 /** Point (and public key) size */
182 size_t pointsize;
183 /** Scalar (and private key) size */
184 size_t keysize;
185 /** Generator base point */
186 const void *base;
187 /** Order of the generator (if prime) */
188 const void *order;
189 /** Check if this is the point at infinity
190 *
191 * @v point Curve point
192 * @ret is_infinity This is the point at infinity
193 *
194 * The point at infinity cannot be represented in affine
195 * coordinates. Each curve must choose a representation of
196 * the point at infinity (e.g. all zeroes).
197 */
198 int ( * is_infinity ) ( const void *point );
199 /** Multiply scalar by curve point
200 *
201 * @v base Base point
202 * @v scalar Scalar multiple
203 * @v result Result point to fill in
204 * @ret rc Return status code
205 */
206 int ( * multiply ) ( const void *base, const void *scalar,
207 void *result );
208 /** Add curve points (as a one-off operation)
209 *
210 * @v addend Curve point to add
211 * @v augend Curve point to add
212 * @v result Curve point to hold result
213 * @ret rc Return status code
214 */
215 int ( * add ) ( const void *addend, const void *augend, void *result );
216};
217
218static inline __attribute__ (( always_inline )) void
219digest_init ( struct digest_algorithm *digest, void *ctx ) {
220 digest->init ( ctx );
221}
222
223static inline __attribute__ (( always_inline )) void
224digest_update ( struct digest_algorithm *digest, void *ctx,
225 const void *data, size_t len ) {
226 digest->update ( ctx, data, len );
227}
228
229static inline __attribute__ (( always_inline )) void
230digest_final ( struct digest_algorithm *digest, void *ctx, void *out ) {
231 digest->final ( ctx, out );
232}
233
234static inline __attribute__ (( always_inline )) int
235cipher_setkey ( struct cipher_algorithm *cipher, void *ctx,
236 const void *key, size_t keylen ) {
237 return cipher->setkey ( ctx, key, keylen );
238}
239
240static inline __attribute__ (( always_inline )) void
241cipher_setiv ( struct cipher_algorithm *cipher, void *ctx,
242 const void *iv, size_t ivlen ) {
243 cipher->setiv ( ctx, iv, ivlen );
244}
245
246static inline __attribute__ (( always_inline )) void
247cipher_encrypt ( struct cipher_algorithm *cipher, void *ctx,
248 const void *src, void *dst, size_t len ) {
249 cipher->encrypt ( ctx, src, dst, len );
250}
251#define cipher_encrypt( cipher, ctx, src, dst, len ) do { \
252 assert ( ( (len) & ( (cipher)->blocksize - 1 ) ) == 0 ); \
253 cipher_encrypt ( (cipher), (ctx), (src), (dst), (len) ); \
254 } while ( 0 )
255
256static inline __attribute__ (( always_inline )) void
257cipher_decrypt ( struct cipher_algorithm *cipher, void *ctx,
258 const void *src, void *dst, size_t len ) {
259 cipher->decrypt ( ctx, src, dst, len );
260}
261#define cipher_decrypt( cipher, ctx, src, dst, len ) do { \
262 assert ( ( (len) & ( (cipher)->blocksize - 1 ) ) == 0 ); \
263 cipher_decrypt ( (cipher), (ctx), (src), (dst), (len) ); \
264 } while ( 0 )
265
266static inline __attribute__ (( always_inline )) void
267cipher_auth ( struct cipher_algorithm *cipher, void *ctx, void *auth ) {
268 cipher->auth ( ctx, auth );
269}
270
271static inline __attribute__ (( always_inline )) int
272is_stream_cipher ( struct cipher_algorithm *cipher ) {
273 return ( cipher->blocksize == 1 );
274}
275
276static inline __attribute__ (( always_inline )) int
277is_block_cipher ( struct cipher_algorithm *cipher ) {
278 return ( cipher->blocksize > 1 );
279}
280
281static inline __attribute__ (( always_inline )) int
282is_auth_cipher ( struct cipher_algorithm *cipher ) {
283 return cipher->authsize;
284}
285
286static inline __attribute__ (( always_inline )) int
287pubkey_encrypt ( struct pubkey_algorithm *pubkey, const struct asn1_cursor *key,
288 const struct asn1_cursor *plaintext,
289 struct asn1_builder *ciphertext ) {
290 return pubkey->encrypt ( key, plaintext, ciphertext );
291}
292
293static inline __attribute__ (( always_inline )) int
294pubkey_decrypt ( struct pubkey_algorithm *pubkey, const struct asn1_cursor *key,
295 const struct asn1_cursor *ciphertext,
296 struct asn1_builder *plaintext ) {
297 return pubkey->decrypt ( key, ciphertext, plaintext );
298}
299
300static inline __attribute__ (( always_inline )) int
301pubkey_sign ( struct pubkey_algorithm *pubkey, const struct asn1_cursor *key,
302 struct digest_algorithm *digest, const void *value,
303 struct asn1_builder *signature ) {
304 return pubkey->sign ( key, digest, value, signature );
305}
306
307static inline __attribute__ (( always_inline )) int
308pubkey_verify ( struct pubkey_algorithm *pubkey, const struct asn1_cursor *key,
309 struct digest_algorithm *digest, const void *value,
310 const struct asn1_cursor *signature ) {
311 return pubkey->verify ( key, digest, value, signature );
312}
313
314static inline __attribute__ (( always_inline )) int
315pubkey_match ( struct pubkey_algorithm *pubkey,
316 const struct asn1_cursor *private_key,
317 const struct asn1_cursor *public_key ) {
318 return pubkey->match ( private_key, public_key );
319}
320
321static inline __attribute__ (( always_inline )) int
322elliptic_is_infinity ( struct elliptic_curve *curve, const void *point ) {
323 return curve->is_infinity ( point );
324}
325
326static inline __attribute__ (( always_inline )) int
327elliptic_multiply ( struct elliptic_curve *curve,
328 const void *base, const void *scalar, void *result ) {
329 return curve->multiply ( base, scalar, result );
330}
331
332static inline __attribute__ (( always_inline )) int
333elliptic_add ( struct elliptic_curve *curve, const void *addend,
334 const void *augend, void *result ) {
335 return curve->add ( addend, augend, result );
336}
337
338extern void digest_null_init ( void *ctx );
339extern void digest_null_update ( void *ctx, const void *src, size_t len );
340extern void digest_null_final ( void *ctx, void *out );
341
342extern int cipher_null_setkey ( void *ctx, const void *key, size_t keylen );
343extern void cipher_null_setiv ( void *ctx, const void *iv, size_t ivlen );
344extern void cipher_null_encrypt ( void *ctx, const void *src, void *dst,
345 size_t len );
346extern void cipher_null_decrypt ( void *ctx, const void *src, void *dst,
347 size_t len );
348extern void cipher_null_auth ( void *ctx, void *auth );
349
350extern int pubkey_null_encrypt ( const struct asn1_cursor *key,
351 const struct asn1_cursor *plaintext,
352 struct asn1_builder *ciphertext );
353extern int pubkey_null_decrypt ( const struct asn1_cursor *key,
354 const struct asn1_cursor *ciphertext,
355 struct asn1_builder *plaintext );
356extern int pubkey_null_sign ( const struct asn1_cursor *key,
357 struct digest_algorithm *digest,
358 const void *value,
359 struct asn1_builder *signature );
360extern int pubkey_null_verify ( const struct asn1_cursor *key,
361 struct digest_algorithm *digest,
362 const void *value,
363 const struct asn1_cursor *signature );
364
365extern struct digest_algorithm digest_null;
366extern struct cipher_algorithm cipher_null;
367extern struct pubkey_algorithm pubkey_null;
368
369#endif /* _IPXE_CRYPTO_H */
key
union @162305117151260234136356364136041353210355154177 key
Sense key.
Definition scsi.h:3
ctx
struct golan_eq_context ctx
Definition CIB_PRM.h:0
signature
u8 signature
CPU signature.
Definition CIB_PRM.h:7
out
__be32 out[4]
Definition CIB_PRM.h:8
value
pseudo_bit_t value[0x00020]
Definition arbel.h:2
result
uint16_t result
Definition hyperv.h:33
src
static const void * src
Definition string.h:48
asn1.h
ASN.1 encoding.
assert.h
Assertions.
cipher_null
struct cipher_algorithm cipher_null
Definition crypto_null.c:84
pubkey_null
struct pubkey_algorithm pubkey_null
Definition crypto_null.c:123
digest_null
struct digest_algorithm digest_null
Definition crypto_null.c:49
len
ring len
Length.
Definition dwmac.h:226
data
uint8_t data[48]
Additional event data.
Definition ena.h:11
FILE_LICENCE
#define FILE_LICENCE(_licence)
Declare a particular licence as applying to a file.
Definition compiler.h:896
FILE_SECBOOT
#define FILE_SECBOOT(_status)
Declare a file's UEFI Secure Boot permission status.
Definition compiler.h:926
__attribute__
#define __attribute__(x)
Definition compiler.h:10
is_block_cipher
static int is_block_cipher(struct cipher_algorithm *cipher)
Definition crypto.h:277
pubkey_null_decrypt
int pubkey_null_decrypt(const struct asn1_cursor *key, const struct asn1_cursor *ciphertext, struct asn1_builder *plaintext)
pubkey_null_encrypt
int pubkey_null_encrypt(const struct asn1_cursor *key, const struct asn1_cursor *plaintext, struct asn1_builder *ciphertext)
pubkey_match
static int pubkey_match(struct pubkey_algorithm *pubkey, const struct asn1_cursor *private_key, const struct asn1_cursor *public_key)
Definition crypto.h:315
digest_init
static void digest_init(struct digest_algorithm *digest, void *ctx)
Definition crypto.h:219
elliptic_multiply
static int elliptic_multiply(struct elliptic_curve *curve, const void *base, const void *scalar, void *result)
Definition crypto.h:327
cipher_null_setiv
void cipher_null_setiv(void *ctx, const void *iv, size_t ivlen)
cipher_setkey
static int cipher_setkey(struct cipher_algorithm *cipher, void *ctx, const void *key, size_t keylen)
Definition crypto.h:235
cipher_null_encrypt
void cipher_null_encrypt(void *ctx, const void *src, void *dst, size_t len)
digest_null_update
void digest_null_update(void *ctx, const void *src, size_t len)
digest_final
static void digest_final(struct digest_algorithm *digest, void *ctx, void *out)
Definition crypto.h:230
elliptic_is_infinity
static int elliptic_is_infinity(struct elliptic_curve *curve, const void *point)
Definition crypto.h:322
is_stream_cipher
static int is_stream_cipher(struct cipher_algorithm *cipher)
Definition crypto.h:272
pubkey_encrypt
static int pubkey_encrypt(struct pubkey_algorithm *pubkey, const struct asn1_cursor *key, const struct asn1_cursor *plaintext, struct asn1_builder *ciphertext)
Definition crypto.h:287
cipher_null_decrypt
void cipher_null_decrypt(void *ctx, const void *src, void *dst, size_t len)
pubkey_verify
static int pubkey_verify(struct pubkey_algorithm *pubkey, const struct asn1_cursor *key, struct digest_algorithm *digest, const void *value, const struct asn1_cursor *signature)
Definition crypto.h:308
elliptic_add
static int elliptic_add(struct elliptic_curve *curve, const void *addend, const void *augend, void *result)
Definition crypto.h:333
pubkey_null_verify
int pubkey_null_verify(const struct asn1_cursor *key, struct digest_algorithm *digest, const void *value, const struct asn1_cursor *signature)
pubkey_null_sign
int pubkey_null_sign(const struct asn1_cursor *key, struct digest_algorithm *digest, const void *value, struct asn1_builder *signature)
digest_update
static void digest_update(struct digest_algorithm *digest, void *ctx, const void *data, size_t len)
Definition crypto.h:224
cipher_setiv
static void cipher_setiv(struct cipher_algorithm *cipher, void *ctx, const void *iv, size_t ivlen)
Definition crypto.h:241
cipher_decrypt
#define cipher_decrypt(cipher, ctx, src, dst, len)
Definition crypto.h:261
pubkey_decrypt
static int pubkey_decrypt(struct pubkey_algorithm *pubkey, const struct asn1_cursor *key, const struct asn1_cursor *ciphertext, struct asn1_builder *plaintext)
Definition crypto.h:294
cipher_null_auth
void cipher_null_auth(void *ctx, void *auth)
digest_null_final
void digest_null_final(void *ctx, void *out)
cipher_null_setkey
int cipher_null_setkey(void *ctx, const void *key, size_t keylen)
is_auth_cipher
static int is_auth_cipher(struct cipher_algorithm *cipher)
Definition crypto.h:282
digest_null_init
void digest_null_init(void *ctx)
pubkey_sign
static int pubkey_sign(struct pubkey_algorithm *pubkey, const struct asn1_cursor *key, struct digest_algorithm *digest, const void *value, struct asn1_builder *signature)
Definition crypto.h:301
cipher_encrypt
#define cipher_encrypt(cipher, ctx, src, dst, len)
Definition crypto.h:251
cipher_auth
static void cipher_auth(struct cipher_algorithm *cipher, void *ctx, void *auth)
Definition crypto.h:267
base
uint32_t base
Base.
Definition librm.h:3
asn1_builder
An ASN.1 object builder.
Definition asn1.h:29
asn1_cursor
An ASN.1 object cursor.
Definition asn1.h:21
cipher_algorithm
A cipher algorithm.
Definition crypto.h:51
cipher_algorithm::setkey
int(* setkey)(void *ctx, const void *key, size_t keylen)
Set key.
Definition crypto.h:83
cipher_algorithm::setiv
void(* setiv)(void *ctx, const void *iv, size_t ivlen)
Set initialisation vector.
Definition crypto.h:90
cipher_algorithm::decrypt
void(* decrypt)(void *ctx, const void *src, void *dst, size_t len)
Decrypt data.
Definition crypto.h:111
cipher_algorithm::auth
void(* auth)(void *ctx, void *auth)
Generate authentication tag.
Definition crypto.h:118
cipher_algorithm::encrypt
void(* encrypt)(void *ctx, const void *src, void *dst, size_t len)
Encrypt data.
Definition crypto.h:100
cipher_algorithm::name
const char * name
Algorithm name.
Definition crypto.h:53
cipher_algorithm::blocksize
size_t blocksize
Block size.
Definition crypto.h:61
cipher_algorithm::ctxsize
size_t ctxsize
Context size.
Definition crypto.h:55
cipher_algorithm::authsize
size_t authsize
Authentication tag size.
Definition crypto.h:75
cipher_algorithm::alignsize
size_t alignsize
Alignment size.
Definition crypto.h:73
digest_algorithm
A message digest algorithm.
Definition crypto.h:19
digest_algorithm::digestsize
size_t digestsize
Digest size.
Definition crypto.h:27
digest_algorithm::blocksize
size_t blocksize
Block size.
Definition crypto.h:25
digest_algorithm::init
void(* init)(void *ctx)
Initialise digest.
Definition crypto.h:32
digest_algorithm::ctxsize
size_t ctxsize
Context size.
Definition crypto.h:23
digest_algorithm::name
const char * name
Algorithm name.
Definition crypto.h:21
digest_algorithm::final
void(* final)(void *ctx, void *out)
Finalise digest.
Definition crypto.h:47
digest_algorithm::update
void(* update)(void *ctx, const void *src, size_t len)
Update digest with new data.
Definition crypto.h:41
elliptic_curve
An elliptic curve.
Definition crypto.h:178
elliptic_curve::is_infinity
int(* is_infinity)(const void *point)
Check if this is the point at infinity.
Definition crypto.h:198
elliptic_curve::order
const void * order
Order of the generator (if prime)
Definition crypto.h:188
elliptic_curve::add
int(* add)(const void *addend, const void *augend, void *result)
Add curve points (as a one-off operation)
Definition crypto.h:215
elliptic_curve::name
const char * name
Curve name.
Definition crypto.h:180
elliptic_curve::keysize
size_t keysize
Scalar (and private key) size.
Definition crypto.h:184
elliptic_curve::pointsize
size_t pointsize
Point (and public key) size.
Definition crypto.h:182
elliptic_curve::base
const void * base
Generator base point.
Definition crypto.h:186
elliptic_curve::multiply
int(* multiply)(const void *base, const void *scalar, void *result)
Multiply scalar by curve point.
Definition crypto.h:206
private_key
A private key.
Definition privkey.h:17
pubkey_algorithm
A public key algorithm.
Definition crypto.h:122
pubkey_algorithm::sign
int(* sign)(const struct asn1_cursor *key, struct digest_algorithm *digest, const void *value, struct asn1_builder *builder)
Sign digest value.
Definition crypto.h:153
pubkey_algorithm::decrypt
int(* decrypt)(const struct asn1_cursor *key, const struct asn1_cursor *ciphertext, struct asn1_builder *plaintext)
Decrypt.
Definition crypto.h:142
pubkey_algorithm::match
int(* match)(const struct asn1_cursor *private_key, const struct asn1_cursor *public_key)
Check that public key matches private key.
Definition crypto.h:173
pubkey_algorithm::verify
int(* verify)(const struct asn1_cursor *key, struct digest_algorithm *digest, const void *value, const struct asn1_cursor *signature)
Verify signed digest value.
Definition crypto.h:164
pubkey_algorithm::encrypt
int(* encrypt)(const struct asn1_cursor *key, const struct asn1_cursor *plaintext, struct asn1_builder *ciphertext)
Encrypt.
Definition crypto.h:132
pubkey_algorithm::name
const char * name
Algorithm name.
Definition crypto.h:124
iv
u8 iv[16]
Initialization vector.
Definition wpa.h:33
Generated by doxygen 1.14.0