iPXE
crypto.h
Go to the documentation of this file.
1 #ifndef _IPXE_CRYPTO_H
2 #define _IPXE_CRYPTO_H
3 
4 /** @file
5  *
6  * Cryptographic API
7  *
8  */
9 
10 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
11 
12 #include <stdint.h>
13 #include <stddef.h>
14 #include <assert.h>
15 
16 /** A message digest algorithm */
18  /** Algorithm name */
19  const char *name;
20  /** Context size */
21  size_t ctxsize;
22  /** Block size */
23  size_t blocksize;
24  /** Digest size */
25  size_t digestsize;
26  /** Initialise digest
27  *
28  * @v ctx Context
29  */
30  void ( * init ) ( void *ctx );
31  /** Update digest with new data
32  *
33  * @v ctx Context
34  * @v src Data to digest
35  * @v len Length of data
36  *
37  * @v len is not necessarily a multiple of @c blocksize.
38  */
39  void ( * update ) ( void *ctx, const void *src, size_t len );
40  /** Finalise digest
41  *
42  * @v ctx Context
43  * @v out Buffer for digest output
44  */
45  void ( * final ) ( void *ctx, void *out );
46 };
47 
48 /** A cipher algorithm */
50  /** Algorithm name */
51  const char *name;
52  /** Context size */
53  size_t ctxsize;
54  /** Block size
55  *
56  * Every call to encrypt() or decrypt() must be for a multiple
57  * of this size.
58  */
59  size_t blocksize;
60  /** Alignment size
61  *
62  * Every call to encrypt() or decrypt() must begin at a
63  * multiple of this offset from the start of the stream.
64  * (Equivalently: all but the last call to encrypt() or
65  * decrypt() must be for a multiple of this size.)
66  *
67  * For ciphers supporting additional data, the main data
68  * stream and additional data stream are both considered to
69  * begin at offset zero.
70  */
71  size_t alignsize;
72  /** Authentication tag size */
73  size_t authsize;
74  /** Set key
75  *
76  * @v ctx Context
77  * @v key Key
78  * @v keylen Key length
79  * @ret rc Return status code
80  */
81  int ( * setkey ) ( void *ctx, const void *key, size_t keylen );
82  /** Set initialisation vector
83  *
84  * @v ctx Context
85  * @v iv Initialisation vector
86  * @v ivlen Initialisation vector length
87  */
88  void ( * setiv ) ( void *ctx, const void *iv, size_t ivlen );
89  /** Encrypt data
90  *
91  * @v ctx Context
92  * @v src Data to encrypt
93  * @v dst Buffer for encrypted data, or NULL for additional data
94  * @v len Length of data
95  *
96  * @v len is guaranteed to be a multiple of @c blocksize.
97  */
98  void ( * encrypt ) ( void *ctx, const void *src, void *dst,
99  size_t len );
100  /** Decrypt data
101  *
102  * @v ctx Context
103  * @v src Data to decrypt
104  * @v dst Buffer for decrypted data, or NULL for additional data
105  * @v len Length of data
106  *
107  * @v len is guaranteed to be a multiple of @c blocksize.
108  */
109  void ( * decrypt ) ( void *ctx, const void *src, void *dst,
110  size_t len );
111  /** Generate authentication tag
112  *
113  * @v ctx Context
114  * @v auth Authentication tag
115  */
116  void ( * auth ) ( void *ctx, void *auth );
117 };
118 
119 /** A public key algorithm */
121  /** Algorithm name */
122  const char *name;
123  /** Context size */
124  size_t ctxsize;
125  /** Initialise algorithm
126  *
127  * @v ctx Context
128  * @v key Key
129  * @v key_len Length of key
130  * @ret rc Return status code
131  */
132  int ( * init ) ( void *ctx, const void *key, size_t key_len );
133  /** Calculate maximum output length
134  *
135  * @v ctx Context
136  * @ret max_len Maximum output length
137  */
138  size_t ( * max_len ) ( void *ctx );
139  /** Encrypt
140  *
141  * @v ctx Context
142  * @v plaintext Plaintext
143  * @v plaintext_len Length of plaintext
144  * @v ciphertext Ciphertext
145  * @ret ciphertext_len Length of ciphertext, or negative error
146  */
147  int ( * encrypt ) ( void *ctx, const void *data, size_t len,
148  void *out );
149  /** Decrypt
150  *
151  * @v ctx Context
152  * @v ciphertext Ciphertext
153  * @v ciphertext_len Ciphertext length
154  * @v plaintext Plaintext
155  * @ret plaintext_len Plaintext length, or negative error
156  */
157  int ( * decrypt ) ( void *ctx, const void *data, size_t len,
158  void *out );
159  /** Sign digest value
160  *
161  * @v ctx Context
162  * @v digest Digest algorithm
163  * @v value Digest value
164  * @v signature Signature
165  * @ret signature_len Signature length, or negative error
166  */
167  int ( * sign ) ( void *ctx, struct digest_algorithm *digest,
168  const void *value, void *signature );
169  /** Verify signed digest value
170  *
171  * @v ctx Context
172  * @v digest Digest algorithm
173  * @v value Digest value
174  * @v signature Signature
175  * @v signature_len Signature length
176  * @ret rc Return status code
177  */
178  int ( * verify ) ( void *ctx, struct digest_algorithm *digest,
179  const void *value, const void *signature,
180  size_t signature_len );
181  /** Finalise algorithm
182  *
183  * @v ctx Context
184  */
185  void ( * final ) ( void *ctx );
186  /** Check that public key matches private key
187  *
188  * @v private_key Private key
189  * @v private_key_len Private key length
190  * @v public_key Public key
191  * @v public_key_len Public key length
192  * @ret rc Return status code
193  */
194  int ( * match ) ( const void *private_key, size_t private_key_len,
195  const void *public_key, size_t public_key_len );
196 };
197 
198 /** An elliptic curve */
200  /** Curve name */
201  const char *name;
202  /** Key size */
203  size_t keysize;
204  /** Multiply scalar by curve point
205  *
206  * @v base Base point (or NULL to use generator)
207  * @v scalar Scalar multiple
208  * @v result Result point to fill in
209  * @ret rc Return status code
210  */
211  int ( * multiply ) ( const void *base, const void *scalar,
212  void *result );
213 };
214 
215 static inline __attribute__ (( always_inline )) void
216 digest_init ( struct digest_algorithm *digest, void *ctx ) {
217  digest->init ( ctx );
218 }
219 
220 static inline __attribute__ (( always_inline )) void
221 digest_update ( struct digest_algorithm *digest, void *ctx,
222  const void *data, size_t len ) {
223  digest->update ( ctx, data, len );
224 }
225 
226 static inline __attribute__ (( always_inline )) void
227 digest_final ( struct digest_algorithm *digest, void *ctx, void *out ) {
228  digest->final ( ctx, out );
229 }
230 
231 static inline __attribute__ (( always_inline )) int
232 cipher_setkey ( struct cipher_algorithm *cipher, void *ctx,
233  const void *key, size_t keylen ) {
234  return cipher->setkey ( ctx, key, keylen );
235 }
236 
237 static inline __attribute__ (( always_inline )) void
238 cipher_setiv ( struct cipher_algorithm *cipher, void *ctx,
239  const void *iv, size_t ivlen ) {
240  cipher->setiv ( ctx, iv, ivlen );
241 }
242 
243 static inline __attribute__ (( always_inline )) void
244 cipher_encrypt ( struct cipher_algorithm *cipher, void *ctx,
245  const void *src, void *dst, size_t len ) {
246  cipher->encrypt ( ctx, src, dst, len );
247 }
248 #define cipher_encrypt( cipher, ctx, src, dst, len ) do { \
249  assert ( ( (len) & ( (cipher)->blocksize - 1 ) ) == 0 ); \
250  cipher_encrypt ( (cipher), (ctx), (src), (dst), (len) ); \
251  } while ( 0 )
252 
253 static inline __attribute__ (( always_inline )) void
254 cipher_decrypt ( struct cipher_algorithm *cipher, void *ctx,
255  const void *src, void *dst, size_t len ) {
256  cipher->decrypt ( ctx, src, dst, len );
257 }
258 #define cipher_decrypt( cipher, ctx, src, dst, len ) do { \
259  assert ( ( (len) & ( (cipher)->blocksize - 1 ) ) == 0 ); \
260  cipher_decrypt ( (cipher), (ctx), (src), (dst), (len) ); \
261  } while ( 0 )
262 
263 static inline __attribute__ (( always_inline )) void
264 cipher_auth ( struct cipher_algorithm *cipher, void *ctx, void *auth ) {
265  cipher->auth ( ctx, auth );
266 }
267 
268 static inline __attribute__ (( always_inline )) int
269 is_stream_cipher ( struct cipher_algorithm *cipher ) {
270  return ( cipher->blocksize == 1 );
271 }
272 
273 static inline __attribute__ (( always_inline )) int
274 is_block_cipher ( struct cipher_algorithm *cipher ) {
275  return ( cipher->blocksize > 1 );
276 }
277 
278 static inline __attribute__ (( always_inline )) int
279 is_auth_cipher ( struct cipher_algorithm *cipher ) {
280  return cipher->authsize;
281 }
282 
283 static inline __attribute__ (( always_inline )) int
284 pubkey_init ( struct pubkey_algorithm *pubkey, void *ctx,
285  const void *key, size_t key_len ) {
286  return pubkey->init ( ctx, key, key_len );
287 }
288 
289 static inline __attribute__ (( always_inline )) size_t
290 pubkey_max_len ( struct pubkey_algorithm *pubkey, void *ctx ) {
291  return pubkey->max_len ( ctx );
292 }
293 
294 static inline __attribute__ (( always_inline )) int
295 pubkey_encrypt ( struct pubkey_algorithm *pubkey, void *ctx,
296  const void *data, size_t len, void *out ) {
297  return pubkey->encrypt ( ctx, data, len, out );
298 }
299 
300 static inline __attribute__ (( always_inline )) int
301 pubkey_decrypt ( struct pubkey_algorithm *pubkey, void *ctx,
302  const void *data, size_t len, void *out ) {
303  return pubkey->decrypt ( ctx, data, len, out );
304 }
305 
306 static inline __attribute__ (( always_inline )) int
307 pubkey_sign ( struct pubkey_algorithm *pubkey, void *ctx,
308  struct digest_algorithm *digest, const void *value,
309  void *signature ) {
310  return pubkey->sign ( ctx, digest, value, signature );
311 }
312 
313 static inline __attribute__ (( always_inline )) int
314 pubkey_verify ( struct pubkey_algorithm *pubkey, void *ctx,
315  struct digest_algorithm *digest, const void *value,
316  const void *signature, size_t signature_len ) {
317  return pubkey->verify ( ctx, digest, value, signature, signature_len );
318 }
319 
320 static inline __attribute__ (( always_inline )) void
321 pubkey_final ( struct pubkey_algorithm *pubkey, void *ctx ) {
322  pubkey->final ( ctx );
323 }
324 
325 static inline __attribute__ (( always_inline )) int
326 pubkey_match ( struct pubkey_algorithm *pubkey,
327  const void *private_key, size_t private_key_len,
328  const void *public_key, size_t public_key_len ) {
329  return pubkey->match ( private_key, private_key_len, public_key,
330  public_key_len );
331 }
332 
333 static inline __attribute__ (( always_inline )) int
334 elliptic_multiply ( struct elliptic_curve *curve,
335  const void *base, const void *scalar, void *result ) {
336  return curve->multiply ( base, scalar, result );
337 }
338 
339 extern void digest_null_init ( void *ctx );
340 extern void digest_null_update ( void *ctx, const void *src, size_t len );
341 extern void digest_null_final ( void *ctx, void *out );
342 
343 extern int cipher_null_setkey ( void *ctx, const void *key, size_t keylen );
344 extern void cipher_null_setiv ( void *ctx, const void *iv, size_t ivlen );
345 extern void cipher_null_encrypt ( void *ctx, const void *src, void *dst,
346  size_t len );
347 extern void cipher_null_decrypt ( void *ctx, const void *src, void *dst,
348  size_t len );
349 extern void cipher_null_auth ( void *ctx, void *auth );
350 
351 extern int pubkey_null_init ( void *ctx, const void *key, size_t key_len );
352 extern size_t pubkey_null_max_len ( void *ctx );
353 extern int pubkey_null_encrypt ( void *ctx, const void *plaintext,
354  size_t plaintext_len, void *ciphertext );
355 extern int pubkey_null_decrypt ( void *ctx, const void *ciphertext,
356  size_t ciphertext_len, void *plaintext );
357 extern int pubkey_null_sign ( void *ctx, struct digest_algorithm *digest,
358  const void *value, void *signature );
359 extern int pubkey_null_verify ( void *ctx, struct digest_algorithm *digest,
360  const void *value, const void *signature ,
361  size_t signature_len );
362 
363 extern struct digest_algorithm digest_null;
364 extern struct cipher_algorithm cipher_null;
365 extern struct pubkey_algorithm pubkey_null;
366 
367 #endif /* _IPXE_CRYPTO_H */
int(* multiply)(const void *base, const void *scalar, void *result)
Multiply scalar by curve point.
Definition: crypto.h:211
size_t blocksize
Block size.
Definition: crypto.h:59
void(* decrypt)(void *ctx, const void *src, void *dst, size_t len)
Decrypt data.
Definition: crypto.h:109
static const void const void void * result
Definition: crypto.h:335
struct cipher_algorithm cipher_null
Definition: crypto_null.c:83
static void struct digest_algorithm const void * value
Definition: crypto.h:308
__SIZE_TYPE__ size_t
Definition: stdint.h:6
static void const void void * dst
Definition: crypto.h:244
void(* init)(void *ctx)
Initialise digest.
Definition: crypto.h:30
int pubkey_null_verify(void *ctx, struct digest_algorithm *digest, const void *value, const void *signature, size_t signature_len)
static void struct digest_algorithm const void void * signature
Definition: crypto.h:309
size_t alignsize
Alignment size.
Definition: crypto.h:71
static const void const void * scalar
Definition: crypto.h:335
static void const void * key
Definition: crypto.h:232
static void const void * src
Definition: crypto.h:244
void cipher_null_setiv(void *ctx, const void *iv, size_t ivlen)
void(* final)(void *ctx, void *out)
Finalise digest.
Definition: crypto.h:45
static const void * base
Base address.
Definition: crypto.h:335
static void void * auth
Definition: crypto.h:264
size_t ctxsize
Context size.
Definition: crypto.h:124
struct digest_algorithm digest_null
Definition: crypto_null.c:48
int(* match)(const void *private_key, size_t private_key_len, const void *public_key, size_t public_key_len)
Check that public key matches private key.
Definition: crypto.h:194
void cipher_null_auth(void *ctx, void *auth)
static void const void size_t key_len
Definition: crypto.h:285
static void const void size_t ivlen
Definition: crypto.h:239
void(* encrypt)(void *ctx, const void *src, void *dst, size_t len)
Encrypt data.
Definition: crypto.h:98
#define cipher_encrypt(cipher, ctx, src, dst, len)
Definition: crypto.h:248
static void const void size_t len
Definition: crypto.h:222
int(* verify)(void *ctx, struct digest_algorithm *digest, const void *value, const void *signature, size_t signature_len)
Verify signed digest value.
Definition: crypto.h:178
size_t authsize
Authentication tag size.
Definition: crypto.h:73
size_t blocksize
Block size.
Definition: crypto.h:23
static const void * private_key
Private key.
Definition: crypto.h:327
void(* setiv)(void *ctx, const void *iv, size_t ivlen)
Set initialisation vector.
Definition: crypto.h:88
static void const void size_t keylen
Definition: crypto.h:233
Assertions.
void digest_null_update(void *ctx, const void *src, size_t len)
static const void size_t const void * public_key
Definition: crypto.h:327
static void struct digest_algorithm * digest
HMAC-MD5 digest.
Definition: crypto.h:308
void(* update)(void *ctx, const void *src, size_t len)
Update digest with new data.
Definition: crypto.h:39
struct pubkey_algorithm pubkey_null
Definition: crypto_null.c:135
static void struct digest_algorithm const void const void size_t signature_len
Definition: crypto.h:316
const char * name
Curve name.
Definition: crypto.h:201
int pubkey_null_encrypt(void *ctx, const void *plaintext, size_t plaintext_len, void *ciphertext)
int(* encrypt)(void *ctx, const void *data, size_t len, void *out)
Encrypt.
Definition: crypto.h:147
size_t keysize
Key size.
Definition: crypto.h:203
void cipher_null_encrypt(void *ctx, const void *src, void *dst, size_t len)
void(* final)(void *ctx)
Finalise algorithm.
Definition: crypto.h:185
void(* auth)(void *ctx, void *auth)
Generate authentication tag.
Definition: crypto.h:116
size_t(* max_len)(void *ctx)
Calculate maximum output length.
Definition: crypto.h:138
int pubkey_null_sign(void *ctx, struct digest_algorithm *digest, const void *value, void *signature)
size_t ctxsize
Context size.
Definition: crypto.h:53
#define cipher_decrypt(cipher, ctx, src, dst, len)
Definition: crypto.h:258
int(* decrypt)(void *ctx, const void *data, size_t len, void *out)
Decrypt.
Definition: crypto.h:157
void digest_null_final(void *ctx, void *out)
FILE_LICENCE(GPL2_OR_LATER_OR_UBDL)
An elliptic curve.
Definition: crypto.h:199
size_t ctxsize
Context size.
Definition: crypto.h:21
static void const void * iv
Definition: crypto.h:238
int(* setkey)(void *ctx, const void *key, size_t keylen)
Set key.
Definition: crypto.h:81
size_t digestsize
Digest size.
Definition: crypto.h:25
static void * ctx
Definition: crypto.h:216
static const void size_t private_key_len
Definition: crypto.h:327
const char * name
Algorithm name.
Definition: crypto.h:19
int(* init)(void *ctx, const void *key, size_t key_len)
Initialise algorithm.
Definition: crypto.h:132
int cipher_null_setkey(void *ctx, const void *key, size_t keylen)
void cipher_null_decrypt(void *ctx, const void *src, void *dst, size_t len)
A message digest algorithm.
Definition: crypto.h:17
static __attribute__((always_inline)) void digest_init(struct digest_algorithm *digest
Definition: crypto.h:268
static void const void * data
Definition: crypto.h:221
A cipher algorithm.
Definition: crypto.h:49
A private key.
Definition: privkey.h:16
int pubkey_null_decrypt(void *ctx, const void *ciphertext, size_t ciphertext_len, void *plaintext)
void digest_null_init(void *ctx)
int pubkey_null_init(void *ctx, const void *key, size_t key_len)
static void void * out
Definition: crypto.h:227
const char * name
Algorithm name.
Definition: crypto.h:51
size_t pubkey_null_max_len(void *ctx)
static const void size_t const void size_t public_key_len
Definition: crypto.h:328
A public key algorithm.
Definition: crypto.h:120
const char * name
Algorithm name.
Definition: crypto.h:122
int(* sign)(void *ctx, struct digest_algorithm *digest, const void *value, void *signature)
Sign digest value.
Definition: crypto.h:167