iPXE
crypto.h
Go to the documentation of this file.
1 #ifndef _IPXE_CRYPTO_H
2 #define _IPXE_CRYPTO_H
3 
4 /** @file
5  *
6  * Cryptographic API
7  *
8  */
9 
10 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
11 
12 #include <stdint.h>
13 #include <stddef.h>
14 #include <assert.h>
15 #include <ipxe/asn1.h>
16 
17 /** A message digest algorithm */
18 struct digest_algorithm {
19  /** Algorithm name */
20  const char *name;
21  /** Context size */
22  size_t ctxsize;
23  /** Block size */
24  size_t blocksize;
25  /** Digest size */
26  size_t digestsize;
27  /** Initialise digest
28  *
29  * @v ctx Context
30  */
31  void ( * init ) ( void *ctx );
32  /** Update digest with new data
33  *
34  * @v ctx Context
35  * @v src Data to digest
36  * @v len Length of data
37  *
38  * @v len is not necessarily a multiple of @c blocksize.
39  */
40  void ( * update ) ( void *ctx, const void *src, size_t len );
41  /** Finalise digest
42  *
43  * @v ctx Context
44  * @v out Buffer for digest output
45  */
46  void ( * final ) ( void *ctx, void *out );
47 };
48 
49 /** A cipher algorithm */
50 struct cipher_algorithm {
51  /** Algorithm name */
52  const char *name;
53  /** Context size */
54  size_t ctxsize;
55  /** Block size
56  *
57  * Every call to encrypt() or decrypt() must be for a multiple
58  * of this size.
59  */
60  size_t blocksize;
61  /** Alignment size
62  *
63  * Every call to encrypt() or decrypt() must begin at a
64  * multiple of this offset from the start of the stream.
65  * (Equivalently: all but the last call to encrypt() or
66  * decrypt() must be for a multiple of this size.)
67  *
68  * For ciphers supporting additional data, the main data
69  * stream and additional data stream are both considered to
70  * begin at offset zero.
71  */
72  size_t alignsize;
73  /** Authentication tag size */
74  size_t authsize;
75  /** Set key
76  *
77  * @v ctx Context
78  * @v key Key
79  * @v keylen Key length
80  * @ret rc Return status code
81  */
82  int ( * setkey ) ( void *ctx, const void *key, size_t keylen );
83  /** Set initialisation vector
84  *
85  * @v ctx Context
86  * @v iv Initialisation vector
87  * @v ivlen Initialisation vector length
88  */
89  void ( * setiv ) ( void *ctx, const void *iv, size_t ivlen );
90  /** Encrypt data
91  *
92  * @v ctx Context
93  * @v src Data to encrypt
94  * @v dst Buffer for encrypted data, or NULL for additional data
95  * @v len Length of data
96  *
97  * @v len is guaranteed to be a multiple of @c blocksize.
98  */
99  void ( * encrypt ) ( void *ctx, const void *src, void *dst,
100  size_t len );
101  /** Decrypt data
102  *
103  * @v ctx Context
104  * @v src Data to decrypt
105  * @v dst Buffer for decrypted data, or NULL for additional data
106  * @v len Length of data
107  *
108  * @v len is guaranteed to be a multiple of @c blocksize.
109  */
110  void ( * decrypt ) ( void *ctx, const void *src, void *dst,
111  size_t len );
112  /** Generate authentication tag
113  *
114  * @v ctx Context
115  * @v auth Authentication tag
116  */
117  void ( * auth ) ( void *ctx, void *auth );
118 };
119 
120 /** A public key algorithm */
121 struct pubkey_algorithm {
122  /** Algorithm name */
123  const char *name;
124  /** Encrypt
125  *
126  * @v key Key
127  * @v plaintext Plaintext
128  * @v ciphertext Ciphertext
129  * @ret rc Return status code
130  */
131  int ( * encrypt ) ( const struct asn1_cursor *key,
132  const struct asn1_cursor *plaintext,
133  struct asn1_builder *ciphertext );
134  /** Decrypt
135  *
136  * @v key Key
137  * @v ciphertext Ciphertext
138  * @v plaintext Plaintext
139  * @ret rc Return status code
140  */
141  int ( * decrypt ) ( const struct asn1_cursor *key,
142  const struct asn1_cursor *ciphertext,
143  struct asn1_builder *plaintext );
144  /** Sign digest value
145  *
146  * @v key Key
147  * @v digest Digest algorithm
148  * @v value Digest value
149  * @v signature Signature
150  * @ret rc Return status code
151  */
152  int ( * sign ) ( const struct asn1_cursor *key,
153  struct digest_algorithm *digest, const void *value,
154  struct asn1_builder *builder );
155  /** Verify signed digest value
156  *
157  * @v key Key
158  * @v digest Digest algorithm
159  * @v value Digest value
160  * @v signature Signature
161  * @ret rc Return status code
162  */
163  int ( * verify ) ( const struct asn1_cursor *key,
164  struct digest_algorithm *digest, const void *value,
165  const struct asn1_cursor *signature );
166  /** Check that public key matches private key
167  *
168  * @v private_key Private key
169  * @v public_key Public key
170  * @ret rc Return status code
171  */
172  int ( * match ) ( const struct asn1_cursor *private_key,
173  const struct asn1_cursor *public_key );
174 };
175 
176 /** An elliptic curve */
177 struct elliptic_curve {
178  /** Curve name */
179  const char *name;
180  /** Point (and public key) size */
181  size_t pointsize;
182  /** Scalar (and private key) size */
183  size_t keysize;
184  /** Generator base point */
185  const void *base;
186  /** Order of the generator (if prime) */
187  const void *order;
188  /** Check if this is the point at infinity
189  *
190  * @v point Curve point
191  * @ret is_infinity This is the point at infinity
192  *
193  * The point at infinity cannot be represented in affine
194  * coordinates. Each curve must choose a representation of
195  * the point at infinity (e.g. all zeroes).
196  */
197  int ( * is_infinity ) ( const void *point );
198  /** Multiply scalar by curve point
199  *
200  * @v base Base point
201  * @v scalar Scalar multiple
202  * @v result Result point to fill in
203  * @ret rc Return status code
204  */
205  int ( * multiply ) ( const void *base, const void *scalar,
206  void *result );
207  /** Add curve points (as a one-off operation)
208  *
209  * @v addend Curve point to add
210  * @v augend Curve point to add
211  * @v result Curve point to hold result
212  * @ret rc Return status code
213  */
214  int ( * add ) ( const void *addend, const void *augend, void *result );
215 };
216 
217 static inline __attribute__ (( always_inline )) void
218 digest_init ( struct digest_algorithm *digest, void *ctx ) {
219  digest->init ( ctx );
220 }
221 
222 static inline __attribute__ (( always_inline )) void
223 digest_update ( struct digest_algorithm *digest, void *ctx,
224  const void *data, size_t len ) {
225  digest->update ( ctx, data, len );
226 }
227 
228 static inline __attribute__ (( always_inline )) void
229 digest_final ( struct digest_algorithm *digest, void *ctx, void *out ) {
230  digest->final ( ctx, out );
231 }
232 
233 static inline __attribute__ (( always_inline )) int
234 cipher_setkey ( struct cipher_algorithm *cipher, void *ctx,
235  const void *key, size_t keylen ) {
236  return cipher->setkey ( ctx, key, keylen );
237 }
238 
239 static inline __attribute__ (( always_inline )) void
240 cipher_setiv ( struct cipher_algorithm *cipher, void *ctx,
241  const void *iv, size_t ivlen ) {
242  cipher->setiv ( ctx, iv, ivlen );
243 }
244 
245 static inline __attribute__ (( always_inline )) void
246 cipher_encrypt ( struct cipher_algorithm *cipher, void *ctx,
247  const void *src, void *dst, size_t len ) {
248  cipher->encrypt ( ctx, src, dst, len );
249 }
250 #define cipher_encrypt( cipher, ctx, src, dst, len ) do { \
251  assert ( ( (len) & ( (cipher)->blocksize - 1 ) ) == 0 ); \
252  cipher_encrypt ( (cipher), (ctx), (src), (dst), (len) ); \
253  } while ( 0 )
254 
255 static inline __attribute__ (( always_inline )) void
256 cipher_decrypt ( struct cipher_algorithm *cipher, void *ctx,
257  const void *src, void *dst, size_t len ) {
258  cipher->decrypt ( ctx, src, dst, len );
259 }
260 #define cipher_decrypt( cipher, ctx, src, dst, len ) do { \
261  assert ( ( (len) & ( (cipher)->blocksize - 1 ) ) == 0 ); \
262  cipher_decrypt ( (cipher), (ctx), (src), (dst), (len) ); \
263  } while ( 0 )
264 
265 static inline __attribute__ (( always_inline )) void
266 cipher_auth ( struct cipher_algorithm *cipher, void *ctx, void *auth ) {
267  cipher->auth ( ctx, auth );
268 }
269 
270 static inline __attribute__ (( always_inline )) int
271 is_stream_cipher ( struct cipher_algorithm *cipher ) {
272  return ( cipher->blocksize == 1 );
273 }
274 
275 static inline __attribute__ (( always_inline )) int
276 is_block_cipher ( struct cipher_algorithm *cipher ) {
277  return ( cipher->blocksize > 1 );
278 }
279 
280 static inline __attribute__ (( always_inline )) int
281 is_auth_cipher ( struct cipher_algorithm *cipher ) {
282  return cipher->authsize;
283 }
284 
285 static inline __attribute__ (( always_inline )) int
286 pubkey_encrypt ( struct pubkey_algorithm *pubkey, const struct asn1_cursor *key,
287  const struct asn1_cursor *plaintext,
288  struct asn1_builder *ciphertext ) {
289  return pubkey->encrypt ( key, plaintext, ciphertext );
290 }
291 
292 static inline __attribute__ (( always_inline )) int
293 pubkey_decrypt ( struct pubkey_algorithm *pubkey, const struct asn1_cursor *key,
294  const struct asn1_cursor *ciphertext,
295  struct asn1_builder *plaintext ) {
296  return pubkey->decrypt ( key, ciphertext, plaintext );
297 }
298 
299 static inline __attribute__ (( always_inline )) int
300 pubkey_sign ( struct pubkey_algorithm *pubkey, const struct asn1_cursor *key,
301  struct digest_algorithm *digest, const void *value,
302  struct asn1_builder *signature ) {
303  return pubkey->sign ( key, digest, value, signature );
304 }
305 
306 static inline __attribute__ (( always_inline )) int
307 pubkey_verify ( struct pubkey_algorithm *pubkey, const struct asn1_cursor *key,
308  struct digest_algorithm *digest, const void *value,
309  const struct asn1_cursor *signature ) {
310  return pubkey->verify ( key, digest, value, signature );
311 }
312 
313 static inline __attribute__ (( always_inline )) int
314 pubkey_match ( struct pubkey_algorithm *pubkey,
315  const struct asn1_cursor *private_key,
316  const struct asn1_cursor *public_key ) {
317  return pubkey->match ( private_key, public_key );
318 }
319 
320 static inline __attribute__ (( always_inline )) int
321 elliptic_is_infinity ( struct elliptic_curve *curve, const void *point ) {
322  return curve->is_infinity ( point );
323 }
324 
325 static inline __attribute__ (( always_inline )) int
326 elliptic_multiply ( struct elliptic_curve *curve,
327  const void *base, const void *scalar, void *result ) {
328  return curve->multiply ( base, scalar, result );
329 }
330 
331 static inline __attribute__ (( always_inline )) int
332 elliptic_add ( struct elliptic_curve *curve, const void *addend,
333  const void *augend, void *result ) {
334  return curve->add ( addend, augend, result );
335 }
336 
337 extern void digest_null_init ( void *ctx );
338 extern void digest_null_update ( void *ctx, const void *src, size_t len );
339 extern void digest_null_final ( void *ctx, void *out );
340 
341 extern int cipher_null_setkey ( void *ctx, const void *key, size_t keylen );
342 extern void cipher_null_setiv ( void *ctx, const void *iv, size_t ivlen );
343 extern void cipher_null_encrypt ( void *ctx, const void *src, void *dst,
344  size_t len );
345 extern void cipher_null_decrypt ( void *ctx, const void *src, void *dst,
346  size_t len );
347 extern void cipher_null_auth ( void *ctx, void *auth );
348 
349 extern int pubkey_null_encrypt ( const struct asn1_cursor *key,
350  const struct asn1_cursor *plaintext,
351  struct asn1_builder *ciphertext );
352 extern int pubkey_null_decrypt ( const struct asn1_cursor *key,
353  const struct asn1_cursor *ciphertext,
354  struct asn1_builder *plaintext );
355 extern int pubkey_null_sign ( const struct asn1_cursor *key,
356  struct digest_algorithm *digest,
357  const void *value,
358  struct asn1_builder *signature );
359 extern int pubkey_null_verify ( const struct asn1_cursor *key,
360  struct digest_algorithm *digest,
361  const void *value,
362  const struct asn1_cursor *signature );
363 
364 extern struct digest_algorithm digest_null;
365 extern struct cipher_algorithm cipher_null;
366 extern struct pubkey_algorithm pubkey_null;
367 
368 #endif /* _IPXE_CRYPTO_H */
elliptic_curve::multiply
int(* multiply)(const void *base, const void *scalar, void *result)
Multiply scalar by curve point.
Definition: crypto.h:205
pubkey_null_verify
int pubkey_null_verify(const struct asn1_cursor *key, struct digest_algorithm *digest, const void *value, const struct asn1_cursor *signature)
__attribute__
#define __attribute__(x)
Definition: compiler.h:10
base
uint32_t base
Base.
Definition: librm.h:138
is_auth_cipher
static int is_auth_cipher(struct cipher_algorithm *cipher)
Definition: crypto.h:281
cipher_algorithm::blocksize
size_t blocksize
Block size.
Definition: crypto.h:60
digest_update
static void digest_update(struct digest_algorithm *digest, void *ctx, const void *data, size_t len)
Definition: crypto.h:223
cipher_algorithm::decrypt
void(* decrypt)(void *ctx, const void *src, void *dst, size_t len)
Decrypt data.
Definition: crypto.h:110
elliptic_multiply
static int elliptic_multiply(struct elliptic_curve *curve, const void *base, const void *scalar, void *result)
Definition: crypto.h:326
elliptic_curve::is_infinity
int(* is_infinity)(const void *point)
Check if this is the point at infinity.
Definition: crypto.h:197
cipher_null
struct cipher_algorithm cipher_null
Definition: crypto_null.c:83
elliptic_curve::order
const void * order
Order of the generator (if prime)
Definition: crypto.h:187
elliptic_curve::add
int(* add)(const void *addend, const void *augend, void *result)
Add curve points (as a one-off operation)
Definition: crypto.h:214
elliptic_is_infinity
static int elliptic_is_infinity(struct elliptic_curve *curve, const void *point)
Definition: crypto.h:321
digest_final
static void digest_final(struct digest_algorithm *digest, void *ctx, void *out)
Definition: crypto.h:229
digest_algorithm::init
void(* init)(void *ctx)
Initialise digest.
Definition: crypto.h:31
cipher_algorithm::alignsize
size_t alignsize
Alignment size.
Definition: crypto.h:72
cipher_null_setiv
void cipher_null_setiv(void *ctx, const void *iv, size_t ivlen)
ctx
struct golan_eq_context ctx
Definition: CIB_PRM.h:28
pubkey_null_sign
int pubkey_null_sign(const struct asn1_cursor *key, struct digest_algorithm *digest, const void *value, struct asn1_builder *signature)
digest_algorithm::final
void(* final)(void *ctx, void *out)
Finalise digest.
Definition: crypto.h:46
out
__be32 out[4]
Definition: CIB_PRM.h:36
iv
u8 iv[16]
Initialization vector.
Definition: wpa.h:60
pubkey_match
static int pubkey_match(struct pubkey_algorithm *pubkey, const struct asn1_cursor *private_key, const struct asn1_cursor *public_key)
Definition: crypto.h:314
digest_null
struct digest_algorithm digest_null
Definition: crypto_null.c:48
cipher_null_auth
void cipher_null_auth(void *ctx, void *auth)
cipher_algorithm::encrypt
void(* encrypt)(void *ctx, const void *src, void *dst, size_t len)
Encrypt data.
Definition: crypto.h:99
cipher_encrypt
#define cipher_encrypt(cipher, ctx, src, dst, len)
Definition: crypto.h:250
cipher_algorithm::authsize
size_t authsize
Authentication tag size.
Definition: crypto.h:74
digest_algorithm::blocksize
size_t blocksize
Block size.
Definition: crypto.h:24
pubkey_sign
static int pubkey_sign(struct pubkey_algorithm *pubkey, const struct asn1_cursor *key, struct digest_algorithm *digest, const void *value, struct asn1_builder *signature)
Definition: crypto.h:300
cipher_algorithm::setiv
void(* setiv)(void *ctx, const void *iv, size_t ivlen)
Set initialisation vector.
Definition: crypto.h:89
assert.h
Assertions.
digest_null_update
void digest_null_update(void *ctx, const void *src, size_t len)
src
static const void * src
Definition: string.h:47
asn1.h
ASN.1 encoding.
value
pseudo_bit_t value[0x00020]
Definition: arbel.h:13
pubkey_algorithm::verify
int(* verify)(const struct asn1_cursor *key, struct digest_algorithm *digest, const void *value, const struct asn1_cursor *signature)
Verify signed digest value.
Definition: crypto.h:163
len
ring len
Length.
Definition: dwmac.h:231
digest_algorithm::update
void(* update)(void *ctx, const void *src, size_t len)
Update digest with new data.
Definition: crypto.h:40
pubkey_null
struct pubkey_algorithm pubkey_null
Definition: crypto_null.c:122
elliptic_curve::name
const char * name
Curve name.
Definition: crypto.h:179
pubkey_algorithm::match
int(* match)(const struct asn1_cursor *private_key, const struct asn1_cursor *public_key)
Check that public key matches private key.
Definition: crypto.h:172
digest_init
static void digest_init(struct digest_algorithm *digest, void *ctx)
Definition: crypto.h:218
elliptic_curve::keysize
size_t keysize
Scalar (and private key) size.
Definition: crypto.h:183
cipher_null_encrypt
void cipher_null_encrypt(void *ctx, const void *src, void *dst, size_t len)
cipher_setiv
static void cipher_setiv(struct cipher_algorithm *cipher, void *ctx, const void *iv, size_t ivlen)
Definition: crypto.h:240
asn1_builder
An ASN.1 object builder.
Definition: asn1.h:28
cipher_algorithm::auth
void(* auth)(void *ctx, void *auth)
Generate authentication tag.
Definition: crypto.h:117
pubkey_algorithm::decrypt
int(* decrypt)(const struct asn1_cursor *key, const struct asn1_cursor *ciphertext, struct asn1_builder *plaintext)
Decrypt.
Definition: crypto.h:141
is_stream_cipher
static int is_stream_cipher(struct cipher_algorithm *cipher)
Definition: crypto.h:271
cipher_algorithm::ctxsize
size_t ctxsize
Context size.
Definition: crypto.h:54
cipher_decrypt
#define cipher_decrypt(cipher, ctx, src, dst, len)
Definition: crypto.h:260
pubkey_null_decrypt
int pubkey_null_decrypt(const struct asn1_cursor *key, const struct asn1_cursor *ciphertext, struct asn1_builder *plaintext)
result
uint16_t result
Definition: hyperv.h:33
elliptic_add
static int elliptic_add(struct elliptic_curve *curve, const void *addend, const void *augend, void *result)
Definition: crypto.h:332
digest_null_final
void digest_null_final(void *ctx, void *out)
FILE_LICENCE
FILE_LICENCE(GPL2_OR_LATER_OR_UBDL)
elliptic_curve
An elliptic curve.
Definition: crypto.h:177
pubkey_verify
static int pubkey_verify(struct pubkey_algorithm *pubkey, const struct asn1_cursor *key, struct digest_algorithm *digest, const void *value, const struct asn1_cursor *signature)
Definition: crypto.h:307
digest_algorithm::ctxsize
size_t ctxsize
Context size.
Definition: crypto.h:22
pubkey_encrypt
static int pubkey_encrypt(struct pubkey_algorithm *pubkey, const struct asn1_cursor *key, const struct asn1_cursor *plaintext, struct asn1_builder *ciphertext)
Definition: crypto.h:286
cipher_algorithm::setkey
int(* setkey)(void *ctx, const void *key, size_t keylen)
Set key.
Definition: crypto.h:82
digest_algorithm::digestsize
size_t digestsize
Digest size.
Definition: crypto.h:26
digest_algorithm::name
const char * name
Algorithm name.
Definition: crypto.h:20
cipher_null_setkey
int cipher_null_setkey(void *ctx, const void *key, size_t keylen)
cipher_null_decrypt
void cipher_null_decrypt(void *ctx, const void *src, void *dst, size_t len)
pubkey_algorithm::encrypt
int(* encrypt)(const struct asn1_cursor *key, const struct asn1_cursor *plaintext, struct asn1_builder *ciphertext)
Encrypt.
Definition: crypto.h:131
digest_algorithm
A message digest algorithm.
Definition: crypto.h:18
data
uint8_t data[48]
Additional event data.
Definition: ena.h:22
cipher_algorithm
A cipher algorithm.
Definition: crypto.h:50
private_key
A private key.
Definition: privkey.h:16
elliptic_curve::base
const void * base
Generator base point.
Definition: crypto.h:185
digest_null_init
void digest_null_init(void *ctx)
cipher_auth
static void cipher_auth(struct cipher_algorithm *cipher, void *ctx, void *auth)
Definition: crypto.h:266
pubkey_null_encrypt
int pubkey_null_encrypt(const struct asn1_cursor *key, const struct asn1_cursor *plaintext, struct asn1_builder *ciphertext)
cipher_algorithm::name
const char * name
Algorithm name.
Definition: crypto.h:52
elliptic_curve::pointsize
size_t pointsize
Point (and public key) size.
Definition: crypto.h:181
signature
u8 signature
CPU signature.
Definition: CIB_PRM.h:35
private_key
struct private_key private_key
Private key.
Definition: privkey.c:67
asn1_cursor
An ASN.1 object cursor.
Definition: asn1.h:20
pubkey_algorithm::sign
int(* sign)(const struct asn1_cursor *key, struct digest_algorithm *digest, const void *value, struct asn1_builder *builder)
Sign digest value.
Definition: crypto.h:152
pubkey_algorithm
A public key algorithm.
Definition: crypto.h:121
key
union @391 key
Sense key.
Definition: scsi.h:17
pubkey_decrypt
static int pubkey_decrypt(struct pubkey_algorithm *pubkey, const struct asn1_cursor *key, const struct asn1_cursor *ciphertext, struct asn1_builder *plaintext)
Definition: crypto.h:293
pubkey_algorithm::name
const char * name
Algorithm name.
Definition: crypto.h:123
cipher_setkey
static int cipher_setkey(struct cipher_algorithm *cipher, void *ctx, const void *key, size_t keylen)
Definition: crypto.h:234
is_block_cipher
static int is_block_cipher(struct cipher_algorithm *cipher)
Definition: crypto.h:276
Generated by   doxygen 1.8.15