1 #ifndef _IPXE_CRYPTO_H
2 #define _IPXE_CRYPTO_H
3
4 /** @file
5 *
6 * Cryptographic API
7 *
8 */
9
10 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
11
12 #include <stdint.h>
13 #include <stddef.h>
14
15 /** A message digest algorithm */
16 struct digest_algorithm {
17 /** Algorithm name */
18 const char *name;
19 /** Context size */
20 size_t ctxsize;
21 /** Block size */
22 size_t blocksize;
23 /** Digest size */
24 size_t digestsize;
25 /** Initialise digest
26 *
27 * @v ctx Context
28 */
29 void ( * init ) ( void *ctx );
30 /** Update digest with new data
31 *
32 * @v ctx Context
33 * @v src Data to digest
34 * @v len Length of data
35 *
36 * @v len is not necessarily a multiple of @c blocksize.
37 */
38 void ( * update ) ( void *ctx, const void *src, size_t len );
39 /** Finalise digest
40 *
41 * @v ctx Context
42 * @v out Buffer for digest output
43 */
44 void ( * final ) ( void *ctx, void *out );
45 };
46
47 /** A cipher algorithm */
48 struct cipher_algorithm {
49 /** Algorithm name */
50 const char *name;
51 /** Context size */
52 size_t ctxsize;
53 /** Block size */
54 size_t blocksize;
55 /** Set key
56 *
57 * @v ctx Context
58 * @v key Key
59 * @v keylen Key length
60 * @ret rc Return status code
61 */
62 int ( * setkey ) ( void *ctx, const void *key, size_t keylen );
63 /** Set initialisation vector
64 *
65 * @v ctx Context
66 * @v iv Initialisation vector
67 */
68 void ( * setiv ) ( void *ctx, const void *iv );
69 /** Encrypt data
70 *
71 * @v ctx Context
72 * @v src Data to encrypt
73 * @v dst Buffer for encrypted data
74 * @v len Length of data
75 *
76 * @v len is guaranteed to be a multiple of @c blocksize.
77 */
78 void ( * encrypt ) ( void *ctx, const void *src, void *dst,
79 size_t len );
80 /** Decrypt data
81 *
82 * @v ctx Context
83 * @v src Data to decrypt
84 * @v dst Buffer for decrypted data
85 * @v len Length of data
86 *
87 * @v len is guaranteed to be a multiple of @c blocksize.
88 */
89 void ( * decrypt ) ( void *ctx, const void *src, void *dst,
90 size_t len );
91 };
92
93 /** A public key algorithm */
94 struct pubkey_algorithm {
95 /** Algorithm name */
96 const char *name;
97 /** Context size */
98 size_t ctxsize;
99 /** Initialise algorithm
100 *
101 * @v ctx Context
102 * @v key Key
103 * @v key_len Length of key
104 * @ret rc Return status code
105 */
106 int ( * init ) ( void *ctx, const void *key, size_t key_len );
107 /** Calculate maximum output length
108 *
109 * @v ctx Context
110 * @ret max_len Maximum output length
111 */
112 size_t ( * max_len ) ( void *ctx );
113 /** Encrypt
114 *
115 * @v ctx Context
116 * @v plaintext Plaintext
117 * @v plaintext_len Length of plaintext
118 * @v ciphertext Ciphertext
119 * @ret ciphertext_len Length of ciphertext, or negative error
120 */
121 int ( * encrypt ) ( void *ctx, const void *data, size_t len,
122 void *out );
123 /** Decrypt
124 *
125 * @v ctx Context
126 * @v ciphertext Ciphertext
127 * @v ciphertext_len Ciphertext length
128 * @v plaintext Plaintext
129 * @ret plaintext_len Plaintext length, or negative error
130 */
131 int ( * decrypt ) ( void *ctx, const void *data, size_t len,
132 void *out );
133 /** Sign digest value
134 *
135 * @v ctx Context
136 * @v digest Digest algorithm
137 * @v value Digest value
138 * @v signature Signature
139 * @ret signature_len Signature length, or negative error
140 */
141 int ( * sign ) ( void *ctx, struct digest_algorithm *digest,
142 const void *value, void *signature );
143 /** Verify signed digest value
144 *
145 * @v ctx Context
146 * @v digest Digest algorithm
147 * @v value Digest value
148 * @v signature Signature
149 * @v signature_len Signature length
150 * @ret rc Return status code
151 */
152 int ( * verify ) ( void *ctx, struct digest_algorithm *digest,
153 const void *value, const void *signature,
154 size_t signature_len );
155 /** Finalise algorithm
156 *
157 * @v ctx Context
158 */
159 void ( * final ) ( void *ctx );
160 /** Check that public key matches private key
161 *
162 * @v private_key Private key
163 * @v private_key_len Private key length
164 * @v public_key Public key
165 * @v public_key_len Public key length
166 * @ret rc Return status code
167 */
168 int ( * match ) ( const void *private_key, size_t private_key_len,
169 const void *public_key, size_t public_key_len );
170 };
171
digest_init(struct digest_algorithm * digest,void * ctx)172 static inline void digest_init ( struct digest_algorithm *digest,
173 void *ctx ) {
174 digest->init ( ctx );
175 }
176
digest_update(struct digest_algorithm * digest,void * ctx,const void * data,size_t len)177 static inline void digest_update ( struct digest_algorithm *digest,
178 void *ctx, const void *data, size_t len ) {
179 digest->update ( ctx, data, len );
180 }
181
digest_final(struct digest_algorithm * digest,void * ctx,void * out)182 static inline void digest_final ( struct digest_algorithm *digest,
183 void *ctx, void *out ) {
184 digest->final ( ctx, out );
185 }
186
cipher_setkey(struct cipher_algorithm * cipher,void * ctx,const void * key,size_t keylen)187 static inline int cipher_setkey ( struct cipher_algorithm *cipher,
188 void *ctx, const void *key, size_t keylen ) {
189 return cipher->setkey ( ctx, key, keylen );
190 }
191
cipher_setiv(struct cipher_algorithm * cipher,void * ctx,const void * iv)192 static inline void cipher_setiv ( struct cipher_algorithm *cipher,
193 void *ctx, const void *iv ) {
194 cipher->setiv ( ctx, iv );
195 }
196
cipher_encrypt(struct cipher_algorithm * cipher,void * ctx,const void * src,void * dst,size_t len)197 static inline void cipher_encrypt ( struct cipher_algorithm *cipher,
198 void *ctx, const void *src, void *dst,
199 size_t len ) {
200 cipher->encrypt ( ctx, src, dst, len );
201 }
202 #define cipher_encrypt( cipher, ctx, src, dst, len ) do { \
203 assert ( ( (len) & ( (cipher)->blocksize - 1 ) ) == 0 ); \
204 cipher_encrypt ( (cipher), (ctx), (src), (dst), (len) ); \
205 } while ( 0 )
206
cipher_decrypt(struct cipher_algorithm * cipher,void * ctx,const void * src,void * dst,size_t len)207 static inline void cipher_decrypt ( struct cipher_algorithm *cipher,
208 void *ctx, const void *src, void *dst,
209 size_t len ) {
210 cipher->decrypt ( ctx, src, dst, len );
211 }
212 #define cipher_decrypt( cipher, ctx, src, dst, len ) do { \
213 assert ( ( (len) & ( (cipher)->blocksize - 1 ) ) == 0 ); \
214 cipher_decrypt ( (cipher), (ctx), (src), (dst), (len) ); \
215 } while ( 0 )
216
is_stream_cipher(struct cipher_algorithm * cipher)217 static inline int is_stream_cipher ( struct cipher_algorithm *cipher ) {
218 return ( cipher->blocksize == 1 );
219 }
220
pubkey_init(struct pubkey_algorithm * pubkey,void * ctx,const void * key,size_t key_len)221 static inline int pubkey_init ( struct pubkey_algorithm *pubkey, void *ctx,
222 const void *key, size_t key_len ) {
223 return pubkey->init ( ctx, key, key_len );
224 }
225
pubkey_max_len(struct pubkey_algorithm * pubkey,void * ctx)226 static inline size_t pubkey_max_len ( struct pubkey_algorithm *pubkey,
227 void *ctx ) {
228 return pubkey->max_len ( ctx );
229 }
230
pubkey_encrypt(struct pubkey_algorithm * pubkey,void * ctx,const void * data,size_t len,void * out)231 static inline int pubkey_encrypt ( struct pubkey_algorithm *pubkey, void *ctx,
232 const void *data, size_t len, void *out ) {
233 return pubkey->encrypt ( ctx, data, len, out );
234 }
235
pubkey_decrypt(struct pubkey_algorithm * pubkey,void * ctx,const void * data,size_t len,void * out)236 static inline int pubkey_decrypt ( struct pubkey_algorithm *pubkey, void *ctx,
237 const void *data, size_t len, void *out ) {
238 return pubkey->decrypt ( ctx, data, len, out );
239 }
240
pubkey_sign(struct pubkey_algorithm * pubkey,void * ctx,struct digest_algorithm * digest,const void * value,void * signature)241 static inline int pubkey_sign ( struct pubkey_algorithm *pubkey, void *ctx,
242 struct digest_algorithm *digest,
243 const void *value, void *signature ) {
244 return pubkey->sign ( ctx, digest, value, signature );
245 }
246
pubkey_verify(struct pubkey_algorithm * pubkey,void * ctx,struct digest_algorithm * digest,const void * value,const void * signature,size_t signature_len)247 static inline int pubkey_verify ( struct pubkey_algorithm *pubkey, void *ctx,
248 struct digest_algorithm *digest,
249 const void *value, const void *signature,
250 size_t signature_len ) {
251 return pubkey->verify ( ctx, digest, value, signature, signature_len );
252 }
253
pubkey_final(struct pubkey_algorithm * pubkey,void * ctx)254 static inline void pubkey_final ( struct pubkey_algorithm *pubkey, void *ctx ) {
255 pubkey->final ( ctx );
256 }
257
pubkey_match(struct pubkey_algorithm * pubkey,const void * private_key,size_t private_key_len,const void * public_key,size_t public_key_len)258 static inline int pubkey_match ( struct pubkey_algorithm *pubkey,
259 const void *private_key,
260 size_t private_key_len, const void *public_key,
261 size_t public_key_len ) {
262 return pubkey->match ( private_key, private_key_len, public_key,
263 public_key_len );
264 }
265
266 extern struct digest_algorithm digest_null;
267 extern struct cipher_algorithm cipher_null;
268 extern struct pubkey_algorithm pubkey_null;
269
270 #endif /* _IPXE_CRYPTO_H */
271