1 #ifndef _IPXE_CRYPTO_H
2 #define _IPXE_CRYPTO_H
3 
4 /** @file
5  *
6  * Cryptographic API
7  *
8  */
9 
10 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
11 
12 #include <stdint.h>
13 #include <stddef.h>
14 
15 /** A message digest algorithm */
16 struct digest_algorithm {
17 	/** Algorithm name */
18 	const char *name;
19 	/** Context size */
20 	size_t ctxsize;
21 	/** Block size */
22 	size_t blocksize;
23 	/** Digest size */
24 	size_t digestsize;
25 	/** Initialise digest
26 	 *
27 	 * @v ctx		Context
28 	 */
29 	void ( * init ) ( void *ctx );
30 	/** Update digest with new data
31 	 *
32 	 * @v ctx		Context
33 	 * @v src		Data to digest
34 	 * @v len		Length of data
35 	 *
36 	 * @v len is not necessarily a multiple of @c blocksize.
37 	 */
38 	void ( * update ) ( void *ctx, const void *src, size_t len );
39 	/** Finalise digest
40 	 *
41 	 * @v ctx		Context
42 	 * @v out		Buffer for digest output
43 	 */
44 	void ( * final ) ( void *ctx, void *out );
45 };
46 
47 /** A cipher algorithm */
48 struct cipher_algorithm {
49 	/** Algorithm name */
50 	const char *name;
51 	/** Context size */
52 	size_t ctxsize;
53 	/** Block size */
54 	size_t blocksize;
55 	/** Set key
56 	 *
57 	 * @v ctx		Context
58 	 * @v key		Key
59 	 * @v keylen		Key length
60 	 * @ret rc		Return status code
61 	 */
62 	int ( * setkey ) ( void *ctx, const void *key, size_t keylen );
63 	/** Set initialisation vector
64 	 *
65 	 * @v ctx		Context
66 	 * @v iv		Initialisation vector
67 	 */
68 	void ( * setiv ) ( void *ctx, const void *iv );
69 	/** Encrypt data
70 	 *
71 	 * @v ctx		Context
72 	 * @v src		Data to encrypt
73 	 * @v dst		Buffer for encrypted data
74 	 * @v len		Length of data
75 	 *
76 	 * @v len is guaranteed to be a multiple of @c blocksize.
77 	 */
78 	void ( * encrypt ) ( void *ctx, const void *src, void *dst,
79 			     size_t len );
80 	/** Decrypt data
81 	 *
82 	 * @v ctx		Context
83 	 * @v src		Data to decrypt
84 	 * @v dst		Buffer for decrypted data
85 	 * @v len		Length of data
86 	 *
87 	 * @v len is guaranteed to be a multiple of @c blocksize.
88 	 */
89 	void ( * decrypt ) ( void *ctx, const void *src, void *dst,
90 			     size_t len );
91 };
92 
93 /** A public key algorithm */
94 struct pubkey_algorithm {
95 	/** Algorithm name */
96 	const char *name;
97 	/** Context size */
98 	size_t ctxsize;
99 	/** Initialise algorithm
100 	 *
101 	 * @v ctx		Context
102 	 * @v key		Key
103 	 * @v key_len		Length of key
104 	 * @ret rc		Return status code
105 	 */
106 	int ( * init ) ( void *ctx, const void *key, size_t key_len );
107 	/** Calculate maximum output length
108 	 *
109 	 * @v ctx		Context
110 	 * @ret max_len		Maximum output length
111 	 */
112 	size_t ( * max_len ) ( void *ctx );
113 	/** Encrypt
114 	 *
115 	 * @v ctx		Context
116 	 * @v plaintext		Plaintext
117 	 * @v plaintext_len	Length of plaintext
118 	 * @v ciphertext	Ciphertext
119 	 * @ret ciphertext_len	Length of ciphertext, or negative error
120 	 */
121 	int ( * encrypt ) ( void *ctx, const void *data, size_t len,
122 			    void *out );
123 	/** Decrypt
124 	 *
125 	 * @v ctx		Context
126 	 * @v ciphertext	Ciphertext
127 	 * @v ciphertext_len	Ciphertext length
128 	 * @v plaintext		Plaintext
129 	 * @ret plaintext_len	Plaintext length, or negative error
130 	 */
131 	int ( * decrypt ) ( void *ctx, const void *data, size_t len,
132 			    void *out );
133 	/** Sign digest value
134 	 *
135 	 * @v ctx		Context
136 	 * @v digest		Digest algorithm
137 	 * @v value		Digest value
138 	 * @v signature		Signature
139 	 * @ret signature_len	Signature length, or negative error
140 	 */
141 	int ( * sign ) ( void *ctx, struct digest_algorithm *digest,
142 			 const void *value, void *signature );
143 	/** Verify signed digest value
144 	 *
145 	 * @v ctx		Context
146 	 * @v digest		Digest algorithm
147 	 * @v value		Digest value
148 	 * @v signature		Signature
149 	 * @v signature_len	Signature length
150 	 * @ret rc		Return status code
151 	 */
152 	int ( * verify ) ( void *ctx, struct digest_algorithm *digest,
153 			   const void *value, const void *signature,
154 			   size_t signature_len );
155 	/** Finalise algorithm
156 	 *
157 	 * @v ctx		Context
158 	 */
159 	void ( * final ) ( void *ctx );
160 	/** Check that public key matches private key
161 	 *
162 	 * @v private_key	Private key
163 	 * @v private_key_len	Private key length
164 	 * @v public_key	Public key
165 	 * @v public_key_len	Public key length
166 	 * @ret rc		Return status code
167 	 */
168 	int ( * match ) ( const void *private_key, size_t private_key_len,
169 			  const void *public_key, size_t public_key_len );
170 };
171 
digest_init(struct digest_algorithm * digest,void * ctx)172 static inline void digest_init ( struct digest_algorithm *digest,
173 				 void *ctx ) {
174 	digest->init ( ctx );
175 }
176 
digest_update(struct digest_algorithm * digest,void * ctx,const void * data,size_t len)177 static inline void digest_update ( struct digest_algorithm *digest,
178 				   void *ctx, const void *data, size_t len ) {
179 	digest->update ( ctx, data, len );
180 }
181 
digest_final(struct digest_algorithm * digest,void * ctx,void * out)182 static inline void digest_final ( struct digest_algorithm *digest,
183 				  void *ctx, void *out ) {
184 	digest->final ( ctx, out );
185 }
186 
cipher_setkey(struct cipher_algorithm * cipher,void * ctx,const void * key,size_t keylen)187 static inline int cipher_setkey ( struct cipher_algorithm *cipher,
188 				  void *ctx, const void *key, size_t keylen ) {
189 	return cipher->setkey ( ctx, key, keylen );
190 }
191 
cipher_setiv(struct cipher_algorithm * cipher,void * ctx,const void * iv)192 static inline void cipher_setiv ( struct cipher_algorithm *cipher,
193 				  void *ctx, const void *iv ) {
194 	cipher->setiv ( ctx, iv );
195 }
196 
cipher_encrypt(struct cipher_algorithm * cipher,void * ctx,const void * src,void * dst,size_t len)197 static inline void cipher_encrypt ( struct cipher_algorithm *cipher,
198 				    void *ctx, const void *src, void *dst,
199 				    size_t len ) {
200 	cipher->encrypt ( ctx, src, dst, len );
201 }
202 #define cipher_encrypt( cipher, ctx, src, dst, len ) do {		\
203 	assert ( ( (len) & ( (cipher)->blocksize - 1 ) ) == 0 );	\
204 	cipher_encrypt ( (cipher), (ctx), (src), (dst), (len) );	\
205 	} while ( 0 )
206 
cipher_decrypt(struct cipher_algorithm * cipher,void * ctx,const void * src,void * dst,size_t len)207 static inline void cipher_decrypt ( struct cipher_algorithm *cipher,
208 				    void *ctx, const void *src, void *dst,
209 				    size_t len ) {
210 	cipher->decrypt ( ctx, src, dst, len );
211 }
212 #define cipher_decrypt( cipher, ctx, src, dst, len ) do {		\
213 	assert ( ( (len) & ( (cipher)->blocksize - 1 ) ) == 0 );	\
214 	cipher_decrypt ( (cipher), (ctx), (src), (dst), (len) );	\
215 	} while ( 0 )
216 
is_stream_cipher(struct cipher_algorithm * cipher)217 static inline int is_stream_cipher ( struct cipher_algorithm *cipher ) {
218 	return ( cipher->blocksize == 1 );
219 }
220 
pubkey_init(struct pubkey_algorithm * pubkey,void * ctx,const void * key,size_t key_len)221 static inline int pubkey_init ( struct pubkey_algorithm *pubkey, void *ctx,
222 				const void *key, size_t key_len ) {
223 	return pubkey->init ( ctx, key, key_len );
224 }
225 
pubkey_max_len(struct pubkey_algorithm * pubkey,void * ctx)226 static inline size_t pubkey_max_len ( struct pubkey_algorithm *pubkey,
227 				      void *ctx ) {
228 	return pubkey->max_len ( ctx );
229 }
230 
pubkey_encrypt(struct pubkey_algorithm * pubkey,void * ctx,const void * data,size_t len,void * out)231 static inline int pubkey_encrypt ( struct pubkey_algorithm *pubkey, void *ctx,
232 				   const void *data, size_t len, void *out ) {
233 	return pubkey->encrypt ( ctx, data, len, out );
234 }
235 
pubkey_decrypt(struct pubkey_algorithm * pubkey,void * ctx,const void * data,size_t len,void * out)236 static inline int pubkey_decrypt ( struct pubkey_algorithm *pubkey, void *ctx,
237 				   const void *data, size_t len, void *out ) {
238 	return pubkey->decrypt ( ctx, data, len, out );
239 }
240 
pubkey_sign(struct pubkey_algorithm * pubkey,void * ctx,struct digest_algorithm * digest,const void * value,void * signature)241 static inline int pubkey_sign ( struct pubkey_algorithm *pubkey, void *ctx,
242 				struct digest_algorithm *digest,
243 				const void *value, void *signature ) {
244 	return pubkey->sign ( ctx, digest, value, signature );
245 }
246 
pubkey_verify(struct pubkey_algorithm * pubkey,void * ctx,struct digest_algorithm * digest,const void * value,const void * signature,size_t signature_len)247 static inline int pubkey_verify ( struct pubkey_algorithm *pubkey, void *ctx,
248 				  struct digest_algorithm *digest,
249 				  const void *value, const void *signature,
250 				  size_t signature_len ) {
251 	return pubkey->verify ( ctx, digest, value, signature, signature_len );
252 }
253 
pubkey_final(struct pubkey_algorithm * pubkey,void * ctx)254 static inline void pubkey_final ( struct pubkey_algorithm *pubkey, void *ctx ) {
255 	pubkey->final ( ctx );
256 }
257 
pubkey_match(struct pubkey_algorithm * pubkey,const void * private_key,size_t private_key_len,const void * public_key,size_t public_key_len)258 static inline int pubkey_match ( struct pubkey_algorithm *pubkey,
259 				 const void *private_key,
260 				 size_t private_key_len, const void *public_key,
261 				 size_t public_key_len ) {
262 	return pubkey->match ( private_key, private_key_len, public_key,
263 			       public_key_len );
264 }
265 
266 extern struct digest_algorithm digest_null;
267 extern struct cipher_algorithm cipher_null;
268 extern struct pubkey_algorithm pubkey_null;
269 
270 #endif /* _IPXE_CRYPTO_H */
271