[crypto] Allow creation of arbitrary CBC cipher algorithms using CBC_CIPHER()

Given any block cipher, a corresponding CBC mode of behaviour for the
cipher can be created using the CBC_CIPHER() macro.

src/crypto/axtls_aes.c

@@ -33,13 +33,6 @@
 /** Basic AES blocksize */
 #define AES_BLOCKSIZE 16
 
-/****************************************************************************
- *
- * Basic AES algorithm (independent of mode of operation)
- *
- ****************************************************************************
- */
-
 /** AES context */
 struct aes_context {
 	/** AES context for AXTLS */
@@ -169,87 +162,6 @@ static struct cipher_algorithm aes_algorithm = {
 	.decrypt = aes_decrypt,
 };
 
-/****************************************************************************
- *
- * AES with cipher-block chaining (CBC)
- *
- ****************************************************************************
- */
-
-/** AES with CBC context */
-struct aes_cbc_context {
-	/** AES context */
-	struct aes_context aes_ctx;
-	/** CBC context */
-	uint8_t cbc_ctx[AES_BLOCKSIZE];
-};
-
-/**
- * Set key
- *
- * @v ctx		Context
- * @v key		Key
- * @v keylen		Key length
- * @ret rc		Return status code
- */
-static int aes_cbc_setkey ( void *ctx, const void *key, size_t keylen ) {
-	struct aes_cbc_context *aes_cbc_ctx = ctx;
-
-	return cbc_setkey ( ctx, key, keylen, &aes_algorithm,
-			    &aes_cbc_ctx->cbc_ctx );
-}
-
-/**
- * Set initialisation vector
- *
- * @v ctx		Context
- * @v iv		Initialisation vector
- */
-static void aes_cbc_setiv ( void *ctx, const void *iv ) {
-	struct aes_cbc_context *aes_cbc_ctx = ctx;
-
-	cbc_setiv ( ctx, iv, &aes_algorithm, &aes_cbc_ctx->cbc_ctx );
-}
-
-/**
- * Encrypt data
- *
- * @v ctx		Context
- * @v src		Data to encrypt
- * @v dst		Buffer for encrypted data
- * @v len		Length of data
- */
-static void aes_cbc_encrypt ( void *ctx, const void *src, void *dst,
-			      size_t len ) {
-	struct aes_cbc_context *aes_cbc_ctx = ctx;
-
-	cbc_encrypt ( &aes_cbc_ctx->aes_ctx, src, dst, len,
-		      &aes_algorithm, &aes_cbc_ctx->cbc_ctx );
-}
-
-/**
- * Decrypt data
- *
- * @v ctx		Context
- * @v src		Data to decrypt
- * @v dst		Buffer for decrypted data
- * @v len		Length of data
- */
-static void aes_cbc_decrypt ( void *ctx, const void *src, void *dst,
-			      size_t len ) {
-	struct aes_cbc_context *aes_cbc_ctx = ctx;
-
-	cbc_decrypt ( &aes_cbc_ctx->aes_ctx, src, dst, len,
-		      &aes_algorithm, &aes_cbc_ctx->cbc_ctx );
-}
-
 /* AES with cipher-block chaining */
-struct cipher_algorithm aes_cbc_algorithm = {
-	.name		= "aes_cbc",
-	.ctxsize	= sizeof ( struct aes_cbc_context ),
-	.blocksize	= AES_BLOCKSIZE,
-	.setkey		= aes_cbc_setkey,
-	.setiv		= aes_cbc_setiv,
-	.encrypt	= aes_cbc_encrypt,
-	.decrypt	= aes_cbc_decrypt,
-};
+CBC_CIPHER ( aes_cbc, aes_cbc_algorithm,
+	     aes_algorithm, struct aes_context, AES_BLOCKSIZE );

src/crypto/cbc.c

@@ -53,18 +53,18 @@ static void cbc_xor ( const void *src, void *dst, size_t len ) {
  * @v src		Data to encrypt
  * @v dst		Buffer for encrypted data
  * @v len		Length of data
- * @v cipher		Underlying cipher algorithm
+ * @v raw_cipher	Underlying cipher algorithm
  * @v cbc_ctx		CBC context
  */
 void cbc_encrypt ( void *ctx, const void *src, void *dst, size_t len,
-		   struct cipher_algorithm *cipher, void *cbc_ctx ) {
-	size_t blocksize = cipher->blocksize;
+		   struct cipher_algorithm *raw_cipher, void *cbc_ctx ) {
+	size_t blocksize = raw_cipher->blocksize;
 
 	assert ( ( len % blocksize ) == 0 );
 
 	while ( len ) {
 		cbc_xor ( src, cbc_ctx, blocksize );
-		cipher_encrypt ( cipher, ctx, cbc_ctx, dst, blocksize );
+		cipher_encrypt ( raw_cipher, ctx, cbc_ctx, dst, blocksize );
 		memcpy ( cbc_ctx, dst, blocksize );
 		dst += blocksize;
 		src += blocksize;
@@ -79,17 +79,17 @@ void cbc_encrypt ( void *ctx, const void *src, void *dst, size_t len,
  * @v src		Data to decrypt
  * @v dst		Buffer for decrypted data
  * @v len		Length of data
- * @v cipher		Underlying cipher algorithm
+ * @v raw_cipher	Underlying cipher algorithm
  * @v cbc_ctx		CBC context
  */
 void cbc_decrypt ( void *ctx, const void *src, void *dst, size_t len,
-		   struct cipher_algorithm *cipher, void *cbc_ctx ) {
-	size_t blocksize = cipher->blocksize;
+		   struct cipher_algorithm *raw_cipher, void *cbc_ctx ) {
+	size_t blocksize = raw_cipher->blocksize;
 
 	assert ( ( len % blocksize ) == 0 );
 
 	while ( len ) {
-		cipher_decrypt ( cipher, ctx, src, dst, blocksize );
+		cipher_decrypt ( raw_cipher, ctx, src, dst, blocksize );
 		cbc_xor ( cbc_ctx, dst, blocksize );
 		memcpy ( cbc_ctx, src, blocksize );
 		dst += blocksize;

src/include/gpxe/cbc.h

@@ -15,15 +15,15 @@
  * @v ctx		Context
  * @v key		Key
  * @v keylen		Key length
- * @v cipher		Underlying cipher algorithm
+ * @v raw_cipher	Underlying cipher algorithm
  * @v cbc_ctx		CBC context
  * @ret rc		Return status code
  */
 static inline int cbc_setkey ( void *ctx, const void *key, size_t keylen,
-			       struct cipher_algorithm *cipher,
+			       struct cipher_algorithm *raw_cipher,
 			       void *cbc_ctx __unused ) {
 
-	return cipher_setkey ( cipher, ctx, key, keylen );
+	return cipher_setkey ( raw_cipher, ctx, key, keylen );
 }
 
 /**
@@ -31,20 +31,68 @@ static inline int cbc_setkey ( void *ctx, const void *key, size_t keylen,
  *
  * @v ctx		Context
  * @v iv		Initialisation vector
- * @v cipher		Underlying cipher algorithm
+ * @v raw_cipher	Underlying cipher algorithm
  * @v cbc_ctx		CBC context
  */
 static inline void cbc_setiv ( void *ctx __unused, const void *iv,
-			       struct cipher_algorithm *cipher,
+			       struct cipher_algorithm *raw_cipher,
 			       void *cbc_ctx ) {
-	memcpy ( cbc_ctx, iv, cipher->blocksize );
+	memcpy ( cbc_ctx, iv, raw_cipher->blocksize );
 }
 
 extern void cbc_encrypt ( void *ctx, const void *src, void *dst,
-			  size_t len, struct cipher_algorithm *cipher,
+			  size_t len, struct cipher_algorithm *raw_cipher,
 			  void *cbc_ctx );
 extern void cbc_decrypt ( void *ctx, const void *src, void *dst,
-			  size_t len, struct cipher_algorithm *cipher,
+			  size_t len, struct cipher_algorithm *raw_cipher,
 			  void *cbc_ctx );
 
+/**
+ * Create a cipher-block chaining mode of behaviour of an existing cipher
+ *
+ * @v _cbc_name		Name for the new CBC cipher
+ * @v _cbc_cipher	New cipher algorithm
+ * @v _raw_cipher	Underlying cipher algorithm
+ * @v _raw_context	Context structure for the underlying cipher
+ * @v _blocksize	Cipher block size
+ */
+#define CBC_CIPHER( _cbc_name, _cbc_cipher, _raw_cipher, _raw_context,	\
+		    _blocksize )					\
+struct _cbc_name ## _context {						\
+	_raw_context raw_ctx;						\
+	uint8_t cbc_ctx[_blocksize];					\
+};									\
+static int _cbc_name ## _setkey ( void *ctx, const void *key,		\
+				  size_t keylen ) {			\
+	struct _cbc_name ## _context * _cbc_name ## _ctx = ctx;		\
+	return cbc_setkey ( &_cbc_name ## _ctx->raw_ctx, key, keylen,	\
+			    &_raw_cipher, &_cbc_name ## _ctx->cbc_ctx );\
+}									\
+static void _cbc_name ## _setiv ( void *ctx, const void *iv ) {		\
+	struct _cbc_name ## _context * _cbc_name ## _ctx = ctx;		\
+	cbc_setiv ( &_cbc_name ## _ctx->raw_ctx, iv,			\
+		    &_raw_cipher, &aes_cbc_ctx->cbc_ctx );		\
+}									\
+static void _cbc_name ## _encrypt ( void *ctx, const void *src,		\
+				    void *dst, size_t len ) {		\
+	struct _cbc_name ## _context * _cbc_name ## _ctx = ctx;		\
+	cbc_encrypt ( &_cbc_name ## _ctx->raw_ctx, src, dst, len,	\
+		      &_raw_cipher, &aes_cbc_ctx->cbc_ctx );		\
+}									\
+static void _cbc_name ## _decrypt ( void *ctx, const void *src,		\
+				    void *dst, size_t len ) {		\
+	struct _cbc_name ## _context * _cbc_name ## _ctx = ctx;		\
+	cbc_decrypt ( &_cbc_name ## _ctx->raw_ctx, src, dst, len,	\
+		      &_raw_cipher, &aes_cbc_ctx->cbc_ctx );		\
+}									\
+struct cipher_algorithm _cbc_cipher = {					\
+	.name		= #_cbc_name,					\
+	.ctxsize	= sizeof ( struct _cbc_name ## _context ),	\
+	.blocksize	= _blocksize,					\
+	.setkey		= _cbc_name ## _setkey,				\
+	.setiv		= _cbc_name ## _setiv,				\
+	.encrypt	= _cbc_name ## _encrypt,			\
+	.decrypt	= _cbc_name ## _decrypt,			\
+};
+
 #endif /* _GPXE_CBC_H */