123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270 |
- #ifndef _IPXE_CRYPTO_H
- #define _IPXE_CRYPTO_H
-
- /** @file
- *
- * Cryptographic API
- *
- */
-
- FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
-
- #include <stdint.h>
- #include <stddef.h>
-
- /** A message digest algorithm */
- struct digest_algorithm {
- /** Algorithm name */
- const char *name;
- /** Context size */
- size_t ctxsize;
- /** Block size */
- size_t blocksize;
- /** Digest size */
- size_t digestsize;
- /** Initialise digest
- *
- * @v ctx Context
- */
- void ( * init ) ( void *ctx );
- /** Update digest with new data
- *
- * @v ctx Context
- * @v src Data to digest
- * @v len Length of data
- *
- * @v len is not necessarily a multiple of @c blocksize.
- */
- void ( * update ) ( void *ctx, const void *src, size_t len );
- /** Finalise digest
- *
- * @v ctx Context
- * @v out Buffer for digest output
- */
- void ( * final ) ( void *ctx, void *out );
- };
-
- /** A cipher algorithm */
- struct cipher_algorithm {
- /** Algorithm name */
- const char *name;
- /** Context size */
- size_t ctxsize;
- /** Block size */
- size_t blocksize;
- /** Set key
- *
- * @v ctx Context
- * @v key Key
- * @v keylen Key length
- * @ret rc Return status code
- */
- int ( * setkey ) ( void *ctx, const void *key, size_t keylen );
- /** Set initialisation vector
- *
- * @v ctx Context
- * @v iv Initialisation vector
- */
- void ( * setiv ) ( void *ctx, const void *iv );
- /** Encrypt data
- *
- * @v ctx Context
- * @v src Data to encrypt
- * @v dst Buffer for encrypted data
- * @v len Length of data
- *
- * @v len is guaranteed to be a multiple of @c blocksize.
- */
- void ( * encrypt ) ( void *ctx, const void *src, void *dst,
- size_t len );
- /** Decrypt data
- *
- * @v ctx Context
- * @v src Data to decrypt
- * @v dst Buffer for decrypted data
- * @v len Length of data
- *
- * @v len is guaranteed to be a multiple of @c blocksize.
- */
- void ( * decrypt ) ( void *ctx, const void *src, void *dst,
- size_t len );
- };
-
- /** A public key algorithm */
- struct pubkey_algorithm {
- /** Algorithm name */
- const char *name;
- /** Context size */
- size_t ctxsize;
- /** Initialise algorithm
- *
- * @v ctx Context
- * @v key Key
- * @v key_len Length of key
- * @ret rc Return status code
- */
- int ( * init ) ( void *ctx, const void *key, size_t key_len );
- /** Calculate maximum output length
- *
- * @v ctx Context
- * @ret max_len Maximum output length
- */
- size_t ( * max_len ) ( void *ctx );
- /** Encrypt
- *
- * @v ctx Context
- * @v plaintext Plaintext
- * @v plaintext_len Length of plaintext
- * @v ciphertext Ciphertext
- * @ret ciphertext_len Length of ciphertext, or negative error
- */
- int ( * encrypt ) ( void *ctx, const void *data, size_t len,
- void *out );
- /** Decrypt
- *
- * @v ctx Context
- * @v ciphertext Ciphertext
- * @v ciphertext_len Ciphertext length
- * @v plaintext Plaintext
- * @ret plaintext_len Plaintext length, or negative error
- */
- int ( * decrypt ) ( void *ctx, const void *data, size_t len,
- void *out );
- /** Sign digest value
- *
- * @v ctx Context
- * @v digest Digest algorithm
- * @v value Digest value
- * @v signature Signature
- * @ret signature_len Signature length, or negative error
- */
- int ( * sign ) ( void *ctx, struct digest_algorithm *digest,
- const void *value, void *signature );
- /** Verify signed digest value
- *
- * @v ctx Context
- * @v digest Digest algorithm
- * @v value Digest value
- * @v signature Signature
- * @v signature_len Signature length
- * @ret rc Return status code
- */
- int ( * verify ) ( void *ctx, struct digest_algorithm *digest,
- const void *value, const void *signature,
- size_t signature_len );
- /** Finalise algorithm
- *
- * @v ctx Context
- */
- void ( * final ) ( void *ctx );
- /** Check that public key matches private key
- *
- * @v private_key Private key
- * @v private_key_len Private key length
- * @v public_key Public key
- * @v public_key_len Public key length
- * @ret rc Return status code
- */
- int ( * match ) ( const void *private_key, size_t private_key_len,
- const void *public_key, size_t public_key_len );
- };
-
- static inline void digest_init ( struct digest_algorithm *digest,
- void *ctx ) {
- digest->init ( ctx );
- }
-
- static inline void digest_update ( struct digest_algorithm *digest,
- void *ctx, const void *data, size_t len ) {
- digest->update ( ctx, data, len );
- }
-
- static inline void digest_final ( struct digest_algorithm *digest,
- void *ctx, void *out ) {
- digest->final ( ctx, out );
- }
-
- static inline int cipher_setkey ( struct cipher_algorithm *cipher,
- void *ctx, const void *key, size_t keylen ) {
- return cipher->setkey ( ctx, key, keylen );
- }
-
- static inline void cipher_setiv ( struct cipher_algorithm *cipher,
- void *ctx, const void *iv ) {
- cipher->setiv ( ctx, iv );
- }
-
- static inline void cipher_encrypt ( struct cipher_algorithm *cipher,
- void *ctx, const void *src, void *dst,
- size_t len ) {
- cipher->encrypt ( ctx, src, dst, len );
- }
- #define cipher_encrypt( cipher, ctx, src, dst, len ) do { \
- assert ( ( (len) & ( (cipher)->blocksize - 1 ) ) == 0 ); \
- cipher_encrypt ( (cipher), (ctx), (src), (dst), (len) ); \
- } while ( 0 )
-
- static inline void cipher_decrypt ( struct cipher_algorithm *cipher,
- void *ctx, const void *src, void *dst,
- size_t len ) {
- cipher->decrypt ( ctx, src, dst, len );
- }
- #define cipher_decrypt( cipher, ctx, src, dst, len ) do { \
- assert ( ( (len) & ( (cipher)->blocksize - 1 ) ) == 0 ); \
- cipher_decrypt ( (cipher), (ctx), (src), (dst), (len) ); \
- } while ( 0 )
-
- static inline int is_stream_cipher ( struct cipher_algorithm *cipher ) {
- return ( cipher->blocksize == 1 );
- }
-
- static inline int pubkey_init ( struct pubkey_algorithm *pubkey, void *ctx,
- const void *key, size_t key_len ) {
- return pubkey->init ( ctx, key, key_len );
- }
-
- static inline size_t pubkey_max_len ( struct pubkey_algorithm *pubkey,
- void *ctx ) {
- return pubkey->max_len ( ctx );
- }
-
- static inline int pubkey_encrypt ( struct pubkey_algorithm *pubkey, void *ctx,
- const void *data, size_t len, void *out ) {
- return pubkey->encrypt ( ctx, data, len, out );
- }
-
- static inline int pubkey_decrypt ( struct pubkey_algorithm *pubkey, void *ctx,
- const void *data, size_t len, void *out ) {
- return pubkey->decrypt ( ctx, data, len, out );
- }
-
- static inline int pubkey_sign ( struct pubkey_algorithm *pubkey, void *ctx,
- struct digest_algorithm *digest,
- const void *value, void *signature ) {
- return pubkey->sign ( ctx, digest, value, signature );
- }
-
- static inline int pubkey_verify ( struct pubkey_algorithm *pubkey, void *ctx,
- struct digest_algorithm *digest,
- const void *value, const void *signature,
- size_t signature_len ) {
- return pubkey->verify ( ctx, digest, value, signature, signature_len );
- }
-
- static inline void pubkey_final ( struct pubkey_algorithm *pubkey, void *ctx ) {
- pubkey->final ( ctx );
- }
-
- static inline int pubkey_match ( struct pubkey_algorithm *pubkey,
- const void *private_key,
- size_t private_key_len, const void *public_key,
- size_t public_key_len ) {
- return pubkey->match ( private_key, private_key_len, public_key,
- public_key_len );
- }
-
- extern struct digest_algorithm digest_null;
- extern struct cipher_algorithm cipher_null;
- extern struct pubkey_algorithm pubkey_null;
-
- #endif /* _IPXE_CRYPTO_H */
|