diff options
Diffstat (limited to 'qemu/roms/ipxe/src/crypto')
46 files changed, 2142 insertions, 1257 deletions
diff --git a/qemu/roms/ipxe/src/crypto/aes.c b/qemu/roms/ipxe/src/crypto/aes.c new file mode 100644 index 000000000..b9e206bfb --- /dev/null +++ b/qemu/roms/ipxe/src/crypto/aes.c @@ -0,0 +1,808 @@ +/* + * Copyright (C) 2015 Michael Brown <mbrown@fensystems.co.uk>. + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License as + * published by the Free Software Foundation; either version 2 of the + * License, or any later version. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + * 02110-1301, USA. + * + * You can also choose to distribute this program under the terms of + * the Unmodified Binary Distribution Licence (as given in the file + * COPYING.UBDL), provided that you have satisfied its requirements. + */ + +FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); + +/** @file + * + * AES algorithm + * + */ + +#include <stdint.h> +#include <string.h> +#include <errno.h> +#include <assert.h> +#include <byteswap.h> +#include <ipxe/rotate.h> +#include <ipxe/crypto.h> +#include <ipxe/ecb.h> +#include <ipxe/cbc.h> +#include <ipxe/aes.h> + +/** AES strides + * + * These are the strides (modulo 16) used to walk through the AES + * input state bytes in order of byte position after [Inv]ShiftRows. + */ +enum aes_stride { + /** Input stride for ShiftRows + * + * 0 4 8 c + * \ \ \ + * 1 5 9 d + * \ \ \ + * 2 6 a e + * \ \ \ + * 3 7 b f + */ + AES_STRIDE_SHIFTROWS = +5, + /** Input stride for InvShiftRows + * + * 0 4 8 c + * / / / + * 1 5 9 d + * / / / + * 2 6 a e + * / / / + * 3 7 b f + */ + AES_STRIDE_INVSHIFTROWS = -3, +}; + +/** A single AES lookup table entry + * + * This represents the product (in the Galois field GF(2^8)) of an + * eight-byte vector multiplier with a single scalar multiplicand. + * + * The vector multipliers used for AES will be {1,1,1,3,2,1,1,3} for + * MixColumns and {1,9,13,11,14,9,13,11} for InvMixColumns. This + * allows for the result of multiplying any single column of the + * [Inv]MixColumns matrix by a scalar value to be obtained simply by + * extracting the relevant four-byte subset from the lookup table + * entry. + * + * For example, to find the result of multiplying the second column of + * the MixColumns matrix by the scalar value 0x80: + * + * MixColumns column[0]: { 2, 1, 1, 3 } + * MixColumns column[1]: { 3, 2, 1, 1 } + * MixColumns column[2]: { 1, 3, 2, 1 } + * MixColumns column[3]: { 1, 1, 3, 2 } + * Vector multiplier: { 1, 1, 1, 3, 2, 1, 1, 3 } + * Scalar multiplicand: 0x80 + * Lookup table entry: { 0x80, 0x80, 0x80, 0x9b, 0x1b, 0x80, 0x80, 0x9b } + * + * The second column of the MixColumns matrix is {3,2,1,1}. The + * product of this column with the scalar value 0x80 can be obtained + * by extracting the relevant four-byte subset of the lookup table + * entry: + * + * MixColumns column[1]: { 3, 2, 1, 1 } + * Vector multiplier: { 1, 1, 1, 3, 2, 1, 1, 3 } + * Lookup table entry: { 0x80, 0x80, 0x80, 0x9b, 0x1b, 0x80, 0x80, 0x9b } + * Product: { 0x9b, 0x1b, 0x80, 0x80 } + * + * The column lookups require only seven bytes of the eight-byte + * entry: the remaining (first) byte is used to hold the scalar + * multiplicand itself (i.e. the first byte of the vector multiplier + * is always chosen to be 1). + */ +union aes_table_entry { + /** Viewed as an array of bytes */ + uint8_t byte[8]; +} __attribute__ (( packed )); + +/** An AES lookup table + * + * This represents the products (in the Galois field GF(2^8)) of a + * constant eight-byte vector multiplier with all possible 256 scalar + * multiplicands. + * + * The entries are indexed by the AES [Inv]SubBytes S-box output + * values (denoted S(N)). This allows for the result of multiplying + * any single column of the [Inv]MixColumns matrix by S(N) to be + * obtained simply by extracting the relevant four-byte subset from + * the Nth table entry. For example: + * + * Input byte (N): 0x3a + * SubBytes output S(N): 0x80 + * MixColumns column[1]: { 3, 2, 1, 1 } + * Vector multiplier: { 1, 1, 1, 3, 2, 1, 1, 3 } + * Table entry[0x3a]: { 0x80, 0x80, 0x80, 0x9b, 0x1b, 0x80, 0x80, 0x9b } + * Product: { 0x9b, 0x1b, 0x80, 0x80 } + * + * Since the first byte of the eight-byte vector multiplier is always + * chosen to be 1, the value of S(N) may be lookup up by extracting + * the first byte of the Nth table entry. + */ +struct aes_table { + /** Table entries, indexed by S(N) */ + union aes_table_entry entry[256]; +} __attribute__ (( aligned ( 8 ) )); + +/** AES MixColumns lookup table */ +static struct aes_table aes_mixcolumns; + +/** AES InvMixColumns lookup table */ +static struct aes_table aes_invmixcolumns; + +/** + * Multiply [Inv]MixColumns matrix column by scalar multiplicand + * + * @v entry AES lookup table entry for scalar multiplicand + * @v column [Inv]MixColumns matrix column index + * @ret product Product of matrix column with scalar multiplicand + */ +static inline __attribute__ (( always_inline )) uint32_t +aes_entry_column ( const union aes_table_entry *entry, unsigned int column ) { + const union { + uint8_t byte; + uint32_t column; + } __attribute__ (( may_alias )) *product; + + /* Locate relevant four-byte subset */ + product = container_of ( &entry->byte[ 4 - column ], + typeof ( *product ), byte ); + + /* Extract this four-byte subset */ + return product->column; +} + +/** + * Multiply [Inv]MixColumns matrix column by S-boxed input byte + * + * @v table AES lookup table + * @v stride AES row shift stride + * @v in AES input state + * @v offset Output byte offset (after [Inv]ShiftRows) + * @ret product Product of matrix column with S(input byte) + * + * Note that the specified offset is not the offset of the input byte; + * it is the offset of the output byte which corresponds to the input + * byte. This output byte offset is used to calculate both the input + * byte offset and to select the appropriate matric column. + * + * With a compile-time constant offset, this function will optimise + * down to a single "movzbl" (to extract the input byte) and will + * generate a single x86 memory reference expression which can then be + * used directly within a single "xorl" instruction. + */ +static inline __attribute__ (( always_inline )) uint32_t +aes_column ( const struct aes_table *table, size_t stride, + const union aes_matrix *in, size_t offset ) { + const union aes_table_entry *entry; + unsigned int byte; + + /* Extract input byte corresponding to this output byte offset + * (i.e. perform [Inv]ShiftRows). + */ + byte = in->byte[ ( stride * offset ) & 0xf ]; + + /* Locate lookup table entry for this input byte (i.e. perform + * [Inv]SubBytes). + */ + entry = &table->entry[byte]; + + /* Multiply appropriate matrix column by this input byte + * (i.e. perform [Inv]MixColumns). + */ + return aes_entry_column ( entry, ( offset & 0x3 ) ); +} + +/** + * Calculate intermediate round output column + * + * @v table AES lookup table + * @v stride AES row shift stride + * @v in AES input state + * @v key AES round key + * @v column Column index + * @ret output Output column value + */ +static inline __attribute__ (( always_inline )) uint32_t +aes_output ( const struct aes_table *table, size_t stride, + const union aes_matrix *in, const union aes_matrix *key, + unsigned int column ) { + size_t offset = ( column * 4 ); + + /* Perform [Inv]ShiftRows, [Inv]SubBytes, [Inv]MixColumns, and + * AddRoundKey for this column. The loop is unrolled to allow + * for the required compile-time constant optimisations. + */ + return ( aes_column ( table, stride, in, ( offset + 0 ) ) ^ + aes_column ( table, stride, in, ( offset + 1 ) ) ^ + aes_column ( table, stride, in, ( offset + 2 ) ) ^ + aes_column ( table, stride, in, ( offset + 3 ) ) ^ + key->column[column] ); +} + +/** + * Perform a single intermediate round + * + * @v table AES lookup table + * @v stride AES row shift stride + * @v in AES input state + * @v out AES output state + * @v key AES round key + */ +static inline __attribute__ (( always_inline )) void +aes_round ( const struct aes_table *table, size_t stride, + const union aes_matrix *in, union aes_matrix *out, + const union aes_matrix *key ) { + + /* Perform [Inv]ShiftRows, [Inv]SubBytes, [Inv]MixColumns, and + * AddRoundKey for all columns. The loop is unrolled to allow + * for the required compile-time constant optimisations. + */ + out->column[0] = aes_output ( table, stride, in, key, 0 ); + out->column[1] = aes_output ( table, stride, in, key, 1 ); + out->column[2] = aes_output ( table, stride, in, key, 2 ); + out->column[3] = aes_output ( table, stride, in, key, 3 ); +} + +/** + * Perform encryption intermediate rounds + * + * @v in AES input state + * @v out AES output state + * @v key Round keys + * @v rounds Number of rounds (must be odd) + * + * This function is deliberately marked as non-inlinable to ensure + * maximal availability of registers for GCC's register allocator, + * which has a tendency to otherwise spill performance-critical + * registers to the stack. + */ +static __attribute__ (( noinline )) void +aes_encrypt_rounds ( union aes_matrix *in, union aes_matrix *out, + const union aes_matrix *key, unsigned int rounds ) { + union aes_matrix *tmp; + + /* Perform intermediate rounds */ + do { + /* Perform one intermediate round */ + aes_round ( &aes_mixcolumns, AES_STRIDE_SHIFTROWS, + in, out, key++ ); + + /* Swap input and output states for next round */ + tmp = in; + in = out; + out = tmp; + + } while ( --rounds ); +} + +/** + * Perform decryption intermediate rounds + * + * @v in AES input state + * @v out AES output state + * @v key Round keys + * @v rounds Number of rounds (must be odd) + * + * As with aes_encrypt_rounds(), this function is deliberately marked + * as non-inlinable. + * + * This function could potentially use the same binary code as is used + * for encryption. To compensate for the difference between ShiftRows + * and InvShiftRows, half of the input byte offsets would have to be + * modifiable at runtime (half by an offset of +4/-4, half by an + * offset of -4/+4 for ShiftRows/InvShiftRows). This can be + * accomplished in x86 assembly within the number of available + * registers, but GCC's register allocator struggles to do so, + * resulting in a significant performance decrease due to registers + * being spilled to the stack. We therefore use two separate but very + * similar binary functions based on the same C source. + */ +static __attribute__ (( noinline )) void +aes_decrypt_rounds ( union aes_matrix *in, union aes_matrix *out, + const union aes_matrix *key, unsigned int rounds ) { + union aes_matrix *tmp; + + /* Perform intermediate rounds */ + do { + /* Perform one intermediate round */ + aes_round ( &aes_invmixcolumns, AES_STRIDE_INVSHIFTROWS, + in, out, key++ ); + + /* Swap input and output states for next round */ + tmp = in; + in = out; + out = tmp; + + } while ( --rounds ); +} + +/** + * Perform standalone AddRoundKey + * + * @v state AES state + * @v key AES round key + */ +static inline __attribute__ (( always_inline )) void +aes_addroundkey ( union aes_matrix *state, const union aes_matrix *key ) { + + state->column[0] ^= key->column[0]; + state->column[1] ^= key->column[1]; + state->column[2] ^= key->column[2]; + state->column[3] ^= key->column[3]; +} + +/** + * Perform final round + * + * @v table AES lookup table + * @v stride AES row shift stride + * @v in AES input state + * @v out AES output state + * @v key AES round key + */ +static void aes_final ( const struct aes_table *table, size_t stride, + const union aes_matrix *in, union aes_matrix *out, + const union aes_matrix *key ) { + const union aes_table_entry *entry; + unsigned int byte; + size_t out_offset; + size_t in_offset; + + /* Perform [Inv]ShiftRows and [Inv]SubBytes */ + for ( out_offset = 0, in_offset = 0 ; out_offset < 16 ; + out_offset++, in_offset = ( ( in_offset + stride ) & 0xf ) ) { + + /* Extract input byte (i.e. perform [Inv]ShiftRows) */ + byte = in->byte[in_offset]; + + /* Locate lookup table entry for this input byte + * (i.e. perform [Inv]SubBytes). + */ + entry = &table->entry[byte]; + + /* Store output byte */ + out->byte[out_offset] = entry->byte[0]; + } + + /* Perform AddRoundKey */ + aes_addroundkey ( out, key ); +} + +/** + * Encrypt data + * + * @v ctx Context + * @v src Data to encrypt + * @v dst Buffer for encrypted data + * @v len Length of data + */ +static void aes_encrypt ( void *ctx, const void *src, void *dst, size_t len ) { + struct aes_context *aes = ctx; + union aes_matrix buffer[2]; + union aes_matrix *in = &buffer[0]; + union aes_matrix *out = &buffer[1]; + unsigned int rounds = aes->rounds; + + /* Sanity check */ + assert ( len == sizeof ( *in ) ); + + /* Initialise input state */ + memcpy ( in, src, sizeof ( *in ) ); + + /* Perform initial round (AddRoundKey) */ + aes_addroundkey ( in, &aes->encrypt.key[0] ); + + /* Perform intermediate rounds (ShiftRows, SubBytes, + * MixColumns, AddRoundKey). + */ + aes_encrypt_rounds ( in, out, &aes->encrypt.key[1], ( rounds - 2 ) ); + in = out; + + /* Perform final round (ShiftRows, SubBytes, AddRoundKey) */ + out = dst; + aes_final ( &aes_mixcolumns, AES_STRIDE_SHIFTROWS, in, out, + &aes->encrypt.key[ rounds - 1 ] ); +} + +/** + * Decrypt data + * + * @v ctx Context + * @v src Data to decrypt + * @v dst Buffer for decrypted data + * @v len Length of data + */ +static void aes_decrypt ( void *ctx, const void *src, void *dst, size_t len ) { + struct aes_context *aes = ctx; + union aes_matrix buffer[2]; + union aes_matrix *in = &buffer[0]; + union aes_matrix *out = &buffer[1]; + unsigned int rounds = aes->rounds; + + /* Sanity check */ + assert ( len == sizeof ( *in ) ); + + /* Initialise input state */ + memcpy ( in, src, sizeof ( *in ) ); + + /* Perform initial round (AddRoundKey) */ + aes_addroundkey ( in, &aes->decrypt.key[0] ); + + /* Perform intermediate rounds (InvShiftRows, InvSubBytes, + * InvMixColumns, AddRoundKey). + */ + aes_decrypt_rounds ( in, out, &aes->decrypt.key[1], ( rounds - 2 ) ); + in = out; + + /* Perform final round (InvShiftRows, InvSubBytes, AddRoundKey) */ + out = dst; + aes_final ( &aes_invmixcolumns, AES_STRIDE_INVSHIFTROWS, in, out, + &aes->decrypt.key[ rounds - 1 ] ); +} + +/** + * Multiply a polynomial by (x) modulo (x^8 + x^4 + x^3 + x^2 + 1) in GF(2^8) + * + * @v poly Polynomial to be multiplied + * @ret result Result + */ +static __attribute__ (( const )) unsigned int aes_double ( unsigned int poly ) { + + /* Multiply polynomial by (x), placing the resulting x^8 + * coefficient in the LSB (i.e. rotate byte left by one). + */ + poly = rol8 ( poly, 1 ); + + /* If coefficient of x^8 (in LSB) is non-zero, then reduce by + * subtracting (x^8 + x^4 + x^3 + x^2 + 1) in GF(2^8). + */ + if ( poly & 0x01 ) { + poly ^= 0x01; /* Subtract x^8 (currently in LSB) */ + poly ^= 0x1b; /* Subtract (x^4 + x^3 + x^2 + 1) */ + } + + return poly; +} + +/** + * Fill in MixColumns lookup table entry + * + * @v entry AES lookup table entry for scalar multiplicand + * + * The MixColumns lookup table vector multiplier is {1,1,1,3,2,1,1,3}. + */ +static void aes_mixcolumns_entry ( union aes_table_entry *entry ) { + unsigned int scalar_x_1; + unsigned int scalar_x; + unsigned int scalar; + + /* Retrieve scalar multiplicand */ + scalar = entry->byte[0]; + entry->byte[1] = scalar; + entry->byte[2] = scalar; + entry->byte[5] = scalar; + entry->byte[6] = scalar; + + /* Calculate scalar multiplied by (x) */ + scalar_x = aes_double ( scalar ); + entry->byte[4] = scalar_x; + + /* Calculate scalar multiplied by (x + 1) */ + scalar_x_1 = ( scalar_x ^ scalar ); + entry->byte[3] = scalar_x_1; + entry->byte[7] = scalar_x_1; +} + +/** + * Fill in InvMixColumns lookup table entry + * + * @v entry AES lookup table entry for scalar multiplicand + * + * The InvMixColumns lookup table vector multiplier is {1,9,13,11,14,9,13,11}. + */ +static void aes_invmixcolumns_entry ( union aes_table_entry *entry ) { + unsigned int scalar_x3_x2_x; + unsigned int scalar_x3_x2_1; + unsigned int scalar_x3_x2; + unsigned int scalar_x3_x_1; + unsigned int scalar_x3_1; + unsigned int scalar_x3; + unsigned int scalar_x2; + unsigned int scalar_x; + unsigned int scalar; + + /* Retrieve scalar multiplicand */ + scalar = entry->byte[0]; + + /* Calculate scalar multiplied by (x) */ + scalar_x = aes_double ( scalar ); + + /* Calculate scalar multiplied by (x^2) */ + scalar_x2 = aes_double ( scalar_x ); + + /* Calculate scalar multiplied by (x^3) */ + scalar_x3 = aes_double ( scalar_x2 ); + + /* Calculate scalar multiplied by (x^3 + 1) */ + scalar_x3_1 = ( scalar_x3 ^ scalar ); + entry->byte[1] = scalar_x3_1; + entry->byte[5] = scalar_x3_1; + + /* Calculate scalar multiplied by (x^3 + x + 1) */ + scalar_x3_x_1 = ( scalar_x3_1 ^ scalar_x ); + entry->byte[3] = scalar_x3_x_1; + entry->byte[7] = scalar_x3_x_1; + + /* Calculate scalar multiplied by (x^3 + x^2) */ + scalar_x3_x2 = ( scalar_x3 ^ scalar_x2 ); + + /* Calculate scalar multiplied by (x^3 + x^2 + 1) */ + scalar_x3_x2_1 = ( scalar_x3_x2 ^ scalar ); + entry->byte[2] = scalar_x3_x2_1; + entry->byte[6] = scalar_x3_x2_1; + + /* Calculate scalar multiplied by (x^3 + x^2 + x) */ + scalar_x3_x2_x = ( scalar_x3_x2 ^ scalar_x ); + entry->byte[4] = scalar_x3_x2_x; +} + +/** + * Generate AES lookup tables + * + */ +static void aes_generate ( void ) { + union aes_table_entry *entry; + union aes_table_entry *inventry; + unsigned int poly = 0x01; + unsigned int invpoly = 0x01; + unsigned int transformed; + unsigned int i; + + /* Iterate over non-zero values of GF(2^8) using generator (x + 1) */ + do { + + /* Multiply polynomial by (x + 1) */ + poly ^= aes_double ( poly ); + + /* Divide inverse polynomial by (x + 1). This code + * fragment is taken directly from the Wikipedia page + * on the Rijndael S-box. An explanation of why it + * works would be greatly appreciated. + */ + invpoly ^= ( invpoly << 1 ); + invpoly ^= ( invpoly << 2 ); + invpoly ^= ( invpoly << 4 ); + if ( invpoly & 0x80 ) + invpoly ^= 0x09; + invpoly &= 0xff; + + /* Apply affine transformation */ + transformed = ( 0x63 ^ invpoly ^ rol8 ( invpoly, 1 ) ^ + rol8 ( invpoly, 2 ) ^ rol8 ( invpoly, 3 ) ^ + rol8 ( invpoly, 4 ) ); + + /* Populate S-box (within MixColumns lookup table) */ + aes_mixcolumns.entry[poly].byte[0] = transformed; + + } while ( poly != 0x01 ); + + /* Populate zeroth S-box entry (which has no inverse) */ + aes_mixcolumns.entry[0].byte[0] = 0x63; + + /* Fill in MixColumns and InvMixColumns lookup tables */ + for ( i = 0 ; i < 256 ; i++ ) { + + /* Fill in MixColumns lookup table entry */ + entry = &aes_mixcolumns.entry[i]; + aes_mixcolumns_entry ( entry ); + + /* Populate inverse S-box (within InvMixColumns lookup table) */ + inventry = &aes_invmixcolumns.entry[ entry->byte[0] ]; + inventry->byte[0] = i; + + /* Fill in InvMixColumns lookup table entry */ + aes_invmixcolumns_entry ( inventry ); + } +} + +/** + * Rotate key column + * + * @v column Key column + * @ret column Updated key column + */ +static inline __attribute__ (( always_inline )) uint32_t +aes_key_rotate ( uint32_t column ) { + + return ( ( __BYTE_ORDER == __LITTLE_ENDIAN ) ? + ror32 ( column, 8 ) : rol32 ( column, 8 ) ); +} + +/** + * Apply S-box to key column + * + * @v column Key column + * @ret column Updated key column + */ +static uint32_t aes_key_sbox ( uint32_t column ) { + unsigned int i; + uint8_t byte; + + for ( i = 0 ; i < 4 ; i++ ) { + byte = ( column & 0xff ); + byte = aes_mixcolumns.entry[byte].byte[0]; + column = ( ( column & ~0xff ) | byte ); + column = rol32 ( column, 8 ); + } + return column; +} + +/** + * Apply schedule round constant to key column + * + * @v column Key column + * @v rcon Round constant + * @ret column Updated key column + */ +static inline __attribute__ (( always_inline )) uint32_t +aes_key_rcon ( uint32_t column, unsigned int rcon ) { + + return ( ( __BYTE_ORDER == __LITTLE_ENDIAN ) ? + ( column ^ rcon ) : ( column ^ ( rcon << 24 ) ) ); +} + +/** + * Set key + * + * @v ctx Context + * @v key Key + * @v keylen Key length + * @ret rc Return status code + */ +static int aes_setkey ( void *ctx, const void *key, size_t keylen ) { + struct aes_context *aes = ctx; + union aes_matrix *enc; + union aes_matrix *dec; + union aes_matrix temp; + union aes_matrix zero; + unsigned int rcon = 0x01; + unsigned int rounds; + size_t offset = 0; + uint32_t *prev; + uint32_t *next; + uint32_t *end; + uint32_t tmp; + + /* Generate lookup tables, if not already done */ + if ( ! aes_mixcolumns.entry[0].byte[0] ) + aes_generate(); + + /* Validate key length and calculate number of intermediate rounds */ + switch ( keylen ) { + case ( 128 / 8 ) : + rounds = 11; + break; + case ( 192 / 8 ) : + rounds = 13; + break; + case ( 256 / 8 ) : + rounds = 15; + break; + default: + DBGC ( aes, "AES %p unsupported key length (%zd bits)\n", + aes, ( keylen * 8 ) ); + return -EINVAL; + } + aes->rounds = rounds; + enc = aes->encrypt.key; + end = enc[rounds].column; + + /* Copy raw key */ + memcpy ( enc, key, keylen ); + prev = enc->column; + next = ( ( ( void * ) prev ) + keylen ); + tmp = next[-1]; + + /* Construct expanded key */ + while ( next < end ) { + + /* If this is the first column of an expanded key + * block, or the middle column of an AES-256 key + * block, then apply the S-box. + */ + if ( ( offset == 0 ) || ( ( offset | keylen ) == 48 ) ) + tmp = aes_key_sbox ( tmp ); + + /* If this is the first column of an expanded key + * block then rotate and apply the round constant. + */ + if ( offset == 0 ) { + tmp = aes_key_rotate ( tmp ); + tmp = aes_key_rcon ( tmp, rcon ); + rcon = aes_double ( rcon ); + } + + /* XOR with previous key column */ + tmp ^= *prev; + + /* Store column */ + *next = tmp; + + /* Move to next column */ + offset += sizeof ( *next ); + if ( offset == keylen ) + offset = 0; + next++; + prev++; + } + DBGC2 ( aes, "AES %p expanded %zd-bit key:\n", aes, ( keylen * 8 ) ); + DBGC2_HDA ( aes, 0, &aes->encrypt, ( rounds * sizeof ( *enc ) ) ); + + /* Convert to decryption key */ + memset ( &zero, 0, sizeof ( zero ) ); + dec = &aes->decrypt.key[ rounds - 1 ]; + memcpy ( dec--, enc++, sizeof ( *dec ) ); + while ( dec > aes->decrypt.key ) { + /* Perform InvMixColumns (by reusing the encryption + * final-round code to perform ShiftRows+SubBytes and + * reusing the decryption intermediate-round code to + * perform InvShiftRows+InvSubBytes+InvMixColumns, all + * with a zero encryption key). + */ + aes_final ( &aes_mixcolumns, AES_STRIDE_SHIFTROWS, + enc++, &temp, &zero ); + aes_decrypt_rounds ( &temp, dec--, &zero, 1 ); + } + memcpy ( dec--, enc++, sizeof ( *dec ) ); + DBGC2 ( aes, "AES %p inverted %zd-bit key:\n", aes, ( keylen * 8 ) ); + DBGC2_HDA ( aes, 0, &aes->decrypt, ( rounds * sizeof ( *dec ) ) ); + + return 0; +} + +/** + * Set initialisation vector + * + * @v ctx Context + * @v iv Initialisation vector + */ +static void aes_setiv ( void *ctx __unused, const void *iv __unused ) { + /* Nothing to do */ +} + +/** Basic AES algorithm */ +struct cipher_algorithm aes_algorithm = { + .name = "aes", + .ctxsize = sizeof ( struct aes_context ), + .blocksize = AES_BLOCKSIZE, + .setkey = aes_setkey, + .setiv = aes_setiv, + .encrypt = aes_encrypt, + .decrypt = aes_decrypt, +}; + +/* AES in Electronic Codebook mode */ +ECB_CIPHER ( aes_ecb, aes_ecb_algorithm, + aes_algorithm, struct aes_context, AES_BLOCKSIZE ); + +/* AES in Cipher Block Chaining mode */ +CBC_CIPHER ( aes_cbc, aes_cbc_algorithm, + aes_algorithm, struct aes_context, AES_BLOCKSIZE ); diff --git a/qemu/roms/ipxe/src/crypto/asn1.c b/qemu/roms/ipxe/src/crypto/asn1.c index 6d880704f..aca12bf30 100644 --- a/qemu/roms/ipxe/src/crypto/asn1.c +++ b/qemu/roms/ipxe/src/crypto/asn1.c @@ -15,9 +15,13 @@ * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA * 02110-1301, USA. + * + * You can also choose to distribute this program under the terms of + * the Unmodified Binary Distribution Licence (as given in the file + * COPYING.UBDL), provided that you have satisfied its requirements. */ -FILE_LICENCE ( GPL2_OR_LATER ); +FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); #include <stdint.h> #include <stddef.h> diff --git a/qemu/roms/ipxe/src/crypto/axtls/aes.c b/qemu/roms/ipxe/src/crypto/axtls/aes.c deleted file mode 100644 index bd99a7097..000000000 --- a/qemu/roms/ipxe/src/crypto/axtls/aes.c +++ /dev/null @@ -1,457 +0,0 @@ -/* - * Copyright (c) 2007, Cameron Rich - * - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions are met: - * - * * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * * Neither the name of the axTLS project nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR - * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, - * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, - * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * AES implementation - this is a small code version. There are much faster - * versions around but they are much larger in size (i.e. they use large - * submix tables). - */ - -#include <string.h> -#include "os_port.h" -#include "crypto.h" - -/* all commented out in skeleton mode */ -#ifndef CONFIG_SSL_SKELETON_MODE - -#define rot1(x) (((x) << 24) | ((x) >> 8)) -#define rot2(x) (((x) << 16) | ((x) >> 16)) -#define rot3(x) (((x) << 8) | ((x) >> 24)) - -/* - * This cute trick does 4 'mul by two' at once. Stolen from - * Dr B. R. Gladman <brg@gladman.uk.net> but I'm sure the u-(u>>7) is - * a standard graphics trick - * The key to this is that we need to xor with 0x1b if the top bit is set. - * a 1xxx xxxx 0xxx 0xxx First we mask the 7bit, - * b 1000 0000 0000 0000 then we shift right by 7 putting the 7bit in 0bit, - * c 0000 0001 0000 0000 we then subtract (c) from (b) - * d 0111 1111 0000 0000 and now we and with our mask - * e 0001 1011 0000 0000 - */ -#define mt 0x80808080 -#define ml 0x7f7f7f7f -#define mh 0xfefefefe -#define mm 0x1b1b1b1b -#define mul2(x,t) ((t)=((x)&mt), \ - ((((x)+(x))&mh)^(((t)-((t)>>7))&mm))) - -#define inv_mix_col(x,f2,f4,f8,f9) (\ - (f2)=mul2(x,f2), \ - (f4)=mul2(f2,f4), \ - (f8)=mul2(f4,f8), \ - (f9)=(x)^(f8), \ - (f8)=((f2)^(f4)^(f8)), \ - (f2)^=(f9), \ - (f4)^=(f9), \ - (f8)^=rot3(f2), \ - (f8)^=rot2(f4), \ - (f8)^rot1(f9)) - -/* - * AES S-box - */ -static const uint8_t aes_sbox[256] = -{ - 0x63,0x7C,0x77,0x7B,0xF2,0x6B,0x6F,0xC5, - 0x30,0x01,0x67,0x2B,0xFE,0xD7,0xAB,0x76, - 0xCA,0x82,0xC9,0x7D,0xFA,0x59,0x47,0xF0, - 0xAD,0xD4,0xA2,0xAF,0x9C,0xA4,0x72,0xC0, - 0xB7,0xFD,0x93,0x26,0x36,0x3F,0xF7,0xCC, - 0x34,0xA5,0xE5,0xF1,0x71,0xD8,0x31,0x15, - 0x04,0xC7,0x23,0xC3,0x18,0x96,0x05,0x9A, - 0x07,0x12,0x80,0xE2,0xEB,0x27,0xB2,0x75, - 0x09,0x83,0x2C,0x1A,0x1B,0x6E,0x5A,0xA0, - 0x52,0x3B,0xD6,0xB3,0x29,0xE3,0x2F,0x84, - 0x53,0xD1,0x00,0xED,0x20,0xFC,0xB1,0x5B, - 0x6A,0xCB,0xBE,0x39,0x4A,0x4C,0x58,0xCF, - 0xD0,0xEF,0xAA,0xFB,0x43,0x4D,0x33,0x85, - 0x45,0xF9,0x02,0x7F,0x50,0x3C,0x9F,0xA8, - 0x51,0xA3,0x40,0x8F,0x92,0x9D,0x38,0xF5, - 0xBC,0xB6,0xDA,0x21,0x10,0xFF,0xF3,0xD2, - 0xCD,0x0C,0x13,0xEC,0x5F,0x97,0x44,0x17, - 0xC4,0xA7,0x7E,0x3D,0x64,0x5D,0x19,0x73, - 0x60,0x81,0x4F,0xDC,0x22,0x2A,0x90,0x88, - 0x46,0xEE,0xB8,0x14,0xDE,0x5E,0x0B,0xDB, - 0xE0,0x32,0x3A,0x0A,0x49,0x06,0x24,0x5C, - 0xC2,0xD3,0xAC,0x62,0x91,0x95,0xE4,0x79, - 0xE7,0xC8,0x37,0x6D,0x8D,0xD5,0x4E,0xA9, - 0x6C,0x56,0xF4,0xEA,0x65,0x7A,0xAE,0x08, - 0xBA,0x78,0x25,0x2E,0x1C,0xA6,0xB4,0xC6, - 0xE8,0xDD,0x74,0x1F,0x4B,0xBD,0x8B,0x8A, - 0x70,0x3E,0xB5,0x66,0x48,0x03,0xF6,0x0E, - 0x61,0x35,0x57,0xB9,0x86,0xC1,0x1D,0x9E, - 0xE1,0xF8,0x98,0x11,0x69,0xD9,0x8E,0x94, - 0x9B,0x1E,0x87,0xE9,0xCE,0x55,0x28,0xDF, - 0x8C,0xA1,0x89,0x0D,0xBF,0xE6,0x42,0x68, - 0x41,0x99,0x2D,0x0F,0xB0,0x54,0xBB,0x16, -}; - -/* - * AES is-box - */ -static const uint8_t aes_isbox[256] = -{ - 0x52,0x09,0x6a,0xd5,0x30,0x36,0xa5,0x38, - 0xbf,0x40,0xa3,0x9e,0x81,0xf3,0xd7,0xfb, - 0x7c,0xe3,0x39,0x82,0x9b,0x2f,0xff,0x87, - 0x34,0x8e,0x43,0x44,0xc4,0xde,0xe9,0xcb, - 0x54,0x7b,0x94,0x32,0xa6,0xc2,0x23,0x3d, - 0xee,0x4c,0x95,0x0b,0x42,0xfa,0xc3,0x4e, - 0x08,0x2e,0xa1,0x66,0x28,0xd9,0x24,0xb2, - 0x76,0x5b,0xa2,0x49,0x6d,0x8b,0xd1,0x25, - 0x72,0xf8,0xf6,0x64,0x86,0x68,0x98,0x16, - 0xd4,0xa4,0x5c,0xcc,0x5d,0x65,0xb6,0x92, - 0x6c,0x70,0x48,0x50,0xfd,0xed,0xb9,0xda, - 0x5e,0x15,0x46,0x57,0xa7,0x8d,0x9d,0x84, - 0x90,0xd8,0xab,0x00,0x8c,0xbc,0xd3,0x0a, - 0xf7,0xe4,0x58,0x05,0xb8,0xb3,0x45,0x06, - 0xd0,0x2c,0x1e,0x8f,0xca,0x3f,0x0f,0x02, - 0xc1,0xaf,0xbd,0x03,0x01,0x13,0x8a,0x6b, - 0x3a,0x91,0x11,0x41,0x4f,0x67,0xdc,0xea, - 0x97,0xf2,0xcf,0xce,0xf0,0xb4,0xe6,0x73, - 0x96,0xac,0x74,0x22,0xe7,0xad,0x35,0x85, - 0xe2,0xf9,0x37,0xe8,0x1c,0x75,0xdf,0x6e, - 0x47,0xf1,0x1a,0x71,0x1d,0x29,0xc5,0x89, - 0x6f,0xb7,0x62,0x0e,0xaa,0x18,0xbe,0x1b, - 0xfc,0x56,0x3e,0x4b,0xc6,0xd2,0x79,0x20, - 0x9a,0xdb,0xc0,0xfe,0x78,0xcd,0x5a,0xf4, - 0x1f,0xdd,0xa8,0x33,0x88,0x07,0xc7,0x31, - 0xb1,0x12,0x10,0x59,0x27,0x80,0xec,0x5f, - 0x60,0x51,0x7f,0xa9,0x19,0xb5,0x4a,0x0d, - 0x2d,0xe5,0x7a,0x9f,0x93,0xc9,0x9c,0xef, - 0xa0,0xe0,0x3b,0x4d,0xae,0x2a,0xf5,0xb0, - 0xc8,0xeb,0xbb,0x3c,0x83,0x53,0x99,0x61, - 0x17,0x2b,0x04,0x7e,0xba,0x77,0xd6,0x26, - 0xe1,0x69,0x14,0x63,0x55,0x21,0x0c,0x7d -}; - -static const unsigned char Rcon[30]= -{ - 0x01,0x02,0x04,0x08,0x10,0x20,0x40,0x80, - 0x1b,0x36,0x6c,0xd8,0xab,0x4d,0x9a,0x2f, - 0x5e,0xbc,0x63,0xc6,0x97,0x35,0x6a,0xd4, - 0xb3,0x7d,0xfa,0xef,0xc5,0x91, -}; - -/* ----- static functions ----- */ -static void AES_encrypt(const AES_CTX *ctx, uint32_t *data); -static void AES_decrypt(const AES_CTX *ctx, uint32_t *data); - -/* Perform doubling in Galois Field GF(2^8) using the irreducible polynomial - x^8+x^4+x^3+x+1 */ -static unsigned char AES_xtime(uint32_t x) -{ - return (x&0x80) ? (x<<1)^0x1b : x<<1; -} - -/** - * Set up AES with the key/iv and cipher size. - */ -void AES_set_key(AES_CTX *ctx, const uint8_t *key, - const uint8_t *iv, AES_MODE mode) -{ - int i, ii; - uint32_t *W, tmp, tmp2; - const unsigned char *ip; - int words; - - switch (mode) - { - case AES_MODE_128: - i = 10; - words = 4; - break; - - case AES_MODE_256: - i = 14; - words = 8; - break; - - default: /* fail silently */ - return; - } - - ctx->rounds = i; - ctx->key_size = words; - W = ctx->ks; - for (i = 0; i < words; i+=2) - { - W[i+0]= ((uint32_t)key[ 0]<<24)| - ((uint32_t)key[ 1]<<16)| - ((uint32_t)key[ 2]<< 8)| - ((uint32_t)key[ 3] ); - W[i+1]= ((uint32_t)key[ 4]<<24)| - ((uint32_t)key[ 5]<<16)| - ((uint32_t)key[ 6]<< 8)| - ((uint32_t)key[ 7] ); - key += 8; - } - - ip = Rcon; - ii = 4 * (ctx->rounds+1); - for (i = words; i<ii; i++) - { - tmp = W[i-1]; - - if ((i % words) == 0) - { - tmp2 =(uint32_t)aes_sbox[(tmp )&0xff]<< 8; - tmp2|=(uint32_t)aes_sbox[(tmp>> 8)&0xff]<<16; - tmp2|=(uint32_t)aes_sbox[(tmp>>16)&0xff]<<24; - tmp2|=(uint32_t)aes_sbox[(tmp>>24) ]; - tmp=tmp2^(((unsigned int)*ip)<<24); - ip++; - } - - if ((words == 8) && ((i % words) == 4)) - { - tmp2 =(uint32_t)aes_sbox[(tmp )&0xff] ; - tmp2|=(uint32_t)aes_sbox[(tmp>> 8)&0xff]<< 8; - tmp2|=(uint32_t)aes_sbox[(tmp>>16)&0xff]<<16; - tmp2|=(uint32_t)aes_sbox[(tmp>>24) ]<<24; - tmp=tmp2; - } - - W[i]=W[i-words]^tmp; - } - - /* copy the iv across */ - memcpy(ctx->iv, iv, 16); -} - -/** - * Change a key for decryption. - */ -void AES_convert_key(AES_CTX *ctx) -{ - int i; - uint32_t *k,w,t1,t2,t3,t4; - - k = ctx->ks; - k += 4; - - for (i= ctx->rounds*4; i > 4; i--) - { - w= *k; - w = inv_mix_col(w,t1,t2,t3,t4); - *k++ =w; - } -} - -/** - * Encrypt a byte sequence (with a block size 16) using the AES cipher. - */ -void AES_cbc_encrypt(AES_CTX *ctx, const uint8_t *msg, uint8_t *out, int length) -{ - int i; - uint32_t tin[4], tout[4], iv[4]; - - memcpy(iv, ctx->iv, AES_IV_SIZE); - for (i = 0; i < 4; i++) - tout[i] = ntohl(iv[i]); - - for (length -= AES_BLOCKSIZE; length >= 0; length -= AES_BLOCKSIZE) - { - uint32_t msg_32[4]; - uint32_t out_32[4]; - memcpy(msg_32, msg, AES_BLOCKSIZE); - msg += AES_BLOCKSIZE; - - for (i = 0; i < 4; i++) - tin[i] = ntohl(msg_32[i])^tout[i]; - - AES_encrypt(ctx, tin); - - for (i = 0; i < 4; i++) - { - tout[i] = tin[i]; - out_32[i] = htonl(tout[i]); - } - - memcpy(out, out_32, AES_BLOCKSIZE); - out += AES_BLOCKSIZE; - } - - for (i = 0; i < 4; i++) - iv[i] = htonl(tout[i]); - memcpy(ctx->iv, iv, AES_IV_SIZE); -} - -/** - * Decrypt a byte sequence (with a block size 16) using the AES cipher. - */ -void AES_cbc_decrypt(AES_CTX *ctx, const uint8_t *msg, uint8_t *out, int length) -{ - int i; - uint32_t tin[4], xor[4], tout[4], data[4], iv[4]; - - memcpy(iv, ctx->iv, AES_IV_SIZE); - for (i = 0; i < 4; i++) - xor[i] = ntohl(iv[i]); - - for (length -= 16; length >= 0; length -= 16) - { - uint32_t msg_32[4]; - uint32_t out_32[4]; - memcpy(msg_32, msg, AES_BLOCKSIZE); - msg += AES_BLOCKSIZE; - - for (i = 0; i < 4; i++) - { - tin[i] = ntohl(msg_32[i]); - data[i] = tin[i]; - } - - AES_decrypt(ctx, data); - - for (i = 0; i < 4; i++) - { - tout[i] = data[i]^xor[i]; - xor[i] = tin[i]; - out_32[i] = htonl(tout[i]); - } - - memcpy(out, out_32, AES_BLOCKSIZE); - out += AES_BLOCKSIZE; - } - - for (i = 0; i < 4; i++) - iv[i] = htonl(xor[i]); - memcpy(ctx->iv, iv, AES_IV_SIZE); -} - -/** - * Encrypt a single block (16 bytes) of data - */ -static void AES_encrypt(const AES_CTX *ctx, uint32_t *data) -{ - /* To make this code smaller, generate the sbox entries on the fly. - * This will have a really heavy effect upon performance. - */ - uint32_t tmp[4]; - uint32_t tmp1, old_a0, a0, a1, a2, a3, row; - int curr_rnd; - int rounds = ctx->rounds; - const uint32_t *k = ctx->ks; - - /* Pre-round key addition */ - for (row = 0; row < 4; row++) - data[row] ^= *(k++); - - /* Encrypt one block. */ - for (curr_rnd = 0; curr_rnd < rounds; curr_rnd++) - { - /* Perform ByteSub and ShiftRow operations together */ - for (row = 0; row < 4; row++) - { - a0 = (uint32_t)aes_sbox[(data[row%4]>>24)&0xFF]; - a1 = (uint32_t)aes_sbox[(data[(row+1)%4]>>16)&0xFF]; - a2 = (uint32_t)aes_sbox[(data[(row+2)%4]>>8)&0xFF]; - a3 = (uint32_t)aes_sbox[(data[(row+3)%4])&0xFF]; - - /* Perform MixColumn iff not last round */ - if (curr_rnd < (rounds - 1)) - { - tmp1 = a0 ^ a1 ^ a2 ^ a3; - old_a0 = a0; - a0 ^= tmp1 ^ AES_xtime(a0 ^ a1); - a1 ^= tmp1 ^ AES_xtime(a1 ^ a2); - a2 ^= tmp1 ^ AES_xtime(a2 ^ a3); - a3 ^= tmp1 ^ AES_xtime(a3 ^ old_a0); - } - - tmp[row] = ((a0 << 24) | (a1 << 16) | (a2 << 8) | a3); - } - - /* KeyAddition - note that it is vital that this loop is separate from - the MixColumn operation, which must be atomic...*/ - for (row = 0; row < 4; row++) - data[row] = tmp[row] ^ *(k++); - } -} - -/** - * Decrypt a single block (16 bytes) of data - */ -static void AES_decrypt(const AES_CTX *ctx, uint32_t *data) -{ - uint32_t tmp[4]; - uint32_t xt0,xt1,xt2,xt3,xt4,xt5,xt6; - uint32_t a0, a1, a2, a3, row; - int curr_rnd; - int rounds = ctx->rounds; - const uint32_t *k = ctx->ks + ((rounds+1)*4); - - /* pre-round key addition */ - for (row=4; row > 0;row--) - data[row-1] ^= *(--k); - - /* Decrypt one block */ - for (curr_rnd = 0; curr_rnd < rounds; curr_rnd++) - { - /* Perform ByteSub and ShiftRow operations together */ - for (row = 4; row > 0; row--) - { - a0 = aes_isbox[(data[(row+3)%4]>>24)&0xFF]; - a1 = aes_isbox[(data[(row+2)%4]>>16)&0xFF]; - a2 = aes_isbox[(data[(row+1)%4]>>8)&0xFF]; - a3 = aes_isbox[(data[row%4])&0xFF]; - - /* Perform MixColumn iff not last round */ - if (curr_rnd<(rounds-1)) - { - /* The MDS cofefficients (0x09, 0x0B, 0x0D, 0x0E) - are quite large compared to encryption; this - operation slows decryption down noticeably. */ - xt0 = AES_xtime(a0^a1); - xt1 = AES_xtime(a1^a2); - xt2 = AES_xtime(a2^a3); - xt3 = AES_xtime(a3^a0); - xt4 = AES_xtime(xt0^xt1); - xt5 = AES_xtime(xt1^xt2); - xt6 = AES_xtime(xt4^xt5); - - xt0 ^= a1^a2^a3^xt4^xt6; - xt1 ^= a0^a2^a3^xt5^xt6; - xt2 ^= a0^a1^a3^xt4^xt6; - xt3 ^= a0^a1^a2^xt5^xt6; - tmp[row-1] = ((xt0<<24)|(xt1<<16)|(xt2<<8)|xt3); - } - else - tmp[row-1] = ((a0<<24)|(a1<<16)|(a2<<8)|a3); - } - - for (row = 4; row > 0; row--) - data[row-1] = tmp[row-1] ^ *(--k); - } -} - -#endif diff --git a/qemu/roms/ipxe/src/crypto/axtls/bigint.h b/qemu/roms/ipxe/src/crypto/axtls/bigint.h deleted file mode 100644 index 1f38c53d6..000000000 --- a/qemu/roms/ipxe/src/crypto/axtls/bigint.h +++ /dev/null @@ -1,99 +0,0 @@ -/* - * Copyright (c) 2007, Cameron Rich - * - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions are met: - * - * * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * * Neither the name of the axTLS project nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR - * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, - * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, - * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#ifndef BIGINT_HEADER -#define BIGINT_HEADER - -#include "crypto.h" - -BI_CTX *bi_initialize(void); -void bi_terminate(BI_CTX *ctx); -void bi_permanent(bigint *bi); -void bi_depermanent(bigint *bi); -void bi_clear_cache(BI_CTX *ctx); -void bi_free(BI_CTX *ctx, bigint *bi); -bigint *bi_copy(bigint *bi); -bigint *bi_clone(BI_CTX *ctx, const bigint *bi); -void bi_export(BI_CTX *ctx, bigint *bi, uint8_t *data, int size); -bigint *bi_import(BI_CTX *ctx, const uint8_t *data, int len); -bigint *int_to_bi(BI_CTX *ctx, comp i); - -/* the functions that actually do something interesting */ -bigint *bi_add(BI_CTX *ctx, bigint *bia, bigint *bib); -bigint *bi_subtract(BI_CTX *ctx, bigint *bia, - bigint *bib, int *is_negative); -bigint *bi_divide(BI_CTX *ctx, bigint *bia, bigint *bim, int is_mod); -bigint *bi_multiply(BI_CTX *ctx, bigint *bia, bigint *bib); -bigint *bi_mod_power(BI_CTX *ctx, bigint *bi, bigint *biexp); -bigint *bi_mod_power2(BI_CTX *ctx, bigint *bi, bigint *bim, bigint *biexp); -int bi_compare(bigint *bia, bigint *bib); -void bi_set_mod(BI_CTX *ctx, bigint *bim, int mod_offset); -void bi_free_mod(BI_CTX *ctx, int mod_offset); - -#ifdef CONFIG_SSL_FULL_MODE -void bi_print(const char *label, bigint *bi); -bigint *bi_str_import(BI_CTX *ctx, const char *data); -#endif - -/** - * @def bi_mod - * Find the residue of B. bi_set_mod() must be called before hand. - */ -#define bi_mod(A, B) bi_divide(A, B, ctx->bi_mod[ctx->mod_offset], 1) - -/** - * bi_residue() is technically the same as bi_mod(), but it uses the - * appropriate reduction technique (which is bi_mod() when doing classical - * reduction). - */ -#if defined(CONFIG_BIGINT_MONTGOMERY) -#define bi_residue(A, B) bi_mont(A, B) -bigint *bi_mont(BI_CTX *ctx, bigint *bixy); -#elif defined(CONFIG_BIGINT_BARRETT) -#define bi_residue(A, B) bi_barrett(A, B) -bigint *bi_barrett(BI_CTX *ctx, bigint *bi); -#else /* if defined(CONFIG_BIGINT_CLASSICAL) */ -#define bi_residue(A, B) bi_mod(A, B) -#endif - -#ifdef CONFIG_BIGINT_SQUARE -bigint *bi_square(BI_CTX *ctx, bigint *bi); -#else -#define bi_square(A, B) bi_multiply(A, bi_copy(B), B) -#endif - -#ifdef CONFIG_BIGINT_CRT -bigint *bi_crt(BI_CTX *ctx, bigint *bi, - bigint *dP, bigint *dQ, - bigint *p, bigint *q, - bigint *qInv); -#endif - -#endif diff --git a/qemu/roms/ipxe/src/crypto/axtls/bigint_impl.h b/qemu/roms/ipxe/src/crypto/axtls/bigint_impl.h deleted file mode 100644 index 09d8550ea..000000000 --- a/qemu/roms/ipxe/src/crypto/axtls/bigint_impl.h +++ /dev/null @@ -1,131 +0,0 @@ -/* - * Copyright (c) 2007, Cameron Rich - * - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions are met: - * - * * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * * Neither the name of the axTLS project nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR - * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, - * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, - * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#ifndef BIGINT_IMPL_HEADER -#define BIGINT_IMPL_HEADER - -/* Maintain a number of precomputed variables when doing reduction */ -#define BIGINT_M_OFFSET 0 /**< Normal modulo offset. */ -#ifdef CONFIG_BIGINT_CRT -#define BIGINT_P_OFFSET 1 /**< p modulo offset. */ -#define BIGINT_Q_OFFSET 2 /**< q module offset. */ -#define BIGINT_NUM_MODS 3 /**< The number of modulus constants used. */ -#else -#define BIGINT_NUM_MODS 1 -#endif - -/* Architecture specific functions for big ints */ -#if defined(CONFIG_INTEGER_8BIT) -#define COMP_RADIX 256U /**< Max component + 1 */ -#define COMP_MAX 0xFFFFU/**< (Max dbl comp -1) */ -#define COMP_BIT_SIZE 8 /**< Number of bits in a component. */ -#define COMP_BYTE_SIZE 1 /**< Number of bytes in a component. */ -#define COMP_NUM_NIBBLES 2 /**< Used For diagnostics only. */ -typedef uint8_t comp; /**< A single precision component. */ -typedef uint16_t long_comp; /**< A double precision component. */ -typedef int16_t slong_comp; /**< A signed double precision component. */ -#elif defined(CONFIG_INTEGER_16BIT) -#define COMP_RADIX 65536U /**< Max component + 1 */ -#define COMP_MAX 0xFFFFFFFFU/**< (Max dbl comp -1) */ -#define COMP_BIT_SIZE 16 /**< Number of bits in a component. */ -#define COMP_BYTE_SIZE 2 /**< Number of bytes in a component. */ -#define COMP_NUM_NIBBLES 4 /**< Used For diagnostics only. */ -typedef uint16_t comp; /**< A single precision component. */ -typedef uint32_t long_comp; /**< A double precision component. */ -typedef int32_t slong_comp; /**< A signed double precision component. */ -#else /* regular 32 bit */ -#ifdef WIN32 -#define COMP_RADIX 4294967296i64 -#define COMP_MAX 0xFFFFFFFFFFFFFFFFui64 -#else -#define COMP_RADIX 4294967296ULL /**< Max component + 1 */ -#define COMP_MAX 0xFFFFFFFFFFFFFFFFULL/**< (Max dbl comp -1) */ -#endif -#define COMP_BIT_SIZE 32 /**< Number of bits in a component. */ -#define COMP_BYTE_SIZE 4 /**< Number of bytes in a component. */ -#define COMP_NUM_NIBBLES 8 /**< Used For diagnostics only. */ -typedef uint32_t comp; /**< A single precision component. */ -typedef uint64_t long_comp; /**< A double precision component. */ -typedef int64_t slong_comp; /**< A signed double precision component. */ -#endif - -/** - * @struct _bigint - * @brief A big integer basic object - */ -struct _bigint -{ - struct _bigint* next; /**< The next bigint in the cache. */ - short size; /**< The number of components in this bigint. */ - short max_comps; /**< The heapsize allocated for this bigint */ - int refs; /**< An internal reference count. */ - comp* comps; /**< A ptr to the actual component data */ -}; - -typedef struct _bigint bigint; /**< An alias for _bigint */ - -/** - * Maintains the state of the cache, and a number of variables used in - * reduction. - */ -typedef struct /**< A big integer "session" context. */ -{ - bigint *active_list; /**< Bigints currently used. */ - bigint *free_list; /**< Bigints not used. */ - bigint *bi_radix; /**< The radix used. */ - bigint *bi_mod[BIGINT_NUM_MODS]; /**< modulus */ - -#if defined(CONFIG_BIGINT_MONTGOMERY) - bigint *bi_RR_mod_m[BIGINT_NUM_MODS]; /**< R^2 mod m */ - bigint *bi_R_mod_m[BIGINT_NUM_MODS]; /**< R mod m */ - comp N0_dash[BIGINT_NUM_MODS]; -#elif defined(CONFIG_BIGINT_BARRETT) - bigint *bi_mu[BIGINT_NUM_MODS]; /**< Storage for mu */ -#endif - bigint *bi_normalised_mod[BIGINT_NUM_MODS]; /**< Normalised mod storage. */ - bigint **g; /**< Used by sliding-window. */ - int window; /**< The size of the sliding window */ - int active_count; /**< Number of active bigints. */ - int free_count; /**< Number of free bigints. */ - -#ifdef CONFIG_BIGINT_MONTGOMERY - uint8_t use_classical; /**< Use classical reduction. */ -#endif - uint8_t mod_offset; /**< The mod offset we are using */ -} BI_CTX; - -#ifndef WIN32 -#define max(a,b) ((a)>(b)?(a):(b)) /**< Find the maximum of 2 numbers. */ -#define min(a,b) ((a)<(b)?(a):(b)) /**< Find the minimum of 2 numbers. */ -#endif - -#define PERMANENT 0x7FFF55AA /**< A magic number for permanents. */ - -#endif diff --git a/qemu/roms/ipxe/src/crypto/axtls/config.h b/qemu/roms/ipxe/src/crypto/axtls/config.h deleted file mode 100644 index 32fa3bf03..000000000 --- a/qemu/roms/ipxe/src/crypto/axtls/config.h +++ /dev/null @@ -1,13 +0,0 @@ -#ifndef AXTLS_CONFIG_H -#define AXTLS_CONFIG_H - -/** - * @file config.h - * - * Trick the axtls code into building within our build environment. - */ - -#define CONFIG_SSL_ENABLE_CLIENT 1 -#define CONFIG_BIGINT_CLASSICAL 1 - -#endif diff --git a/qemu/roms/ipxe/src/crypto/axtls/crypto.h b/qemu/roms/ipxe/src/crypto/axtls/crypto.h deleted file mode 100644 index 2c4cda4de..000000000 --- a/qemu/roms/ipxe/src/crypto/axtls/crypto.h +++ /dev/null @@ -1,229 +0,0 @@ -/* - * Copyright (c) 2007, Cameron Rich - * - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions are met: - * - * * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * * Neither the name of the axTLS project nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR - * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, - * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, - * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * @file crypto.h - */ - -#ifndef HEADER_CRYPTO_H -#define HEADER_CRYPTO_H - -#ifdef __cplusplus -extern "C" { -#endif - -#include "config.h" -#include "bigint_impl.h" -#include "bigint.h" - -#ifndef STDCALL -#define STDCALL -#endif -#ifndef EXP_FUNC -#define EXP_FUNC -#endif - - -/* enable features based on a 'super-set' capbaility. */ -#if defined(CONFIG_SSL_FULL_MODE) -#define CONFIG_SSL_ENABLE_CLIENT -#define CONFIG_SSL_CERT_VERIFICATION -#elif defined(CONFIG_SSL_ENABLE_CLIENT) -#define CONFIG_SSL_CERT_VERIFICATION -#endif - -/************************************************************************** - * AES declarations - **************************************************************************/ - -#define AES_MAXROUNDS 14 -#define AES_BLOCKSIZE 16 -#define AES_IV_SIZE 16 - -typedef struct aes_key_st -{ - uint16_t rounds; - uint16_t key_size; - uint32_t ks[(AES_MAXROUNDS+1)*8]; - uint8_t iv[AES_IV_SIZE]; -} AES_CTX; - -typedef enum -{ - AES_MODE_128, - AES_MODE_256 -} AES_MODE; - -void AES_set_key(AES_CTX *ctx, const uint8_t *key, - const uint8_t *iv, AES_MODE mode); -void AES_cbc_encrypt(AES_CTX *ctx, const uint8_t *msg, - uint8_t *out, int length); -void AES_cbc_decrypt(AES_CTX *ks, const uint8_t *in, uint8_t *out, int length); -void AES_convert_key(AES_CTX *ctx); - -/************************************************************************** - * RC4 declarations - **************************************************************************/ - -typedef struct -{ - uint8_t x, y, m[256]; -} RC4_CTX; - -void RC4_setup(RC4_CTX *s, const uint8_t *key, int length); -void RC4_crypt(RC4_CTX *s, const uint8_t *msg, uint8_t *data, int length); - -/************************************************************************** - * SHA1 declarations - **************************************************************************/ - -#define SHA1_SIZE 20 - -/* - * This structure will hold context information for the SHA-1 - * hashing operation - */ -typedef struct -{ - uint32_t Intermediate_Hash[SHA1_SIZE/4]; /* Message Digest */ - uint32_t Length_Low; /* Message length in bits */ - uint32_t Length_High; /* Message length in bits */ - uint16_t Message_Block_Index; /* Index into message block array */ - uint8_t Message_Block[64]; /* 512-bit message blocks */ -} SHA1_CTX; - -void SHA1_Init(SHA1_CTX *); -void SHA1_Update(SHA1_CTX *, const uint8_t * msg, int len); -void SHA1_Final(uint8_t *digest, SHA1_CTX *); - -/************************************************************************** - * MD2 declarations - **************************************************************************/ - -#define MD2_SIZE 16 - -typedef struct -{ - unsigned char cksum[16]; /* checksum of the data block */ - unsigned char state[48]; /* intermediate digest state */ - unsigned char buffer[16]; /* data block being processed */ - int left; /* amount of data in buffer */ -} MD2_CTX; - -EXP_FUNC void STDCALL MD2_Init(MD2_CTX *ctx); -EXP_FUNC void STDCALL MD2_Update(MD2_CTX *ctx, const uint8_t *input, int ilen); -EXP_FUNC void STDCALL MD2_Final(uint8_t *digest, MD2_CTX *ctx); - -/************************************************************************** - * MD5 declarations - **************************************************************************/ - -#define MD5_SIZE 16 - -typedef struct -{ - uint32_t state[4]; /* state (ABCD) */ - uint32_t count[2]; /* number of bits, modulo 2^64 (lsb first) */ - uint8_t buffer[64]; /* input buffer */ -} MD5_CTX; - -EXP_FUNC void STDCALL MD5_Init(MD5_CTX *); -EXP_FUNC void STDCALL MD5_Update(MD5_CTX *, const uint8_t *msg, int len); -EXP_FUNC void STDCALL MD5_Final(uint8_t *digest, MD5_CTX *); - -/************************************************************************** - * HMAC declarations - **************************************************************************/ -void hmac_md5(const uint8_t *msg, int length, const uint8_t *key, - int key_len, uint8_t *digest); -void hmac_sha1(const uint8_t *msg, int length, const uint8_t *key, - int key_len, uint8_t *digest); - -/************************************************************************** - * RSA declarations - **************************************************************************/ - -typedef struct -{ - bigint *m; /* modulus */ - bigint *e; /* public exponent */ - bigint *d; /* private exponent */ -#ifdef CONFIG_BIGINT_CRT - bigint *p; /* p as in m = pq */ - bigint *q; /* q as in m = pq */ - bigint *dP; /* d mod (p-1) */ - bigint *dQ; /* d mod (q-1) */ - bigint *qInv; /* q^-1 mod p */ -#endif - int num_octets; - BI_CTX *bi_ctx; -} RSA_CTX; - -void RSA_priv_key_new(RSA_CTX **rsa_ctx, - const uint8_t *modulus, int mod_len, - const uint8_t *pub_exp, int pub_len, - const uint8_t *priv_exp, int priv_len -#ifdef CONFIG_BIGINT_CRT - , const uint8_t *p, int p_len, - const uint8_t *q, int q_len, - const uint8_t *dP, int dP_len, - const uint8_t *dQ, int dQ_len, - const uint8_t *qInv, int qInv_len -#endif - ); -void RSA_pub_key_new(RSA_CTX **rsa_ctx, - const uint8_t *modulus, int mod_len, - const uint8_t *pub_exp, int pub_len); -void RSA_free(RSA_CTX *ctx); -int RSA_decrypt(const RSA_CTX *ctx, const uint8_t *in_data, uint8_t *out_data, - int is_decryption); -bigint *RSA_private(const RSA_CTX *c, bigint *bi_msg); -#if defined(CONFIG_SSL_CERT_VERIFICATION) || defined(CONFIG_SSL_GENERATE_X509_CERT) -bigint *RSA_sign_verify(BI_CTX *ctx, const uint8_t *sig, int sig_len, - bigint *modulus, bigint *pub_exp); -bigint *RSA_public(const RSA_CTX * c, bigint *bi_msg); -int RSA_encrypt(const RSA_CTX *ctx, const uint8_t *in_data, uint16_t in_len, - uint8_t *out_data, int is_signing); -void RSA_print(const RSA_CTX *ctx); -#endif - -/************************************************************************** - * RNG declarations - **************************************************************************/ -EXP_FUNC void STDCALL RNG_initialize(const uint8_t *seed_buf, int size); -EXP_FUNC void STDCALL RNG_terminate(void); -EXP_FUNC void STDCALL get_random(int num_rand_bytes, uint8_t *rand_data); -void get_random_NZ(int num_rand_bytes, uint8_t *rand_data); - -#ifdef __cplusplus -} -#endif - -#endif diff --git a/qemu/roms/ipxe/src/crypto/axtls/os_port.h b/qemu/roms/ipxe/src/crypto/axtls/os_port.h deleted file mode 100644 index 76313e204..000000000 --- a/qemu/roms/ipxe/src/crypto/axtls/os_port.h +++ /dev/null @@ -1,54 +0,0 @@ -#ifndef AXTLS_OS_PORT_H -#define AXTLS_OS_PORT_H - -/** - * @file os_port.h - * - * Trick the axtls code into building within our build environment. - */ - -#include <stdint.h> -#include <byteswap.h> - -/** All imported axTLS files are licensed using the three-clause BSD licence */ -FILE_LICENCE ( BSD3 ); - -/** We can't actually abort, since we are effectively a kernel... */ -#define abort() assert ( 0 ) - -/** rsa.c uses alloca() */ -#define alloca( size ) __builtin_alloca ( size ) - -#include <ipxe/random_nz.h> -static inline void get_random_NZ ( int num_rand_bytes, uint8_t *rand_data ) { - /* AXTLS does not check for failures when generating random - * data. Rely on the fact that get_random_nz() does not - * request prediction resistance (and so cannot introduce new - * failures) and therefore any potential failure must already - * have been encountered by e.g. tls_generate_random(), which - * does check for failures. - */ - get_random_nz ( rand_data, num_rand_bytes ); -} - -/* Expose AES_encrypt() and AES_decrypt() in aes.o */ -#define aes 1 -#if OBJECT - -struct aes_key_st; - -static void AES_encrypt ( const struct aes_key_st *ctx, uint32_t *data ); -static void AES_decrypt ( const struct aes_key_st *ctx, uint32_t *data ); - -void axtls_aes_encrypt ( void *ctx, uint32_t *data ) { - AES_encrypt ( ctx, data ); -} - -void axtls_aes_decrypt ( void *ctx, uint32_t *data ) { - AES_decrypt ( ctx, data ); -} - -#endif -#undef aes - -#endif diff --git a/qemu/roms/ipxe/src/crypto/axtls_aes.c b/qemu/roms/ipxe/src/crypto/axtls_aes.c deleted file mode 100644 index 7f93c0ed7..000000000 --- a/qemu/roms/ipxe/src/crypto/axtls_aes.c +++ /dev/null @@ -1,160 +0,0 @@ -/* - * Copyright (C) 2007 Michael Brown <mbrown@fensystems.co.uk>. - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU General Public License as - * published by the Free Software Foundation; either version 2 of the - * License, or any later version. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA - * 02110-1301, USA. - */ - -FILE_LICENCE ( GPL2_OR_LATER ); - -#include <string.h> -#include <errno.h> -#include <assert.h> -#include <byteswap.h> -#include <ipxe/crypto.h> -#include <ipxe/cbc.h> -#include <ipxe/aes.h> -#include "crypto/axtls/crypto.h" - -/** @file - * - * AES algorithm - * - */ - -/** - * Set key - * - * @v ctx Context - * @v key Key - * @v keylen Key length - * @ret rc Return status code - */ -static int aes_setkey ( void *ctx, const void *key, size_t keylen ) { - struct aes_context *aes_ctx = ctx; - AES_MODE mode; - void *iv; - - switch ( keylen ) { - case ( 128 / 8 ): - mode = AES_MODE_128; - break; - case ( 256 / 8 ): - mode = AES_MODE_256; - break; - default: - return -EINVAL; - } - - /* IV is not a relevant concept at this stage; use a dummy - * value that will have no side-effects. - */ - iv = &aes_ctx->axtls_ctx.iv; - - AES_set_key ( &aes_ctx->axtls_ctx, key, iv, mode ); - - aes_ctx->decrypting = 0; - - return 0; -} - -/** - * Set initialisation vector - * - * @v ctx Context - * @v iv Initialisation vector - */ -static void aes_setiv ( void *ctx __unused, const void *iv __unused ) { - /* Nothing to do */ -} - -/** - * Call AXTLS' AES_encrypt() or AES_decrypt() functions - * - * @v axtls_ctx AXTLS AES context - * @v src Data to process - * @v dst Buffer for output - * @v func AXTLS AES function to call - */ -static void aes_call_axtls ( AES_CTX *axtls_ctx, const void *src, void *dst, - void ( * func ) ( const AES_CTX *axtls_ctx, - uint32_t *data ) ){ - const uint32_t *srcl = src; - uint32_t *dstl = dst; - unsigned int i; - - /* AXTLS' AES_encrypt() and AES_decrypt() functions both - * expect to deal with an array of four dwords in host-endian - * order. - */ - for ( i = 0 ; i < 4 ; i++ ) - dstl[i] = ntohl ( srcl[i] ); - func ( axtls_ctx, dstl ); - for ( i = 0 ; i < 4 ; i++ ) - dstl[i] = htonl ( dstl[i] ); -} - -/** - * Encrypt data - * - * @v ctx Context - * @v src Data to encrypt - * @v dst Buffer for encrypted data - * @v len Length of data - */ -static void aes_encrypt ( void *ctx, const void *src, void *dst, - size_t len ) { - struct aes_context *aes_ctx = ctx; - - assert ( len == AES_BLOCKSIZE ); - if ( aes_ctx->decrypting ) - assert ( 0 ); - aes_call_axtls ( &aes_ctx->axtls_ctx, src, dst, axtls_aes_encrypt ); -} - -/** - * Decrypt data - * - * @v ctx Context - * @v src Data to decrypt - * @v dst Buffer for decrypted data - * @v len Length of data - */ -static void aes_decrypt ( void *ctx, const void *src, void *dst, - size_t len ) { - struct aes_context *aes_ctx = ctx; - - assert ( len == AES_BLOCKSIZE ); - if ( ! aes_ctx->decrypting ) { - AES_convert_key ( &aes_ctx->axtls_ctx ); - aes_ctx->decrypting = 1; - } - aes_call_axtls ( &aes_ctx->axtls_ctx, src, dst, axtls_aes_decrypt ); -} - -/** Basic AES algorithm */ -struct cipher_algorithm aes_algorithm = { - .name = "aes", - .ctxsize = sizeof ( struct aes_context ), - .blocksize = AES_BLOCKSIZE, - .setkey = aes_setkey, - .setiv = aes_setiv, - .encrypt = aes_encrypt, - .decrypt = aes_decrypt, -}; - -/* AES with cipher-block chaining */ -CBC_CIPHER ( aes_cbc, aes_cbc_algorithm, - aes_algorithm, struct aes_context, AES_BLOCKSIZE ); diff --git a/qemu/roms/ipxe/src/crypto/bigint.c b/qemu/roms/ipxe/src/crypto/bigint.c index 340128e2f..50f320302 100644 --- a/qemu/roms/ipxe/src/crypto/bigint.c +++ b/qemu/roms/ipxe/src/crypto/bigint.c @@ -15,9 +15,13 @@ * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA * 02110-1301, USA. + * + * You can also choose to distribute this program under the terms of + * the Unmodified Binary Distribution Licence (as given in the file + * COPYING.UBDL), provided that you have satisfied its requirements. */ -FILE_LICENCE ( GPL2_OR_LATER ); +FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); #include <stdint.h> #include <string.h> diff --git a/qemu/roms/ipxe/src/crypto/cbc.c b/qemu/roms/ipxe/src/crypto/cbc.c index 9bf0e8b49..0ba17ee48 100644 --- a/qemu/roms/ipxe/src/crypto/cbc.c +++ b/qemu/roms/ipxe/src/crypto/cbc.c @@ -15,9 +15,13 @@ * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA * 02110-1301, USA. + * + * You can also choose to distribute this program under the terms of + * the Unmodified Binary Distribution Licence (as given in the file + * COPYING.UBDL), provided that you have satisfied its requirements. */ -FILE_LICENCE ( GPL2_OR_LATER ); +FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); #include <string.h> #include <assert.h> diff --git a/qemu/roms/ipxe/src/crypto/certstore.c b/qemu/roms/ipxe/src/crypto/certstore.c index 77cf6ebb6..503ce499e 100644 --- a/qemu/roms/ipxe/src/crypto/certstore.c +++ b/qemu/roms/ipxe/src/crypto/certstore.c @@ -15,9 +15,13 @@ * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA * 02110-1301, USA. + * + * You can also choose to distribute this program under the terms of + * the Unmodified Binary Distribution Licence (as given in the file + * COPYING.UBDL), provided that you have satisfied its requirements. */ -FILE_LICENCE ( GPL2_OR_LATER ); +FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); #include <string.h> #include <stdlib.h> diff --git a/qemu/roms/ipxe/src/crypto/chap.c b/qemu/roms/ipxe/src/crypto/chap.c index db64371c7..c90c16def 100644 --- a/qemu/roms/ipxe/src/crypto/chap.c +++ b/qemu/roms/ipxe/src/crypto/chap.c @@ -15,9 +15,13 @@ * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA * 02110-1301, USA. + * + * You can also choose to distribute this program under the terms of + * the Unmodified Binary Distribution Licence (as given in the file + * COPYING.UBDL), provided that you have satisfied its requirements. */ -FILE_LICENCE ( GPL2_OR_LATER ); +FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); #include <stddef.h> #include <stdlib.h> diff --git a/qemu/roms/ipxe/src/crypto/cms.c b/qemu/roms/ipxe/src/crypto/cms.c index b4a41de6c..bc2148e8a 100644 --- a/qemu/roms/ipxe/src/crypto/cms.c +++ b/qemu/roms/ipxe/src/crypto/cms.c @@ -15,9 +15,13 @@ * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA * 02110-1301, USA. + * + * You can also choose to distribute this program under the terms of + * the Unmodified Binary Distribution Licence (as given in the file + * COPYING.UBDL), provided that you have satisfied its requirements. */ -FILE_LICENCE ( GPL2_OR_LATER ); +FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); /** @file * diff --git a/qemu/roms/ipxe/src/crypto/crypto_null.c b/qemu/roms/ipxe/src/crypto/crypto_null.c index ba05f7269..15a1c538b 100644 --- a/qemu/roms/ipxe/src/crypto/crypto_null.c +++ b/qemu/roms/ipxe/src/crypto/crypto_null.c @@ -15,9 +15,13 @@ * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA * 02110-1301, USA. + * + * You can also choose to distribute this program under the terms of + * the Unmodified Binary Distribution Licence (as given in the file + * COPYING.UBDL), provided that you have satisfied its requirements. */ -FILE_LICENCE ( GPL2_OR_LATER ); +FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); /** * @file diff --git a/qemu/roms/ipxe/src/crypto/deflate.c b/qemu/roms/ipxe/src/crypto/deflate.c index 91a489961..e1c87d5fe 100644 --- a/qemu/roms/ipxe/src/crypto/deflate.c +++ b/qemu/roms/ipxe/src/crypto/deflate.c @@ -15,9 +15,13 @@ * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA * 02110-1301, USA. + * + * You can also choose to distribute this program under the terms of + * the Unmodified Binary Distribution Licence (as given in the file + * COPYING.UBDL), provided that you have satisfied its requirements. */ -FILE_LICENCE ( GPL2_OR_LATER ); +FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); #include <string.h> #include <strings.h> diff --git a/qemu/roms/ipxe/src/crypto/drbg.c b/qemu/roms/ipxe/src/crypto/drbg.c index 9e0175d25..5c8b5e612 100644 --- a/qemu/roms/ipxe/src/crypto/drbg.c +++ b/qemu/roms/ipxe/src/crypto/drbg.c @@ -15,9 +15,13 @@ * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA * 02110-1301, USA. + * + * You can also choose to distribute this program under the terms of + * the Unmodified Binary Distribution Licence (as given in the file + * COPYING.UBDL), provided that you have satisfied its requirements. */ -FILE_LICENCE ( GPL2_OR_LATER ); +FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); /** @file * diff --git a/qemu/roms/ipxe/src/crypto/ecb.c b/qemu/roms/ipxe/src/crypto/ecb.c new file mode 100644 index 000000000..3c9cf340c --- /dev/null +++ b/qemu/roms/ipxe/src/crypto/ecb.c @@ -0,0 +1,80 @@ +/* + * Copyright (C) 2009 Michael Brown <mbrown@fensystems.co.uk>. + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License as + * published by the Free Software Foundation; either version 2 of the + * License, or any later version. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + * 02110-1301, USA. + * + * You can also choose to distribute this program under the terms of + * the Unmodified Binary Distribution Licence (as given in the file + * COPYING.UBDL), provided that you have satisfied its requirements. + */ + +FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); + +#include <assert.h> +#include <ipxe/crypto.h> +#include <ipxe/ecb.h> + +/** @file + * + * Electronic codebook (ECB) + * + */ + +/** + * Encrypt data + * + * @v ctx Context + * @v src Data to encrypt + * @v dst Buffer for encrypted data + * @v len Length of data + * @v raw_cipher Underlying cipher algorithm + */ +void ecb_encrypt ( void *ctx, const void *src, void *dst, size_t len, + struct cipher_algorithm *raw_cipher ) { + size_t blocksize = raw_cipher->blocksize; + + assert ( ( len % blocksize ) == 0 ); + + while ( len ) { + cipher_encrypt ( raw_cipher, ctx, src, dst, blocksize ); + dst += blocksize; + src += blocksize; + len -= blocksize; + } +} + +/** + * Decrypt data + * + * @v ctx Context + * @v src Data to decrypt + * @v dst Buffer for decrypted data + * @v len Length of data + * @v raw_cipher Underlying cipher algorithm + */ +void ecb_decrypt ( void *ctx, const void *src, void *dst, size_t len, + struct cipher_algorithm *raw_cipher ) { + size_t blocksize = raw_cipher->blocksize; + + assert ( ( len % blocksize ) == 0 ); + + while ( len ) { + cipher_decrypt ( raw_cipher, ctx, src, dst, blocksize ); + dst += blocksize; + src += blocksize; + len -= blocksize; + } +} diff --git a/qemu/roms/ipxe/src/crypto/entropy.c b/qemu/roms/ipxe/src/crypto/entropy.c index c7045840e..5acbc0258 100644 --- a/qemu/roms/ipxe/src/crypto/entropy.c +++ b/qemu/roms/ipxe/src/crypto/entropy.c @@ -15,9 +15,13 @@ * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA * 02110-1301, USA. + * + * You can also choose to distribute this program under the terms of + * the Unmodified Binary Distribution Licence (as given in the file + * COPYING.UBDL), provided that you have satisfied its requirements. */ -FILE_LICENCE ( GPL2_OR_LATER ); +FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); /** @file * diff --git a/qemu/roms/ipxe/src/crypto/hash_df.c b/qemu/roms/ipxe/src/crypto/hash_df.c index adf1d87e4..c1417e683 100644 --- a/qemu/roms/ipxe/src/crypto/hash_df.c +++ b/qemu/roms/ipxe/src/crypto/hash_df.c @@ -15,9 +15,13 @@ * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA * 02110-1301, USA. + * + * You can also choose to distribute this program under the terms of + * the Unmodified Binary Distribution Licence (as given in the file + * COPYING.UBDL), provided that you have satisfied its requirements. */ -FILE_LICENCE ( GPL2_OR_LATER ); +FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); /** @file * diff --git a/qemu/roms/ipxe/src/crypto/hmac.c b/qemu/roms/ipxe/src/crypto/hmac.c index e9459198c..95a46195c 100644 --- a/qemu/roms/ipxe/src/crypto/hmac.c +++ b/qemu/roms/ipxe/src/crypto/hmac.c @@ -15,9 +15,13 @@ * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA * 02110-1301, USA. + * + * You can also choose to distribute this program under the terms of + * the Unmodified Binary Distribution Licence (as given in the file + * COPYING.UBDL), provided that you have satisfied its requirements. */ -FILE_LICENCE ( GPL2_OR_LATER ); +FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); /** * @file diff --git a/qemu/roms/ipxe/src/crypto/hmac_drbg.c b/qemu/roms/ipxe/src/crypto/hmac_drbg.c index 1e5f732e2..6c1d5deb2 100644 --- a/qemu/roms/ipxe/src/crypto/hmac_drbg.c +++ b/qemu/roms/ipxe/src/crypto/hmac_drbg.c @@ -15,9 +15,13 @@ * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA * 02110-1301, USA. + * + * You can also choose to distribute this program under the terms of + * the Unmodified Binary Distribution Licence (as given in the file + * COPYING.UBDL), provided that you have satisfied its requirements. */ -FILE_LICENCE ( GPL2_OR_LATER ); +FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); /** @file * diff --git a/qemu/roms/ipxe/src/crypto/md5.c b/qemu/roms/ipxe/src/crypto/md5.c index 122c7d59e..f9738b0ac 100644 --- a/qemu/roms/ipxe/src/crypto/md5.c +++ b/qemu/roms/ipxe/src/crypto/md5.c @@ -15,9 +15,13 @@ * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA * 02110-1301, USA. + * + * You can also choose to distribute this program under the terms of + * the Unmodified Binary Distribution Licence (as given in the file + * COPYING.UBDL), provided that you have satisfied its requirements. */ -FILE_LICENCE ( GPL2_OR_LATER ); +FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); /** @file * diff --git a/qemu/roms/ipxe/src/crypto/mishmash/rsa_aes_cbc_sha1.c b/qemu/roms/ipxe/src/crypto/mishmash/rsa_aes_cbc_sha1.c new file mode 100644 index 000000000..06722c0e1 --- /dev/null +++ b/qemu/roms/ipxe/src/crypto/mishmash/rsa_aes_cbc_sha1.c @@ -0,0 +1,48 @@ +/* + * Copyright (C) 2015 Michael Brown <mbrown@fensystems.co.uk>. + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License as + * published by the Free Software Foundation; either version 2 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + * 02110-1301, USA. + * + * You can also choose to distribute this program under the terms of + * the Unmodified Binary Distribution Licence (as given in the file + * COPYING.UBDL), provided that you have satisfied its requirements. + */ + +FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); + +#include <byteswap.h> +#include <ipxe/rsa.h> +#include <ipxe/aes.h> +#include <ipxe/sha1.h> +#include <ipxe/tls.h> + +/** TLS_RSA_WITH_AES_128_CBC_SHA cipher suite */ +struct tls_cipher_suite tls_rsa_with_aes_128_cbc_sha __tls_cipher_suite (03) = { + .code = htons ( TLS_RSA_WITH_AES_128_CBC_SHA ), + .key_len = ( 128 / 8 ), + .pubkey = &rsa_algorithm, + .cipher = &aes_cbc_algorithm, + .digest = &sha1_algorithm, +}; + +/** TLS_RSA_WITH_AES_256_CBC_SHA cipher suite */ +struct tls_cipher_suite tls_rsa_with_aes_256_cbc_sha __tls_cipher_suite (04) = { + .code = htons ( TLS_RSA_WITH_AES_256_CBC_SHA ), + .key_len = ( 256 / 8 ), + .pubkey = &rsa_algorithm, + .cipher = &aes_cbc_algorithm, + .digest = &sha1_algorithm, +}; diff --git a/qemu/roms/ipxe/src/crypto/mishmash/rsa_aes_cbc_sha256.c b/qemu/roms/ipxe/src/crypto/mishmash/rsa_aes_cbc_sha256.c new file mode 100644 index 000000000..c609eacea --- /dev/null +++ b/qemu/roms/ipxe/src/crypto/mishmash/rsa_aes_cbc_sha256.c @@ -0,0 +1,48 @@ +/* + * Copyright (C) 2015 Michael Brown <mbrown@fensystems.co.uk>. + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License as + * published by the Free Software Foundation; either version 2 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + * 02110-1301, USA. + * + * You can also choose to distribute this program under the terms of + * the Unmodified Binary Distribution Licence (as given in the file + * COPYING.UBDL), provided that you have satisfied its requirements. + */ + +FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); + +#include <byteswap.h> +#include <ipxe/rsa.h> +#include <ipxe/aes.h> +#include <ipxe/sha256.h> +#include <ipxe/tls.h> + +/** TLS_RSA_WITH_AES_128_CBC_SHA256 cipher suite */ +struct tls_cipher_suite tls_rsa_with_aes_128_cbc_sha256 __tls_cipher_suite(01)={ + .code = htons ( TLS_RSA_WITH_AES_128_CBC_SHA256 ), + .key_len = ( 128 / 8 ), + .pubkey = &rsa_algorithm, + .cipher = &aes_cbc_algorithm, + .digest = &sha256_algorithm, +}; + +/** TLS_RSA_WITH_AES_256_CBC_SHA256 cipher suite */ +struct tls_cipher_suite tls_rsa_with_aes_256_cbc_sha256 __tls_cipher_suite(02)={ + .code = htons ( TLS_RSA_WITH_AES_256_CBC_SHA256 ), + .key_len = ( 256 / 8 ), + .pubkey = &rsa_algorithm, + .cipher = &aes_cbc_algorithm, + .digest = &sha256_algorithm, +}; diff --git a/qemu/roms/ipxe/src/crypto/mishmash/rsa_md5.c b/qemu/roms/ipxe/src/crypto/mishmash/rsa_md5.c new file mode 100644 index 000000000..ac828ac11 --- /dev/null +++ b/qemu/roms/ipxe/src/crypto/mishmash/rsa_md5.c @@ -0,0 +1,51 @@ +/* + * Copyright (C) 2015 Michael Brown <mbrown@fensystems.co.uk>. + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License as + * published by the Free Software Foundation; either version 2 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + * 02110-1301, USA. + * + * You can also choose to distribute this program under the terms of + * the Unmodified Binary Distribution Licence (as given in the file + * COPYING.UBDL), provided that you have satisfied its requirements. + */ + +FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); + +#include <ipxe/rsa.h> +#include <ipxe/md5.h> +#include <ipxe/asn1.h> + +/** "md5WithRSAEncryption" object identifier */ +static uint8_t oid_md5_with_rsa_encryption[] = + { ASN1_OID_MD5WITHRSAENCRYPTION }; + +/** "md5WithRSAEncryption" OID-identified algorithm */ +struct asn1_algorithm md5_with_rsa_encryption_algorithm __asn1_algorithm = { + .name = "md5WithRSAEncryption", + .pubkey = &rsa_algorithm, + .digest = &md5_algorithm, + .oid = ASN1_OID_CURSOR ( oid_md5_with_rsa_encryption ), +}; + +/** MD5 digestInfo prefix */ +static const uint8_t rsa_md5_prefix_data[] = + { RSA_DIGESTINFO_PREFIX ( MD5_DIGEST_SIZE, ASN1_OID_MD5 ) }; + +/** MD5 digestInfo prefix */ +struct rsa_digestinfo_prefix rsa_md5_prefix __rsa_digestinfo_prefix = { + .digest = &md5_algorithm, + .data = rsa_md5_prefix_data, + .len = sizeof ( rsa_md5_prefix_data ), +}; diff --git a/qemu/roms/ipxe/src/crypto/mishmash/rsa_sha1.c b/qemu/roms/ipxe/src/crypto/mishmash/rsa_sha1.c new file mode 100644 index 000000000..39424bf2d --- /dev/null +++ b/qemu/roms/ipxe/src/crypto/mishmash/rsa_sha1.c @@ -0,0 +1,62 @@ +/* + * Copyright (C) 2015 Michael Brown <mbrown@fensystems.co.uk>. + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License as + * published by the Free Software Foundation; either version 2 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + * 02110-1301, USA. + * + * You can also choose to distribute this program under the terms of + * the Unmodified Binary Distribution Licence (as given in the file + * COPYING.UBDL), provided that you have satisfied its requirements. + */ + +FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); + +#include <ipxe/rsa.h> +#include <ipxe/sha1.h> +#include <ipxe/asn1.h> +#include <ipxe/tls.h> + +/** "sha1WithRSAEncryption" object identifier */ +static uint8_t oid_sha1_with_rsa_encryption[] = + { ASN1_OID_SHA1WITHRSAENCRYPTION }; + +/** "sha1WithRSAEncryption" OID-identified algorithm */ +struct asn1_algorithm sha1_with_rsa_encryption_algorithm __asn1_algorithm = { + .name = "sha1WithRSAEncryption", + .pubkey = &rsa_algorithm, + .digest = &sha1_algorithm, + .oid = ASN1_OID_CURSOR ( oid_sha1_with_rsa_encryption ), +}; + +/** SHA-1 digestInfo prefix */ +static const uint8_t rsa_sha1_prefix_data[] = + { RSA_DIGESTINFO_PREFIX ( SHA1_DIGEST_SIZE, ASN1_OID_SHA1 ) }; + +/** SHA-1 digestInfo prefix */ +struct rsa_digestinfo_prefix rsa_sha1_prefix __rsa_digestinfo_prefix = { + .digest = &sha1_algorithm, + .data = rsa_sha1_prefix_data, + .len = sizeof ( rsa_sha1_prefix_data ), +}; + +/** RSA with SHA-1 signature hash algorithm */ +struct tls_signature_hash_algorithm tls_rsa_sha1 __tls_sig_hash_algorithm = { + .code = { + .signature = TLS_RSA_ALGORITHM, + .hash = TLS_SHA1_ALGORITHM, + }, + .pubkey = &rsa_algorithm, + .digest = &sha1_algorithm, +}; diff --git a/qemu/roms/ipxe/src/crypto/mishmash/rsa_sha224.c b/qemu/roms/ipxe/src/crypto/mishmash/rsa_sha224.c new file mode 100644 index 000000000..5e8755aab --- /dev/null +++ b/qemu/roms/ipxe/src/crypto/mishmash/rsa_sha224.c @@ -0,0 +1,62 @@ +/* + * Copyright (C) 2015 Michael Brown <mbrown@fensystems.co.uk>. + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License as + * published by the Free Software Foundation; either version 2 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + * 02110-1301, USA. + * + * You can also choose to distribute this program under the terms of + * the Unmodified Binary Distribution Licence (as given in the file + * COPYING.UBDL), provided that you have satisfied its requirements. + */ + +FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); + +#include <ipxe/rsa.h> +#include <ipxe/sha256.h> +#include <ipxe/asn1.h> +#include <ipxe/tls.h> + +/** "sha224WithRSAEncryption" object identifier */ +static uint8_t oid_sha224_with_rsa_encryption[] = + { ASN1_OID_SHA224WITHRSAENCRYPTION }; + +/** "sha224WithRSAEncryption" OID-identified algorithm */ +struct asn1_algorithm sha224_with_rsa_encryption_algorithm __asn1_algorithm = { + .name = "sha224WithRSAEncryption", + .pubkey = &rsa_algorithm, + .digest = &sha224_algorithm, + .oid = ASN1_OID_CURSOR ( oid_sha224_with_rsa_encryption ), +}; + +/** SHA-224 digestInfo prefix */ +static const uint8_t rsa_sha224_prefix_data[] = + { RSA_DIGESTINFO_PREFIX ( SHA224_DIGEST_SIZE, ASN1_OID_SHA224 ) }; + +/** SHA-224 digestInfo prefix */ +struct rsa_digestinfo_prefix rsa_sha224_prefix __rsa_digestinfo_prefix = { + .digest = &sha224_algorithm, + .data = rsa_sha224_prefix_data, + .len = sizeof ( rsa_sha224_prefix_data ), +}; + +/** RSA with SHA-224 signature hash algorithm */ +struct tls_signature_hash_algorithm tls_rsa_sha224 __tls_sig_hash_algorithm = { + .code = { + .signature = TLS_RSA_ALGORITHM, + .hash = TLS_SHA224_ALGORITHM, + }, + .pubkey = &rsa_algorithm, + .digest = &sha224_algorithm, +}; diff --git a/qemu/roms/ipxe/src/crypto/mishmash/rsa_sha256.c b/qemu/roms/ipxe/src/crypto/mishmash/rsa_sha256.c new file mode 100644 index 000000000..b44af5f19 --- /dev/null +++ b/qemu/roms/ipxe/src/crypto/mishmash/rsa_sha256.c @@ -0,0 +1,62 @@ +/* + * Copyright (C) 2015 Michael Brown <mbrown@fensystems.co.uk>. + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License as + * published by the Free Software Foundation; either version 2 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + * 02110-1301, USA. + * + * You can also choose to distribute this program under the terms of + * the Unmodified Binary Distribution Licence (as given in the file + * COPYING.UBDL), provided that you have satisfied its requirements. + */ + +FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); + +#include <ipxe/rsa.h> +#include <ipxe/sha256.h> +#include <ipxe/asn1.h> +#include <ipxe/tls.h> + +/** "sha256WithRSAEncryption" object identifier */ +static uint8_t oid_sha256_with_rsa_encryption[] = + { ASN1_OID_SHA256WITHRSAENCRYPTION }; + +/** "sha256WithRSAEncryption" OID-identified algorithm */ +struct asn1_algorithm sha256_with_rsa_encryption_algorithm __asn1_algorithm = { + .name = "sha256WithRSAEncryption", + .pubkey = &rsa_algorithm, + .digest = &sha256_algorithm, + .oid = ASN1_OID_CURSOR ( oid_sha256_with_rsa_encryption ), +}; + +/** SHA-256 digestInfo prefix */ +static const uint8_t rsa_sha256_prefix_data[] = + { RSA_DIGESTINFO_PREFIX ( SHA256_DIGEST_SIZE, ASN1_OID_SHA256 ) }; + +/** SHA-256 digestInfo prefix */ +struct rsa_digestinfo_prefix rsa_sha256_prefix __rsa_digestinfo_prefix = { + .digest = &sha256_algorithm, + .data = rsa_sha256_prefix_data, + .len = sizeof ( rsa_sha256_prefix_data ), +}; + +/** RSA with SHA-256 signature hash algorithm */ +struct tls_signature_hash_algorithm tls_rsa_sha256 __tls_sig_hash_algorithm = { + .code = { + .signature = TLS_RSA_ALGORITHM, + .hash = TLS_SHA256_ALGORITHM, + }, + .pubkey = &rsa_algorithm, + .digest = &sha256_algorithm, +}; diff --git a/qemu/roms/ipxe/src/crypto/mishmash/rsa_sha384.c b/qemu/roms/ipxe/src/crypto/mishmash/rsa_sha384.c new file mode 100644 index 000000000..af22a2bf0 --- /dev/null +++ b/qemu/roms/ipxe/src/crypto/mishmash/rsa_sha384.c @@ -0,0 +1,62 @@ +/* + * Copyright (C) 2015 Michael Brown <mbrown@fensystems.co.uk>. + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License as + * published by the Free Software Foundation; either version 2 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + * 02110-1301, USA. + * + * You can also choose to distribute this program under the terms of + * the Unmodified Binary Distribution Licence (as given in the file + * COPYING.UBDL), provided that you have satisfied its requirements. + */ + +FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); + +#include <ipxe/rsa.h> +#include <ipxe/sha512.h> +#include <ipxe/asn1.h> +#include <ipxe/tls.h> + +/** "sha384WithRSAEncryption" object identifier */ +static uint8_t oid_sha384_with_rsa_encryption[] = + { ASN1_OID_SHA384WITHRSAENCRYPTION }; + +/** "sha384WithRSAEncryption" OID-identified algorithm */ +struct asn1_algorithm sha384_with_rsa_encryption_algorithm __asn1_algorithm = { + .name = "sha384WithRSAEncryption", + .pubkey = &rsa_algorithm, + .digest = &sha384_algorithm, + .oid = ASN1_OID_CURSOR ( oid_sha384_with_rsa_encryption ), +}; + +/** SHA-384 digestInfo prefix */ +static const uint8_t rsa_sha384_prefix_data[] = + { RSA_DIGESTINFO_PREFIX ( SHA384_DIGEST_SIZE, ASN1_OID_SHA384 ) }; + +/** SHA-384 digestInfo prefix */ +struct rsa_digestinfo_prefix rsa_sha384_prefix __rsa_digestinfo_prefix = { + .digest = &sha384_algorithm, + .data = rsa_sha384_prefix_data, + .len = sizeof ( rsa_sha384_prefix_data ), +}; + +/** RSA with SHA-384 signature hash algorithm */ +struct tls_signature_hash_algorithm tls_rsa_sha384 __tls_sig_hash_algorithm = { + .code = { + .signature = TLS_RSA_ALGORITHM, + .hash = TLS_SHA384_ALGORITHM, + }, + .pubkey = &rsa_algorithm, + .digest = &sha384_algorithm, +}; diff --git a/qemu/roms/ipxe/src/crypto/mishmash/rsa_sha512.c b/qemu/roms/ipxe/src/crypto/mishmash/rsa_sha512.c new file mode 100644 index 000000000..29ee15493 --- /dev/null +++ b/qemu/roms/ipxe/src/crypto/mishmash/rsa_sha512.c @@ -0,0 +1,62 @@ +/* + * Copyright (C) 2015 Michael Brown <mbrown@fensystems.co.uk>. + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License as + * published by the Free Software Foundation; either version 2 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + * 02110-1301, USA. + * + * You can also choose to distribute this program under the terms of + * the Unmodified Binary Distribution Licence (as given in the file + * COPYING.UBDL), provided that you have satisfied its requirements. + */ + +FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); + +#include <ipxe/rsa.h> +#include <ipxe/sha512.h> +#include <ipxe/asn1.h> +#include <ipxe/tls.h> + +/** "sha512WithRSAEncryption" object identifier */ +static uint8_t oid_sha512_with_rsa_encryption[] = + { ASN1_OID_SHA512WITHRSAENCRYPTION }; + +/** "sha512WithRSAEncryption" OID-identified algorithm */ +struct asn1_algorithm sha512_with_rsa_encryption_algorithm __asn1_algorithm = { + .name = "sha512WithRSAEncryption", + .pubkey = &rsa_algorithm, + .digest = &sha512_algorithm, + .oid = ASN1_OID_CURSOR ( oid_sha512_with_rsa_encryption ), +}; + +/** SHA-512 digestInfo prefix */ +static const uint8_t rsa_sha512_prefix_data[] = + { RSA_DIGESTINFO_PREFIX ( SHA512_DIGEST_SIZE, ASN1_OID_SHA512 ) }; + +/** SHA-512 digestInfo prefix */ +struct rsa_digestinfo_prefix rsa_sha512_prefix __rsa_digestinfo_prefix = { + .digest = &sha512_algorithm, + .data = rsa_sha512_prefix_data, + .len = sizeof ( rsa_sha512_prefix_data ), +}; + +/** RSA with SHA-512 signature hash algorithm */ +struct tls_signature_hash_algorithm tls_rsa_sha512 __tls_sig_hash_algorithm = { + .code = { + .signature = TLS_RSA_ALGORITHM, + .hash = TLS_SHA512_ALGORITHM, + }, + .pubkey = &rsa_algorithm, + .digest = &sha512_algorithm, +}; diff --git a/qemu/roms/ipxe/src/crypto/null_entropy.c b/qemu/roms/ipxe/src/crypto/null_entropy.c index c56d5e76f..d1e1a6f73 100644 --- a/qemu/roms/ipxe/src/crypto/null_entropy.c +++ b/qemu/roms/ipxe/src/crypto/null_entropy.c @@ -15,9 +15,13 @@ * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA * 02110-1301, USA. + * + * You can also choose to distribute this program under the terms of + * the Unmodified Binary Distribution Licence (as given in the file + * COPYING.UBDL), provided that you have satisfied its requirements. */ -FILE_LICENCE ( GPL2_OR_LATER ); +FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); /** @file * diff --git a/qemu/roms/ipxe/src/crypto/ocsp.c b/qemu/roms/ipxe/src/crypto/ocsp.c index 66e47c57e..5df55bc96 100644 --- a/qemu/roms/ipxe/src/crypto/ocsp.c +++ b/qemu/roms/ipxe/src/crypto/ocsp.c @@ -233,7 +233,7 @@ static int ocsp_uri_string ( struct ocsp_check *ocsp ) { goto err_path_base64; } base64_encode ( ocsp->request.builder.data, ocsp->request.builder.len, - path_base64_string ); + path_base64_string, path_len ); /* URI-encode the Base64-encoded request */ memset ( &path_uri, 0, sizeof ( path_uri ) ); diff --git a/qemu/roms/ipxe/src/crypto/privkey.c b/qemu/roms/ipxe/src/crypto/privkey.c index e010649c0..a6043bd1e 100644 --- a/qemu/roms/ipxe/src/crypto/privkey.c +++ b/qemu/roms/ipxe/src/crypto/privkey.c @@ -15,9 +15,13 @@ * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA * 02110-1301, USA. + * + * You can also choose to distribute this program under the terms of + * the Unmodified Binary Distribution Licence (as given in the file + * COPYING.UBDL), provided that you have satisfied its requirements. */ -FILE_LICENCE ( GPL2_OR_LATER ); +FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); #include <stdint.h> #include <stdlib.h> diff --git a/qemu/roms/ipxe/src/crypto/random_nz.c b/qemu/roms/ipxe/src/crypto/random_nz.c index f1d2e187d..5fe576e05 100644 --- a/qemu/roms/ipxe/src/crypto/random_nz.c +++ b/qemu/roms/ipxe/src/crypto/random_nz.c @@ -15,9 +15,13 @@ * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA * 02110-1301, USA. + * + * You can also choose to distribute this program under the terms of + * the Unmodified Binary Distribution Licence (as given in the file + * COPYING.UBDL), provided that you have satisfied its requirements. */ -FILE_LICENCE ( GPL2_OR_LATER ); +FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); /** @file * diff --git a/qemu/roms/ipxe/src/crypto/rbg.c b/qemu/roms/ipxe/src/crypto/rbg.c index e2d06978c..943b288c3 100644 --- a/qemu/roms/ipxe/src/crypto/rbg.c +++ b/qemu/roms/ipxe/src/crypto/rbg.c @@ -15,9 +15,13 @@ * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA * 02110-1301, USA. + * + * You can also choose to distribute this program under the terms of + * the Unmodified Binary Distribution Licence (as given in the file + * COPYING.UBDL), provided that you have satisfied its requirements. */ -FILE_LICENCE ( GPL2_OR_LATER ); +FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); /** @file * diff --git a/qemu/roms/ipxe/src/crypto/rootcert.c b/qemu/roms/ipxe/src/crypto/rootcert.c index ae28905ac..00ea1647e 100644 --- a/qemu/roms/ipxe/src/crypto/rootcert.c +++ b/qemu/roms/ipxe/src/crypto/rootcert.c @@ -15,9 +15,13 @@ * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA * 02110-1301, USA. + * + * You can also choose to distribute this program under the terms of + * the Unmodified Binary Distribution Licence (as given in the file + * COPYING.UBDL), provided that you have satisfied its requirements. */ -FILE_LICENCE ( GPL2_OR_LATER ); +FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); #include <stdlib.h> #include <ipxe/crypto.h> diff --git a/qemu/roms/ipxe/src/crypto/rsa.c b/qemu/roms/ipxe/src/crypto/rsa.c index 0ab7b2ad3..36109280d 100644 --- a/qemu/roms/ipxe/src/crypto/rsa.c +++ b/qemu/roms/ipxe/src/crypto/rsa.c @@ -15,9 +15,13 @@ * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA * 02110-1301, USA. + * + * You can also choose to distribute this program under the terms of + * the Unmodified Binary Distribution Licence (as given in the file + * COPYING.UBDL), provided that you have satisfied its requirements. */ -FILE_LICENCE ( GPL2_OR_LATER ); +FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); #include <stdint.h> #include <stdlib.h> @@ -28,9 +32,6 @@ FILE_LICENCE ( GPL2_OR_LATER ); #include <ipxe/crypto.h> #include <ipxe/bigint.h> #include <ipxe/random_nz.h> -#include <ipxe/md5.h> -#include <ipxe/sha1.h> -#include <ipxe/sha256.h> #include <ipxe/rsa.h> /** @file @@ -49,18 +50,6 @@ FILE_LICENCE ( GPL2_OR_LATER ); /** "rsaEncryption" object identifier */ static uint8_t oid_rsa_encryption[] = { ASN1_OID_RSAENCRYPTION }; -/** "md5WithRSAEncryption" object identifier */ -static uint8_t oid_md5_with_rsa_encryption[] = - { ASN1_OID_MD5WITHRSAENCRYPTION }; - -/** "sha1WithRSAEncryption" object identifier */ -static uint8_t oid_sha1_with_rsa_encryption[] = - { ASN1_OID_SHA1WITHRSAENCRYPTION }; - -/** "sha256WithRSAEncryption" object identifier */ -static uint8_t oid_sha256_with_rsa_encryption[] = - { ASN1_OID_SHA256WITHRSAENCRYPTION }; - /** "rsaEncryption" OID-identified algorithm */ struct asn1_algorithm rsa_encryption_algorithm __asn1_algorithm = { .name = "rsaEncryption", @@ -69,63 +58,6 @@ struct asn1_algorithm rsa_encryption_algorithm __asn1_algorithm = { .oid = ASN1_OID_CURSOR ( oid_rsa_encryption ), }; -/** "md5WithRSAEncryption" OID-identified algorithm */ -struct asn1_algorithm md5_with_rsa_encryption_algorithm __asn1_algorithm = { - .name = "md5WithRSAEncryption", - .pubkey = &rsa_algorithm, - .digest = &md5_algorithm, - .oid = ASN1_OID_CURSOR ( oid_md5_with_rsa_encryption ), -}; - -/** "sha1WithRSAEncryption" OID-identified algorithm */ -struct asn1_algorithm sha1_with_rsa_encryption_algorithm __asn1_algorithm = { - .name = "sha1WithRSAEncryption", - .pubkey = &rsa_algorithm, - .digest = &sha1_algorithm, - .oid = ASN1_OID_CURSOR ( oid_sha1_with_rsa_encryption ), -}; - -/** "sha256WithRSAEncryption" OID-identified algorithm */ -struct asn1_algorithm sha256_with_rsa_encryption_algorithm __asn1_algorithm = { - .name = "sha256WithRSAEncryption", - .pubkey = &rsa_algorithm, - .digest = &sha256_algorithm, - .oid = ASN1_OID_CURSOR ( oid_sha256_with_rsa_encryption ), -}; - -/** MD5 digestInfo prefix */ -static const uint8_t rsa_md5_prefix_data[] = - { RSA_DIGESTINFO_PREFIX ( MD5_DIGEST_SIZE, ASN1_OID_MD5 ) }; - -/** SHA-1 digestInfo prefix */ -static const uint8_t rsa_sha1_prefix_data[] = - { RSA_DIGESTINFO_PREFIX ( SHA1_DIGEST_SIZE, ASN1_OID_SHA1 ) }; - -/** SHA-256 digestInfo prefix */ -static const uint8_t rsa_sha256_prefix_data[] = - { RSA_DIGESTINFO_PREFIX ( SHA256_DIGEST_SIZE, ASN1_OID_SHA256 ) }; - -/** MD5 digestInfo prefix */ -struct rsa_digestinfo_prefix rsa_md5_prefix __rsa_digestinfo_prefix = { - .digest = &md5_algorithm, - .data = rsa_md5_prefix_data, - .len = sizeof ( rsa_md5_prefix_data ), -}; - -/** SHA-1 digestInfo prefix */ -struct rsa_digestinfo_prefix rsa_sha1_prefix __rsa_digestinfo_prefix = { - .digest = &sha1_algorithm, - .data = rsa_sha1_prefix_data, - .len = sizeof ( rsa_sha1_prefix_data ), -}; - -/** SHA-256 digestInfo prefix */ -struct rsa_digestinfo_prefix rsa_sha256_prefix __rsa_digestinfo_prefix = { - .digest = &sha256_algorithm, - .data = rsa_sha256_prefix_data, - .len = sizeof ( rsa_sha256_prefix_data ), -}; - /** * Identify RSA prefix * diff --git a/qemu/roms/ipxe/src/crypto/sha1.c b/qemu/roms/ipxe/src/crypto/sha1.c index e1bef669e..51866f4b7 100644 --- a/qemu/roms/ipxe/src/crypto/sha1.c +++ b/qemu/roms/ipxe/src/crypto/sha1.c @@ -15,9 +15,13 @@ * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA * 02110-1301, USA. + * + * You can also choose to distribute this program under the terms of + * the Unmodified Binary Distribution Licence (as given in the file + * COPYING.UBDL), provided that you have satisfied its requirements. */ -FILE_LICENCE ( GPL2_OR_LATER ); +FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); /** @file * diff --git a/qemu/roms/ipxe/src/crypto/sha224.c b/qemu/roms/ipxe/src/crypto/sha224.c new file mode 100644 index 000000000..be25f24e9 --- /dev/null +++ b/qemu/roms/ipxe/src/crypto/sha224.c @@ -0,0 +1,82 @@ +/* + * Copyright (C) 2015 Michael Brown <mbrown@fensystems.co.uk>. + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License as + * published by the Free Software Foundation; either version 2 of the + * License, or any later version. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + * 02110-1301, USA. + * + * You can also choose to distribute this program under the terms of + * the Unmodified Binary Distribution Licence (as given in the file + * COPYING.UBDL), provided that you have satisfied its requirements. + */ + +FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); + +/** @file + * + * SHA-224 algorithm + * + */ + +#include <stdint.h> +#include <byteswap.h> +#include <ipxe/crypto.h> +#include <ipxe/asn1.h> +#include <ipxe/sha256.h> + +/** SHA-224 initial digest values */ +static const struct sha256_digest sha224_init_digest = { + .h = { + cpu_to_be32 ( 0xc1059ed8 ), + cpu_to_be32 ( 0x367cd507 ), + cpu_to_be32 ( 0x3070dd17 ), + cpu_to_be32 ( 0xf70e5939 ), + cpu_to_be32 ( 0xffc00b31 ), + cpu_to_be32 ( 0x68581511 ), + cpu_to_be32 ( 0x64f98fa7 ), + cpu_to_be32 ( 0xbefa4fa4 ), + }, +}; + +/** + * Initialise SHA-224 algorithm + * + * @v ctx SHA-224 context + */ +static void sha224_init ( void *ctx ) { + struct sha256_context *context = ctx; + + sha256_family_init ( context, &sha224_init_digest, SHA224_DIGEST_SIZE ); +} + +/** SHA-224 algorithm */ +struct digest_algorithm sha224_algorithm = { + .name = "sha224", + .ctxsize = sizeof ( struct sha256_context ), + .blocksize = sizeof ( union sha256_block ), + .digestsize = SHA224_DIGEST_SIZE, + .init = sha224_init, + .update = sha256_update, + .final = sha256_final, +}; + +/** "sha224" object identifier */ +static uint8_t oid_sha224[] = { ASN1_OID_SHA224 }; + +/** "sha224" OID-identified algorithm */ +struct asn1_algorithm oid_sha224_algorithm __asn1_algorithm = { + .name = "sha224", + .digest = &sha224_algorithm, + .oid = ASN1_OID_CURSOR ( oid_sha224 ), +}; diff --git a/qemu/roms/ipxe/src/crypto/sha256.c b/qemu/roms/ipxe/src/crypto/sha256.c index 36e02b3c2..0360d8d16 100644 --- a/qemu/roms/ipxe/src/crypto/sha256.c +++ b/qemu/roms/ipxe/src/crypto/sha256.c @@ -15,9 +15,13 @@ * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA * 02110-1301, USA. + * + * You can also choose to distribute this program under the terms of + * the Unmodified Binary Distribution Licence (as given in the file + * COPYING.UBDL), provided that you have satisfied its requirements. */ -FILE_LICENCE ( GPL2_OR_LATER ); +FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); /** @file * @@ -47,11 +51,11 @@ struct sha256_variables { uint32_t f; uint32_t g; uint32_t h; - uint32_t w[64]; + uint32_t w[SHA256_ROUNDS]; } __attribute__ (( packed )); /** SHA-256 constants */ -static const uint32_t k[64] = { +static const uint32_t k[SHA256_ROUNDS] = { 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5, 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174, 0xe49b69c1, 0xefbe4786, @@ -65,6 +69,37 @@ static const uint32_t k[64] = { 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2 }; +/** SHA-256 initial digest values */ +static const struct sha256_digest sha256_init_digest = { + .h = { + cpu_to_be32 ( 0x6a09e667 ), + cpu_to_be32 ( 0xbb67ae85 ), + cpu_to_be32 ( 0x3c6ef372 ), + cpu_to_be32 ( 0xa54ff53a ), + cpu_to_be32 ( 0x510e527f ), + cpu_to_be32 ( 0x9b05688c ), + cpu_to_be32 ( 0x1f83d9ab ), + cpu_to_be32 ( 0x5be0cd19 ), + }, +}; + +/** + * Initialise SHA-256 family algorithm + * + * @v context SHA-256 context + * @v init Initial digest values + * @v digestsize Digest size + */ +void sha256_family_init ( struct sha256_context *context, + const struct sha256_digest *init, + size_t digestsize ) { + + context->len = 0; + context->digestsize = digestsize; + memcpy ( &context->ddd.dd.digest, init, + sizeof ( context->ddd.dd.digest ) ); +} + /** * Initialise SHA-256 algorithm * @@ -73,15 +108,8 @@ static const uint32_t k[64] = { static void sha256_init ( void *ctx ) { struct sha256_context *context = ctx; - context->ddd.dd.digest.h[0] = cpu_to_be32 ( 0x6a09e667 ); - context->ddd.dd.digest.h[1] = cpu_to_be32 ( 0xbb67ae85 ); - context->ddd.dd.digest.h[2] = cpu_to_be32 ( 0x3c6ef372 ); - context->ddd.dd.digest.h[3] = cpu_to_be32 ( 0xa54ff53a ); - context->ddd.dd.digest.h[4] = cpu_to_be32 ( 0x510e527f ); - context->ddd.dd.digest.h[5] = cpu_to_be32 ( 0x9b05688c ); - context->ddd.dd.digest.h[6] = cpu_to_be32 ( 0x1f83d9ab ); - context->ddd.dd.digest.h[7] = cpu_to_be32 ( 0x5be0cd19 ); - context->len = 0; + sha256_family_init ( context, &sha256_init_digest, + sizeof ( struct sha256_digest ) ); } /** @@ -139,7 +167,7 @@ static void sha256_digest ( struct sha256_context *context ) { } /* Initialise w[16..63] */ - for ( i = 16 ; i < 64 ; i++ ) { + for ( i = 16 ; i < SHA256_ROUNDS ; i++ ) { s0 = ( ror32 ( w[i-15], 7 ) ^ ror32 ( w[i-15], 18 ) ^ ( w[i-15] >> 3 ) ); s1 = ( ror32 ( w[i-2], 17 ) ^ ror32 ( w[i-2], 19 ) ^ @@ -148,7 +176,7 @@ static void sha256_digest ( struct sha256_context *context ) { } /* Main loop */ - for ( i = 0 ; i < 64 ; i++ ) { + for ( i = 0 ; i < SHA256_ROUNDS ; i++ ) { s0 = ( ror32 ( *a, 2 ) ^ ror32 ( *a, 13 ) ^ ror32 ( *a, 22 ) ); maj = ( ( *a & *b ) ^ ( *a & *c ) ^ ( *b & *c ) ); t2 = ( s0 + maj ); @@ -186,7 +214,7 @@ static void sha256_digest ( struct sha256_context *context ) { * @v data Data * @v len Length of data */ -static void sha256_update ( void *ctx, const void *data, size_t len ) { +void sha256_update ( void *ctx, const void *data, size_t len ) { struct sha256_context *context = ctx; const uint8_t *byte = data; size_t offset; @@ -209,7 +237,7 @@ static void sha256_update ( void *ctx, const void *data, size_t len ) { * @v ctx SHA-256 context * @v out Output buffer */ -static void sha256_final ( void *ctx, void *out ) { +void sha256_final ( void *ctx, void *out ) { struct sha256_context *context = ctx; uint64_t len_bits; uint8_t pad; @@ -230,8 +258,7 @@ static void sha256_final ( void *ctx, void *out ) { assert ( ( context->len % sizeof ( context->ddd.dd.data ) ) == 0 ); /* Copy out final digest */ - memcpy ( out, &context->ddd.dd.digest, - sizeof ( context->ddd.dd.digest ) ); + memcpy ( out, &context->ddd.dd.digest, context->digestsize ); } /** SHA-256 algorithm */ diff --git a/qemu/roms/ipxe/src/crypto/sha384.c b/qemu/roms/ipxe/src/crypto/sha384.c new file mode 100644 index 000000000..017751826 --- /dev/null +++ b/qemu/roms/ipxe/src/crypto/sha384.c @@ -0,0 +1,82 @@ +/* + * Copyright (C) 2015 Michael Brown <mbrown@fensystems.co.uk>. + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License as + * published by the Free Software Foundation; either version 2 of the + * License, or any later version. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + * 02110-1301, USA. + * + * You can also choose to distribute this program under the terms of + * the Unmodified Binary Distribution Licence (as given in the file + * COPYING.UBDL), provided that you have satisfied its requirements. + */ + +FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); + +/** @file + * + * SHA-384 algorithm + * + */ + +#include <stdint.h> +#include <byteswap.h> +#include <ipxe/crypto.h> +#include <ipxe/asn1.h> +#include <ipxe/sha512.h> + +/** SHA-384 initial digest values */ +static const struct sha512_digest sha384_init_digest = { + .h = { + cpu_to_be64 ( 0xcbbb9d5dc1059ed8ULL ), + cpu_to_be64 ( 0x629a292a367cd507ULL ), + cpu_to_be64 ( 0x9159015a3070dd17ULL ), + cpu_to_be64 ( 0x152fecd8f70e5939ULL ), + cpu_to_be64 ( 0x67332667ffc00b31ULL ), + cpu_to_be64 ( 0x8eb44a8768581511ULL ), + cpu_to_be64 ( 0xdb0c2e0d64f98fa7ULL ), + cpu_to_be64 ( 0x47b5481dbefa4fa4ULL ), + }, +}; + +/** + * Initialise SHA-384 algorithm + * + * @v ctx SHA-384 context + */ +static void sha384_init ( void *ctx ) { + struct sha512_context *context = ctx; + + sha512_family_init ( context, &sha384_init_digest, SHA384_DIGEST_SIZE ); +} + +/** SHA-384 algorithm */ +struct digest_algorithm sha384_algorithm = { + .name = "sha384", + .ctxsize = sizeof ( struct sha512_context ), + .blocksize = sizeof ( union sha512_block ), + .digestsize = SHA384_DIGEST_SIZE, + .init = sha384_init, + .update = sha512_update, + .final = sha512_final, +}; + +/** "sha384" object identifier */ +static uint8_t oid_sha384[] = { ASN1_OID_SHA384 }; + +/** "sha384" OID-identified algorithm */ +struct asn1_algorithm oid_sha384_algorithm __asn1_algorithm = { + .name = "sha384", + .digest = &sha384_algorithm, + .oid = ASN1_OID_CURSOR ( oid_sha384 ), +}; diff --git a/qemu/roms/ipxe/src/crypto/sha512.c b/qemu/roms/ipxe/src/crypto/sha512.c new file mode 100644 index 000000000..814f44563 --- /dev/null +++ b/qemu/roms/ipxe/src/crypto/sha512.c @@ -0,0 +1,303 @@ +/* + * Copyright (C) 2015 Michael Brown <mbrown@fensystems.co.uk>. + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License as + * published by the Free Software Foundation; either version 2 of the + * License, or any later version. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + * 02110-1301, USA. + * + * You can also choose to distribute this program under the terms of + * the Unmodified Binary Distribution Licence (as given in the file + * COPYING.UBDL), provided that you have satisfied its requirements. + */ + +FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); + +/** @file + * + * SHA-512 algorithm + * + */ + +#include <stdint.h> +#include <string.h> +#include <byteswap.h> +#include <assert.h> +#include <ipxe/rotate.h> +#include <ipxe/crypto.h> +#include <ipxe/asn1.h> +#include <ipxe/sha512.h> + +/** SHA-512 variables */ +struct sha512_variables { + /* This layout matches that of struct sha512_digest_data, + * allowing for efficient endianness-conversion, + */ + uint64_t a; + uint64_t b; + uint64_t c; + uint64_t d; + uint64_t e; + uint64_t f; + uint64_t g; + uint64_t h; + uint64_t w[SHA512_ROUNDS]; +} __attribute__ (( packed )); + +/** SHA-512 constants */ +static const uint64_t k[SHA512_ROUNDS] = { + 0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL, 0xb5c0fbcfec4d3b2fULL, + 0xe9b5dba58189dbbcULL, 0x3956c25bf348b538ULL, 0x59f111f1b605d019ULL, + 0x923f82a4af194f9bULL, 0xab1c5ed5da6d8118ULL, 0xd807aa98a3030242ULL, + 0x12835b0145706fbeULL, 0x243185be4ee4b28cULL, 0x550c7dc3d5ffb4e2ULL, + 0x72be5d74f27b896fULL, 0x80deb1fe3b1696b1ULL, 0x9bdc06a725c71235ULL, + 0xc19bf174cf692694ULL, 0xe49b69c19ef14ad2ULL, 0xefbe4786384f25e3ULL, + 0x0fc19dc68b8cd5b5ULL, 0x240ca1cc77ac9c65ULL, 0x2de92c6f592b0275ULL, + 0x4a7484aa6ea6e483ULL, 0x5cb0a9dcbd41fbd4ULL, 0x76f988da831153b5ULL, + 0x983e5152ee66dfabULL, 0xa831c66d2db43210ULL, 0xb00327c898fb213fULL, + 0xbf597fc7beef0ee4ULL, 0xc6e00bf33da88fc2ULL, 0xd5a79147930aa725ULL, + 0x06ca6351e003826fULL, 0x142929670a0e6e70ULL, 0x27b70a8546d22ffcULL, + 0x2e1b21385c26c926ULL, 0x4d2c6dfc5ac42aedULL, 0x53380d139d95b3dfULL, + 0x650a73548baf63deULL, 0x766a0abb3c77b2a8ULL, 0x81c2c92e47edaee6ULL, + 0x92722c851482353bULL, 0xa2bfe8a14cf10364ULL, 0xa81a664bbc423001ULL, + 0xc24b8b70d0f89791ULL, 0xc76c51a30654be30ULL, 0xd192e819d6ef5218ULL, + 0xd69906245565a910ULL, 0xf40e35855771202aULL, 0x106aa07032bbd1b8ULL, + 0x19a4c116b8d2d0c8ULL, 0x1e376c085141ab53ULL, 0x2748774cdf8eeb99ULL, + 0x34b0bcb5e19b48a8ULL, 0x391c0cb3c5c95a63ULL, 0x4ed8aa4ae3418acbULL, + 0x5b9cca4f7763e373ULL, 0x682e6ff3d6b2b8a3ULL, 0x748f82ee5defb2fcULL, + 0x78a5636f43172f60ULL, 0x84c87814a1f0ab72ULL, 0x8cc702081a6439ecULL, + 0x90befffa23631e28ULL, 0xa4506cebde82bde9ULL, 0xbef9a3f7b2c67915ULL, + 0xc67178f2e372532bULL, 0xca273eceea26619cULL, 0xd186b8c721c0c207ULL, + 0xeada7dd6cde0eb1eULL, 0xf57d4f7fee6ed178ULL, 0x06f067aa72176fbaULL, + 0x0a637dc5a2c898a6ULL, 0x113f9804bef90daeULL, 0x1b710b35131c471bULL, + 0x28db77f523047d84ULL, 0x32caab7b40c72493ULL, 0x3c9ebe0a15c9bebcULL, + 0x431d67c49c100d4cULL, 0x4cc5d4becb3e42b6ULL, 0x597f299cfc657e2aULL, + 0x5fcb6fab3ad6faecULL, 0x6c44198c4a475817ULL +}; + +/** SHA-512 initial digest values */ +static const struct sha512_digest sha512_init_digest = { + .h = { + cpu_to_be64 ( 0x6a09e667f3bcc908ULL ), + cpu_to_be64 ( 0xbb67ae8584caa73bULL ), + cpu_to_be64 ( 0x3c6ef372fe94f82bULL ), + cpu_to_be64 ( 0xa54ff53a5f1d36f1ULL ), + cpu_to_be64 ( 0x510e527fade682d1ULL ), + cpu_to_be64 ( 0x9b05688c2b3e6c1fULL ), + cpu_to_be64 ( 0x1f83d9abfb41bd6bULL ), + cpu_to_be64 ( 0x5be0cd19137e2179ULL ), + }, +}; + +/** + * Initialise SHA-512 family algorithm + * + * @v context SHA-512 context + * @v init Initial digest values + * @v digestsize Digest size + */ +void sha512_family_init ( struct sha512_context *context, + const struct sha512_digest *init, + size_t digestsize ) { + + context->len = 0; + context->digestsize = digestsize; + memcpy ( &context->ddq.dd.digest, init, + sizeof ( context->ddq.dd.digest ) ); +} + +/** + * Initialise SHA-512 algorithm + * + * @v ctx SHA-512 context + */ +static void sha512_init ( void *ctx ) { + struct sha512_context *context = ctx; + + sha512_family_init ( context, &sha512_init_digest, + sizeof ( struct sha512_digest ) ); +} + +/** + * Calculate SHA-512 digest of accumulated data + * + * @v context SHA-512 context + */ +static void sha512_digest ( struct sha512_context *context ) { + union { + union sha512_digest_data_qwords ddq; + struct sha512_variables v; + } u; + uint64_t *a = &u.v.a; + uint64_t *b = &u.v.b; + uint64_t *c = &u.v.c; + uint64_t *d = &u.v.d; + uint64_t *e = &u.v.e; + uint64_t *f = &u.v.f; + uint64_t *g = &u.v.g; + uint64_t *h = &u.v.h; + uint64_t *w = u.v.w; + uint64_t s0; + uint64_t s1; + uint64_t maj; + uint64_t t1; + uint64_t t2; + uint64_t ch; + unsigned int i; + + /* Sanity checks */ + assert ( ( context->len % sizeof ( context->ddq.dd.data ) ) == 0 ); + linker_assert ( &u.ddq.dd.digest.h[0] == a, sha512_bad_layout ); + linker_assert ( &u.ddq.dd.digest.h[1] == b, sha512_bad_layout ); + linker_assert ( &u.ddq.dd.digest.h[2] == c, sha512_bad_layout ); + linker_assert ( &u.ddq.dd.digest.h[3] == d, sha512_bad_layout ); + linker_assert ( &u.ddq.dd.digest.h[4] == e, sha512_bad_layout ); + linker_assert ( &u.ddq.dd.digest.h[5] == f, sha512_bad_layout ); + linker_assert ( &u.ddq.dd.digest.h[6] == g, sha512_bad_layout ); + linker_assert ( &u.ddq.dd.digest.h[7] == h, sha512_bad_layout ); + linker_assert ( &u.ddq.dd.data.qword[0] == w, sha512_bad_layout ); + + DBGC ( context, "SHA512 digesting:\n" ); + DBGC_HDA ( context, 0, &context->ddq.dd.digest, + sizeof ( context->ddq.dd.digest ) ); + DBGC_HDA ( context, context->len, &context->ddq.dd.data, + sizeof ( context->ddq.dd.data ) ); + + /* Convert h[0..7] to host-endian, and initialise a, b, c, d, + * e, f, g, h, and w[0..15] + */ + for ( i = 0 ; i < ( sizeof ( u.ddq.qword ) / + sizeof ( u.ddq.qword[0] ) ) ; i++ ) { + be64_to_cpus ( &context->ddq.qword[i] ); + u.ddq.qword[i] = context->ddq.qword[i]; + } + + /* Initialise w[16..79] */ + for ( i = 16 ; i < SHA512_ROUNDS ; i++ ) { + s0 = ( ror64 ( w[i-15], 1 ) ^ ror64 ( w[i-15], 8 ) ^ + ( w[i-15] >> 7 ) ); + s1 = ( ror64 ( w[i-2], 19 ) ^ ror64 ( w[i-2], 61 ) ^ + ( w[i-2] >> 6 ) ); + w[i] = ( w[i-16] + s0 + w[i-7] + s1 ); + } + + /* Main loop */ + for ( i = 0 ; i < SHA512_ROUNDS ; i++ ) { + s0 = ( ror64 ( *a, 28 ) ^ ror64 ( *a, 34 ) ^ ror64 ( *a, 39 ) ); + maj = ( ( *a & *b ) ^ ( *a & *c ) ^ ( *b & *c ) ); + t2 = ( s0 + maj ); + s1 = ( ror64 ( *e, 14 ) ^ ror64 ( *e, 18 ) ^ ror64 ( *e, 41 ) ); + ch = ( ( *e & *f ) ^ ( (~*e) & *g ) ); + t1 = ( *h + s1 + ch + k[i] + w[i] ); + *h = *g; + *g = *f; + *f = *e; + *e = ( *d + t1 ); + *d = *c; + *c = *b; + *b = *a; + *a = ( t1 + t2 ); + DBGC2 ( context, "%2d : %016llx %016llx %016llx %016llx " + "%016llx %016llx %016llx %016llx\n", + i, *a, *b, *c, *d, *e, *f, *g, *h ); + } + + /* Add chunk to hash and convert back to big-endian */ + for ( i = 0 ; i < 8 ; i++ ) { + context->ddq.dd.digest.h[i] = + cpu_to_be64 ( context->ddq.dd.digest.h[i] + + u.ddq.dd.digest.h[i] ); + } + + DBGC ( context, "SHA512 digested:\n" ); + DBGC_HDA ( context, 0, &context->ddq.dd.digest, + sizeof ( context->ddq.dd.digest ) ); +} + +/** + * Accumulate data with SHA-512 algorithm + * + * @v ctx SHA-512 context + * @v data Data + * @v len Length of data + */ +void sha512_update ( void *ctx, const void *data, size_t len ) { + struct sha512_context *context = ctx; + const uint8_t *byte = data; + size_t offset; + + /* Accumulate data a byte at a time, performing the digest + * whenever we fill the data buffer + */ + while ( len-- ) { + offset = ( context->len % sizeof ( context->ddq.dd.data ) ); + context->ddq.dd.data.byte[offset] = *(byte++); + context->len++; + if ( ( context->len % sizeof ( context->ddq.dd.data ) ) == 0 ) + sha512_digest ( context ); + } +} + +/** + * Generate SHA-512 digest + * + * @v ctx SHA-512 context + * @v out Output buffer + */ +void sha512_final ( void *ctx, void *out ) { + struct sha512_context *context = ctx; + uint64_t len_bits_hi; + uint64_t len_bits_lo; + uint8_t pad; + + /* Record length before pre-processing */ + len_bits_hi = 0; + len_bits_lo = cpu_to_be64 ( ( ( uint64_t ) context->len ) * 8 ); + + /* Pad with a single "1" bit followed by as many "0" bits as required */ + pad = 0x80; + do { + sha512_update ( ctx, &pad, sizeof ( pad ) ); + pad = 0x00; + } while ( ( context->len % sizeof ( context->ddq.dd.data ) ) != + offsetof ( typeof ( context->ddq.dd.data ), final.len_hi ) ); + + /* Append length (in bits) */ + sha512_update ( ctx, &len_bits_hi, sizeof ( len_bits_hi ) ); + sha512_update ( ctx, &len_bits_lo, sizeof ( len_bits_lo ) ); + assert ( ( context->len % sizeof ( context->ddq.dd.data ) ) == 0 ); + + /* Copy out final digest */ + memcpy ( out, &context->ddq.dd.digest, context->digestsize ); +} + +/** SHA-512 algorithm */ +struct digest_algorithm sha512_algorithm = { + .name = "sha512", + .ctxsize = sizeof ( struct sha512_context ), + .blocksize = sizeof ( union sha512_block ), + .digestsize = sizeof ( struct sha512_digest ), + .init = sha512_init, + .update = sha512_update, + .final = sha512_final, +}; + +/** "sha512" object identifier */ +static uint8_t oid_sha512[] = { ASN1_OID_SHA512 }; + +/** "sha512" OID-identified algorithm */ +struct asn1_algorithm oid_sha512_algorithm __asn1_algorithm = { + .name = "sha512", + .digest = &sha512_algorithm, + .oid = ASN1_OID_CURSOR ( oid_sha512 ), +}; diff --git a/qemu/roms/ipxe/src/crypto/sha512_224.c b/qemu/roms/ipxe/src/crypto/sha512_224.c new file mode 100644 index 000000000..8c37b566b --- /dev/null +++ b/qemu/roms/ipxe/src/crypto/sha512_224.c @@ -0,0 +1,83 @@ +/* + * Copyright (C) 2015 Michael Brown <mbrown@fensystems.co.uk>. + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License as + * published by the Free Software Foundation; either version 2 of the + * License, or any later version. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + * 02110-1301, USA. + * + * You can also choose to distribute this program under the terms of + * the Unmodified Binary Distribution Licence (as given in the file + * COPYING.UBDL), provided that you have satisfied its requirements. + */ + +FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); + +/** @file + * + * SHA-512/224 algorithm + * + */ + +#include <stdint.h> +#include <byteswap.h> +#include <ipxe/crypto.h> +#include <ipxe/asn1.h> +#include <ipxe/sha512.h> + +/** SHA-512/224 initial digest values */ +static const struct sha512_digest sha512_224_init_digest = { + .h = { + cpu_to_be64 ( 0x8c3d37c819544da2ULL ), + cpu_to_be64 ( 0x73e1996689dcd4d6ULL ), + cpu_to_be64 ( 0x1dfab7ae32ff9c82ULL ), + cpu_to_be64 ( 0x679dd514582f9fcfULL ), + cpu_to_be64 ( 0x0f6d2b697bd44da8ULL ), + cpu_to_be64 ( 0x77e36f7304c48942ULL ), + cpu_to_be64 ( 0x3f9d85a86a1d36c8ULL ), + cpu_to_be64 ( 0x1112e6ad91d692a1ULL ), + }, +}; + +/** + * Initialise SHA-512/224 algorithm + * + * @v ctx SHA-512/224 context + */ +static void sha512_224_init ( void *ctx ) { + struct sha512_context *context = ctx; + + sha512_family_init ( context, &sha512_224_init_digest, + SHA512_224_DIGEST_SIZE ); +} + +/** SHA-512/224 algorithm */ +struct digest_algorithm sha512_224_algorithm = { + .name = "sha512/224", + .ctxsize = sizeof ( struct sha512_context ), + .blocksize = sizeof ( union sha512_block ), + .digestsize = SHA512_224_DIGEST_SIZE, + .init = sha512_224_init, + .update = sha512_update, + .final = sha512_final, +}; + +/** "sha512_224" object identifier */ +static uint8_t oid_sha512_224[] = { ASN1_OID_SHA512_224 }; + +/** "sha512_224" OID-identified algorithm */ +struct asn1_algorithm oid_sha512_224_algorithm __asn1_algorithm = { + .name = "sha512/224", + .digest = &sha512_224_algorithm, + .oid = ASN1_OID_CURSOR ( oid_sha512_224 ), +}; diff --git a/qemu/roms/ipxe/src/crypto/sha512_256.c b/qemu/roms/ipxe/src/crypto/sha512_256.c new file mode 100644 index 000000000..f8afaf3e3 --- /dev/null +++ b/qemu/roms/ipxe/src/crypto/sha512_256.c @@ -0,0 +1,83 @@ +/* + * Copyright (C) 2015 Michael Brown <mbrown@fensystems.co.uk>. + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License as + * published by the Free Software Foundation; either version 2 of the + * License, or any later version. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + * 02110-1301, USA. + * + * You can also choose to distribute this program under the terms of + * the Unmodified Binary Distribution Licence (as given in the file + * COPYING.UBDL), provided that you have satisfied its requirements. + */ + +FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); + +/** @file + * + * SHA-512/256 algorithm + * + */ + +#include <stdint.h> +#include <byteswap.h> +#include <ipxe/crypto.h> +#include <ipxe/asn1.h> +#include <ipxe/sha512.h> + +/** SHA-512/256 initial digest values */ +static const struct sha512_digest sha512_256_init_digest = { + .h = { + cpu_to_be64 ( 0x22312194fc2bf72cULL ), + cpu_to_be64 ( 0x9f555fa3c84c64c2ULL ), + cpu_to_be64 ( 0x2393b86b6f53b151ULL ), + cpu_to_be64 ( 0x963877195940eabdULL ), + cpu_to_be64 ( 0x96283ee2a88effe3ULL ), + cpu_to_be64 ( 0xbe5e1e2553863992ULL ), + cpu_to_be64 ( 0x2b0199fc2c85b8aaULL ), + cpu_to_be64 ( 0x0eb72ddc81c52ca2ULL ), + }, +}; + +/** + * Initialise SHA-512/256 algorithm + * + * @v ctx SHA-512/256 context + */ +static void sha512_256_init ( void *ctx ) { + struct sha512_context *context = ctx; + + sha512_family_init ( context, &sha512_256_init_digest, + SHA512_256_DIGEST_SIZE ); +} + +/** SHA-512/256 algorithm */ +struct digest_algorithm sha512_256_algorithm = { + .name = "sha512/256", + .ctxsize = sizeof ( struct sha512_context ), + .blocksize = sizeof ( union sha512_block ), + .digestsize = SHA512_256_DIGEST_SIZE, + .init = sha512_256_init, + .update = sha512_update, + .final = sha512_final, +}; + +/** "sha512_256" object identifier */ +static uint8_t oid_sha512_256[] = { ASN1_OID_SHA512_256 }; + +/** "sha512_256" OID-identified algorithm */ +struct asn1_algorithm oid_sha512_256_algorithm __asn1_algorithm = { + .name = "sha512/256", + .digest = &sha512_256_algorithm, + .oid = ASN1_OID_CURSOR ( oid_sha512_256 ), +}; diff --git a/qemu/roms/ipxe/src/crypto/x509.c b/qemu/roms/ipxe/src/crypto/x509.c index 4a02dad14..43a4ca17a 100644 --- a/qemu/roms/ipxe/src/crypto/x509.c +++ b/qemu/roms/ipxe/src/crypto/x509.c @@ -15,9 +15,13 @@ * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA * 02110-1301, USA. + * + * You can also choose to distribute this program under the terms of + * the Unmodified Binary Distribution Licence (as given in the file + * COPYING.UBDL), provided that you have satisfied its requirements. */ -FILE_LICENCE ( GPL2_OR_LATER ); +FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); #include <stdlib.h> #include <string.h> @@ -139,7 +143,8 @@ const char * x509_name ( struct x509_certificate *cert ) { } else { /* Certificate has no commonName: use SHA-1 fingerprint */ x509_fingerprint ( cert, digest, fingerprint ); - base16_encode ( fingerprint, sizeof ( fingerprint ), buf ); + base16_encode ( fingerprint, sizeof ( fingerprint ), + buf, sizeof ( buf ) ); } return buf; } @@ -1761,5 +1766,11 @@ int x509_validate_chain ( struct x509_chain *chain, time_t time, return -EACCES_USELESS; } +/* Drag in objects via x509_validate() */ +REQUIRING_SYMBOL ( x509_validate ); + /* Drag in certificate store */ REQUIRE_OBJECT ( certstore ); + +/* Drag in crypto configuration */ +REQUIRE_OBJECT ( config_crypto ); |