diff options
Diffstat (limited to 'qemu/roms/ipxe/src/include/ipxe/crypto.h')
| -rw-r--r-- | qemu/roms/ipxe/src/include/ipxe/crypto.h | 270 |
1 files changed, 270 insertions, 0 deletions
diff --git a/qemu/roms/ipxe/src/include/ipxe/crypto.h b/qemu/roms/ipxe/src/include/ipxe/crypto.h new file mode 100644 index 000000000..3eda5ec6e --- /dev/null +++ b/qemu/roms/ipxe/src/include/ipxe/crypto.h @@ -0,0 +1,270 @@ +#ifndef _IPXE_CRYPTO_H +#define _IPXE_CRYPTO_H + +/** @file + * + * Cryptographic API + * + */ + +FILE_LICENCE ( GPL2_OR_LATER ); + +#include <stdint.h> +#include <stddef.h> + +/** A message digest algorithm */ +struct digest_algorithm { + /** Algorithm name */ + const char *name; + /** Context size */ + size_t ctxsize; + /** Block size */ + size_t blocksize; + /** Digest size */ + size_t digestsize; + /** Initialise digest + * + * @v ctx Context + */ + void ( * init ) ( void *ctx ); + /** Update digest with new data + * + * @v ctx Context + * @v src Data to digest + * @v len Length of data + * + * @v len is not necessarily a multiple of @c blocksize. + */ + void ( * update ) ( void *ctx, const void *src, size_t len ); + /** Finalise digest + * + * @v ctx Context + * @v out Buffer for digest output + */ + void ( * final ) ( void *ctx, void *out ); +}; + +/** A cipher algorithm */ +struct cipher_algorithm { + /** Algorithm name */ + const char *name; + /** Context size */ + size_t ctxsize; + /** Block size */ + size_t blocksize; + /** Set key + * + * @v ctx Context + * @v key Key + * @v keylen Key length + * @ret rc Return status code + */ + int ( * setkey ) ( void *ctx, const void *key, size_t keylen ); + /** Set initialisation vector + * + * @v ctx Context + * @v iv Initialisation vector + */ + void ( * setiv ) ( void *ctx, const void *iv ); + /** Encrypt data + * + * @v ctx Context + * @v src Data to encrypt + * @v dst Buffer for encrypted data + * @v len Length of data + * + * @v len is guaranteed to be a multiple of @c blocksize. + */ + void ( * encrypt ) ( void *ctx, const void *src, void *dst, + size_t len ); + /** Decrypt data + * + * @v ctx Context + * @v src Data to decrypt + * @v dst Buffer for decrypted data + * @v len Length of data + * + * @v len is guaranteed to be a multiple of @c blocksize. + */ + void ( * decrypt ) ( void *ctx, const void *src, void *dst, + size_t len ); +}; + +/** A public key algorithm */ +struct pubkey_algorithm { + /** Algorithm name */ + const char *name; + /** Context size */ + size_t ctxsize; + /** Initialise algorithm + * + * @v ctx Context + * @v key Key + * @v key_len Length of key + * @ret rc Return status code + */ + int ( * init ) ( void *ctx, const void *key, size_t key_len ); + /** Calculate maximum output length + * + * @v ctx Context + * @ret max_len Maximum output length + */ + size_t ( * max_len ) ( void *ctx ); + /** Encrypt + * + * @v ctx Context + * @v plaintext Plaintext + * @v plaintext_len Length of plaintext + * @v ciphertext Ciphertext + * @ret ciphertext_len Length of ciphertext, or negative error + */ + int ( * encrypt ) ( void *ctx, const void *data, size_t len, + void *out ); + /** Decrypt + * + * @v ctx Context + * @v ciphertext Ciphertext + * @v ciphertext_len Ciphertext length + * @v plaintext Plaintext + * @ret plaintext_len Plaintext length, or negative error + */ + int ( * decrypt ) ( void *ctx, const void *data, size_t len, + void *out ); + /** Sign digest value + * + * @v ctx Context + * @v digest Digest algorithm + * @v value Digest value + * @v signature Signature + * @ret signature_len Signature length, or negative error + */ + int ( * sign ) ( void *ctx, struct digest_algorithm *digest, + const void *value, void *signature ); + /** Verify signed digest value + * + * @v ctx Context + * @v digest Digest algorithm + * @v value Digest value + * @v signature Signature + * @v signature_len Signature length + * @ret rc Return status code + */ + int ( * verify ) ( void *ctx, struct digest_algorithm *digest, + const void *value, const void *signature, + size_t signature_len ); + /** Finalise algorithm + * + * @v ctx Context + */ + void ( * final ) ( void *ctx ); + /** Check that public key matches private key + * + * @v private_key Private key + * @v private_key_len Private key length + * @v public_key Public key + * @v public_key_len Public key length + * @ret rc Return status code + */ + int ( * match ) ( const void *private_key, size_t private_key_len, + const void *public_key, size_t public_key_len ); +}; + +static inline void digest_init ( struct digest_algorithm *digest, + void *ctx ) { + digest->init ( ctx ); +} + +static inline void digest_update ( struct digest_algorithm *digest, + void *ctx, const void *data, size_t len ) { + digest->update ( ctx, data, len ); +} + +static inline void digest_final ( struct digest_algorithm *digest, + void *ctx, void *out ) { + digest->final ( ctx, out ); +} + +static inline int cipher_setkey ( struct cipher_algorithm *cipher, + void *ctx, const void *key, size_t keylen ) { + return cipher->setkey ( ctx, key, keylen ); +} + +static inline void cipher_setiv ( struct cipher_algorithm *cipher, + void *ctx, const void *iv ) { + cipher->setiv ( ctx, iv ); +} + +static inline void cipher_encrypt ( struct cipher_algorithm *cipher, + void *ctx, const void *src, void *dst, + size_t len ) { + cipher->encrypt ( ctx, src, dst, len ); +} +#define cipher_encrypt( cipher, ctx, src, dst, len ) do { \ + assert ( ( (len) & ( (cipher)->blocksize - 1 ) ) == 0 ); \ + cipher_encrypt ( (cipher), (ctx), (src), (dst), (len) ); \ + } while ( 0 ) + +static inline void cipher_decrypt ( struct cipher_algorithm *cipher, + void *ctx, const void *src, void *dst, + size_t len ) { + cipher->decrypt ( ctx, src, dst, len ); +} +#define cipher_decrypt( cipher, ctx, src, dst, len ) do { \ + assert ( ( (len) & ( (cipher)->blocksize - 1 ) ) == 0 ); \ + cipher_decrypt ( (cipher), (ctx), (src), (dst), (len) ); \ + } while ( 0 ) + +static inline int is_stream_cipher ( struct cipher_algorithm *cipher ) { + return ( cipher->blocksize == 1 ); +} + +static inline int pubkey_init ( struct pubkey_algorithm *pubkey, void *ctx, + const void *key, size_t key_len ) { + return pubkey->init ( ctx, key, key_len ); +} + +static inline size_t pubkey_max_len ( struct pubkey_algorithm *pubkey, + void *ctx ) { + return pubkey->max_len ( ctx ); +} + +static inline int pubkey_encrypt ( struct pubkey_algorithm *pubkey, void *ctx, + const void *data, size_t len, void *out ) { + return pubkey->encrypt ( ctx, data, len, out ); +} + +static inline int pubkey_decrypt ( struct pubkey_algorithm *pubkey, void *ctx, + const void *data, size_t len, void *out ) { + return pubkey->decrypt ( ctx, data, len, out ); +} + +static inline int pubkey_sign ( struct pubkey_algorithm *pubkey, void *ctx, + struct digest_algorithm *digest, + const void *value, void *signature ) { + return pubkey->sign ( ctx, digest, value, signature ); +} + +static inline int pubkey_verify ( struct pubkey_algorithm *pubkey, void *ctx, + struct digest_algorithm *digest, + const void *value, const void *signature, + size_t signature_len ) { + return pubkey->verify ( ctx, digest, value, signature, signature_len ); +} + +static inline void pubkey_final ( struct pubkey_algorithm *pubkey, void *ctx ) { + pubkey->final ( ctx ); +} + +static inline int pubkey_match ( struct pubkey_algorithm *pubkey, + const void *private_key, + size_t private_key_len, const void *public_key, + size_t public_key_len ) { + return pubkey->match ( private_key, private_key_len, public_key, + public_key_len ); +} + +extern struct digest_algorithm digest_null; +extern struct cipher_algorithm cipher_null; +extern struct pubkey_algorithm pubkey_null; + +#endif /* _IPXE_CRYPTO_H */ |