mirror of
https://github.com/ipxe/ipxe
synced 2025-12-27 18:12:36 +03:00
[crypto] Split crypto_algorithm into {digest,cipher,pubkey}_algorithm
The various types of cryptographic algorithm are fundamentally different, and it was probably a mistake to try to handle them via a single common type. pubkey_algorithm is a placeholder type for now.
This commit is contained in:
Michael Brown
@@ -1,8 +1,8 @@
|
||||
#ifndef _GPXE_AES_H
|
||||
#define _GPXE_AES_H
|
||||
|
||||
struct crypto_algorithm;
|
||||
struct cipher_algorithm;
|
||||
|
||||
extern struct crypto_algorithm aes_cbc_algorithm;
|
||||
extern struct cipher_algorithm aes_cbc_algorithm;
|
||||
|
||||
#endif /* _GPXE_AES_H */
|
||||
|
||||
@@ -10,12 +10,12 @@
|
||||
#include <stdint.h>
|
||||
#include <gpxe/md5.h>
|
||||
|
||||
struct crypto_algorithm;
|
||||
struct digest_algorithm;
|
||||
|
||||
/** A CHAP response */
|
||||
struct chap_response {
|
||||
/** Digest algorithm used for the response */
|
||||
struct crypto_algorithm *digest;
|
||||
struct digest_algorithm *digest;
|
||||
/** Context used by the digest algorithm */
|
||||
uint8_t *digest_context;
|
||||
/** CHAP response */
|
||||
@@ -25,7 +25,7 @@ struct chap_response {
|
||||
};
|
||||
|
||||
extern int chap_init ( struct chap_response *chap,
|
||||
struct crypto_algorithm *digest );
|
||||
struct digest_algorithm *digest );
|
||||
extern void chap_update ( struct chap_response *chap, const void *data,
|
||||
size_t len );
|
||||
extern void chap_respond ( struct chap_response *chap );
|
||||
|
||||
@@ -10,21 +10,46 @@
|
||||
#include <stdint.h>
|
||||
#include <stddef.h>
|
||||
|
||||
/** A cryptographic algorithm */
|
||||
struct crypto_algorithm {
|
||||
/** A message digest algorithm */
|
||||
struct digest_algorithm {
|
||||
/** Algorithm name */
|
||||
const char *name;
|
||||
/** Context size */
|
||||
size_t ctxsize;
|
||||
/** Block size */
|
||||
size_t blocksize;
|
||||
/** Final output size */
|
||||
/** Digest size */
|
||||
size_t digestsize;
|
||||
/** Initialise algorithm
|
||||
/** Initialise digest
|
||||
*
|
||||
* @v ctx Context
|
||||
*/
|
||||
void ( * init ) ( void *ctx );
|
||||
/** Update digest with new data
|
||||
*
|
||||
* @v ctx Context
|
||||
* @v src Data to digest
|
||||
* @v len Length of data
|
||||
*
|
||||
* @v len is not necessarily a multiple of @c blocksize.
|
||||
*/
|
||||
void ( * update ) ( void *ctx, const void *src, size_t len );
|
||||
/** Finalise digest
|
||||
*
|
||||
* @v ctx Context
|
||||
* @v out Buffer for digest output
|
||||
*/
|
||||
void ( * final ) ( void *ctx, void *out );
|
||||
};
|
||||
|
||||
/** A cipher algorithm */
|
||||
struct cipher_algorithm {
|
||||
/** Algorithm name */
|
||||
const char *name;
|
||||
/** Context size */
|
||||
size_t ctxsize;
|
||||
/** Block size */
|
||||
size_t blocksize;
|
||||
/** Set key
|
||||
*
|
||||
* @v ctx Context
|
||||
@@ -38,79 +63,79 @@ struct crypto_algorithm {
|
||||
* @v ctx Context
|
||||
* @v iv Initialisation vector
|
||||
*/
|
||||
void ( *setiv ) ( void *ctx, const void *iv );
|
||||
/** Encode data
|
||||
void ( * setiv ) ( void *ctx, const void *iv );
|
||||
/** Encrypt data
|
||||
*
|
||||
* @v ctx Context
|
||||
* @v src Data to encode
|
||||
* @v dst Encoded data, or NULL
|
||||
* @v len Length of data
|
||||
* @ret rc Return status code
|
||||
*
|
||||
* For a cipher algorithm, the enciphered data should be
|
||||
* placed in @c dst. For a digest algorithm, only the digest
|
||||
* state should be updated, and @c dst will be NULL.
|
||||
*
|
||||
* @v len is guaranteed to be a multiple of @c blocksize.
|
||||
*/
|
||||
void ( * encode ) ( void *ctx, const void *src, void *dst,
|
||||
size_t len );
|
||||
/** Decode data
|
||||
*
|
||||
* @v ctx Context
|
||||
* @v src Data to decode
|
||||
* @v dst Decoded data
|
||||
* @v src Data to encrypt
|
||||
* @v dst Buffer for encrypted data
|
||||
* @v len Length of data
|
||||
* @ret rc Return status code
|
||||
*
|
||||
* @v len is guaranteed to be a multiple of @c blocksize.
|
||||
*/
|
||||
void ( * decode ) ( void *ctx, const void *src, void *dst,
|
||||
size_t len );
|
||||
/** Finalise algorithm
|
||||
void ( * encrypt ) ( void *ctx, const void *src, void *dst,
|
||||
size_t len );
|
||||
/** Decrypt data
|
||||
*
|
||||
* @v ctx Context
|
||||
* @v out Algorithm final output
|
||||
* @v src Data to decrypt
|
||||
* @v dst Buffer for decrypted data
|
||||
* @v len Length of data
|
||||
* @ret rc Return status code
|
||||
*
|
||||
* @v len is guaranteed to be a multiple of @c blocksize.
|
||||
*/
|
||||
void ( * final ) ( void *ctx, void *out );
|
||||
void ( * decrypt ) ( void *ctx, const void *src, void *dst,
|
||||
size_t len );
|
||||
};
|
||||
|
||||
static inline void digest_init ( struct crypto_algorithm *crypto,
|
||||
/** A public key algorithm */
|
||||
struct pubkey_algorithm {
|
||||
/** Algorithm name */
|
||||
const char *name;
|
||||
/** Context size */
|
||||
size_t ctxsize;
|
||||
};
|
||||
|
||||
static inline void digest_init ( struct digest_algorithm *digest,
|
||||
void *ctx ) {
|
||||
crypto->init ( ctx );
|
||||
digest->init ( ctx );
|
||||
}
|
||||
|
||||
static inline void digest_update ( struct crypto_algorithm *crypto,
|
||||
static inline void digest_update ( struct digest_algorithm *digest,
|
||||
void *ctx, const void *data, size_t len ) {
|
||||
crypto->encode ( ctx, data, NULL, len );
|
||||
digest->update ( ctx, data, len );
|
||||
}
|
||||
|
||||
static inline void digest_final ( struct crypto_algorithm *crypto,
|
||||
static inline void digest_final ( struct digest_algorithm *digest,
|
||||
void *ctx, void *out ) {
|
||||
crypto->final ( ctx, out );
|
||||
digest->final ( ctx, out );
|
||||
}
|
||||
|
||||
static inline void cipher_setiv ( struct crypto_algorithm *crypto,
|
||||
void *ctx, const void *iv ) {
|
||||
crypto->setiv ( ctx, iv );
|
||||
}
|
||||
|
||||
static inline int cipher_setkey ( struct crypto_algorithm *crypto,
|
||||
static inline int cipher_setkey ( struct cipher_algorithm *cipher,
|
||||
void *ctx, const void *key, size_t keylen ) {
|
||||
return crypto->setkey ( ctx, key, keylen );
|
||||
return cipher->setkey ( ctx, key, keylen );
|
||||
}
|
||||
|
||||
static inline int is_stream_cipher ( struct crypto_algorithm *crypto ) {
|
||||
return ( crypto->blocksize == 1 );
|
||||
static inline void cipher_setiv ( struct cipher_algorithm *cipher,
|
||||
void *ctx, const void *iv ) {
|
||||
cipher->setiv ( ctx, iv );
|
||||
}
|
||||
|
||||
extern struct crypto_algorithm crypto_null;
|
||||
static inline int is_stream_cipher ( struct cipher_algorithm *cipher ) {
|
||||
return ( cipher->blocksize == 1 );
|
||||
}
|
||||
|
||||
extern int cipher_encrypt ( struct crypto_algorithm *crypto,
|
||||
extern int cipher_encrypt ( struct cipher_algorithm *cipher,
|
||||
void *ctx, const void *src, void *dst,
|
||||
size_t len );
|
||||
extern int cipher_decrypt ( struct crypto_algorithm *crypto,
|
||||
extern int cipher_decrypt ( struct cipher_algorithm *cipher,
|
||||
void *ctx, const void *src, void *dst,
|
||||
size_t len );
|
||||
|
||||
extern struct digest_algorithm digest_null;
|
||||
extern struct cipher_algorithm cipher_null;
|
||||
extern struct pubkey_algorithm pubkey_null;
|
||||
|
||||
#endif /* _GPXE_CRYPTO_H */
|
||||
|
||||
@@ -16,15 +16,15 @@
|
||||
* @v data Data
|
||||
* @v len Length of data
|
||||
*/
|
||||
static inline void hmac_update ( struct crypto_algorithm *digest,
|
||||
static inline void hmac_update ( struct digest_algorithm *digest,
|
||||
void *digest_ctx, const void *data,
|
||||
size_t len ) {
|
||||
digest_update ( digest, digest_ctx, data, len );
|
||||
}
|
||||
|
||||
extern void hmac_init ( struct crypto_algorithm *digest, void *digest_ctx,
|
||||
extern void hmac_init ( struct digest_algorithm *digest, void *digest_ctx,
|
||||
void *key, size_t *key_len );
|
||||
extern void hmac_final ( struct crypto_algorithm *digest, void *digest_ctx,
|
||||
extern void hmac_final ( struct digest_algorithm *digest, void *digest_ctx,
|
||||
void *key, size_t *key_len, void *hmac );
|
||||
|
||||
#endif /* _GPXE_HMAC_H */
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
#ifndef _GPXE_MD5_H
|
||||
#define _GPXE_MD5_H
|
||||
|
||||
struct crypto_algorithm;
|
||||
struct digest_algorithm;
|
||||
|
||||
#include <stdint.h>
|
||||
|
||||
@@ -17,6 +17,6 @@ struct md5_ctx {
|
||||
|
||||
#define MD5_CTX_SIZE sizeof ( struct md5_ctx )
|
||||
|
||||
extern struct crypto_algorithm md5_algorithm;
|
||||
extern struct digest_algorithm md5_algorithm;
|
||||
|
||||
#endif /* _GPXE_MD5_H */
|
||||
|
||||
@@ -1,9 +1,9 @@
|
||||
#ifndef _GPXE_RSA_H
|
||||
#define _GPXE_RSA_H
|
||||
|
||||
struct crypto_algorithm;
|
||||
struct pubkey_algorithm;
|
||||
|
||||
extern struct crypto_algorithm rsa_algorithm;
|
||||
extern struct pubkey_algorithm rsa_algorithm;
|
||||
|
||||
#include "crypto/axtls/crypto.h"
|
||||
|
||||
|
||||
@@ -3,11 +3,11 @@
|
||||
|
||||
#include "crypto/axtls/crypto.h"
|
||||
|
||||
struct crypto_algorithm;
|
||||
struct digest_algorithm;
|
||||
|
||||
#define SHA1_CTX_SIZE sizeof ( SHA1_CTX )
|
||||
#define SHA1_DIGEST_SIZE SHA1_SIZE
|
||||
|
||||
extern struct crypto_algorithm sha1_algorithm;
|
||||
extern struct digest_algorithm sha1_algorithm;
|
||||
|
||||
#endif /* _GPXE_SHA1_H */
|
||||
|
||||
@@ -91,11 +91,11 @@ enum tls_tx_state {
|
||||
/** A TLS cipher specification */
|
||||
struct tls_cipherspec {
|
||||
/** Public-key encryption algorithm */
|
||||
struct crypto_algorithm *pubkey;
|
||||
struct pubkey_algorithm *pubkey;
|
||||
/** Bulk encryption cipher algorithm */
|
||||
struct crypto_algorithm *cipher;
|
||||
struct cipher_algorithm *cipher;
|
||||
/** MAC digest algorithm */
|
||||
struct crypto_algorithm *digest;
|
||||
struct digest_algorithm *digest;
|
||||
/** Key length */
|
||||
size_t key_len;
|
||||
/** Dynamically-allocated storage */
|
||||
|
||||
Reference in New Issue
Block a user