[crypto] Add abstraction for a public-key algorithm

Signed-off-by: Michael Brown <mcb30@ipxe.org>
2025-12-21 20:40:25 +03:00 · 2012-03-18 13:25:10 +00:00
parent e20550fddf
commit c00eb6e190
2 changed files with 147 additions and 0 deletions
--- a/src/include/ipxe/crypto.h
+++ b/src/include/ipxe/crypto.h
@@ -96,6 +96,67 @@ struct pubkey_algorithm {
 	const char *name;
 	/** Context size */
 	size_t ctxsize;
+	/** Initialise algorithm
+	 *
+	 * @v ctx		Context
+	 * @v key		Key
+	 * @v key_len		Length of key
+	 * @ret rc		Return status code
+	 */
+	int ( * init ) ( void *ctx, const void *key, size_t key_len );
+	/** Calculate maximum output length
+	 *
+	 * @v ctx		Context
+	 * @ret max_len		Maximum output length
+	 */
+	size_t ( * max_len ) ( void *ctx );
+	/** Encrypt
+	 *
+	 * @v ctx		Context
+	 * @v plaintext		Plaintext
+	 * @v plaintext_len	Length of plaintext
+	 * @v ciphertext	Ciphertext
+	 * @ret ciphertext_len	Length of ciphertext, or negative error
+	 */
+	int ( * encrypt ) ( void *ctx, const void *data, size_t len,
+			    void *out );
+	/** Decrypt
+	 *
+	 * @v ctx		Context
+	 * @v ciphertext	Ciphertext
+	 * @v ciphertext_len	Ciphertext length
+	 * @v plaintext		Plaintext
+	 * @ret plaintext_len	Plaintext length, or negative error
+	 */
+	int ( * decrypt ) ( void *ctx, const void *data, size_t len,
+			    void *out );
+	/** Sign digest value
+	 *
+	 * @v ctx		Context
+	 * @v digest		Digest algorithm
+	 * @v value		Digest value
+	 * @v signature		Signature
+	 * @ret signature_len	Signature length, or negative error
+	 */
+	int ( * sign ) ( void *ctx, struct digest_algorithm *digest,
+			 const void *value, void *signature );
+	/** Verify signed digest value
+	 *
+	 * @v ctx		Context
+	 * @v digest		Digest algorithm
+	 * @v value		Digest value
+	 * @v signature		Signature
+	 * @v signature_len	Signature length
+	 * @ret rc		Return status code
+	 */
+	int ( * verify ) ( void *ctx, struct digest_algorithm *digest,
+			   const void *value, const void *signature,
+			   size_t signature_len );
+	/** Finalise algorithm
+	 *
+	 * @v ctx		Context
+	 */
+	void ( * final ) ( void *ctx );
 };

 static inline void digest_init ( struct digest_algorithm *digest,
@@ -147,6 +208,43 @@ static inline int is_stream_cipher ( struct cipher_algorithm *cipher ) {
 	return ( cipher->blocksize == 1 );
 }

+static inline int pubkey_init ( struct pubkey_algorithm *pubkey, void *ctx,
+				const void *key, size_t key_len ) {
+	return pubkey->init ( ctx, key, key_len );
+}
+
+static inline size_t pubkey_max_len ( struct pubkey_algorithm *pubkey,
+				      void *ctx ) {
+	return pubkey->max_len ( ctx );
+}
+
+static inline int pubkey_encrypt ( struct pubkey_algorithm *pubkey, void *ctx,
+				   const void *data, size_t len, void *out ) {
+	return pubkey->encrypt ( ctx, data, len, out );
+}
+
+static inline int pubkey_decrypt ( struct pubkey_algorithm *pubkey, void *ctx,
+				   const void *data, size_t len, void *out ) {
+	return pubkey->decrypt ( ctx, data, len, out );
+}
+
+static inline int pubkey_sign ( struct pubkey_algorithm *pubkey, void *ctx,
+				struct digest_algorithm *digest,
+				const void *value, void *signature ) {
+	return pubkey->sign ( ctx, digest, value, signature );
+}
+
+static inline int pubkey_verify ( struct pubkey_algorithm *pubkey, void *ctx,
+				  struct digest_algorithm *digest,
+				  const void *value, const void *signature,
+				  size_t signature_len ) {
+	return pubkey->verify ( ctx, digest, value, signature, signature_len );
+}
+
+static inline void pubkey_final ( struct pubkey_algorithm *pubkey, void *ctx ) {
+	pubkey->final ( ctx );
+}
+
 extern struct digest_algorithm digest_null;
 extern struct cipher_algorithm cipher_null;
 extern struct pubkey_algorithm pubkey_null;