[crypto] Add concept of authentication tag to cipher algorithms

Some ciphers (such as GCM) support the concept of a tag that can be
used to authenticate the encrypted data.  Add a cipher method for
generating an authentication tag.

Signed-off-by: Michael Brown <mcb30@ipxe.org>

src/include/ipxe/cbc.h

@@ -95,10 +95,12 @@ struct cipher_algorithm _cbc_cipher = {					\
 	.name		= #_cbc_name,					\
 	.ctxsize	= sizeof ( struct _cbc_name ## _context ),	\
 	.blocksize	= _blocksize,					\
+	.authsize	= 0,						\
 	.setkey		= _cbc_name ## _setkey,				\
 	.setiv		= _cbc_name ## _setiv,				\
 	.encrypt	= _cbc_name ## _encrypt,			\
 	.decrypt	= _cbc_name ## _decrypt,			\
+	.auth		= cipher_null_auth,				\
 };
 
 #endif /* _IPXE_CBC_H */

src/include/ipxe/crypto.h

@@ -52,6 +52,8 @@ struct cipher_algorithm {
 	size_t ctxsize;
 	/** Block size */
 	size_t blocksize;
+	/** Authentication tag size */
+	size_t authsize;
 	/** Set key
 	 *
 	 * @v ctx	Context
@@ -89,6 +91,12 @@ struct cipher_algorithm {
 	 */
 	void ( * decrypt ) ( void *ctx, const void *src, void *dst,
 			     size_t len );
+	/** Generate authentication tag
+	 *
+	 * @v ctx	Context
+	 * @v auth	Authentication tag
+	 */
+	void ( * auth ) ( void *ctx, void *auth );
 };
 
 /** A public key algorithm */
@@ -215,10 +223,19 @@ static inline void cipher_decrypt ( struct cipher_algorithm *cipher,
 	cipher_decrypt ( (cipher), (ctx), (src), (dst), (len) );	\
 	} while ( 0 )
 
+static inline void cipher_auth ( struct cipher_algorithm *cipher, void *ctx,
+				 void *auth ) {
+	cipher->auth ( ctx, auth );
+}
+
 static inline int is_stream_cipher ( struct cipher_algorithm *cipher ) {
 	return ( cipher->blocksize == 1 );
 }
 
+static inline int is_auth_cipher ( struct cipher_algorithm *cipher ) {
+	return cipher->authsize;
+}
+
 static inline int pubkey_init ( struct pubkey_algorithm *pubkey, void *ctx,
 				const void *key, size_t key_len ) {
 	return pubkey->init ( ctx, key, key_len );
@@ -274,6 +291,7 @@ extern void cipher_null_encrypt ( void *ctx, const void *src, void *dst,
 				  size_t len );
 extern void cipher_null_decrypt ( void *ctx, const void *src, void *dst,
 				  size_t len );
+extern void cipher_null_auth ( void *ctx, void *auth );
 
 extern int pubkey_null_init ( void *ctx, const void *key, size_t key_len );
 extern size_t pubkey_null_max_len ( void *ctx );

src/include/ipxe/ecb.h

@@ -47,10 +47,12 @@ struct cipher_algorithm _ecb_cipher = {					\
 	.name		= #_ecb_name,					\
 	.ctxsize	= sizeof ( _raw_context ),			\
 	.blocksize	= _blocksize,					\
+	.authsize	= 0,						\
 	.setkey		= _ecb_name ## _setkey,				\
 	.setiv		= _ecb_name ## _setiv,				\
 	.encrypt	= _ecb_name ## _encrypt,			\
 	.decrypt	= _ecb_name ## _decrypt,			\
+	.auth		= cipher_null_auth,				\
 };
 
 #endif /* _IPXE_ECB_H */