AES_cbc_decrypt ( &aesctx->ctx, data, dst, len );
}
-struct crypto_algorithm aes_cbc_algorithm = {
+struct cipher_algorithm aes_cbc_algorithm = {
.name = "aes_cbc",
.ctxsize = sizeof ( struct aes_cbc_context ),
.blocksize = 16,
.setkey = aes_cbc_setkey,
.setiv = aes_cbc_setiv,
- .encode = aes_cbc_encrypt,
- .decode = aes_cbc_decrypt,
+ .encrypt = aes_cbc_encrypt,
+ .decrypt = aes_cbc_decrypt,
};
SHA1Init ( ctx );
}
-static void sha1_update ( void *ctx, const void *data, void *dst __unused,
- size_t len ) {
+static void sha1_update ( void *ctx, const void *data, size_t len ) {
SHA1Update ( ctx, data, len );
}
SHA1Final ( ctx, out );
}
-struct crypto_algorithm sha1_algorithm = {
+struct digest_algorithm sha1_algorithm = {
.name = "sha1",
.ctxsize = SHA1_CTX_SIZE,
.blocksize = 64,
.digestsize = SHA1_DIGEST_SIZE,
.init = sha1_init,
- .encode = sha1_update,
+ .update = sha1_update,
.final = sha1_final,
};
* eventually be freed by a call to chap_finish().
*/
int chap_init ( struct chap_response *chap,
- struct crypto_algorithm *digest ) {
+ struct digest_algorithm *digest ) {
size_t state_len;
void *state;
#include <errno.h>
#include <gpxe/crypto.h>
-int cipher_encrypt ( struct crypto_algorithm *crypto,
+int cipher_encrypt ( struct cipher_algorithm *cipher,
void *ctx, const void *src, void *dst,
size_t len ) {
- if ( ( len & ( crypto->blocksize - 1 ) ) ) {
+ if ( ( len & ( cipher->blocksize - 1 ) ) ) {
return -EINVAL;
}
- crypto->encode ( ctx, src, dst, len );
+ cipher->encrypt ( ctx, src, dst, len );
return 0;
}
-int cipher_decrypt ( struct crypto_algorithm *crypto,
+int cipher_decrypt ( struct cipher_algorithm *cipher,
void *ctx, const void *src, void *dst,
size_t len ) {
- if ( ( len & ( crypto->blocksize - 1 ) ) ) {
+ if ( ( len & ( cipher->blocksize - 1 ) ) ) {
return -EINVAL;
}
- crypto->decode ( ctx, src, dst, len );
+ cipher->decrypt ( ctx, src, dst, len );
return 0;
}
#include <string.h>
#include <gpxe/crypto.h>
-static void null_init ( void *ctx __unused ) {
+static void digest_null_init ( void *ctx __unused ) {
/* Do nothing */
}
-static int null_setkey ( void *ctx __unused, const void *key __unused,
- size_t keylen __unused ) {
+static void digest_null_update ( void *ctx __unused, const void *src __unused,
+ size_t len __unused ) {
/* Do nothing */
- return 0;
}
-static void null_setiv ( void *ctx __unused, const void *iv __unused ) {
+static void digest_null_final ( void *ctx __unused, void *out __unused ) {
/* Do nothing */
}
-static void null_encode ( void *ctx __unused, const void *src,
- void *dst, size_t len ) {
- if ( dst )
- memcpy ( dst, src, len );
-}
+struct digest_algorithm digest_null = {
+ .name = "null",
+ .ctxsize = 0,
+ .blocksize = 1,
+ .digestsize = 0,
+ .init = digest_null_init,
+ .update = digest_null_update,
+ .final = digest_null_final,
+};
-static void null_decode ( void *ctx __unused, const void *src,
- void *dst, size_t len ) {
- if ( dst )
- memcpy ( dst, src, len );
+static int cipher_null_setkey ( void *ctx __unused, const void *key __unused,
+ size_t keylen __unused ) {
+ /* Do nothing */
+ return 0;
}
-static void null_final ( void *ctx __unused, void *out __unused ) {
+static void cipher_null_setiv ( void *ctx __unused,
+ const void *iv __unused ) {
/* Do nothing */
}
-struct crypto_algorithm crypto_null = {
+static void cipher_null_encrypt ( void *ctx __unused, const void *src,
+ void *dst, size_t len ) {
+ memcpy ( dst, src, len );
+}
+
+static void cipher_null_decrypt ( void *ctx __unused, const void *src,
+ void *dst, size_t len ) {
+ memcpy ( dst, src, len );
+}
+
+struct cipher_algorithm cipher_null = {
.name = "null",
.ctxsize = 0,
.blocksize = 1,
- .digestsize = 0,
- .init = null_init,
- .setkey = null_setkey,
- .setiv = null_setiv,
- .encode = null_encode,
- .decode = null_decode,
- .final = null_final,
+ .setkey = cipher_null_setkey,
+ .setiv = cipher_null_setiv,
+ .encrypt = cipher_null_encrypt,
+ .decrypt = cipher_null_decrypt,
+};
+
+struct pubkey_algorithm pubkey_null = {
+ .name = "null",
+ .ctxsize = 0,
};
* @v key Key
* @v key_len Length of key
*/
-static void hmac_reduce_key ( struct crypto_algorithm *digest,
+static void hmac_reduce_key ( struct digest_algorithm *digest,
void *key, size_t *key_len ) {
uint8_t digest_ctx[digest->ctxsize];
* will be replaced with its own digest, and key_len will be updated
* accordingly).
*/
-void hmac_init ( struct crypto_algorithm *digest, void *digest_ctx,
+void hmac_init ( struct digest_algorithm *digest, void *digest_ctx,
void *key, size_t *key_len ) {
unsigned char k_ipad[digest->blocksize];
unsigned int i;
* will be replaced with its own digest, and key_len will be updated
* accordingly).
*/
-void hmac_final ( struct crypto_algorithm *digest, void *digest_ctx,
+void hmac_final ( struct digest_algorithm *digest, void *digest_ctx,
void *key, size_t *key_len, void *hmac ) {
unsigned char k_opad[digest->blocksize];
unsigned int i;
mctx->byte_count = 0;
}
-static void md5_update(void *context, const void *data, void *dst __unused,
- size_t len)
+static void md5_update(void *context, const void *data, size_t len)
{
struct md5_ctx *mctx = context;
const u32 avail = sizeof(mctx->block) - (mctx->byte_count & 0x3f);
memset(mctx, 0, sizeof(*mctx));
}
-struct crypto_algorithm md5_algorithm = {
+struct digest_algorithm md5_algorithm = {
.name = "md5",
.ctxsize = MD5_CTX_SIZE,
.blocksize = ( MD5_BLOCK_WORDS * 4 ),
.digestsize = MD5_DIGEST_SIZE,
.init = md5_init,
- .encode = md5_update,
+ .update = md5_update,
.final = md5_final,
};
#ifndef _GPXE_AES_H
#define _GPXE_AES_H
-struct crypto_algorithm;
+struct cipher_algorithm;
-extern struct crypto_algorithm aes_cbc_algorithm;
+extern struct cipher_algorithm aes_cbc_algorithm;
#endif /* _GPXE_AES_H */
#include <stdint.h>
#include <gpxe/md5.h>
-struct crypto_algorithm;
+struct digest_algorithm;
/** A CHAP response */
struct chap_response {
/** Digest algorithm used for the response */
- struct crypto_algorithm *digest;
+ struct digest_algorithm *digest;
/** Context used by the digest algorithm */
uint8_t *digest_context;
/** CHAP response */
};
extern int chap_init ( struct chap_response *chap,
- struct crypto_algorithm *digest );
+ struct digest_algorithm *digest );
extern void chap_update ( struct chap_response *chap, const void *data,
size_t len );
extern void chap_respond ( struct chap_response *chap );
#include <stdint.h>
#include <stddef.h>
-/** A cryptographic algorithm */
-struct crypto_algorithm {
+/** A message digest algorithm */
+struct digest_algorithm {
/** Algorithm name */
const char *name;
/** Context size */
size_t ctxsize;
/** Block size */
size_t blocksize;
- /** Final output size */
+ /** Digest size */
size_t digestsize;
- /** Initialise algorithm
+ /** Initialise digest
*
* @v ctx Context
*/
void ( * init ) ( void *ctx );
+ /** Update digest with new data
+ *
+ * @v ctx Context
+ * @v src Data to digest
+ * @v len Length of data
+ *
+ * @v len is not necessarily a multiple of @c blocksize.
+ */
+ void ( * update ) ( void *ctx, const void *src, size_t len );
+ /** Finalise digest
+ *
+ * @v ctx Context
+ * @v out Buffer for digest output
+ */
+ void ( * final ) ( void *ctx, void *out );
+};
+
+/** A cipher algorithm */
+struct cipher_algorithm {
+ /** Algorithm name */
+ const char *name;
+ /** Context size */
+ size_t ctxsize;
+ /** Block size */
+ size_t blocksize;
/** Set key
*
* @v ctx Context
* @v ctx Context
* @v iv Initialisation vector
*/
- void ( *setiv ) ( void *ctx, const void *iv );
- /** Encode data
+ void ( * setiv ) ( void *ctx, const void *iv );
+ /** Encrypt data
*
* @v ctx Context
- * @v src Data to encode
- * @v dst Encoded data, or NULL
+ * @v src Data to encrypt
+ * @v dst Buffer for encrypted data
* @v len Length of data
* @ret rc Return status code
*
- * For a cipher algorithm, the enciphered data should be
- * placed in @c dst. For a digest algorithm, only the digest
- * state should be updated, and @c dst will be NULL.
- *
* @v len is guaranteed to be a multiple of @c blocksize.
*/
- void ( * encode ) ( void *ctx, const void *src, void *dst,
- size_t len );
- /** Decode data
+ void ( * encrypt ) ( void *ctx, const void *src, void *dst,
+ size_t len );
+ /** Decrypt data
*
* @v ctx Context
- * @v src Data to decode
- * @v dst Decoded data
+ * @v src Data to decrypt
+ * @v dst Buffer for decrypted data
* @v len Length of data
* @ret rc Return status code
*
* @v len is guaranteed to be a multiple of @c blocksize.
*/
- void ( * decode ) ( void *ctx, const void *src, void *dst,
- size_t len );
- /** Finalise algorithm
- *
- * @v ctx Context
- * @v out Algorithm final output
- */
- void ( * final ) ( void *ctx, void *out );
+ void ( * decrypt ) ( void *ctx, const void *src, void *dst,
+ size_t len );
+};
+
+/** A public key algorithm */
+struct pubkey_algorithm {
+ /** Algorithm name */
+ const char *name;
+ /** Context size */
+ size_t ctxsize;
};
-static inline void digest_init ( struct crypto_algorithm *crypto,
+static inline void digest_init ( struct digest_algorithm *digest,
void *ctx ) {
- crypto->init ( ctx );
+ digest->init ( ctx );
}
-static inline void digest_update ( struct crypto_algorithm *crypto,
+static inline void digest_update ( struct digest_algorithm *digest,
void *ctx, const void *data, size_t len ) {
- crypto->encode ( ctx, data, NULL, len );
+ digest->update ( ctx, data, len );
}
-static inline void digest_final ( struct crypto_algorithm *crypto,
+static inline void digest_final ( struct digest_algorithm *digest,
void *ctx, void *out ) {
- crypto->final ( ctx, out );
+ digest->final ( ctx, out );
}
-static inline void cipher_setiv ( struct crypto_algorithm *crypto,
- void *ctx, const void *iv ) {
- crypto->setiv ( ctx, iv );
-}
-
-static inline int cipher_setkey ( struct crypto_algorithm *crypto,
+static inline int cipher_setkey ( struct cipher_algorithm *cipher,
void *ctx, const void *key, size_t keylen ) {
- return crypto->setkey ( ctx, key, keylen );
+ return cipher->setkey ( ctx, key, keylen );
}
-static inline int is_stream_cipher ( struct crypto_algorithm *crypto ) {
- return ( crypto->blocksize == 1 );
+static inline void cipher_setiv ( struct cipher_algorithm *cipher,
+ void *ctx, const void *iv ) {
+ cipher->setiv ( ctx, iv );
}
-extern struct crypto_algorithm crypto_null;
+static inline int is_stream_cipher ( struct cipher_algorithm *cipher ) {
+ return ( cipher->blocksize == 1 );
+}
-extern int cipher_encrypt ( struct crypto_algorithm *crypto,
+extern int cipher_encrypt ( struct cipher_algorithm *cipher,
void *ctx, const void *src, void *dst,
size_t len );
-extern int cipher_decrypt ( struct crypto_algorithm *crypto,
+extern int cipher_decrypt ( struct cipher_algorithm *cipher,
void *ctx, const void *src, void *dst,
size_t len );
+extern struct digest_algorithm digest_null;
+extern struct cipher_algorithm cipher_null;
+extern struct pubkey_algorithm pubkey_null;
+
#endif /* _GPXE_CRYPTO_H */
* @v data Data
* @v len Length of data
*/
-static inline void hmac_update ( struct crypto_algorithm *digest,
+static inline void hmac_update ( struct digest_algorithm *digest,
void *digest_ctx, const void *data,
size_t len ) {
digest_update ( digest, digest_ctx, data, len );
}
-extern void hmac_init ( struct crypto_algorithm *digest, void *digest_ctx,
+extern void hmac_init ( struct digest_algorithm *digest, void *digest_ctx,
void *key, size_t *key_len );
-extern void hmac_final ( struct crypto_algorithm *digest, void *digest_ctx,
+extern void hmac_final ( struct digest_algorithm *digest, void *digest_ctx,
void *key, size_t *key_len, void *hmac );
#endif /* _GPXE_HMAC_H */
#ifndef _GPXE_MD5_H
#define _GPXE_MD5_H
-struct crypto_algorithm;
+struct digest_algorithm;
#include <stdint.h>
#define MD5_CTX_SIZE sizeof ( struct md5_ctx )
-extern struct crypto_algorithm md5_algorithm;
+extern struct digest_algorithm md5_algorithm;
#endif /* _GPXE_MD5_H */
#ifndef _GPXE_RSA_H
#define _GPXE_RSA_H
-struct crypto_algorithm;
+struct pubkey_algorithm;
-extern struct crypto_algorithm rsa_algorithm;
+extern struct pubkey_algorithm rsa_algorithm;
#include "crypto/axtls/crypto.h"
#include "crypto/axtls/crypto.h"
-struct crypto_algorithm;
+struct digest_algorithm;
#define SHA1_CTX_SIZE sizeof ( SHA1_CTX )
#define SHA1_DIGEST_SIZE SHA1_SIZE
-extern struct crypto_algorithm sha1_algorithm;
+extern struct digest_algorithm sha1_algorithm;
#endif /* _GPXE_SHA1_H */
/** A TLS cipher specification */
struct tls_cipherspec {
/** Public-key encryption algorithm */
- struct crypto_algorithm *pubkey;
+ struct pubkey_algorithm *pubkey;
/** Bulk encryption cipher algorithm */
- struct crypto_algorithm *cipher;
+ struct cipher_algorithm *cipher;
/** MAC digest algorithm */
- struct crypto_algorithm *digest;
+ struct digest_algorithm *digest;
/** Key length */
size_t key_len;
/** Dynamically-allocated storage */
* @v digest_ctx Digest context
* @v args ( data, len ) pairs of data, terminated by NULL
*/
-static void tls_hmac_update_va ( struct crypto_algorithm *digest,
+static void tls_hmac_update_va ( struct digest_algorithm *digest,
void *digest_ctx, va_list args ) {
void *data;
size_t len;
* @v seeds ( data, len ) pairs of seed data, terminated by NULL
*/
static void tls_p_hash_va ( struct tls_session *tls,
- struct crypto_algorithm *digest,
+ struct digest_algorithm *digest,
void *secret, size_t secret_len,
void *out, size_t out_len,
va_list seeds ) {
struct tls_cipherspec *cipherspec ) {
free ( cipherspec->dynamic );
memset ( cipherspec, 0, sizeof ( cipherspec ) );
- cipherspec->pubkey = &crypto_null;
- cipherspec->cipher = &crypto_null;
- cipherspec->digest = &crypto_null;
+ cipherspec->pubkey = &pubkey_null;
+ cipherspec->cipher = &cipher_null;
+ cipherspec->digest = &digest_null;
}
/**
*/
static int tls_set_cipher ( struct tls_session *tls,
struct tls_cipherspec *cipherspec,
- struct crypto_algorithm *pubkey,
- struct crypto_algorithm *cipher,
- struct crypto_algorithm *digest,
+ struct pubkey_algorithm *pubkey,
+ struct cipher_algorithm *cipher,
+ struct digest_algorithm *digest,
size_t key_len ) {
size_t total;
void *dynamic;
*/
static int tls_select_cipher ( struct tls_session *tls,
unsigned int cipher_suite ) {
- struct crypto_algorithm *pubkey = &crypto_null;
- struct crypto_algorithm *cipher = &crypto_null;
- struct crypto_algorithm *digest = &crypto_null;
+ struct pubkey_algorithm *pubkey = &pubkey_null;
+ struct cipher_algorithm *cipher = &cipher_null;
+ struct digest_algorithm *digest = &digest_null;
unsigned int key_len = 0;
int rc;
/* Sanity check */
if ( /* FIXME (when pubkey is not hard-coded to RSA):
- * ( pending->pubkey == &crypto_null ) || */
- ( pending->cipher == &crypto_null ) ||
- ( pending->digest == &crypto_null ) ) {
+ * ( pending->pubkey == &pubkey_null ) || */
+ ( pending->cipher == &cipher_null ) ||
+ ( pending->digest == &digest_null ) ) {
DBGC ( tls, "TLS %p refusing to use null cipher\n", tls );
return -ENOTSUP;
}
* far.
*/
static void tls_verify_handshake ( struct tls_session *tls, void *out ) {
- struct crypto_algorithm *md5 = &md5_algorithm;
- struct crypto_algorithm *sha1 = &sha1_algorithm;
+ struct digest_algorithm *md5 = &md5_algorithm;
+ struct digest_algorithm *sha1 = &sha1_algorithm;
uint8_t md5_ctx[md5->ctxsize];
uint8_t sha1_ctx[sha1->ctxsize];
void *md5_digest = out;
struct tls_cipherspec *cipherspec,
uint64_t seq, struct tls_header *tlshdr,
const void *data, size_t len, void *hmac ) {
- struct crypto_algorithm *digest = cipherspec->digest;
+ struct digest_algorithm *digest = cipherspec->digest;
uint8_t digest_ctx[digest->ctxsize];
hmac_init ( digest, digest_ctx, cipherspec->mac_secret,