From a3219b24a8ea4699e7b04cf1f1131aade9fcd855 Mon Sep 17 00:00:00 2001 From: Michael Brown Date: Wed, 18 Feb 2009 21:56:02 +0000 Subject: [crypto] Split crypto_algorithm into {digest,cipher,pubkey}_algorithm The various types of cryptographic algorithm are fundamentally different, and it was probably a mistake to try to handle them via a single common type. pubkey_algorithm is a placeholder type for now. --- src/crypto/axtls_aes.c | 6 +-- src/crypto/axtls_sha1.c | 7 ++- src/crypto/chap.c | 2 +- src/crypto/cipher.c | 12 ++--- src/crypto/crypto_null.c | 62 ++++++++++++++++---------- src/crypto/hmac.c | 6 +-- src/crypto/md5.c | 7 ++- src/include/gpxe/aes.h | 4 +- src/include/gpxe/chap.h | 6 +-- src/include/gpxe/crypto.h | 111 ++++++++++++++++++++++++++++------------------ src/include/gpxe/hmac.h | 6 +-- src/include/gpxe/md5.h | 4 +- src/include/gpxe/rsa.h | 4 +- src/include/gpxe/sha1.h | 4 +- src/include/gpxe/tls.h | 6 +-- src/net/tls.c | 34 +++++++------- 16 files changed, 160 insertions(+), 121 deletions(-) diff --git a/src/crypto/axtls_aes.c b/src/crypto/axtls_aes.c index 278f9334..a19ad3c4 100644 --- a/src/crypto/axtls_aes.c +++ b/src/crypto/axtls_aes.c @@ -59,12 +59,12 @@ static void aes_cbc_decrypt ( void *ctx, const void *data, void *dst, AES_cbc_decrypt ( &aesctx->ctx, data, dst, len ); } -struct crypto_algorithm aes_cbc_algorithm = { +struct cipher_algorithm aes_cbc_algorithm = { .name = "aes_cbc", .ctxsize = sizeof ( struct aes_cbc_context ), .blocksize = 16, .setkey = aes_cbc_setkey, .setiv = aes_cbc_setiv, - .encode = aes_cbc_encrypt, - .decode = aes_cbc_decrypt, + .encrypt = aes_cbc_encrypt, + .decrypt = aes_cbc_decrypt, }; diff --git a/src/crypto/axtls_sha1.c b/src/crypto/axtls_sha1.c index 62ff878a..841e193b 100644 --- a/src/crypto/axtls_sha1.c +++ b/src/crypto/axtls_sha1.c @@ -6,8 +6,7 @@ static void sha1_init ( void *ctx ) { SHA1Init ( ctx ); } -static void sha1_update ( void *ctx, const void *data, void *dst __unused, - size_t len ) { +static void sha1_update ( void *ctx, const void *data, size_t len ) { SHA1Update ( ctx, data, len ); } @@ -15,12 +14,12 @@ static void sha1_final ( void *ctx, void *out ) { SHA1Final ( ctx, out ); } -struct crypto_algorithm sha1_algorithm = { +struct digest_algorithm sha1_algorithm = { .name = "sha1", .ctxsize = SHA1_CTX_SIZE, .blocksize = 64, .digestsize = SHA1_DIGEST_SIZE, .init = sha1_init, - .encode = sha1_update, + .update = sha1_update, .final = sha1_final, }; diff --git a/src/crypto/chap.c b/src/crypto/chap.c index 59b70e39..d0784d25 100644 --- a/src/crypto/chap.c +++ b/src/crypto/chap.c @@ -42,7 +42,7 @@ * eventually be freed by a call to chap_finish(). */ int chap_init ( struct chap_response *chap, - struct crypto_algorithm *digest ) { + struct digest_algorithm *digest ) { size_t state_len; void *state; diff --git a/src/crypto/cipher.c b/src/crypto/cipher.c index 9c392009..f83a6d0f 100644 --- a/src/crypto/cipher.c +++ b/src/crypto/cipher.c @@ -2,23 +2,23 @@ #include #include -int cipher_encrypt ( struct crypto_algorithm *crypto, +int cipher_encrypt ( struct cipher_algorithm *cipher, void *ctx, const void *src, void *dst, size_t len ) { - if ( ( len & ( crypto->blocksize - 1 ) ) ) { + if ( ( len & ( cipher->blocksize - 1 ) ) ) { return -EINVAL; } - crypto->encode ( ctx, src, dst, len ); + cipher->encrypt ( ctx, src, dst, len ); return 0; } -int cipher_decrypt ( struct crypto_algorithm *crypto, +int cipher_decrypt ( struct cipher_algorithm *cipher, void *ctx, const void *src, void *dst, size_t len ) { - if ( ( len & ( crypto->blocksize - 1 ) ) ) { + if ( ( len & ( cipher->blocksize - 1 ) ) ) { return -EINVAL; } - crypto->decode ( ctx, src, dst, len ); + cipher->decrypt ( ctx, src, dst, len ); return 0; } diff --git a/src/crypto/crypto_null.c b/src/crypto/crypto_null.c index 120ef0a6..8cc9217a 100644 --- a/src/crypto/crypto_null.c +++ b/src/crypto/crypto_null.c @@ -25,45 +25,61 @@ #include #include -static void null_init ( void *ctx __unused ) { +static void digest_null_init ( void *ctx __unused ) { /* Do nothing */ } -static int null_setkey ( void *ctx __unused, const void *key __unused, - size_t keylen __unused ) { +static void digest_null_update ( void *ctx __unused, const void *src __unused, + size_t len __unused ) { /* Do nothing */ - return 0; } -static void null_setiv ( void *ctx __unused, const void *iv __unused ) { +static void digest_null_final ( void *ctx __unused, void *out __unused ) { /* Do nothing */ } -static void null_encode ( void *ctx __unused, const void *src, - void *dst, size_t len ) { - if ( dst ) - memcpy ( dst, src, len ); -} +struct digest_algorithm digest_null = { + .name = "null", + .ctxsize = 0, + .blocksize = 1, + .digestsize = 0, + .init = digest_null_init, + .update = digest_null_update, + .final = digest_null_final, +}; -static void null_decode ( void *ctx __unused, const void *src, - void *dst, size_t len ) { - if ( dst ) - memcpy ( dst, src, len ); +static int cipher_null_setkey ( void *ctx __unused, const void *key __unused, + size_t keylen __unused ) { + /* Do nothing */ + return 0; } -static void null_final ( void *ctx __unused, void *out __unused ) { +static void cipher_null_setiv ( void *ctx __unused, + const void *iv __unused ) { /* Do nothing */ } -struct crypto_algorithm crypto_null = { +static void cipher_null_encrypt ( void *ctx __unused, const void *src, + void *dst, size_t len ) { + memcpy ( dst, src, len ); +} + +static void cipher_null_decrypt ( void *ctx __unused, const void *src, + void *dst, size_t len ) { + memcpy ( dst, src, len ); +} + +struct cipher_algorithm cipher_null = { .name = "null", .ctxsize = 0, .blocksize = 1, - .digestsize = 0, - .init = null_init, - .setkey = null_setkey, - .setiv = null_setiv, - .encode = null_encode, - .decode = null_decode, - .final = null_final, + .setkey = cipher_null_setkey, + .setiv = cipher_null_setiv, + .encrypt = cipher_null_encrypt, + .decrypt = cipher_null_decrypt, +}; + +struct pubkey_algorithm pubkey_null = { + .name = "null", + .ctxsize = 0, }; diff --git a/src/crypto/hmac.c b/src/crypto/hmac.c index 6884bde9..be0298a7 100644 --- a/src/crypto/hmac.c +++ b/src/crypto/hmac.c @@ -35,7 +35,7 @@ * @v key Key * @v key_len Length of key */ -static void hmac_reduce_key ( struct crypto_algorithm *digest, +static void hmac_reduce_key ( struct digest_algorithm *digest, void *key, size_t *key_len ) { uint8_t digest_ctx[digest->ctxsize]; @@ -58,7 +58,7 @@ static void hmac_reduce_key ( struct crypto_algorithm *digest, * will be replaced with its own digest, and key_len will be updated * accordingly). */ -void hmac_init ( struct crypto_algorithm *digest, void *digest_ctx, +void hmac_init ( struct digest_algorithm *digest, void *digest_ctx, void *key, size_t *key_len ) { unsigned char k_ipad[digest->blocksize]; unsigned int i; @@ -93,7 +93,7 @@ void hmac_init ( struct crypto_algorithm *digest, void *digest_ctx, * will be replaced with its own digest, and key_len will be updated * accordingly). */ -void hmac_final ( struct crypto_algorithm *digest, void *digest_ctx, +void hmac_final ( struct digest_algorithm *digest, void *digest_ctx, void *key, size_t *key_len, void *hmac ) { unsigned char k_opad[digest->blocksize]; unsigned int i; diff --git a/src/crypto/md5.c b/src/crypto/md5.c index 1fed24fc..76fb8a69 100644 --- a/src/crypto/md5.c +++ b/src/crypto/md5.c @@ -167,8 +167,7 @@ static void md5_init(void *context) mctx->byte_count = 0; } -static void md5_update(void *context, const void *data, void *dst __unused, - size_t len) +static void md5_update(void *context, const void *data, size_t len) { struct md5_ctx *mctx = context; const u32 avail = sizeof(mctx->block) - (mctx->byte_count & 0x3f); @@ -224,12 +223,12 @@ static void md5_final(void *context, void *out) memset(mctx, 0, sizeof(*mctx)); } -struct crypto_algorithm md5_algorithm = { +struct digest_algorithm md5_algorithm = { .name = "md5", .ctxsize = MD5_CTX_SIZE, .blocksize = ( MD5_BLOCK_WORDS * 4 ), .digestsize = MD5_DIGEST_SIZE, .init = md5_init, - .encode = md5_update, + .update = md5_update, .final = md5_final, }; diff --git a/src/include/gpxe/aes.h b/src/include/gpxe/aes.h index dd6e7734..bdb4b351 100644 --- a/src/include/gpxe/aes.h +++ b/src/include/gpxe/aes.h @@ -1,8 +1,8 @@ #ifndef _GPXE_AES_H #define _GPXE_AES_H -struct crypto_algorithm; +struct cipher_algorithm; -extern struct crypto_algorithm aes_cbc_algorithm; +extern struct cipher_algorithm aes_cbc_algorithm; #endif /* _GPXE_AES_H */ diff --git a/src/include/gpxe/chap.h b/src/include/gpxe/chap.h index a7059cdb..87e5484f 100644 --- a/src/include/gpxe/chap.h +++ b/src/include/gpxe/chap.h @@ -10,12 +10,12 @@ #include #include -struct crypto_algorithm; +struct digest_algorithm; /** A CHAP response */ struct chap_response { /** Digest algorithm used for the response */ - struct crypto_algorithm *digest; + struct digest_algorithm *digest; /** Context used by the digest algorithm */ uint8_t *digest_context; /** CHAP response */ @@ -25,7 +25,7 @@ struct chap_response { }; extern int chap_init ( struct chap_response *chap, - struct crypto_algorithm *digest ); + struct digest_algorithm *digest ); extern void chap_update ( struct chap_response *chap, const void *data, size_t len ); extern void chap_respond ( struct chap_response *chap ); diff --git a/src/include/gpxe/crypto.h b/src/include/gpxe/crypto.h index 95665acc..42860a9e 100644 --- a/src/include/gpxe/crypto.h +++ b/src/include/gpxe/crypto.h @@ -10,21 +10,46 @@ #include #include -/** A cryptographic algorithm */ -struct crypto_algorithm { +/** A message digest algorithm */ +struct digest_algorithm { /** Algorithm name */ const char *name; /** Context size */ size_t ctxsize; /** Block size */ size_t blocksize; - /** Final output size */ + /** Digest size */ size_t digestsize; - /** Initialise algorithm + /** Initialise digest * * @v ctx Context */ void ( * init ) ( void *ctx ); + /** Update digest with new data + * + * @v ctx Context + * @v src Data to digest + * @v len Length of data + * + * @v len is not necessarily a multiple of @c blocksize. + */ + void ( * update ) ( void *ctx, const void *src, size_t len ); + /** Finalise digest + * + * @v ctx Context + * @v out Buffer for digest output + */ + void ( * final ) ( void *ctx, void *out ); +}; + +/** A cipher algorithm */ +struct cipher_algorithm { + /** Algorithm name */ + const char *name; + /** Context size */ + size_t ctxsize; + /** Block size */ + size_t blocksize; /** Set key * * @v ctx Context @@ -38,79 +63,79 @@ struct crypto_algorithm { * @v ctx Context * @v iv Initialisation vector */ - void ( *setiv ) ( void *ctx, const void *iv ); - /** Encode data + void ( * setiv ) ( void *ctx, const void *iv ); + /** Encrypt data * * @v ctx Context - * @v src Data to encode - * @v dst Encoded data, or NULL + * @v src Data to encrypt + * @v dst Buffer for encrypted data * @v len Length of data * @ret rc Return status code * - * For a cipher algorithm, the enciphered data should be - * placed in @c dst. For a digest algorithm, only the digest - * state should be updated, and @c dst will be NULL. - * * @v len is guaranteed to be a multiple of @c blocksize. */ - void ( * encode ) ( void *ctx, const void *src, void *dst, - size_t len ); - /** Decode data + void ( * encrypt ) ( void *ctx, const void *src, void *dst, + size_t len ); + /** Decrypt data * * @v ctx Context - * @v src Data to decode - * @v dst Decoded data + * @v src Data to decrypt + * @v dst Buffer for decrypted data * @v len Length of data * @ret rc Return status code * * @v len is guaranteed to be a multiple of @c blocksize. */ - void ( * decode ) ( void *ctx, const void *src, void *dst, - size_t len ); - /** Finalise algorithm - * - * @v ctx Context - * @v out Algorithm final output - */ - void ( * final ) ( void *ctx, void *out ); + void ( * decrypt ) ( void *ctx, const void *src, void *dst, + size_t len ); +}; + +/** A public key algorithm */ +struct pubkey_algorithm { + /** Algorithm name */ + const char *name; + /** Context size */ + size_t ctxsize; }; -static inline void digest_init ( struct crypto_algorithm *crypto, +static inline void digest_init ( struct digest_algorithm *digest, void *ctx ) { - crypto->init ( ctx ); + digest->init ( ctx ); } -static inline void digest_update ( struct crypto_algorithm *crypto, +static inline void digest_update ( struct digest_algorithm *digest, void *ctx, const void *data, size_t len ) { - crypto->encode ( ctx, data, NULL, len ); + digest->update ( ctx, data, len ); } -static inline void digest_final ( struct crypto_algorithm *crypto, +static inline void digest_final ( struct digest_algorithm *digest, void *ctx, void *out ) { - crypto->final ( ctx, out ); + digest->final ( ctx, out ); } -static inline void cipher_setiv ( struct crypto_algorithm *crypto, - void *ctx, const void *iv ) { - crypto->setiv ( ctx, iv ); -} - -static inline int cipher_setkey ( struct crypto_algorithm *crypto, +static inline int cipher_setkey ( struct cipher_algorithm *cipher, void *ctx, const void *key, size_t keylen ) { - return crypto->setkey ( ctx, key, keylen ); + return cipher->setkey ( ctx, key, keylen ); } -static inline int is_stream_cipher ( struct crypto_algorithm *crypto ) { - return ( crypto->blocksize == 1 ); +static inline void cipher_setiv ( struct cipher_algorithm *cipher, + void *ctx, const void *iv ) { + cipher->setiv ( ctx, iv ); } -extern struct crypto_algorithm crypto_null; +static inline int is_stream_cipher ( struct cipher_algorithm *cipher ) { + return ( cipher->blocksize == 1 ); +} -extern int cipher_encrypt ( struct crypto_algorithm *crypto, +extern int cipher_encrypt ( struct cipher_algorithm *cipher, void *ctx, const void *src, void *dst, size_t len ); -extern int cipher_decrypt ( struct crypto_algorithm *crypto, +extern int cipher_decrypt ( struct cipher_algorithm *cipher, void *ctx, const void *src, void *dst, size_t len ); +extern struct digest_algorithm digest_null; +extern struct cipher_algorithm cipher_null; +extern struct pubkey_algorithm pubkey_null; + #endif /* _GPXE_CRYPTO_H */ diff --git a/src/include/gpxe/hmac.h b/src/include/gpxe/hmac.h index fd34db04..67aefdce 100644 --- a/src/include/gpxe/hmac.h +++ b/src/include/gpxe/hmac.h @@ -16,15 +16,15 @@ * @v data Data * @v len Length of data */ -static inline void hmac_update ( struct crypto_algorithm *digest, +static inline void hmac_update ( struct digest_algorithm *digest, void *digest_ctx, const void *data, size_t len ) { digest_update ( digest, digest_ctx, data, len ); } -extern void hmac_init ( struct crypto_algorithm *digest, void *digest_ctx, +extern void hmac_init ( struct digest_algorithm *digest, void *digest_ctx, void *key, size_t *key_len ); -extern void hmac_final ( struct crypto_algorithm *digest, void *digest_ctx, +extern void hmac_final ( struct digest_algorithm *digest, void *digest_ctx, void *key, size_t *key_len, void *hmac ); #endif /* _GPXE_HMAC_H */ diff --git a/src/include/gpxe/md5.h b/src/include/gpxe/md5.h index 304a0e64..f8976a19 100644 --- a/src/include/gpxe/md5.h +++ b/src/include/gpxe/md5.h @@ -1,7 +1,7 @@ #ifndef _GPXE_MD5_H #define _GPXE_MD5_H -struct crypto_algorithm; +struct digest_algorithm; #include @@ -17,6 +17,6 @@ struct md5_ctx { #define MD5_CTX_SIZE sizeof ( struct md5_ctx ) -extern struct crypto_algorithm md5_algorithm; +extern struct digest_algorithm md5_algorithm; #endif /* _GPXE_MD5_H */ diff --git a/src/include/gpxe/rsa.h b/src/include/gpxe/rsa.h index ce15cfa0..e30e1a5a 100644 --- a/src/include/gpxe/rsa.h +++ b/src/include/gpxe/rsa.h @@ -1,9 +1,9 @@ #ifndef _GPXE_RSA_H #define _GPXE_RSA_H -struct crypto_algorithm; +struct pubkey_algorithm; -extern struct crypto_algorithm rsa_algorithm; +extern struct pubkey_algorithm rsa_algorithm; #include "crypto/axtls/crypto.h" diff --git a/src/include/gpxe/sha1.h b/src/include/gpxe/sha1.h index 2d6e90dd..66370d42 100644 --- a/src/include/gpxe/sha1.h +++ b/src/include/gpxe/sha1.h @@ -3,11 +3,11 @@ #include "crypto/axtls/crypto.h" -struct crypto_algorithm; +struct digest_algorithm; #define SHA1_CTX_SIZE sizeof ( SHA1_CTX ) #define SHA1_DIGEST_SIZE SHA1_SIZE -extern struct crypto_algorithm sha1_algorithm; +extern struct digest_algorithm sha1_algorithm; #endif /* _GPXE_SHA1_H */ diff --git a/src/include/gpxe/tls.h b/src/include/gpxe/tls.h index 182bc49d..ddec7bec 100644 --- a/src/include/gpxe/tls.h +++ b/src/include/gpxe/tls.h @@ -91,11 +91,11 @@ enum tls_tx_state { /** A TLS cipher specification */ struct tls_cipherspec { /** Public-key encryption algorithm */ - struct crypto_algorithm *pubkey; + struct pubkey_algorithm *pubkey; /** Bulk encryption cipher algorithm */ - struct crypto_algorithm *cipher; + struct cipher_algorithm *cipher; /** MAC digest algorithm */ - struct crypto_algorithm *digest; + struct digest_algorithm *digest; /** Key length */ size_t key_len; /** Dynamically-allocated storage */ diff --git a/src/net/tls.c b/src/net/tls.c index f8e5318b..024b45db 100644 --- a/src/net/tls.c +++ b/src/net/tls.c @@ -136,7 +136,7 @@ static void tls_generate_random ( void *data, size_t len ) { * @v digest_ctx Digest context * @v args ( data, len ) pairs of data, terminated by NULL */ -static void tls_hmac_update_va ( struct crypto_algorithm *digest, +static void tls_hmac_update_va ( struct digest_algorithm *digest, void *digest_ctx, va_list args ) { void *data; size_t len; @@ -159,7 +159,7 @@ static void tls_hmac_update_va ( struct crypto_algorithm *digest, * @v seeds ( data, len ) pairs of seed data, terminated by NULL */ static void tls_p_hash_va ( struct tls_session *tls, - struct crypto_algorithm *digest, + struct digest_algorithm *digest, void *secret, size_t secret_len, void *out, size_t out_len, va_list seeds ) { @@ -409,9 +409,9 @@ static void tls_clear_cipher ( struct tls_session *tls __unused, struct tls_cipherspec *cipherspec ) { free ( cipherspec->dynamic ); memset ( cipherspec, 0, sizeof ( cipherspec ) ); - cipherspec->pubkey = &crypto_null; - cipherspec->cipher = &crypto_null; - cipherspec->digest = &crypto_null; + cipherspec->pubkey = &pubkey_null; + cipherspec->cipher = &cipher_null; + cipherspec->digest = &digest_null; } /** @@ -427,9 +427,9 @@ static void tls_clear_cipher ( struct tls_session *tls __unused, */ static int tls_set_cipher ( struct tls_session *tls, struct tls_cipherspec *cipherspec, - struct crypto_algorithm *pubkey, - struct crypto_algorithm *cipher, - struct crypto_algorithm *digest, + struct pubkey_algorithm *pubkey, + struct cipher_algorithm *cipher, + struct digest_algorithm *digest, size_t key_len ) { size_t total; void *dynamic; @@ -473,9 +473,9 @@ static int tls_set_cipher ( struct tls_session *tls, */ static int tls_select_cipher ( struct tls_session *tls, unsigned int cipher_suite ) { - struct crypto_algorithm *pubkey = &crypto_null; - struct crypto_algorithm *cipher = &crypto_null; - struct crypto_algorithm *digest = &crypto_null; + struct pubkey_algorithm *pubkey = &pubkey_null; + struct cipher_algorithm *cipher = &cipher_null; + struct digest_algorithm *digest = &digest_null; unsigned int key_len = 0; int rc; @@ -524,9 +524,9 @@ static int tls_change_cipher ( struct tls_session *tls, /* Sanity check */ if ( /* FIXME (when pubkey is not hard-coded to RSA): - * ( pending->pubkey == &crypto_null ) || */ - ( pending->cipher == &crypto_null ) || - ( pending->digest == &crypto_null ) ) { + * ( pending->pubkey == &pubkey_null ) || */ + ( pending->cipher == &cipher_null ) || + ( pending->digest == &digest_null ) ) { DBGC ( tls, "TLS %p refusing to use null cipher\n", tls ); return -ENOTSUP; } @@ -567,8 +567,8 @@ static void tls_add_handshake ( struct tls_session *tls, * far. */ static void tls_verify_handshake ( struct tls_session *tls, void *out ) { - struct crypto_algorithm *md5 = &md5_algorithm; - struct crypto_algorithm *sha1 = &sha1_algorithm; + struct digest_algorithm *md5 = &md5_algorithm; + struct digest_algorithm *sha1 = &sha1_algorithm; uint8_t md5_ctx[md5->ctxsize]; uint8_t sha1_ctx[sha1->ctxsize]; void *md5_digest = out; @@ -1060,7 +1060,7 @@ static void tls_hmac ( struct tls_session *tls __unused, struct tls_cipherspec *cipherspec, uint64_t seq, struct tls_header *tlshdr, const void *data, size_t len, void *hmac ) { - struct crypto_algorithm *digest = cipherspec->digest; + struct digest_algorithm *digest = cipherspec->digest; uint8_t digest_ctx[digest->ctxsize]; hmac_init ( digest, digest_ctx, cipherspec->mac_secret, -- cgit v1.2.3-55-g7522