aboutsummaryrefslogtreecommitdiffstats
path: root/gpxe/src/include
diff options
context:
space:
mode:
authorH. Peter Anvin <hpa@linux.intel.com>2009-03-11 19:46:35 -0700
committerH. Peter Anvin <hpa@linux.intel.com>2009-03-11 19:46:35 -0700
commitd16e5e8e8ea526326ed6f8880464399624bfe171 (patch)
tree9d1eb354f74532c219d31607e28840c4ebde3103 /gpxe/src/include
parent43224f02c231ed97a15d8300eaaf69ad8118d222 (diff)
downloadsyslinux-elf-syslinux-3.74-pre3.tar.gz
syslinux-elf-syslinux-3.74-pre3.tar.xz
syslinux-elf-syslinux-3.74-pre3.zip
Update gPXE to version 0.9.7syslinux-3.74-pre3
Diffstat (limited to 'gpxe/src/include')
-rw-r--r--gpxe/src/include/gpxe/aes.h4
-rw-r--r--gpxe/src/include/gpxe/cbc.h98
-rw-r--r--gpxe/src/include/gpxe/chap.h6
-rw-r--r--gpxe/src/include/gpxe/crypto.h130
-rw-r--r--gpxe/src/include/gpxe/hmac.h6
-rw-r--r--gpxe/src/include/gpxe/image.h9
-rw-r--r--gpxe/src/include/gpxe/iscsi.h11
-rw-r--r--gpxe/src/include/gpxe/md5.h4
-rw-r--r--gpxe/src/include/gpxe/rsa.h4
-rw-r--r--gpxe/src/include/gpxe/sha1.h4
-rw-r--r--gpxe/src/include/gpxe/tls.h6
11 files changed, 216 insertions, 66 deletions
diff --git a/gpxe/src/include/gpxe/aes.h b/gpxe/src/include/gpxe/aes.h
index 75cb4c44..bdb4b351 100644
--- a/gpxe/src/include/gpxe/aes.h
+++ b/gpxe/src/include/gpxe/aes.h
@@ -1,8 +1,8 @@
#ifndef _GPXE_AES_H
#define _GPXE_AES_H
-struct crypto_algorithm;
+struct cipher_algorithm;
-extern struct crypto_algorithm aes_algorithm;
+extern struct cipher_algorithm aes_cbc_algorithm;
#endif /* _GPXE_AES_H */
diff --git a/gpxe/src/include/gpxe/cbc.h b/gpxe/src/include/gpxe/cbc.h
new file mode 100644
index 00000000..fcc115eb
--- /dev/null
+++ b/gpxe/src/include/gpxe/cbc.h
@@ -0,0 +1,98 @@
+#ifndef _GPXE_CBC_H
+#define _GPXE_CBC_H
+
+/** @file
+ *
+ * Cipher-block chaining
+ *
+ */
+
+#include <gpxe/crypto.h>
+
+/**
+ * Set key
+ *
+ * @v ctx Context
+ * @v key Key
+ * @v keylen Key length
+ * @v raw_cipher Underlying cipher algorithm
+ * @v cbc_ctx CBC context
+ * @ret rc Return status code
+ */
+static inline int cbc_setkey ( void *ctx, const void *key, size_t keylen,
+ struct cipher_algorithm *raw_cipher,
+ void *cbc_ctx __unused ) {
+
+ return cipher_setkey ( raw_cipher, ctx, key, keylen );
+}
+
+/**
+ * Set initialisation vector
+ *
+ * @v ctx Context
+ * @v iv Initialisation vector
+ * @v raw_cipher Underlying cipher algorithm
+ * @v cbc_ctx CBC context
+ */
+static inline void cbc_setiv ( void *ctx __unused, const void *iv,
+ struct cipher_algorithm *raw_cipher,
+ void *cbc_ctx ) {
+ memcpy ( cbc_ctx, iv, raw_cipher->blocksize );
+}
+
+extern void cbc_encrypt ( void *ctx, const void *src, void *dst,
+ size_t len, struct cipher_algorithm *raw_cipher,
+ void *cbc_ctx );
+extern void cbc_decrypt ( void *ctx, const void *src, void *dst,
+ size_t len, struct cipher_algorithm *raw_cipher,
+ void *cbc_ctx );
+
+/**
+ * Create a cipher-block chaining mode of behaviour of an existing cipher
+ *
+ * @v _cbc_name Name for the new CBC cipher
+ * @v _cbc_cipher New cipher algorithm
+ * @v _raw_cipher Underlying cipher algorithm
+ * @v _raw_context Context structure for the underlying cipher
+ * @v _blocksize Cipher block size
+ */
+#define CBC_CIPHER( _cbc_name, _cbc_cipher, _raw_cipher, _raw_context, \
+ _blocksize ) \
+struct _cbc_name ## _context { \
+ _raw_context raw_ctx; \
+ uint8_t cbc_ctx[_blocksize]; \
+}; \
+static int _cbc_name ## _setkey ( void *ctx, const void *key, \
+ size_t keylen ) { \
+ struct _cbc_name ## _context * _cbc_name ## _ctx = ctx; \
+ return cbc_setkey ( &_cbc_name ## _ctx->raw_ctx, key, keylen, \
+ &_raw_cipher, &_cbc_name ## _ctx->cbc_ctx );\
+} \
+static void _cbc_name ## _setiv ( void *ctx, const void *iv ) { \
+ struct _cbc_name ## _context * _cbc_name ## _ctx = ctx; \
+ cbc_setiv ( &_cbc_name ## _ctx->raw_ctx, iv, \
+ &_raw_cipher, &aes_cbc_ctx->cbc_ctx ); \
+} \
+static void _cbc_name ## _encrypt ( void *ctx, const void *src, \
+ void *dst, size_t len ) { \
+ struct _cbc_name ## _context * _cbc_name ## _ctx = ctx; \
+ cbc_encrypt ( &_cbc_name ## _ctx->raw_ctx, src, dst, len, \
+ &_raw_cipher, &aes_cbc_ctx->cbc_ctx ); \
+} \
+static void _cbc_name ## _decrypt ( void *ctx, const void *src, \
+ void *dst, size_t len ) { \
+ struct _cbc_name ## _context * _cbc_name ## _ctx = ctx; \
+ cbc_decrypt ( &_cbc_name ## _ctx->raw_ctx, src, dst, len, \
+ &_raw_cipher, &aes_cbc_ctx->cbc_ctx ); \
+} \
+struct cipher_algorithm _cbc_cipher = { \
+ .name = #_cbc_name, \
+ .ctxsize = sizeof ( struct _cbc_name ## _context ), \
+ .blocksize = _blocksize, \
+ .setkey = _cbc_name ## _setkey, \
+ .setiv = _cbc_name ## _setiv, \
+ .encrypt = _cbc_name ## _encrypt, \
+ .decrypt = _cbc_name ## _decrypt, \
+};
+
+#endif /* _GPXE_CBC_H */
diff --git a/gpxe/src/include/gpxe/chap.h b/gpxe/src/include/gpxe/chap.h
index a7059cdb..87e5484f 100644
--- a/gpxe/src/include/gpxe/chap.h
+++ b/gpxe/src/include/gpxe/chap.h
@@ -10,12 +10,12 @@
#include <stdint.h>
#include <gpxe/md5.h>
-struct crypto_algorithm;
+struct digest_algorithm;
/** A CHAP response */
struct chap_response {
/** Digest algorithm used for the response */
- struct crypto_algorithm *digest;
+ struct digest_algorithm *digest;
/** Context used by the digest algorithm */
uint8_t *digest_context;
/** CHAP response */
@@ -25,7 +25,7 @@ struct chap_response {
};
extern int chap_init ( struct chap_response *chap,
- struct crypto_algorithm *digest );
+ struct digest_algorithm *digest );
extern void chap_update ( struct chap_response *chap, const void *data,
size_t len );
extern void chap_respond ( struct chap_response *chap );
diff --git a/gpxe/src/include/gpxe/crypto.h b/gpxe/src/include/gpxe/crypto.h
index 95665acc..10882d37 100644
--- a/gpxe/src/include/gpxe/crypto.h
+++ b/gpxe/src/include/gpxe/crypto.h
@@ -10,21 +10,46 @@
#include <stdint.h>
#include <stddef.h>
-/** A cryptographic algorithm */
-struct crypto_algorithm {
+/** A message digest algorithm */
+struct digest_algorithm {
/** Algorithm name */
const char *name;
/** Context size */
size_t ctxsize;
/** Block size */
size_t blocksize;
- /** Final output size */
+ /** Digest size */
size_t digestsize;
- /** Initialise algorithm
+ /** Initialise digest
*
* @v ctx Context
*/
void ( * init ) ( void *ctx );
+ /** Update digest with new data
+ *
+ * @v ctx Context
+ * @v src Data to digest
+ * @v len Length of data
+ *
+ * @v len is not necessarily a multiple of @c blocksize.
+ */
+ void ( * update ) ( void *ctx, const void *src, size_t len );
+ /** Finalise digest
+ *
+ * @v ctx Context
+ * @v out Buffer for digest output
+ */
+ void ( * final ) ( void *ctx, void *out );
+};
+
+/** A cipher algorithm */
+struct cipher_algorithm {
+ /** Algorithm name */
+ const char *name;
+ /** Context size */
+ size_t ctxsize;
+ /** Block size */
+ size_t blocksize;
/** Set key
*
* @v ctx Context
@@ -38,79 +63,90 @@ struct crypto_algorithm {
* @v ctx Context
* @v iv Initialisation vector
*/
- void ( *setiv ) ( void *ctx, const void *iv );
- /** Encode data
+ void ( * setiv ) ( void *ctx, const void *iv );
+ /** Encrypt data
*
* @v ctx Context
- * @v src Data to encode
- * @v dst Encoded data, or NULL
+ * @v src Data to encrypt
+ * @v dst Buffer for encrypted data
* @v len Length of data
- * @ret rc Return status code
- *
- * For a cipher algorithm, the enciphered data should be
- * placed in @c dst. For a digest algorithm, only the digest
- * state should be updated, and @c dst will be NULL.
*
* @v len is guaranteed to be a multiple of @c blocksize.
*/
- void ( * encode ) ( void *ctx, const void *src, void *dst,
- size_t len );
- /** Decode data
+ void ( * encrypt ) ( void *ctx, const void *src, void *dst,
+ size_t len );
+ /** Decrypt data
*
* @v ctx Context
- * @v src Data to decode
- * @v dst Decoded data
+ * @v src Data to decrypt
+ * @v dst Buffer for decrypted data
* @v len Length of data
- * @ret rc Return status code
*
* @v len is guaranteed to be a multiple of @c blocksize.
*/
- void ( * decode ) ( void *ctx, const void *src, void *dst,
- size_t len );
- /** Finalise algorithm
- *
- * @v ctx Context
- * @v out Algorithm final output
- */
- void ( * final ) ( void *ctx, void *out );
+ void ( * decrypt ) ( void *ctx, const void *src, void *dst,
+ size_t len );
};
-static inline void digest_init ( struct crypto_algorithm *crypto,
+/** A public key algorithm */
+struct pubkey_algorithm {
+ /** Algorithm name */
+ const char *name;
+ /** Context size */
+ size_t ctxsize;
+};
+
+static inline void digest_init ( struct digest_algorithm *digest,
void *ctx ) {
- crypto->init ( ctx );
+ digest->init ( ctx );
}
-static inline void digest_update ( struct crypto_algorithm *crypto,
+static inline void digest_update ( struct digest_algorithm *digest,
void *ctx, const void *data, size_t len ) {
- crypto->encode ( ctx, data, NULL, len );
+ digest->update ( ctx, data, len );
}
-static inline void digest_final ( struct crypto_algorithm *crypto,
+static inline void digest_final ( struct digest_algorithm *digest,
void *ctx, void *out ) {
- crypto->final ( ctx, out );
+ digest->final ( ctx, out );
+}
+
+static inline int cipher_setkey ( struct cipher_algorithm *cipher,
+ void *ctx, const void *key, size_t keylen ) {
+ return cipher->setkey ( ctx, key, keylen );
}
-static inline void cipher_setiv ( struct crypto_algorithm *crypto,
+static inline void cipher_setiv ( struct cipher_algorithm *cipher,
void *ctx, const void *iv ) {
- crypto->setiv ( ctx, iv );
+ cipher->setiv ( ctx, iv );
}
-static inline int cipher_setkey ( struct crypto_algorithm *crypto,
- void *ctx, const void *key, size_t keylen ) {
- return crypto->setkey ( ctx, key, keylen );
+static inline void cipher_encrypt ( struct cipher_algorithm *cipher,
+ void *ctx, const void *src, void *dst,
+ size_t len ) {
+ cipher->encrypt ( ctx, src, dst, len );
}
+#define cipher_encrypt( cipher, ctx, src, dst, len ) do { \
+ assert ( ( len & ( (cipher)->blocksize - 1 ) ) == 0 ); \
+ cipher_encrypt ( (cipher), (ctx), (src), (dst), (len) ); \
+ } while ( 0 )
-static inline int is_stream_cipher ( struct crypto_algorithm *crypto ) {
- return ( crypto->blocksize == 1 );
+static inline void cipher_decrypt ( struct cipher_algorithm *cipher,
+ void *ctx, const void *src, void *dst,
+ size_t len ) {
+ cipher->decrypt ( ctx, src, dst, len );
}
+#define cipher_decrypt( cipher, ctx, src, dst, len ) do { \
+ assert ( ( len & ( (cipher)->blocksize - 1 ) ) == 0 ); \
+ cipher_decrypt ( (cipher), (ctx), (src), (dst), (len) ); \
+ } while ( 0 )
-extern struct crypto_algorithm crypto_null;
+static inline int is_stream_cipher ( struct cipher_algorithm *cipher ) {
+ return ( cipher->blocksize == 1 );
+}
-extern int cipher_encrypt ( struct crypto_algorithm *crypto,
- void *ctx, const void *src, void *dst,
- size_t len );
-extern int cipher_decrypt ( struct crypto_algorithm *crypto,
- void *ctx, const void *src, void *dst,
- size_t len );
+extern struct digest_algorithm digest_null;
+extern struct cipher_algorithm cipher_null;
+extern struct pubkey_algorithm pubkey_null;
#endif /* _GPXE_CRYPTO_H */
diff --git a/gpxe/src/include/gpxe/hmac.h b/gpxe/src/include/gpxe/hmac.h
index fd34db04..67aefdce 100644
--- a/gpxe/src/include/gpxe/hmac.h
+++ b/gpxe/src/include/gpxe/hmac.h
@@ -16,15 +16,15 @@
* @v data Data
* @v len Length of data
*/
-static inline void hmac_update ( struct crypto_algorithm *digest,
+static inline void hmac_update ( struct digest_algorithm *digest,
void *digest_ctx, const void *data,
size_t len ) {
digest_update ( digest, digest_ctx, data, len );
}
-extern void hmac_init ( struct crypto_algorithm *digest, void *digest_ctx,
+extern void hmac_init ( struct digest_algorithm *digest, void *digest_ctx,
void *key, size_t *key_len );
-extern void hmac_final ( struct crypto_algorithm *digest, void *digest_ctx,
+extern void hmac_final ( struct digest_algorithm *digest, void *digest_ctx,
void *key, size_t *key_len, void *hmac );
#endif /* _GPXE_HMAC_H */
diff --git a/gpxe/src/include/gpxe/image.h b/gpxe/src/include/gpxe/image.h
index f8b1482e..b953e150 100644
--- a/gpxe/src/include/gpxe/image.h
+++ b/gpxe/src/include/gpxe/image.h
@@ -133,6 +133,15 @@ extern struct list_head images;
#define for_each_image( image ) \
list_for_each_entry ( (image), &images, list )
+/**
+ * Test for existence of images
+ *
+ * @ret existence Some images exist
+ */
+static inline int have_images ( void ) {
+ return ( ! list_empty ( &images ) );
+}
+
extern struct image * alloc_image ( void );
extern int image_set_uri ( struct image *image, struct uri *uri );
extern int image_set_cmdline ( struct image *image, const char *cmdline );
diff --git a/gpxe/src/include/gpxe/iscsi.h b/gpxe/src/include/gpxe/iscsi.h
index fd96fdfe..0510974e 100644
--- a/gpxe/src/include/gpxe/iscsi.h
+++ b/gpxe/src/include/gpxe/iscsi.h
@@ -530,8 +530,6 @@ struct iscsi_session {
char *target_username;
/** Target password (if any) */
char *target_password;
- /** Target has authenticated acceptably */
- int target_auth_ok;
/** CHAP challenge (for target auth only)
*
* This is a block of random data; the first byte is used as
@@ -664,6 +662,15 @@ struct iscsi_session {
/** Mask for all iSCSI "needs to send" flags */
#define ISCSI_STATUS_STRINGS_MASK 0xff00
+/** Target has requested forward (initiator) authentication */
+#define ISCSI_STATUS_AUTH_FORWARD_REQUIRED 0x00010000
+
+/** Initiator requires target (reverse) authentication */
+#define ISCSI_STATUS_AUTH_REVERSE_REQUIRED 0x00020000
+
+/** Target authenticated itself correctly */
+#define ISCSI_STATUS_AUTH_REVERSE_OK 0x00040000
+
/** Maximum number of retries at connecting */
#define ISCSI_MAX_RETRIES 2
diff --git a/gpxe/src/include/gpxe/md5.h b/gpxe/src/include/gpxe/md5.h
index 304a0e64..f8976a19 100644
--- a/gpxe/src/include/gpxe/md5.h
+++ b/gpxe/src/include/gpxe/md5.h
@@ -1,7 +1,7 @@
#ifndef _GPXE_MD5_H
#define _GPXE_MD5_H
-struct crypto_algorithm;
+struct digest_algorithm;
#include <stdint.h>
@@ -17,6 +17,6 @@ struct md5_ctx {
#define MD5_CTX_SIZE sizeof ( struct md5_ctx )
-extern struct crypto_algorithm md5_algorithm;
+extern struct digest_algorithm md5_algorithm;
#endif /* _GPXE_MD5_H */
diff --git a/gpxe/src/include/gpxe/rsa.h b/gpxe/src/include/gpxe/rsa.h
index ce15cfa0..e30e1a5a 100644
--- a/gpxe/src/include/gpxe/rsa.h
+++ b/gpxe/src/include/gpxe/rsa.h
@@ -1,9 +1,9 @@
#ifndef _GPXE_RSA_H
#define _GPXE_RSA_H
-struct crypto_algorithm;
+struct pubkey_algorithm;
-extern struct crypto_algorithm rsa_algorithm;
+extern struct pubkey_algorithm rsa_algorithm;
#include "crypto/axtls/crypto.h"
diff --git a/gpxe/src/include/gpxe/sha1.h b/gpxe/src/include/gpxe/sha1.h
index 2d6e90dd..66370d42 100644
--- a/gpxe/src/include/gpxe/sha1.h
+++ b/gpxe/src/include/gpxe/sha1.h
@@ -3,11 +3,11 @@
#include "crypto/axtls/crypto.h"
-struct crypto_algorithm;
+struct digest_algorithm;
#define SHA1_CTX_SIZE sizeof ( SHA1_CTX )
#define SHA1_DIGEST_SIZE SHA1_SIZE
-extern struct crypto_algorithm sha1_algorithm;
+extern struct digest_algorithm sha1_algorithm;
#endif /* _GPXE_SHA1_H */
diff --git a/gpxe/src/include/gpxe/tls.h b/gpxe/src/include/gpxe/tls.h
index 182bc49d..ddec7bec 100644
--- a/gpxe/src/include/gpxe/tls.h
+++ b/gpxe/src/include/gpxe/tls.h
@@ -91,11 +91,11 @@ enum tls_tx_state {
/** A TLS cipher specification */
struct tls_cipherspec {
/** Public-key encryption algorithm */
- struct crypto_algorithm *pubkey;
+ struct pubkey_algorithm *pubkey;
/** Bulk encryption cipher algorithm */
- struct crypto_algorithm *cipher;
+ struct cipher_algorithm *cipher;
/** MAC digest algorithm */
- struct crypto_algorithm *digest;
+ struct digest_algorithm *digest;
/** Key length */
size_t key_len;
/** Dynamically-allocated storage */