aboutsummaryrefslogtreecommitdiffstats
path: root/gpxe/src/crypto
diff options
context:
space:
mode:
Diffstat (limited to 'gpxe/src/crypto')
-rw-r--r--gpxe/src/crypto/axtls/aes.c10
-rw-r--r--gpxe/src/crypto/axtls/crypto.h2
-rw-r--r--gpxe/src/crypto/axtls_aes.c153
-rw-r--r--gpxe/src/crypto/axtls_sha1.c7
-rw-r--r--gpxe/src/crypto/cbc.c99
-rw-r--r--gpxe/src/crypto/chap.c2
-rw-r--r--gpxe/src/crypto/cipher.c24
-rw-r--r--gpxe/src/crypto/crypto_null.c62
-rw-r--r--gpxe/src/crypto/hmac.c6
-rw-r--r--gpxe/src/crypto/md5.c7
10 files changed, 287 insertions, 85 deletions
diff --git a/gpxe/src/crypto/axtls/aes.c b/gpxe/src/crypto/axtls/aes.c
index 9154a515..0c0d7247 100644
--- a/gpxe/src/crypto/axtls/aes.c
+++ b/gpxe/src/crypto/axtls/aes.c
@@ -152,10 +152,6 @@ static const unsigned char Rcon[30]=
0xb3,0x7d,0xfa,0xef,0xc5,0x91,
};
-/* ----- static functions ----- */
-static void AES_encrypt(const AES_CTX *ctx, uint32_t *data);
-static void AES_decrypt(const AES_CTX *ctx, uint32_t *data);
-
/* Perform doubling in Galois Field GF(2^8) using the irreducible polynomial
x^8+x^4+x^3+x+1 */
static unsigned char AES_xtime(uint32_t x)
@@ -257,6 +253,7 @@ void AES_convert_key(AES_CTX *ctx)
}
}
+#if 0
/**
* Encrypt a byte sequence (with a block size 16) using the AES cipher.
*/
@@ -358,11 +355,12 @@ void AES_cbc_decrypt(AES_CTX *ctx, const uint8_t *msg, uint8_t *out, int length)
l2n(xor2, iv);
l2n(xor3, iv);
}
+#endif
/**
* Encrypt a single block (16 bytes) of data
*/
-static void AES_encrypt(const AES_CTX *ctx, uint32_t *data)
+void AES_encrypt(const AES_CTX *ctx, uint32_t *data)
{
/* To make this code smaller, generate the sbox entries on the fly.
* This will have a really heavy effect upon performance.
@@ -418,7 +416,7 @@ static void AES_encrypt(const AES_CTX *ctx, uint32_t *data)
/**
* Decrypt a single block (16 bytes) of data
*/
-static void AES_decrypt(const AES_CTX *ctx, uint32_t *data)
+void AES_decrypt(const AES_CTX *ctx, uint32_t *data)
{
uint32_t tmp[4];
uint32_t xt0,xt1,xt2,xt3,xt4,xt5,xt6;
diff --git a/gpxe/src/crypto/axtls/crypto.h b/gpxe/src/crypto/axtls/crypto.h
index de1dbeb4..12acb27f 100644
--- a/gpxe/src/crypto/axtls/crypto.h
+++ b/gpxe/src/crypto/axtls/crypto.h
@@ -55,6 +55,8 @@ void AES_cbc_encrypt(AES_CTX *ctx, const uint8_t *msg,
uint8_t *out, int length);
void AES_cbc_decrypt(AES_CTX *ks, const uint8_t *in, uint8_t *out, int length);
void AES_convert_key(AES_CTX *ctx);
+void AES_encrypt(const AES_CTX *ctx, uint32_t *data);
+void AES_decrypt(const AES_CTX *ctx, uint32_t *data);
/**************************************************************************
* RC4 declarations
diff --git a/gpxe/src/crypto/axtls_aes.c b/gpxe/src/crypto/axtls_aes.c
index ac7e921d..51e1924e 100644
--- a/gpxe/src/crypto/axtls_aes.c
+++ b/gpxe/src/crypto/axtls_aes.c
@@ -1,12 +1,58 @@
-#include "crypto/axtls/crypto.h"
+/*
+ * Copyright (C) 2007 Michael Brown <mbrown@fensystems.co.uk>.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 of the
+ * License, or any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
#include <string.h>
#include <errno.h>
+#include <byteswap.h>
#include <gpxe/crypto.h>
+#include <gpxe/cbc.h>
#include <gpxe/aes.h>
+#include "crypto/axtls/crypto.h"
+
+/** @file
+ *
+ * AES algorithm
+ *
+ */
+
+/** Basic AES blocksize */
+#define AES_BLOCKSIZE 16
+
+/** AES context */
+struct aes_context {
+ /** AES context for AXTLS */
+ AES_CTX axtls_ctx;
+ /** Cipher is being used for decrypting */
+ int decrypting;
+};
+/**
+ * Set key
+ *
+ * @v ctx Context
+ * @v key Key
+ * @v keylen Key length
+ * @ret rc Return status code
+ */
static int aes_setkey ( void *ctx, const void *key, size_t keylen ) {
- AES_CTX *aesctx = ctx;
+ struct aes_context *aes_ctx = ctx;
AES_MODE mode;
+ void *iv;
switch ( keylen ) {
case ( 128 / 8 ):
@@ -19,36 +65,103 @@ static int aes_setkey ( void *ctx, const void *key, size_t keylen ) {
return -EINVAL;
}
- AES_set_key ( aesctx, key, aesctx->iv, mode );
+ /* IV is not a relevant concept at this stage; use a dummy
+ * value that will have no side-effects.
+ */
+ iv = &aes_ctx->axtls_ctx.iv;
+
+ AES_set_key ( &aes_ctx->axtls_ctx, key, iv, mode );
+
+ aes_ctx->decrypting = 0;
+
return 0;
}
-static void aes_setiv ( void *ctx, const void *iv ) {
- AES_CTX *aesctx = ctx;
+/**
+ * Set initialisation vector
+ *
+ * @v ctx Context
+ * @v iv Initialisation vector
+ */
+static void aes_setiv ( void *ctx __unused, const void *iv __unused ) {
+ /* Nothing to do */
+}
- memcpy ( aesctx->iv, iv, sizeof ( aesctx->iv ) );
+/**
+ * Call AXTLS' AES_encrypt() or AES_decrypt() functions
+ *
+ * @v axtls_ctx AXTLS AES context
+ * @v src Data to process
+ * @v dst Buffer for output
+ * @v func AXTLS AES function to call
+ */
+static void aes_call_axtls ( AES_CTX *axtls_ctx, const void *src, void *dst,
+ void ( * func ) ( const AES_CTX *axtls_ctx,
+ uint32_t *data ) ){
+ const uint32_t *srcl = src;
+ uint32_t *dstl = dst;
+ unsigned int i;
+
+ /* AXTLS' AES_encrypt() and AES_decrypt() functions both
+ * expect to deal with an array of four dwords in host-endian
+ * order.
+ */
+ for ( i = 0 ; i < 4 ; i++ )
+ dstl[i] = ntohl ( srcl[i] );
+ func ( axtls_ctx, dstl );
+ for ( i = 0 ; i < 4 ; i++ )
+ dstl[i] = htonl ( dstl[i] );
}
-static void aes_encrypt ( void *ctx, const void *data, void *dst,
+/**
+ * Encrypt data
+ *
+ * @v ctx Context
+ * @v src Data to encrypt
+ * @v dst Buffer for encrypted data
+ * @v len Length of data
+ */
+static void aes_encrypt ( void *ctx, const void *src, void *dst,
size_t len ) {
- AES_CTX *aesctx = ctx;
+ struct aes_context *aes_ctx = ctx;
- AES_cbc_encrypt ( aesctx, data, dst, len );
+ assert ( len == AES_BLOCKSIZE );
+ if ( aes_ctx->decrypting )
+ assert ( 0 );
+ aes_call_axtls ( &aes_ctx->axtls_ctx, src, dst, AES_encrypt );
}
-static void aes_decrypt ( void *ctx, const void *data, void *dst,
+/**
+ * Decrypt data
+ *
+ * @v ctx Context
+ * @v src Data to decrypt
+ * @v dst Buffer for decrypted data
+ * @v len Length of data
+ */
+static void aes_decrypt ( void *ctx, const void *src, void *dst,
size_t len ) {
- AES_CTX *aesctx = ctx;
+ struct aes_context *aes_ctx = ctx;
- AES_cbc_decrypt ( aesctx, data, dst, len );
+ assert ( len == AES_BLOCKSIZE );
+ if ( ! aes_ctx->decrypting ) {
+ AES_convert_key ( &aes_ctx->axtls_ctx );
+ aes_ctx->decrypting = 1;
+ }
+ aes_call_axtls ( &aes_ctx->axtls_ctx, src, dst, AES_decrypt );
}
-struct crypto_algorithm aes_algorithm = {
- .name = "aes",
- .ctxsize = sizeof ( AES_CTX ),
- .blocksize = 16,
- .setkey = aes_setkey,
- .setiv = aes_setiv,
- .encode = aes_encrypt,
- .decode = aes_decrypt,
+/** Basic AES algorithm */
+static struct cipher_algorithm aes_algorithm = {
+ .name = "aes",
+ .ctxsize = sizeof ( struct aes_context ),
+ .blocksize = AES_BLOCKSIZE,
+ .setkey = aes_setkey,
+ .setiv = aes_setiv,
+ .encrypt = aes_encrypt,
+ .decrypt = aes_decrypt,
};
+
+/* AES with cipher-block chaining */
+CBC_CIPHER ( aes_cbc, aes_cbc_algorithm,
+ aes_algorithm, struct aes_context, AES_BLOCKSIZE );
diff --git a/gpxe/src/crypto/axtls_sha1.c b/gpxe/src/crypto/axtls_sha1.c
index 62ff878a..841e193b 100644
--- a/gpxe/src/crypto/axtls_sha1.c
+++ b/gpxe/src/crypto/axtls_sha1.c
@@ -6,8 +6,7 @@ static void sha1_init ( void *ctx ) {
SHA1Init ( ctx );
}
-static void sha1_update ( void *ctx, const void *data, void *dst __unused,
- size_t len ) {
+static void sha1_update ( void *ctx, const void *data, size_t len ) {
SHA1Update ( ctx, data, len );
}
@@ -15,12 +14,12 @@ static void sha1_final ( void *ctx, void *out ) {
SHA1Final ( ctx, out );
}
-struct crypto_algorithm sha1_algorithm = {
+struct digest_algorithm sha1_algorithm = {
.name = "sha1",
.ctxsize = SHA1_CTX_SIZE,
.blocksize = 64,
.digestsize = SHA1_DIGEST_SIZE,
.init = sha1_init,
- .encode = sha1_update,
+ .update = sha1_update,
.final = sha1_final,
};
diff --git a/gpxe/src/crypto/cbc.c b/gpxe/src/crypto/cbc.c
new file mode 100644
index 00000000..c7116ea9
--- /dev/null
+++ b/gpxe/src/crypto/cbc.c
@@ -0,0 +1,99 @@
+/*
+ * Copyright (C) 2009 Michael Brown <mbrown@fensystems.co.uk>.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 of the
+ * License, or any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+#include <string.h>
+#include <assert.h>
+#include <gpxe/crypto.h>
+#include <gpxe/cbc.h>
+
+/** @file
+ *
+ * Cipher-block chaining
+ *
+ */
+
+/**
+ * XOR data blocks
+ *
+ * @v src Input data
+ * @v dst Second input data and output data buffer
+ * @v len Length of data
+ */
+static void cbc_xor ( const void *src, void *dst, size_t len ) {
+ const uint32_t *srcl = src;
+ uint32_t *dstl = dst;
+ unsigned int i;
+
+ /* Assume that block sizes will always be dword-aligned, for speed */
+ assert ( ( len % sizeof ( *srcl ) ) == 0 );
+
+ for ( i = 0 ; i < ( len / sizeof ( *srcl ) ) ; i++ )
+ dstl[i] ^= srcl[i];
+}
+
+/**
+ * Encrypt data
+ *
+ * @v ctx Context
+ * @v src Data to encrypt
+ * @v dst Buffer for encrypted data
+ * @v len Length of data
+ * @v raw_cipher Underlying cipher algorithm
+ * @v cbc_ctx CBC context
+ */
+void cbc_encrypt ( void *ctx, const void *src, void *dst, size_t len,
+ struct cipher_algorithm *raw_cipher, void *cbc_ctx ) {
+ size_t blocksize = raw_cipher->blocksize;
+
+ assert ( ( len % blocksize ) == 0 );
+
+ while ( len ) {
+ cbc_xor ( src, cbc_ctx, blocksize );
+ cipher_encrypt ( raw_cipher, ctx, cbc_ctx, dst, blocksize );
+ memcpy ( cbc_ctx, dst, blocksize );
+ dst += blocksize;
+ src += blocksize;
+ len -= blocksize;
+ }
+}
+
+/**
+ * Decrypt data
+ *
+ * @v ctx Context
+ * @v src Data to decrypt
+ * @v dst Buffer for decrypted data
+ * @v len Length of data
+ * @v raw_cipher Underlying cipher algorithm
+ * @v cbc_ctx CBC context
+ */
+void cbc_decrypt ( void *ctx, const void *src, void *dst, size_t len,
+ struct cipher_algorithm *raw_cipher, void *cbc_ctx ) {
+ size_t blocksize = raw_cipher->blocksize;
+
+ assert ( ( len % blocksize ) == 0 );
+
+ while ( len ) {
+ cipher_decrypt ( raw_cipher, ctx, src, dst, blocksize );
+ cbc_xor ( cbc_ctx, dst, blocksize );
+ memcpy ( cbc_ctx, src, blocksize );
+ dst += blocksize;
+ src += blocksize;
+ len -= blocksize;
+ }
+}
diff --git a/gpxe/src/crypto/chap.c b/gpxe/src/crypto/chap.c
index 59b70e39..d0784d25 100644
--- a/gpxe/src/crypto/chap.c
+++ b/gpxe/src/crypto/chap.c
@@ -42,7 +42,7 @@
* eventually be freed by a call to chap_finish().
*/
int chap_init ( struct chap_response *chap,
- struct crypto_algorithm *digest ) {
+ struct digest_algorithm *digest ) {
size_t state_len;
void *state;
diff --git a/gpxe/src/crypto/cipher.c b/gpxe/src/crypto/cipher.c
deleted file mode 100644
index 9c392009..00000000
--- a/gpxe/src/crypto/cipher.c
+++ /dev/null
@@ -1,24 +0,0 @@
-#include <stdint.h>
-#include <errno.h>
-#include <gpxe/crypto.h>
-
-int cipher_encrypt ( struct crypto_algorithm *crypto,
- void *ctx, const void *src, void *dst,
- size_t len ) {
- if ( ( len & ( crypto->blocksize - 1 ) ) ) {
- return -EINVAL;
- }
- crypto->encode ( ctx, src, dst, len );
- return 0;
-}
-
-int cipher_decrypt ( struct crypto_algorithm *crypto,
- void *ctx, const void *src, void *dst,
- size_t len ) {
- if ( ( len & ( crypto->blocksize - 1 ) ) ) {
- return -EINVAL;
- }
- crypto->decode ( ctx, src, dst, len );
- return 0;
-}
-
diff --git a/gpxe/src/crypto/crypto_null.c b/gpxe/src/crypto/crypto_null.c
index 120ef0a6..8cc9217a 100644
--- a/gpxe/src/crypto/crypto_null.c
+++ b/gpxe/src/crypto/crypto_null.c
@@ -25,45 +25,61 @@
#include <string.h>
#include <gpxe/crypto.h>
-static void null_init ( void *ctx __unused ) {
+static void digest_null_init ( void *ctx __unused ) {
/* Do nothing */
}
-static int null_setkey ( void *ctx __unused, const void *key __unused,
- size_t keylen __unused ) {
+static void digest_null_update ( void *ctx __unused, const void *src __unused,
+ size_t len __unused ) {
/* Do nothing */
- return 0;
}
-static void null_setiv ( void *ctx __unused, const void *iv __unused ) {
+static void digest_null_final ( void *ctx __unused, void *out __unused ) {
/* Do nothing */
}
-static void null_encode ( void *ctx __unused, const void *src,
- void *dst, size_t len ) {
- if ( dst )
- memcpy ( dst, src, len );
-}
+struct digest_algorithm digest_null = {
+ .name = "null",
+ .ctxsize = 0,
+ .blocksize = 1,
+ .digestsize = 0,
+ .init = digest_null_init,
+ .update = digest_null_update,
+ .final = digest_null_final,
+};
-static void null_decode ( void *ctx __unused, const void *src,
- void *dst, size_t len ) {
- if ( dst )
- memcpy ( dst, src, len );
+static int cipher_null_setkey ( void *ctx __unused, const void *key __unused,
+ size_t keylen __unused ) {
+ /* Do nothing */
+ return 0;
}
-static void null_final ( void *ctx __unused, void *out __unused ) {
+static void cipher_null_setiv ( void *ctx __unused,
+ const void *iv __unused ) {
/* Do nothing */
}
-struct crypto_algorithm crypto_null = {
+static void cipher_null_encrypt ( void *ctx __unused, const void *src,
+ void *dst, size_t len ) {
+ memcpy ( dst, src, len );
+}
+
+static void cipher_null_decrypt ( void *ctx __unused, const void *src,
+ void *dst, size_t len ) {
+ memcpy ( dst, src, len );
+}
+
+struct cipher_algorithm cipher_null = {
.name = "null",
.ctxsize = 0,
.blocksize = 1,
- .digestsize = 0,
- .init = null_init,
- .setkey = null_setkey,
- .setiv = null_setiv,
- .encode = null_encode,
- .decode = null_decode,
- .final = null_final,
+ .setkey = cipher_null_setkey,
+ .setiv = cipher_null_setiv,
+ .encrypt = cipher_null_encrypt,
+ .decrypt = cipher_null_decrypt,
+};
+
+struct pubkey_algorithm pubkey_null = {
+ .name = "null",
+ .ctxsize = 0,
};
diff --git a/gpxe/src/crypto/hmac.c b/gpxe/src/crypto/hmac.c
index 6884bde9..be0298a7 100644
--- a/gpxe/src/crypto/hmac.c
+++ b/gpxe/src/crypto/hmac.c
@@ -35,7 +35,7 @@
* @v key Key
* @v key_len Length of key
*/
-static void hmac_reduce_key ( struct crypto_algorithm *digest,
+static void hmac_reduce_key ( struct digest_algorithm *digest,
void *key, size_t *key_len ) {
uint8_t digest_ctx[digest->ctxsize];
@@ -58,7 +58,7 @@ static void hmac_reduce_key ( struct crypto_algorithm *digest,
* will be replaced with its own digest, and key_len will be updated
* accordingly).
*/
-void hmac_init ( struct crypto_algorithm *digest, void *digest_ctx,
+void hmac_init ( struct digest_algorithm *digest, void *digest_ctx,
void *key, size_t *key_len ) {
unsigned char k_ipad[digest->blocksize];
unsigned int i;
@@ -93,7 +93,7 @@ void hmac_init ( struct crypto_algorithm *digest, void *digest_ctx,
* will be replaced with its own digest, and key_len will be updated
* accordingly).
*/
-void hmac_final ( struct crypto_algorithm *digest, void *digest_ctx,
+void hmac_final ( struct digest_algorithm *digest, void *digest_ctx,
void *key, size_t *key_len, void *hmac ) {
unsigned char k_opad[digest->blocksize];
unsigned int i;
diff --git a/gpxe/src/crypto/md5.c b/gpxe/src/crypto/md5.c
index 1fed24fc..76fb8a69 100644
--- a/gpxe/src/crypto/md5.c
+++ b/gpxe/src/crypto/md5.c
@@ -167,8 +167,7 @@ static void md5_init(void *context)
mctx->byte_count = 0;
}
-static void md5_update(void *context, const void *data, void *dst __unused,
- size_t len)
+static void md5_update(void *context, const void *data, size_t len)
{
struct md5_ctx *mctx = context;
const u32 avail = sizeof(mctx->block) - (mctx->byte_count & 0x3f);
@@ -224,12 +223,12 @@ static void md5_final(void *context, void *out)
memset(mctx, 0, sizeof(*mctx));
}
-struct crypto_algorithm md5_algorithm = {
+struct digest_algorithm md5_algorithm = {
.name = "md5",
.ctxsize = MD5_CTX_SIZE,
.blocksize = ( MD5_BLOCK_WORDS * 4 ),
.digestsize = MD5_DIGEST_SIZE,
.init = md5_init,
- .encode = md5_update,
+ .update = md5_update,
.final = md5_final,
};