diff options
Diffstat (limited to 'gpxe/src/include/gpxe')
| -rw-r--r-- | gpxe/src/include/gpxe/aes.h | 4 | ||||
| -rw-r--r-- | gpxe/src/include/gpxe/cbc.h | 98 | ||||
| -rw-r--r-- | gpxe/src/include/gpxe/chap.h | 6 | ||||
| -rw-r--r-- | gpxe/src/include/gpxe/crypto.h | 130 | ||||
| -rw-r--r-- | gpxe/src/include/gpxe/hmac.h | 6 | ||||
| -rw-r--r-- | gpxe/src/include/gpxe/image.h | 9 | ||||
| -rw-r--r-- | gpxe/src/include/gpxe/iscsi.h | 11 | ||||
| -rw-r--r-- | gpxe/src/include/gpxe/md5.h | 4 | ||||
| -rw-r--r-- | gpxe/src/include/gpxe/rsa.h | 4 | ||||
| -rw-r--r-- | gpxe/src/include/gpxe/sha1.h | 4 | ||||
| -rw-r--r-- | gpxe/src/include/gpxe/tls.h | 6 |
11 files changed, 216 insertions, 66 deletions
diff --git a/gpxe/src/include/gpxe/aes.h b/gpxe/src/include/gpxe/aes.h index 75cb4c44..bdb4b351 100644 --- a/gpxe/src/include/gpxe/aes.h +++ b/gpxe/src/include/gpxe/aes.h @@ -1,8 +1,8 @@ #ifndef _GPXE_AES_H #define _GPXE_AES_H -struct crypto_algorithm; +struct cipher_algorithm; -extern struct crypto_algorithm aes_algorithm; +extern struct cipher_algorithm aes_cbc_algorithm; #endif /* _GPXE_AES_H */ diff --git a/gpxe/src/include/gpxe/cbc.h b/gpxe/src/include/gpxe/cbc.h new file mode 100644 index 00000000..fcc115eb --- /dev/null +++ b/gpxe/src/include/gpxe/cbc.h @@ -0,0 +1,98 @@ +#ifndef _GPXE_CBC_H +#define _GPXE_CBC_H + +/** @file + * + * Cipher-block chaining + * + */ + +#include <gpxe/crypto.h> + +/** + * Set key + * + * @v ctx Context + * @v key Key + * @v keylen Key length + * @v raw_cipher Underlying cipher algorithm + * @v cbc_ctx CBC context + * @ret rc Return status code + */ +static inline int cbc_setkey ( void *ctx, const void *key, size_t keylen, + struct cipher_algorithm *raw_cipher, + void *cbc_ctx __unused ) { + + return cipher_setkey ( raw_cipher, ctx, key, keylen ); +} + +/** + * Set initialisation vector + * + * @v ctx Context + * @v iv Initialisation vector + * @v raw_cipher Underlying cipher algorithm + * @v cbc_ctx CBC context + */ +static inline void cbc_setiv ( void *ctx __unused, const void *iv, + struct cipher_algorithm *raw_cipher, + void *cbc_ctx ) { + memcpy ( cbc_ctx, iv, raw_cipher->blocksize ); +} + +extern void cbc_encrypt ( void *ctx, const void *src, void *dst, + size_t len, struct cipher_algorithm *raw_cipher, + void *cbc_ctx ); +extern void cbc_decrypt ( void *ctx, const void *src, void *dst, + size_t len, struct cipher_algorithm *raw_cipher, + void *cbc_ctx ); + +/** + * Create a cipher-block chaining mode of behaviour of an existing cipher + * + * @v _cbc_name Name for the new CBC cipher + * @v _cbc_cipher New cipher algorithm + * @v _raw_cipher Underlying cipher algorithm + * @v _raw_context Context structure for the underlying cipher + * @v _blocksize Cipher block size + */ +#define CBC_CIPHER( _cbc_name, _cbc_cipher, _raw_cipher, _raw_context, \ + _blocksize ) \ +struct _cbc_name ## _context { \ + _raw_context raw_ctx; \ + uint8_t cbc_ctx[_blocksize]; \ +}; \ +static int _cbc_name ## _setkey ( void *ctx, const void *key, \ + size_t keylen ) { \ + struct _cbc_name ## _context * _cbc_name ## _ctx = ctx; \ + return cbc_setkey ( &_cbc_name ## _ctx->raw_ctx, key, keylen, \ + &_raw_cipher, &_cbc_name ## _ctx->cbc_ctx );\ +} \ +static void _cbc_name ## _setiv ( void *ctx, const void *iv ) { \ + struct _cbc_name ## _context * _cbc_name ## _ctx = ctx; \ + cbc_setiv ( &_cbc_name ## _ctx->raw_ctx, iv, \ + &_raw_cipher, &aes_cbc_ctx->cbc_ctx ); \ +} \ +static void _cbc_name ## _encrypt ( void *ctx, const void *src, \ + void *dst, size_t len ) { \ + struct _cbc_name ## _context * _cbc_name ## _ctx = ctx; \ + cbc_encrypt ( &_cbc_name ## _ctx->raw_ctx, src, dst, len, \ + &_raw_cipher, &aes_cbc_ctx->cbc_ctx ); \ +} \ +static void _cbc_name ## _decrypt ( void *ctx, const void *src, \ + void *dst, size_t len ) { \ + struct _cbc_name ## _context * _cbc_name ## _ctx = ctx; \ + cbc_decrypt ( &_cbc_name ## _ctx->raw_ctx, src, dst, len, \ + &_raw_cipher, &aes_cbc_ctx->cbc_ctx ); \ +} \ +struct cipher_algorithm _cbc_cipher = { \ + .name = #_cbc_name, \ + .ctxsize = sizeof ( struct _cbc_name ## _context ), \ + .blocksize = _blocksize, \ + .setkey = _cbc_name ## _setkey, \ + .setiv = _cbc_name ## _setiv, \ + .encrypt = _cbc_name ## _encrypt, \ + .decrypt = _cbc_name ## _decrypt, \ +}; + +#endif /* _GPXE_CBC_H */ diff --git a/gpxe/src/include/gpxe/chap.h b/gpxe/src/include/gpxe/chap.h index a7059cdb..87e5484f 100644 --- a/gpxe/src/include/gpxe/chap.h +++ b/gpxe/src/include/gpxe/chap.h @@ -10,12 +10,12 @@ #include <stdint.h> #include <gpxe/md5.h> -struct crypto_algorithm; +struct digest_algorithm; /** A CHAP response */ struct chap_response { /** Digest algorithm used for the response */ - struct crypto_algorithm *digest; + struct digest_algorithm *digest; /** Context used by the digest algorithm */ uint8_t *digest_context; /** CHAP response */ @@ -25,7 +25,7 @@ struct chap_response { }; extern int chap_init ( struct chap_response *chap, - struct crypto_algorithm *digest ); + struct digest_algorithm *digest ); extern void chap_update ( struct chap_response *chap, const void *data, size_t len ); extern void chap_respond ( struct chap_response *chap ); diff --git a/gpxe/src/include/gpxe/crypto.h b/gpxe/src/include/gpxe/crypto.h index 95665acc..10882d37 100644 --- a/gpxe/src/include/gpxe/crypto.h +++ b/gpxe/src/include/gpxe/crypto.h @@ -10,21 +10,46 @@ #include <stdint.h> #include <stddef.h> -/** A cryptographic algorithm */ -struct crypto_algorithm { +/** A message digest algorithm */ +struct digest_algorithm { /** Algorithm name */ const char *name; /** Context size */ size_t ctxsize; /** Block size */ size_t blocksize; - /** Final output size */ + /** Digest size */ size_t digestsize; - /** Initialise algorithm + /** Initialise digest * * @v ctx Context */ void ( * init ) ( void *ctx ); + /** Update digest with new data + * + * @v ctx Context + * @v src Data to digest + * @v len Length of data + * + * @v len is not necessarily a multiple of @c blocksize. + */ + void ( * update ) ( void *ctx, const void *src, size_t len ); + /** Finalise digest + * + * @v ctx Context + * @v out Buffer for digest output + */ + void ( * final ) ( void *ctx, void *out ); +}; + +/** A cipher algorithm */ +struct cipher_algorithm { + /** Algorithm name */ + const char *name; + /** Context size */ + size_t ctxsize; + /** Block size */ + size_t blocksize; /** Set key * * @v ctx Context @@ -38,79 +63,90 @@ struct crypto_algorithm { * @v ctx Context * @v iv Initialisation vector */ - void ( *setiv ) ( void *ctx, const void *iv ); - /** Encode data + void ( * setiv ) ( void *ctx, const void *iv ); + /** Encrypt data * * @v ctx Context - * @v src Data to encode - * @v dst Encoded data, or NULL + * @v src Data to encrypt + * @v dst Buffer for encrypted data * @v len Length of data - * @ret rc Return status code - * - * For a cipher algorithm, the enciphered data should be - * placed in @c dst. For a digest algorithm, only the digest - * state should be updated, and @c dst will be NULL. * * @v len is guaranteed to be a multiple of @c blocksize. */ - void ( * encode ) ( void *ctx, const void *src, void *dst, - size_t len ); - /** Decode data + void ( * encrypt ) ( void *ctx, const void *src, void *dst, + size_t len ); + /** Decrypt data * * @v ctx Context - * @v src Data to decode - * @v dst Decoded data + * @v src Data to decrypt + * @v dst Buffer for decrypted data * @v len Length of data - * @ret rc Return status code * * @v len is guaranteed to be a multiple of @c blocksize. */ - void ( * decode ) ( void *ctx, const void *src, void *dst, - size_t len ); - /** Finalise algorithm - * - * @v ctx Context - * @v out Algorithm final output - */ - void ( * final ) ( void *ctx, void *out ); + void ( * decrypt ) ( void *ctx, const void *src, void *dst, + size_t len ); }; -static inline void digest_init ( struct crypto_algorithm *crypto, +/** A public key algorithm */ +struct pubkey_algorithm { + /** Algorithm name */ + const char *name; + /** Context size */ + size_t ctxsize; +}; + +static inline void digest_init ( struct digest_algorithm *digest, void *ctx ) { - crypto->init ( ctx ); + digest->init ( ctx ); } -static inline void digest_update ( struct crypto_algorithm *crypto, +static inline void digest_update ( struct digest_algorithm *digest, void *ctx, const void *data, size_t len ) { - crypto->encode ( ctx, data, NULL, len ); + digest->update ( ctx, data, len ); } -static inline void digest_final ( struct crypto_algorithm *crypto, +static inline void digest_final ( struct digest_algorithm *digest, void *ctx, void *out ) { - crypto->final ( ctx, out ); + digest->final ( ctx, out ); +} + +static inline int cipher_setkey ( struct cipher_algorithm *cipher, + void *ctx, const void *key, size_t keylen ) { + return cipher->setkey ( ctx, key, keylen ); } -static inline void cipher_setiv ( struct crypto_algorithm *crypto, +static inline void cipher_setiv ( struct cipher_algorithm *cipher, void *ctx, const void *iv ) { - crypto->setiv ( ctx, iv ); + cipher->setiv ( ctx, iv ); } -static inline int cipher_setkey ( struct crypto_algorithm *crypto, - void *ctx, const void *key, size_t keylen ) { - return crypto->setkey ( ctx, key, keylen ); +static inline void cipher_encrypt ( struct cipher_algorithm *cipher, + void *ctx, const void *src, void *dst, + size_t len ) { + cipher->encrypt ( ctx, src, dst, len ); } +#define cipher_encrypt( cipher, ctx, src, dst, len ) do { \ + assert ( ( len & ( (cipher)->blocksize - 1 ) ) == 0 ); \ + cipher_encrypt ( (cipher), (ctx), (src), (dst), (len) ); \ + } while ( 0 ) -static inline int is_stream_cipher ( struct crypto_algorithm *crypto ) { - return ( crypto->blocksize == 1 ); +static inline void cipher_decrypt ( struct cipher_algorithm *cipher, + void *ctx, const void *src, void *dst, + size_t len ) { + cipher->decrypt ( ctx, src, dst, len ); } +#define cipher_decrypt( cipher, ctx, src, dst, len ) do { \ + assert ( ( len & ( (cipher)->blocksize - 1 ) ) == 0 ); \ + cipher_decrypt ( (cipher), (ctx), (src), (dst), (len) ); \ + } while ( 0 ) -extern struct crypto_algorithm crypto_null; +static inline int is_stream_cipher ( struct cipher_algorithm *cipher ) { + return ( cipher->blocksize == 1 ); +} -extern int cipher_encrypt ( struct crypto_algorithm *crypto, - void *ctx, const void *src, void *dst, - size_t len ); -extern int cipher_decrypt ( struct crypto_algorithm *crypto, - void *ctx, const void *src, void *dst, - size_t len ); +extern struct digest_algorithm digest_null; +extern struct cipher_algorithm cipher_null; +extern struct pubkey_algorithm pubkey_null; #endif /* _GPXE_CRYPTO_H */ diff --git a/gpxe/src/include/gpxe/hmac.h b/gpxe/src/include/gpxe/hmac.h index fd34db04..67aefdce 100644 --- a/gpxe/src/include/gpxe/hmac.h +++ b/gpxe/src/include/gpxe/hmac.h @@ -16,15 +16,15 @@ * @v data Data * @v len Length of data */ -static inline void hmac_update ( struct crypto_algorithm *digest, +static inline void hmac_update ( struct digest_algorithm *digest, void *digest_ctx, const void *data, size_t len ) { digest_update ( digest, digest_ctx, data, len ); } -extern void hmac_init ( struct crypto_algorithm *digest, void *digest_ctx, +extern void hmac_init ( struct digest_algorithm *digest, void *digest_ctx, void *key, size_t *key_len ); -extern void hmac_final ( struct crypto_algorithm *digest, void *digest_ctx, +extern void hmac_final ( struct digest_algorithm *digest, void *digest_ctx, void *key, size_t *key_len, void *hmac ); #endif /* _GPXE_HMAC_H */ diff --git a/gpxe/src/include/gpxe/image.h b/gpxe/src/include/gpxe/image.h index f8b1482e..b953e150 100644 --- a/gpxe/src/include/gpxe/image.h +++ b/gpxe/src/include/gpxe/image.h @@ -133,6 +133,15 @@ extern struct list_head images; #define for_each_image( image ) \ list_for_each_entry ( (image), &images, list ) +/** + * Test for existence of images + * + * @ret existence Some images exist + */ +static inline int have_images ( void ) { + return ( ! list_empty ( &images ) ); +} + extern struct image * alloc_image ( void ); extern int image_set_uri ( struct image *image, struct uri *uri ); extern int image_set_cmdline ( struct image *image, const char *cmdline ); diff --git a/gpxe/src/include/gpxe/iscsi.h b/gpxe/src/include/gpxe/iscsi.h index fd96fdfe..0510974e 100644 --- a/gpxe/src/include/gpxe/iscsi.h +++ b/gpxe/src/include/gpxe/iscsi.h @@ -530,8 +530,6 @@ struct iscsi_session { char *target_username; /** Target password (if any) */ char *target_password; - /** Target has authenticated acceptably */ - int target_auth_ok; /** CHAP challenge (for target auth only) * * This is a block of random data; the first byte is used as @@ -664,6 +662,15 @@ struct iscsi_session { /** Mask for all iSCSI "needs to send" flags */ #define ISCSI_STATUS_STRINGS_MASK 0xff00 +/** Target has requested forward (initiator) authentication */ +#define ISCSI_STATUS_AUTH_FORWARD_REQUIRED 0x00010000 + +/** Initiator requires target (reverse) authentication */ +#define ISCSI_STATUS_AUTH_REVERSE_REQUIRED 0x00020000 + +/** Target authenticated itself correctly */ +#define ISCSI_STATUS_AUTH_REVERSE_OK 0x00040000 + /** Maximum number of retries at connecting */ #define ISCSI_MAX_RETRIES 2 diff --git a/gpxe/src/include/gpxe/md5.h b/gpxe/src/include/gpxe/md5.h index 304a0e64..f8976a19 100644 --- a/gpxe/src/include/gpxe/md5.h +++ b/gpxe/src/include/gpxe/md5.h @@ -1,7 +1,7 @@ #ifndef _GPXE_MD5_H #define _GPXE_MD5_H -struct crypto_algorithm; +struct digest_algorithm; #include <stdint.h> @@ -17,6 +17,6 @@ struct md5_ctx { #define MD5_CTX_SIZE sizeof ( struct md5_ctx ) -extern struct crypto_algorithm md5_algorithm; +extern struct digest_algorithm md5_algorithm; #endif /* _GPXE_MD5_H */ diff --git a/gpxe/src/include/gpxe/rsa.h b/gpxe/src/include/gpxe/rsa.h index ce15cfa0..e30e1a5a 100644 --- a/gpxe/src/include/gpxe/rsa.h +++ b/gpxe/src/include/gpxe/rsa.h @@ -1,9 +1,9 @@ #ifndef _GPXE_RSA_H #define _GPXE_RSA_H -struct crypto_algorithm; +struct pubkey_algorithm; -extern struct crypto_algorithm rsa_algorithm; +extern struct pubkey_algorithm rsa_algorithm; #include "crypto/axtls/crypto.h" diff --git a/gpxe/src/include/gpxe/sha1.h b/gpxe/src/include/gpxe/sha1.h index 2d6e90dd..66370d42 100644 --- a/gpxe/src/include/gpxe/sha1.h +++ b/gpxe/src/include/gpxe/sha1.h @@ -3,11 +3,11 @@ #include "crypto/axtls/crypto.h" -struct crypto_algorithm; +struct digest_algorithm; #define SHA1_CTX_SIZE sizeof ( SHA1_CTX ) #define SHA1_DIGEST_SIZE SHA1_SIZE -extern struct crypto_algorithm sha1_algorithm; +extern struct digest_algorithm sha1_algorithm; #endif /* _GPXE_SHA1_H */ diff --git a/gpxe/src/include/gpxe/tls.h b/gpxe/src/include/gpxe/tls.h index 182bc49d..ddec7bec 100644 --- a/gpxe/src/include/gpxe/tls.h +++ b/gpxe/src/include/gpxe/tls.h @@ -91,11 +91,11 @@ enum tls_tx_state { /** A TLS cipher specification */ struct tls_cipherspec { /** Public-key encryption algorithm */ - struct crypto_algorithm *pubkey; + struct pubkey_algorithm *pubkey; /** Bulk encryption cipher algorithm */ - struct crypto_algorithm *cipher; + struct cipher_algorithm *cipher; /** MAC digest algorithm */ - struct crypto_algorithm *digest; + struct digest_algorithm *digest; /** Key length */ size_t key_len; /** Dynamically-allocated storage */ |