aboutsummaryrefslogtreecommitdiff
path: root/src/include/ipxe/crypto.h
AgeCommit message (Collapse)AuthorFilesLines
2024-08-21[crypto] Remove the concept of a public-key algorithm reusable contextMichael Brown1-58/+38
Instances of cipher and digest algorithms tend to get called repeatedly to process substantial amounts of data. This is not true for public-key algorithms, which tend to get called only once or twice for a given key. Simplify the public-key algorithm API so that there is no reusable algorithm context. In particular, this allows callers to omit the error handling currently required to handle memory allocation (or key parsing) errors from pubkey_init(), and to omit the cleanup calls to pubkey_final(). This change does remove the ability for a caller to distinguish between a verification failure due to a memory allocation failure and a verification failure due to a bad signature. This difference is not material in practice: in both cases, for whatever reason, the caller was unable to verify the signature and so cannot proceed further, and the cause of the error will be visible to the user via the return status code. Signed-off-by: Michael Brown <mcb30@ipxe.org>
2024-08-18[crypto] Pass asymmetric keys as ASN.1 cursorsMichael Brown1-13/+10
Asymmetric keys are invariably encountered within ASN.1 structures such as X.509 certificates, and the various large integers within an RSA key are themselves encoded using ASN.1. Simplify all code handling asymmetric keys by passing keys as a single ASN.1 cursor, rather than separate data and length pointers. Signed-off-by: Michael Brown <mcb30@ipxe.org>
2024-02-22[crypto] Force inlining of trivial wrapper functionsMichael Brown1-44/+55
Inspection of the generated assembly shows that gcc will often emit standalone implementations of frequently invoked functions such as digest_update(), which contain no logic and exist only as syntactic sugar. Force inlining of these functions to reduce the overall binary size. Signed-off-by: Michael Brown <mcb30@ipxe.org>
2024-01-30[crypto] Add an abstraction of an elliptic curveMichael Brown1-0/+23
Define an abstraction of an elliptic curve with a fixed generator and one supported operation (scalar multiplication of a curve point). Signed-off-by: Michael Brown <mcb30@ipxe.org>
2022-11-08[tls] Allow for arbitrary-length initialisation vectorsMichael Brown1-0/+4
Restructure the encryption and decryption operations to allow for the use of ciphers where the initialisation vector is constructed by concatenating the fixed IV (derived as part of key expansion) with a record IV (prepended to the ciphertext). Signed-off-by: Michael Brown <mcb30@ipxe.org>
2022-11-07[crypto] Add concept of cipher alignment sizeMichael Brown1-1/+17
The GCM cipher mode of operation (in common with other counter-based modes of operation) has a notion of blocksize that does not neatly fall into our current abstraction: it does operate in 16-byte blocks but allows for an arbitrary overall data length (i.e. the final block may be incomplete). Model this by adding a concept of alignment size. Each call to encrypt() or decrypt() must begin at a multiple of the alignment size from the start of the data stream. This allows us to model GCM by using a block size of 1 byte and an alignment size of 16 bytes. As a side benefit, this same concept allows us to neatly model the fact that raw AES can encrypt only a single 16-byte block, by specifying an alignment size of zero on this cipher. Signed-off-by: Michael Brown <mcb30@ipxe.org>
2022-10-25[crypto] Add block cipher Galois/Counter mode of operationMichael Brown1-0/+1
Signed-off-by: Michael Brown <mcb30@ipxe.org>
2022-10-25[crypto] Add concept of authentication tag to cipher algorithmsMichael Brown1-0/+18
Some ciphers (such as GCM) support the concept of a tag that can be used to authenticate the encrypted data. Add a cipher method for generating an authentication tag. Signed-off-by: Michael Brown <mcb30@ipxe.org>
2022-10-25[crypto] Add concept of additional data to cipher algorithmsMichael Brown1-15/+15
Some ciphers (such as GCM) support the concept of additional authenticated data, which does not appear in the ciphertext but may affect the operation of the cipher. Allow cipher_encrypt() and cipher_decrypt() to be called with a NULL destination buffer in order to pass additional data. Signed-off-by: Michael Brown <mcb30@ipxe.org>
2022-10-25[crypto] Allow initialisation vector length to vary from cipher blocksizeMichael Brown1-4/+5
Signed-off-by: Michael Brown <mcb30@ipxe.org>
2022-10-25[crypto] Expose null crypto algorithm methods for reuseMichael Brown1-0/+23
Signed-off-by: Michael Brown <mcb30@ipxe.org>
2015-03-02[legal] Relicense files under GPL2_OR_LATER_OR_UBDLMichael Brown1-1/+1
These files cannot be automatically relicensed by util/relicense.pl since they either contain unusual but trivial contributions (such as the addition of __nonnull function attributes), or contain lines dating back to the initial git revision (and so require manual knowledge of the code's origin). Signed-off-by: Michael Brown <mcb30@ipxe.org>
2014-03-27[crypto] Add pubkey_match() to check for matching public/private key pairsMichael Brown1-0/+18
Signed-off-by: Michael Brown <mcb30@ipxe.org>
2012-03-18[crypto] Add abstraction for a public-key algorithmMichael Brown1-0/+98
Signed-off-by: Michael Brown <mcb30@ipxe.org>
2012-03-13[rng] Remove obsolete (and unfinished) get_random_bytes() functionMichael Brown1-2/+0
Signed-off-by: Michael Brown <mcb30@ipxe.org>
2010-04-19[build] Rename gPXE to iPXEMichael Brown1-0/+156
Access to the gpxe.org and etherboot.org domains and associated resources has been revoked by the registrant of the domain. Work around this problem by renaming project from gPXE to iPXE, and updating URLs to match. Also update README, LOG and COPYRIGHTS to remove obsolete information. Signed-off-by: Michael Brown <mcb30@ipxe.org>
generated by cgit v1.1 at 2024-10-20 19:04:27 +0000