xref: /openbmc/qemu/include/crypto/akcipher.h (revision 2e1cacfb)
1 /*
2  * QEMU Crypto asymmetric algorithms
3  *
4  * Copyright (c) 2022 Bytedance
5  * Author: zhenwei pi <pizhenwei@bytedance.com>
6  *
7  * This library is free software; you can redistribute it and/or
8  * modify it under the terms of the GNU Lesser General Public
9  * License as published by the Free Software Foundation; either
10  * version 2.1 of the License, or (at your option) any later version.
11  *
12  * This library is distributed in the hope that it will be useful,
13  * but WITHOUT ANY WARRANTY; without even the implied warranty of
14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
15  * Lesser General Public License for more details.
16  *
17  * You should have received a copy of the GNU Lesser General Public
18  * License along with this library; if not, see <http://www.gnu.org/licenses/>.
19  *
20  */
21 
22 #ifndef QCRYPTO_AKCIPHER_H
23 #define QCRYPTO_AKCIPHER_H
24 
25 #include "qapi/qapi-types-crypto.h"
26 
27 typedef struct QCryptoAkCipher QCryptoAkCipher;
28 
29 /**
30  * qcrypto_akcipher_supports:
31  * @opts: the asymmetric key algorithm and related options
32  *
33  * Determine if asymmetric key cipher described with @opts is
34  * supported by the current configured build
35  *
36  * Returns: true if it is supported, false otherwise.
37  */
38 bool qcrypto_akcipher_supports(QCryptoAkCipherOptions *opts);
39 
40 /**
41  * qcrypto_akcipher_new:
42  * @opts: specify the algorithm and the related arguments
43  * @type: private or public key type
44  * @key: buffer to store the key
45  * @key_len: the length of key buffer
46  * @errp: error pointer
47  *
48  * Create akcipher context
49  *
50  * Returns: On success, a new QCryptoAkCipher initialized with @opt
51  * is created and returned, otherwise NULL is returned.
52  */
53 
54 QCryptoAkCipher *qcrypto_akcipher_new(const QCryptoAkCipherOptions *opts,
55                                       QCryptoAkCipherKeyType type,
56                                       const uint8_t *key, size_t key_len,
57                                       Error **errp);
58 
59 /**
60  * qcrypto_akcipher_encrypt:
61  * @akcipher: akcipher context
62  * @in: plaintext pending to be encrypted
63  * @in_len: length of plaintext, less or equal to the size reported
64  *          by a call to qcrypto_akcipher_max_plaintext_len()
65  * @out: buffer to store the ciphertext
66  * @out_len: length of ciphertext, less or equal to the size reported
67  *           by a call to qcrypto_akcipher_max_ciphertext_len()
68  * @errp: error pointer
69  *
70  * Encrypt @in and write ciphertext into @out
71  *
72  * Returns: length of ciphertext if encrypt succeed,
73  *          otherwise -1 is returned
74  */
75 int qcrypto_akcipher_encrypt(QCryptoAkCipher *akcipher,
76                              const void *in, size_t in_len,
77                              void *out, size_t out_len, Error **errp);
78 
79 /**
80  * qcrypto_akcipher_decrypt:
81  * @akcipher: akcipher context
82  * @in: ciphertext to be decrypted
83  * @in_len: the length of ciphertext, less or equal to the size reported
84  *          by a call to qcrypto_akcipher_max_ciphertext_len()
85  * @out: buffer to store the plaintext
86  * @out_len: length of the plaintext buffer, less or equal to the size
87  *           reported by a call to qcrypto_akcipher_max_plaintext_len()
88  * @errp: error pointer
89  *
90  * Decrypt @in and write plaintext into @out
91  *
92  * Returns: length of plaintext if decrypt succeed,
93  *          otherwise -1 is returned
94  */
95 int qcrypto_akcipher_decrypt(QCryptoAkCipher *akcipher,
96                              const void *in, size_t in_len,
97                              void *out, size_t out_len, Error **errp);
98 
99 /**
100  * qcrypto_akcipher_sign:
101  * @akcipher: akcipher context
102  * @in: data to be signed
103  * @in_len: the length of data, less or equal to the size reported
104  *          by a call to qcrypto_akcipher_max_dgst_len()
105  * @out: buffer to store the signature
106  * @out_len: length of the signature buffer, less or equal to the size
107  *           by a call to qcrypto_akcipher_max_signature_len()
108  * @errp: error pointer
109  *
110  * Generate signature for @in, write into @out
111  *
112  * Returns: length of signature if succeed,
113  *          otherwise -1 is returned
114  */
115 int qcrypto_akcipher_sign(QCryptoAkCipher *akcipher,
116                           const void *in, size_t in_len,
117                           void *out, size_t out_len, Error **errp);
118 
119 /**
120  * qcrypto_akcipher_verify:
121  * @akcipher: akcipher context
122  * @in: pointer to the signature
123  * @in_len: length of signature, ess or equal to the size reported
124  *          by a call to qcrypto_akcipher_max_signature_len()
125  * @in2: pointer to original data
126  * @in2_len: the length of original data, less or equal to the size
127  *           by a call to qcrypto_akcipher_max_dgst_len()
128  * @errp: error pointer
129  *
130  * Verify @in and @in2 match or not
131  *
132  * Returns: 0 for succeed,
133  *          otherwise -1 is returned
134  */
135 int qcrypto_akcipher_verify(QCryptoAkCipher *akcipher,
136                             const void *in, size_t in_len,
137                             const void *in2, size_t in2_len, Error **errp);
138 
139 int qcrypto_akcipher_max_plaintext_len(QCryptoAkCipher *akcipher);
140 
141 int qcrypto_akcipher_max_ciphertext_len(QCryptoAkCipher *akcipher);
142 
143 int qcrypto_akcipher_max_signature_len(QCryptoAkCipher *akcipher);
144 
145 int qcrypto_akcipher_max_dgst_len(QCryptoAkCipher *akcipher);
146 
147 /**
148  * qcrypto_akcipher_free:
149  * @akcipher: akcipher context
150  *
151  * Free the akcipher context
152  *
153  */
154 void qcrypto_akcipher_free(QCryptoAkCipher *akcipher);
155 
156 /**
157  * qcrypto_akcipher_export_p8info:
158  * @opts: the options of the akcipher to be exported.
159  * @key: the original key of the akcipher to be exported.
160  * @keylen: length of the 'key'
161  * @dst: output parameter, if export succeed, *dst is set to the
162  * PKCS#8 encoded private key, caller MUST free this key with
163  * g_free after use.
164  * @dst_len: output parameter, indicates the length of PKCS#8 encoded
165  * key.
166  *
167  * Export the akcipher into DER encoded pkcs#8 private key info, expects
168  * |key| stores a valid asymmetric PRIVATE key.
169  *
170  * Returns: 0 for succeed, otherwise -1 is returned.
171  */
172 int qcrypto_akcipher_export_p8info(const QCryptoAkCipherOptions *opts,
173                                    uint8_t *key, size_t keylen,
174                                    uint8_t **dst, size_t *dst_len,
175                                    Error **errp);
176 
177 G_DEFINE_AUTOPTR_CLEANUP_FUNC(QCryptoAkCipher, qcrypto_akcipher_free)
178 
179 #endif /* QCRYPTO_AKCIPHER_H */
180