qemu/include/crypto/akcipher.h
zhenwei pi db5ca5fbfa crypto: Introduce akcipher crypto class
Introduce new akcipher crypto class 'QCryptoAkCIpher', which supports
basic asymmetric operations: encrypt, decrypt, sign and verify.

Suggested by Daniel P. Berrangé, also add autoptr cleanup for the new
class. Thanks to Daniel!

Co-developed-by: lei he <helei.sig11@bytedance.com>
Signed-off-by: lei he <helei.sig11@bytedance.com>
Signed-off-by: zhenwei pi <pizhenwei@bytedance.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2022-05-26 11:41:47 +01:00

159 lines
5.3 KiB
C

/*
* QEMU Crypto asymmetric algorithms
*
* Copyright (c) 2022 Bytedance
* Author: zhenwei pi <pizhenwei@bytedance.com>
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, see <http://www.gnu.org/licenses/>.
*
*/
#ifndef QCRYPTO_AKCIPHER_H
#define QCRYPTO_AKCIPHER_H
#include "qapi/qapi-types-crypto.h"
typedef struct QCryptoAkCipher QCryptoAkCipher;
/**
* qcrypto_akcipher_supports:
* @opts: the asymmetric key algorithm and related options
*
* Determine if asymmetric key cipher decribed with @opts is
* supported by the current configured build
*
* Returns: true if it is supported, false otherwise.
*/
bool qcrypto_akcipher_supports(QCryptoAkCipherOptions *opts);
/**
* qcrypto_akcipher_new:
* @opts: specify the algorithm and the related arguments
* @type: private or public key type
* @key: buffer to store the key
* @key_len: the length of key buffer
* @errp: error pointer
*
* Create akcipher context
*
* Returns: On success, a new QCryptoAkCipher initialized with @opt
* is created and returned, otherwise NULL is returned.
*/
QCryptoAkCipher *qcrypto_akcipher_new(const QCryptoAkCipherOptions *opts,
QCryptoAkCipherKeyType type,
const uint8_t *key, size_t key_len,
Error **errp);
/**
* qcrypto_akcipher_encrypt:
* @akcipher: akcipher context
* @in: plaintext pending to be encrypted
* @in_len: length of plaintext, less or equal to the size reported
* by a call to qcrypto_akcipher_max_plaintext_len()
* @out: buffer to store the ciphertext
* @out_len: length of ciphertext, less or equal to the size reported
* by a call to qcrypto_akcipher_max_ciphertext_len()
* @errp: error pointer
*
* Encrypt @in and write ciphertext into @out
*
* Returns: length of ciphertext if encrypt succeed,
* otherwise -1 is returned
*/
int qcrypto_akcipher_encrypt(QCryptoAkCipher *akcipher,
const void *in, size_t in_len,
void *out, size_t out_len, Error **errp);
/**
* qcrypto_akcipher_decrypt:
* @akcipher: akcipher context
* @in: ciphertext to be decrypted
* @in_len: the length of ciphertext, less or equal to the size reported
* by a call to qcrypto_akcipher_max_ciphertext_len()
* @out: buffer to store the plaintext
* @out_len: length of the plaintext buffer, less or equal to the size
* reported by a call to qcrypto_akcipher_max_plaintext_len()
* @errp: error pointer
*
* Decrypt @in and write plaintext into @out
*
* Returns: length of plaintext if decrypt succeed,
* otherwise -1 is returned
*/
int qcrypto_akcipher_decrypt(QCryptoAkCipher *akcipher,
const void *in, size_t in_len,
void *out, size_t out_len, Error **errp);
/**
* qcrypto_akcipher_sign:
* @akcipher: akcipher context
* @in: data to be signed
* @in_len: the length of data, less or equal to the size reported
* by a call to qcrypto_akcipher_max_dgst_len()
* @out: buffer to store the signature
* @out_len: length of the signature buffer, less or equal to the size
* by a call to qcrypto_akcipher_max_signature_len()
* @errp: error pointer
*
* Generate signature for @in, write into @out
*
* Returns: length of signature if succeed,
* otherwise -1 is returned
*/
int qcrypto_akcipher_sign(QCryptoAkCipher *akcipher,
const void *in, size_t in_len,
void *out, size_t out_len, Error **errp);
/**
* qcrypto_akcipher_verify:
* @akcipher: akcipher context
* @in: pointer to the signature
* @in_len: length of signature, ess or equal to the size reported
* by a call to qcrypto_akcipher_max_signature_len()
* @in2: pointer to original data
* @in2_len: the length of original data, less or equal to the size
* by a call to qcrypto_akcipher_max_dgst_len()
* @errp: error pointer
*
* Verify @in and @in2 match or not
*
* Returns: 0 for succeed,
* otherwise -1 is returned
*/
int qcrypto_akcipher_verify(QCryptoAkCipher *akcipher,
const void *in, size_t in_len,
const void *in2, size_t in2_len, Error **errp);
int qcrypto_akcipher_max_plaintext_len(QCryptoAkCipher *akcipher);
int qcrypto_akcipher_max_ciphertext_len(QCryptoAkCipher *akcipher);
int qcrypto_akcipher_max_signature_len(QCryptoAkCipher *akcipher);
int qcrypto_akcipher_max_dgst_len(QCryptoAkCipher *akcipher);
/**
* qcrypto_akcipher_free:
* @akcipher: akcipher context
*
* Free the akcipher context
*
*/
void qcrypto_akcipher_free(QCryptoAkCipher *akcipher);
G_DEFINE_AUTOPTR_CLEANUP_FUNC(QCryptoAkCipher, qcrypto_akcipher_free)
#endif /* QCRYPTO_AKCIPHER_H */