2 * WPA Supplicant / Crypto wrapper for internal crypto implementation
3 * Copyright (c) 2006-2009, Jouni Malinen <j@w1.fi>
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation.
9 * Alternatively, this software may be distributed under the terms of BSD
12 * See README and COPYING for more details.
23 #include "tls/bignum.h"
24 #include "tls/pkcs1.h"
25 #include "tls/pkcs8.h"
31 enum crypto_hash_alg alg;
33 struct MD5Context md5;
34 struct SHA1Context sha1;
41 struct crypto_hash * crypto_hash_init(enum crypto_hash_alg alg, const u8 *key,
44 struct crypto_hash *ctx;
49 ctx = os_zalloc(sizeof(*ctx));
56 case CRYPTO_HASH_ALG_MD5:
59 case CRYPTO_HASH_ALG_SHA1:
60 SHA1Init(&ctx->u.sha1);
62 case CRYPTO_HASH_ALG_HMAC_MD5:
63 if (key_len > sizeof(k_pad)) {
65 MD5Update(&ctx->u.md5, key, key_len);
66 MD5Final(tk, &ctx->u.md5);
70 os_memcpy(ctx->key, key, key_len);
71 ctx->key_len = key_len;
73 os_memcpy(k_pad, key, key_len);
74 os_memset(k_pad + key_len, 0, sizeof(k_pad) - key_len);
75 for (i = 0; i < sizeof(k_pad); i++)
78 MD5Update(&ctx->u.md5, k_pad, sizeof(k_pad));
80 case CRYPTO_HASH_ALG_HMAC_SHA1:
81 if (key_len > sizeof(k_pad)) {
82 SHA1Init(&ctx->u.sha1);
83 SHA1Update(&ctx->u.sha1, key, key_len);
84 SHA1Final(tk, &ctx->u.sha1);
88 os_memcpy(ctx->key, key, key_len);
89 ctx->key_len = key_len;
91 os_memcpy(k_pad, key, key_len);
92 os_memset(k_pad + key_len, 0, sizeof(k_pad) - key_len);
93 for (i = 0; i < sizeof(k_pad); i++)
95 SHA1Init(&ctx->u.sha1);
96 SHA1Update(&ctx->u.sha1, k_pad, sizeof(k_pad));
107 void crypto_hash_update(struct crypto_hash *ctx, const u8 *data, size_t len)
113 case CRYPTO_HASH_ALG_MD5:
114 case CRYPTO_HASH_ALG_HMAC_MD5:
115 MD5Update(&ctx->u.md5, data, len);
117 case CRYPTO_HASH_ALG_SHA1:
118 case CRYPTO_HASH_ALG_HMAC_SHA1:
119 SHA1Update(&ctx->u.sha1, data, len);
125 int crypto_hash_finish(struct crypto_hash *ctx, u8 *mac, size_t *len)
133 if (mac == NULL || len == NULL) {
139 case CRYPTO_HASH_ALG_MD5:
146 MD5Final(mac, &ctx->u.md5);
148 case CRYPTO_HASH_ALG_SHA1:
155 SHA1Final(mac, &ctx->u.sha1);
157 case CRYPTO_HASH_ALG_HMAC_MD5:
165 MD5Final(mac, &ctx->u.md5);
167 os_memcpy(k_pad, ctx->key, ctx->key_len);
168 os_memset(k_pad + ctx->key_len, 0,
169 sizeof(k_pad) - ctx->key_len);
170 for (i = 0; i < sizeof(k_pad); i++)
172 MD5Init(&ctx->u.md5);
173 MD5Update(&ctx->u.md5, k_pad, sizeof(k_pad));
174 MD5Update(&ctx->u.md5, mac, 16);
175 MD5Final(mac, &ctx->u.md5);
177 case CRYPTO_HASH_ALG_HMAC_SHA1:
185 SHA1Final(mac, &ctx->u.sha1);
187 os_memcpy(k_pad, ctx->key, ctx->key_len);
188 os_memset(k_pad + ctx->key_len, 0,
189 sizeof(k_pad) - ctx->key_len);
190 for (i = 0; i < sizeof(k_pad); i++)
192 SHA1Init(&ctx->u.sha1);
193 SHA1Update(&ctx->u.sha1, k_pad, sizeof(k_pad));
194 SHA1Update(&ctx->u.sha1, mac, 20);
195 SHA1Final(mac, &ctx->u.sha1);
205 struct crypto_cipher {
206 enum crypto_cipher_alg alg;
220 struct des3_key_s key;
232 struct crypto_cipher * crypto_cipher_init(enum crypto_cipher_alg alg,
233 const u8 *iv, const u8 *key,
236 struct crypto_cipher *ctx;
238 ctx = os_zalloc(sizeof(*ctx));
245 case CRYPTO_CIPHER_ALG_RC4:
246 if (key_len > sizeof(ctx->u.rc4.key)) {
250 ctx->u.rc4.keylen = key_len;
251 os_memcpy(ctx->u.rc4.key, key, key_len);
253 case CRYPTO_CIPHER_ALG_AES:
254 if (key_len > sizeof(ctx->u.aes.cbc)) {
258 ctx->u.aes.ctx_enc = aes_encrypt_init(key, key_len);
259 if (ctx->u.aes.ctx_enc == NULL) {
263 ctx->u.aes.ctx_dec = aes_decrypt_init(key, key_len);
264 if (ctx->u.aes.ctx_dec == NULL) {
265 aes_encrypt_deinit(ctx->u.aes.ctx_enc);
269 ctx->u.aes.block_size = key_len;
270 os_memcpy(ctx->u.aes.cbc, iv, ctx->u.aes.block_size);
272 case CRYPTO_CIPHER_ALG_3DES:
277 des3_key_setup(key, &ctx->u.des3.key);
278 os_memcpy(ctx->u.des3.cbc, iv, 8);
280 case CRYPTO_CIPHER_ALG_DES:
285 des_key_setup(key, ctx->u.des.ek, ctx->u.des.dk);
286 os_memcpy(ctx->u.des.cbc, iv, 8);
297 int crypto_cipher_encrypt(struct crypto_cipher *ctx, const u8 *plain,
298 u8 *crypt, size_t len)
303 case CRYPTO_CIPHER_ALG_RC4:
305 os_memcpy(crypt, plain, len);
306 rc4_skip(ctx->u.rc4.key, ctx->u.rc4.keylen,
307 ctx->u.rc4.used_bytes, crypt, len);
308 ctx->u.rc4.used_bytes += len;
310 case CRYPTO_CIPHER_ALG_AES:
311 if (len % ctx->u.aes.block_size)
313 blocks = len / ctx->u.aes.block_size;
314 for (i = 0; i < blocks; i++) {
315 for (j = 0; j < ctx->u.aes.block_size; j++)
316 ctx->u.aes.cbc[j] ^= plain[j];
317 aes_encrypt(ctx->u.aes.ctx_enc, ctx->u.aes.cbc,
319 os_memcpy(crypt, ctx->u.aes.cbc,
320 ctx->u.aes.block_size);
321 plain += ctx->u.aes.block_size;
322 crypt += ctx->u.aes.block_size;
325 case CRYPTO_CIPHER_ALG_3DES:
329 for (i = 0; i < blocks; i++) {
330 for (j = 0; j < 8; j++)
331 ctx->u.des3.cbc[j] ^= plain[j];
332 des3_encrypt(ctx->u.des3.cbc, &ctx->u.des3.key,
334 os_memcpy(crypt, ctx->u.des3.cbc, 8);
339 case CRYPTO_CIPHER_ALG_DES:
343 for (i = 0; i < blocks; i++) {
344 for (j = 0; j < 8; j++)
345 ctx->u.des3.cbc[j] ^= plain[j];
346 des_block_encrypt(ctx->u.des.cbc, ctx->u.des.ek,
348 os_memcpy(crypt, ctx->u.des.cbc, 8);
361 int crypto_cipher_decrypt(struct crypto_cipher *ctx, const u8 *crypt,
362 u8 *plain, size_t len)
368 case CRYPTO_CIPHER_ALG_RC4:
370 os_memcpy(plain, crypt, len);
371 rc4_skip(ctx->u.rc4.key, ctx->u.rc4.keylen,
372 ctx->u.rc4.used_bytes, plain, len);
373 ctx->u.rc4.used_bytes += len;
375 case CRYPTO_CIPHER_ALG_AES:
376 if (len % ctx->u.aes.block_size)
378 blocks = len / ctx->u.aes.block_size;
379 for (i = 0; i < blocks; i++) {
380 os_memcpy(tmp, crypt, ctx->u.aes.block_size);
381 aes_decrypt(ctx->u.aes.ctx_dec, crypt, plain);
382 for (j = 0; j < ctx->u.aes.block_size; j++)
383 plain[j] ^= ctx->u.aes.cbc[j];
384 os_memcpy(ctx->u.aes.cbc, tmp, ctx->u.aes.block_size);
385 plain += ctx->u.aes.block_size;
386 crypt += ctx->u.aes.block_size;
389 case CRYPTO_CIPHER_ALG_3DES:
393 for (i = 0; i < blocks; i++) {
394 os_memcpy(tmp, crypt, 8);
395 des3_decrypt(crypt, &ctx->u.des3.key, plain);
396 for (j = 0; j < 8; j++)
397 plain[j] ^= ctx->u.des3.cbc[j];
398 os_memcpy(ctx->u.des3.cbc, tmp, 8);
403 case CRYPTO_CIPHER_ALG_DES:
407 for (i = 0; i < blocks; i++) {
408 os_memcpy(tmp, crypt, 8);
409 des_block_decrypt(crypt, ctx->u.des.dk, plain);
410 for (j = 0; j < 8; j++)
411 plain[j] ^= ctx->u.des.cbc[j];
412 os_memcpy(ctx->u.des.cbc, tmp, 8);
425 void crypto_cipher_deinit(struct crypto_cipher *ctx)
428 case CRYPTO_CIPHER_ALG_AES:
429 aes_encrypt_deinit(ctx->u.aes.ctx_enc);
430 aes_decrypt_deinit(ctx->u.aes.ctx_dec);
432 case CRYPTO_CIPHER_ALG_3DES:
441 /* Dummy structures; these are just typecast to struct crypto_rsa_key */
442 struct crypto_public_key;
443 struct crypto_private_key;
446 struct crypto_public_key * crypto_public_key_import(const u8 *key, size_t len)
448 return (struct crypto_public_key *)
449 crypto_rsa_import_public_key(key, len);
453 struct crypto_private_key * crypto_private_key_import(const u8 *key,
457 struct crypto_private_key *res;
459 /* First, check for possible PKCS #8 encoding */
460 res = pkcs8_key_import(key, len);
465 /* Try to parse as encrypted PKCS #8 */
466 res = pkcs8_enc_key_import(key, len, passwd);
471 /* Not PKCS#8, so try to import PKCS #1 encoded RSA private key */
472 wpa_printf(MSG_DEBUG, "Trying to parse PKCS #1 encoded RSA private "
474 return (struct crypto_private_key *)
475 crypto_rsa_import_private_key(key, len);
479 struct crypto_public_key * crypto_public_key_from_cert(const u8 *buf,
482 /* No X.509 support in crypto_internal.c */
487 int crypto_public_key_encrypt_pkcs1_v15(struct crypto_public_key *key,
488 const u8 *in, size_t inlen,
489 u8 *out, size_t *outlen)
491 return pkcs1_encrypt(2, (struct crypto_rsa_key *) key,
492 0, in, inlen, out, outlen);
496 int crypto_private_key_decrypt_pkcs1_v15(struct crypto_private_key *key,
497 const u8 *in, size_t inlen,
498 u8 *out, size_t *outlen)
500 return pkcs1_v15_private_key_decrypt((struct crypto_rsa_key *) key,
501 in, inlen, out, outlen);
505 int crypto_private_key_sign_pkcs1(struct crypto_private_key *key,
506 const u8 *in, size_t inlen,
507 u8 *out, size_t *outlen)
509 return pkcs1_encrypt(1, (struct crypto_rsa_key *) key,
510 1, in, inlen, out, outlen);
514 void crypto_public_key_free(struct crypto_public_key *key)
516 crypto_rsa_free((struct crypto_rsa_key *) key);
520 void crypto_private_key_free(struct crypto_private_key *key)
522 crypto_rsa_free((struct crypto_rsa_key *) key);
526 int crypto_public_key_decrypt_pkcs1(struct crypto_public_key *key,
527 const u8 *crypt, size_t crypt_len,
528 u8 *plain, size_t *plain_len)
530 return pkcs1_decrypt_public_key((struct crypto_rsa_key *) key,
531 crypt, crypt_len, plain, plain_len);
535 int crypto_global_init(void)
541 void crypto_global_deinit(void)
548 int crypto_mod_exp(const u8 *base, size_t base_len,
549 const u8 *power, size_t power_len,
550 const u8 *modulus, size_t modulus_len,
551 u8 *result, size_t *result_len)
553 struct bignum *bn_base, *bn_exp, *bn_modulus, *bn_result;
556 bn_base = bignum_init();
557 bn_exp = bignum_init();
558 bn_modulus = bignum_init();
559 bn_result = bignum_init();
561 if (bn_base == NULL || bn_exp == NULL || bn_modulus == NULL ||
565 if (bignum_set_unsigned_bin(bn_base, base, base_len) < 0 ||
566 bignum_set_unsigned_bin(bn_exp, power, power_len) < 0 ||
567 bignum_set_unsigned_bin(bn_modulus, modulus, modulus_len) < 0)
570 if (bignum_exptmod(bn_base, bn_exp, bn_modulus, bn_result) < 0)
573 ret = bignum_get_unsigned_bin(bn_result, result, result_len);
576 bignum_deinit(bn_base);
577 bignum_deinit(bn_exp);
578 bignum_deinit(bn_modulus);
579 bignum_deinit(bn_result);
583 #endif /* CONFIG_MODEXP */