|
wpa_supplicant / hostapd 2.0
|
|
wpa_supplicant / hostapd 2.0
|
WPA Supplicant / wrapper functions for crypto libraries. More...
Go to the source code of this file.
Defines | |
| #define | md5_vector_non_fips_allow md5_vector |
Enumerations | |
| enum | crypto_hash_alg { CRYPTO_HASH_ALG_MD5, CRYPTO_HASH_ALG_SHA1, CRYPTO_HASH_ALG_HMAC_MD5, CRYPTO_HASH_ALG_HMAC_SHA1, CRYPTO_HASH_ALG_SHA256, CRYPTO_HASH_ALG_HMAC_SHA256 } |
| enum | crypto_cipher_alg { CRYPTO_CIPHER_NULL = 0, CRYPTO_CIPHER_ALG_AES, CRYPTO_CIPHER_ALG_3DES, CRYPTO_CIPHER_ALG_DES, CRYPTO_CIPHER_ALG_RC2, CRYPTO_CIPHER_ALG_RC4 } |
Functions | |
| int | md4_vector (size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac) |
| MD4 hash for data vector. | |
| int | md5_vector (size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac) |
| MD5 hash for data vector. | |
| int | sha1_vector (size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac) |
| SHA-1 hash for data vector. | |
| int __must_check | fips186_2_prf (const u8 *seed, size_t seed_len, u8 *x, size_t xlen) |
| NIST FIPS Publication 186-2 change notice 1 PRF. | |
| int | sha256_vector (size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac) |
| SHA256 hash for data vector. | |
| void | des_encrypt (const u8 *clear, const u8 *key, u8 *cypher) |
| Encrypt one block with DES. | |
| void * | aes_encrypt_init (const u8 *key, size_t len) |
| Initialize AES for encryption. | |
| void | aes_encrypt (void *ctx, const u8 *plain, u8 *crypt) |
| Encrypt one AES block. | |
| void | aes_encrypt_deinit (void *ctx) |
| Deinitialize AES encryption. | |
| void * | aes_decrypt_init (const u8 *key, size_t len) |
| Initialize AES for decryption. | |
| void | aes_decrypt (void *ctx, const u8 *crypt, u8 *plain) |
| Decrypt one AES block. | |
| void | aes_decrypt_deinit (void *ctx) |
| Deinitialize AES decryption. | |
| struct crypto_hash * | crypto_hash_init (enum crypto_hash_alg alg, const u8 *key, size_t key_len) |
| Initialize hash/HMAC function. | |
| void | crypto_hash_update (struct crypto_hash *ctx, const u8 *data, size_t len) |
| Add data to hash calculation. | |
| int | crypto_hash_finish (struct crypto_hash *ctx, u8 *hash, size_t *len) |
| Complete hash calculation. | |
| struct crypto_cipher * | crypto_cipher_init (enum crypto_cipher_alg alg, const u8 *iv, const u8 *key, size_t key_len) |
| Initialize block/stream cipher function. | |
| int __must_check | crypto_cipher_encrypt (struct crypto_cipher *ctx, const u8 *plain, u8 *crypt, size_t len) |
| Cipher encrypt. | |
| int __must_check | crypto_cipher_decrypt (struct crypto_cipher *ctx, const u8 *crypt, u8 *plain, size_t len) |
| Cipher decrypt. | |
| void | crypto_cipher_deinit (struct crypto_cipher *ctx) |
| Free cipher context. | |
| struct crypto_public_key * | crypto_public_key_import (const u8 *key, size_t len) |
| Import an RSA public key. | |
| struct crypto_private_key * | crypto_private_key_import (const u8 *key, size_t len, const char *passwd) |
| Import an RSA private key. | |
| struct crypto_public_key * | crypto_public_key_from_cert (const u8 *buf, size_t len) |
| Import an RSA public key from a certificate. | |
| int __must_check | crypto_public_key_encrypt_pkcs1_v15 (struct crypto_public_key *key, const u8 *in, size_t inlen, u8 *out, size_t *outlen) |
| Public key encryption (PKCS #1 v1.5) | |
| int __must_check | crypto_private_key_decrypt_pkcs1_v15 (struct crypto_private_key *key, const u8 *in, size_t inlen, u8 *out, size_t *outlen) |
| Private key decryption (PKCS #1 v1.5) | |
| int __must_check | crypto_private_key_sign_pkcs1 (struct crypto_private_key *key, const u8 *in, size_t inlen, u8 *out, size_t *outlen) |
| Sign with private key (PKCS #1) | |
| void | crypto_public_key_free (struct crypto_public_key *key) |
| Free public key. | |
| void | crypto_private_key_free (struct crypto_private_key *key) |
| Free private key. | |
| int __must_check | crypto_public_key_decrypt_pkcs1 (struct crypto_public_key *key, const u8 *crypt, size_t crypt_len, u8 *plain, size_t *plain_len) |
| Decrypt PKCS #1 signature. | |
| int __must_check | crypto_global_init (void) |
| Initialize crypto wrapper. | |
| void | crypto_global_deinit (void) |
| Deinitialize crypto wrapper. | |
| int __must_check | crypto_mod_exp (const u8 *base, size_t base_len, const u8 *power, size_t power_len, const u8 *modulus, size_t modulus_len, u8 *result, size_t *result_len) |
| Modular exponentiation of large integers. | |
| int | rc4_skip (const u8 *key, size_t keylen, size_t skip, u8 *data, size_t data_len) |
| XOR RC4 stream to given data with skip-stream-start. | |
WPA Supplicant / wrapper functions for crypto libraries.
This software may be distributed under the terms of the BSD license. See README for more details.
This file defines the cryptographic functions that need to be implemented for wpa_supplicant and hostapd. When TLS is not used, internal implementation of MD5, SHA1, and AES is used and no external libraries are required. When TLS is enabled (e.g., by enabling EAP-TLS or EAP-PEAP), the crypto library used by the TLS implementation is expected to be used for non-TLS needs, too, in order to save space by not implementing these functions twice.
Wrapper code for using each crypto library is in its own file (crypto*.c) and one of these files is build and linked in to provide the functions defined here.
| void aes_decrypt | ( | void * | ctx, |
| const u8 * | crypt, | ||
| u8 * | plain | ||
| ) |
Decrypt one AES block.
| ctx | Context pointer from aes_encrypt_init() |
| crypt | Encrypted data (16 bytes) |
| plain | Buffer for the decrypted data (16 bytes) |
| void aes_decrypt_deinit | ( | void * | ctx | ) |
Deinitialize AES decryption.
| ctx | Context pointer from aes_encrypt_init() |
| void* aes_decrypt_init | ( | const u8 * | key, |
| size_t | len | ||
| ) |
Initialize AES for decryption.
| key | Decryption key |
| len | Key length in bytes (usually 16, i.e., 128 bits) |
| void aes_encrypt | ( | void * | ctx, |
| const u8 * | plain, | ||
| u8 * | crypt | ||
| ) |
Encrypt one AES block.
| ctx | Context pointer from aes_encrypt_init() |
| plain | Plaintext data to be encrypted (16 bytes) |
| crypt | Buffer for the encrypted data (16 bytes) |
| void aes_encrypt_deinit | ( | void * | ctx | ) |
Deinitialize AES encryption.
| ctx | Context pointer from aes_encrypt_init() |
| void* aes_encrypt_init | ( | const u8 * | key, |
| size_t | len | ||
| ) |
Initialize AES for encryption.
| key | Encryption key |
| len | Key length in bytes (usually 16, i.e., 128 bits) |
| int __must_check crypto_cipher_decrypt | ( | struct crypto_cipher * | ctx, |
| const u8 * | crypt, | ||
| u8 * | plain, | ||
| size_t | len | ||
| ) |
Cipher decrypt.
| ctx | Context pointer from crypto_cipher_init() |
| crypt | Ciphertext to decrypt |
| plain | Resulting plaintext |
| len | Length of the cipher text |
This function is only used with internal TLSv1 implementation (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need to implement this.
| void crypto_cipher_deinit | ( | struct crypto_cipher * | ctx | ) |
Free cipher context.
| ctx | Context pointer from crypto_cipher_init() |
This function is only used with internal TLSv1 implementation (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need to implement this.
| int __must_check crypto_cipher_encrypt | ( | struct crypto_cipher * | ctx, |
| const u8 * | plain, | ||
| u8 * | crypt, | ||
| size_t | len | ||
| ) |
Cipher encrypt.
| ctx | Context pointer from crypto_cipher_init() |
| plain | Plaintext to cipher |
| crypt | Resulting ciphertext |
| len | Length of the plaintext |
This function is only used with internal TLSv1 implementation (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need to implement this.
| struct crypto_cipher* crypto_cipher_init | ( | enum crypto_cipher_alg | alg, |
| const u8 * | iv, | ||
| const u8 * | key, | ||
| size_t | key_len | ||
| ) | [read] |
Initialize block/stream cipher function.
| alg | Cipher algorithm |
| iv | Initialization vector for block ciphers or NULL for stream ciphers |
| key | Cipher key |
| key_len | Length of key in bytes |
This function is only used with internal TLSv1 implementation (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need to implement this.
| void crypto_global_deinit | ( | void | ) |
Deinitialize crypto wrapper.
This function is only used with internal TLSv1 implementation (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need to implement this.
| int __must_check crypto_global_init | ( | void | ) |
Initialize crypto wrapper.
This function is only used with internal TLSv1 implementation (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need to implement this.
| int crypto_hash_finish | ( | struct crypto_hash * | ctx, |
| u8 * | hash, | ||
| size_t * | len | ||
| ) |
Complete hash calculation.
| ctx | Context pointer from crypto_hash_init() |
| hash | Buffer for hash value or NULL if caller is just freeing the hash context |
| len | Pointer to length of the buffer or NULL if caller is just freeing the hash context; on return, this is set to the actual length of the hash value |
This function calculates the hash value and frees the context buffer that was used for hash calculation.
This function is only used with internal TLSv1 implementation (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need to implement this.
| struct crypto_hash* crypto_hash_init | ( | enum crypto_hash_alg | alg, |
| const u8 * | key, | ||
| size_t | key_len | ||
| ) | [read] |
Initialize hash/HMAC function.
| alg | Hash algorithm |
| key | Key for keyed hash (e.g., HMAC) or NULL if not needed |
| key_len | Length of the key in bytes |
This function is only used with internal TLSv1 implementation (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need to implement this.
| void crypto_hash_update | ( | struct crypto_hash * | ctx, |
| const u8 * | data, | ||
| size_t | len | ||
| ) |
Add data to hash calculation.
| ctx | Context pointer from crypto_hash_init() |
| data | Data buffer to add |
| len | Length of the buffer |
This function is only used with internal TLSv1 implementation (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need to implement this.
| int __must_check crypto_mod_exp | ( | const u8 * | base, |
| size_t | base_len, | ||
| const u8 * | power, | ||
| size_t | power_len, | ||
| const u8 * | modulus, | ||
| size_t | modulus_len, | ||
| u8 * | result, | ||
| size_t * | result_len | ||
| ) |
Modular exponentiation of large integers.
| base | Base integer (big endian byte array) |
| base_len | Length of base integer in bytes |
| power | Power integer (big endian byte array) |
| power_len | Length of power integer in bytes |
| modulus | Modulus integer (big endian byte array) |
| modulus_len | Length of modulus integer in bytes |
| result | Buffer for the result |
| result_len | Result length (max buffer size on input, real len on output) |
This function calculates result = base ^ power mod modulus. modules_len is used as the maximum size of modulus buffer. It is set to the used size on success.
This function is only used with internal TLSv1 implementation (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need to implement this.
| int __must_check crypto_private_key_decrypt_pkcs1_v15 | ( | struct crypto_private_key * | key, |
| const u8 * | in, | ||
| size_t | inlen, | ||
| u8 * | out, | ||
| size_t * | outlen | ||
| ) |
Private key decryption (PKCS #1 v1.5)
| key | Private key |
| in | Encrypted buffer |
| inlen | Length of encrypted buffer in bytes |
| out | Output buffer for encrypted data |
| outlen | Length of output buffer in bytes; set to used length on success |
This function is only used with internal TLSv1 implementation (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need to implement this.
| void crypto_private_key_free | ( | struct crypto_private_key * | key | ) |
Free private key.
| key | Private key from crypto_private_key_import() |
This function is only used with internal TLSv1 implementation (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need to implement this.
| struct crypto_private_key* crypto_private_key_import | ( | const u8 * | key, |
| size_t | len, | ||
| const char * | passwd | ||
| ) | [read] |
Import an RSA private key.
| key | Key buffer (DER encoded RSA private key) |
| len | Key buffer length in bytes |
| passwd | Key encryption password or NULL if key is not encrypted |
This function is only used with internal TLSv1 implementation (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need to implement this.
| int __must_check crypto_private_key_sign_pkcs1 | ( | struct crypto_private_key * | key, |
| const u8 * | in, | ||
| size_t | inlen, | ||
| u8 * | out, | ||
| size_t * | outlen | ||
| ) |
Sign with private key (PKCS #1)
| key | Private key from crypto_private_key_import() |
| in | Plaintext buffer |
| inlen | Length of plaintext buffer in bytes |
| out | Output buffer for encrypted (signed) data |
| outlen | Length of output buffer in bytes; set to used length on success |
This function is only used with internal TLSv1 implementation (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need to implement this.
| int __must_check crypto_public_key_decrypt_pkcs1 | ( | struct crypto_public_key * | key, |
| const u8 * | crypt, | ||
| size_t | crypt_len, | ||
| u8 * | plain, | ||
| size_t * | plain_len | ||
| ) |
Decrypt PKCS #1 signature.
| key | Public key |
| crypt | Encrypted signature data (using the private key) |
| crypt_len | Encrypted signature data length |
| plain | Buffer for plaintext (at least crypt_len bytes) |
| plain_len | Plaintext length (max buffer size on input, real len on output); |
| int __must_check crypto_public_key_encrypt_pkcs1_v15 | ( | struct crypto_public_key * | key, |
| const u8 * | in, | ||
| size_t | inlen, | ||
| u8 * | out, | ||
| size_t * | outlen | ||
| ) |
Public key encryption (PKCS #1 v1.5)
| key | Public key |
| in | Plaintext buffer |
| inlen | Length of plaintext buffer in bytes |
| out | Output buffer for encrypted data |
| outlen | Length of output buffer in bytes; set to used length on success |
This function is only used with internal TLSv1 implementation (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need to implement this.
| void crypto_public_key_free | ( | struct crypto_public_key * | key | ) |
Free public key.
| key | Public key |
This function is only used with internal TLSv1 implementation (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need to implement this.
| struct crypto_public_key* crypto_public_key_from_cert | ( | const u8 * | buf, |
| size_t | len | ||
| ) | [read] |
Import an RSA public key from a certificate.
| buf | DER encoded X.509 certificate |
| len | Certificate buffer length in bytes |
This function can just return NULL if the crypto library does not support X.509 parsing. In that case, internal code will be used to parse the certificate and public key is imported using crypto_public_key_import().
This function is only used with internal TLSv1 implementation (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need to implement this.
| struct crypto_public_key* crypto_public_key_import | ( | const u8 * | key, |
| size_t | len | ||
| ) | [read] |
Import an RSA public key.
| key | Key buffer (DER encoded RSA public key) |
| len | Key buffer length in bytes |
This function can just return NULL if the crypto library supports X.509 parsing. In that case, crypto_public_key_from_cert() is used to import the public key from a certificate.
This function is only used with internal TLSv1 implementation (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need to implement this.
| void des_encrypt | ( | const u8 * | clear, |
| const u8 * | key, | ||
| u8 * | cypher | ||
| ) |
Encrypt one block with DES.
| clear | 8 octets (in) |
| key | 7 octets (in) (no parity bits included) |
| cypher | 8 octets (out) |
| int __must_check fips186_2_prf | ( | const u8 * | seed, |
| size_t | seed_len, | ||
| u8 * | x, | ||
| size_t | xlen | ||
| ) |
NIST FIPS Publication 186-2 change notice 1 PRF.
| seed | Seed/key for the PRF |
| seed_len | Seed length in bytes |
| x | Buffer for PRF output |
| xlen | Output length in bytes |
This function implements random number generation specified in NIST FIPS Publication 186-2 for EAP-SIM. This PRF uses a function that is similar to SHA-1, but has different message padding.
| int md4_vector | ( | size_t | num_elem, |
| const u8 * | addr[], | ||
| const size_t * | len, | ||
| u8 * | mac | ||
| ) |
MD4 hash for data vector.
| num_elem | Number of elements in the data vector |
| addr | Pointers to the data areas |
| len | Lengths of the data blocks |
| mac | Buffer for the hash |
| int md5_vector | ( | size_t | num_elem, |
| const u8 * | addr[], | ||
| const size_t * | len, | ||
| u8 * | mac | ||
| ) |
MD5 hash for data vector.
| num_elem | Number of elements in the data vector |
| addr | Pointers to the data areas |
| len | Lengths of the data blocks |
| mac | Buffer for the hash |
| num_elem | Number of elements in the data vector |
| addr | Pointers to the data areas |
| len | Lengths of the data blocks |
| mac | Buffer for the hash |
| int rc4_skip | ( | const u8 * | key, |
| size_t | keylen, | ||
| size_t | skip, | ||
| u8 * | data, | ||
| size_t | data_len | ||
| ) |
XOR RC4 stream to given data with skip-stream-start.
| key | RC4 key |
| keylen | RC4 key length |
| skip | number of bytes to skip from the beginning of the RC4 stream |
| data | data to be XOR'ed with RC4 stream |
| data_len | buf length |
Generate RC4 pseudo random stream for the given key, skip beginning of the stream, and XOR the end result with the data buffer to perform RC4 encryption/decryption.
| int sha1_vector | ( | size_t | num_elem, |
| const u8 * | addr[], | ||
| const size_t * | len, | ||
| u8 * | mac | ||
| ) |
SHA-1 hash for data vector.
| num_elem | Number of elements in the data vector |
| addr | Pointers to the data areas |
| len | Lengths of the data blocks |
| mac | Buffer for the hash |
| num_elem | Number of elements in the data vector |
| addr | Pointers to the data areas |
| len | Lengths of the data blocks |
| mac | Buffer for the hash |
| int sha256_vector | ( | size_t | num_elem, |
| const u8 * | addr[], | ||
| const size_t * | len, | ||
| u8 * | mac | ||
| ) |
SHA256 hash for data vector.
| num_elem | Number of elements in the data vector |
| addr | Pointers to the data areas |
| len | Lengths of the data blocks |
| mac | Buffer for the hash |
| num_elem | Number of elements in the data vector |
| addr | Pointers to the data areas |
| len | Lengths of the data blocks |
| mac | Buffer for the hash |
1.7.3
