crypto.h File Reference

WPA Supplicant / wrapper functions for crypto libraries. More...

This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Enumerations
enum	crypto_hash_alg { CRYPTO_HASH_ALG_MD5, CRYPTO_HASH_ALG_SHA1, CRYPTO_HASH_ALG_HMAC_MD5, CRYPTO_HASH_ALG_HMAC_SHA1 }
enum	crypto_cipher_alg {   CRYPTO_CIPHER_NULL = 0, CRYPTO_CIPHER_ALG_AES, CRYPTO_CIPHER_ALG_3DES, CRYPTO_CIPHER_ALG_DES,   CRYPTO_CIPHER_ALG_RC2, CRYPTO_CIPHER_ALG_RC4 }
Functions
void	md4_vector (size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac)
	MD4 hash for data vector.
void	md5_vector (size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac)
	MD5 hash for data vector.
void	sha1_vector (size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac)
	SHA-1 hash for data vector.
int	fips186_2_prf (const u8 *seed, size_t seed_len, u8 *x, size_t xlen)
	NIST FIPS Publication 186-2 change notice 1 PRF.
void	sha256_vector (size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac)
	SHA256 hash for data vector.
void	des_encrypt (const u8 *clear, const u8 *key, u8 *cypher)
	Encrypt one block with DES.
void *	aes_encrypt_init (const u8 *key, size_t len)
	Initialize AES for encryption.
void	aes_encrypt (void *ctx, const u8 *plain, u8 *crypt)
	Encrypt one AES block.
void	aes_encrypt_deinit (void *ctx)
	Deinitialize AES encryption.
void *	aes_decrypt_init (const u8 *key, size_t len)
	Initialize AES for decryption.
void	aes_decrypt (void *ctx, const u8 *crypt, u8 *plain)
	Decrypt one AES block.
void	aes_decrypt_deinit (void *ctx)
	Deinitialize AES decryption.
crypto_hash *	crypto_hash_init (enum crypto_hash_alg alg, const u8 *key, size_t key_len)
	Initialize hash/HMAC function.
void	crypto_hash_update (struct crypto_hash *ctx, const u8 *data, size_t len)
	Add data to hash calculation.
int	crypto_hash_finish (struct crypto_hash *ctx, u8 *hash, size_t *len)
	Complete hash calculation.
crypto_cipher *	crypto_cipher_init (enum crypto_cipher_alg alg, const u8 *iv, const u8 *key, size_t key_len)
	Initialize block/stream cipher function.
int	crypto_cipher_encrypt (struct crypto_cipher *ctx, const u8 *plain, u8 *crypt, size_t len)
	Cipher encrypt.
int	crypto_cipher_decrypt (struct crypto_cipher *ctx, const u8 *crypt, u8 *plain, size_t len)
	Cipher decrypt.
void	crypto_cipher_deinit (struct crypto_cipher *ctx)
	Free cipher context.
crypto_public_key *	crypto_public_key_import (const u8 *key, size_t len)
	Import an RSA public key.
crypto_private_key *	crypto_private_key_import (const u8 *key, size_t len)
	Import an RSA private key.
crypto_public_key *	crypto_public_key_from_cert (const u8 *buf, size_t len)
	Import an RSA public key from a certificate.
int	crypto_public_key_encrypt_pkcs1_v15 (struct crypto_public_key *key, const u8 *in, size_t inlen, u8 *out, size_t *outlen)
	Public key encryption (PKCS #1 v1.5).
int	crypto_private_key_sign_pkcs1 (struct crypto_private_key *key, const u8 *in, size_t inlen, u8 *out, size_t *outlen)
	Sign with private key (PKCS #1).
void	crypto_public_key_free (struct crypto_public_key *key)
	Free public key.
void	crypto_private_key_free (struct crypto_private_key *key)
	Free private key.
int	crypto_public_key_decrypt_pkcs1 (struct crypto_public_key *key, const u8 *crypt, size_t crypt_len, u8 *plain, size_t *plain_len)
	Decrypt PKCS #1 signature.
int	crypto_global_init (void)
	Initialize crypto wrapper.
void	crypto_global_deinit (void)
	Deinitialize crypto wrapper.
int	crypto_mod_exp (const u8 *base, size_t base_len, const u8 *power, size_t power_len, const u8 *modulus, size_t modulus_len, u8 *result, size_t *result_len)
	Modular exponentiation of large integers.

---

Detailed Description

WPA Supplicant / wrapper functions for crypto libraries.

Copyright

Copyright (c) 2004-2005, Jouni Malinen <[email protected]>

This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License version 2 as published by the Free Software Foundation.

Alternatively, this software may be distributed under the terms of BSD license.

See README and COPYING for more details.

This file defines the cryptographic functions that need to be implemented for wpa_supplicant and hostapd. When TLS is not used, internal implementation of MD5, SHA1, and AES is used and no external libraries are required. When TLS is enabled (e.g., by enabling EAP-TLS or EAP-PEAP), the crypto library used by the TLS implementation is expected to be used for non-TLS needs, too, in order to save space by not implementing these functions twice.

Wrapper code for using each crypto library is in its own file (crypto*.c) and one of these files is build and linked in to provide the functions defined here.

Definition in file crypto.h.

---

Function Documentation

void aes_decrypt (  void *  ctx, const u8 *  crypt, u8 *  plain )

Decrypt one AES block. Parameters: ctx  Context pointer from aes_encrypt_init() crypt  Encrypted data (16 bytes) plain  Buffer for the decrypted data (16 bytes) Definition at line 1099 of file aes.c.

void aes_decrypt_deinit (  void *  ctx  )

Deinitialize AES decryption. Parameters: ctx  Context pointer from aes_encrypt_init() Definition at line 1105 of file aes.c.

void* aes_decrypt_init (  const u8 *  key, size_t  len )

Initialize AES for decryption. Parameters: key  Decryption key len  Key length in bytes (usually 16, i.e., 128 bits) Returns: Pointer to context data or NULL on failure Definition at line 1086 of file aes.c. Here is the call graph for this function:

void aes_encrypt (  void *  ctx, const u8 *  plain, u8 *  crypt )

Encrypt one AES block. Parameters: ctx  Context pointer from aes_encrypt_init() plain  Plaintext data to be encrypted (16 bytes) crypt  Buffer for the encrypted data (16 bytes) Definition at line 1074 of file aes.c.

void aes_encrypt_deinit (  void *  ctx  )

Deinitialize AES encryption. Parameters: ctx  Context pointer from aes_encrypt_init() Definition at line 1080 of file aes.c.

void* aes_encrypt_init (  const u8 *  key, size_t  len )

Initialize AES for encryption. Parameters: key  Encryption key len  Key length in bytes (usually 16, i.e., 128 bits) Returns: Pointer to context data or NULL on failure Definition at line 1061 of file aes.c. Here is the call graph for this function:

int crypto_cipher_decrypt (  struct crypto_cipher *  ctx, const u8 *  crypt, u8 *  plain, size_t  len )

Cipher decrypt. Parameters: ctx  Context pointer from crypto_cipher_init() crypt  Ciphertext to decrypt plain  Resulting plaintext len  Length of the cipher text Returns: 0 on success, -1 on failure This function is only used with internal TLSv1 implementation (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need to implement this.

void crypto_cipher_deinit (  struct crypto_cipher *  ctx  )

Free cipher context. Parameters: ctx  Context pointer from crypto_cipher_init() This function is only used with internal TLSv1 implementation (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need to implement this.

int crypto_cipher_encrypt (  struct crypto_cipher *  ctx, const u8 *  plain, u8 *  crypt, size_t  len )

Cipher encrypt. Parameters: ctx  Context pointer from crypto_cipher_init() plain  Plaintext to cipher crypt  Resulting ciphertext len  Length of the plaintext Returns: 0 on success, -1 on failure This function is only used with internal TLSv1 implementation (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need to implement this.

struct crypto_cipher* crypto_cipher_init (  enum crypto_cipher_alg  alg, const u8 *  iv, const u8 *  key, size_t  key_len )

Initialize block/stream cipher function. Parameters: alg  Cipher algorithm iv  Initialization vector for block ciphers or NULL for stream ciphers key  Cipher key key_len  Length of key in bytes Returns: Pointer to cipher context to use with other cipher functions or NULL on failure This function is only used with internal TLSv1 implementation (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need to implement this.

void crypto_global_deinit (  void   )

Deinitialize crypto wrapper. This function is only used with internal TLSv1 implementation (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need to implement this.

int crypto_global_init (  void   )

Initialize crypto wrapper. This function is only used with internal TLSv1 implementation (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need to implement this.

int crypto_hash_finish (  struct crypto_hash *  ctx, u8 *  hash, size_t *  len )

Complete hash calculation. Parameters: ctx  Context pointer from crypto_hash_init() hash  Buffer for hash value or NULL if caller is just freeing the hash context len  Pointer to length of the buffer or NULL if caller is just freeing the hash context; on return, this is set to the actual length of the hash value Returns: 0 on success, -1 if buffer is too small (len set to needed length), or -2 on other failures (including failed crypto_hash_update() operations) This function calculates the hash value and frees the context buffer that was used for hash calculation. This function is only used with internal TLSv1 implementation (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need to implement this.

struct crypto_hash* crypto_hash_init (  enum crypto_hash_alg  alg, const u8 *  key, size_t  key_len )

Initialize hash/HMAC function. Parameters: alg  Hash algorithm key  Key for keyed hash (e.g., HMAC) or NULL if not needed key_len  Length of the key in bytes Returns: Pointer to hash context to use with other hash functions or NULL on failure This function is only used with internal TLSv1 implementation (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need to implement this.

void crypto_hash_update (  struct crypto_hash *  ctx, const u8 *  data, size_t  len )

Add data to hash calculation. Parameters: ctx  Context pointer from crypto_hash_init() data  Data buffer to add len  Length of the buffer This function is only used with internal TLSv1 implementation (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need to implement this.

int crypto_mod_exp (  const u8 *  base, size_t  base_len, const u8 *  power, size_t  power_len, const u8 *  modulus, size_t  modulus_len, u8 *  result, size_t *  result_len )

Modular exponentiation of large integers. Parameters: base  Base integer (big endian byte array) base_len  Length of base integer in bytes power  Power integer (big endian byte array) power_len  Length of power integer in bytes modulus  Modulus integer (big endian byte array) modulus_len  Length of modulus integer in bytes result  Buffer for the result result_len  Result length (max buffer size on input, real len on output) Returns: 0 on success, -1 on failure This function calculates result = base ^ power mod modulus. modules_len is used as the maximum size of modulus buffer. It is set to the used size on success. This function is only used with internal TLSv1 implementation (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need to implement this.

void crypto_private_key_free (  struct crypto_private_key *  key  )

Free private key. Parameters: key  Private key from crypto_private_key_import() This function is only used with internal TLSv1 implementation (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need to implement this.

struct crypto_private_key* crypto_private_key_import (  const u8 *  key, size_t  len )

Import an RSA private key. Parameters: key  Key buffer (DER encoded RSA private key) len  Key buffer length in bytes Returns: Pointer to the private key or NULL on failure This function is only used with internal TLSv1 implementation (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need to implement this.

int crypto_private_key_sign_pkcs1 (  struct crypto_private_key *  key, const u8 *  in, size_t  inlen, u8 *  out, size_t *  outlen )

Sign with private key (PKCS #1). Parameters: key  Private key from crypto_private_key_import() in  Plaintext buffer inlen  Length of plaintext buffer in bytes out  Output buffer for encrypted (signed) data outlen  Length of output buffer in bytes; set to used length on success Returns: 0 on success, -1 on failure This function is only used with internal TLSv1 implementation (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need to implement this.

int crypto_public_key_decrypt_pkcs1 (  struct crypto_public_key *  key, const u8 *  crypt, size_t  crypt_len, u8 *  plain, size_t *  plain_len )

Decrypt PKCS #1 signature. Parameters: key  Public key crypt  Encrypted signature data (using the private key) crypt_len  Encrypted signature data length plain  Buffer for plaintext (at least crypt_len bytes) plain_len  Plaintext length (max buffer size on input, real len on output); Returns: 0 on success, -1 on failure

int crypto_public_key_encrypt_pkcs1_v15 (  struct crypto_public_key *  key, const u8 *  in, size_t  inlen, u8 *  out, size_t *  outlen )

Public key encryption (PKCS #1 v1.5). Parameters: key  Public key in  Plaintext buffer inlen  Length of plaintext buffer in bytes out  Output buffer for encrypted data outlen  Length of output buffer in bytes; set to used length on success Returns: 0 on success, -1 on failure This function is only used with internal TLSv1 implementation (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need to implement this.

void crypto_public_key_free (  struct crypto_public_key *  key  )

Free public key. Parameters: key  Public key This function is only used with internal TLSv1 implementation (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need to implement this.

struct crypto_public_key* crypto_public_key_from_cert (  const u8 *  buf, size_t  len )

Import an RSA public key from a certificate. Parameters: buf  DER encoded X.509 certificate len  Certificate buffer length in bytes Returns: Pointer to public key or NULL on failure This function can just return NULL if the crypto library does not support X.509 parsing. In that case, internal code will be used to parse the certificate and public key is imported using crypto_public_key_import(). This function is only used with internal TLSv1 implementation (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need to implement this.

struct crypto_public_key* crypto_public_key_import (  const u8 *  key, size_t  len )

Import an RSA public key. Parameters: key  Key buffer (DER encoded RSA public key) len  Key buffer length in bytes Returns: Pointer to the public key or NULL on failure This function can just return NULL if the crypto library supports X.509 parsing. In that case, crypto_public_key_from_cert() is used to import the public key from a certificate. This function is only used with internal TLSv1 implementation (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need to implement this.

void des_encrypt (  const u8 *  clear, const u8 *  key, u8 *  cypher )

Encrypt one block with DES. Parameters: clear  8 octets (in) key  7 octets (in) (no parity bits included) cypher  8 octets (out) Definition at line 48 of file crypto.c.

int fips186_2_prf (  const u8 *  seed, size_t  seed_len, u8 *  x, size_t  xlen )

NIST FIPS Publication 186-2 change notice 1 PRF. Parameters: seed  Seed/key for the PRF seed_len  Seed length in bytes x  Buffer for PRF output xlen  Output length in bytes Returns: 0 on success, -1 on failure This function implements random number generation specified in NIST FIPS Publication 186-2 for EAP-SIM. This PRF uses a function that is similar to SHA-1, but has different message padding.

void md4_vector (  size_t  num_elem, const u8 *  addr[], const size_t *  len, u8 *  mac )

MD4 hash for data vector. Parameters: num_elem  Number of elements in the data vector addr  Pointers to the data areas len  Lengths of the data blocks mac  Buffer for the hash Definition at line 36 of file crypto.c.

void md5_vector (  size_t  num_elem, const u8 *  addr[], const size_t *  len, u8 *  mac )

MD5 hash for data vector. Parameters: num_elem  Number of elements in the data vector addr  Pointers to the data areas len  Lengths of the data blocks mac  Buffer for the hash

void sha1_vector (  size_t  num_elem, const u8 *  addr[], const size_t *  len, u8 *  mac )

SHA-1 hash for data vector. Parameters: num_elem  Number of elements in the data vector addr  Pointers to the data areas len  Lengths of the data blocks mac  Buffer for the hash

void sha256_vector (  size_t  num_elem, const u8 *  addr[], const size_t *  len, u8 *  mac )

SHA256 hash for data vector. Parameters: num_elem  Number of elements in the data vector addr  Pointers to the data areas len  Lengths of the data blocks mac  Buffer for the hash

---