1218822Sdim/* 238889Sjdp * WPA Supplicant / wrapper functions for crypto libraries 3218822Sdim * Copyright (c) 2004-2009, Jouni Malinen <j@w1.fi> 4218822Sdim * 5218822Sdim * This software may be distributed under the terms of the BSD license. 6218822Sdim * See README for more details. 7218822Sdim * 838889Sjdp * This file defines the cryptographic functions that need to be implemented 9218822Sdim * for wpa_supplicant and hostapd. When TLS is not used, internal 10218822Sdim * implementation of MD5, SHA1, and AES is used and no external libraries are 11218822Sdim * required. When TLS is enabled (e.g., by enabling EAP-TLS or EAP-PEAP), the 12218822Sdim * crypto library used by the TLS implementation is expected to be used for 1338889Sjdp * non-TLS needs, too, in order to save space by not implementing these 14218822Sdim * functions twice. 15218822Sdim * 16218822Sdim * Wrapper code for using each crypto library is in its own file (crypto*.c) 17218822Sdim * and one of these files is build and linked in to provide the functions 18218822Sdim * defined here. 1938889Sjdp */ 20218822Sdim 21218822Sdim#ifndef CRYPTO_H 22218822Sdim#define CRYPTO_H 23218822Sdim 24218822Sdim/** 25218822Sdim * md4_vector - MD4 hash for data vector 26218822Sdim * @num_elem: Number of elements in the data vector 27218822Sdim * @addr: Pointers to the data areas 28218822Sdim * @len: Lengths of the data blocks 29218822Sdim * @mac: Buffer for the hash 30218822Sdim * Returns: 0 on success, -1 on failure 31218822Sdim */ 32218822Sdimint md4_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac); 33218822Sdim 34218822Sdim/** 35218822Sdim * md5_vector - MD5 hash for data vector 36218822Sdim * @num_elem: Number of elements in the data vector 37218822Sdim * @addr: Pointers to the data areas 38218822Sdim * @len: Lengths of the data blocks 39218822Sdim * @mac: Buffer for the hash 40218822Sdim * Returns: 0 on success, -1 on failure 41218822Sdim */ 42218822Sdimint md5_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac); 43218822Sdim 44218822Sdim 45218822Sdim/** 46218822Sdim * sha1_vector - SHA-1 hash for data vector 47218822Sdim * @num_elem: Number of elements in the data vector 48218822Sdim * @addr: Pointers to the data areas 49218822Sdim * @len: Lengths of the data blocks 50218822Sdim * @mac: Buffer for the hash 51218822Sdim * Returns: 0 on success, -1 on failure 52218822Sdim */ 53218822Sdimint sha1_vector(size_t num_elem, const u8 *addr[], const size_t *len, 54218822Sdim u8 *mac); 55218822Sdim 56218822Sdim/** 57218822Sdim * fips186_2-prf - NIST FIPS Publication 186-2 change notice 1 PRF 58218822Sdim * @seed: Seed/key for the PRF 59218822Sdim * @seed_len: Seed length in bytes 60218822Sdim * @x: Buffer for PRF output 61218822Sdim * @xlen: Output length in bytes 62218822Sdim * Returns: 0 on success, -1 on failure 63218822Sdim * 64218822Sdim * This function implements random number generation specified in NIST FIPS 65218822Sdim * Publication 186-2 for EAP-SIM. This PRF uses a function that is similar to 66218822Sdim * SHA-1, but has different message padding. 67218822Sdim */ 68218822Sdimint __must_check fips186_2_prf(const u8 *seed, size_t seed_len, u8 *x, 69218822Sdim size_t xlen); 70218822Sdim 71218822Sdim/** 72218822Sdim * sha256_vector - SHA256 hash for data vector 73218822Sdim * @num_elem: Number of elements in the data vector 74218822Sdim * @addr: Pointers to the data areas 75218822Sdim * @len: Lengths of the data blocks 76218822Sdim * @mac: Buffer for the hash 77218822Sdim * Returns: 0 on success, -1 on failure 78218822Sdim */ 79218822Sdimint sha256_vector(size_t num_elem, const u8 *addr[], const size_t *len, 80218822Sdim u8 *mac); 81218822Sdim 82218822Sdim/** 83218822Sdim * des_encrypt - Encrypt one block with DES 8477298Sobrien * @clear: 8 octets (in) 8577298Sobrien * @key: 7 octets (in) (no parity bits included) 86218822Sdim * @cypher: 8 octets (out) 87218822Sdim */ 88218822Sdimvoid des_encrypt(const u8 *clear, const u8 *key, u8 *cypher); 89218822Sdim 90218822Sdim/** 91218822Sdim * aes_encrypt_init - Initialize AES for encryption 92218822Sdim * @key: Encryption key 93218822Sdim * @len: Key length in bytes (usually 16, i.e., 128 bits) 94218822Sdim * Returns: Pointer to context data or %NULL on failure 95218822Sdim */ 96218822Sdimvoid * aes_encrypt_init(const u8 *key, size_t len); 97218822Sdim 98218822Sdim/** 99218822Sdim * aes_encrypt - Encrypt one AES block 100218822Sdim * @ctx: Context pointer from aes_encrypt_init() 101218822Sdim * @plain: Plaintext data to be encrypted (16 bytes) 102218822Sdim * @crypt: Buffer for the encrypted data (16 bytes) 103218822Sdim */ 104218822Sdimvoid aes_encrypt(void *ctx, const u8 *plain, u8 *crypt); 105218822Sdim 106218822Sdim/** 107218822Sdim * aes_encrypt_deinit - Deinitialize AES encryption 108218822Sdim * @ctx: Context pointer from aes_encrypt_init() 109218822Sdim */ 110218822Sdimvoid aes_encrypt_deinit(void *ctx); 111218822Sdim 112218822Sdim/** 113218822Sdim * aes_decrypt_init - Initialize AES for decryption 114218822Sdim * @key: Decryption key 115218822Sdim * @len: Key length in bytes (usually 16, i.e., 128 bits) 116218822Sdim * Returns: Pointer to context data or %NULL on failure 117218822Sdim */ 118218822Sdimvoid * aes_decrypt_init(const u8 *key, size_t len); 119218822Sdim 120218822Sdim/** 121218822Sdim * aes_decrypt - Decrypt one AES block 122218822Sdim * @ctx: Context pointer from aes_encrypt_init() 123218822Sdim * @crypt: Encrypted data (16 bytes) 124218822Sdim * @plain: Buffer for the decrypted data (16 bytes) 125218822Sdim */ 126218822Sdimvoid aes_decrypt(void *ctx, const u8 *crypt, u8 *plain); 127218822Sdim 128218822Sdim/** 129218822Sdim * aes_decrypt_deinit - Deinitialize AES decryption 130218822Sdim * @ctx: Context pointer from aes_encrypt_init() 131218822Sdim */ 132218822Sdimvoid aes_decrypt_deinit(void *ctx); 133218822Sdim 134218822Sdim 135218822Sdimenum crypto_hash_alg { 136218822Sdim CRYPTO_HASH_ALG_MD5, CRYPTO_HASH_ALG_SHA1, 137218822Sdim CRYPTO_HASH_ALG_HMAC_MD5, CRYPTO_HASH_ALG_HMAC_SHA1, 138218822Sdim CRYPTO_HASH_ALG_SHA256, CRYPTO_HASH_ALG_HMAC_SHA256 139218822Sdim}; 140218822Sdim 141218822Sdimstruct crypto_hash; 142218822Sdim 143218822Sdim/** 144218822Sdim * crypto_hash_init - Initialize hash/HMAC function 145218822Sdim * @alg: Hash algorithm 146218822Sdim * @key: Key for keyed hash (e.g., HMAC) or %NULL if not needed 147218822Sdim * @key_len: Length of the key in bytes 148218822Sdim * Returns: Pointer to hash context to use with other hash functions or %NULL 149218822Sdim * on failure 150218822Sdim * 151218822Sdim * This function is only used with internal TLSv1 implementation 152218822Sdim * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need 153218822Sdim * to implement this. 154218822Sdim */ 155218822Sdimstruct crypto_hash * crypto_hash_init(enum crypto_hash_alg alg, const u8 *key, 156218822Sdim size_t key_len); 157218822Sdim 158218822Sdim/** 159218822Sdim * crypto_hash_update - Add data to hash calculation 160218822Sdim * @ctx: Context pointer from crypto_hash_init() 161218822Sdim * @data: Data buffer to add 162218822Sdim * @len: Length of the buffer 163218822Sdim * 164218822Sdim * This function is only used with internal TLSv1 implementation 165218822Sdim * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need 166218822Sdim * to implement this. 167218822Sdim */ 168218822Sdimvoid crypto_hash_update(struct crypto_hash *ctx, const u8 *data, size_t len); 169218822Sdim 170218822Sdim/** 171218822Sdim * crypto_hash_finish - Complete hash calculation 172218822Sdim * @ctx: Context pointer from crypto_hash_init() 173218822Sdim * @hash: Buffer for hash value or %NULL if caller is just freeing the hash 174218822Sdim * context 175218822Sdim * @len: Pointer to length of the buffer or %NULL if caller is just freeing the 176218822Sdim * hash context; on return, this is set to the actual length of the hash value 177218822Sdim * Returns: 0 on success, -1 if buffer is too small (len set to needed length), 178218822Sdim * or -2 on other failures (including failed crypto_hash_update() operations) 179218822Sdim * 180218822Sdim * This function calculates the hash value and frees the context buffer that 181218822Sdim * was used for hash calculation. 182218822Sdim * 183218822Sdim * This function is only used with internal TLSv1 implementation 184218822Sdim * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need 185218822Sdim * to implement this. 186218822Sdim */ 187218822Sdimint crypto_hash_finish(struct crypto_hash *ctx, u8 *hash, size_t *len); 188218822Sdim 189218822Sdim 190218822Sdimenum crypto_cipher_alg { 191218822Sdim CRYPTO_CIPHER_NULL = 0, CRYPTO_CIPHER_ALG_AES, CRYPTO_CIPHER_ALG_3DES, 192218822Sdim CRYPTO_CIPHER_ALG_DES, CRYPTO_CIPHER_ALG_RC2, CRYPTO_CIPHER_ALG_RC4 193218822Sdim}; 194218822Sdim 195218822Sdimstruct crypto_cipher; 196218822Sdim 197218822Sdim/** 198218822Sdim * crypto_cipher_init - Initialize block/stream cipher function 199218822Sdim * @alg: Cipher algorithm 200218822Sdim * @iv: Initialization vector for block ciphers or %NULL for stream ciphers 201218822Sdim * @key: Cipher key 202218822Sdim * @key_len: Length of key in bytes 203218822Sdim * Returns: Pointer to cipher context to use with other cipher functions or 204218822Sdim * %NULL on failure 205218822Sdim * 206218822Sdim * This function is only used with internal TLSv1 implementation 207218822Sdim * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need 208218822Sdim * to implement this. 209218822Sdim */ 210218822Sdimstruct crypto_cipher * crypto_cipher_init(enum crypto_cipher_alg alg, 211218822Sdim const u8 *iv, const u8 *key, 212218822Sdim size_t key_len); 213218822Sdim 214218822Sdim/** 215218822Sdim * crypto_cipher_encrypt - Cipher encrypt 216218822Sdim * @ctx: Context pointer from crypto_cipher_init() 217218822Sdim * @plain: Plaintext to cipher 218218822Sdim * @crypt: Resulting ciphertext 219218822Sdim * @len: Length of the plaintext 220218822Sdim * Returns: 0 on success, -1 on failure 221218822Sdim * 222218822Sdim * This function is only used with internal TLSv1 implementation 223218822Sdim * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need 224218822Sdim * to implement this. 225218822Sdim */ 226218822Sdimint __must_check crypto_cipher_encrypt(struct crypto_cipher *ctx, 227218822Sdim const u8 *plain, u8 *crypt, size_t len); 228218822Sdim 229218822Sdim/** 230218822Sdim * crypto_cipher_decrypt - Cipher decrypt 231218822Sdim * @ctx: Context pointer from crypto_cipher_init() 232218822Sdim * @crypt: Ciphertext to decrypt 233218822Sdim * @plain: Resulting plaintext 234218822Sdim * @len: Length of the cipher text 235218822Sdim * Returns: 0 on success, -1 on failure 236218822Sdim * 237218822Sdim * This function is only used with internal TLSv1 implementation 238218822Sdim * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need 239218822Sdim * to implement this. 240218822Sdim */ 241218822Sdimint __must_check crypto_cipher_decrypt(struct crypto_cipher *ctx, 242218822Sdim const u8 *crypt, u8 *plain, size_t len); 24377298Sobrien 244218822Sdim/** 245218822Sdim * crypto_cipher_decrypt - Free cipher context 246218822Sdim * @ctx: Context pointer from crypto_cipher_init() 247218822Sdim * 248218822Sdim * This function is only used with internal TLSv1 implementation 24977298Sobrien * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need 25077298Sobrien * to implement this. 251218822Sdim */ 252218822Sdimvoid crypto_cipher_deinit(struct crypto_cipher *ctx); 253218822Sdim 254218822Sdim 255218822Sdimstruct crypto_public_key; 256218822Sdimstruct crypto_private_key; 257218822Sdim 258218822Sdim/** 25977298Sobrien * crypto_public_key_import - Import an RSA public key 26077298Sobrien * @key: Key buffer (DER encoded RSA public key) 261218822Sdim * @len: Key buffer length in bytes 262218822Sdim * Returns: Pointer to the public key or %NULL on failure 263218822Sdim * 264218822Sdim * This function can just return %NULL if the crypto library supports X.509 265218822Sdim * parsing. In that case, crypto_public_key_from_cert() is used to import the 266218822Sdim * public key from a certificate. 267218822Sdim * 268218822Sdim * This function is only used with internal TLSv1 implementation 269218822Sdim * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need 270218822Sdim * to implement this. 271218822Sdim */ 272218822Sdimstruct crypto_public_key * crypto_public_key_import(const u8 *key, size_t len); 273218822Sdim 274130561Sobrien/** 275218822Sdim * crypto_private_key_import - Import an RSA private key 276130561Sobrien * @key: Key buffer (DER encoded RSA private key) 277218822Sdim * @len: Key buffer length in bytes 278218822Sdim * @passwd: Key encryption password or %NULL if key is not encrypted 279218822Sdim * Returns: Pointer to the private key or %NULL on failure 280218822Sdim * 281218822Sdim * This function is only used with internal TLSv1 implementation 282218822Sdim * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need 283130561Sobrien * to implement this. 284218822Sdim */ 28538889Sjdpstruct crypto_private_key * crypto_private_key_import(const u8 *key, 286218822Sdim size_t len, 287218822Sdim const char *passwd); 288218822Sdim 289218822Sdim/** 290218822Sdim * crypto_public_key_from_cert - Import an RSA public key from a certificate 291218822Sdim * @buf: DER encoded X.509 certificate 292218822Sdim * @len: Certificate buffer length in bytes 293218822Sdim * Returns: Pointer to public key or %NULL on failure 294218822Sdim * 295218822Sdim * This function can just return %NULL if the crypto library does not support 296218822Sdim * X.509 parsing. In that case, internal code will be used to parse the 297218822Sdim * certificate and public key is imported using crypto_public_key_import(). 298218822Sdim * 299218822Sdim * This function is only used with internal TLSv1 implementation 300218822Sdim * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need 301218822Sdim * to implement this. 302218822Sdim */ 303218822Sdimstruct crypto_public_key * crypto_public_key_from_cert(const u8 *buf, 304218822Sdim size_t len); 305218822Sdim 306218822Sdim/** 307218822Sdim * crypto_public_key_encrypt_pkcs1_v15 - Public key encryption (PKCS #1 v1.5) 308218822Sdim * @key: Public key 309218822Sdim * @in: Plaintext buffer 310218822Sdim * @inlen: Length of plaintext buffer in bytes 311218822Sdim * @out: Output buffer for encrypted data 312218822Sdim * @outlen: Length of output buffer in bytes; set to used length on success 313218822Sdim * Returns: 0 on success, -1 on failure 314218822Sdim * 315218822Sdim * This function is only used with internal TLSv1 implementation 316218822Sdim * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need 317218822Sdim * to implement this. 318218822Sdim */ 319218822Sdimint __must_check crypto_public_key_encrypt_pkcs1_v15( 320218822Sdim struct crypto_public_key *key, const u8 *in, size_t inlen, 321218822Sdim u8 *out, size_t *outlen); 322218822Sdim 323218822Sdim/** 324218822Sdim * crypto_private_key_decrypt_pkcs1_v15 - Private key decryption (PKCS #1 v1.5) 325218822Sdim * @key: Private key 326218822Sdim * @in: Encrypted buffer 327218822Sdim * @inlen: Length of encrypted buffer in bytes 32838889Sjdp * @out: Output buffer for encrypted data 32938889Sjdp * @outlen: Length of output buffer in bytes; set to used length on success 330218822Sdim * Returns: 0 on success, -1 on failure 331218822Sdim * 332218822Sdim * This function is only used with internal TLSv1 implementation 333218822Sdim * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need 334218822Sdim * to implement this. 335218822Sdim */ 336218822Sdimint __must_check crypto_private_key_decrypt_pkcs1_v15( 337218822Sdim struct crypto_private_key *key, const u8 *in, size_t inlen, 338218822Sdim u8 *out, size_t *outlen); 339218822Sdim 340218822Sdim/** 341218822Sdim * crypto_private_key_sign_pkcs1 - Sign with private key (PKCS #1) 342218822Sdim * @key: Private key from crypto_private_key_import() 343218822Sdim * @in: Plaintext buffer 344218822Sdim * @inlen: Length of plaintext buffer in bytes 345218822Sdim * @out: Output buffer for encrypted (signed) data 346218822Sdim * @outlen: Length of output buffer in bytes; set to used length on success 347218822Sdim * Returns: 0 on success, -1 on failure 348218822Sdim * 349218822Sdim * This function is only used with internal TLSv1 implementation 350218822Sdim * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need 351218822Sdim * to implement this. 352218822Sdim */ 353218822Sdimint __must_check crypto_private_key_sign_pkcs1(struct crypto_private_key *key, 354218822Sdim const u8 *in, size_t inlen, 355218822Sdim u8 *out, size_t *outlen); 356218822Sdim 357218822Sdim/** 358218822Sdim * crypto_public_key_free - Free public key 359218822Sdim * @key: Public key 360218822Sdim * 361218822Sdim * This function is only used with internal TLSv1 implementation 362218822Sdim * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need 363218822Sdim * to implement this. 364218822Sdim */ 365218822Sdimvoid crypto_public_key_free(struct crypto_public_key *key); 366218822Sdim 367218822Sdim/** 368218822Sdim * crypto_private_key_free - Free private key 369218822Sdim * @key: Private key from crypto_private_key_import() 370218822Sdim * 371218822Sdim * This function is only used with internal TLSv1 implementation 372218822Sdim * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need 373218822Sdim * to implement this. 374218822Sdim */ 375218822Sdimvoid crypto_private_key_free(struct crypto_private_key *key); 376218822Sdim 377218822Sdim/** 378218822Sdim * crypto_public_key_decrypt_pkcs1 - Decrypt PKCS #1 signature 379218822Sdim * @key: Public key 38094536Sobrien * @crypt: Encrypted signature data (using the private key) 381218822Sdim * @crypt_len: Encrypted signature data length 382218822Sdim * @plain: Buffer for plaintext (at least crypt_len bytes) 383218822Sdim * @plain_len: Plaintext length (max buffer size on input, real len on output); 384218822Sdim * Returns: 0 on success, -1 on failure 385218822Sdim */ 386218822Sdimint __must_check crypto_public_key_decrypt_pkcs1( 387218822Sdim struct crypto_public_key *key, const u8 *crypt, size_t crypt_len, 388218822Sdim u8 *plain, size_t *plain_len); 389218822Sdim 39038889Sjdp/** 39138889Sjdp * crypto_global_init - Initialize crypto wrapper 39238889Sjdp * 393218822Sdim * This function is only used with internal TLSv1 implementation 394218822Sdim * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need 395218822Sdim * to implement this. 396218822Sdim */ 397218822Sdimint __must_check crypto_global_init(void); 398218822Sdim 399218822Sdim/** 400218822Sdim * crypto_global_deinit - Deinitialize crypto wrapper 401218822Sdim * 402218822Sdim * This function is only used with internal TLSv1 implementation 403218822Sdim * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need 404218822Sdim * to implement this. 405218822Sdim */ 406218822Sdimvoid crypto_global_deinit(void); 407218822Sdim 408218822Sdim/** 409218822Sdim * crypto_mod_exp - Modular exponentiation of large integers 410218822Sdim * @base: Base integer (big endian byte array) 411218822Sdim * @base_len: Length of base integer in bytes 412218822Sdim * @power: Power integer (big endian byte array) 413218822Sdim * @power_len: Length of power integer in bytes 414218822Sdim * @modulus: Modulus integer (big endian byte array) 415218822Sdim * @modulus_len: Length of modulus integer in bytes 416218822Sdim * @result: Buffer for the result 417218822Sdim * @result_len: Result length (max buffer size on input, real len on output) 418218822Sdim * Returns: 0 on success, -1 on failure 419218822Sdim * 420218822Sdim * This function calculates result = base ^ power mod modulus. modules_len is 421218822Sdim * used as the maximum size of modulus buffer. It is set to the used size on 422218822Sdim * success. 423218822Sdim * 424218822Sdim * This function is only used with internal TLSv1 implementation 425218822Sdim * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need 426218822Sdim * to implement this. 427218822Sdim */ 428218822Sdimint __must_check crypto_mod_exp(const u8 *base, size_t base_len, 429218822Sdim const u8 *power, size_t power_len, 430218822Sdim const u8 *modulus, size_t modulus_len, 431218822Sdim u8 *result, size_t *result_len); 432218822Sdim 433218822Sdim/** 434218822Sdim * rc4_skip - XOR RC4 stream to given data with skip-stream-start 435218822Sdim * @key: RC4 key 436218822Sdim * @keylen: RC4 key length 437218822Sdim * @skip: number of bytes to skip from the beginning of the RC4 stream 438218822Sdim * @data: data to be XOR'ed with RC4 stream 439218822Sdim * @data_len: buf length 440218822Sdim * Returns: 0 on success, -1 on failure 441218822Sdim * 442218822Sdim * Generate RC4 pseudo random stream for the given key, skip beginning of the 443218822Sdim * stream, and XOR the end result with the data buffer to perform RC4 444218822Sdim * encryption/decryption. 445218822Sdim */ 446218822Sdimint rc4_skip(const u8 *key, size_t keylen, size_t skip, 447218822Sdim u8 *data, size_t data_len); 448218822Sdim 449218822Sdim/** 450218822Sdim * crypto_get_random - Generate cryptographically strong pseudy-random bytes 451218822Sdim * @buf: Buffer for data 452218822Sdim * @len: Number of bytes to generate 453218822Sdim * Returns: 0 on success, -1 on failure 454218822Sdim * 455218822Sdim * If the PRNG does not have enough entropy to ensure unpredictable byte 456218822Sdim * sequence, this functions must return -1. 457218822Sdim */ 458218822Sdimint crypto_get_random(void *buf, size_t len); 459218822Sdim 460218822Sdim#endif /* CRYPTO_H */ 461218822Sdim