1 /* 2 * WPA Supplicant / wrapper functions for crypto libraries 3 * Copyright (c) 2004-2009, Jouni Malinen <j@w1.fi> 4 * 5 * This program is free software; you can redistribute it and/or modify 6 * it under the terms of the GNU General Public License version 2 as 7 * published by the Free Software Foundation. 8 * 9 * Alternatively, this software may be distributed under the terms of BSD 10 * license. 11 * 12 * See README and COPYING for more details. 13 * 14 * This file defines the cryptographic functions that need to be implemented 15 * for wpa_supplicant and hostapd. When TLS is not used, internal 16 * implementation of MD5, SHA1, and AES is used and no external libraries are 17 * required. When TLS is enabled (e.g., by enabling EAP-TLS or EAP-PEAP), the 18 * crypto library used by the TLS implementation is expected to be used for 19 * non-TLS needs, too, in order to save space by not implementing these 20 * functions twice. 21 * 22 * Wrapper code for using each crypto library is in its own file (crypto*.c) 23 * and one of these files is build and linked in to provide the functions 24 * defined here. 25 */ 26 27 #ifndef CRYPTO_H 28 #define CRYPTO_H 29 30 #include "utils/common.h" 31 32 /** 33 * md4_vector - MD4 hash for data vector 34 * @num_elem: Number of elements in the data vector 35 * @addr: Pointers to the data areas 36 * @len: Lengths of the data blocks 37 * @mac: Buffer for the hash 38 * Returns: 0 on success, -1 on failure 39 */ 40 int md4_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac); 41 42 /** 43 * md5_vector - MD5 hash for data vector 44 * @num_elem: Number of elements in the data vector 45 * @addr: Pointers to the data areas 46 * @len: Lengths of the data blocks 47 * @mac: Buffer for the hash 48 * Returns: 0 on success, -1 on failure 49 */ 50 int md5_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac); 51 52 #ifdef CONFIG_FIPS 53 /** 54 * md5_vector_non_fips_allow - MD5 hash for data vector (non-FIPS use allowed) 55 * @num_elem: Number of elements in the data vector 56 * @addr: Pointers to the data areas 57 * @len: Lengths of the data blocks 58 * @mac: Buffer for the hash 59 * Returns: 0 on success, -1 on failure 60 */ 61 int md5_vector_non_fips_allow(size_t num_elem, const u8 *addr[], 62 const size_t *len, u8 *mac); 63 #else /* CONFIG_FIPS */ 64 #define md5_vector_non_fips_allow md5_vector 65 #endif /* CONFIG_FIPS */ 66 67 68 /** 69 * sha1_vector - SHA-1 hash for data vector 70 * @num_elem: Number of elements in the data vector 71 * @addr: Pointers to the data areas 72 * @len: Lengths of the data blocks 73 * @mac: Buffer for the hash 74 * Returns: 0 on success, -1 on failure 75 */ 76 int sha1_vector(size_t num_elem, const u8 *addr[], const size_t *len, 77 u8 *mac); 78 79 /** 80 * fips186_2-prf - NIST FIPS Publication 186-2 change notice 1 PRF 81 * @seed: Seed/key for the PRF 82 * @seed_len: Seed length in bytes 83 * @x: Buffer for PRF output 84 * @xlen: Output length in bytes 85 * Returns: 0 on success, -1 on failure 86 * 87 * This function implements random number generation specified in NIST FIPS 88 * Publication 186-2 for EAP-SIM. This PRF uses a function that is similar to 89 * SHA-1, but has different message padding. 90 */ 91 int __must_check fips186_2_prf(const u8 *seed, size_t seed_len, u8 *x, 92 size_t xlen); 93 94 /** 95 * sha256_vector - SHA256 hash for data vector 96 * @num_elem: Number of elements in the data vector 97 * @addr: Pointers to the data areas 98 * @len: Lengths of the data blocks 99 * @mac: Buffer for the hash 100 * Returns: 0 on success, -1 on failure 101 */ 102 int sha256_vector(size_t num_elem, const u8 *addr[], const size_t *len, 103 u8 *mac); 104 105 /** 106 * des_encrypt - Encrypt one block with DES 107 * @clear: 8 octets (in) 108 * @key: 7 octets (in) (no parity bits included) 109 * @cypher: 8 octets (out) 110 */ 111 void des_encrypt(const u8 *clear, const u8 *key, u8 *cypher); 112 113 /** 114 * aes_encrypt_init - Initialize AES for encryption 115 * @key: Encryption key 116 * @len: Key length in bytes (usually 16, i.e., 128 bits) 117 * Returns: Pointer to context data or %NULL on failure 118 */ 119 void * aes_encrypt_init(const u8 *key, size_t len); 120 121 /** 122 * aes_encrypt - Encrypt one AES block 123 * @ctx: Context pointer from aes_encrypt_init() 124 * @plain: Plaintext data to be encrypted (16 bytes) 125 * @crypt: Buffer for the encrypted data (16 bytes) 126 */ 127 void aes_encrypt(void *ctx, const u8 *plain, u8 *crypt); 128 129 /** 130 * aes_encrypt_deinit - Deinitialize AES encryption 131 * @ctx: Context pointer from aes_encrypt_init() 132 */ 133 void aes_encrypt_deinit(void *ctx); 134 135 /** 136 * aes_decrypt_init - Initialize AES for decryption 137 * @key: Decryption key 138 * @len: Key length in bytes (usually 16, i.e., 128 bits) 139 * Returns: Pointer to context data or %NULL on failure 140 */ 141 void * aes_decrypt_init(const u8 *key, size_t len); 142 143 /** 144 * aes_decrypt - Decrypt one AES block 145 * @ctx: Context pointer from aes_encrypt_init() 146 * @crypt: Encrypted data (16 bytes) 147 * @plain: Buffer for the decrypted data (16 bytes) 148 */ 149 void aes_decrypt(void *ctx, const u8 *crypt, u8 *plain); 150 151 /** 152 * aes_decrypt_deinit - Deinitialize AES decryption 153 * @ctx: Context pointer from aes_encrypt_init() 154 */ 155 void aes_decrypt_deinit(void *ctx); 156 157 158 enum crypto_hash_alg { 159 CRYPTO_HASH_ALG_MD5, CRYPTO_HASH_ALG_SHA1, 160 CRYPTO_HASH_ALG_HMAC_MD5, CRYPTO_HASH_ALG_HMAC_SHA1, 161 CRYPTO_HASH_ALG_SHA256, CRYPTO_HASH_ALG_HMAC_SHA256 162 }; 163 164 struct crypto_hash; 165 166 /** 167 * crypto_hash_init - Initialize hash/HMAC function 168 * @alg: Hash algorithm 169 * @key: Key for keyed hash (e.g., HMAC) or %NULL if not needed 170 * @key_len: Length of the key in bytes 171 * Returns: Pointer to hash context to use with other hash functions or %NULL 172 * on failure 173 * 174 * This function is only used with internal TLSv1 implementation 175 * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need 176 * to implement this. 177 */ 178 struct crypto_hash * crypto_hash_init(enum crypto_hash_alg alg, const u8 *key, 179 size_t key_len); 180 181 /** 182 * crypto_hash_update - Add data to hash calculation 183 * @ctx: Context pointer from crypto_hash_init() 184 * @data: Data buffer to add 185 * @len: Length of the buffer 186 * 187 * This function is only used with internal TLSv1 implementation 188 * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need 189 * to implement this. 190 */ 191 void crypto_hash_update(struct crypto_hash *ctx, const u8 *data, size_t len); 192 193 /** 194 * crypto_hash_finish - Complete hash calculation 195 * @ctx: Context pointer from crypto_hash_init() 196 * @hash: Buffer for hash value or %NULL if caller is just freeing the hash 197 * context 198 * @len: Pointer to length of the buffer or %NULL if caller is just freeing the 199 * hash context; on return, this is set to the actual length of the hash value 200 * Returns: 0 on success, -1 if buffer is too small (len set to needed length), 201 * or -2 on other failures (including failed crypto_hash_update() operations) 202 * 203 * This function calculates the hash value and frees the context buffer that 204 * was used for hash calculation. 205 * 206 * This function is only used with internal TLSv1 implementation 207 * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need 208 * to implement this. 209 */ 210 int crypto_hash_finish(struct crypto_hash *ctx, u8 *hash, size_t *len); 211 212 enum crypto_cipher_alg { 213 CRYPTO_CIPHER_NULL = 0, CRYPTO_CIPHER_ALG_AES, CRYPTO_CIPHER_ALG_3DES, 214 CRYPTO_CIPHER_ALG_DES, CRYPTO_CIPHER_ALG_RC2, CRYPTO_CIPHER_ALG_RC4 215 }; 216 217 struct crypto_cipher; 218 219 /** 220 * crypto_cipher_init - Initialize block/stream cipher function 221 * @alg: Cipher algorithm 222 * @iv: Initialization vector for block ciphers or %NULL for stream ciphers 223 * @key: Cipher key 224 * @key_len: Length of key in bytes 225 * Returns: Pointer to cipher context to use with other cipher functions or 226 * %NULL on failure 227 * 228 * This function is only used with internal TLSv1 implementation 229 * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need 230 * to implement this. 231 */ 232 struct crypto_cipher * crypto_cipher_init(enum crypto_cipher_alg alg, 233 const u8 *iv, const u8 *key, 234 size_t key_len); 235 236 /** 237 * crypto_cipher_encrypt - Cipher encrypt 238 * @ctx: Context pointer from crypto_cipher_init() 239 * @plain: Plaintext to cipher 240 * @crypt: Resulting ciphertext 241 * @len: Length of the plaintext 242 * Returns: 0 on success, -1 on failure 243 * 244 * This function is only used with internal TLSv1 implementation 245 * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need 246 * to implement this. 247 */ 248 int __must_check crypto_cipher_encrypt(struct crypto_cipher *ctx, 249 const u8 *plain, u8 *crypt, size_t len); 250 251 /** 252 * crypto_cipher_decrypt - Cipher decrypt 253 * @ctx: Context pointer from crypto_cipher_init() 254 * @crypt: Ciphertext to decrypt 255 * @plain: Resulting plaintext 256 * @len: Length of the cipher text 257 * Returns: 0 on success, -1 on failure 258 * 259 * This function is only used with internal TLSv1 implementation 260 * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need 261 * to implement this. 262 */ 263 int __must_check crypto_cipher_decrypt(struct crypto_cipher *ctx, 264 const u8 *crypt, u8 *plain, size_t len); 265 266 /** 267 * crypto_cipher_decrypt - Free cipher context 268 * @ctx: Context pointer from crypto_cipher_init() 269 * 270 * This function is only used with internal TLSv1 implementation 271 * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need 272 * to implement this. 273 */ 274 void crypto_cipher_deinit(struct crypto_cipher *ctx); 275 276 struct crypto_public_key; 277 struct crypto_private_key; 278 279 /** 280 * crypto_public_key_import - Import an RSA public key 281 * @key: Key buffer (DER encoded RSA public key) 282 * @len: Key buffer length in bytes 283 * Returns: Pointer to the public key or %NULL on failure 284 * 285 * This function can just return %NULL if the crypto library supports X.509 286 * parsing. In that case, crypto_public_key_from_cert() is used to import the 287 * public key from a certificate. 288 * 289 * This function is only used with internal TLSv1 implementation 290 * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need 291 * to implement this. 292 */ 293 struct crypto_public_key * crypto_public_key_import(const u8 *key, size_t len); 294 295 /** 296 * crypto_private_key_import - Import an RSA private key 297 * @key: Key buffer (DER encoded RSA private key) 298 * @len: Key buffer length in bytes 299 * @passwd: Key encryption password or %NULL if key is not encrypted 300 * Returns: Pointer to the private key or %NULL on failure 301 * 302 * This function is only used with internal TLSv1 implementation 303 * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need 304 * to implement this. 305 */ 306 struct crypto_private_key * crypto_private_key_import(const u8 *key, 307 size_t len, 308 const char *passwd); 309 310 /** 311 * crypto_public_key_from_cert - Import an RSA public key from a certificate 312 * @buf: DER encoded X.509 certificate 313 * @len: Certificate buffer length in bytes 314 * Returns: Pointer to public key or %NULL on failure 315 * 316 * This function can just return %NULL if the crypto library does not support 317 * X.509 parsing. In that case, internal code will be used to parse the 318 * certificate and public key is imported using crypto_public_key_import(). 319 * 320 * This function is only used with internal TLSv1 implementation 321 * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need 322 * to implement this. 323 */ 324 struct crypto_public_key * crypto_public_key_from_cert(const u8 *buf, 325 size_t len); 326 327 /** 328 * crypto_public_key_encrypt_pkcs1_v15 - Public key encryption (PKCS #1 v1.5) 329 * @key: Public key 330 * @in: Plaintext buffer 331 * @inlen: Length of plaintext buffer in bytes 332 * @out: Output buffer for encrypted data 333 * @outlen: Length of output buffer in bytes; set to used length on success 334 * Returns: 0 on success, -1 on failure 335 * 336 * This function is only used with internal TLSv1 implementation 337 * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need 338 * to implement this. 339 */ 340 int __must_check crypto_public_key_encrypt_pkcs1_v15( 341 struct crypto_public_key *key, const u8 *in, size_t inlen, 342 u8 *out, size_t *outlen); 343 344 /** 345 * crypto_private_key_decrypt_pkcs1_v15 - Private key decryption (PKCS #1 v1.5) 346 * @key: Private key 347 * @in: Encrypted buffer 348 * @inlen: Length of encrypted buffer in bytes 349 * @out: Output buffer for encrypted data 350 * @outlen: Length of output buffer in bytes; set to used length on success 351 * Returns: 0 on success, -1 on failure 352 * 353 * This function is only used with internal TLSv1 implementation 354 * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need 355 * to implement this. 356 */ 357 int __must_check crypto_private_key_decrypt_pkcs1_v15( 358 struct crypto_private_key *key, const u8 *in, size_t inlen, 359 u8 *out, size_t *outlen); 360 361 /** 362 * crypto_private_key_sign_pkcs1 - Sign with private key (PKCS #1) 363 * @key: Private key from crypto_private_key_import() 364 * @in: Plaintext buffer 365 * @inlen: Length of plaintext buffer in bytes 366 * @out: Output buffer for encrypted (signed) data 367 * @outlen: Length of output buffer in bytes; set to used length on success 368 * Returns: 0 on success, -1 on failure 369 * 370 * This function is only used with internal TLSv1 implementation 371 * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need 372 * to implement this. 373 */ 374 int __must_check crypto_private_key_sign_pkcs1(struct crypto_private_key *key, 375 const u8 *in, size_t inlen, 376 u8 *out, size_t *outlen); 377 378 /** 379 * crypto_public_key_free - Free public key 380 * @key: Public key 381 * 382 * This function is only used with internal TLSv1 implementation 383 * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need 384 * to implement this. 385 */ 386 void crypto_public_key_free(struct crypto_public_key *key); 387 388 /** 389 * crypto_private_key_free - Free private key 390 * @key: Private key from crypto_private_key_import() 391 * 392 * This function is only used with internal TLSv1 implementation 393 * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need 394 * to implement this. 395 */ 396 void crypto_private_key_free(struct crypto_private_key *key); 397 398 /** 399 * crypto_public_key_decrypt_pkcs1 - Decrypt PKCS #1 signature 400 * @key: Public key 401 * @crypt: Encrypted signature data (using the private key) 402 * @crypt_len: Encrypted signature data length 403 * @plain: Buffer for plaintext (at least crypt_len bytes) 404 * @plain_len: Plaintext length (max buffer size on input, real len on output); 405 * Returns: 0 on success, -1 on failure 406 */ 407 int __must_check crypto_public_key_decrypt_pkcs1( 408 struct crypto_public_key *key, const u8 *crypt, size_t crypt_len, 409 u8 *plain, size_t *plain_len); 410 411 /** 412 * crypto_global_init - Initialize crypto wrapper 413 * 414 * This function is only used with internal TLSv1 implementation 415 * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need 416 * to implement this. 417 */ 418 int __must_check crypto_global_init(void); 419 420 /** 421 * crypto_global_deinit - Deinitialize crypto wrapper 422 * 423 * This function is only used with internal TLSv1 implementation 424 * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need 425 * to implement this. 426 */ 427 void crypto_global_deinit(void); 428 429 /** 430 * crypto_mod_exp - Modular exponentiation of large integers 431 * @base: Base integer (big endian byte array) 432 * @base_len: Length of base integer in bytes 433 * @power: Power integer (big endian byte array) 434 * @power_len: Length of power integer in bytes 435 * @modulus: Modulus integer (big endian byte array) 436 * @modulus_len: Length of modulus integer in bytes 437 * @result: Buffer for the result 438 * @result_len: Result length (max buffer size on input, real len on output) 439 * Returns: 0 on success, -1 on failure 440 * 441 * This function calculates result = base ^ power mod modulus. modules_len is 442 * used as the maximum size of modulus buffer. It is set to the used size on 443 * success. 444 * 445 * This function is only used with internal TLSv1 implementation 446 * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need 447 * to implement this. 448 */ 449 int __must_check crypto_mod_exp(const u8 *base, size_t base_len, 450 const u8 *power, size_t power_len, 451 const u8 *modulus, size_t modulus_len, 452 u8 *result, size_t *result_len); 453 454 /** 455 * rc4_skip - XOR RC4 stream to given data with skip-stream-start 456 * @key: RC4 key 457 * @keylen: RC4 key length 458 * @skip: number of bytes to skip from the beginning of the RC4 stream 459 * @data: data to be XOR'ed with RC4 stream 460 * @data_len: buf length 461 * Returns: 0 on success, -1 on failure 462 * 463 * Generate RC4 pseudo random stream for the given key, skip beginning of the 464 * stream, and XOR the end result with the data buffer to perform RC4 465 * encryption/decryption. 466 */ 467 int rc4_skip(const u8 *key, size_t keylen, size_t skip, 468 u8 *data, size_t data_len); 469 470 471 /** 472 * struct crypto_bignum - bignum 473 * 474 * Internal data structure for bignum implementation. The contents is specific 475 * to the used crypto library. 476 */ 477 struct crypto_bignum; 478 479 /** 480 * struct crypto_key - key 481 * 482 * Internal data structure for ssl key. The contents is specific 483 * to the used crypto library. 484 */ 485 struct crypto_key; 486 487 /** 488 * crypto_bignum_init - Allocate memory for bignum 489 * Returns: Pointer to allocated bignum or %NULL on failure 490 */ 491 struct crypto_bignum * crypto_bignum_init(void); 492 493 /** 494 * crypto_bignum_init_set - Allocate memory for bignum and set the value 495 * @buf: Buffer with unsigned binary value 496 * @len: Length of buf in octets 497 * Returns: Pointer to allocated bignum or %NULL on failure 498 */ 499 struct crypto_bignum * crypto_bignum_init_set(const u8 *buf, size_t len); 500 501 /** 502 * crypto_bignum_deinit - Free bignum 503 * @n: Bignum from crypto_bignum_init() or crypto_bignum_init_set() 504 * @clear: Whether to clear the value from memory 505 */ 506 void crypto_bignum_deinit(struct crypto_bignum *n, int clear); 507 508 /** 509 * crypto_bignum_to_bin - Set binary buffer to unsigned bignum 510 * @a: Bignum 511 * @buf: Buffer for the binary number 512 * @len: Length of @buf in octets 513 * @padlen: Length in octets to pad the result to or 0 to indicate no padding 514 * Returns: Number of octets written on success, -1 on failure 515 */ 516 int crypto_bignum_to_bin(const struct crypto_bignum *a, 517 u8 *buf, size_t buflen, size_t padlen); 518 519 /** 520 * crypto_bignum_add - c = a + b 521 * @a: Bignum 522 * @b: Bignum 523 * @c: Bignum; used to store the result of a + b 524 * Returns: 0 on success, -1 on failure 525 */ 526 int crypto_bignum_add(const struct crypto_bignum *a, 527 const struct crypto_bignum *b, 528 struct crypto_bignum *c); 529 530 /** 531 * crypto_bignum_mod - c = a % b 532 * @a: Bignum 533 * @b: Bignum 534 * @c: Bignum; used to store the result of a % b 535 * Returns: 0 on success, -1 on failure 536 */ 537 int crypto_bignum_mod(const struct crypto_bignum *a, 538 const struct crypto_bignum *b, 539 struct crypto_bignum *c); 540 541 /** 542 * crypto_bignum_exptmod - Modular exponentiation: d = a^b (mod c) 543 * @a: Bignum; base 544 * @b: Bignum; exponent 545 * @c: Bignum; modulus 546 * @d: Bignum; used to store the result of a^b (mod c) 547 * Returns: 0 on success, -1 on failure 548 */ 549 int crypto_bignum_exptmod(const struct crypto_bignum *a, 550 const struct crypto_bignum *b, 551 const struct crypto_bignum *c, 552 struct crypto_bignum *d); 553 554 /** 555 * crypto_bignum_inverse - Inverse a bignum so that a * c = 1 (mod b) 556 * @a: Bignum 557 * @b: Bignum 558 * @c: Bignum; used to store the result 559 * Returns: 0 on success, -1 on failure 560 */ 561 int crypto_bignum_inverse(const struct crypto_bignum *a, 562 const struct crypto_bignum *b, 563 struct crypto_bignum *c); 564 565 /** 566 * crypto_bignum_sub - c = a - b 567 * @a: Bignum 568 * @b: Bignum 569 * @c: Bignum; used to store the result of a - b 570 * Returns: 0 on success, -1 on failure 571 */ 572 int crypto_bignum_sub(const struct crypto_bignum *a, 573 const struct crypto_bignum *b, 574 struct crypto_bignum *c); 575 576 /** 577 * crypto_bignum_div - c = a / b 578 * @a: Bignum 579 * @b: Bignum 580 * @c: Bignum; used to store the result of a / b 581 * Returns: 0 on success, -1 on failure 582 */ 583 int crypto_bignum_div(const struct crypto_bignum *a, 584 const struct crypto_bignum *b, 585 struct crypto_bignum *c); 586 587 /** 588 * crypto_bignum_mulmod - d = a * b (mod c) 589 * @a: Bignum 590 * @b: Bignum 591 * @c: Bignum 592 * @d: Bignum; used to store the result of (a * b) % c 593 * Returns: 0 on success, -1 on failure 594 */ 595 int crypto_bignum_mulmod(const struct crypto_bignum *a, 596 const struct crypto_bignum *b, 597 const struct crypto_bignum *c, 598 struct crypto_bignum *d); 599 600 /** 601 * crypto_bignum_cmp - Compare two bignums 602 * @a: Bignum 603 * @b: Bignum 604 * Returns: -1 if a < b, 0 if a == b, or 1 if a > b 605 */ 606 int crypto_bignum_cmp(const struct crypto_bignum *a, 607 const struct crypto_bignum *b); 608 609 /** 610 * crypto_bignum_bits - Get size of a bignum in bits 611 * @a: Bignum 612 * Returns: Number of bits in the bignum 613 */ 614 int crypto_bignum_bits(const struct crypto_bignum *a); 615 616 /** 617 * crypto_bignum_is_zero - Is the given bignum zero 618 * @a: Bignum 619 * Returns: 1 if @a is zero or 0 if not 620 */ 621 int crypto_bignum_is_zero(const struct crypto_bignum *a); 622 623 /** 624 * crypto_bignum_is_one - Is the given bignum one 625 * @a: Bignum 626 * Returns: 1 if @a is one or 0 if not 627 */ 628 int crypto_bignum_is_one(const struct crypto_bignum *a); 629 630 /** 631 * crypto_bignum_legendre - Compute the Legendre symbol (a/p) 632 * @a: Bignum 633 * @p: Bignum 634 * Returns: Legendre symbol -1,0,1 on success; -2 on calculation failure 635 */ 636 int crypto_bignum_legendre(const struct crypto_bignum *a, 637 const struct crypto_bignum *p); 638 639 640 /** 641 * struct crypto_ec - Elliptic curve context 642 * 643 * Internal data structure for EC implementation. The contents is specific 644 * to the used crypto library. 645 */ 646 struct crypto_ec; 647 648 /** 649 * crypto_ec_init - Initialize elliptic curve context 650 * @group: Identifying number for the ECC group (IANA "Group Description" 651 * attribute registrty for RFC 2409) 652 * Returns: Pointer to EC context or %NULL on failure 653 */ 654 struct crypto_ec * crypto_ec_init(int group); 655 656 /** 657 * crypto_ec_deinit - Deinitialize elliptic curve context 658 * @e: EC context from crypto_ec_init() 659 */ 660 void crypto_ec_deinit(struct crypto_ec *e); 661 662 /** 663 * crypto_ec_prime_len - Get length of the prime in octets 664 * @e: EC context from crypto_ec_init() 665 * Returns: Length of the prime defining the group 666 */ 667 size_t crypto_ec_prime_len(struct crypto_ec *e); 668 669 /** 670 * crypto_ec_prime_len_bits - Get length of the prime in bits 671 * @e: EC context from crypto_ec_init() 672 * Returns: Length of the prime defining the group in bits 673 */ 674 size_t crypto_ec_prime_len_bits(struct crypto_ec *e); 675 676 /** 677 * crypto_ec_get_prime - Get prime defining an EC group 678 * @e: EC context from crypto_ec_init() 679 * Returns: Prime (bignum) defining the group 680 */ 681 const struct crypto_bignum * crypto_ec_get_prime(struct crypto_ec *e); 682 683 /** 684 * crypto_ec_get_order - Get order of an EC group 685 * @e: EC context from crypto_ec_init() 686 * Returns: Order (bignum) of the group 687 */ 688 const struct crypto_bignum * crypto_ec_get_order(struct crypto_ec *e); 689 690 /** 691 * struct crypto_ec_point - Elliptic curve point 692 * 693 * Internal data structure for EC implementation to represent a point. The 694 * contents is specific to the used crypto library. 695 */ 696 struct crypto_ec_point; 697 698 /** 699 * crypto_ec_point_init - Initialize data for an EC point 700 * @e: EC context from crypto_ec_init() 701 * Returns: Pointer to EC point data or %NULL on failure 702 */ 703 struct crypto_ec_point * crypto_ec_point_init(struct crypto_ec *e); 704 705 /** 706 * crypto_ec_point_deinit - Deinitialize EC point data 707 * @p: EC point data from crypto_ec_point_init() 708 * @clear: Whether to clear the EC point value from memory 709 */ 710 void crypto_ec_point_deinit(struct crypto_ec_point *p, int clear); 711 712 /** 713 * crypto_ec_point_to_bin - Write EC point value as binary data 714 * @e: EC context from crypto_ec_init() 715 * @p: EC point data from crypto_ec_point_init() 716 * @x: Buffer for writing the binary data for x coordinate or %NULL if not used 717 * @y: Buffer for writing the binary data for y coordinate or %NULL if not used 718 * Returns: 0 on success, -1 on failure 719 * 720 * This function can be used to write an EC point as binary data in a format 721 * that has the x and y coordinates in big endian byte order fields padded to 722 * the length of the prime defining the group. 723 */ 724 int crypto_ec_point_to_bin(struct crypto_ec *e, 725 const struct crypto_ec_point *point, u8 *x, u8 *y); 726 727 /** 728 * crypto_ec_point_from_bin - Create EC point from binary data 729 * @e: EC context from crypto_ec_init() 730 * @val: Binary data to read the EC point from 731 * Returns: Pointer to EC point data or %NULL on failure 732 * 733 * This function readers x and y coordinates of the EC point from the provided 734 * buffer assuming the values are in big endian byte order with fields padded to 735 * the length of the prime defining the group. 736 */ 737 struct crypto_ec_point * crypto_ec_point_from_bin(struct crypto_ec *e, 738 const u8 *val); 739 740 /** 741 * crypto_bignum_add - c = a + b 742 * @e: EC context from crypto_ec_init() 743 * @a: Bignum 744 * @b: Bignum 745 * @c: Bignum; used to store the result of a + b 746 * Returns: 0 on success, -1 on failure 747 */ 748 int crypto_ec_point_add(struct crypto_ec *e, const struct crypto_ec_point *a, 749 const struct crypto_ec_point *b, 750 struct crypto_ec_point *c); 751 752 /** 753 * crypto_bignum_mul - res = b * p 754 * @e: EC context from crypto_ec_init() 755 * @p: EC point 756 * @b: Bignum 757 * @res: EC point; used to store the result of b * p 758 * Returns: 0 on success, -1 on failure 759 */ 760 int crypto_ec_point_mul(struct crypto_ec *e, const struct crypto_ec_point *p, 761 const struct crypto_bignum *b, 762 struct crypto_ec_point *res); 763 764 /** 765 * crypto_ec_point_invert - Compute inverse of an EC point 766 * @e: EC context from crypto_ec_init() 767 * @p: EC point to invert (and result of the operation) 768 * Returns: 0 on success, -1 on failure 769 */ 770 int crypto_ec_point_invert(struct crypto_ec *e, struct crypto_ec_point *p); 771 772 /** 773 * crypto_ec_point_solve_y_coord - Solve y coordinate for an x coordinate 774 * @e: EC context from crypto_ec_init() 775 * @p: EC point to use for the returning the result 776 * @x: x coordinate 777 * @y_bit: y-bit (0 or 1) for selecting the y value to use 778 * Returns: 0 on success, -1 on failure 779 */ 780 int crypto_ec_point_solve_y_coord(struct crypto_ec *e, 781 struct crypto_ec_point *p, 782 const struct crypto_bignum *x, int y_bit); 783 784 /** 785 * crypto_ec_point_compute_y_sqr - Compute y^2 = x^3 + ax + b 786 * @e: EC context from crypto_ec_init() 787 * @x: x coordinate 788 * Returns: y^2 on success, %NULL failure 789 */ 790 struct crypto_bignum * 791 crypto_ec_point_compute_y_sqr(struct crypto_ec *e, 792 const struct crypto_bignum *x); 793 794 /** 795 * crypto_ec_point_is_at_infinity - Check whether EC point is neutral element 796 * @e: EC context from crypto_ec_init() 797 * @p: EC point 798 * Returns: 1 if the specified EC point is the neutral element of the group or 799 * 0 if not 800 */ 801 int crypto_ec_point_is_at_infinity(struct crypto_ec *e, 802 const struct crypto_ec_point *p); 803 804 /** 805 * crypto_ec_point_is_on_curve - Check whether EC point is on curve 806 * @e: EC context from crypto_ec_init() 807 * @p: EC point 808 * Returns: 1 if the specified EC point is on the curve or 0 if not 809 */ 810 int crypto_ec_point_is_on_curve(struct crypto_ec *e, 811 const struct crypto_ec_point *p); 812 813 /** 814 * crypto_ec_point_cmp - Compare two EC points 815 * @e: EC context from crypto_ec_init() 816 * @a: EC point 817 * @b: EC point 818 * Returns: 0 on equal, non-zero otherwise 819 */ 820 int crypto_ec_point_cmp(const struct crypto_ec *e, 821 const struct crypto_ec_point *a, 822 const struct crypto_ec_point *b); 823 824 /** 825 * crypto_ec_get_publickey_buf - Write EC public key to buffer 826 * @key: crypto key 827 * @key_buf: key buffer 828 * @len: length of buffer 829 * Returns: 0 on success, non-zero otherwise 830 */ 831 int crypto_ec_get_publickey_buf(struct crypto_key *key, u8 *key_buf, int len); 832 833 /** 834 * crypto_ec_get_group_from_key - Write EC group from key 835 * @key: crypto key 836 * Returns: EC group 837 */ 838 struct crypto_ec_group *crypto_ec_get_group_from_key(struct crypto_key *key); 839 840 /** 841 * crypto_ec_get_private_key - Get EC private key (in bignum format) 842 * @key: crypto key 843 * Returns: Private key 844 */ 845 struct crypto_bignum *crypto_ec_get_private_key(struct crypto_key *key); 846 847 /** 848 * crypto_ec_get_key - Read key from character stream 849 * @privkey: Private key 850 * @privkey_len: private key len 851 * Returns: Crypto key 852 */ 853 struct crypto_key *crypto_ec_get_key(const u8 *privkey, size_t privkey_len); 854 855 /** 856 * crypto_ec_get_mbedtls_to_nist_group_id - get nist group from mbedtls internal group 857 * @id: mbedtls group 858 * Returns: NIST group 859 */ 860 unsigned int crypto_ec_get_mbedtls_to_nist_group_id(int id); 861 862 /** 863 * crypto_ec_get_curve_id - get curve id from ec group 864 * @group: EC group 865 * Returns: curve ID 866 */ 867 int crypto_ec_get_curve_id(const struct crypto_ec_group *group); 868 869 /** 870 * crypto_ecdh: crypto ecdh 871 * @key_own: own key 872 * @key_peer: peer key 873 * @secret: secret 874 * @secret_len: secret len 875 * Returns: 0 if success else negative value 876 */ 877 int crypto_ecdh(struct crypto_key *key_own, struct crypto_key *key_peer, 878 u8 *secret, size_t *secret_len); 879 880 /** 881 * crypto_ecdsa_get_sign: get crypto ecdsa signed hash 882 * @hash: signed hash 883 * @r: ecdsa r 884 * @s: ecdsa s 885 * @csign: csign 886 * @hash_len: length of hash 887 * Return: 0 if success else negative value 888 */ 889 int crypto_ecdsa_get_sign(unsigned char *hash, 890 const struct crypto_bignum *r, const struct crypto_bignum *s, 891 struct crypto_key *csign, int hash_len); 892 893 /** 894 * crypto_edcsa_sign_verify: verify crypto ecdsa signed hash 895 * @hash: signed hash 896 * @r: ecdsa r 897 * @s: ecdsa s 898 * @csign: csign 899 * @hlen: length of hash 900 * Return: 0 if success else negative value 901 */ 902 int crypto_edcsa_sign_verify(const unsigned char *hash, const struct crypto_bignum *r, 903 const struct crypto_bignum *s, struct crypto_key *csign, int hlen); 904 905 /** 906 * crypto_ec_parse_subpub_key: get EC key context from sub public key 907 * @p: data 908 * @len: data len 909 * Return: crypto_key 910 */ 911 struct crypto_key *crypto_ec_parse_subpub_key(const unsigned char *p, size_t len); 912 913 /** 914 * crypto_is_ec_key: check whether a key is EC key or not 915 * @key: crypto key 916 * Return: true if key else false 917 */ 918 int crypto_is_ec_key(struct crypto_key *key); 919 920 /** 921 * crypto_ec_gen_keypair: generate crypto ec keypair 922 * @ike_group: grpup 923 * Return: crypto key 924 */ 925 struct crypto_key * crypto_ec_gen_keypair(u16 ike_group); 926 927 /** 928 * crypto_ec_write_pub_key: return public key in charater buffer 929 * @key: crypto key 930 * @der_len: buffer len 931 * Return: public key buffer 932 */ 933 int crypto_ec_write_pub_key(struct crypto_key *key, unsigned char **key_buf); 934 935 /** 936 * crypto_ec_set_pubkey_point: set bignum point on ec curve 937 * @group: ec group 938 * @buf: x,y coordinate 939 * @len: length of x and y coordiate 940 * Return : crypto key 941 */ 942 struct crypto_key * crypto_ec_set_pubkey_point(const struct crypto_ec_group *group, 943 const u8 *buf, size_t len); 944 /** 945 * crypto_ec_free_key: free crypto key 946 * Return : None 947 */ 948 void crypto_ec_free_key(struct crypto_key *key); 949 /** 950 * crypto_debug_print_ec_key: print ec key 951 * @title: title 952 * @key: crypto key 953 * Return: None 954 */ 955 void crypto_debug_print_ec_key(const char *title, struct crypto_key *key); 956 957 /** 958 * crypto_ec_get_public_key: Public key from crypto key 959 * @key: crypto key 960 * Return : Public key 961 */ 962 struct crypto_ec_point *crypto_ec_get_public_key(struct crypto_key *key); 963 964 /** 965 * crypto_get_order: free crypto key 966 * Return : None 967 */ 968 int crypto_get_order(struct crypto_ec_group *group, struct crypto_bignum *x); 969 970 /** 971 * crypto_bignum_addmod: a = (b + c) mod d 972 * Return : 0 in success 973 */ 974 int crypto_bignum_addmod(struct crypto_bignum *a, 975 struct crypto_bignum *b, 976 struct crypto_bignum *c, 977 struct crypto_bignum *d); 978 979 /** 980 * crypto_ec_get_affine_coordinates : get affine corrdinate of ec curve 981 * @e: ec curve 982 * @pt: point 983 * @x: x coordinate 984 * @y: y coordinate 985 * Return : 0 if success 986 */ 987 int crypto_ec_get_affine_coordinates(struct crypto_ec *e, struct crypto_ec_point *pt, 988 struct crypto_bignum *x, struct crypto_bignum *y); 989 990 /** 991 * crypto_ec_get_group_byname: get ec curve group by name 992 * @name: ec curve name 993 * Return : EC group 994 */ 995 struct crypto_ec_group *crypto_ec_get_group_byname(const char *name); 996 997 /** 998 * crypto_key_compare: check whether two keys belong to same 999 * Return : 1 if yes else 0 1000 */ 1001 int crypto_key_compare(struct crypto_key *key1, struct crypto_key *key2); 1002 1003 /* 1004 * crypto_write_pubkey_der: get public key in der format 1005 * @csign: key 1006 * @key_buf: key buffer in charater format 1007 * Return : len of char buffer if success 1008 */ 1009 int crypto_write_pubkey_der(struct crypto_key *csign, unsigned char **key_buf); 1010 1011 /** 1012 * crypto_free_buffer: free buffer allocated by crypto API 1013 * @buf: buffer pointer 1014 * Return : None 1015 */ 1016 void crypto_free_buffer(unsigned char *buf); 1017 1018 /** 1019 * @crypto_ec_get_priv_key_der: get private key in der format 1020 * @key: key structure 1021 * @key_data: key data in charater buffer 1022 * @key_len = key lenght of charater buffer 1023 * Return : 0 if success 1024 */ 1025 int crypto_ec_get_priv_key_der(struct crypto_key *key, unsigned char **key_data, int *key_len); 1026 1027 /** 1028 * crypto_bignum_to_string: get big number in ascii format 1029 * @a: big number 1030 * @buf: buffer in which number will written to 1031 * @buflen: buffer length 1032 * @padlen: padding length 1033 * Return : 0 if success 1034 */ 1035 int crypto_bignum_to_string(const struct crypto_bignum *a, 1036 u8 *buf, size_t buflen, size_t padlen); 1037 #endif /* CRYPTO_H */ 1038
