1 /* 2 * Wrapper functions for crypto libraries 3 * Copyright (c) 2004-2017, Jouni Malinen <j@w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 * 8 * This file defines the cryptographic functions that need to be implemented 9 * for wpa_supplicant and hostapd. When TLS is not used, internal 10 * implementation of MD5, SHA1, and AES is used and no external libraries are 11 * required. When TLS is enabled (e.g., by enabling EAP-TLS or EAP-PEAP), the 12 * crypto library used by the TLS implementation is expected to be used for 13 * non-TLS needs, too, in order to save space by not implementing these 14 * functions twice. 15 * 16 * Wrapper code for using each crypto library is in its own file (crypto*.c) 17 * and one of these files is build and linked in to provide the functions 18 * defined here. 19 */ 20 21 #ifndef CRYPTO_H 22 #define CRYPTO_H 23 #include "utils/common.h" 24 25 /** 26 * md4_vector - MD4 hash for data vector 27 * @num_elem: Number of elements in the data vector 28 * @addr: Pointers to the data areas 29 * @len: Lengths of the data blocks 30 * @mac: Buffer for the hash 31 * Returns: 0 on success, -1 on failure 32 */ 33 int md4_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac); 34 35 /** 36 * md5_vector - MD5 hash for data vector 37 * @num_elem: Number of elements in the data vector 38 * @addr: Pointers to the data areas 39 * @len: Lengths of the data blocks 40 * @mac: Buffer for the hash 41 * Returns: 0 on success, -1 on failure 42 */ 43 int md5_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac); 44 45 46 /** 47 * sha1_vector - SHA-1 hash for data vector 48 * @num_elem: Number of elements in the data vector 49 * @addr: Pointers to the data areas 50 * @len: Lengths of the data blocks 51 * @mac: Buffer for the hash 52 * Returns: 0 on success, -1 on failure 53 */ 54 int sha1_vector(size_t num_elem, const u8 *addr[], const size_t *len, 55 u8 *mac); 56 57 /** 58 * fips186_2-prf - NIST FIPS Publication 186-2 change notice 1 PRF 59 * @seed: Seed/key for the PRF 60 * @seed_len: Seed length in bytes 61 * @x: Buffer for PRF output 62 * @xlen: Output length in bytes 63 * Returns: 0 on success, -1 on failure 64 * 65 * This function implements random number generation specified in NIST FIPS 66 * Publication 186-2 for EAP-SIM. This PRF uses a function that is similar to 67 * SHA-1, but has different message padding. 68 */ 69 int __must_check fips186_2_prf(const u8 *seed, size_t seed_len, u8 *x, 70 size_t xlen); 71 72 /** 73 * sha256_vector - SHA256 hash for data vector 74 * @num_elem: Number of elements in the data vector 75 * @addr: Pointers to the data areas 76 * @len: Lengths of the data blocks 77 * @mac: Buffer for the hash 78 * Returns: 0 on success, -1 on failure 79 */ 80 int sha256_vector(size_t num_elem, const u8 *addr[], const size_t *len, 81 u8 *mac); 82 83 /** 84 * sha384_vector - SHA384 hash for data vector 85 * @num_elem: Number of elements in the data vector 86 * @addr: Pointers to the data areas 87 * @len: Lengths of the data blocks 88 * @mac: Buffer for the hash 89 * Returns: 0 on success, -1 on failure 90 */ 91 int sha384_vector(size_t num_elem, const u8 *addr[], const size_t *len, 92 u8 *mac); 93 94 /** 95 * sha512_vector - SHA512 hash for data vector 96 * @num_elem: Number of elements in the data vector 97 * @addr: Pointers to the data areas 98 * @len: Lengths of the data blocks 99 * @mac: Buffer for the hash 100 * Returns: 0 on success, -1 on failure 101 */ 102 int sha512_vector(size_t num_elem, const u8 *addr[], const size_t *len, 103 u8 *mac); 104 105 /** 106 * des_encrypt - Encrypt one block with DES 107 * @clear: 8 octets (in) 108 * @key: 7 octets (in) (no parity bits included) 109 * @cypher: 8 octets (out) 110 * Returns: 0 on success, -1 on failure 111 */ 112 int des_encrypt(const u8 *clear, const u8 *key, u8 *cypher); 113 114 /** 115 * aes_encrypt_init - Initialize AES for encryption 116 * @key: Encryption key 117 * @len: Key length in bytes (usually 16, i.e., 128 bits) 118 * Returns: Pointer to context data or %NULL on failure 119 */ 120 void * aes_encrypt_init(const u8 *key, size_t len); 121 122 /** 123 * aes_encrypt - Encrypt one AES block 124 * @ctx: Context pointer from aes_encrypt_init() 125 * @plain: Plaintext data to be encrypted (16 bytes) 126 * @crypt: Buffer for the encrypted data (16 bytes) 127 * Returns: 0 on success, -1 on failure 128 */ 129 int aes_encrypt(void *ctx, const u8 *plain, u8 *crypt); 130 131 /** 132 * aes_encrypt_deinit - Deinitialize AES encryption 133 * @ctx: Context pointer from aes_encrypt_init() 134 */ 135 void aes_encrypt_deinit(void *ctx); 136 137 /** 138 * aes_decrypt_init - Initialize AES for decryption 139 * @key: Decryption key 140 * @len: Key length in bytes (usually 16, i.e., 128 bits) 141 * Returns: Pointer to context data or %NULL on failure 142 */ 143 void * aes_decrypt_init(const u8 *key, size_t len); 144 145 /** 146 * aes_decrypt - Decrypt one AES block 147 * @ctx: Context pointer from aes_encrypt_init() 148 * @crypt: Encrypted data (16 bytes) 149 * @plain: Buffer for the decrypted data (16 bytes) 150 * Returns: 0 on success, -1 on failure 151 */ 152 int aes_decrypt(void *ctx, const u8 *crypt, u8 *plain); 153 154 /** 155 * aes_decrypt_deinit - Deinitialize AES decryption 156 * @ctx: Context pointer from aes_encrypt_init() 157 */ 158 void aes_decrypt_deinit(void *ctx); 159 160 161 enum crypto_hash_alg { 162 CRYPTO_HASH_ALG_MD5, CRYPTO_HASH_ALG_SHA1, 163 CRYPTO_HASH_ALG_HMAC_MD5, CRYPTO_HASH_ALG_HMAC_SHA1, 164 CRYPTO_HASH_ALG_SHA256, CRYPTO_HASH_ALG_HMAC_SHA256, 165 CRYPTO_HASH_ALG_SHA384, CRYPTO_HASH_ALG_SHA512 166 }; 167 168 struct crypto_hash; 169 170 /** 171 * crypto_hash_init - Initialize hash/HMAC function 172 * @alg: Hash algorithm 173 * @key: Key for keyed hash (e.g., HMAC) or %NULL if not needed 174 * @key_len: Length of the key in bytes 175 * Returns: Pointer to hash context to use with other hash functions or %NULL 176 * on failure 177 * 178 * This function is only used with internal TLSv1 implementation 179 * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need 180 * to implement this. 181 */ 182 struct crypto_hash * crypto_hash_init(enum crypto_hash_alg alg, const u8 *key, 183 size_t key_len); 184 185 /** 186 * crypto_hash_update - Add data to hash calculation 187 * @ctx: Context pointer from crypto_hash_init() 188 * @data: Data buffer to add 189 * @len: Length of the buffer 190 * 191 * This function is only used with internal TLSv1 implementation 192 * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need 193 * to implement this. 194 */ 195 void crypto_hash_update(struct crypto_hash *ctx, const u8 *data, size_t len); 196 197 /** 198 * crypto_hash_finish - Complete hash calculation 199 * @ctx: Context pointer from crypto_hash_init() 200 * @hash: Buffer for hash value or %NULL if caller is just freeing the hash 201 * context 202 * @len: Pointer to length of the buffer or %NULL if caller is just freeing the 203 * hash context; on return, this is set to the actual length of the hash value 204 * Returns: 0 on success, -1 if buffer is too small (len set to needed length), 205 * or -2 on other failures (including failed crypto_hash_update() operations) 206 * 207 * This function calculates the hash value and frees the context buffer that 208 * was used for hash calculation. 209 * 210 * This function is only used with internal TLSv1 implementation 211 * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need 212 * to implement this. 213 */ 214 int crypto_hash_finish(struct crypto_hash *ctx, u8 *hash, size_t *len); 215 216 217 enum crypto_cipher_alg { 218 CRYPTO_CIPHER_NULL = 0, CRYPTO_CIPHER_ALG_AES, CRYPTO_CIPHER_ALG_3DES, 219 CRYPTO_CIPHER_ALG_DES, CRYPTO_CIPHER_ALG_RC2, CRYPTO_CIPHER_ALG_RC4 220 }; 221 222 struct crypto_cipher; 223 224 /** 225 * crypto_cipher_init - Initialize block/stream cipher function 226 * @alg: Cipher algorithm 227 * @iv: Initialization vector for block ciphers or %NULL for stream ciphers 228 * @key: Cipher key 229 * @key_len: Length of key in bytes 230 * Returns: Pointer to cipher context to use with other cipher functions or 231 * %NULL on failure 232 * 233 * This function is only used with internal TLSv1 implementation 234 * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need 235 * to implement this. 236 */ 237 struct crypto_cipher * crypto_cipher_init(enum crypto_cipher_alg alg, 238 const u8 *iv, const u8 *key, 239 size_t key_len); 240 241 /** 242 * crypto_cipher_encrypt - Cipher encrypt 243 * @ctx: Context pointer from crypto_cipher_init() 244 * @plain: Plaintext to cipher 245 * @crypt: Resulting ciphertext 246 * @len: Length of the plaintext 247 * Returns: 0 on success, -1 on failure 248 * 249 * This function is only used with internal TLSv1 implementation 250 * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need 251 * to implement this. 252 */ 253 int __must_check crypto_cipher_encrypt(struct crypto_cipher *ctx, 254 const u8 *plain, u8 *crypt, size_t len); 255 256 /** 257 * crypto_cipher_decrypt - Cipher decrypt 258 * @ctx: Context pointer from crypto_cipher_init() 259 * @crypt: Ciphertext to decrypt 260 * @plain: Resulting plaintext 261 * @len: Length of the cipher text 262 * Returns: 0 on success, -1 on failure 263 * 264 * This function is only used with internal TLSv1 implementation 265 * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need 266 * to implement this. 267 */ 268 int __must_check crypto_cipher_decrypt(struct crypto_cipher *ctx, 269 const u8 *crypt, u8 *plain, size_t len); 270 271 /** 272 * crypto_cipher_decrypt - Free cipher context 273 * @ctx: Context pointer from crypto_cipher_init() 274 * 275 * This function is only used with internal TLSv1 implementation 276 * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need 277 * to implement this. 278 */ 279 void crypto_cipher_deinit(struct crypto_cipher *ctx); 280 281 282 struct crypto_public_key; 283 struct crypto_private_key; 284 285 /** 286 * crypto_public_key_import - Import an RSA public key 287 * @key: Key buffer (DER encoded RSA public key) 288 * @len: Key buffer length in bytes 289 * Returns: Pointer to the public key or %NULL on failure 290 * 291 * This function can just return %NULL if the crypto library supports X.509 292 * parsing. In that case, crypto_public_key_from_cert() is used to import the 293 * public key from a certificate. 294 * 295 * This function is only used with internal TLSv1 implementation 296 * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need 297 * to implement this. 298 */ 299 struct crypto_public_key * crypto_public_key_import(const u8 *key, size_t len); 300 301 struct crypto_public_key * 302 crypto_public_key_import_parts(const u8 *n, size_t n_len, 303 const u8 *e, size_t e_len); 304 305 /** 306 * crypto_private_key_import - Import an RSA private key 307 * @key: Key buffer (DER encoded RSA private key) 308 * @len: Key buffer length in bytes 309 * @passwd: Key encryption password or %NULL if key is not encrypted 310 * Returns: Pointer to the private key or %NULL on failure 311 * 312 * This function is only used with internal TLSv1 implementation 313 * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need 314 * to implement this. 315 */ 316 struct crypto_private_key * crypto_private_key_import(const u8 *key, 317 size_t len, 318 const char *passwd); 319 320 /** 321 * crypto_public_key_from_cert - Import an RSA public key from a certificate 322 * @buf: DER encoded X.509 certificate 323 * @len: Certificate buffer length in bytes 324 * Returns: Pointer to public key or %NULL on failure 325 * 326 * This function can just return %NULL if the crypto library does not support 327 * X.509 parsing. In that case, internal code will be used to parse the 328 * certificate and public key is imported using crypto_public_key_import(). 329 * 330 * This function is only used with internal TLSv1 implementation 331 * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need 332 * to implement this. 333 */ 334 struct crypto_public_key * crypto_public_key_from_cert(const u8 *buf, 335 size_t len); 336 337 /** 338 * crypto_public_key_encrypt_pkcs1_v15 - Public key encryption (PKCS #1 v1.5) 339 * @key: Public key 340 * @in: Plaintext buffer 341 * @inlen: Length of plaintext buffer in bytes 342 * @out: Output buffer for encrypted data 343 * @outlen: Length of output buffer in bytes; set to used length on success 344 * Returns: 0 on success, -1 on failure 345 * 346 * This function is only used with internal TLSv1 implementation 347 * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need 348 * to implement this. 349 */ 350 int __must_check crypto_public_key_encrypt_pkcs1_v15( 351 struct crypto_public_key *key, const u8 *in, size_t inlen, 352 u8 *out, size_t *outlen); 353 354 /** 355 * crypto_private_key_decrypt_pkcs1_v15 - Private key decryption (PKCS #1 v1.5) 356 * @key: Private key 357 * @in: Encrypted buffer 358 * @inlen: Length of encrypted buffer in bytes 359 * @out: Output buffer for encrypted data 360 * @outlen: Length of output buffer in bytes; set to used length on success 361 * Returns: 0 on success, -1 on failure 362 * 363 * This function is only used with internal TLSv1 implementation 364 * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need 365 * to implement this. 366 */ 367 int __must_check crypto_private_key_decrypt_pkcs1_v15( 368 struct crypto_private_key *key, const u8 *in, size_t inlen, 369 u8 *out, size_t *outlen); 370 371 /** 372 * crypto_private_key_sign_pkcs1 - Sign with private key (PKCS #1) 373 * @key: Private key from crypto_private_key_import() 374 * @in: Plaintext buffer 375 * @inlen: Length of plaintext buffer in bytes 376 * @out: Output buffer for encrypted (signed) data 377 * @outlen: Length of output buffer in bytes; set to used length on success 378 * Returns: 0 on success, -1 on failure 379 * 380 * This function is only used with internal TLSv1 implementation 381 * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need 382 * to implement this. 383 */ 384 int __must_check crypto_private_key_sign_pkcs1(struct crypto_private_key *key, 385 const u8 *in, size_t inlen, 386 u8 *out, size_t *outlen); 387 388 /** 389 * crypto_public_key_free - Free public key 390 * @key: Public key 391 * 392 * This function is only used with internal TLSv1 implementation 393 * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need 394 * to implement this. 395 */ 396 void crypto_public_key_free(struct crypto_public_key *key); 397 398 /** 399 * crypto_private_key_free - Free private key 400 * @key: Private key from crypto_private_key_import() 401 * 402 * This function is only used with internal TLSv1 implementation 403 * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need 404 * to implement this. 405 */ 406 void crypto_private_key_free(struct crypto_private_key *key); 407 408 /** 409 * crypto_public_key_decrypt_pkcs1 - Decrypt PKCS #1 signature 410 * @key: Public key 411 * @crypt: Encrypted signature data (using the private key) 412 * @crypt_len: Encrypted signature data length 413 * @plain: Buffer for plaintext (at least crypt_len bytes) 414 * @plain_len: Plaintext length (max buffer size on input, real len on output); 415 * Returns: 0 on success, -1 on failure 416 */ 417 int __must_check crypto_public_key_decrypt_pkcs1( 418 struct crypto_public_key *key, const u8 *crypt, size_t crypt_len, 419 u8 *plain, size_t *plain_len); 420 421 int crypto_dh_init(u8 generator, const u8 *prime, size_t prime_len, u8 *privkey, 422 u8 *pubkey); 423 int crypto_dh_derive_secret(u8 generator, const u8 *prime, size_t prime_len, 424 const u8 *order, size_t order_len, 425 const u8 *privkey, size_t privkey_len, 426 const u8 *pubkey, size_t pubkey_len, 427 u8 *secret, size_t *len); 428 429 /** 430 * crypto_global_init - Initialize crypto wrapper 431 * 432 * This function is only used with internal TLSv1 implementation 433 * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need 434 * to implement this. 435 */ 436 int __must_check crypto_global_init(void); 437 438 /** 439 * crypto_global_deinit - Deinitialize crypto wrapper 440 * 441 * This function is only used with internal TLSv1 implementation 442 * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need 443 * to implement this. 444 */ 445 void crypto_global_deinit(void); 446 447 /** 448 * crypto_mod_exp - Modular exponentiation of large integers 449 * @base: Base integer (big endian byte array) 450 * @base_len: Length of base integer in bytes 451 * @power: Power integer (big endian byte array) 452 * @power_len: Length of power integer in bytes 453 * @modulus: Modulus integer (big endian byte array) 454 * @modulus_len: Length of modulus integer in bytes 455 * @result: Buffer for the result 456 * @result_len: Result length (max buffer size on input, real len on output) 457 * Returns: 0 on success, -1 on failure 458 * 459 * This function calculates result = base ^ power mod modulus. modules_len is 460 * used as the maximum size of modulus buffer. It is set to the used size on 461 * success. 462 * 463 * This function is only used with internal TLSv1 implementation 464 * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need 465 * to implement this. 466 */ 467 int __must_check crypto_mod_exp(const u8 *base, size_t base_len, 468 const u8 *power, size_t power_len, 469 const u8 *modulus, size_t modulus_len, 470 u8 *result, size_t *result_len); 471 472 /** 473 * rc4_skip - XOR RC4 stream to given data with skip-stream-start 474 * @key: RC4 key 475 * @keylen: RC4 key length 476 * @skip: number of bytes to skip from the beginning of the RC4 stream 477 * @data: data to be XOR'ed with RC4 stream 478 * @data_len: buf length 479 * Returns: 0 on success, -1 on failure 480 * 481 * Generate RC4 pseudo random stream for the given key, skip beginning of the 482 * stream, and XOR the end result with the data buffer to perform RC4 483 * encryption/decryption. 484 */ 485 int rc4_skip(const u8 *key, size_t keylen, size_t skip, 486 u8 *data, size_t data_len); 487 488 /** 489 * crypto_get_random - Generate cryptographically strong pseudo-random bytes 490 * @buf: Buffer for data 491 * @len: Number of bytes to generate 492 * Returns: 0 on success, -1 on failure 493 * 494 * If the PRNG does not have enough entropy to ensure unpredictable byte 495 * sequence, this functions must return -1. 496 */ 497 int crypto_get_random(void *buf, size_t len); 498 499 500 /** 501 * struct crypto_bignum - bignum 502 * 503 * Internal data structure for bignum implementation. The contents is specific 504 * to the used crypto library. 505 */ 506 struct crypto_bignum; 507 508 /** 509 * struct crypto_key - key 510 * 511 * Internal data structure for ssl key. The contents is specific 512 * to the used crypto library. 513 */ 514 struct crypto_key; 515 516 /** 517 * crypto_bignum_init - Allocate memory for bignum 518 * Returns: Pointer to allocated bignum or %NULL on failure 519 */ 520 struct crypto_bignum * crypto_bignum_init(void); 521 522 /** 523 * crypto_bignum_init_set - Allocate memory for bignum and set the value 524 * @buf: Buffer with unsigned binary value 525 * @len: Length of buf in octets 526 * Returns: Pointer to allocated bignum or %NULL on failure 527 */ 528 struct crypto_bignum * crypto_bignum_init_set(const u8 *buf, size_t len); 529 530 /** 531 * crypto_bignum_init_set - Allocate memory for bignum and set the value (uint) 532 * @val: Value to set 533 * Returns: Pointer to allocated bignum or %NULL on failure 534 */ 535 struct crypto_bignum * crypto_bignum_init_uint(unsigned int val); 536 537 /** 538 * crypto_bignum_deinit - Free bignum 539 * @n: Bignum from crypto_bignum_init() or crypto_bignum_init_set() 540 * @clear: Whether to clear the value from memory 541 */ 542 void crypto_bignum_deinit(struct crypto_bignum *n, int clear); 543 544 /** 545 * crypto_bignum_to_bin - Set binary buffer to unsigned bignum 546 * @a: Bignum 547 * @buf: Buffer for the binary number 548 * @len: Length of @buf in octets 549 * @padlen: Length in octets to pad the result to or 0 to indicate no padding 550 * Returns: Number of octets written on success, -1 on failure 551 */ 552 int crypto_bignum_to_bin(const struct crypto_bignum *a, 553 u8 *buf, size_t buflen, size_t padlen); 554 555 /** 556 * crypto_bignum_rand - Create a random number in range of modulus 557 * @r: Bignum; set to a random value 558 * @m: Bignum; modulus 559 * Returns: 0 on success, -1 on failure 560 */ 561 int crypto_bignum_rand(struct crypto_bignum *r, const struct crypto_bignum *m); 562 563 /** 564 * crypto_bignum_add - c = a + b 565 * @a: Bignum 566 * @b: Bignum 567 * @c: Bignum; used to store the result of a + b 568 * Returns: 0 on success, -1 on failure 569 */ 570 int crypto_bignum_add(const struct crypto_bignum *a, 571 const struct crypto_bignum *b, 572 struct crypto_bignum *c); 573 574 /** 575 * crypto_bignum_mod - c = a % b 576 * @a: Bignum 577 * @b: Bignum 578 * @c: Bignum; used to store the result of a % b 579 * Returns: 0 on success, -1 on failure 580 */ 581 int crypto_bignum_mod(const struct crypto_bignum *a, 582 const struct crypto_bignum *b, 583 struct crypto_bignum *c); 584 585 /** 586 * crypto_bignum_exptmod - Modular exponentiation: d = a^b (mod c) 587 * @a: Bignum; base 588 * @b: Bignum; exponent 589 * @c: Bignum; modulus 590 * @d: Bignum; used to store the result of a^b (mod c) 591 * Returns: 0 on success, -1 on failure 592 */ 593 int crypto_bignum_exptmod(const struct crypto_bignum *a, 594 const struct crypto_bignum *b, 595 const struct crypto_bignum *c, 596 struct crypto_bignum *d); 597 598 /** 599 * crypto_bignum_inverse - Inverse a bignum so that a * c = 1 (mod b) 600 * @a: Bignum 601 * @b: Bignum 602 * @c: Bignum; used to store the result 603 * Returns: 0 on success, -1 on failure 604 */ 605 int crypto_bignum_inverse(const struct crypto_bignum *a, 606 const struct crypto_bignum *b, 607 struct crypto_bignum *c); 608 609 /** 610 * crypto_bignum_sub - c = a - b 611 * @a: Bignum 612 * @b: Bignum 613 * @c: Bignum; used to store the result of a - b 614 * Returns: 0 on success, -1 on failure 615 */ 616 int crypto_bignum_sub(const struct crypto_bignum *a, 617 const struct crypto_bignum *b, 618 struct crypto_bignum *c); 619 620 /** 621 * crypto_bignum_div - c = a / b 622 * @a: Bignum 623 * @b: Bignum 624 * @c: Bignum; used to store the result of a / b 625 * Returns: 0 on success, -1 on failure 626 */ 627 int crypto_bignum_div(const struct crypto_bignum *a, 628 const struct crypto_bignum *b, 629 struct crypto_bignum *c); 630 631 /** 632 * crypto_bignum_addmod - d = a + b (mod c) 633 * @a: Bignum 634 * @b: Bignum 635 * @c: Bignum 636 * @d: Bignum; used to store the result of (a + b) % c 637 * Returns: 0 on success, -1 on failure 638 */ 639 int crypto_bignum_addmod(const struct crypto_bignum *a, 640 const struct crypto_bignum *b, 641 const struct crypto_bignum *c, 642 struct crypto_bignum *d); 643 644 /** 645 * crypto_bignum_mulmod - d = a * b (mod c) 646 * @a: Bignum 647 * @b: Bignum 648 * @c: Bignum 649 * @d: Bignum; used to store the result of (a * b) % c 650 * Returns: 0 on success, -1 on failure 651 */ 652 int crypto_bignum_mulmod(const struct crypto_bignum *a, 653 const struct crypto_bignum *b, 654 const struct crypto_bignum *c, 655 struct crypto_bignum *d); 656 657 /** 658 * crypto_bignum_sqrmod - c = a^2 (mod b) 659 * @a: Bignum 660 * @b: Bignum 661 * @c: Bignum; used to store the result of a^2 % b 662 * Returns: 0 on success, -1 on failure 663 */ 664 int crypto_bignum_sqrmod(const struct crypto_bignum *a, 665 const struct crypto_bignum *b, 666 struct crypto_bignum *c); 667 668 /** 669 * crypto_bignum_sqrtmod - returns sqrt(a) (mod b) 670 * @a: Bignum 671 * @b: Bignum 672 * @c: Bignum; used to store the result 673 * Returns: 0 on success, -1 on failure 674 */ 675 int crypto_bignum_sqrtmod(const struct crypto_bignum *a, 676 const struct crypto_bignum *b, 677 struct crypto_bignum *c); 678 679 /** 680 * crypto_bignum_rshift - r = a >> n 681 * @a: Bignum 682 * @n: Number of bits 683 * @r: Bignum; used to store the result of a >> n 684 * Returns: 0 on success, -1 on failure 685 */ 686 int crypto_bignum_rshift(const struct crypto_bignum *a, int n, 687 struct crypto_bignum *r); 688 689 /** 690 * crypto_bignum_cmp - Compare two bignums 691 * @a: Bignum 692 * @b: Bignum 693 * Returns: -1 if a < b, 0 if a == b, or 1 if a > b 694 */ 695 int crypto_bignum_cmp(const struct crypto_bignum *a, 696 const struct crypto_bignum *b); 697 698 /** 699 * crypto_bignum_bits - Get size of a bignum in bits 700 * @a: Bignum 701 * Returns: Number of bits in the bignum 702 */ 703 int crypto_bignum_bits(const struct crypto_bignum *a); 704 705 /** 706 * crypto_bignum_is_zero - Is the given bignum zero 707 * @a: Bignum 708 * Returns: 1 if @a is zero or 0 if not 709 */ 710 int crypto_bignum_is_zero(const struct crypto_bignum *a); 711 712 /** 713 * crypto_bignum_is_one - Is the given bignum one 714 * @a: Bignum 715 * Returns: 1 if @a is one or 0 if not 716 */ 717 int crypto_bignum_is_one(const struct crypto_bignum *a); 718 719 /** 720 * crypto_bignum_is_odd - Is the given bignum odd 721 * @a: Bignum 722 * Returns: 1 if @a is odd or 0 if not 723 */ 724 int crypto_bignum_is_odd(const struct crypto_bignum *a); 725 726 /** 727 * crypto_bignum_legendre - Compute the Legendre symbol (a/p) 728 * @a: Bignum 729 * @p: Bignum 730 * Returns: Legendre symbol -1,0,1 on success; -2 on calculation failure 731 */ 732 int crypto_bignum_legendre(const struct crypto_bignum *a, 733 const struct crypto_bignum *p); 734 735 736 /** 737 * struct crypto_ec - Elliptic curve context 738 * 739 * Internal data structure for EC implementation. The contents is specific 740 * to the used crypto library. 741 */ 742 struct crypto_ec; 743 744 /** 745 * crypto_ec_init - Initialize elliptic curve context 746 * @group: Identifying number for the ECC group (IANA "Group Description" 747 * attribute registrty for RFC 2409) 748 * Returns: Pointer to EC context or %NULL on failure 749 */ 750 struct crypto_ec * crypto_ec_init(int group); 751 752 /** 753 * crypto_ec_deinit - Deinitialize elliptic curve context 754 * @e: EC context from crypto_ec_init() 755 */ 756 void crypto_ec_deinit(struct crypto_ec *e); 757 758 /** 759 * crypto_ec_prime_len - Get length of the prime in octets 760 * @e: EC context from crypto_ec_init() 761 * Returns: Length of the prime defining the group 762 */ 763 size_t crypto_ec_prime_len(struct crypto_ec *e); 764 765 /** 766 * crypto_ec_prime_len_bits - Get length of the prime in bits 767 * @e: EC context from crypto_ec_init() 768 * Returns: Length of the prime defining the group in bits 769 */ 770 size_t crypto_ec_prime_len_bits(struct crypto_ec *e); 771 772 /** 773 * crypto_ec_order_len - Get length of the order in octets 774 * @e: EC context from crypto_ec_init() 775 * Returns: Length of the order defining the group 776 */ 777 size_t crypto_ec_order_len(struct crypto_ec *e); 778 779 /** 780 * crypto_ec_get_prime - Get prime defining an EC group 781 * @e: EC context from crypto_ec_init() 782 * Returns: Prime (bignum) defining the group 783 */ 784 const struct crypto_bignum * crypto_ec_get_prime(struct crypto_ec *e); 785 786 /** 787 * crypto_ec_get_order - Get order of an EC group 788 * @e: EC context from crypto_ec_init() 789 * Returns: Order (bignum) of the group 790 */ 791 const struct crypto_bignum * crypto_ec_get_order(struct crypto_ec *e); 792 793 /** 794 * struct crypto_ec_point - Elliptic curve point 795 * 796 * Internal data structure for EC implementation to represent a point. The 797 * contents is specific to the used crypto library. 798 */ 799 800 /** 801 * crypto_ec_get_b - Get 'b' coeffiecient of an EC group's curve 802 * @e: EC context from crypto_ec_init() 803 * Returns: 'b' coefficient (bignum) of the group 804 */ 805 const struct crypto_bignum * crypto_ec_get_b(struct crypto_ec *e); 806 807 struct crypto_ec_point; 808 809 /** 810 * crypto_ec_point_init - Initialize data for an EC point 811 * @e: EC context from crypto_ec_init() 812 * Returns: Pointer to EC point data or %NULL on failure 813 */ 814 struct crypto_ec_point * crypto_ec_point_init(struct crypto_ec *e); 815 816 /** 817 * crypto_ec_point_deinit - Deinitialize EC point data 818 * @p: EC point data from crypto_ec_point_init() 819 * @clear: Whether to clear the EC point value from memory 820 */ 821 void crypto_ec_point_deinit(struct crypto_ec_point *p, int clear); 822 823 /** 824 * crypto_ec_point_to_bin - Write EC point value as binary data 825 * @e: EC context from crypto_ec_init() 826 * @p: EC point data from crypto_ec_point_init() 827 * @x: Buffer for writing the binary data for x coordinate or %NULL if not used 828 * @y: Buffer for writing the binary data for y coordinate or %NULL if not used 829 * Returns: 0 on success, -1 on failure 830 * 831 * This function can be used to write an EC point as binary data in a format 832 * that has the x and y coordinates in big endian byte order fields padded to 833 * the length of the prime defining the group. 834 */ 835 int crypto_ec_point_to_bin(struct crypto_ec *e, 836 const struct crypto_ec_point *point, u8 *x, u8 *y); 837 838 /** 839 * crypto_ec_point_from_bin - Create EC point from binary data 840 * @e: EC context from crypto_ec_init() 841 * @val: Binary data to read the EC point from 842 * Returns: Pointer to EC point data or %NULL on failure 843 * 844 * This function readers x and y coordinates of the EC point from the provided 845 * buffer assuming the values are in big endian byte order with fields padded to 846 * the length of the prime defining the group. 847 */ 848 struct crypto_ec_point * crypto_ec_point_from_bin(struct crypto_ec *e, 849 const u8 *val); 850 851 /** 852 * crypto_bignum_add - c = a + b 853 * @e: EC context from crypto_ec_init() 854 * @a: Bignum 855 * @b: Bignum 856 * @c: Bignum; used to store the result of a + b 857 * Returns: 0 on success, -1 on failure 858 */ 859 int crypto_ec_point_add(struct crypto_ec *e, const struct crypto_ec_point *a, 860 const struct crypto_ec_point *b, 861 struct crypto_ec_point *c); 862 863 /** 864 * crypto_bignum_mul - res = b * p 865 * @e: EC context from crypto_ec_init() 866 * @p: EC point 867 * @b: Bignum 868 * @res: EC point; used to store the result of b * p 869 * Returns: 0 on success, -1 on failure 870 */ 871 int crypto_ec_point_mul(struct crypto_ec *e, const struct crypto_ec_point *p, 872 const struct crypto_bignum *b, 873 struct crypto_ec_point *res); 874 875 /** 876 * crypto_ec_point_invert - Compute inverse of an EC point 877 * @e: EC context from crypto_ec_init() 878 * @p: EC point to invert (and result of the operation) 879 * Returns: 0 on success, -1 on failure 880 */ 881 int crypto_ec_point_invert(struct crypto_ec *e, struct crypto_ec_point *p); 882 883 /** 884 * crypto_ec_point_solve_y_coord - Solve y coordinate for an x coordinate 885 * @e: EC context from crypto_ec_init() 886 * @p: EC point to use for the returning the result 887 * @x: x coordinate 888 * @y_bit: y-bit (0 or 1) for selecting the y value to use 889 * Returns: 0 on success, -1 on failure 890 */ 891 int crypto_ec_point_solve_y_coord(struct crypto_ec *e, 892 struct crypto_ec_point *p, 893 const struct crypto_bignum *x, int y_bit); 894 895 /** 896 * crypto_ec_point_compute_y_sqr - Compute y^2 = x^3 + ax + b 897 * @e: EC context from crypto_ec_init() 898 * @x: x coordinate 899 * Returns: y^2 on success, %NULL failure 900 */ 901 struct crypto_bignum * 902 crypto_ec_point_compute_y_sqr(struct crypto_ec *e, 903 const struct crypto_bignum *x); 904 905 /** 906 * crypto_ec_point_is_at_infinity - Check whether EC point is neutral element 907 * @e: EC context from crypto_ec_init() 908 * @p: EC point 909 * Returns: 1 if the specified EC point is the neutral element of the group or 910 * 0 if not 911 */ 912 int crypto_ec_point_is_at_infinity(struct crypto_ec *e, 913 const struct crypto_ec_point *p); 914 915 /** 916 * crypto_ec_point_is_on_curve - Check whether EC point is on curve 917 * @e: EC context from crypto_ec_init() 918 * @p: EC point 919 * Returns: 1 if the specified EC point is on the curve or 0 if not 920 */ 921 int crypto_ec_point_is_on_curve(struct crypto_ec *e, 922 const struct crypto_ec_point *p); 923 924 /** 925 * crypto_ec_point_cmp - Compare two EC points 926 * @e: EC context from crypto_ec_init() 927 * @a: EC point 928 * @b: EC point 929 * Returns: 0 on equal, non-zero otherwise 930 */ 931 int crypto_ec_point_cmp(const struct crypto_ec *e, 932 const struct crypto_ec_point *a, 933 const struct crypto_ec_point *b); 934 935 /** 936 * crypto_ec_get_publickey_buf - Write EC public key to buffer 937 * @key: crypto key 938 * @key_buf: key buffer 939 * @len: length of buffer 940 * Returns: 0 on success, non-zero otherwise 941 */ 942 int crypto_ec_get_publickey_buf(struct crypto_key *key, u8 *key_buf, int len); 943 944 /** 945 * crypto_ec_get_group_from_key - Write EC group from key 946 * @key: crypto key 947 * Returns: EC group 948 */ 949 struct crypto_ec_group *crypto_ec_get_group_from_key(struct crypto_key *key); 950 951 /** 952 * crypto_ec_get_private_key - Get EC private key (in bignum format) 953 * @key: crypto key 954 * Returns: Private key 955 */ 956 struct crypto_bignum *crypto_ec_get_private_key(struct crypto_key *key); 957 958 /** 959 * crypto_ec_get_key - Read key from character stream 960 * @privkey: Private key 961 * @privkey_len: private key len 962 * Returns: Crypto key 963 */ 964 struct crypto_key *crypto_ec_get_key(const u8 *privkey, size_t privkey_len); 965 966 /** 967 * crypto_ec_get_mbedtls_to_nist_group_id - get nist group from mbedtls internal group 968 * @id: mbedtls group 969 * Returns: NIST group 970 */ 971 unsigned int crypto_ec_get_mbedtls_to_nist_group_id(int id); 972 973 /** 974 * crypto_ec_get_curve_id - get curve id from ec group 975 * @group: EC group 976 * Returns: curve ID 977 */ 978 int crypto_ec_get_curve_id(const struct crypto_ec_group *group); 979 980 /** 981 * crypto_ecdh: crypto ecdh 982 * @key_own: own key 983 * @key_peer: peer key 984 * @secret: secret 985 * @secret_len: secret len 986 * Returns: 0 if success else negative value 987 */ 988 int crypto_ecdh(struct crypto_key *key_own, struct crypto_key *key_peer, 989 u8 *secret, size_t *secret_len); 990 991 /** 992 * crypto_ecdsa_get_sign: get crypto ecdsa signed hash 993 * @hash: signed hash 994 * @r: ecdsa r 995 * @s: ecdsa s 996 * @csign: csign 997 * @hash_len: length of hash 998 * Return: 0 if success else negative value 999 */ 1000 int crypto_ecdsa_get_sign(unsigned char *hash, 1001 const struct crypto_bignum *r, const struct crypto_bignum *s, 1002 struct crypto_key *csign, int hash_len); 1003 1004 /** 1005 * crypto_edcsa_sign_verify: verify crypto ecdsa signed hash 1006 * @hash: signed hash 1007 * @r: ecdsa r 1008 * @s: ecdsa s 1009 * @csign: csign 1010 * @hlen: length of hash 1011 * Return: 0 if success else negative value 1012 */ 1013 int crypto_edcsa_sign_verify(const unsigned char *hash, const struct crypto_bignum *r, 1014 const struct crypto_bignum *s, struct crypto_key *csign, int hlen); 1015 1016 /** 1017 * crypto_ec_parse_subpub_key: get EC key context from sub public key 1018 * @p: data 1019 * @len: data len 1020 * Return: crypto_key 1021 */ 1022 struct crypto_key *crypto_ec_parse_subpub_key(const unsigned char *p, size_t len); 1023 1024 /** 1025 * crypto_is_ec_key: check whether a key is EC key or not 1026 * @key: crypto key 1027 * Return: true if key else false 1028 */ 1029 int crypto_is_ec_key(struct crypto_key *key); 1030 1031 /** 1032 * crypto_ec_gen_keypair: generate crypto ec keypair 1033 * @ike_group: grpup 1034 * Return: crypto key 1035 */ 1036 struct crypto_key * crypto_ec_gen_keypair(u16 ike_group); 1037 1038 /** 1039 * crypto_ec_write_pub_key: return public key in charater buffer 1040 * @key: crypto key 1041 * @der_len: buffer len 1042 * Return: public key buffer 1043 */ 1044 int crypto_ec_write_pub_key(struct crypto_key *key, unsigned char **key_buf); 1045 1046 /** 1047 * crypto_ec_set_pubkey_point: set bignum point on ec curve 1048 * @group: ec group 1049 * @buf: x,y coordinate 1050 * @len: length of x and y coordiate 1051 * Return : crypto key 1052 */ 1053 struct crypto_key * crypto_ec_set_pubkey_point(const struct crypto_ec_group *group, 1054 const u8 *buf, size_t len); 1055 /** 1056 * crypto_ec_free_key: free crypto key 1057 * Return : None 1058 */ 1059 void crypto_ec_free_key(struct crypto_key *key); 1060 /** 1061 * crypto_debug_print_ec_key: print ec key 1062 * @title: title 1063 * @key: crypto key 1064 * Return: None 1065 */ 1066 void crypto_debug_print_ec_key(const char *title, struct crypto_key *key); 1067 1068 /** 1069 * crypto_ec_get_public_key: Public key from crypto key 1070 * @key: crypto key 1071 * Return : Public key 1072 */ 1073 struct crypto_ec_point *crypto_ec_get_public_key(struct crypto_key *key); 1074 1075 /** 1076 * crypto_get_order: free crypto key 1077 * Return : None 1078 */ 1079 int crypto_get_order(struct crypto_ec_group *group, struct crypto_bignum *x); 1080 1081 /** 1082 * crypto_ec_get_affine_coordinates : get affine corrdinate of ec curve 1083 * @e: ec curve 1084 * @pt: point 1085 * @x: x coordinate 1086 * @y: y coordinate 1087 * Return : 0 if success 1088 */ 1089 int crypto_ec_get_affine_coordinates(struct crypto_ec *e, struct crypto_ec_point *pt, 1090 struct crypto_bignum *x, struct crypto_bignum *y); 1091 1092 /** 1093 * crypto_ec_get_group_byname: get ec curve group by name 1094 * @name: ec curve name 1095 * Return : EC group 1096 */ 1097 struct crypto_ec_group *crypto_ec_get_group_byname(const char *name); 1098 1099 /** 1100 * crypto_key_compare: check whether two keys belong to same 1101 * Return : 1 if yes else 0 1102 */ 1103 int crypto_key_compare(struct crypto_key *key1, struct crypto_key *key2); 1104 1105 /* 1106 * crypto_write_pubkey_der: get public key in der format 1107 * @csign: key 1108 * @key_buf: key buffer in charater format 1109 * Return : len of char buffer if success 1110 */ 1111 int crypto_write_pubkey_der(struct crypto_key *csign, unsigned char **key_buf); 1112 1113 /** 1114 * crypto_free_buffer: free buffer allocated by crypto API 1115 * @buf: buffer pointer 1116 * Return : None 1117 */ 1118 void crypto_free_buffer(unsigned char *buf); 1119 1120 /** 1121 * @crypto_ec_get_priv_key_der: get private key in der format 1122 * @key: key structure 1123 * @key_data: key data in charater buffer 1124 * @key_len = key length of charater buffer 1125 * Return : 0 if success 1126 */ 1127 int crypto_ec_get_priv_key_der(struct crypto_key *key, unsigned char **key_data, int *key_len); 1128 1129 /** 1130 * crypto_bignum_to_string: get big number in ascii format 1131 * @a: big number 1132 * @buf: buffer in which number will written to 1133 * @buflen: buffer length 1134 * @padlen: padding length 1135 * Return : 0 if success 1136 */ 1137 int crypto_bignum_to_string(const struct crypto_bignum *a, 1138 u8 *buf, size_t buflen, size_t padlen); 1139 1140 struct crypto_ecdh; 1141 1142 void crypto_ecdh_deinit(struct crypto_ecdh *ecdh); 1143 1144 struct crypto_ecdh * crypto_ecdh_init(int group); 1145 1146 struct wpabuf * crypto_ecdh_get_pubkey(struct crypto_ecdh *ecdh,int y); 1147 struct wpabuf * crypto_ecdh_set_peerkey(struct crypto_ecdh *ecdh, int inc_y, 1148 const u8 *key, size_t len); 1149 1150 1151 struct crypto_ec_key; 1152 1153 1154 /** 1155 * crypto_ec_key_parse_pub - Initialize EC key pair from SubjectPublicKeyInfo ASN.1 1156 * @der: DER encoding of ASN.1 SubjectPublicKeyInfo 1157 * @der_len: Length of @der buffer 1158 * Returns: EC key or %NULL on failure 1159 */ 1160 struct crypto_ec_key * crypto_ec_key_parse_pub(const u8 *der, size_t der_len); 1161 1162 1163 /** 1164 * crypto_ec_key_group - Get IANA group identifier for an EC key 1165 * @key: EC key from crypto_ec_key_parse/set_pub/priv() or crypto_ec_key_gen() 1166 * Returns: IANA group identifier and -1 on failure 1167 */ 1168 int crypto_ec_key_group(struct crypto_ec_key *key); 1169 1170 /** 1171 * crypto_ec_key_deinit - Free EC key 1172 * @key: EC key from crypto_ec_key_parse_pub/priv() or crypto_ec_key_gen() 1173 */ 1174 void crypto_ec_key_deinit(struct crypto_ec_key *key); 1175 1176 /** 1177 * crypto_ec_key_verify_signature - Verify ECDSA signature 1178 * @key: EC key from crypto_ec_key_parse/set_pub() or crypto_ec_key_gen() 1179 * @data: Data to be signed 1180 * @len: Length of @data buffer 1181 * @sig: DER encoding of ASN.1 Ecdsa-Sig-Value 1182 * @sig_len: Length of @sig buffer 1183 * Returns: 1 if signature is valid, 0 if signature is invalid and -1 on failure 1184 */ 1185 int crypto_ec_key_verify_signature(struct crypto_ec_key *key, const u8 *data, 1186 size_t len, const u8 *sig, size_t sig_len); 1187 1188 #endif /* CRYPTO_H */ 1189
