Crash_Override/OVMS3-idf
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

wpa_supplicant: Cleanup fast_xxx modules that use duplicate code

Browse source 
wpa_supplicant is using MbedTLS API's for crypto algorithms. For
calling them a duplicate set of modules is maintained prepended
with 'fast_'. Remove these and use flag USE_MBEDTLS_CRYPTO
instead to separate modules calling MbedTLS API's from native
implementation.
This commit is contained in:
Nachiket Kukade 2019-07-03 17:39:52 +05:30
parent c8f5f47d5d
commit 900df44546
42 changed files with 506 additions and 1335 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
components/esp_wifi/CMakeLists.txt
View file

@ -5,7 +5,7 @@ if(NOT CONFIG_ESP32_NO_BLOBS)
endif()
idf_component_register(SRCS "src/coexist.c"
"src/fast_crypto_ops.c"
"src/crypto_ops.c"
"src/lib_printf.c"
"src/mesh_event.c"
"src/phy_init.c"

21
components/esp_wifi/src/fast_crypto_ops.c → components/esp_wifi/src/crypto_ops.c
View file

@ -22,19 +22,18 @@
#include "crypto/dh_group5.h"
#include "esp_wifi_crypto_types.h"
/*
* The parameters is used to set the cyrpto callback function for station connect when in security mode,
* every callback function can register as fast_xxx or normal one, i.e, fast_aes_wrap or aes_wrap, the
* difference between them is the normal API is calculate by software, the fast one use the hardware
* crypto in it, can be faster than the normal one, so the callback function register in default is which
* we recommend, so as the API in WPS default and WPA2 default.
* This structure is used to set the cyrpto callback function for station to connect when in security mode.
* These functions either call MbedTLS API's if USE_MBEDTLS_CRYPTO flag is set through Kconfig, or native
* API's otherwise. We recommend setting the flag since MbedTLS API's utilize hardware acceleration while
* native API's are use software implementations.
*/
const wpa_crypto_funcs_t g_wifi_default_wpa_crypto_funcs = {
.size = sizeof(wpa_crypto_funcs_t),
.version = ESP_WIFI_CRYPTO_VERSION,
.aes_wrap = (esp_aes_wrap_t)fast_aes_wrap,
.aes_unwrap = (esp_aes_unwrap_t)fast_aes_unwrap,
.hmac_sha256_vector = (esp_hmac_sha256_vector_t)fast_hmac_sha256_vector,
.sha256_prf = (esp_sha256_prf_t)fast_sha256_prf,
.aes_wrap = (esp_aes_wrap_t)aes_wrap,
.aes_unwrap = (esp_aes_unwrap_t)aes_unwrap,
.hmac_sha256_vector = (esp_hmac_sha256_vector_t)hmac_sha256_vector,
.sha256_prf = (esp_sha256_prf_t)sha256_prf,
.hmac_md5 = (esp_hmac_md5_t)hmac_md5,
.hamc_md5_vector = (esp_hmac_md5_vector_t)hmac_md5_vector,
.hmac_sha1 = (esp_hmac_sha1_t)hmac_sha1,
@ -53,6 +52,6 @@ const wpa_crypto_funcs_t g_wifi_default_wpa_crypto_funcs = {
};
const mesh_crypto_funcs_t g_wifi_default_mesh_crypto_funcs = {
.aes_128_encrypt = (esp_aes_128_encrypt_t)fast_aes_128_cbc_encrypt,
.aes_128_decrypt = (esp_aes_128_decrypt_t)fast_aes_128_cbc_decrypt,
.aes_128_encrypt = (esp_aes_128_encrypt_t)aes_128_cbc_encrypt,
.aes_128_decrypt = (esp_aes_128_decrypt_t)aes_128_cbc_decrypt,
};

8
components/wpa_supplicant/CMakeLists.txt
View file

@ -29,14 +29,6 @@ set(srcs "port/os_xtensa.c"
"src/crypto/sha1.c"
"src/crypto/sha256-internal.c"
"src/crypto/sha256.c"
"src/fast_crypto/fast_aes-cbc.c"
"src/fast_crypto/fast_aes-unwrap.c"
"src/fast_crypto/fast_aes-wrap.c"
"src/fast_crypto/fast_crypto_internal-cipher.c"
"src/fast_crypto/fast_crypto_internal-modexp.c"
"src/fast_crypto/fast_crypto_internal.c"
"src/fast_crypto/fast_sha256-internal.c"
"src/fast_crypto/fast_sha256.c"
"src/eap_peer/chap.c"
"src/eap_peer/eap.c"
"src/eap_peer/eap_common.c"

6
components/wpa_supplicant/Kconfig
View file

@ -27,4 +27,10 @@ menu "Supplicant"
help
Select this option to support EAP-PEAP.
config WPA_MBEDTLS_CRYPTO
bool "Use MbedTLS crypto API's"
default y
help
Select this option to use MbedTLS crypto API's which utilize hardware acceleration.
endmenu

2
components/wpa_supplicant/component.mk
View file

@ -1,5 +1,5 @@
COMPONENT_ADD_INCLUDEDIRS := include port/include include/esp_supplicant
COMPONENT_PRIV_INCLUDEDIRS := src
COMPONENT_SRCDIRS := port src/ap src/common src/crypto src/eap_peer src/fast_crypto src/rsn_supp src/tls src/utils src/esp_supplicant src/wps
COMPONENT_SRCDIRS := port src/ap src/common src/crypto src/eap_peer src/rsn_supp src/tls src/utils src/esp_supplicant src/wps
CFLAGS += -DESP_SUPPLICANT -DIEEE8021X_EAPOL -DEAP_PEER_METHOD -DEAP_MSCHAPv2 -DUSE_WPA2_TASK -DCONFIG_WPS2 -DCONFIG_WPS_PIN -DUSE_WPS_TASK -DESPRESSIF_USE -DESP32_WORKAROUND -DCONFIG_ECC -D__ets__ -Wno-strict-aliasing

6
components/wpa_supplicant/include/crypto/aes_wrap.h
View file

@ -44,10 +44,4 @@ int __must_check aes_128_cbc_encrypt(const u8 *key, const u8 *iv, u8 *data,
size_t data_len);
int __must_check aes_128_cbc_decrypt(const u8 *key, const u8 *iv, u8 *data,
size_t data_len);
int __must_check fast_aes_wrap(const uint8_t *kek, int n, const uint8_t *plain, uint8_t *cipher);
int __must_check fast_aes_unwrap(const uint8_t *kek, int n, const uint8_t *cipher, uint8_t *plain);
int __must_check fast_aes_128_cbc_encrypt(const uint8_t *key, const uint8_t *iv, uint8_t *data,
size_t data_len);
int __must_check fast_aes_128_cbc_decrypt(const uint8_t *key, const uint8_t *iv, uint8_t *data,
size_t data_len);
#endif /* AES_WRAP_H */

139
components/wpa_supplicant/include/crypto/crypto.h
View file

@ -102,17 +102,6 @@ int __must_check fips186_2_prf(const u8 *seed, size_t seed_len, u8 *x,
int sha256_vector(size_t num_elem, const u8 *addr[], const size_t *len,
u8 *mac);
/**
* fast_sha256_vector - fast SHA256 hash for data vector
* @num_elem: Number of elements in the data vector
* @addr: Pointers to the data areas
* @len: Lengths of the data blocks
* @mac: Buffer for the hash
* Returns: 0 on success, -1 on failure
*/
int fast_sha256_vector(size_t num_elem, const uint8_t *addr[], const size_t *len,
uint8_t *mac);
/**
* des_encrypt - Encrypt one block with DES
* @clear: 8 octets (in)
@ -189,21 +178,6 @@ struct crypto_hash;
struct crypto_hash * crypto_hash_init(enum crypto_hash_alg alg, const u8 *key,
size_t key_len);
/**
* fast_crypto_hash_init - Initialize hash/HMAC function
* @alg: Hash algorithm
* @key: Key for keyed hash (e.g., HMAC) or %NULL if not needed
* @key_len: Length of the key in bytes
* Returns: Pointer to hash context to use with other hash functions or %NULL
* on failure
*
* This function is only used with internal TLSv1 implementation
* (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need
* to implement this.
*/
struct crypto_hash * fast_crypto_hash_init(enum crypto_hash_alg alg, const uint8_t *key,
size_t key_len);
/**
* crypto_hash_update - Add data to hash calculation
* @ctx: Context pointer from crypto_hash_init()
@ -216,18 +190,6 @@ struct crypto_hash * fast_crypto_hash_init(enum crypto_hash_alg alg, const uint8
*/
void crypto_hash_update(struct crypto_hash *ctx, const u8 *data, size_t len);
/**
* fast_crypto_hash_update - Add data to hash calculation
* @ctx: Context pointer from crypto_hash_init()
* @data: Data buffer to add
* @len: Length of the buffer
*
* This function is only used with internal TLSv1 implementation
* (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need
* to implement this.
*/
void fast_crypto_hash_update(struct crypto_hash *ctx, const uint8_t *data, size_t len);
/**
* crypto_hash_finish - Complete hash calculation
* @ctx: Context pointer from crypto_hash_init()
@ -247,26 +209,6 @@ void fast_crypto_hash_update(struct crypto_hash *ctx, const uint8_t *data, size_
*/
int crypto_hash_finish(struct crypto_hash *ctx, u8 *hash, size_t *len);
/**
* fast_crypto_hash_finish - Complete hash calculation
* @ctx: Context pointer from crypto_hash_init()
* @hash: Buffer for hash value or %NULL if caller is just freeing the hash
* context
* @len: Pointer to length of the buffer or %NULL if caller is just freeing the
* hash context; on return, this is set to the actual length of the hash value
* Returns: 0 on success, -1 if buffer is too small (len set to needed length),
* or -2 on other failures (including failed crypto_hash_update() operations)
*
* This function calculates the hash value and frees the context buffer that
* was used for hash calculation.
*
* This function is only used with internal TLSv1 implementation
* (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need
* to implement this.
*/
int fast_crypto_hash_finish(struct crypto_hash *ctx, uint8_t *hash, size_t *len);
enum crypto_cipher_alg {
CRYPTO_CIPHER_NULL = 0, CRYPTO_CIPHER_ALG_AES, CRYPTO_CIPHER_ALG_3DES,
CRYPTO_CIPHER_ALG_DES, CRYPTO_CIPHER_ALG_RC2, CRYPTO_CIPHER_ALG_RC4
@ -291,22 +233,6 @@ struct crypto_cipher * crypto_cipher_init(enum crypto_cipher_alg alg,
const u8 *iv, const u8 *key,
size_t key_len);
/**
* fast_crypto_cipher_init - Initialize block/stream cipher function
* @alg: Cipher algorithm
* @iv: Initialization vector for block ciphers or %NULL for stream ciphers
* @key: Cipher key
* @key_len: Length of key in bytes
* Returns: Pointer to cipher context to use with other cipher functions or
* %NULL on failure
*
* This function is only used with internal TLSv1 implementation
* (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need
* to implement this.
*/
struct crypto_cipher * fast_crypto_cipher_init(enum crypto_cipher_alg alg,
const uint8_t *iv, const uint8_t *key,
size_t key_len);
/**
* crypto_cipher_encrypt - Cipher encrypt
* @ctx: Context pointer from crypto_cipher_init()
@ -322,21 +248,6 @@ struct crypto_cipher * fast_crypto_cipher_init(enum crypto_cipher_alg alg,
int __must_check crypto_cipher_encrypt(struct crypto_cipher *ctx,
const u8 *plain, u8 *crypt, size_t len);
/**
* fast_crypto_cipher_encrypt - Cipher encrypt
* @ctx: Context pointer from crypto_cipher_init()
* @plain: Plaintext to cipher
* @crypt: Resulting ciphertext
* @len: Length of the plaintext
* Returns: 0 on success, -1 on failure
*
* This function is only used with internal TLSv1 implementation
* (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need
* to implement this.
*/
int __must_check fast_crypto_cipher_encrypt(struct crypto_cipher *ctx,
const uint8_t *plain, uint8_t *crypt, size_t len);
/**
* crypto_cipher_decrypt - Cipher decrypt
* @ctx: Context pointer from crypto_cipher_init()
@ -352,21 +263,6 @@ int __must_check fast_crypto_cipher_encrypt(struct crypto_cipher *ctx,
int __must_check crypto_cipher_decrypt(struct crypto_cipher *ctx,
const u8 *crypt, u8 *plain, size_t len);
/**
* fast_crypto_cipher_decrypt - Cipher decrypt
* @ctx: Context pointer from crypto_cipher_init()
* @crypt: Ciphertext to decrypt
* @plain: Resulting plaintext
* @len: Length of the cipher text
* Returns: 0 on success, -1 on failure
*
* This function is only used with internal TLSv1 implementation
* (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need
* to implement this.
*/
int __must_check fast_crypto_cipher_decrypt(struct crypto_cipher *ctx,
const uint8_t *crypt, uint8_t *plain, size_t len);
/**
* crypto_cipher_decrypt - Free cipher context
* @ctx: Context pointer from crypto_cipher_init()
@ -377,16 +273,6 @@ int __must_check fast_crypto_cipher_decrypt(struct crypto_cipher *ctx,
*/
void crypto_cipher_deinit(struct crypto_cipher *ctx);
/**
* fast_crypto_cipher_decrypt - Free cipher context
* @ctx: Context pointer from crypto_cipher_init()
*
* This function is only used with internal TLSv1 implementation
* (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need
* to implement this.
*/
void fast_crypto_cipher_deinit(struct crypto_cipher *ctx);
struct crypto_public_key;
struct crypto_private_key;
@ -565,31 +451,6 @@ int __must_check crypto_mod_exp(const u8 *base, size_t base_len,
const u8 *modulus, size_t modulus_len,
u8 *result, size_t *result_len);
/**
* fast_crypto_mod_exp - Modular exponentiation of large integers
* @base: Base integer (big endian byte array)
* @base_len: Length of base integer in bytes
* @power: Power integer (big endian byte array)
* @power_len: Length of power integer in bytes
* @modulus: Modulus integer (big endian byte array)
* @modulus_len: Length of modulus integer in bytes
* @result: Buffer for the result
* @result_len: Result length (max buffer size on input, real len on output)
* Returns: 0 on success, -1 on failure
*
* This function calculates result = base ^ power mod modulus. modules_len is
* used as the maximum size of modulus buffer. It is set to the used size on
* success.
*
* This function is only used with internal TLSv1 implementation
* (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need
* to implement this.
*/
int __must_check fast_crypto_mod_exp(const uint8_t *base, size_t base_len,
const uint8_t *power, size_t power_len,
const uint8_t *modulus, size_t modulus_len,
uint8_t *result, size_t *result_len);
/**
* rc4_skip - XOR RC4 stream to given data with skip-stream-start
* @key: RC4 key

6
components/wpa_supplicant/include/crypto/sha256.h
View file

@ -24,10 +24,4 @@ void hmac_sha256(const u8 *key, size_t key_len, const u8 *data,
void sha256_prf(const u8 *key, size_t key_len, const char *label,
const u8 *data, size_t data_len, u8 *buf, size_t buf_len);
void fast_hmac_sha256_vector(const uint8_t *key, size_t key_len, size_t num_elem,
const uint8_t *addr[], const size_t *len, uint8_t *mac);
void fast_hmac_sha256(const uint8_t *key, size_t key_len, const uint8_t *data,
size_t data_len, uint8_t *mac);
void fast_sha256_prf(const uint8_t *key, size_t key_len, const char *label,
const uint8_t *data, size_t data_len, uint8_t *buf, size_t buf_len);
#endif /* SHA256_H */

4
components/wpa_supplicant/port/include/supplicant_opt.h
View file

@ -29,4 +29,8 @@
#define EAP_PEAP 1
#endif
#if CONFIG_WPA_MBEDTLS_CRYPTO
#define USE_MBEDTLS_CRYPTO 1
#endif
#endif /* _SUPPLICANT_OPT_H */

4
components/wpa_supplicant/src/ap/wpa_auth.c
View file

@ -932,7 +932,7 @@ static int wpa_gmk_to_gtk(const u8 *gmk, const char *label, const u8 *addr,
ret = -1;
#ifdef CONFIG_IEEE80211W
fast_sha256_prf(gmk, WPA_GMK_LEN, label, data, sizeof(data), gtk, gtk_len);
sha256_prf(gmk, WPA_GMK_LEN, label, data, sizeof(data), gtk, gtk_len);
#else /* CONFIG_IEEE80211W */
if (sha1_prf(gmk, WPA_GMK_LEN, label, data, sizeof(data), gtk, gtk_len) < 0)
ret = -1;
@ -1064,7 +1064,7 @@ void __wpa_send_eapol(struct wpa_authenticator *wpa_auth,
buf, key_data_len);
if (version == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES ||
version == WPA_KEY_INFO_TYPE_AES_128_CMAC) {
if (fast_aes_wrap(sm->PTK.kek, (key_data_len - 8) / 8, buf,
if (aes_wrap(sm->PTK.kek, (key_data_len - 8) / 8, buf,
(u8 *) (key + 1))) {
os_free(hdr);
os_free(buf);

4
components/wpa_supplicant/src/common/wpa_common.c
View file

@ -507,7 +507,7 @@ void wpa_pmk_to_ptk(const u8 *pmk, size_t pmk_len, const char *label,
#ifdef CONFIG_IEEE80211W
if (use_sha256) {
fast_sha256_prf(pmk, pmk_len, label, data, sizeof(data),
sha256_prf(pmk, pmk_len, label, data, sizeof(data),
ptk, ptk_len);
}
else
@ -549,7 +549,7 @@ void rsn_pmkid(const u8 *pmk, size_t pmk_len, const u8 *aa, const u8 *spa,
#ifdef CONFIG_IEEE80211W
if (use_sha256) {
fast_hmac_sha256_vector(pmk, pmk_len, 3, addr, len, hash);
hmac_sha256_vector(pmk, pmk_len, 3, addr, len, hash);
}
else
#endif /* CONFIG_IEEE80211W */

86
components/wpa_supplicant/src/crypto/aes-cbc.c
View file

@ -12,6 +12,21 @@
*
* See README and COPYING for more details.
*/
/*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Hardware crypto support Copyright 2017-2019 Espressif Systems (Shanghai) PTE LTD
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "utils/includes.h"
@ -19,6 +34,9 @@
#include "crypto/aes.h"
#include "crypto/aes_wrap.h"
#ifdef USE_MBEDTLS_CRYPTO
#include "mbedtls/aes.h"
/**
* aes_128_cbc_encrypt - AES-128 CBC encryption
* @key: Encryption key
@ -27,7 +45,70 @@
* @data_len: Length of data in bytes (must be divisible by 16)
* Returns: 0 on success, -1 on failure
*/
int
int
aes_128_cbc_encrypt(const u8 *key, const u8 *iv, u8 *data, size_t data_len)
{
int ret = 0;
mbedtls_aes_context ctx;
u8 cbc[AES_BLOCK_SIZE];
mbedtls_aes_init(&ctx);
ret = mbedtls_aes_setkey_enc(&ctx, key, 128);
if(ret < 0) {
mbedtls_aes_free(&ctx);
return ret;
}
os_memcpy(cbc, iv, AES_BLOCK_SIZE);
ret = mbedtls_aes_crypt_cbc(&ctx, MBEDTLS_AES_ENCRYPT, data_len, cbc, data, data);
mbedtls_aes_free(&ctx);
return ret;
}
/**
* aes_128_cbc_decrypt - AES-128 CBC decryption
* @key: Decryption key
* @iv: Decryption IV for CBC mode (16 bytes)
* @data: Data to decrypt in-place
* @data_len: Length of data in bytes (must be divisible by 16)
* Returns: 0 on success, -1 on failure
*/
int
aes_128_cbc_decrypt(const u8 *key, const u8 *iv, u8 *data, size_t data_len)
{
int ret = 0;
mbedtls_aes_context ctx;
u8 cbc[AES_BLOCK_SIZE];
mbedtls_aes_init(&ctx);
ret = mbedtls_aes_setkey_dec(&ctx, key, 128);
if(ret < 0) {
mbedtls_aes_free(&ctx);
return ret;
}
os_memcpy(cbc, iv, AES_BLOCK_SIZE);
ret = mbedtls_aes_crypt_cbc(&ctx, MBEDTLS_AES_DECRYPT, data_len, cbc, data, data);
mbedtls_aes_free(&ctx);
return ret;
}
#else /* USE_MBEDTLS_CRYPTO */
/**
* aes_128_cbc_encrypt - AES-128 CBC encryption
* @key: Encryption key
* @iv: Encryption IV for CBC mode (16 bytes)
* @data: Data to encrypt in-place
* @data_len: Length of data in bytes (must be divisible by 16)
* Returns: 0 on success, -1 on failure
*/
int
aes_128_cbc_encrypt(const u8 *key, const u8 *iv, u8 *data, size_t data_len)
{
void *ctx;
@ -61,7 +142,7 @@ aes_128_cbc_encrypt(const u8 *key, const u8 *iv, u8 *data, size_t data_len)
* @data_len: Length of data in bytes (must be divisible by 16)
* Returns: 0 on success, -1 on failure
*/
int
int
aes_128_cbc_decrypt(const u8 *key, const u8 *iv, u8 *data, size_t data_len)
{
void *ctx;
@ -86,3 +167,4 @@ aes_128_cbc_decrypt(const u8 *key, const u8 *iv, u8 *data, size_t data_len)
aes_decrypt_deinit(ctx);
return 0;
}
#endif /* USE_MBEDTLS_CRYPTO */

41
components/wpa_supplicant/src/crypto/aes-unwrap.c
View file

@ -12,12 +12,31 @@
*
* See README and COPYING for more details.
*/
/*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Hardware crypto support Copyright 2017-2019 Espressif Systems (Shanghai) PTE LTD
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "utils/includes.h"
#include "utils/common.h"
#ifdef USE_MBEDTLS_CRYPTO
#include "mbedtls/aes.h"
#else /* USE_MBEDTLS_CRYPTO */
#include "crypto/aes.h"
#include "crypto/aes_wrap.h"
#endif /* USE_MBEDTLS_CRYPTO */
/**
* aes_unwrap - Unwrap key with AES Key Wrap Algorithm (128-bit KEK) (RFC3394)
@ -33,16 +52,30 @@ aes_unwrap(const u8 *kek, int n, const u8 *cipher, u8 *plain)
{
u8 a[8], *r, b[16];
int i, j;
#ifdef USE_MBEDTLS_CRYPTO
int32_t ret = 0;
mbedtls_aes_context ctx;
#else /* USE_MBEDTLS_CRYPTO */
void *ctx;
#endif /* USE_MBEDTLS_CRYPTO */
/* 1) Initialize variables. */
os_memcpy(a, cipher, 8);
r = plain;
os_memcpy(r, cipher + 8, 8 * n);
#ifdef USE_MBEDTLS_CRYPTO
mbedtls_aes_init(&ctx);
ret = mbedtls_aes_setkey_dec(&ctx, kek, 128);
if (ret < 0) {
mbedtls_aes_free(&ctx);
return ret;
}
#else /* USE_MBEDTLS_CRYPTO */
ctx = aes_decrypt_init(kek, 16);
if (ctx == NULL)
return -1;
#endif /* USE_MBEDTLS_CRYPTO */
/* 2) Compute intermediate values.
* For j = 5 to 0
@ -58,13 +91,21 @@ aes_unwrap(const u8 *kek, int n, const u8 *cipher, u8 *plain)
b[7] ^= n * j + i;
os_memcpy(b + 8, r, 8);
#ifdef USE_MBEDTLS_CRYPTO
ret = mbedtls_internal_aes_decrypt(&ctx, b, b);
#else /* USE_MBEDTLS_CRYPTO */
aes_decrypt(ctx, b, b);
#endif /* USE_MBEDTLS_CRYPTO */
os_memcpy(a, b, 8);
os_memcpy(r, b + 8, 8);
r -= 8;
}
}
#ifdef USE_MBEDTLS_CRYPTO
mbedtls_aes_free(&ctx);
#else /* USE_MBEDTLS_CRYPTO */
aes_decrypt_deinit(ctx);
#endif /* USE_MBEDTLS_CRYPTO */
/* 3) Output results.
*

42
components/wpa_supplicant/src/crypto/aes-wrap.c
View file

@ -6,12 +6,30 @@
* This software may be distributed under the terms of the BSD license.
* See README for more details.
*/
/*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Hardware crypto support Copyright 2017-2019 Espressif Systems (Shanghai) PTE LTD
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "utils/includes.h"
#include "utils/common.h"
#include "crypto/aes.h"
#include "crypto/aes_wrap.h"
#ifdef USE_MBEDTLS_CRYPTO
#include "mbedtls/aes.h"
#endif /* USE_MBEDTLS_CRYPTO */
/**
* aes_wrap - Wrap keys with AES Key Wrap Algorithm (128-bit KEK) (RFC3394)
@ -26,7 +44,12 @@ int aes_wrap(const u8 *kek, int n, const u8 *plain, u8 *cipher)
{
u8 *a, *r, b[16];
int i, j;
#ifdef USE_MBEDTLS_CRYPTO
int32_t ret = 0;
mbedtls_aes_context ctx;
#else /* USE_MBEDTLS_CRYPTO */
void *ctx;
#endif /* USE_MBEDTLS_CRYPTO */
a = cipher;
r = cipher + 8;
@ -35,9 +58,18 @@ int aes_wrap(const u8 *kek, int n, const u8 *plain, u8 *cipher)
os_memset(a, 0xa6, 8);
os_memcpy(r, plain, 8 * n);
#ifdef USE_MBEDTLS_CRYPTO
mbedtls_aes_init(&ctx);
ret = mbedtls_aes_setkey_enc(&ctx, kek, 128);
if (ret < 0) {
mbedtls_aes_free(&ctx);
return ret;
}
#else /* USE_MBEDTLS_CRYPTO */
ctx = aes_encrypt_init(kek, 16);
if (ctx == NULL)
return -1;
#endif /* USE_MBEDTLS_CRYPTO */
/* 2) Calculate intermediate values.
* For j = 0 to 5
@ -51,14 +83,24 @@ int aes_wrap(const u8 *kek, int n, const u8 *plain, u8 *cipher)
for (i = 1; i <= n; i++) {
os_memcpy(b, a, 8);
os_memcpy(b + 8, r, 8);
#ifdef USE_MBEDTLS_CRYPTO
ret = mbedtls_internal_aes_encrypt(&ctx, b, b);
if (ret != 0)
break;
#else /* USE_MBEDTLS_CRYPTO */
aes_encrypt(ctx, b, b);
#endif /* USE_MBEDTLS_CRYPTO */
os_memcpy(a, b, 8);
a[7] ^= n * j + i;
os_memcpy(r, b + 8, 8);
r += 8;
}
}
#ifdef USE_MBEDTLS_CRYPTO
mbedtls_aes_free(&ctx);
#else /* USE_MBEDTLS_CRYPTO */
aes_encrypt_deinit(ctx);
#endif /* USE_MBEDTLS_CRYPTO */
/* 3) Output the results.
*

48
components/wpa_supplicant/src/crypto/crypto_internal-cipher.c
View file

@ -5,13 +5,32 @@
* This software may be distributed under the terms of the BSD license.
* See README for more details.
*/
/*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Hardware crypto support Copyright 2017-2019 Espressif Systems (Shanghai) PTE LTD
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "utils/common.h"
#include "utils/includes.h"
#include "crypto/crypto.h"
#include "crypto/aes.h"
#if defined(CONFIG_DES) || defined(CONFIG_DES3)
#include "crypto/des_i.h"
#endif
#ifdef USE_MBEDTLS_CRYPTO
#include "mbedtls/aes.h"
#endif /* USE_MBEDTLS_CRYPTO */
struct crypto_cipher {
enum crypto_cipher_alg alg;
@ -23,8 +42,13 @@ struct crypto_cipher {
} rc4;
struct {
u8 cbc[32];
#ifdef USE_MBEDTLS_CRYPTO
mbedtls_aes_context ctx_enc;
mbedtls_aes_context ctx_dec;
#else /* USE_MBEDTLS_CRYPTO */
void *ctx_enc;
void *ctx_dec;
#endif /* USE_MBEDTLS_CRYPTO */
} aes;
#ifdef CONFIG_DES3
struct {
@ -65,6 +89,12 @@ struct crypto_cipher * crypto_cipher_init(enum crypto_cipher_alg alg,
os_memcpy(ctx->u.rc4.key, key, key_len);
break;
case CRYPTO_CIPHER_ALG_AES:
#ifdef USE_MBEDTLS_CRYPTO
mbedtls_aes_init(&(ctx->u.aes.ctx_enc));
mbedtls_aes_setkey_enc(&(ctx->u.aes.ctx_enc), key, key_len * 8);
mbedtls_aes_init(&(ctx->u.aes.ctx_dec));
mbedtls_aes_setkey_dec(&(ctx->u.aes.ctx_dec), key, key_len * 8);
#else /* USE_MBEDTLS_CRYPTO */
ctx->u.aes.ctx_enc = aes_encrypt_init(key, key_len);
if (ctx->u.aes.ctx_enc == NULL) {
os_free(ctx);
@ -76,6 +106,7 @@ struct crypto_cipher * crypto_cipher_init(enum crypto_cipher_alg alg,
os_free(ctx);
return NULL;
}
#endif /* USE_MBEDTLS_CRYPTO */
os_memcpy(ctx->u.aes.cbc, iv, AES_BLOCK_SIZE);
break;
#ifdef CONFIG_DES3
@ -127,8 +158,14 @@ int crypto_cipher_encrypt(struct crypto_cipher *ctx, const u8 *plain,
for (i = 0; i < blocks; i++) {
for (j = 0; j < AES_BLOCK_SIZE; j++)
ctx->u.aes.cbc[j] ^= plain[j];
#ifdef USE_MBEDTLS_CRYPTO
if (mbedtls_internal_aes_encrypt(&(ctx->u.aes.ctx_enc),
ctx->u.aes.cbc, ctx->u.aes.cbc) != 0)
return -1;
#else /* USE_MBEDTLS_CRYPTO */
aes_encrypt(ctx->u.aes.ctx_enc, ctx->u.aes.cbc,
ctx->u.aes.cbc);
#endif /* USE_MBEDTLS_CRYPTO */
os_memcpy(crypt, ctx->u.aes.cbc, AES_BLOCK_SIZE);
plain += AES_BLOCK_SIZE;
crypt += AES_BLOCK_SIZE;
@ -194,7 +231,13 @@ int crypto_cipher_decrypt(struct crypto_cipher *ctx, const u8 *crypt,
blocks = len / AES_BLOCK_SIZE;
for (i = 0; i < blocks; i++) {
os_memcpy(tmp, crypt, AES_BLOCK_SIZE);
#ifdef USE_MBEDTLS_CRYPTO
if (mbedtls_internal_aes_decrypt(&(ctx->u.aes.ctx_dec),
crypt, plain) != 0)
return -1;
#else /* USE_MBEDTLS_CRYPTO */
aes_decrypt(ctx->u.aes.ctx_dec, crypt, plain);
#endif /* USE_MBEDTLS_CRYPTO */
for (j = 0; j < AES_BLOCK_SIZE; j++)
plain[j] ^= ctx->u.aes.cbc[j];
os_memcpy(ctx->u.aes.cbc, tmp, AES_BLOCK_SIZE);
@ -246,8 +289,13 @@ void crypto_cipher_deinit(struct crypto_cipher *ctx)
{
switch (ctx->alg) {
case CRYPTO_CIPHER_ALG_AES:
#ifdef USE_MBEDTLS_CRYPTO
mbedtls_aes_free(&(ctx->u.aes.ctx_enc));
mbedtls_aes_free(&(ctx->u.aes.ctx_dec));
#else /* USE_MBEDTLS_CRYPTO */
aes_encrypt_deinit(ctx->u.aes.ctx_enc);
aes_decrypt_deinit(ctx->u.aes.ctx_dec);
#endif /* USE_MBEDTLS_CRYPTO */
break;
#ifdef CONFIG_DES3
case CRYPTO_CIPHER_ALG_3DES:

59
components/wpa_supplicant/src/crypto/crypto_internal-modexp.c
View file

@ -11,14 +11,72 @@
*
* See README and COPYING for more details.
*/
/*
* Hardware crypto support Copyright 2017-2019 Espressif Systems (Shanghai) PTE LTD
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "utils/includes.h"
#include "utils/common.h"
#ifdef USE_MBEDTLS_CRYPTO
#include "mbedtls/bignum.h"
#else /* USE_MBEDTLS_CRYPTO */
#include "bignum.h"
#endif /* USE_MBEDTLS_CRYPTO */
#include "crypto/crypto.h"
#ifdef USE_MBEDTLS_CRYPTO
int
crypto_mod_exp(const uint8_t *base, size_t base_len,
const uint8_t *power, size_t power_len,
const uint8_t *modulus, size_t modulus_len,
uint8_t *result, size_t *result_len)
{
mbedtls_mpi bn_base, bn_exp, bn_modulus, bn_result, bn_rinv;
int ret = 0;
mbedtls_mpi_init(&bn_base);
mbedtls_mpi_init(&bn_exp);
mbedtls_mpi_init(&bn_modulus);
mbedtls_mpi_init(&bn_result);
mbedtls_mpi_init(&bn_rinv);
mbedtls_mpi_read_binary(&bn_base, base, base_len);
mbedtls_mpi_read_binary(&bn_exp, power, power_len);
mbedtls_mpi_read_binary(&bn_modulus, modulus, modulus_len);
ret = mbedtls_mpi_exp_mod(&bn_result, &bn_base, &bn_exp, &bn_modulus, &bn_rinv);
if (ret < 0) {
mbedtls_mpi_free(&bn_base);
mbedtls_mpi_free(&bn_exp);
mbedtls_mpi_free(&bn_modulus);
mbedtls_mpi_free(&bn_result);
mbedtls_mpi_free(&bn_rinv);
return ret;
}
ret = mbedtls_mpi_write_binary(&bn_result, result, *result_len);
mbedtls_mpi_free(&bn_base);
mbedtls_mpi_free(&bn_exp);
mbedtls_mpi_free(&bn_modulus);
mbedtls_mpi_free(&bn_result);
mbedtls_mpi_free(&bn_rinv);
return ret;
}
#else /* USE_MBEDTLS_CRYPTO */
int
crypto_mod_exp(const u8 *base, size_t base_len,
const u8 *power, size_t power_len,
@ -54,3 +112,4 @@ error:
bignum_deinit(bn_result);
return ret;
}
#endif /* USE_MBEDTLS_CRYPTO */

64
components/wpa_supplicant/src/crypto/crypto_internal.c
View file

@ -5,12 +5,30 @@
* This software may be distributed under the terms of the BSD license.
* See README for more details.
*/
/*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Hardware crypto support Copyright 2017-2019 Espressif Systems (Shanghai) PTE LTD
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "utils/includes.h"
#include "utils/common.h"
#include "crypto/crypto.h"
#include "crypto/sha1_i.h"
#include "crypto/md5_i.h"
#ifdef USE_MBEDTLS_CRYPTO
#include "mbedtls/sha256.h"
#endif
struct crypto_hash {
enum crypto_hash_alg alg;
@ -18,7 +36,11 @@ struct crypto_hash {
struct MD5Context md5;
struct SHA1Context sha1;
#ifdef CONFIG_SHA256
#ifdef USE_MBEDTLS_CRYPTO
mbedtls_sha256_context sha256;
#else /* USE_MBEDTLS_CRYPTO */
struct sha256_state sha256;
#endif /* USE_MBEDTLS_CRYPTO */
#endif /* CONFIG_SHA256 */
} u;
u8 key[64];
@ -49,7 +71,12 @@ struct crypto_hash * crypto_hash_init(enum crypto_hash_alg alg, const u8 *key,
break;
#ifdef CONFIG_SHA256
case CRYPTO_HASH_ALG_SHA256:
#ifdef USE_MBEDTLS_CRYPTO
mbedtls_sha256_init(&ctx->u.sha256);
mbedtls_sha256_starts(&ctx->u.sha256, 0);
#else /* USE_MBEDTLS_CRYPTO */
sha256_init(&ctx->u.sha256);
#endif /* USE_MBEDTLS_CRYPTO */
break;
#endif /* CONFIG_SHA256 */
case CRYPTO_HASH_ALG_HMAC_MD5:
@ -93,9 +120,17 @@ struct crypto_hash * crypto_hash_init(enum crypto_hash_alg alg, const u8 *key,
#ifdef CONFIG_SHA256
case CRYPTO_HASH_ALG_HMAC_SHA256:
if (key_len > sizeof(k_pad)) {
#ifdef USE_MBEDTLS_CRYPTO
mbedtls_sha256_init(&ctx->u.sha256);
mbedtls_sha256_starts(&ctx->u.sha256, 0);
mbedtls_sha256_update(&ctx->u.sha256, key, key_len);
mbedtls_sha256_finish(&ctx->u.sha256, tk);
mbedtls_sha256_free(&ctx->u.sha256);
#else /* USE_MBEDTLS_CRYPTO */
sha256_init(&ctx->u.sha256);
sha256_process(&ctx->u.sha256, key, key_len);
sha256_done(&ctx->u.sha256, tk);
#endif /* USE_MBEDTLS_CRYPTO */
key = tk;
key_len = 32;
}
@ -107,8 +142,14 @@ struct crypto_hash * crypto_hash_init(enum crypto_hash_alg alg, const u8 *key,
os_memset(k_pad + key_len, 0, sizeof(k_pad) - key_len);
for (i = 0; i < sizeof(k_pad); i++)
k_pad[i] ^= 0x36;
#ifdef USE_MBEDTLS_CRYPTO
mbedtls_sha256_init(&ctx->u.sha256);
mbedtls_sha256_starts(&ctx->u.sha256, 0);
mbedtls_sha256_update(&ctx->u.sha256, k_pad, sizeof(k_pad));
#else /* USE_MBEDTLS_CRYPTO */
sha256_init(&ctx->u.sha256);
sha256_process(&ctx->u.sha256, k_pad, sizeof(k_pad));
#endif /* USE_MBEDTLS_CRYPTO */
break;
#endif /* CONFIG_SHA256 */
default:
@ -137,7 +178,11 @@ void crypto_hash_update(struct crypto_hash *ctx, const u8 *data, size_t len)
#ifdef CONFIG_SHA256
case CRYPTO_HASH_ALG_SHA256:
case CRYPTO_HASH_ALG_HMAC_SHA256:
#ifdef USE_MBEDTLS_CRYPTO
mbedtls_sha256_update(&ctx->u.sha256, data, len);
#else /* USE_MBEDTLS_CRYPTO */
sha256_process(&ctx->u.sha256, data, len);
#endif /* USE_MBEDTLS_CRYPTO */
break;
#endif /* CONFIG_SHA256 */
default:
@ -186,7 +231,12 @@ int crypto_hash_finish(struct crypto_hash *ctx, u8 *mac, size_t *len)
return -1;
}
*len = 32;
#ifdef USE_MBEDTLS_CRYPTO
mbedtls_sha256_finish(&ctx->u.sha256, mac);
mbedtls_sha256_free(&ctx->u.sha256);
#else /* USE_MBEDTLS_CRYPTO */
sha256_done(&ctx->u.sha256, mac);
#endif /* USE_MBEDTLS_CRYPTO */
break;
#endif /* CONFIG_SHA256 */
case CRYPTO_HASH_ALG_HMAC_MD5:
@ -238,17 +288,31 @@ int crypto_hash_finish(struct crypto_hash *ctx, u8 *mac, size_t *len)
}
*len = 32;
#ifdef USE_MBEDTLS_CRYPTO
mbedtls_sha256_finish(&ctx->u.sha256, mac);
mbedtls_sha256_free(&ctx->u.sha256);
#else /* USE_MBEDTLS_CRYPTO */
sha256_done(&ctx->u.sha256, mac);
#endif /* USE_MBEDTLS_CRYPTO */
os_memcpy(k_pad, ctx->key, ctx->key_len);
os_memset(k_pad + ctx->key_len, 0,
sizeof(k_pad) - ctx->key_len);
for (i = 0; i < sizeof(k_pad); i++)
k_pad[i] ^= 0x5c;
#ifdef USE_MBEDTLS_CRYPTO
mbedtls_sha256_init(&ctx->u.sha256);
mbedtls_sha256_starts(&ctx->u.sha256, 0);
mbedtls_sha256_update(&ctx->u.sha256, k_pad, sizeof(k_pad));
mbedtls_sha256_update(&ctx->u.sha256, mac, 32);
mbedtls_sha256_finish(&ctx->u.sha256, mac);
mbedtls_sha256_free(&ctx->u.sha256);
#else /* USE_MBEDTLS_CRYPTO */
sha256_init(&ctx->u.sha256);
sha256_process(&ctx->u.sha256, k_pad, sizeof(k_pad));
sha256_process(&ctx->u.sha256, mac, 32);
sha256_done(&ctx->u.sha256, mac);
#endif /* USE_MBEDTLS_CRYPTO */
break;
#endif /* CONFIG_SHA256 */
default:

4
components/wpa_supplicant/src/crypto/dh_groups.c
View file

@ -586,7 +586,7 @@ dh_init(const struct dh_group *dh, struct wpabuf **priv)
if (pv == NULL)
return NULL;
if (fast_crypto_mod_exp(dh->generator, dh->generator_len,
if (crypto_mod_exp(dh->generator, dh->generator_len,
wpabuf_head(*priv), wpabuf_len(*priv),
dh->prime, dh->prime_len, wpabuf_mhead(pv),
&pv_len)) {
@ -624,7 +624,7 @@ dh_derive_shared(const struct wpabuf *peer_public,
if (shared == NULL)
return NULL;
if (fast_crypto_mod_exp(wpabuf_head(peer_public), wpabuf_len(peer_public),
if (crypto_mod_exp(wpabuf_head(peer_public), wpabuf_len(peer_public),
wpabuf_head(own_private), wpabuf_len(own_private),
dh->prime, dh->prime_len,
wpabuf_mhead(shared), &shared_len)) {

62
components/wpa_supplicant/src/crypto/sha256-internal.c
View file

@ -11,12 +11,73 @@
*
* See README and COPYING for more details.
*/
/*
* Hardware crypto support Copyright 2017-2019 Espressif Systems (Shanghai) PTE LTD
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "utils/includes.h"
#include "utils/common.h"
#ifdef USE_MBEDTLS_CRYPTO
#include "mbedtls/sha256.h"
#else /* USE_MBEDTLS_CRYPTO */
#include "crypto/sha256.h"
#include "crypto/crypto.h"
#endif /* USE_MBEDTLS_CRYPTO */
#ifdef USE_MBEDTLS_CRYPTO
/**
* sha256_vector - SHA256 hash for data vector
* @num_elem: Number of elements in the data vector
* @addr: Pointers to the data areas
* @len: Lengths of the data blocks
* @mac: Buffer for the hash
* Returns: 0 on success, -1 of failure
*/
int
sha256_vector(size_t num_elem, const u8 *addr[], const size_t *len,
u8 *mac)
{
int ret = 0;
mbedtls_sha256_context ctx;
mbedtls_sha256_init(&ctx);
if (mbedtls_sha256_starts_ret(&ctx, 0) != 0) {
ret = -1;
goto out;
}
for(size_t index = 0; index < num_elem; index++) {
if (mbedtls_sha256_update_ret(&ctx, addr[index], len[index]) != 0) {
ret = -1;
goto out;
}
}
if (mbedtls_sha256_finish_ret(&ctx, mac) != 0) {
ret = -1;
goto out;
}
out:
mbedtls_sha256_free(&ctx);
return ret;
}
#else /* USE_MBEDTLS_CRYPTO */
#define SHA256_BLOCK_SIZE 64
@ -245,5 +306,6 @@ sha256_done(struct sha256_state *md, unsigned char *out)
return 0;
}
#endif /* USE_MBEDTLS_CRYPTO */
/* ===== end - public domain SHA256 implementation ===== */

15
components/wpa_supplicant/src/crypto/sha256.c
View file

@ -11,6 +11,21 @@
*
* See README and COPYING for more details.
*/
/*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Hardware crypto support Copyright 2017-2019 Espressif Systems (Shanghai) PTE LTD
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "utils/includes.h"

78
components/wpa_supplicant/src/fast_crypto/fast_aes-cbc.c
View file

@ -1,78 +0,0 @@
// Hardware crypto support Copyright 2017 Espressif Systems (Shanghai) PTE LTD
//
// Licensed under the Apache License, Version 2.0 (the "License");
#include "utils/includes.h"
#include "utils/common.h"
#include "crypto/aes.h"
#include "crypto/aes_wrap.h"
#include "mbedtls/aes.h"
/**
* fast_aes_128_cbc_encrypt - AES-128 CBC encryption
* @key: Encryption key
* @iv: Encryption IV for CBC mode (16 bytes)
* @data: Data to encrypt in-place
* @data_len: Length of data in bytes (must be divisible by 16)
* Returns: 0 on success, -1 on failure
*/
int
fast_aes_128_cbc_encrypt(const uint8_t *key, const uint8_t *iv, uint8_t *data, size_t data_len)
{
int ret = 0;
mbedtls_aes_context ctx;
uint8_t cbc[AES_BLOCK_SIZE];
mbedtls_aes_init(&ctx);
ret = mbedtls_aes_setkey_enc(&ctx, key, 128);
if(ret < 0) {
mbedtls_aes_free(&ctx);
return ret;
}
os_memcpy(cbc, iv, AES_BLOCK_SIZE);
ret = mbedtls_aes_crypt_cbc(&ctx, MBEDTLS_AES_ENCRYPT, data_len, cbc, data, data);
mbedtls_aes_free(&ctx);
return ret;
}
/**
* fast_aes_128_cbc_decrypt - AES-128 CBC decryption
* @key: Decryption key
* @iv: Decryption IV for CBC mode (16 bytes)
* @data: Data to decrypt in-place
* @data_len: Length of data in bytes (must be divisible by 16)
* Returns: 0 on success, -1 on failure
*/
int
fast_aes_128_cbc_decrypt(const uint8_t *key, const uint8_t *iv, uint8_t *data, size_t data_len)
{
int ret = 0;
mbedtls_aes_context ctx;
uint8_t cbc[AES_BLOCK_SIZE];
mbedtls_aes_init(&ctx);
ret = mbedtls_aes_setkey_dec(&ctx, key, 128);
if(ret < 0) {
mbedtls_aes_free(&ctx);
return ret;
}
os_memcpy(cbc, iv, AES_BLOCK_SIZE);
ret = mbedtls_aes_crypt_cbc(&ctx, MBEDTLS_AES_DECRYPT, data_len, cbc, data, data);
mbedtls_aes_free(&ctx);
return ret;
}

84
components/wpa_supplicant/src/fast_crypto/fast_aes-unwrap.c
View file

@ -1,84 +0,0 @@
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
// http://www.apache.org/licenses/LICENSE-2.0
//
// Hardware crypto support Copyright 2017 Espressif Systems (Shanghai) PTE LTD
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#include "utils/includes.h"
#include "utils/common.h"
#include "mbedtls/aes.h"
/**
* fast_aes_unwrap - Unwrap key with AES Key Wrap Algorithm (128-bit KEK) (RFC3394)
* @kek: Key encryption key (KEK)
* @n: Length of the plaintext key in 64-bit units; e.g., 2 = 128-bit = 16
* bytes
* @cipher: Wrapped key to be unwrapped, (n + 1) * 64 bits
* @plain: Plaintext key, n * 64 bits
* Returns: 0 on success, -1 on failure (e.g., integrity verification failed)
*/
int
fast_aes_unwrap(const uint8_t *kek, int n, const uint8_t *cipher, uint8_t *plain)
{
uint8_t a[8], *r, b[16];
int32_t i, j;
int32_t ret = 0;
mbedtls_aes_context ctx;
/* 1) Initialize variables. */
os_memcpy(a, cipher, 8);
r = plain;
os_memcpy(r, cipher + 8, 8 * n);
mbedtls_aes_init(&ctx);
ret = mbedtls_aes_setkey_dec(&ctx, kek, 128);
if (ret < 0) {
mbedtls_aes_free(&ctx);
return ret;
}
/* 2) Compute intermediate values.
* For j = 5 to 0
* For i = n to 1
* B = AES-1(K, (A ^ t) | R[i]) where t = n*j+i
* A = MSB(64, B)
* R[i] = LSB(64, B)
*/
for (j = 5; j >= 0; j--) {
r = plain + (n - 1) * 8;
for (i = n; i >= 1; i--) {
os_memcpy(b, a, 8);
b[7] ^= n * j + i;
os_memcpy(b + 8, r, 8);
ret = mbedtls_internal_aes_decrypt(&ctx, b, b);
if (ret != 0) {
break;
}
os_memcpy(a, b, 8);
os_memcpy(r, b + 8, 8);
r -= 8;
}
}
mbedtls_aes_free(&ctx);
/* 3) Output results.
*
* These are already in @plain due to the location of temporary
* variables. Just verify that the IV matches with the expected value.
*/
for (i = 0; i < 8; i++) {
if (a[i] != 0xa6) {
return -1;
}
}
return ret;
}

83
components/wpa_supplicant/src/fast_crypto/fast_aes-wrap.c
View file

@ -1,83 +0,0 @@
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
// http://www.apache.org/licenses/LICENSE-2.0
//
// Hardware crypto support Copyright 2017 Espressif Systems (Shanghai) PTE LTD
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#include "utils/includes.h"
#include "utils/common.h"
#include "crypto/aes.h"
#include "crypto/aes_wrap.h"
#include "mbedtls/aes.h"
/**
* fast_aes_wrap - Wrap keys with AES Key Wrap Algorithm (128-bit KEK) (RFC3394)
* @kek: 16-octet Key encryption key (KEK)
* @n: Length of the plaintext key in 64-bit units; e.g., 2 = 128-bit = 16
* bytes
* @plain: Plaintext key to be wrapped, n * 64 bits
* @cipher: Wrapped key, (n + 1) * 64 bits
* Returns: 0 on success, -1 on failure
*/
int fast_aes_wrap(const uint8_t *kek, int n, const uint8_t *plain, uint8_t *cipher)
{
uint8_t *a, *r, b[16];
int32_t i, j;
int32_t ret = 0;
mbedtls_aes_context ctx;
a = cipher;
r = cipher + 8;
/* 1) Initialize variables. */
os_memset(a, 0xa6, 8);
os_memcpy(r, plain, 8 * n);
mbedtls_aes_init(&ctx);
ret = mbedtls_aes_setkey_enc(&ctx, kek, 128);
if (ret < 0) {
mbedtls_aes_free(&ctx);
return ret;
}
/* 2) Calculate intermediate values.
* For j = 0 to 5
* For i=1 to n
* B = AES(K, A | R[i])
* A = MSB(64, B) ^ t where t = (n*j)+i
* R[i] = LSB(64, B)
*/
for (j = 0; j <= 5; j++) {
r = cipher + 8;
for (i = 1; i <= n; i++) {
os_memcpy(b, a, 8);
os_memcpy(b + 8, r, 8);
ret = mbedtls_internal_aes_encrypt(&ctx, b, b);
if (ret != 0) {
break;
}
os_memcpy(a, b, 8);
a[7] ^= n * j + i;
os_memcpy(r, b + 8, 8);
r += 8;
}
}
mbedtls_aes_free(&ctx);
/* 3) Output the results.
*
* These are already in @cipher due to the location of temporary
* variables.
*/
return ret;
}

287
components/wpa_supplicant/src/fast_crypto/fast_crypto_internal-cipher.c
View file

@ -1,287 +0,0 @@
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
// http://www.apache.org/licenses/LICENSE-2.0
//
// Hardware crypto support Copyright 2017 Espressif Systems (Shanghai) PTE LTD
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//#include "utils/includes.h"
//#include "utils/common.h"
#include "utils/common.h"
#include "crypto/crypto.h"
#include "crypto/aes.h"
#if defined(CONFIG_DES) || defined(CONFIG_DES3)
#include "crypto/des_i.h"
#endif
#include "mbedtls/aes.h"
struct fast_crypto_cipher {
enum crypto_cipher_alg alg;
union {
struct {
size_t used_bytes;
uint8_t key[16];
size_t keylen;
} rc4;
struct {
uint8_t cbc[32];
mbedtls_aes_context ctx_enc;
mbedtls_aes_context ctx_dec;
} aes;
#ifdef CONFIG_DES3
struct {
struct des3_key_s key;
uint8_t cbc[8];
} des3;
#endif
#ifdef CONFIG_DES
struct {
uint32_t ek[32];
uint32_t dk[32];
uint32_t cbc[8];
} des;
#endif
} u;
};
struct crypto_cipher * fast_crypto_cipher_init(enum crypto_cipher_alg alg,
const uint8_t *iv, const uint8_t *key,
size_t key_len)
{
struct fast_crypto_cipher *ctx;
ctx = (struct fast_crypto_cipher *)os_zalloc(sizeof(*ctx));
if (ctx == NULL) {
return NULL;
}
ctx->alg = alg;
switch (alg) {
case CRYPTO_CIPHER_ALG_RC4:
if (key_len > sizeof(ctx->u.rc4.key)) {
os_free(ctx);
return NULL;
}
ctx->u.rc4.keylen = key_len;
os_memcpy(ctx->u.rc4.key, key, key_len);
break;
case CRYPTO_CIPHER_ALG_AES:
mbedtls_aes_init(&(ctx->u.aes.ctx_enc));
mbedtls_aes_setkey_enc(&(ctx->u.aes.ctx_enc), key, key_len * 8);
mbedtls_aes_init(&(ctx->u.aes.ctx_dec));
mbedtls_aes_setkey_dec(&(ctx->u.aes.ctx_dec), key, key_len * 8);
os_memcpy(ctx->u.aes.cbc, iv, AES_BLOCK_SIZE);
break;
#ifdef CONFIG_DES3
case CRYPTO_CIPHER_ALG_3DES:
if (key_len != 24) {
os_free(ctx);
return NULL;
}
des3_key_setup(key, &ctx->u.des3.key);
os_memcpy(ctx->u.des3.cbc, iv, 8);
break;
#endif
#ifdef CONFIG_DES
case CRYPTO_CIPHER_ALG_DES:
if (key_len != 8) {
os_free(ctx);
return NULL;
}
des_key_setup(key, ctx->u.des.ek, ctx->u.des.dk);
os_memcpy(ctx->u.des.cbc, iv, 8);
break;
#endif
default:
os_free(ctx);
return NULL;
}
return (struct crypto_cipher *)ctx;
}
int fast_crypto_cipher_encrypt(struct crypto_cipher *ctx, const uint8_t *plain,
uint8_t *crypt, size_t len)
{
size_t i, j, blocks;
struct fast_crypto_cipher *fast_ctx;
fast_ctx = (struct fast_crypto_cipher *)ctx;
switch (fast_ctx->alg) {
case CRYPTO_CIPHER_ALG_RC4:
if (plain != crypt) {
os_memcpy(crypt, plain, len);
}
rc4_skip(fast_ctx->u.rc4.key, fast_ctx->u.rc4.keylen,
fast_ctx->u.rc4.used_bytes, crypt, len);
fast_ctx->u.rc4.used_bytes += len;
break;
case CRYPTO_CIPHER_ALG_AES:
if (len % AES_BLOCK_SIZE) {
return -1;
}
blocks = len / AES_BLOCK_SIZE;
for (i = 0; i < blocks; i++) {
for (j = 0; j < AES_BLOCK_SIZE; j++)
fast_ctx->u.aes.cbc[j] ^= plain[j];
if (mbedtls_internal_aes_encrypt(&(fast_ctx->u.aes.ctx_enc), fast_ctx->u.aes.cbc, fast_ctx->u.aes.cbc) != 0) {
return -1;
}
os_memcpy(crypt, fast_ctx->u.aes.cbc, AES_BLOCK_SIZE);
plain += AES_BLOCK_SIZE;
crypt += AES_BLOCK_SIZE;
}
break;
#ifdef CONFIG_DES3
case CRYPTO_CIPHER_ALG_3DES:
if (len % 8) {
return -1;
}
blocks = len / 8;
for (i = 0; i < blocks; i++) {
for (j = 0; j < 8; j++)
fast_ctx->u.des3.cbc[j] ^= plain[j];
des3_encrypt(fast_ctx->u.des3.cbc, &fast_ctx->u.des3.key,
fast_ctx->u.des3.cbc);
os_memcpy(crypt, fast_ctx->u.des3.cbc, 8);
plain += 8;
crypt += 8;
}
break;
#endif
#ifdef CONFIG_DES
case CRYPTO_CIPHER_ALG_DES:
if (len % 8) {
return -1;
}
blocks = len / 8;
for (i = 0; i < blocks; i++) {
for (j = 0; j < 8; j++)
fast_ctx->u.des3.cbc[j] ^= plain[j];
des_block_encrypt(fast_ctx->u.des.cbc, fast_ctx->u.des.ek,
fast_ctx->u.des.cbc);
os_memcpy(crypt, fast_ctx->u.des.cbc, 8);
plain += 8;
crypt += 8;
}
break;
#endif
default:
return -1;
}
return 0;
}
int fast_crypto_cipher_decrypt(struct crypto_cipher *ctx, const uint8_t *crypt,
uint8_t *plain, size_t len)
{
size_t i, j, blocks;
uint8_t tmp[32];
struct fast_crypto_cipher *fast_ctx;
fast_ctx = (struct fast_crypto_cipher *)ctx;
switch (fast_ctx->alg) {
case CRYPTO_CIPHER_ALG_RC4:
if (plain != crypt) {
os_memcpy(plain, crypt, len);
}
rc4_skip(fast_ctx->u.rc4.key, fast_ctx->u.rc4.keylen,
fast_ctx->u.rc4.used_bytes, plain, len);
fast_ctx->u.rc4.used_bytes += len;
break;
case CRYPTO_CIPHER_ALG_AES:
if (len % AES_BLOCK_SIZE) {
return -1;
}
blocks = len / AES_BLOCK_SIZE;
for (i = 0; i < blocks; i++) {
os_memcpy(tmp, crypt, AES_BLOCK_SIZE);
if (mbedtls_internal_aes_decrypt(&(fast_ctx->u.aes.ctx_dec), crypt, plain) != 0) {
return -1;
}
for (j = 0; j < AES_BLOCK_SIZE; j++)
plain[j] ^= fast_ctx->u.aes.cbc[j];
os_memcpy(fast_ctx->u.aes.cbc, tmp, AES_BLOCK_SIZE);
plain += AES_BLOCK_SIZE;
crypt += AES_BLOCK_SIZE;
}
break;
#ifdef CONFIG_DES3
case CRYPTO_CIPHER_ALG_3DES:
if (len % 8) {
return -1;
}
blocks = len / 8;
for (i = 0; i < blocks; i++) {
os_memcpy(tmp, crypt, 8);
des3_decrypt(crypt, &fast_ctx->u.des3.key, plain);
for (j = 0; j < 8; j++) {
plain[j] ^= fast_ctx->u.des3.cbc[j];
}
os_memcpy(fast_ctx->u.des3.cbc, tmp, 8);
plain += 8;
crypt += 8;
}
break;
#endif
#ifdef CONFIG_DES
case CRYPTO_CIPHER_ALG_DES:
if (len % 8) {
return -1;
}
blocks = len / 8;
for (i = 0; i < blocks; i++) {
os_memcpy(tmp, crypt, 8);
des_block_decrypt(crypt, fast_ctx->u.des.dk, plain);
for (j = 0; j < 8; j++) {
plain[j] ^= fast_ctx->u.des.cbc[j];
}
os_memcpy(fast_ctx->u.des.cbc, tmp, 8);
plain += 8;
crypt += 8;
}
break;
#endif
default:
return -1;
}
return 0;
}
void fast_crypto_cipher_deinit(struct crypto_cipher *ctx)
{
struct fast_crypto_cipher *fast_ctx;
fast_ctx = (struct fast_crypto_cipher *)ctx;
switch (fast_ctx->alg) {
case CRYPTO_CIPHER_ALG_AES:
mbedtls_aes_free(&(fast_ctx->u.aes.ctx_enc));
mbedtls_aes_free(&(fast_ctx->u.aes.ctx_dec));
break;
#ifdef CONFIG_DES3
case CRYPTO_CIPHER_ALG_3DES:
break;
#endif
default:
break;
}
os_free(ctx);
}

59
components/wpa_supplicant/src/fast_crypto/fast_crypto_internal-modexp.c
View file

@ -1,59 +0,0 @@
// Hardware crypto support Copyright 2017 Espressif Systems (Shanghai) PTE LTD
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#include "utils/includes.h"
#include "utils/common.h"
#include "crypto/crypto.h"
#include "mbedtls/bignum.h"
int
fast_crypto_mod_exp(const uint8_t *base, size_t base_len,
const uint8_t *power, size_t power_len,
const uint8_t *modulus, size_t modulus_len,
uint8_t *result, size_t *result_len)
{
mbedtls_mpi bn_base, bn_exp, bn_modulus, bn_result, bn_rinv;
int32_t ret = 0;
mbedtls_mpi_init(&bn_base);
mbedtls_mpi_init(&bn_exp);
mbedtls_mpi_init(&bn_modulus);
mbedtls_mpi_init(&bn_result);
mbedtls_mpi_init(&bn_rinv);
mbedtls_mpi_read_binary(&bn_base, base, base_len);
mbedtls_mpi_read_binary(&bn_exp, power, power_len);
mbedtls_mpi_read_binary(&bn_modulus, modulus, modulus_len);
ret = mbedtls_mpi_exp_mod(&bn_result, &bn_base, &bn_exp, &bn_modulus, &bn_rinv);
if (ret < 0) {
mbedtls_mpi_free(&bn_base);
mbedtls_mpi_free(&bn_exp);
mbedtls_mpi_free(&bn_modulus);
mbedtls_mpi_free(&bn_result);
mbedtls_mpi_free(&bn_rinv);
return ret;
}
ret = mbedtls_mpi_write_binary(&bn_result, result, *result_len);
mbedtls_mpi_free(&bn_base);
mbedtls_mpi_free(&bn_exp);
mbedtls_mpi_free(&bn_modulus);
mbedtls_mpi_free(&bn_result);
mbedtls_mpi_free(&bn_rinv);
return ret;
}

278
components/wpa_supplicant/src/fast_crypto/fast_crypto_internal.c
View file

@ -1,278 +0,0 @@
/*
* Crypto wrapper for internal crypto implementation
* Copyright (c) 2006-2011, Jouni Malinen <j@w1.fi>
*
* Hardware crypto support Copyright 2017 Espressif Systems (Shanghai) PTE LTD
*
* This software may be distributed under the terms of the BSD license.
* See README for more details.
*/
#include "utils/includes.h"
#include "utils/common.h"
#include "crypto/crypto.h"
#include "crypto/sha1_i.h"
#include "crypto/md5_i.h"
#include "mbedtls/sha256.h"
struct fast_crypto_hash {
enum crypto_hash_alg alg;
union {
struct MD5Context md5;
struct SHA1Context sha1;
#ifdef CONFIG_SHA256
mbedtls_sha256_context sha256;
#endif /* CONFIG_SHA256 */
} u;
u8 key[64];
size_t key_len;
};
struct crypto_hash * fast_crypto_hash_init(enum crypto_hash_alg alg, const u8 *key,
size_t key_len)
{
struct fast_crypto_hash *ctx;
u8 k_pad[64];
u8 tk[32];
size_t i;
ctx = (struct fast_crypto_hash *)os_zalloc(sizeof(*ctx));
if (ctx == NULL)
return NULL;
ctx->alg = alg;
switch (alg) {
case CRYPTO_HASH_ALG_MD5:
MD5Init(&ctx->u.md5);
break;
case CRYPTO_HASH_ALG_SHA1:
SHA1Init(&ctx->u.sha1);
break;
#ifdef CONFIG_SHA256
case CRYPTO_HASH_ALG_SHA256:
mbedtls_sha256_init(&ctx->u.sha256);
mbedtls_sha256_starts(&ctx->u.sha256, 0);
break;
#endif /* CONFIG_SHA256 */
case CRYPTO_HASH_ALG_HMAC_MD5:
if (key_len > sizeof(k_pad)) {
MD5Init(&ctx->u.md5);
MD5Update(&ctx->u.md5, key, key_len);
MD5Final(tk, &ctx->u.md5);
key = tk;
key_len = 16;
}
os_memcpy(ctx->key, key, key_len);
ctx->key_len = key_len;
os_memcpy(k_pad, key, key_len);
if (key_len < sizeof(k_pad))
os_memset(k_pad + key_len, 0, sizeof(k_pad) - key_len);
for (i = 0; i < sizeof(k_pad); i++)
k_pad[i] ^= 0x36;
MD5Init(&ctx->u.md5);
MD5Update(&ctx->u.md5, k_pad, sizeof(k_pad));
break;
case CRYPTO_HASH_ALG_HMAC_SHA1:
if (key_len > sizeof(k_pad)) {
SHA1Init(&ctx->u.sha1);
SHA1Update(&ctx->u.sha1, key, key_len);
SHA1Final(tk, &ctx->u.sha1);
key = tk;
key_len = 20;
}
os_memcpy(ctx->key, key, key_len);
ctx->key_len = key_len;
os_memcpy(k_pad, key, key_len);
if (key_len < sizeof(k_pad))
os_memset(k_pad + key_len, 0, sizeof(k_pad) - key_len);
for (i = 0; i < sizeof(k_pad); i++)
k_pad[i] ^= 0x36;
SHA1Init(&ctx->u.sha1);
SHA1Update(&ctx->u.sha1, k_pad, sizeof(k_pad));
break;
#ifdef CONFIG_SHA256
case CRYPTO_HASH_ALG_HMAC_SHA256:
if (key_len > sizeof(k_pad)) {
mbedtls_sha256_init(&ctx->u.sha256);
mbedtls_sha256_starts(&ctx->u.sha256, 0);
mbedtls_sha256_update(&ctx->u.sha256, key, key_len);
mbedtls_sha256_finish(&ctx->u.sha256, tk);
mbedtls_sha256_free(&ctx->u.sha256);
key = tk;
key_len = 32;
}
os_memcpy(ctx->key, key, key_len);
ctx->key_len = key_len;
os_memcpy(k_pad, key, key_len);
if (key_len < sizeof(k_pad))
os_memset(k_pad + key_len, 0, sizeof(k_pad) - key_len);
for (i = 0; i < sizeof(k_pad); i++)
k_pad[i] ^= 0x36;
mbedtls_sha256_init(&ctx->u.sha256);
mbedtls_sha256_starts(&ctx->u.sha256, 0);
mbedtls_sha256_update(&ctx->u.sha256, k_pad, sizeof(k_pad));
break;
#endif /* CONFIG_SHA256 */
default:
os_free(ctx);
return NULL;
}
return (struct crypto_hash *)ctx;
}
void fast_crypto_hash_update(struct crypto_hash *ctx, const u8 *data, size_t len)
{
struct fast_crypto_hash *fast_ctx;
fast_ctx = (struct fast_crypto_hash *)ctx;
if (fast_ctx == NULL)
return;
switch (fast_ctx->alg) {
case CRYPTO_HASH_ALG_MD5:
case CRYPTO_HASH_ALG_HMAC_MD5:
MD5Update(&fast_ctx->u.md5, data, len);
break;
case CRYPTO_HASH_ALG_SHA1:
case CRYPTO_HASH_ALG_HMAC_SHA1:
SHA1Update(&fast_ctx->u.sha1, data, len);
break;
#ifdef CONFIG_SHA256
case CRYPTO_HASH_ALG_SHA256:
case CRYPTO_HASH_ALG_HMAC_SHA256:
mbedtls_sha256_update(&fast_ctx->u.sha256, data, len);
break;
#endif /* CONFIG_SHA256 */
default:
break;
}
}
int fast_crypto_hash_finish(struct crypto_hash *ctx, u8 *mac, size_t *len)
{
u8 k_pad[64];
size_t i;
struct fast_crypto_hash *fast_ctx;
if (ctx == NULL)
return -2;
fast_ctx = (struct fast_crypto_hash *)ctx;
if (mac == NULL || len == NULL) {
os_free(fast_ctx);
return 0;
}
switch (fast_ctx->alg) {
case CRYPTO_HASH_ALG_MD5:
if (*len < 16) {
*len = 16;
os_free(fast_ctx);
return -1;
}
*len = 16;
MD5Final(mac, &fast_ctx->u.md5);
break;
case CRYPTO_HASH_ALG_SHA1:
if (*len < 20) {
*len = 20;
os_free(fast_ctx);
return -1;
}
*len = 20;
SHA1Final(mac, &fast_ctx->u.sha1);
break;
#ifdef CONFIG_SHA256
case CRYPTO_HASH_ALG_SHA256:
if (*len < 32) {
*len = 32;
os_free(fast_ctx);
return -1;
}
*len = 32;
mbedtls_sha256_finish(&fast_ctx->u.sha256, mac);
mbedtls_sha256_free(&fast_ctx->u.sha256);
break;
#endif /* CONFIG_SHA256 */
case CRYPTO_HASH_ALG_HMAC_MD5:
if (*len < 16) {
*len = 16;
os_free(fast_ctx);
return -1;
}
*len = 16;
MD5Final(mac, &fast_ctx->u.md5);
os_memcpy(k_pad, fast_ctx->key, fast_ctx->key_len);
os_memset(k_pad + fast_ctx->key_len, 0,
sizeof(k_pad) - fast_ctx->key_len);
for (i = 0; i < sizeof(k_pad); i++)
k_pad[i] ^= 0x5c;
MD5Init(&fast_ctx->u.md5);
MD5Update(&fast_ctx->u.md5, k_pad, sizeof(k_pad));
MD5Update(&fast_ctx->u.md5, mac, 16);
MD5Final(mac, &fast_ctx->u.md5);
break;
case CRYPTO_HASH_ALG_HMAC_SHA1:
if (*len < 20) {
*len = 20;
os_free(ctx);
return -1;
}
*len = 20;
SHA1Final(mac, &fast_ctx->u.sha1);
os_memcpy(k_pad, fast_ctx->key, fast_ctx->key_len);
os_memset(k_pad + fast_ctx->key_len, 0,
sizeof(k_pad) - fast_ctx->key_len);
for (i = 0; i < sizeof(k_pad); i++)
k_pad[i] ^= 0x5c;
SHA1Init(&fast_ctx->u.sha1);
SHA1Update(&fast_ctx->u.sha1, k_pad, sizeof(k_pad));
SHA1Update(&fast_ctx->u.sha1, mac, 20);
SHA1Final(mac, &fast_ctx->u.sha1);
break;
#ifdef CONFIG_SHA256
case CRYPTO_HASH_ALG_HMAC_SHA256:
if (*len < 32) {
*len = 32;
os_free(fast_ctx);
return -1;
}
*len = 32;
mbedtls_sha256_finish(&fast_ctx->u.sha256, mac);
mbedtls_sha256_free(&fast_ctx->u.sha256);
os_memcpy(k_pad, fast_ctx->key, fast_ctx->key_len);
os_memset(k_pad + fast_ctx->key_len, 0,
sizeof(k_pad) - fast_ctx->key_len);
for (i = 0; i < sizeof(k_pad); i++)
k_pad[i] ^= 0x5c;
mbedtls_sha256_init(&fast_ctx->u.sha256);
mbedtls_sha256_starts(&fast_ctx->u.sha256, 0);
mbedtls_sha256_update(&fast_ctx->u.sha256, k_pad, sizeof(k_pad));
mbedtls_sha256_update(&fast_ctx->u.sha256, mac, 32);
mbedtls_sha256_finish(&fast_ctx->u.sha256, mac);
mbedtls_sha256_free(&fast_ctx->u.sha256);
break;
#endif /* CONFIG_SHA256 */
default:
os_free(fast_ctx);
return -1;
}
os_free(fast_ctx);
return 0;
}

58
components/wpa_supplicant/src/fast_crypto/fast_sha256-internal.c
View file

@ -1,58 +0,0 @@
// Hardware crypto support Copyright 2017 Espressif Systems (Shanghai) PTE LTD
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#include "utils/includes.h"
#include "utils/common.h"
#include "mbedtls/sha256.h"
/**
* fast_sha256_vector - SHA256 hash for data vector
* @num_elem: Number of elements in the data vector
* @addr: Pointers to the data areas
* @len: Lengths of the data blocks
* @mac: Buffer for the hash
* Returns: 0 on success, -1 of failure
*/
int
fast_sha256_vector(size_t num_elem, const uint8_t *addr[], const size_t *len,
uint8_t *mac)
{
int ret = 0;
mbedtls_sha256_context ctx;
mbedtls_sha256_init(&ctx);
if (mbedtls_sha256_starts_ret(&ctx, 0) != 0) {
ret = -1;
goto out;
}
for(size_t index = 0; index < num_elem; index++) {
if (mbedtls_sha256_update_ret(&ctx, addr[index], len[index]) != 0) {
ret = -1;
goto out;
}
}
if (mbedtls_sha256_finish_ret(&ctx, mac) != 0) {
ret = -1;
goto out;
}
out:
mbedtls_sha256_free(&ctx);
return ret;
}

165
components/wpa_supplicant/src/fast_crypto/fast_sha256.c
View file

@ -1,165 +0,0 @@
/*
* SHA-256 hash implementation and interface functions
* Copyright (c) 2003-2007, Jouni Malinen <j@w1.fi>
*
* Hardware crypto support Copyright 2017 Espressif Systems (Shanghai) PTE LTD
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation.
*
* Alternatively, this software may be distributed under the terms of BSD
* license.
*
* See README and COPYING for more details.
*/
#include "utils/includes.h"
#include "utils/common.h"
#include "crypto/sha256.h"
#include "crypto/crypto.h"
/**
* fast_hmac_sha256_vector - HMAC-SHA256 over data vector (RFC 2104)
* @key: Key for HMAC operations
* @key_len: Length of the key in bytes
* @num_elem: Number of elements in the data vector
* @addr: Pointers to the data areas
* @len: Lengths of the data blocks
* @mac: Buffer for the hash (32 bytes)
*/
void
fast_hmac_sha256_vector(const uint8_t *key, size_t key_len, size_t num_elem,
const uint8_t *addr[], const size_t *len, uint8_t *mac)
{
uint8_t k_pad[64]; /* padding - key XORd with ipad/opad */
uint8_t tk[32];
const uint8_t *_addr[6];
size_t _len[6], i;
if (num_elem > 5) {
/*
* Fixed limit on the number of fragments to avoid having to
* allocate memory (which could fail).
*/
return;
}
/* if key is longer than 64 bytes reset it to key = SHA256(key) */
if (key_len > 64) {
fast_sha256_vector(1, &key, &key_len, tk);
key = tk;
key_len = 32;
}
/* the HMAC_SHA256 transform looks like:
*
* SHA256(K XOR opad, SHA256(K XOR ipad, text))
*
* where K is an n byte key
* ipad is the byte 0x36 repeated 64 times
* opad is the byte 0x5c repeated 64 times
* and text is the data being protected
*/
/* start out by storing key in ipad */
os_memset(k_pad, 0, sizeof(k_pad));
os_memcpy(k_pad, key, key_len);
/* XOR key with ipad values */
for (i = 0; i < 64; i++) {
k_pad[i] ^= 0x36;
}
/* perform inner SHA256 */
_addr[0] = k_pad;
_len[0] = 64;
for (i = 0; i < num_elem; i++) {
_addr[i + 1] = addr[i];
_len[i + 1] = len[i];
}
fast_sha256_vector(1 + num_elem, _addr, _len, mac);
os_memset(k_pad, 0, sizeof(k_pad));
os_memcpy(k_pad, key, key_len);
/* XOR key with opad values */
for (i = 0; i < 64; i++) {
k_pad[i] ^= 0x5c;
}
/* perform outer SHA256 */
_addr[0] = k_pad;
_len[0] = 64;
_addr[1] = mac;
_len[1] = SHA256_MAC_LEN;
fast_sha256_vector(2, _addr, _len, mac);
}
/**
* fast_hmac_sha256 - HMAC-SHA256 over data buffer (RFC 2104)
* @key: Key for HMAC operations
* @key_len: Length of the key in bytes
* @data: Pointers to the data area
* @data_len: Length of the data area
* @mac: Buffer for the hash (20 bytes)
*/
void
fast_hmac_sha256(const uint8_t *key, size_t key_len, const uint8_t *data,
size_t data_len, uint8_t *mac)
{
fast_hmac_sha256_vector(key, key_len, 1, &data, &data_len, mac);
}
/**
* fast_sha256_prf - SHA256-based Pseudo-Random Function (IEEE 802.11r, 8.5.1.5.2)
* @key: Key for PRF
* @key_len: Length of the key in bytes
* @label: A unique label for each purpose of the PRF
* @data: Extra data to bind into the key
* @data_len: Length of the data
* @buf: Buffer for the generated pseudo-random key
* @buf_len: Number of bytes of key to generate
*
* This function is used to derive new, cryptographically separate keys from a
* given key.
*/
void
fast_sha256_prf(const uint8_t *key, size_t key_len, const char *label,
const uint8_t *data, size_t data_len, uint8_t *buf, size_t buf_len)
{
uint16_t counter = 1;
size_t pos, plen;
uint8_t hash[SHA256_MAC_LEN];
const uint8_t *addr[4];
size_t len[4];
uint8_t counter_le[2], length_le[2];
addr[0] = counter_le;
len[0] = 2;
addr[1] = (uint8_t *) label;
len[1] = os_strlen(label);
addr[2] = data;
len[2] = data_len;
addr[3] = length_le;
len[3] = sizeof(length_le);
WPA_PUT_LE16(length_le, buf_len * 8);
pos = 0;
while (pos < buf_len) {
plen = buf_len - pos;
WPA_PUT_LE16(counter_le, counter);
if (plen >= SHA256_MAC_LEN) {
fast_hmac_sha256_vector(key, key_len, 4, addr, len,
&buf[pos]);
pos += SHA256_MAC_LEN;
} else {
fast_hmac_sha256_vector(key, key_len, 4, addr, len, hash);
os_memcpy(&buf[pos], hash, plen);
break;
}
counter++;
}
}

4
components/wpa_supplicant/src/rsn_supp/wpa.c
View file

@ -1179,7 +1179,7 @@ failed:
#endif
return -1;
}
if (fast_aes_unwrap(sm->ptk.kek, maxkeylen / 8,
if (aes_unwrap(sm->ptk.kek, maxkeylen / 8,
(const u8 *) (key + 1), gd->gtk)) {
#ifdef DEBUG_PRINT
wpa_printf(MSG_DEBUG, "WPA: AES unwrap "
@ -1424,7 +1424,7 @@ failed:
return -1;
}
*/
if (fast_aes_unwrap(sm->ptk.kek, keydatalen / 8,
if (aes_unwrap(sm->ptk.kek, keydatalen / 8,
(u8 *) (key + 1), buf)) {
#ifdef DEBUG_PRINT
wpa_printf(MSG_DEBUG, "WPA: AES unwrap failed - "

12
components/wpa_supplicant/src/tls/pkcs5.c
View file

@ -165,7 +165,7 @@ static struct crypto_cipher * pkcs5_crypto_init(struct pkcs5_params *params,
wpa_hexdump_key(MSG_DEBUG, "PKCS #5: DES key", hash, 8);
wpa_hexdump_key(MSG_DEBUG, "PKCS #5: DES IV", hash + 8, 8);
return fast_crypto_cipher_init(CRYPTO_CIPHER_ALG_DES, hash + 8, hash, 8);
return crypto_cipher_init(CRYPTO_CIPHER_ALG_DES, hash + 8, hash, 8);
}
@ -194,24 +194,24 @@ u8 * pkcs5_decrypt(const u8 *enc_alg, size_t enc_alg_len,
if (enc_data_len < 16 || enc_data_len % 8) {
wpa_printf(MSG_INFO, "PKCS #5: invalid length of ciphertext "
"%d", (int) enc_data_len);
fast_crypto_cipher_deinit(ctx);
crypto_cipher_deinit(ctx);
return NULL;
}
eb = os_malloc(enc_data_len);
if (eb == NULL) {
fast_crypto_cipher_deinit(ctx);
crypto_cipher_deinit(ctx);
return NULL;
}
if ((int)fast_crypto_cipher_decrypt(ctx, enc_data, eb, enc_data_len) < 0) {
if ((int)crypto_cipher_decrypt(ctx, enc_data, eb, enc_data_len) < 0) {
wpa_printf(MSG_DEBUG, "PKCS #5: Failed to decrypt EB");
fast_crypto_cipher_deinit(ctx);
crypto_cipher_deinit(ctx);
os_free(eb);
return NULL;
}
fast_crypto_cipher_deinit(ctx);
crypto_cipher_deinit(ctx);
pad = eb[enc_data_len - 1];
if (pad > 8) {

2
components/wpa_supplicant/src/tls/tlsv1_client_read.c
View file

@ -816,7 +816,7 @@ static int tls_process_server_finished(struct tlsv1_client *conn, u8 ct,
if (conn->rl.tls_version >= TLS_VERSION_1_2) {
hlen = SHA256_MAC_LEN;
if (conn->verify.sha256_server == NULL ||
fast_crypto_hash_finish(conn->verify.sha256_server, hash, &hlen) < 0) {
crypto_hash_finish(conn->verify.sha256_server, hash, &hlen) < 0) {
tls_alert(conn, TLS_ALERT_LEVEL_FATAL, TLS_ALERT_INTERNAL_ERROR);
conn->verify.sha256_server = NULL;
return -1;

4
components/wpa_supplicant/src/tls/tlsv1_client_write.c
View file

@ -476,7 +476,7 @@ static int tls_write_client_certificate_verify(struct tlsv1_client *conn,
if (conn->rl.tls_version == TLS_VERSION_1_2) {
hlen = SHA256_MAC_LEN;
if (conn->verify.sha256_cert == NULL ||
fast_crypto_hash_finish(conn->verify.sha256_cert, hpos, &hlen) <
crypto_hash_finish(conn->verify.sha256_cert, hpos, &hlen) <
0) {
conn->verify.sha256_cert = NULL;
tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
@ -654,7 +654,7 @@ static int tls_write_client_finished(struct tlsv1_client *conn,
if (conn->rl.tls_version >= TLS_VERSION_1_2) {
hlen = SHA256_MAC_LEN;
if (conn->verify.sha256_client == NULL ||
fast_crypto_hash_finish(conn->verify.sha256_client, hash, &hlen)
crypto_hash_finish(conn->verify.sha256_client, hash, &hlen)
< 0) {
tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
TLS_ALERT_INTERNAL_ERROR);

18
components/wpa_supplicant/src/tls/tlsv1_common.c
View file

@ -221,9 +221,9 @@ int tls_verify_hash_init(struct tls_verify_hash *verify)
return -1;
}
#ifdef CONFIG_TLSV12
verify->sha256_client = fast_crypto_hash_init(CRYPTO_HASH_ALG_SHA256, NULL, 0);
verify->sha256_server = fast_crypto_hash_init(CRYPTO_HASH_ALG_SHA256, NULL, 0);
verify->sha256_cert = fast_crypto_hash_init(CRYPTO_HASH_ALG_SHA256, NULL, 0);
verify->sha256_client = crypto_hash_init(CRYPTO_HASH_ALG_SHA256, NULL, 0);
verify->sha256_server = crypto_hash_init(CRYPTO_HASH_ALG_SHA256, NULL, 0);
verify->sha256_cert = crypto_hash_init(CRYPTO_HASH_ALG_SHA256, NULL, 0);
if (verify->sha256_client == NULL ||
verify->sha256_server == NULL ||
@ -253,11 +253,11 @@ void tls_verify_hash_add(struct tls_verify_hash *verify, const u8 *buf,
}
#ifdef CONFIG_TLSV12
if (verify->sha256_client)
fast_crypto_hash_update(verify->sha256_client, buf, len);
crypto_hash_update(verify->sha256_client, buf, len);
if (verify->sha256_server)
fast_crypto_hash_update(verify->sha256_server, buf, len);
crypto_hash_update(verify->sha256_server, buf, len);
if (verify->sha256_cert)
fast_crypto_hash_update(verify->sha256_cert, buf, len);
crypto_hash_update(verify->sha256_cert, buf, len);
#endif /* CONFIG_TLSV12 */
}
@ -277,9 +277,9 @@ void tls_verify_hash_free(struct tls_verify_hash *verify)
verify->sha1_server = NULL;
verify->sha1_cert = NULL;
#ifdef CONFIG_TLSV12
fast_crypto_hash_finish(verify->sha256_client, NULL, NULL);
fast_crypto_hash_finish(verify->sha256_server, NULL, NULL);
fast_crypto_hash_finish(verify->sha256_cert, NULL, NULL);
crypto_hash_finish(verify->sha256_client, NULL, NULL);
crypto_hash_finish(verify->sha256_server, NULL, NULL);
crypto_hash_finish(verify->sha256_cert, NULL, NULL);
verify->sha256_client = NULL;
verify->sha256_server = NULL;
verify->sha256_cert = NULL;

36
components/wpa_supplicant/src/tls/tlsv1_record.c
View file

@ -81,12 +81,12 @@ int tlsv1_record_change_write_cipher(struct tlsv1_record_layer *rl)
os_memset(rl->write_seq_num, 0, TLS_SEQ_NUM_LEN);
if (rl->write_cbc) {
fast_crypto_cipher_deinit(rl->write_cbc);
crypto_cipher_deinit(rl->write_cbc);
rl->write_cbc = NULL;
}
if (rl->cipher_alg != CRYPTO_CIPHER_NULL) {
rl->write_cbc = fast_crypto_cipher_init(rl->cipher_alg,
rl->write_cbc = crypto_cipher_init(rl->cipher_alg,
rl->write_iv, rl->write_key,
rl->key_material_len);
@ -117,12 +117,12 @@ int tlsv1_record_change_read_cipher(struct tlsv1_record_layer *rl)
os_memset(rl->read_seq_num, 0, TLS_SEQ_NUM_LEN);
if (rl->read_cbc) {
fast_crypto_cipher_deinit(rl->read_cbc);
crypto_cipher_deinit(rl->read_cbc);
rl->read_cbc = NULL;
}
if (rl->cipher_alg != CRYPTO_CIPHER_NULL) {
rl->read_cbc = fast_crypto_cipher_init(rl->cipher_alg,
rl->read_cbc = crypto_cipher_init(rl->cipher_alg,
rl->read_iv, rl->read_key,
rl->key_material_len);
if (rl->read_cbc == NULL) {
@ -208,26 +208,26 @@ int tlsv1_record_send(struct tlsv1_record_layer *rl, u8 content_type, u8 *buf,
* TLSCompressed.version + TLSCompressed.length +
* TLSCompressed.fragment
*/
hmac = fast_crypto_hash_init(rl->hash_alg, rl->write_mac_secret, rl->hash_size);
hmac = crypto_hash_init(rl->hash_alg, rl->write_mac_secret, rl->hash_size);
if (hmac == NULL) {
wpa_printf(MSG_DEBUG, "TLSv1: Record Layer - Failed "
"to initialize HMAC");
return -1;
}
fast_crypto_hash_update(hmac, rl->write_seq_num, TLS_SEQ_NUM_LEN);
crypto_hash_update(hmac, rl->write_seq_num, TLS_SEQ_NUM_LEN);
/* type + version + length + fragment */
fast_crypto_hash_update(hmac, ct_start, TLS_RECORD_HEADER_LEN);
fast_crypto_hash_update(hmac, payload, payload_len);
crypto_hash_update(hmac, ct_start, TLS_RECORD_HEADER_LEN);
crypto_hash_update(hmac, payload, payload_len);
clen = buf + buf_size - pos;
if (clen < rl->hash_size) {
wpa_printf(MSG_DEBUG, "TLSv1: Record Layer - Not "
"enough room for MAC");
fast_crypto_hash_finish(hmac, NULL, NULL);
crypto_hash_finish(hmac, NULL, NULL);
return -1;
}
if ((int)fast_crypto_hash_finish(hmac, pos, &clen) < 0) {
if ((int)crypto_hash_finish(hmac, pos, &clen) < 0) {
wpa_printf(MSG_DEBUG, "TLSv1: Record Layer - Failed to calculate HMAC");
return -1;
}
@ -250,7 +250,7 @@ int tlsv1_record_send(struct tlsv1_record_layer *rl, u8 content_type, u8 *buf,
pos += pad + 1;
}
if ((int)fast_crypto_cipher_encrypt(rl->write_cbc, cpayload,
if ((int)crypto_cipher_encrypt(rl->write_cbc, cpayload,
cpayload, pos - cpayload) < 0)
return -1;
}
@ -358,7 +358,7 @@ int tlsv1_record_receive(struct tlsv1_record_layer *rl,
if (rl->read_cipher_suite != TLS_NULL_WITH_NULL_NULL) {
size_t plen;
if ((int)fast_crypto_cipher_decrypt(rl->read_cbc, in_data,
if ((int)crypto_cipher_decrypt(rl->read_cbc, in_data,
out_data, in_len) < 0) {
*alert = TLS_ALERT_DECRYPTION_FAILED;
return -1;
@ -438,7 +438,7 @@ int tlsv1_record_receive(struct tlsv1_record_layer *rl,
plen -= rl->hash_size;
hmac = fast_crypto_hash_init(rl->hash_alg, rl->read_mac_secret, rl->hash_size);
hmac = crypto_hash_init(rl->hash_alg, rl->read_mac_secret, rl->hash_size);
if (hmac == NULL) {
wpa_printf(MSG_DEBUG, "TLSv1: Record Layer - Failed "
@ -447,15 +447,15 @@ int tlsv1_record_receive(struct tlsv1_record_layer *rl,
return -1;
}
fast_crypto_hash_update(hmac, rl->read_seq_num, TLS_SEQ_NUM_LEN);
crypto_hash_update(hmac, rl->read_seq_num, TLS_SEQ_NUM_LEN);
/* type + version + length + fragment */
fast_crypto_hash_update(hmac, in_data - TLS_RECORD_HEADER_LEN, 3);
crypto_hash_update(hmac, in_data - TLS_RECORD_HEADER_LEN, 3);
WPA_PUT_BE16(len, plen);
fast_crypto_hash_update(hmac, len, 2);
fast_crypto_hash_update(hmac, out_data, plen);
crypto_hash_update(hmac, len, 2);
crypto_hash_update(hmac, out_data, plen);
hlen = sizeof(hash);
if ((int)fast_crypto_hash_finish(hmac, hash, &hlen) < 0) {
if ((int)crypto_hash_finish(hmac, hash, &hlen) < 0) {
wpa_printf(MSG_DEBUG, "TLSv1: Record Layer - Failed to calculate HMAC");
*alert = TLS_ALERT_INTERNAL_ERROR;
return -1;

2
components/wpa_supplicant/src/tls/tlsv1_server_read.c
View file

@ -871,7 +871,7 @@ static int tls_process_certificate_verify(struct tlsv1_server *conn, u8 ct,
hlen = SHA256_MAC_LEN;
if (conn->verify.sha256_cert == NULL ||
fast_crypto_hash_finish(conn->verify.sha256_cert, hpos, &hlen) <
crypto_hash_finish(conn->verify.sha256_cert, hpos, &hlen) <
0) {
conn->verify.sha256_cert = NULL;
tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,

2
components/wpa_supplicant/src/tls/tlsv1_server_write.c
View file

@ -588,7 +588,7 @@ static int tls_write_server_finished(struct tlsv1_server *conn,
if (conn->rl.tls_version >= TLS_VERSION_1_2) {
hlen = SHA256_MAC_LEN;
if (conn->verify.sha256_server == NULL ||
fast_crypto_hash_finish(conn->verify.sha256_server, hash, &hlen)
crypto_hash_finish(conn->verify.sha256_server, hash, &hlen)
< 0) {
conn->verify.sha256_server = NULL;
tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,

2
components/wpa_supplicant/src/tls/x509v3.c
View file

@ -1688,7 +1688,7 @@ skip_digest_oid:
hash, hash_len);
break;
case 11: /* sha256WithRSAEncryption */
fast_sha256_vector(1, &cert->tbs_cert_start, &cert->tbs_cert_len,
sha256_vector(1, &cert->tbs_cert_start, &cert->tbs_cert_len,
hash);
hash_len = 32;
wpa_hexdump(MSG_MSGDUMP, "X509: Certificate hash (SHA256)",

10
components/wpa_supplicant/src/wps/wps_attr_build.c
View file

@ -166,7 +166,7 @@ int wps_build_authenticator(struct wps_data *wps, struct wpabuf *msg)
len[0] = wpabuf_len(wps->last_msg);
addr[1] = wpabuf_head(msg);
len[1] = wpabuf_len(msg);
fast_hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 2, addr, len, hash);
hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 2, addr, len, hash);
wpa_printf(MSG_DEBUG, "WPS: * Authenticator");
wpabuf_put_be16(msg, ATTR_AUTHENTICATOR);
wpabuf_put_be16(msg, WPS_AUTHENTICATOR_LEN);
@ -324,7 +324,7 @@ int wps_build_key_wrap_auth(struct wps_data *wps, struct wpabuf *msg)
u8 hash[SHA256_MAC_LEN];
wpa_printf(MSG_DEBUG, "WPS: * Key Wrap Authenticator");
fast_hmac_sha256(wps->authkey, WPS_AUTHKEY_LEN, wpabuf_head(msg),
hmac_sha256(wps->authkey, WPS_AUTHKEY_LEN, wpabuf_head(msg),
wpabuf_len(msg), hash);
wpabuf_put_be16(msg, ATTR_KEY_WRAP_AUTH);
wpabuf_put_be16(msg, WPS_KWA_LEN);
@ -356,7 +356,7 @@ int wps_build_encr_settings(struct wps_data *wps, struct wpabuf *msg,
data = wpabuf_put(msg, 0);
wpabuf_put_buf(msg, plain);
wpa_printf(MSG_DEBUG, "WPS: * AES 128 Encrypted Settings");
if (fast_aes_128_cbc_encrypt(wps->keywrapkey, iv, data, wpabuf_len(plain)))
if (aes_128_cbc_encrypt(wps->keywrapkey, iv, data, wpabuf_len(plain)))
return -1;
return 0;
}
@ -373,7 +373,7 @@ int wps_build_oob_dev_pw(struct wpabuf *msg, u16 dev_pw_id,
addr[0] = wpabuf_head(pubkey);
hash_len = wpabuf_len(pubkey);
fast_sha256_vector(1, addr, &hash_len, pubkey_hash);
sha256_vector(1, addr, &hash_len, pubkey_hash);
wpabuf_put_be16(msg, ATTR_OOB_DEVICE_PASSWORD);
wpabuf_put_be16(msg, WPS_OOB_PUBKEY_HASH_LEN + 2 + dev_pw_len);
wpabuf_put_data(msg, pubkey_hash, WPS_OOB_PUBKEY_HASH_LEN);
@ -414,4 +414,4 @@ struct wpabuf * wps_ie_encapsulate(struct wpabuf *data)
wpabuf_free(data);
return ie;
}
}

4
components/wpa_supplicant/src/wps/wps_attr_process.c
View file

@ -38,7 +38,7 @@ int wps_process_authenticator(struct wps_data *wps, const u8 *authenticator,
len[0] = wpabuf_len(wps->last_msg);
addr[1] = wpabuf_head(msg);
len[1] = wpabuf_len(msg) - 4 - WPS_AUTHENTICATOR_LEN;
fast_hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 2, addr, len, hash);
hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 2, addr, len, hash);
if (os_memcmp(hash, authenticator, WPS_AUTHENTICATOR_LEN) != 0) {
wpa_printf(MSG_DEBUG, "WPS: Incorrect Authenticator");
return -1;
@ -68,7 +68,7 @@ int wps_process_key_wrap_auth(struct wps_data *wps, struct wpabuf *msg,
return -1;
}
fast_hmac_sha256(wps->authkey, WPS_AUTHKEY_LEN, head, len, hash);
hmac_sha256(wps->authkey, WPS_AUTHKEY_LEN, head, len, hash);
if (os_memcmp(hash, key_wrap_auth, WPS_KWA_LEN) != 0) {
wpa_printf(MSG_DEBUG, "WPS: Invalid KWA");
return -1;

12
components/wpa_supplicant/src/wps/wps_common.c
View file

@ -46,7 +46,7 @@ void wps_kdf(const u8 *key, const u8 *label_prefix, size_t label_prefix_len,
for (i = 1; i <= iter; i++) {
WPA_PUT_BE32(i_buf, i);
fast_hmac_sha256_vector(key, SHA256_MAC_LEN, 4, addr, len, hash);
hmac_sha256_vector(key, SHA256_MAC_LEN, 4, addr, len, hash);
if (i < iter) {
os_memcpy(opos, hash, SHA256_MAC_LEN);
opos += SHA256_MAC_LEN;
@ -103,7 +103,7 @@ int wps_derive_keys(struct wps_data *wps)
addr[0] = wpabuf_head(dh_shared);
len[0] = wpabuf_len(dh_shared);
fast_sha256_vector(1, addr, len, dhkey);
sha256_vector(1, addr, len, dhkey);
wpa_hexdump_key(MSG_DEBUG, "WPS: DHKey", dhkey, sizeof(dhkey));
wpabuf_free(dh_shared);
@ -114,7 +114,7 @@ int wps_derive_keys(struct wps_data *wps)
len[1] = ETH_ALEN;
addr[2] = wps->nonce_r;
len[2] = WPS_NONCE_LEN;
fast_hmac_sha256_vector(dhkey, sizeof(dhkey), 3, addr, len, kdk);
hmac_sha256_vector(dhkey, sizeof(dhkey), 3, addr, len, kdk);
wpa_hexdump_key(MSG_DEBUG, "WPS: KDK", kdk, sizeof(kdk));
wps_kdf(kdk, NULL, 0, "Wi-Fi Easy and Secure Key Derivation",
@ -139,10 +139,10 @@ void wps_derive_psk(struct wps_data *wps, const u8 *dev_passwd,
{
u8 hash[SHA256_MAC_LEN];
fast_hmac_sha256(wps->authkey, WPS_AUTHKEY_LEN, dev_passwd,
hmac_sha256(wps->authkey, WPS_AUTHKEY_LEN, dev_passwd,
(dev_passwd_len + 1) / 2, hash);
os_memcpy(wps->psk1, hash, WPS_PSK_LEN);
fast_hmac_sha256(wps->authkey, WPS_AUTHKEY_LEN,
hmac_sha256(wps->authkey, WPS_AUTHKEY_LEN,
dev_passwd + (dev_passwd_len + 1) / 2,
dev_passwd_len / 2, hash);
os_memcpy(wps->psk2, hash, WPS_PSK_LEN);
@ -177,7 +177,7 @@ struct wpabuf * wps_decrypt_encr_settings(struct wps_data *wps, const u8 *encr,
wpa_hexdump(MSG_MSGDUMP, "WPS: Encrypted Settings", encr, encr_len);
wpabuf_put_data(decrypted, encr + block_size, encr_len - block_size);
wpa_printf(MSG_DEBUG, "WPS: AES Decrypt setting");
if (fast_aes_128_cbc_decrypt(wps->keywrapkey, encr, wpabuf_mhead(decrypted),
if (aes_128_cbc_decrypt(wps->keywrapkey, encr, wpabuf_mhead(decrypted),
wpabuf_len(decrypted))) {
wpabuf_free(decrypted);
return NULL;

8
components/wpa_supplicant/src/wps/wps_enrollee.c
View file

@ -74,7 +74,7 @@ static int wps_build_e_hash(struct wps_data *wps, struct wpabuf *msg)
len[2] = wpabuf_len(wps->dh_pubkey_e);
addr[3] = wpabuf_head(wps->dh_pubkey_r);
len[3] = wpabuf_len(wps->dh_pubkey_r);
fast_hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 4, addr, len, hash);
hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 4, addr, len, hash);
wpa_hexdump(MSG_DEBUG, "WPS: E-Hash1", hash, SHA256_MAC_LEN);
wpa_printf(MSG_DEBUG, "WPS: * E-Hash2");
@ -84,7 +84,7 @@ static int wps_build_e_hash(struct wps_data *wps, struct wpabuf *msg)
/* E-Hash2 = HMAC_AuthKey(E-S2 || PSK2 || PK_E || PK_R) */
addr[0] = wps->snonce + WPS_SECRET_NONCE_LEN;
addr[1] = wps->psk2;
fast_hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 4, addr, len, hash);
hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 4, addr, len, hash);
wpa_hexdump(MSG_DEBUG, "WPS: E-Hash2", hash, SHA256_MAC_LEN);
return 0;
@ -593,7 +593,7 @@ static int wps_process_r_snonce1(struct wps_data *wps, const u8 *r_snonce1)
addr[3] = wpabuf_head(wps->dh_pubkey_r);
len[3] = wpabuf_len(wps->dh_pubkey_r);
fast_hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 4, addr, len, hash);
hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 4, addr, len, hash);
if (os_memcmp(wps->peer_hash1, hash, WPS_HASH_LEN) != 0) {
wpa_printf(MSG_DEBUG, "WPS: R-Hash1 derived from R-S1 does "
"not match with the pre-committed value");
@ -633,7 +633,7 @@ static int wps_process_r_snonce2(struct wps_data *wps, const u8 *r_snonce2)
addr[3] = wpabuf_head(wps->dh_pubkey_r);
len[3] = wpabuf_len(wps->dh_pubkey_r);
fast_hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 4, addr, len, hash);
hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 4, addr, len, hash);
if (os_memcmp(wps->peer_hash2, hash, WPS_HASH_LEN) != 0) {
wpa_printf(MSG_DEBUG, "WPS: R-Hash2 derived from R-S2 does "

10
components/wpa_supplicant/src/wps/wps_registrar.c
View file

@ -1427,7 +1427,7 @@ static int wps_build_r_hash(struct wps_data *wps, struct wpabuf *msg)
len[2] = wpabuf_len(wps->dh_pubkey_e);
addr[3] = wpabuf_head(wps->dh_pubkey_r);
len[3] = wpabuf_len(wps->dh_pubkey_r);
fast_hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 4, addr, len, hash);
hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 4, addr, len, hash);
wpa_hexdump(MSG_DEBUG, "WPS: R-Hash1", hash, SHA256_MAC_LEN);
wpa_printf(MSG_DEBUG, "WPS: * R-Hash2");
@ -1437,7 +1437,7 @@ static int wps_build_r_hash(struct wps_data *wps, struct wpabuf *msg)
/* R-Hash2 = HMAC_AuthKey(R-S2 || PSK2 || PK_E || PK_R) */
addr[0] = wps->snonce + WPS_SECRET_NONCE_LEN;
addr[1] = wps->psk2;
fast_hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 4, addr, len, hash);
hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 4, addr, len, hash);
wpa_hexdump(MSG_DEBUG, "WPS: R-Hash2", hash, SHA256_MAC_LEN);
return 0;
@ -2170,7 +2170,7 @@ static int wps_process_e_snonce1(struct wps_data *wps, const u8 *e_snonce1)
len[2] = wpabuf_len(wps->dh_pubkey_e);
addr[3] = wpabuf_head(wps->dh_pubkey_r);
len[3] = wpabuf_len(wps->dh_pubkey_r);
fast_hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 4, addr, len, hash);
hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 4, addr, len, hash);
if (os_memcmp(wps->peer_hash1, hash, WPS_HASH_LEN) != 0) {
wpa_printf(MSG_DEBUG, "WPS: E-Hash1 derived from E-S1 does "
"not match with the pre-committed value");
@ -2210,7 +2210,7 @@ static int wps_process_e_snonce2(struct wps_data *wps, const u8 *e_snonce2)
addr[3] = wpabuf_head(wps->dh_pubkey_r);
len[3] = wpabuf_len(wps->dh_pubkey_r);
fast_hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 4, addr, len, hash);
hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 4, addr, len, hash);
if (os_memcmp(wps->peer_hash2, hash, WPS_HASH_LEN) != 0) {
wpa_printf(MSG_DEBUG, "WPS: E-Hash2 derived from E-S2 does "
"not match with the pre-committed value");
@ -2547,7 +2547,7 @@ static enum wps_process_res wps_process_m1(struct wps_data *wps,
wps->nfc_pw_token = token;
addr[0] = attr->public_key;
fast_sha256_vector(1, addr, &attr->public_key_len, hash);
sha256_vector(1, addr, &attr->public_key_len, hash);
if (os_memcmp(hash, wps->nfc_pw_token->pubkey_hash,
WPS_OOB_PUBKEY_HASH_LEN) != 0) {
wpa_printf(MSG_ERROR, "WPS: Public Key hash "