From 900df445462b8a8103f96b1a8161623808d5520e Mon Sep 17 00:00:00 2001 From: Nachiket Kukade Date: Wed, 3 Jul 2019 17:39:52 +0530 Subject: [PATCH] wpa_supplicant: Cleanup fast_xxx modules that use duplicate code wpa_supplicant is using MbedTLS API's for crypto algorithms. For calling them a duplicate set of modules is maintained prepended with 'fast_'. Remove these and use flag USE_MBEDTLS_CRYPTO instead to separate modules calling MbedTLS API's from native implementation. --- components/esp_wifi/CMakeLists.txt | 2 +- .../src/{fast_crypto_ops.c => crypto_ops.c} | 21 +- components/wpa_supplicant/CMakeLists.txt | 8 - components/wpa_supplicant/Kconfig | 6 + components/wpa_supplicant/component.mk | 2 +- .../wpa_supplicant/include/crypto/aes_wrap.h | 6 - .../wpa_supplicant/include/crypto/crypto.h | 139 --------- .../wpa_supplicant/include/crypto/sha256.h | 6 - .../port/include/supplicant_opt.h | 4 + components/wpa_supplicant/src/ap/wpa_auth.c | 4 +- .../wpa_supplicant/src/common/wpa_common.c | 4 +- .../wpa_supplicant/src/crypto/aes-cbc.c | 86 +++++- .../wpa_supplicant/src/crypto/aes-unwrap.c | 41 +++ .../wpa_supplicant/src/crypto/aes-wrap.c | 42 +++ .../src/crypto/crypto_internal-cipher.c | 48 +++ .../src/crypto/crypto_internal-modexp.c | 59 ++++ .../src/crypto/crypto_internal.c | 64 ++++ .../wpa_supplicant/src/crypto/dh_groups.c | 4 +- .../src/crypto/sha256-internal.c | 62 ++++ components/wpa_supplicant/src/crypto/sha256.c | 15 + .../src/fast_crypto/fast_aes-cbc.c | 78 ----- .../src/fast_crypto/fast_aes-unwrap.c | 84 ----- .../src/fast_crypto/fast_aes-wrap.c | 83 ----- .../fast_crypto/fast_crypto_internal-cipher.c | 287 ------------------ .../fast_crypto/fast_crypto_internal-modexp.c | 59 ---- .../src/fast_crypto/fast_crypto_internal.c | 278 ----------------- .../src/fast_crypto/fast_sha256-internal.c | 58 ---- .../src/fast_crypto/fast_sha256.c | 165 ---------- components/wpa_supplicant/src/rsn_supp/wpa.c | 4 +- components/wpa_supplicant/src/tls/pkcs5.c | 12 +- .../src/tls/tlsv1_client_read.c | 2 +- .../src/tls/tlsv1_client_write.c | 4 +- .../wpa_supplicant/src/tls/tlsv1_common.c | 18 +- .../wpa_supplicant/src/tls/tlsv1_record.c | 36 +-- .../src/tls/tlsv1_server_read.c | 2 +- .../src/tls/tlsv1_server_write.c | 2 +- components/wpa_supplicant/src/tls/x509v3.c | 2 +- .../wpa_supplicant/src/wps/wps_attr_build.c | 10 +- .../wpa_supplicant/src/wps/wps_attr_process.c | 4 +- .../wpa_supplicant/src/wps/wps_common.c | 12 +- .../wpa_supplicant/src/wps/wps_enrollee.c | 8 +- .../wpa_supplicant/src/wps/wps_registrar.c | 10 +- 42 files changed, 506 insertions(+), 1335 deletions(-) rename components/esp_wifi/src/{fast_crypto_ops.c => crypto_ops.c} (69%) delete mode 100644 components/wpa_supplicant/src/fast_crypto/fast_aes-cbc.c delete mode 100644 components/wpa_supplicant/src/fast_crypto/fast_aes-unwrap.c delete mode 100644 components/wpa_supplicant/src/fast_crypto/fast_aes-wrap.c delete mode 100644 components/wpa_supplicant/src/fast_crypto/fast_crypto_internal-cipher.c delete mode 100644 components/wpa_supplicant/src/fast_crypto/fast_crypto_internal-modexp.c delete mode 100644 components/wpa_supplicant/src/fast_crypto/fast_crypto_internal.c delete mode 100644 components/wpa_supplicant/src/fast_crypto/fast_sha256-internal.c delete mode 100644 components/wpa_supplicant/src/fast_crypto/fast_sha256.c diff --git a/components/esp_wifi/CMakeLists.txt b/components/esp_wifi/CMakeLists.txt index 469497f69..4994e19dc 100644 --- a/components/esp_wifi/CMakeLists.txt +++ b/components/esp_wifi/CMakeLists.txt @@ -5,7 +5,7 @@ if(NOT CONFIG_ESP32_NO_BLOBS) endif() idf_component_register(SRCS "src/coexist.c" - "src/fast_crypto_ops.c" + "src/crypto_ops.c" "src/lib_printf.c" "src/mesh_event.c" "src/phy_init.c" diff --git a/components/esp_wifi/src/fast_crypto_ops.c b/components/esp_wifi/src/crypto_ops.c similarity index 69% rename from components/esp_wifi/src/fast_crypto_ops.c rename to components/esp_wifi/src/crypto_ops.c index c8146b47e..fdef5ca57 100644 --- a/components/esp_wifi/src/fast_crypto_ops.c +++ b/components/esp_wifi/src/crypto_ops.c @@ -22,19 +22,18 @@ #include "crypto/dh_group5.h" #include "esp_wifi_crypto_types.h" /* - * The parameters is used to set the cyrpto callback function for station connect when in security mode, - * every callback function can register as fast_xxx or normal one, i.e, fast_aes_wrap or aes_wrap, the - * difference between them is the normal API is calculate by software, the fast one use the hardware - * crypto in it, can be faster than the normal one, so the callback function register in default is which - * we recommend, so as the API in WPS default and WPA2 default. + * This structure is used to set the cyrpto callback function for station to connect when in security mode. + * These functions either call MbedTLS API's if USE_MBEDTLS_CRYPTO flag is set through Kconfig, or native + * API's otherwise. We recommend setting the flag since MbedTLS API's utilize hardware acceleration while + * native API's are use software implementations. */ const wpa_crypto_funcs_t g_wifi_default_wpa_crypto_funcs = { .size = sizeof(wpa_crypto_funcs_t), .version = ESP_WIFI_CRYPTO_VERSION, - .aes_wrap = (esp_aes_wrap_t)fast_aes_wrap, - .aes_unwrap = (esp_aes_unwrap_t)fast_aes_unwrap, - .hmac_sha256_vector = (esp_hmac_sha256_vector_t)fast_hmac_sha256_vector, - .sha256_prf = (esp_sha256_prf_t)fast_sha256_prf, + .aes_wrap = (esp_aes_wrap_t)aes_wrap, + .aes_unwrap = (esp_aes_unwrap_t)aes_unwrap, + .hmac_sha256_vector = (esp_hmac_sha256_vector_t)hmac_sha256_vector, + .sha256_prf = (esp_sha256_prf_t)sha256_prf, .hmac_md5 = (esp_hmac_md5_t)hmac_md5, .hamc_md5_vector = (esp_hmac_md5_vector_t)hmac_md5_vector, .hmac_sha1 = (esp_hmac_sha1_t)hmac_sha1, @@ -53,6 +52,6 @@ const wpa_crypto_funcs_t g_wifi_default_wpa_crypto_funcs = { }; const mesh_crypto_funcs_t g_wifi_default_mesh_crypto_funcs = { - .aes_128_encrypt = (esp_aes_128_encrypt_t)fast_aes_128_cbc_encrypt, - .aes_128_decrypt = (esp_aes_128_decrypt_t)fast_aes_128_cbc_decrypt, + .aes_128_encrypt = (esp_aes_128_encrypt_t)aes_128_cbc_encrypt, + .aes_128_decrypt = (esp_aes_128_decrypt_t)aes_128_cbc_decrypt, }; diff --git a/components/wpa_supplicant/CMakeLists.txt b/components/wpa_supplicant/CMakeLists.txt index b7d2958e2..2b7e14924 100644 --- a/components/wpa_supplicant/CMakeLists.txt +++ b/components/wpa_supplicant/CMakeLists.txt @@ -29,14 +29,6 @@ set(srcs "port/os_xtensa.c" "src/crypto/sha1.c" "src/crypto/sha256-internal.c" "src/crypto/sha256.c" - "src/fast_crypto/fast_aes-cbc.c" - "src/fast_crypto/fast_aes-unwrap.c" - "src/fast_crypto/fast_aes-wrap.c" - "src/fast_crypto/fast_crypto_internal-cipher.c" - "src/fast_crypto/fast_crypto_internal-modexp.c" - "src/fast_crypto/fast_crypto_internal.c" - "src/fast_crypto/fast_sha256-internal.c" - "src/fast_crypto/fast_sha256.c" "src/eap_peer/chap.c" "src/eap_peer/eap.c" "src/eap_peer/eap_common.c" diff --git a/components/wpa_supplicant/Kconfig b/components/wpa_supplicant/Kconfig index efcf5ecc5..3d57c76e0 100644 --- a/components/wpa_supplicant/Kconfig +++ b/components/wpa_supplicant/Kconfig @@ -27,4 +27,10 @@ menu "Supplicant" help Select this option to support EAP-PEAP. + config WPA_MBEDTLS_CRYPTO + bool "Use MbedTLS crypto API's" + default y + help + Select this option to use MbedTLS crypto API's which utilize hardware acceleration. + endmenu diff --git a/components/wpa_supplicant/component.mk b/components/wpa_supplicant/component.mk index dfc2f17df..1320854b9 100644 --- a/components/wpa_supplicant/component.mk +++ b/components/wpa_supplicant/component.mk @@ -1,5 +1,5 @@ COMPONENT_ADD_INCLUDEDIRS := include port/include include/esp_supplicant COMPONENT_PRIV_INCLUDEDIRS := src -COMPONENT_SRCDIRS := port src/ap src/common src/crypto src/eap_peer src/fast_crypto src/rsn_supp src/tls src/utils src/esp_supplicant src/wps +COMPONENT_SRCDIRS := port src/ap src/common src/crypto src/eap_peer src/rsn_supp src/tls src/utils src/esp_supplicant src/wps CFLAGS += -DESP_SUPPLICANT -DIEEE8021X_EAPOL -DEAP_PEER_METHOD -DEAP_MSCHAPv2 -DUSE_WPA2_TASK -DCONFIG_WPS2 -DCONFIG_WPS_PIN -DUSE_WPS_TASK -DESPRESSIF_USE -DESP32_WORKAROUND -DCONFIG_ECC -D__ets__ -Wno-strict-aliasing diff --git a/components/wpa_supplicant/include/crypto/aes_wrap.h b/components/wpa_supplicant/include/crypto/aes_wrap.h index 933031e4b..e6912054f 100644 --- a/components/wpa_supplicant/include/crypto/aes_wrap.h +++ b/components/wpa_supplicant/include/crypto/aes_wrap.h @@ -44,10 +44,4 @@ int __must_check aes_128_cbc_encrypt(const u8 *key, const u8 *iv, u8 *data, size_t data_len); int __must_check aes_128_cbc_decrypt(const u8 *key, const u8 *iv, u8 *data, size_t data_len); -int __must_check fast_aes_wrap(const uint8_t *kek, int n, const uint8_t *plain, uint8_t *cipher); -int __must_check fast_aes_unwrap(const uint8_t *kek, int n, const uint8_t *cipher, uint8_t *plain); -int __must_check fast_aes_128_cbc_encrypt(const uint8_t *key, const uint8_t *iv, uint8_t *data, - size_t data_len); -int __must_check fast_aes_128_cbc_decrypt(const uint8_t *key, const uint8_t *iv, uint8_t *data, - size_t data_len); #endif /* AES_WRAP_H */ diff --git a/components/wpa_supplicant/include/crypto/crypto.h b/components/wpa_supplicant/include/crypto/crypto.h index fd69dc968..9c57c50db 100644 --- a/components/wpa_supplicant/include/crypto/crypto.h +++ b/components/wpa_supplicant/include/crypto/crypto.h @@ -102,17 +102,6 @@ int __must_check fips186_2_prf(const u8 *seed, size_t seed_len, u8 *x, int sha256_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac); -/** - * fast_sha256_vector - fast SHA256 hash for data vector - * @num_elem: Number of elements in the data vector - * @addr: Pointers to the data areas - * @len: Lengths of the data blocks - * @mac: Buffer for the hash - * Returns: 0 on success, -1 on failure - */ -int fast_sha256_vector(size_t num_elem, const uint8_t *addr[], const size_t *len, - uint8_t *mac); - /** * des_encrypt - Encrypt one block with DES * @clear: 8 octets (in) @@ -189,21 +178,6 @@ struct crypto_hash; struct crypto_hash * crypto_hash_init(enum crypto_hash_alg alg, const u8 *key, size_t key_len); -/** - * fast_crypto_hash_init - Initialize hash/HMAC function - * @alg: Hash algorithm - * @key: Key for keyed hash (e.g., HMAC) or %NULL if not needed - * @key_len: Length of the key in bytes - * Returns: Pointer to hash context to use with other hash functions or %NULL - * on failure - * - * This function is only used with internal TLSv1 implementation - * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need - * to implement this. - */ -struct crypto_hash * fast_crypto_hash_init(enum crypto_hash_alg alg, const uint8_t *key, - size_t key_len); - /** * crypto_hash_update - Add data to hash calculation * @ctx: Context pointer from crypto_hash_init() @@ -216,18 +190,6 @@ struct crypto_hash * fast_crypto_hash_init(enum crypto_hash_alg alg, const uint8 */ void crypto_hash_update(struct crypto_hash *ctx, const u8 *data, size_t len); -/** - * fast_crypto_hash_update - Add data to hash calculation - * @ctx: Context pointer from crypto_hash_init() - * @data: Data buffer to add - * @len: Length of the buffer - * - * This function is only used with internal TLSv1 implementation - * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need - * to implement this. - */ -void fast_crypto_hash_update(struct crypto_hash *ctx, const uint8_t *data, size_t len); - /** * crypto_hash_finish - Complete hash calculation * @ctx: Context pointer from crypto_hash_init() @@ -247,26 +209,6 @@ void fast_crypto_hash_update(struct crypto_hash *ctx, const uint8_t *data, size_ */ int crypto_hash_finish(struct crypto_hash *ctx, u8 *hash, size_t *len); -/** - * fast_crypto_hash_finish - Complete hash calculation - * @ctx: Context pointer from crypto_hash_init() - * @hash: Buffer for hash value or %NULL if caller is just freeing the hash - * context - * @len: Pointer to length of the buffer or %NULL if caller is just freeing the - * hash context; on return, this is set to the actual length of the hash value - * Returns: 0 on success, -1 if buffer is too small (len set to needed length), - * or -2 on other failures (including failed crypto_hash_update() operations) - * - * This function calculates the hash value and frees the context buffer that - * was used for hash calculation. - * - * This function is only used with internal TLSv1 implementation - * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need - * to implement this. - */ -int fast_crypto_hash_finish(struct crypto_hash *ctx, uint8_t *hash, size_t *len); - - enum crypto_cipher_alg { CRYPTO_CIPHER_NULL = 0, CRYPTO_CIPHER_ALG_AES, CRYPTO_CIPHER_ALG_3DES, CRYPTO_CIPHER_ALG_DES, CRYPTO_CIPHER_ALG_RC2, CRYPTO_CIPHER_ALG_RC4 @@ -291,22 +233,6 @@ struct crypto_cipher * crypto_cipher_init(enum crypto_cipher_alg alg, const u8 *iv, const u8 *key, size_t key_len); -/** - * fast_crypto_cipher_init - Initialize block/stream cipher function - * @alg: Cipher algorithm - * @iv: Initialization vector for block ciphers or %NULL for stream ciphers - * @key: Cipher key - * @key_len: Length of key in bytes - * Returns: Pointer to cipher context to use with other cipher functions or - * %NULL on failure - * - * This function is only used with internal TLSv1 implementation - * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need - * to implement this. - */ -struct crypto_cipher * fast_crypto_cipher_init(enum crypto_cipher_alg alg, - const uint8_t *iv, const uint8_t *key, - size_t key_len); /** * crypto_cipher_encrypt - Cipher encrypt * @ctx: Context pointer from crypto_cipher_init() @@ -322,21 +248,6 @@ struct crypto_cipher * fast_crypto_cipher_init(enum crypto_cipher_alg alg, int __must_check crypto_cipher_encrypt(struct crypto_cipher *ctx, const u8 *plain, u8 *crypt, size_t len); -/** - * fast_crypto_cipher_encrypt - Cipher encrypt - * @ctx: Context pointer from crypto_cipher_init() - * @plain: Plaintext to cipher - * @crypt: Resulting ciphertext - * @len: Length of the plaintext - * Returns: 0 on success, -1 on failure - * - * This function is only used with internal TLSv1 implementation - * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need - * to implement this. - */ -int __must_check fast_crypto_cipher_encrypt(struct crypto_cipher *ctx, - const uint8_t *plain, uint8_t *crypt, size_t len); - /** * crypto_cipher_decrypt - Cipher decrypt * @ctx: Context pointer from crypto_cipher_init() @@ -352,21 +263,6 @@ int __must_check fast_crypto_cipher_encrypt(struct crypto_cipher *ctx, int __must_check crypto_cipher_decrypt(struct crypto_cipher *ctx, const u8 *crypt, u8 *plain, size_t len); -/** - * fast_crypto_cipher_decrypt - Cipher decrypt - * @ctx: Context pointer from crypto_cipher_init() - * @crypt: Ciphertext to decrypt - * @plain: Resulting plaintext - * @len: Length of the cipher text - * Returns: 0 on success, -1 on failure - * - * This function is only used with internal TLSv1 implementation - * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need - * to implement this. - */ -int __must_check fast_crypto_cipher_decrypt(struct crypto_cipher *ctx, - const uint8_t *crypt, uint8_t *plain, size_t len); - /** * crypto_cipher_decrypt - Free cipher context * @ctx: Context pointer from crypto_cipher_init() @@ -377,16 +273,6 @@ int __must_check fast_crypto_cipher_decrypt(struct crypto_cipher *ctx, */ void crypto_cipher_deinit(struct crypto_cipher *ctx); -/** - * fast_crypto_cipher_decrypt - Free cipher context - * @ctx: Context pointer from crypto_cipher_init() - * - * This function is only used with internal TLSv1 implementation - * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need - * to implement this. - */ -void fast_crypto_cipher_deinit(struct crypto_cipher *ctx); - struct crypto_public_key; struct crypto_private_key; @@ -565,31 +451,6 @@ int __must_check crypto_mod_exp(const u8 *base, size_t base_len, const u8 *modulus, size_t modulus_len, u8 *result, size_t *result_len); -/** - * fast_crypto_mod_exp - Modular exponentiation of large integers - * @base: Base integer (big endian byte array) - * @base_len: Length of base integer in bytes - * @power: Power integer (big endian byte array) - * @power_len: Length of power integer in bytes - * @modulus: Modulus integer (big endian byte array) - * @modulus_len: Length of modulus integer in bytes - * @result: Buffer for the result - * @result_len: Result length (max buffer size on input, real len on output) - * Returns: 0 on success, -1 on failure - * - * This function calculates result = base ^ power mod modulus. modules_len is - * used as the maximum size of modulus buffer. It is set to the used size on - * success. - * - * This function is only used with internal TLSv1 implementation - * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need - * to implement this. - */ -int __must_check fast_crypto_mod_exp(const uint8_t *base, size_t base_len, - const uint8_t *power, size_t power_len, - const uint8_t *modulus, size_t modulus_len, - uint8_t *result, size_t *result_len); - /** * rc4_skip - XOR RC4 stream to given data with skip-stream-start * @key: RC4 key diff --git a/components/wpa_supplicant/include/crypto/sha256.h b/components/wpa_supplicant/include/crypto/sha256.h index 8025a29de..dc597f09b 100644 --- a/components/wpa_supplicant/include/crypto/sha256.h +++ b/components/wpa_supplicant/include/crypto/sha256.h @@ -24,10 +24,4 @@ void hmac_sha256(const u8 *key, size_t key_len, const u8 *data, void sha256_prf(const u8 *key, size_t key_len, const char *label, const u8 *data, size_t data_len, u8 *buf, size_t buf_len); -void fast_hmac_sha256_vector(const uint8_t *key, size_t key_len, size_t num_elem, - const uint8_t *addr[], const size_t *len, uint8_t *mac); -void fast_hmac_sha256(const uint8_t *key, size_t key_len, const uint8_t *data, - size_t data_len, uint8_t *mac); -void fast_sha256_prf(const uint8_t *key, size_t key_len, const char *label, - const uint8_t *data, size_t data_len, uint8_t *buf, size_t buf_len); #endif /* SHA256_H */ diff --git a/components/wpa_supplicant/port/include/supplicant_opt.h b/components/wpa_supplicant/port/include/supplicant_opt.h index 4267a71c9..446dda0b0 100644 --- a/components/wpa_supplicant/port/include/supplicant_opt.h +++ b/components/wpa_supplicant/port/include/supplicant_opt.h @@ -29,4 +29,8 @@ #define EAP_PEAP 1 #endif +#if CONFIG_WPA_MBEDTLS_CRYPTO +#define USE_MBEDTLS_CRYPTO 1 +#endif + #endif /* _SUPPLICANT_OPT_H */ diff --git a/components/wpa_supplicant/src/ap/wpa_auth.c b/components/wpa_supplicant/src/ap/wpa_auth.c index 5ee342e74..58625bb55 100644 --- a/components/wpa_supplicant/src/ap/wpa_auth.c +++ b/components/wpa_supplicant/src/ap/wpa_auth.c @@ -932,7 +932,7 @@ static int wpa_gmk_to_gtk(const u8 *gmk, const char *label, const u8 *addr, ret = -1; #ifdef CONFIG_IEEE80211W - fast_sha256_prf(gmk, WPA_GMK_LEN, label, data, sizeof(data), gtk, gtk_len); + sha256_prf(gmk, WPA_GMK_LEN, label, data, sizeof(data), gtk, gtk_len); #else /* CONFIG_IEEE80211W */ if (sha1_prf(gmk, WPA_GMK_LEN, label, data, sizeof(data), gtk, gtk_len) < 0) ret = -1; @@ -1064,7 +1064,7 @@ void __wpa_send_eapol(struct wpa_authenticator *wpa_auth, buf, key_data_len); if (version == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES || version == WPA_KEY_INFO_TYPE_AES_128_CMAC) { - if (fast_aes_wrap(sm->PTK.kek, (key_data_len - 8) / 8, buf, + if (aes_wrap(sm->PTK.kek, (key_data_len - 8) / 8, buf, (u8 *) (key + 1))) { os_free(hdr); os_free(buf); diff --git a/components/wpa_supplicant/src/common/wpa_common.c b/components/wpa_supplicant/src/common/wpa_common.c index 2685cc38a..c04307052 100644 --- a/components/wpa_supplicant/src/common/wpa_common.c +++ b/components/wpa_supplicant/src/common/wpa_common.c @@ -507,7 +507,7 @@ void wpa_pmk_to_ptk(const u8 *pmk, size_t pmk_len, const char *label, #ifdef CONFIG_IEEE80211W if (use_sha256) { - fast_sha256_prf(pmk, pmk_len, label, data, sizeof(data), + sha256_prf(pmk, pmk_len, label, data, sizeof(data), ptk, ptk_len); } else @@ -549,7 +549,7 @@ void rsn_pmkid(const u8 *pmk, size_t pmk_len, const u8 *aa, const u8 *spa, #ifdef CONFIG_IEEE80211W if (use_sha256) { - fast_hmac_sha256_vector(pmk, pmk_len, 3, addr, len, hash); + hmac_sha256_vector(pmk, pmk_len, 3, addr, len, hash); } else #endif /* CONFIG_IEEE80211W */ diff --git a/components/wpa_supplicant/src/crypto/aes-cbc.c b/components/wpa_supplicant/src/crypto/aes-cbc.c index b59227909..24c567009 100644 --- a/components/wpa_supplicant/src/crypto/aes-cbc.c +++ b/components/wpa_supplicant/src/crypto/aes-cbc.c @@ -12,6 +12,21 @@ * * See README and COPYING for more details. */ +/* + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Hardware crypto support Copyright 2017-2019 Espressif Systems (Shanghai) PTE LTD + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ #include "utils/includes.h" @@ -19,6 +34,9 @@ #include "crypto/aes.h" #include "crypto/aes_wrap.h" +#ifdef USE_MBEDTLS_CRYPTO +#include "mbedtls/aes.h" + /** * aes_128_cbc_encrypt - AES-128 CBC encryption * @key: Encryption key @@ -27,7 +45,70 @@ * @data_len: Length of data in bytes (must be divisible by 16) * Returns: 0 on success, -1 on failure */ -int +int +aes_128_cbc_encrypt(const u8 *key, const u8 *iv, u8 *data, size_t data_len) +{ + int ret = 0; + mbedtls_aes_context ctx; + u8 cbc[AES_BLOCK_SIZE]; + + mbedtls_aes_init(&ctx); + + ret = mbedtls_aes_setkey_enc(&ctx, key, 128); + if(ret < 0) { + mbedtls_aes_free(&ctx); + return ret; + } + + os_memcpy(cbc, iv, AES_BLOCK_SIZE); + ret = mbedtls_aes_crypt_cbc(&ctx, MBEDTLS_AES_ENCRYPT, data_len, cbc, data, data); + mbedtls_aes_free(&ctx); + + return ret; +} + + +/** + * aes_128_cbc_decrypt - AES-128 CBC decryption + * @key: Decryption key + * @iv: Decryption IV for CBC mode (16 bytes) + * @data: Data to decrypt in-place + * @data_len: Length of data in bytes (must be divisible by 16) + * Returns: 0 on success, -1 on failure + */ +int +aes_128_cbc_decrypt(const u8 *key, const u8 *iv, u8 *data, size_t data_len) +{ + int ret = 0; + mbedtls_aes_context ctx; + u8 cbc[AES_BLOCK_SIZE]; + + mbedtls_aes_init(&ctx); + + ret = mbedtls_aes_setkey_dec(&ctx, key, 128); + if(ret < 0) { + mbedtls_aes_free(&ctx); + return ret; + } + + os_memcpy(cbc, iv, AES_BLOCK_SIZE); + ret = mbedtls_aes_crypt_cbc(&ctx, MBEDTLS_AES_DECRYPT, data_len, cbc, data, data); + mbedtls_aes_free(&ctx); + + return ret; + +} +#else /* USE_MBEDTLS_CRYPTO */ + +/** + * aes_128_cbc_encrypt - AES-128 CBC encryption + * @key: Encryption key + * @iv: Encryption IV for CBC mode (16 bytes) + * @data: Data to encrypt in-place + * @data_len: Length of data in bytes (must be divisible by 16) + * Returns: 0 on success, -1 on failure + */ +int aes_128_cbc_encrypt(const u8 *key, const u8 *iv, u8 *data, size_t data_len) { void *ctx; @@ -61,7 +142,7 @@ aes_128_cbc_encrypt(const u8 *key, const u8 *iv, u8 *data, size_t data_len) * @data_len: Length of data in bytes (must be divisible by 16) * Returns: 0 on success, -1 on failure */ -int +int aes_128_cbc_decrypt(const u8 *key, const u8 *iv, u8 *data, size_t data_len) { void *ctx; @@ -86,3 +167,4 @@ aes_128_cbc_decrypt(const u8 *key, const u8 *iv, u8 *data, size_t data_len) aes_decrypt_deinit(ctx); return 0; } +#endif /* USE_MBEDTLS_CRYPTO */ diff --git a/components/wpa_supplicant/src/crypto/aes-unwrap.c b/components/wpa_supplicant/src/crypto/aes-unwrap.c index 2e5a0a1c5..9f513b0ac 100644 --- a/components/wpa_supplicant/src/crypto/aes-unwrap.c +++ b/components/wpa_supplicant/src/crypto/aes-unwrap.c @@ -12,12 +12,31 @@ * * See README and COPYING for more details. */ +/* + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Hardware crypto support Copyright 2017-2019 Espressif Systems (Shanghai) PTE LTD + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ #include "utils/includes.h" #include "utils/common.h" +#ifdef USE_MBEDTLS_CRYPTO +#include "mbedtls/aes.h" +#else /* USE_MBEDTLS_CRYPTO */ #include "crypto/aes.h" #include "crypto/aes_wrap.h" +#endif /* USE_MBEDTLS_CRYPTO */ /** * aes_unwrap - Unwrap key with AES Key Wrap Algorithm (128-bit KEK) (RFC3394) @@ -33,16 +52,30 @@ aes_unwrap(const u8 *kek, int n, const u8 *cipher, u8 *plain) { u8 a[8], *r, b[16]; int i, j; +#ifdef USE_MBEDTLS_CRYPTO + int32_t ret = 0; + mbedtls_aes_context ctx; +#else /* USE_MBEDTLS_CRYPTO */ void *ctx; +#endif /* USE_MBEDTLS_CRYPTO */ /* 1) Initialize variables. */ os_memcpy(a, cipher, 8); r = plain; os_memcpy(r, cipher + 8, 8 * n); +#ifdef USE_MBEDTLS_CRYPTO + mbedtls_aes_init(&ctx); + ret = mbedtls_aes_setkey_dec(&ctx, kek, 128); + if (ret < 0) { + mbedtls_aes_free(&ctx); + return ret; + } +#else /* USE_MBEDTLS_CRYPTO */ ctx = aes_decrypt_init(kek, 16); if (ctx == NULL) return -1; +#endif /* USE_MBEDTLS_CRYPTO */ /* 2) Compute intermediate values. * For j = 5 to 0 @@ -58,13 +91,21 @@ aes_unwrap(const u8 *kek, int n, const u8 *cipher, u8 *plain) b[7] ^= n * j + i; os_memcpy(b + 8, r, 8); +#ifdef USE_MBEDTLS_CRYPTO + ret = mbedtls_internal_aes_decrypt(&ctx, b, b); +#else /* USE_MBEDTLS_CRYPTO */ aes_decrypt(ctx, b, b); +#endif /* USE_MBEDTLS_CRYPTO */ os_memcpy(a, b, 8); os_memcpy(r, b + 8, 8); r -= 8; } } +#ifdef USE_MBEDTLS_CRYPTO + mbedtls_aes_free(&ctx); +#else /* USE_MBEDTLS_CRYPTO */ aes_decrypt_deinit(ctx); +#endif /* USE_MBEDTLS_CRYPTO */ /* 3) Output results. * diff --git a/components/wpa_supplicant/src/crypto/aes-wrap.c b/components/wpa_supplicant/src/crypto/aes-wrap.c index 40eb98c54..9d180f522 100644 --- a/components/wpa_supplicant/src/crypto/aes-wrap.c +++ b/components/wpa_supplicant/src/crypto/aes-wrap.c @@ -6,12 +6,30 @@ * This software may be distributed under the terms of the BSD license. * See README for more details. */ +/* + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Hardware crypto support Copyright 2017-2019 Espressif Systems (Shanghai) PTE LTD + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ #include "utils/includes.h" #include "utils/common.h" #include "crypto/aes.h" #include "crypto/aes_wrap.h" +#ifdef USE_MBEDTLS_CRYPTO +#include "mbedtls/aes.h" +#endif /* USE_MBEDTLS_CRYPTO */ /** * aes_wrap - Wrap keys with AES Key Wrap Algorithm (128-bit KEK) (RFC3394) @@ -26,7 +44,12 @@ int aes_wrap(const u8 *kek, int n, const u8 *plain, u8 *cipher) { u8 *a, *r, b[16]; int i, j; +#ifdef USE_MBEDTLS_CRYPTO + int32_t ret = 0; + mbedtls_aes_context ctx; +#else /* USE_MBEDTLS_CRYPTO */ void *ctx; +#endif /* USE_MBEDTLS_CRYPTO */ a = cipher; r = cipher + 8; @@ -35,9 +58,18 @@ int aes_wrap(const u8 *kek, int n, const u8 *plain, u8 *cipher) os_memset(a, 0xa6, 8); os_memcpy(r, plain, 8 * n); +#ifdef USE_MBEDTLS_CRYPTO + mbedtls_aes_init(&ctx); + ret = mbedtls_aes_setkey_enc(&ctx, kek, 128); + if (ret < 0) { + mbedtls_aes_free(&ctx); + return ret; + } +#else /* USE_MBEDTLS_CRYPTO */ ctx = aes_encrypt_init(kek, 16); if (ctx == NULL) return -1; +#endif /* USE_MBEDTLS_CRYPTO */ /* 2) Calculate intermediate values. * For j = 0 to 5 @@ -51,14 +83,24 @@ int aes_wrap(const u8 *kek, int n, const u8 *plain, u8 *cipher) for (i = 1; i <= n; i++) { os_memcpy(b, a, 8); os_memcpy(b + 8, r, 8); +#ifdef USE_MBEDTLS_CRYPTO + ret = mbedtls_internal_aes_encrypt(&ctx, b, b); + if (ret != 0) + break; +#else /* USE_MBEDTLS_CRYPTO */ aes_encrypt(ctx, b, b); +#endif /* USE_MBEDTLS_CRYPTO */ os_memcpy(a, b, 8); a[7] ^= n * j + i; os_memcpy(r, b + 8, 8); r += 8; } } +#ifdef USE_MBEDTLS_CRYPTO + mbedtls_aes_free(&ctx); +#else /* USE_MBEDTLS_CRYPTO */ aes_encrypt_deinit(ctx); +#endif /* USE_MBEDTLS_CRYPTO */ /* 3) Output the results. * diff --git a/components/wpa_supplicant/src/crypto/crypto_internal-cipher.c b/components/wpa_supplicant/src/crypto/crypto_internal-cipher.c index f197aa35e..3fe2412e1 100644 --- a/components/wpa_supplicant/src/crypto/crypto_internal-cipher.c +++ b/components/wpa_supplicant/src/crypto/crypto_internal-cipher.c @@ -5,13 +5,32 @@ * This software may be distributed under the terms of the BSD license. * See README for more details. */ +/* + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Hardware crypto support Copyright 2017-2019 Espressif Systems (Shanghai) PTE LTD + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ #include "utils/common.h" +#include "utils/includes.h" #include "crypto/crypto.h" #include "crypto/aes.h" #if defined(CONFIG_DES) || defined(CONFIG_DES3) #include "crypto/des_i.h" #endif +#ifdef USE_MBEDTLS_CRYPTO +#include "mbedtls/aes.h" +#endif /* USE_MBEDTLS_CRYPTO */ struct crypto_cipher { enum crypto_cipher_alg alg; @@ -23,8 +42,13 @@ struct crypto_cipher { } rc4; struct { u8 cbc[32]; +#ifdef USE_MBEDTLS_CRYPTO + mbedtls_aes_context ctx_enc; + mbedtls_aes_context ctx_dec; +#else /* USE_MBEDTLS_CRYPTO */ void *ctx_enc; void *ctx_dec; +#endif /* USE_MBEDTLS_CRYPTO */ } aes; #ifdef CONFIG_DES3 struct { @@ -65,6 +89,12 @@ struct crypto_cipher * crypto_cipher_init(enum crypto_cipher_alg alg, os_memcpy(ctx->u.rc4.key, key, key_len); break; case CRYPTO_CIPHER_ALG_AES: +#ifdef USE_MBEDTLS_CRYPTO + mbedtls_aes_init(&(ctx->u.aes.ctx_enc)); + mbedtls_aes_setkey_enc(&(ctx->u.aes.ctx_enc), key, key_len * 8); + mbedtls_aes_init(&(ctx->u.aes.ctx_dec)); + mbedtls_aes_setkey_dec(&(ctx->u.aes.ctx_dec), key, key_len * 8); +#else /* USE_MBEDTLS_CRYPTO */ ctx->u.aes.ctx_enc = aes_encrypt_init(key, key_len); if (ctx->u.aes.ctx_enc == NULL) { os_free(ctx); @@ -76,6 +106,7 @@ struct crypto_cipher * crypto_cipher_init(enum crypto_cipher_alg alg, os_free(ctx); return NULL; } +#endif /* USE_MBEDTLS_CRYPTO */ os_memcpy(ctx->u.aes.cbc, iv, AES_BLOCK_SIZE); break; #ifdef CONFIG_DES3 @@ -127,8 +158,14 @@ int crypto_cipher_encrypt(struct crypto_cipher *ctx, const u8 *plain, for (i = 0; i < blocks; i++) { for (j = 0; j < AES_BLOCK_SIZE; j++) ctx->u.aes.cbc[j] ^= plain[j]; +#ifdef USE_MBEDTLS_CRYPTO + if (mbedtls_internal_aes_encrypt(&(ctx->u.aes.ctx_enc), + ctx->u.aes.cbc, ctx->u.aes.cbc) != 0) + return -1; +#else /* USE_MBEDTLS_CRYPTO */ aes_encrypt(ctx->u.aes.ctx_enc, ctx->u.aes.cbc, ctx->u.aes.cbc); +#endif /* USE_MBEDTLS_CRYPTO */ os_memcpy(crypt, ctx->u.aes.cbc, AES_BLOCK_SIZE); plain += AES_BLOCK_SIZE; crypt += AES_BLOCK_SIZE; @@ -194,7 +231,13 @@ int crypto_cipher_decrypt(struct crypto_cipher *ctx, const u8 *crypt, blocks = len / AES_BLOCK_SIZE; for (i = 0; i < blocks; i++) { os_memcpy(tmp, crypt, AES_BLOCK_SIZE); +#ifdef USE_MBEDTLS_CRYPTO + if (mbedtls_internal_aes_decrypt(&(ctx->u.aes.ctx_dec), + crypt, plain) != 0) + return -1; +#else /* USE_MBEDTLS_CRYPTO */ aes_decrypt(ctx->u.aes.ctx_dec, crypt, plain); +#endif /* USE_MBEDTLS_CRYPTO */ for (j = 0; j < AES_BLOCK_SIZE; j++) plain[j] ^= ctx->u.aes.cbc[j]; os_memcpy(ctx->u.aes.cbc, tmp, AES_BLOCK_SIZE); @@ -246,8 +289,13 @@ void crypto_cipher_deinit(struct crypto_cipher *ctx) { switch (ctx->alg) { case CRYPTO_CIPHER_ALG_AES: +#ifdef USE_MBEDTLS_CRYPTO + mbedtls_aes_free(&(ctx->u.aes.ctx_enc)); + mbedtls_aes_free(&(ctx->u.aes.ctx_dec)); +#else /* USE_MBEDTLS_CRYPTO */ aes_encrypt_deinit(ctx->u.aes.ctx_enc); aes_decrypt_deinit(ctx->u.aes.ctx_dec); +#endif /* USE_MBEDTLS_CRYPTO */ break; #ifdef CONFIG_DES3 case CRYPTO_CIPHER_ALG_3DES: diff --git a/components/wpa_supplicant/src/crypto/crypto_internal-modexp.c b/components/wpa_supplicant/src/crypto/crypto_internal-modexp.c index 2bf67df34..f37139ba1 100644 --- a/components/wpa_supplicant/src/crypto/crypto_internal-modexp.c +++ b/components/wpa_supplicant/src/crypto/crypto_internal-modexp.c @@ -11,14 +11,72 @@ * * See README and COPYING for more details. */ +/* + * Hardware crypto support Copyright 2017-2019 Espressif Systems (Shanghai) PTE LTD + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ #include "utils/includes.h" #include "utils/common.h" +#ifdef USE_MBEDTLS_CRYPTO +#include "mbedtls/bignum.h" +#else /* USE_MBEDTLS_CRYPTO */ #include "bignum.h" +#endif /* USE_MBEDTLS_CRYPTO */ #include "crypto/crypto.h" +#ifdef USE_MBEDTLS_CRYPTO +int +crypto_mod_exp(const uint8_t *base, size_t base_len, + const uint8_t *power, size_t power_len, + const uint8_t *modulus, size_t modulus_len, + uint8_t *result, size_t *result_len) +{ + mbedtls_mpi bn_base, bn_exp, bn_modulus, bn_result, bn_rinv; + int ret = 0; + mbedtls_mpi_init(&bn_base); + mbedtls_mpi_init(&bn_exp); + mbedtls_mpi_init(&bn_modulus); + mbedtls_mpi_init(&bn_result); + mbedtls_mpi_init(&bn_rinv); + mbedtls_mpi_read_binary(&bn_base, base, base_len); + mbedtls_mpi_read_binary(&bn_exp, power, power_len); + mbedtls_mpi_read_binary(&bn_modulus, modulus, modulus_len); + + ret = mbedtls_mpi_exp_mod(&bn_result, &bn_base, &bn_exp, &bn_modulus, &bn_rinv); + if (ret < 0) { + mbedtls_mpi_free(&bn_base); + mbedtls_mpi_free(&bn_exp); + mbedtls_mpi_free(&bn_modulus); + mbedtls_mpi_free(&bn_result); + mbedtls_mpi_free(&bn_rinv); + return ret; + } + + ret = mbedtls_mpi_write_binary(&bn_result, result, *result_len); + + mbedtls_mpi_free(&bn_base); + mbedtls_mpi_free(&bn_exp); + mbedtls_mpi_free(&bn_modulus); + mbedtls_mpi_free(&bn_result); + mbedtls_mpi_free(&bn_rinv); + + return ret; +} +#else /* USE_MBEDTLS_CRYPTO */ int crypto_mod_exp(const u8 *base, size_t base_len, const u8 *power, size_t power_len, @@ -54,3 +112,4 @@ error: bignum_deinit(bn_result); return ret; } +#endif /* USE_MBEDTLS_CRYPTO */ diff --git a/components/wpa_supplicant/src/crypto/crypto_internal.c b/components/wpa_supplicant/src/crypto/crypto_internal.c index 5a1d5951c..4622cfcb8 100644 --- a/components/wpa_supplicant/src/crypto/crypto_internal.c +++ b/components/wpa_supplicant/src/crypto/crypto_internal.c @@ -5,12 +5,30 @@ * This software may be distributed under the terms of the BSD license. * See README for more details. */ +/* + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Hardware crypto support Copyright 2017-2019 Espressif Systems (Shanghai) PTE LTD + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ #include "utils/includes.h" #include "utils/common.h" #include "crypto/crypto.h" #include "crypto/sha1_i.h" #include "crypto/md5_i.h" +#ifdef USE_MBEDTLS_CRYPTO +#include "mbedtls/sha256.h" +#endif struct crypto_hash { enum crypto_hash_alg alg; @@ -18,7 +36,11 @@ struct crypto_hash { struct MD5Context md5; struct SHA1Context sha1; #ifdef CONFIG_SHA256 +#ifdef USE_MBEDTLS_CRYPTO + mbedtls_sha256_context sha256; +#else /* USE_MBEDTLS_CRYPTO */ struct sha256_state sha256; +#endif /* USE_MBEDTLS_CRYPTO */ #endif /* CONFIG_SHA256 */ } u; u8 key[64]; @@ -49,7 +71,12 @@ struct crypto_hash * crypto_hash_init(enum crypto_hash_alg alg, const u8 *key, break; #ifdef CONFIG_SHA256 case CRYPTO_HASH_ALG_SHA256: +#ifdef USE_MBEDTLS_CRYPTO + mbedtls_sha256_init(&ctx->u.sha256); + mbedtls_sha256_starts(&ctx->u.sha256, 0); +#else /* USE_MBEDTLS_CRYPTO */ sha256_init(&ctx->u.sha256); +#endif /* USE_MBEDTLS_CRYPTO */ break; #endif /* CONFIG_SHA256 */ case CRYPTO_HASH_ALG_HMAC_MD5: @@ -93,9 +120,17 @@ struct crypto_hash * crypto_hash_init(enum crypto_hash_alg alg, const u8 *key, #ifdef CONFIG_SHA256 case CRYPTO_HASH_ALG_HMAC_SHA256: if (key_len > sizeof(k_pad)) { +#ifdef USE_MBEDTLS_CRYPTO + mbedtls_sha256_init(&ctx->u.sha256); + mbedtls_sha256_starts(&ctx->u.sha256, 0); + mbedtls_sha256_update(&ctx->u.sha256, key, key_len); + mbedtls_sha256_finish(&ctx->u.sha256, tk); + mbedtls_sha256_free(&ctx->u.sha256); +#else /* USE_MBEDTLS_CRYPTO */ sha256_init(&ctx->u.sha256); sha256_process(&ctx->u.sha256, key, key_len); sha256_done(&ctx->u.sha256, tk); +#endif /* USE_MBEDTLS_CRYPTO */ key = tk; key_len = 32; } @@ -107,8 +142,14 @@ struct crypto_hash * crypto_hash_init(enum crypto_hash_alg alg, const u8 *key, os_memset(k_pad + key_len, 0, sizeof(k_pad) - key_len); for (i = 0; i < sizeof(k_pad); i++) k_pad[i] ^= 0x36; +#ifdef USE_MBEDTLS_CRYPTO + mbedtls_sha256_init(&ctx->u.sha256); + mbedtls_sha256_starts(&ctx->u.sha256, 0); + mbedtls_sha256_update(&ctx->u.sha256, k_pad, sizeof(k_pad)); +#else /* USE_MBEDTLS_CRYPTO */ sha256_init(&ctx->u.sha256); sha256_process(&ctx->u.sha256, k_pad, sizeof(k_pad)); +#endif /* USE_MBEDTLS_CRYPTO */ break; #endif /* CONFIG_SHA256 */ default: @@ -137,7 +178,11 @@ void crypto_hash_update(struct crypto_hash *ctx, const u8 *data, size_t len) #ifdef CONFIG_SHA256 case CRYPTO_HASH_ALG_SHA256: case CRYPTO_HASH_ALG_HMAC_SHA256: +#ifdef USE_MBEDTLS_CRYPTO + mbedtls_sha256_update(&ctx->u.sha256, data, len); +#else /* USE_MBEDTLS_CRYPTO */ sha256_process(&ctx->u.sha256, data, len); +#endif /* USE_MBEDTLS_CRYPTO */ break; #endif /* CONFIG_SHA256 */ default: @@ -186,7 +231,12 @@ int crypto_hash_finish(struct crypto_hash *ctx, u8 *mac, size_t *len) return -1; } *len = 32; +#ifdef USE_MBEDTLS_CRYPTO + mbedtls_sha256_finish(&ctx->u.sha256, mac); + mbedtls_sha256_free(&ctx->u.sha256); +#else /* USE_MBEDTLS_CRYPTO */ sha256_done(&ctx->u.sha256, mac); +#endif /* USE_MBEDTLS_CRYPTO */ break; #endif /* CONFIG_SHA256 */ case CRYPTO_HASH_ALG_HMAC_MD5: @@ -238,17 +288,31 @@ int crypto_hash_finish(struct crypto_hash *ctx, u8 *mac, size_t *len) } *len = 32; +#ifdef USE_MBEDTLS_CRYPTO + mbedtls_sha256_finish(&ctx->u.sha256, mac); + mbedtls_sha256_free(&ctx->u.sha256); +#else /* USE_MBEDTLS_CRYPTO */ sha256_done(&ctx->u.sha256, mac); +#endif /* USE_MBEDTLS_CRYPTO */ os_memcpy(k_pad, ctx->key, ctx->key_len); os_memset(k_pad + ctx->key_len, 0, sizeof(k_pad) - ctx->key_len); for (i = 0; i < sizeof(k_pad); i++) k_pad[i] ^= 0x5c; +#ifdef USE_MBEDTLS_CRYPTO + mbedtls_sha256_init(&ctx->u.sha256); + mbedtls_sha256_starts(&ctx->u.sha256, 0); + mbedtls_sha256_update(&ctx->u.sha256, k_pad, sizeof(k_pad)); + mbedtls_sha256_update(&ctx->u.sha256, mac, 32); + mbedtls_sha256_finish(&ctx->u.sha256, mac); + mbedtls_sha256_free(&ctx->u.sha256); +#else /* USE_MBEDTLS_CRYPTO */ sha256_init(&ctx->u.sha256); sha256_process(&ctx->u.sha256, k_pad, sizeof(k_pad)); sha256_process(&ctx->u.sha256, mac, 32); sha256_done(&ctx->u.sha256, mac); +#endif /* USE_MBEDTLS_CRYPTO */ break; #endif /* CONFIG_SHA256 */ default: diff --git a/components/wpa_supplicant/src/crypto/dh_groups.c b/components/wpa_supplicant/src/crypto/dh_groups.c index 9f8584603..e3c7519ec 100644 --- a/components/wpa_supplicant/src/crypto/dh_groups.c +++ b/components/wpa_supplicant/src/crypto/dh_groups.c @@ -586,7 +586,7 @@ dh_init(const struct dh_group *dh, struct wpabuf **priv) if (pv == NULL) return NULL; - if (fast_crypto_mod_exp(dh->generator, dh->generator_len, + if (crypto_mod_exp(dh->generator, dh->generator_len, wpabuf_head(*priv), wpabuf_len(*priv), dh->prime, dh->prime_len, wpabuf_mhead(pv), &pv_len)) { @@ -624,7 +624,7 @@ dh_derive_shared(const struct wpabuf *peer_public, if (shared == NULL) return NULL; - if (fast_crypto_mod_exp(wpabuf_head(peer_public), wpabuf_len(peer_public), + if (crypto_mod_exp(wpabuf_head(peer_public), wpabuf_len(peer_public), wpabuf_head(own_private), wpabuf_len(own_private), dh->prime, dh->prime_len, wpabuf_mhead(shared), &shared_len)) { diff --git a/components/wpa_supplicant/src/crypto/sha256-internal.c b/components/wpa_supplicant/src/crypto/sha256-internal.c index 376dbd98f..df0706b5c 100644 --- a/components/wpa_supplicant/src/crypto/sha256-internal.c +++ b/components/wpa_supplicant/src/crypto/sha256-internal.c @@ -11,12 +11,73 @@ * * See README and COPYING for more details. */ +/* + * Hardware crypto support Copyright 2017-2019 Espressif Systems (Shanghai) PTE LTD + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ #include "utils/includes.h" #include "utils/common.h" +#ifdef USE_MBEDTLS_CRYPTO +#include "mbedtls/sha256.h" +#else /* USE_MBEDTLS_CRYPTO */ #include "crypto/sha256.h" #include "crypto/crypto.h" +#endif /* USE_MBEDTLS_CRYPTO */ + +#ifdef USE_MBEDTLS_CRYPTO +/** + * sha256_vector - SHA256 hash for data vector + * @num_elem: Number of elements in the data vector + * @addr: Pointers to the data areas + * @len: Lengths of the data blocks + * @mac: Buffer for the hash + * Returns: 0 on success, -1 of failure + */ +int +sha256_vector(size_t num_elem, const u8 *addr[], const size_t *len, + u8 *mac) +{ + int ret = 0; + mbedtls_sha256_context ctx; + + mbedtls_sha256_init(&ctx); + + if (mbedtls_sha256_starts_ret(&ctx, 0) != 0) { + ret = -1; + goto out; + } + + for(size_t index = 0; index < num_elem; index++) { + if (mbedtls_sha256_update_ret(&ctx, addr[index], len[index]) != 0) { + ret = -1; + goto out; + } + } + + if (mbedtls_sha256_finish_ret(&ctx, mac) != 0) { + ret = -1; + goto out; + } + +out: + mbedtls_sha256_free(&ctx); + + return ret; +} +#else /* USE_MBEDTLS_CRYPTO */ #define SHA256_BLOCK_SIZE 64 @@ -245,5 +306,6 @@ sha256_done(struct sha256_state *md, unsigned char *out) return 0; } +#endif /* USE_MBEDTLS_CRYPTO */ /* ===== end - public domain SHA256 implementation ===== */ diff --git a/components/wpa_supplicant/src/crypto/sha256.c b/components/wpa_supplicant/src/crypto/sha256.c index 49f248c33..6380897e4 100644 --- a/components/wpa_supplicant/src/crypto/sha256.c +++ b/components/wpa_supplicant/src/crypto/sha256.c @@ -11,6 +11,21 @@ * * See README and COPYING for more details. */ +/* + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Hardware crypto support Copyright 2017-2019 Espressif Systems (Shanghai) PTE LTD + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ #include "utils/includes.h" diff --git a/components/wpa_supplicant/src/fast_crypto/fast_aes-cbc.c b/components/wpa_supplicant/src/fast_crypto/fast_aes-cbc.c deleted file mode 100644 index feccba9e4..000000000 --- a/components/wpa_supplicant/src/fast_crypto/fast_aes-cbc.c +++ /dev/null @@ -1,78 +0,0 @@ -// Hardware crypto support Copyright 2017 Espressif Systems (Shanghai) PTE LTD -// -// Licensed under the Apache License, Version 2.0 (the "License"); - - -#include "utils/includes.h" -#include "utils/common.h" -#include "crypto/aes.h" -#include "crypto/aes_wrap.h" -#include "mbedtls/aes.h" - -/** - * fast_aes_128_cbc_encrypt - AES-128 CBC encryption - * @key: Encryption key - * @iv: Encryption IV for CBC mode (16 bytes) - * @data: Data to encrypt in-place - * @data_len: Length of data in bytes (must be divisible by 16) - * Returns: 0 on success, -1 on failure - */ -int -fast_aes_128_cbc_encrypt(const uint8_t *key, const uint8_t *iv, uint8_t *data, size_t data_len) -{ - int ret = 0; - mbedtls_aes_context ctx; - uint8_t cbc[AES_BLOCK_SIZE]; - - mbedtls_aes_init(&ctx); - - ret = mbedtls_aes_setkey_enc(&ctx, key, 128); - - if(ret < 0) { - mbedtls_aes_free(&ctx); - return ret; - } - - os_memcpy(cbc, iv, AES_BLOCK_SIZE); - - ret = mbedtls_aes_crypt_cbc(&ctx, MBEDTLS_AES_ENCRYPT, data_len, cbc, data, data); - - mbedtls_aes_free(&ctx); - - return ret; -} - - -/** - * fast_aes_128_cbc_decrypt - AES-128 CBC decryption - * @key: Decryption key - * @iv: Decryption IV for CBC mode (16 bytes) - * @data: Data to decrypt in-place - * @data_len: Length of data in bytes (must be divisible by 16) - * Returns: 0 on success, -1 on failure - */ -int -fast_aes_128_cbc_decrypt(const uint8_t *key, const uint8_t *iv, uint8_t *data, size_t data_len) -{ - int ret = 0; - mbedtls_aes_context ctx; - uint8_t cbc[AES_BLOCK_SIZE]; - - mbedtls_aes_init(&ctx); - - ret = mbedtls_aes_setkey_dec(&ctx, key, 128); - - if(ret < 0) { - mbedtls_aes_free(&ctx); - return ret; - } - - os_memcpy(cbc, iv, AES_BLOCK_SIZE); - - ret = mbedtls_aes_crypt_cbc(&ctx, MBEDTLS_AES_DECRYPT, data_len, cbc, data, data); - - mbedtls_aes_free(&ctx); - - return ret; - -} diff --git a/components/wpa_supplicant/src/fast_crypto/fast_aes-unwrap.c b/components/wpa_supplicant/src/fast_crypto/fast_aes-unwrap.c deleted file mode 100644 index b4b940314..000000000 --- a/components/wpa_supplicant/src/fast_crypto/fast_aes-unwrap.c +++ /dev/null @@ -1,84 +0,0 @@ -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at - -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Hardware crypto support Copyright 2017 Espressif Systems (Shanghai) PTE LTD -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -#include "utils/includes.h" -#include "utils/common.h" -#include "mbedtls/aes.h" - -/** - * fast_aes_unwrap - Unwrap key with AES Key Wrap Algorithm (128-bit KEK) (RFC3394) - * @kek: Key encryption key (KEK) - * @n: Length of the plaintext key in 64-bit units; e.g., 2 = 128-bit = 16 - * bytes - * @cipher: Wrapped key to be unwrapped, (n + 1) * 64 bits - * @plain: Plaintext key, n * 64 bits - * Returns: 0 on success, -1 on failure (e.g., integrity verification failed) - */ -int -fast_aes_unwrap(const uint8_t *kek, int n, const uint8_t *cipher, uint8_t *plain) -{ - uint8_t a[8], *r, b[16]; - int32_t i, j; - int32_t ret = 0; - mbedtls_aes_context ctx; - - /* 1) Initialize variables. */ - os_memcpy(a, cipher, 8); - r = plain; - os_memcpy(r, cipher + 8, 8 * n); - - mbedtls_aes_init(&ctx); - ret = mbedtls_aes_setkey_dec(&ctx, kek, 128); - if (ret < 0) { - mbedtls_aes_free(&ctx); - return ret; - } - - /* 2) Compute intermediate values. - * For j = 5 to 0 - * For i = n to 1 - * B = AES-1(K, (A ^ t) | R[i]) where t = n*j+i - * A = MSB(64, B) - * R[i] = LSB(64, B) - */ - for (j = 5; j >= 0; j--) { - r = plain + (n - 1) * 8; - for (i = n; i >= 1; i--) { - os_memcpy(b, a, 8); - b[7] ^= n * j + i; - os_memcpy(b + 8, r, 8); - ret = mbedtls_internal_aes_decrypt(&ctx, b, b); - if (ret != 0) { - break; - } - os_memcpy(a, b, 8); - os_memcpy(r, b + 8, 8); - r -= 8; - } - } - mbedtls_aes_free(&ctx); - - /* 3) Output results. - * - * These are already in @plain due to the location of temporary - * variables. Just verify that the IV matches with the expected value. - */ - for (i = 0; i < 8; i++) { - if (a[i] != 0xa6) { - return -1; - } - } - - return ret; -} diff --git a/components/wpa_supplicant/src/fast_crypto/fast_aes-wrap.c b/components/wpa_supplicant/src/fast_crypto/fast_aes-wrap.c deleted file mode 100644 index ea15d8bc2..000000000 --- a/components/wpa_supplicant/src/fast_crypto/fast_aes-wrap.c +++ /dev/null @@ -1,83 +0,0 @@ -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at - -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Hardware crypto support Copyright 2017 Espressif Systems (Shanghai) PTE LTD -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -#include "utils/includes.h" - -#include "utils/common.h" -#include "crypto/aes.h" -#include "crypto/aes_wrap.h" -#include "mbedtls/aes.h" - -/** - * fast_aes_wrap - Wrap keys with AES Key Wrap Algorithm (128-bit KEK) (RFC3394) - * @kek: 16-octet Key encryption key (KEK) - * @n: Length of the plaintext key in 64-bit units; e.g., 2 = 128-bit = 16 - * bytes - * @plain: Plaintext key to be wrapped, n * 64 bits - * @cipher: Wrapped key, (n + 1) * 64 bits - * Returns: 0 on success, -1 on failure - */ -int fast_aes_wrap(const uint8_t *kek, int n, const uint8_t *plain, uint8_t *cipher) -{ - uint8_t *a, *r, b[16]; - int32_t i, j; - int32_t ret = 0; - mbedtls_aes_context ctx; - - a = cipher; - r = cipher + 8; - - /* 1) Initialize variables. */ - os_memset(a, 0xa6, 8); - os_memcpy(r, plain, 8 * n); - - mbedtls_aes_init(&ctx); - ret = mbedtls_aes_setkey_enc(&ctx, kek, 128); - if (ret < 0) { - mbedtls_aes_free(&ctx); - return ret; - } - - /* 2) Calculate intermediate values. - * For j = 0 to 5 - * For i=1 to n - * B = AES(K, A | R[i]) - * A = MSB(64, B) ^ t where t = (n*j)+i - * R[i] = LSB(64, B) - */ - for (j = 0; j <= 5; j++) { - r = cipher + 8; - for (i = 1; i <= n; i++) { - os_memcpy(b, a, 8); - os_memcpy(b + 8, r, 8); - ret = mbedtls_internal_aes_encrypt(&ctx, b, b); - if (ret != 0) { - break; - } - os_memcpy(a, b, 8); - a[7] ^= n * j + i; - os_memcpy(r, b + 8, 8); - r += 8; - } - } - mbedtls_aes_free(&ctx); - - /* 3) Output the results. - * - * These are already in @cipher due to the location of temporary - * variables. - */ - - return ret; -} diff --git a/components/wpa_supplicant/src/fast_crypto/fast_crypto_internal-cipher.c b/components/wpa_supplicant/src/fast_crypto/fast_crypto_internal-cipher.c deleted file mode 100644 index 667a886d1..000000000 --- a/components/wpa_supplicant/src/fast_crypto/fast_crypto_internal-cipher.c +++ /dev/null @@ -1,287 +0,0 @@ -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at - -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Hardware crypto support Copyright 2017 Espressif Systems (Shanghai) PTE LTD -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -//#include "utils/includes.h" - -//#include "utils/common.h" -#include "utils/common.h" -#include "crypto/crypto.h" -#include "crypto/aes.h" -#if defined(CONFIG_DES) || defined(CONFIG_DES3) -#include "crypto/des_i.h" -#endif -#include "mbedtls/aes.h" - -struct fast_crypto_cipher { - enum crypto_cipher_alg alg; - union { - struct { - size_t used_bytes; - uint8_t key[16]; - size_t keylen; - } rc4; - struct { - uint8_t cbc[32]; - mbedtls_aes_context ctx_enc; - mbedtls_aes_context ctx_dec; - } aes; -#ifdef CONFIG_DES3 - struct { - struct des3_key_s key; - uint8_t cbc[8]; - } des3; -#endif -#ifdef CONFIG_DES - struct { - uint32_t ek[32]; - uint32_t dk[32]; - uint32_t cbc[8]; - } des; -#endif - } u; -}; - - -struct crypto_cipher * fast_crypto_cipher_init(enum crypto_cipher_alg alg, - const uint8_t *iv, const uint8_t *key, - size_t key_len) -{ - struct fast_crypto_cipher *ctx; - - ctx = (struct fast_crypto_cipher *)os_zalloc(sizeof(*ctx)); - if (ctx == NULL) { - return NULL; - } - - ctx->alg = alg; - - switch (alg) { - case CRYPTO_CIPHER_ALG_RC4: - if (key_len > sizeof(ctx->u.rc4.key)) { - os_free(ctx); - return NULL; - } - ctx->u.rc4.keylen = key_len; - os_memcpy(ctx->u.rc4.key, key, key_len); - break; - case CRYPTO_CIPHER_ALG_AES: - mbedtls_aes_init(&(ctx->u.aes.ctx_enc)); - mbedtls_aes_setkey_enc(&(ctx->u.aes.ctx_enc), key, key_len * 8); - mbedtls_aes_init(&(ctx->u.aes.ctx_dec)); - mbedtls_aes_setkey_dec(&(ctx->u.aes.ctx_dec), key, key_len * 8); - os_memcpy(ctx->u.aes.cbc, iv, AES_BLOCK_SIZE); - break; -#ifdef CONFIG_DES3 - case CRYPTO_CIPHER_ALG_3DES: - if (key_len != 24) { - os_free(ctx); - return NULL; - } - des3_key_setup(key, &ctx->u.des3.key); - os_memcpy(ctx->u.des3.cbc, iv, 8); - break; -#endif -#ifdef CONFIG_DES - case CRYPTO_CIPHER_ALG_DES: - if (key_len != 8) { - os_free(ctx); - return NULL; - } - des_key_setup(key, ctx->u.des.ek, ctx->u.des.dk); - os_memcpy(ctx->u.des.cbc, iv, 8); - break; -#endif - default: - os_free(ctx); - return NULL; - } - - return (struct crypto_cipher *)ctx; -} - - -int fast_crypto_cipher_encrypt(struct crypto_cipher *ctx, const uint8_t *plain, - uint8_t *crypt, size_t len) -{ - size_t i, j, blocks; - struct fast_crypto_cipher *fast_ctx; - - fast_ctx = (struct fast_crypto_cipher *)ctx; - - switch (fast_ctx->alg) { - case CRYPTO_CIPHER_ALG_RC4: - if (plain != crypt) { - os_memcpy(crypt, plain, len); - } - rc4_skip(fast_ctx->u.rc4.key, fast_ctx->u.rc4.keylen, - fast_ctx->u.rc4.used_bytes, crypt, len); - fast_ctx->u.rc4.used_bytes += len; - break; - case CRYPTO_CIPHER_ALG_AES: - if (len % AES_BLOCK_SIZE) { - return -1; - } - blocks = len / AES_BLOCK_SIZE; - for (i = 0; i < blocks; i++) { - for (j = 0; j < AES_BLOCK_SIZE; j++) - fast_ctx->u.aes.cbc[j] ^= plain[j]; - if (mbedtls_internal_aes_encrypt(&(fast_ctx->u.aes.ctx_enc), fast_ctx->u.aes.cbc, fast_ctx->u.aes.cbc) != 0) { - return -1; - } - os_memcpy(crypt, fast_ctx->u.aes.cbc, AES_BLOCK_SIZE); - plain += AES_BLOCK_SIZE; - crypt += AES_BLOCK_SIZE; - } - break; -#ifdef CONFIG_DES3 - case CRYPTO_CIPHER_ALG_3DES: - if (len % 8) { - return -1; - } - blocks = len / 8; - for (i = 0; i < blocks; i++) { - for (j = 0; j < 8; j++) - fast_ctx->u.des3.cbc[j] ^= plain[j]; - des3_encrypt(fast_ctx->u.des3.cbc, &fast_ctx->u.des3.key, - fast_ctx->u.des3.cbc); - os_memcpy(crypt, fast_ctx->u.des3.cbc, 8); - plain += 8; - crypt += 8; - } - break; -#endif -#ifdef CONFIG_DES - case CRYPTO_CIPHER_ALG_DES: - if (len % 8) { - return -1; - } - blocks = len / 8; - for (i = 0; i < blocks; i++) { - for (j = 0; j < 8; j++) - fast_ctx->u.des3.cbc[j] ^= plain[j]; - des_block_encrypt(fast_ctx->u.des.cbc, fast_ctx->u.des.ek, - fast_ctx->u.des.cbc); - os_memcpy(crypt, fast_ctx->u.des.cbc, 8); - plain += 8; - crypt += 8; - } - break; -#endif - default: - return -1; - } - - return 0; -} - - -int fast_crypto_cipher_decrypt(struct crypto_cipher *ctx, const uint8_t *crypt, - uint8_t *plain, size_t len) -{ - size_t i, j, blocks; - uint8_t tmp[32]; - struct fast_crypto_cipher *fast_ctx; - - fast_ctx = (struct fast_crypto_cipher *)ctx; - - switch (fast_ctx->alg) { - case CRYPTO_CIPHER_ALG_RC4: - if (plain != crypt) { - os_memcpy(plain, crypt, len); - } - rc4_skip(fast_ctx->u.rc4.key, fast_ctx->u.rc4.keylen, - fast_ctx->u.rc4.used_bytes, plain, len); - fast_ctx->u.rc4.used_bytes += len; - break; - case CRYPTO_CIPHER_ALG_AES: - if (len % AES_BLOCK_SIZE) { - return -1; - } - blocks = len / AES_BLOCK_SIZE; - for (i = 0; i < blocks; i++) { - os_memcpy(tmp, crypt, AES_BLOCK_SIZE); - if (mbedtls_internal_aes_decrypt(&(fast_ctx->u.aes.ctx_dec), crypt, plain) != 0) { - return -1; - } - for (j = 0; j < AES_BLOCK_SIZE; j++) - plain[j] ^= fast_ctx->u.aes.cbc[j]; - os_memcpy(fast_ctx->u.aes.cbc, tmp, AES_BLOCK_SIZE); - plain += AES_BLOCK_SIZE; - crypt += AES_BLOCK_SIZE; - } - break; -#ifdef CONFIG_DES3 - case CRYPTO_CIPHER_ALG_3DES: - if (len % 8) { - return -1; - } - blocks = len / 8; - for (i = 0; i < blocks; i++) { - os_memcpy(tmp, crypt, 8); - des3_decrypt(crypt, &fast_ctx->u.des3.key, plain); - for (j = 0; j < 8; j++) { - plain[j] ^= fast_ctx->u.des3.cbc[j]; - } - os_memcpy(fast_ctx->u.des3.cbc, tmp, 8); - plain += 8; - crypt += 8; - } - break; -#endif -#ifdef CONFIG_DES - case CRYPTO_CIPHER_ALG_DES: - if (len % 8) { - return -1; - } - blocks = len / 8; - for (i = 0; i < blocks; i++) { - os_memcpy(tmp, crypt, 8); - des_block_decrypt(crypt, fast_ctx->u.des.dk, plain); - for (j = 0; j < 8; j++) { - plain[j] ^= fast_ctx->u.des.cbc[j]; - } - os_memcpy(fast_ctx->u.des.cbc, tmp, 8); - plain += 8; - crypt += 8; - } - break; -#endif - default: - return -1; -} - -return 0; -} - - -void fast_crypto_cipher_deinit(struct crypto_cipher *ctx) -{ - struct fast_crypto_cipher *fast_ctx; - - fast_ctx = (struct fast_crypto_cipher *)ctx; - - switch (fast_ctx->alg) { - case CRYPTO_CIPHER_ALG_AES: - mbedtls_aes_free(&(fast_ctx->u.aes.ctx_enc)); - mbedtls_aes_free(&(fast_ctx->u.aes.ctx_dec)); - break; -#ifdef CONFIG_DES3 - case CRYPTO_CIPHER_ALG_3DES: - break; -#endif - default: - break; - } - os_free(ctx); -} diff --git a/components/wpa_supplicant/src/fast_crypto/fast_crypto_internal-modexp.c b/components/wpa_supplicant/src/fast_crypto/fast_crypto_internal-modexp.c deleted file mode 100644 index 2c869ce78..000000000 --- a/components/wpa_supplicant/src/fast_crypto/fast_crypto_internal-modexp.c +++ /dev/null @@ -1,59 +0,0 @@ -// Hardware crypto support Copyright 2017 Espressif Systems (Shanghai) PTE LTD -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at - -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -#include "utils/includes.h" - -#include "utils/common.h" -#include "crypto/crypto.h" -#include "mbedtls/bignum.h" - -int -fast_crypto_mod_exp(const uint8_t *base, size_t base_len, - const uint8_t *power, size_t power_len, - const uint8_t *modulus, size_t modulus_len, - uint8_t *result, size_t *result_len) -{ - mbedtls_mpi bn_base, bn_exp, bn_modulus, bn_result, bn_rinv; - int32_t ret = 0; - mbedtls_mpi_init(&bn_base); - mbedtls_mpi_init(&bn_exp); - mbedtls_mpi_init(&bn_modulus); - mbedtls_mpi_init(&bn_result); - mbedtls_mpi_init(&bn_rinv); - - mbedtls_mpi_read_binary(&bn_base, base, base_len); - mbedtls_mpi_read_binary(&bn_exp, power, power_len); - mbedtls_mpi_read_binary(&bn_modulus, modulus, modulus_len); - - ret = mbedtls_mpi_exp_mod(&bn_result, &bn_base, &bn_exp, &bn_modulus, &bn_rinv); - if (ret < 0) { - mbedtls_mpi_free(&bn_base); - mbedtls_mpi_free(&bn_exp); - mbedtls_mpi_free(&bn_modulus); - mbedtls_mpi_free(&bn_result); - mbedtls_mpi_free(&bn_rinv); - return ret; - } - - ret = mbedtls_mpi_write_binary(&bn_result, result, *result_len); - - - mbedtls_mpi_free(&bn_base); - mbedtls_mpi_free(&bn_exp); - mbedtls_mpi_free(&bn_modulus); - mbedtls_mpi_free(&bn_result); - mbedtls_mpi_free(&bn_rinv); - - return ret; -} diff --git a/components/wpa_supplicant/src/fast_crypto/fast_crypto_internal.c b/components/wpa_supplicant/src/fast_crypto/fast_crypto_internal.c deleted file mode 100644 index cb5e988cb..000000000 --- a/components/wpa_supplicant/src/fast_crypto/fast_crypto_internal.c +++ /dev/null @@ -1,278 +0,0 @@ -/* - * Crypto wrapper for internal crypto implementation - * Copyright (c) 2006-2011, Jouni Malinen - * - * Hardware crypto support Copyright 2017 Espressif Systems (Shanghai) PTE LTD - * - * This software may be distributed under the terms of the BSD license. - * See README for more details. - */ - -#include "utils/includes.h" -#include "utils/common.h" -#include "crypto/crypto.h" -#include "crypto/sha1_i.h" -#include "crypto/md5_i.h" -#include "mbedtls/sha256.h" - - -struct fast_crypto_hash { - enum crypto_hash_alg alg; - union { - struct MD5Context md5; - struct SHA1Context sha1; -#ifdef CONFIG_SHA256 - mbedtls_sha256_context sha256; -#endif /* CONFIG_SHA256 */ - } u; - u8 key[64]; - size_t key_len; -}; - -struct crypto_hash * fast_crypto_hash_init(enum crypto_hash_alg alg, const u8 *key, - size_t key_len) -{ - struct fast_crypto_hash *ctx; - u8 k_pad[64]; - u8 tk[32]; - size_t i; - - ctx = (struct fast_crypto_hash *)os_zalloc(sizeof(*ctx)); - if (ctx == NULL) - return NULL; - - ctx->alg = alg; - - switch (alg) { - case CRYPTO_HASH_ALG_MD5: - MD5Init(&ctx->u.md5); - break; - case CRYPTO_HASH_ALG_SHA1: - SHA1Init(&ctx->u.sha1); - break; -#ifdef CONFIG_SHA256 - case CRYPTO_HASH_ALG_SHA256: - mbedtls_sha256_init(&ctx->u.sha256); - mbedtls_sha256_starts(&ctx->u.sha256, 0); - break; -#endif /* CONFIG_SHA256 */ - case CRYPTO_HASH_ALG_HMAC_MD5: - if (key_len > sizeof(k_pad)) { - MD5Init(&ctx->u.md5); - MD5Update(&ctx->u.md5, key, key_len); - MD5Final(tk, &ctx->u.md5); - key = tk; - key_len = 16; - } - os_memcpy(ctx->key, key, key_len); - ctx->key_len = key_len; - - os_memcpy(k_pad, key, key_len); - if (key_len < sizeof(k_pad)) - os_memset(k_pad + key_len, 0, sizeof(k_pad) - key_len); - for (i = 0; i < sizeof(k_pad); i++) - k_pad[i] ^= 0x36; - MD5Init(&ctx->u.md5); - MD5Update(&ctx->u.md5, k_pad, sizeof(k_pad)); - break; - case CRYPTO_HASH_ALG_HMAC_SHA1: - if (key_len > sizeof(k_pad)) { - SHA1Init(&ctx->u.sha1); - SHA1Update(&ctx->u.sha1, key, key_len); - SHA1Final(tk, &ctx->u.sha1); - key = tk; - key_len = 20; - } - os_memcpy(ctx->key, key, key_len); - ctx->key_len = key_len; - - os_memcpy(k_pad, key, key_len); - if (key_len < sizeof(k_pad)) - os_memset(k_pad + key_len, 0, sizeof(k_pad) - key_len); - for (i = 0; i < sizeof(k_pad); i++) - k_pad[i] ^= 0x36; - SHA1Init(&ctx->u.sha1); - SHA1Update(&ctx->u.sha1, k_pad, sizeof(k_pad)); - break; -#ifdef CONFIG_SHA256 - case CRYPTO_HASH_ALG_HMAC_SHA256: - if (key_len > sizeof(k_pad)) { - mbedtls_sha256_init(&ctx->u.sha256); - mbedtls_sha256_starts(&ctx->u.sha256, 0); - mbedtls_sha256_update(&ctx->u.sha256, key, key_len); - mbedtls_sha256_finish(&ctx->u.sha256, tk); - mbedtls_sha256_free(&ctx->u.sha256); - key = tk; - key_len = 32; - } - os_memcpy(ctx->key, key, key_len); - ctx->key_len = key_len; - - os_memcpy(k_pad, key, key_len); - if (key_len < sizeof(k_pad)) - os_memset(k_pad + key_len, 0, sizeof(k_pad) - key_len); - for (i = 0; i < sizeof(k_pad); i++) - k_pad[i] ^= 0x36; - mbedtls_sha256_init(&ctx->u.sha256); - mbedtls_sha256_starts(&ctx->u.sha256, 0); - mbedtls_sha256_update(&ctx->u.sha256, k_pad, sizeof(k_pad)); - break; -#endif /* CONFIG_SHA256 */ - default: - os_free(ctx); - return NULL; - } - - return (struct crypto_hash *)ctx; -} - - -void fast_crypto_hash_update(struct crypto_hash *ctx, const u8 *data, size_t len) -{ - - struct fast_crypto_hash *fast_ctx; - fast_ctx = (struct fast_crypto_hash *)ctx; - - if (fast_ctx == NULL) - return; - - switch (fast_ctx->alg) { - case CRYPTO_HASH_ALG_MD5: - case CRYPTO_HASH_ALG_HMAC_MD5: - MD5Update(&fast_ctx->u.md5, data, len); - break; - case CRYPTO_HASH_ALG_SHA1: - case CRYPTO_HASH_ALG_HMAC_SHA1: - SHA1Update(&fast_ctx->u.sha1, data, len); - break; -#ifdef CONFIG_SHA256 - case CRYPTO_HASH_ALG_SHA256: - case CRYPTO_HASH_ALG_HMAC_SHA256: - mbedtls_sha256_update(&fast_ctx->u.sha256, data, len); - break; -#endif /* CONFIG_SHA256 */ - default: - break; - } -} - - -int fast_crypto_hash_finish(struct crypto_hash *ctx, u8 *mac, size_t *len) -{ - u8 k_pad[64]; - size_t i; - struct fast_crypto_hash *fast_ctx; - - if (ctx == NULL) - return -2; - - fast_ctx = (struct fast_crypto_hash *)ctx; - - if (mac == NULL || len == NULL) { - os_free(fast_ctx); - return 0; - } - - switch (fast_ctx->alg) { - case CRYPTO_HASH_ALG_MD5: - if (*len < 16) { - *len = 16; - os_free(fast_ctx); - return -1; - } - *len = 16; - MD5Final(mac, &fast_ctx->u.md5); - break; - case CRYPTO_HASH_ALG_SHA1: - if (*len < 20) { - *len = 20; - os_free(fast_ctx); - return -1; - } - *len = 20; - SHA1Final(mac, &fast_ctx->u.sha1); - break; -#ifdef CONFIG_SHA256 - case CRYPTO_HASH_ALG_SHA256: - if (*len < 32) { - *len = 32; - os_free(fast_ctx); - return -1; - } - *len = 32; - mbedtls_sha256_finish(&fast_ctx->u.sha256, mac); - mbedtls_sha256_free(&fast_ctx->u.sha256); - break; -#endif /* CONFIG_SHA256 */ - case CRYPTO_HASH_ALG_HMAC_MD5: - if (*len < 16) { - *len = 16; - os_free(fast_ctx); - return -1; - } - *len = 16; - - MD5Final(mac, &fast_ctx->u.md5); - - os_memcpy(k_pad, fast_ctx->key, fast_ctx->key_len); - os_memset(k_pad + fast_ctx->key_len, 0, - sizeof(k_pad) - fast_ctx->key_len); - for (i = 0; i < sizeof(k_pad); i++) - k_pad[i] ^= 0x5c; - MD5Init(&fast_ctx->u.md5); - MD5Update(&fast_ctx->u.md5, k_pad, sizeof(k_pad)); - MD5Update(&fast_ctx->u.md5, mac, 16); - MD5Final(mac, &fast_ctx->u.md5); - break; - case CRYPTO_HASH_ALG_HMAC_SHA1: - if (*len < 20) { - *len = 20; - os_free(ctx); - return -1; - } - *len = 20; - - SHA1Final(mac, &fast_ctx->u.sha1); - os_memcpy(k_pad, fast_ctx->key, fast_ctx->key_len); - os_memset(k_pad + fast_ctx->key_len, 0, - sizeof(k_pad) - fast_ctx->key_len); - for (i = 0; i < sizeof(k_pad); i++) - k_pad[i] ^= 0x5c; - SHA1Init(&fast_ctx->u.sha1); - SHA1Update(&fast_ctx->u.sha1, k_pad, sizeof(k_pad)); - SHA1Update(&fast_ctx->u.sha1, mac, 20); - SHA1Final(mac, &fast_ctx->u.sha1); - break; -#ifdef CONFIG_SHA256 - case CRYPTO_HASH_ALG_HMAC_SHA256: - if (*len < 32) { - *len = 32; - os_free(fast_ctx); - return -1; - } - *len = 32; - mbedtls_sha256_finish(&fast_ctx->u.sha256, mac); - mbedtls_sha256_free(&fast_ctx->u.sha256); - - os_memcpy(k_pad, fast_ctx->key, fast_ctx->key_len); - os_memset(k_pad + fast_ctx->key_len, 0, - sizeof(k_pad) - fast_ctx->key_len); - for (i = 0; i < sizeof(k_pad); i++) - k_pad[i] ^= 0x5c; - mbedtls_sha256_init(&fast_ctx->u.sha256); - mbedtls_sha256_starts(&fast_ctx->u.sha256, 0); - mbedtls_sha256_update(&fast_ctx->u.sha256, k_pad, sizeof(k_pad)); - mbedtls_sha256_update(&fast_ctx->u.sha256, mac, 32); - mbedtls_sha256_finish(&fast_ctx->u.sha256, mac); - mbedtls_sha256_free(&fast_ctx->u.sha256); - break; -#endif /* CONFIG_SHA256 */ - default: - os_free(fast_ctx); - return -1; - } - - os_free(fast_ctx); - - return 0; -} diff --git a/components/wpa_supplicant/src/fast_crypto/fast_sha256-internal.c b/components/wpa_supplicant/src/fast_crypto/fast_sha256-internal.c deleted file mode 100644 index cdbd07210..000000000 --- a/components/wpa_supplicant/src/fast_crypto/fast_sha256-internal.c +++ /dev/null @@ -1,58 +0,0 @@ -// Hardware crypto support Copyright 2017 Espressif Systems (Shanghai) PTE LTD -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at - -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -#include "utils/includes.h" -#include "utils/common.h" -#include "mbedtls/sha256.h" - -/** - * fast_sha256_vector - SHA256 hash for data vector - * @num_elem: Number of elements in the data vector - * @addr: Pointers to the data areas - * @len: Lengths of the data blocks - * @mac: Buffer for the hash - * Returns: 0 on success, -1 of failure - */ -int -fast_sha256_vector(size_t num_elem, const uint8_t *addr[], const size_t *len, - uint8_t *mac) -{ - int ret = 0; - mbedtls_sha256_context ctx; - - mbedtls_sha256_init(&ctx); - - if (mbedtls_sha256_starts_ret(&ctx, 0) != 0) { - ret = -1; - goto out; - } - - for(size_t index = 0; index < num_elem; index++) { - if (mbedtls_sha256_update_ret(&ctx, addr[index], len[index]) != 0) { - ret = -1; - goto out; - } - } - - if (mbedtls_sha256_finish_ret(&ctx, mac) != 0) { - ret = -1; - goto out; - } - -out: - mbedtls_sha256_free(&ctx); - - return ret; -} - diff --git a/components/wpa_supplicant/src/fast_crypto/fast_sha256.c b/components/wpa_supplicant/src/fast_crypto/fast_sha256.c deleted file mode 100644 index 0f0a785b1..000000000 --- a/components/wpa_supplicant/src/fast_crypto/fast_sha256.c +++ /dev/null @@ -1,165 +0,0 @@ -/* - * SHA-256 hash implementation and interface functions - * Copyright (c) 2003-2007, Jouni Malinen - * - * Hardware crypto support Copyright 2017 Espressif Systems (Shanghai) PTE LTD - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 as - * published by the Free Software Foundation. - * - * Alternatively, this software may be distributed under the terms of BSD - * license. - * - * See README and COPYING for more details. - */ - -#include "utils/includes.h" - -#include "utils/common.h" -#include "crypto/sha256.h" -#include "crypto/crypto.h" - - -/** - * fast_hmac_sha256_vector - HMAC-SHA256 over data vector (RFC 2104) - * @key: Key for HMAC operations - * @key_len: Length of the key in bytes - * @num_elem: Number of elements in the data vector - * @addr: Pointers to the data areas - * @len: Lengths of the data blocks - * @mac: Buffer for the hash (32 bytes) - */ -void -fast_hmac_sha256_vector(const uint8_t *key, size_t key_len, size_t num_elem, - const uint8_t *addr[], const size_t *len, uint8_t *mac) -{ - uint8_t k_pad[64]; /* padding - key XORd with ipad/opad */ - uint8_t tk[32]; - const uint8_t *_addr[6]; - size_t _len[6], i; - - if (num_elem > 5) { - /* - * Fixed limit on the number of fragments to avoid having to - * allocate memory (which could fail). - */ - return; - } - - /* if key is longer than 64 bytes reset it to key = SHA256(key) */ - if (key_len > 64) { - fast_sha256_vector(1, &key, &key_len, tk); - key = tk; - key_len = 32; - } - - /* the HMAC_SHA256 transform looks like: - * - * SHA256(K XOR opad, SHA256(K XOR ipad, text)) - * - * where K is an n byte key - * ipad is the byte 0x36 repeated 64 times - * opad is the byte 0x5c repeated 64 times - * and text is the data being protected - */ - - /* start out by storing key in ipad */ - os_memset(k_pad, 0, sizeof(k_pad)); - os_memcpy(k_pad, key, key_len); - /* XOR key with ipad values */ - for (i = 0; i < 64; i++) { - k_pad[i] ^= 0x36; - } - - /* perform inner SHA256 */ - _addr[0] = k_pad; - _len[0] = 64; - for (i = 0; i < num_elem; i++) { - _addr[i + 1] = addr[i]; - _len[i + 1] = len[i]; - } - fast_sha256_vector(1 + num_elem, _addr, _len, mac); - - os_memset(k_pad, 0, sizeof(k_pad)); - os_memcpy(k_pad, key, key_len); - /* XOR key with opad values */ - for (i = 0; i < 64; i++) { - k_pad[i] ^= 0x5c; - } - - /* perform outer SHA256 */ - _addr[0] = k_pad; - _len[0] = 64; - _addr[1] = mac; - _len[1] = SHA256_MAC_LEN; - fast_sha256_vector(2, _addr, _len, mac); -} - - -/** - * fast_hmac_sha256 - HMAC-SHA256 over data buffer (RFC 2104) - * @key: Key for HMAC operations - * @key_len: Length of the key in bytes - * @data: Pointers to the data area - * @data_len: Length of the data area - * @mac: Buffer for the hash (20 bytes) - */ -void -fast_hmac_sha256(const uint8_t *key, size_t key_len, const uint8_t *data, - size_t data_len, uint8_t *mac) -{ - fast_hmac_sha256_vector(key, key_len, 1, &data, &data_len, mac); -} - - -/** - * fast_sha256_prf - SHA256-based Pseudo-Random Function (IEEE 802.11r, 8.5.1.5.2) - * @key: Key for PRF - * @key_len: Length of the key in bytes - * @label: A unique label for each purpose of the PRF - * @data: Extra data to bind into the key - * @data_len: Length of the data - * @buf: Buffer for the generated pseudo-random key - * @buf_len: Number of bytes of key to generate - * - * This function is used to derive new, cryptographically separate keys from a - * given key. - */ -void -fast_sha256_prf(const uint8_t *key, size_t key_len, const char *label, - const uint8_t *data, size_t data_len, uint8_t *buf, size_t buf_len) -{ - uint16_t counter = 1; - size_t pos, plen; - uint8_t hash[SHA256_MAC_LEN]; - const uint8_t *addr[4]; - size_t len[4]; - uint8_t counter_le[2], length_le[2]; - - addr[0] = counter_le; - len[0] = 2; - addr[1] = (uint8_t *) label; - len[1] = os_strlen(label); - addr[2] = data; - len[2] = data_len; - addr[3] = length_le; - len[3] = sizeof(length_le); - - WPA_PUT_LE16(length_le, buf_len * 8); - pos = 0; - while (pos < buf_len) { - plen = buf_len - pos; - WPA_PUT_LE16(counter_le, counter); - if (plen >= SHA256_MAC_LEN) { - fast_hmac_sha256_vector(key, key_len, 4, addr, len, - &buf[pos]); - pos += SHA256_MAC_LEN; - } else { - fast_hmac_sha256_vector(key, key_len, 4, addr, len, hash); - os_memcpy(&buf[pos], hash, plen); - break; - } - counter++; - } -} diff --git a/components/wpa_supplicant/src/rsn_supp/wpa.c b/components/wpa_supplicant/src/rsn_supp/wpa.c index c5b5c8637..29d79bbc6 100644 --- a/components/wpa_supplicant/src/rsn_supp/wpa.c +++ b/components/wpa_supplicant/src/rsn_supp/wpa.c @@ -1179,7 +1179,7 @@ failed: #endif return -1; } - if (fast_aes_unwrap(sm->ptk.kek, maxkeylen / 8, + if (aes_unwrap(sm->ptk.kek, maxkeylen / 8, (const u8 *) (key + 1), gd->gtk)) { #ifdef DEBUG_PRINT wpa_printf(MSG_DEBUG, "WPA: AES unwrap " @@ -1424,7 +1424,7 @@ failed: return -1; } */ - if (fast_aes_unwrap(sm->ptk.kek, keydatalen / 8, + if (aes_unwrap(sm->ptk.kek, keydatalen / 8, (u8 *) (key + 1), buf)) { #ifdef DEBUG_PRINT wpa_printf(MSG_DEBUG, "WPA: AES unwrap failed - " diff --git a/components/wpa_supplicant/src/tls/pkcs5.c b/components/wpa_supplicant/src/tls/pkcs5.c index 734a03368..469707407 100644 --- a/components/wpa_supplicant/src/tls/pkcs5.c +++ b/components/wpa_supplicant/src/tls/pkcs5.c @@ -165,7 +165,7 @@ static struct crypto_cipher * pkcs5_crypto_init(struct pkcs5_params *params, wpa_hexdump_key(MSG_DEBUG, "PKCS #5: DES key", hash, 8); wpa_hexdump_key(MSG_DEBUG, "PKCS #5: DES IV", hash + 8, 8); - return fast_crypto_cipher_init(CRYPTO_CIPHER_ALG_DES, hash + 8, hash, 8); + return crypto_cipher_init(CRYPTO_CIPHER_ALG_DES, hash + 8, hash, 8); } @@ -194,24 +194,24 @@ u8 * pkcs5_decrypt(const u8 *enc_alg, size_t enc_alg_len, if (enc_data_len < 16 || enc_data_len % 8) { wpa_printf(MSG_INFO, "PKCS #5: invalid length of ciphertext " "%d", (int) enc_data_len); - fast_crypto_cipher_deinit(ctx); + crypto_cipher_deinit(ctx); return NULL; } eb = os_malloc(enc_data_len); if (eb == NULL) { - fast_crypto_cipher_deinit(ctx); + crypto_cipher_deinit(ctx); return NULL; } - if ((int)fast_crypto_cipher_decrypt(ctx, enc_data, eb, enc_data_len) < 0) { + if ((int)crypto_cipher_decrypt(ctx, enc_data, eb, enc_data_len) < 0) { wpa_printf(MSG_DEBUG, "PKCS #5: Failed to decrypt EB"); - fast_crypto_cipher_deinit(ctx); + crypto_cipher_deinit(ctx); os_free(eb); return NULL; } - fast_crypto_cipher_deinit(ctx); + crypto_cipher_deinit(ctx); pad = eb[enc_data_len - 1]; if (pad > 8) { diff --git a/components/wpa_supplicant/src/tls/tlsv1_client_read.c b/components/wpa_supplicant/src/tls/tlsv1_client_read.c index 89b25e149..a585f2060 100644 --- a/components/wpa_supplicant/src/tls/tlsv1_client_read.c +++ b/components/wpa_supplicant/src/tls/tlsv1_client_read.c @@ -816,7 +816,7 @@ static int tls_process_server_finished(struct tlsv1_client *conn, u8 ct, if (conn->rl.tls_version >= TLS_VERSION_1_2) { hlen = SHA256_MAC_LEN; if (conn->verify.sha256_server == NULL || - fast_crypto_hash_finish(conn->verify.sha256_server, hash, &hlen) < 0) { + crypto_hash_finish(conn->verify.sha256_server, hash, &hlen) < 0) { tls_alert(conn, TLS_ALERT_LEVEL_FATAL, TLS_ALERT_INTERNAL_ERROR); conn->verify.sha256_server = NULL; return -1; diff --git a/components/wpa_supplicant/src/tls/tlsv1_client_write.c b/components/wpa_supplicant/src/tls/tlsv1_client_write.c index 6f4f88752..53a1b3388 100644 --- a/components/wpa_supplicant/src/tls/tlsv1_client_write.c +++ b/components/wpa_supplicant/src/tls/tlsv1_client_write.c @@ -476,7 +476,7 @@ static int tls_write_client_certificate_verify(struct tlsv1_client *conn, if (conn->rl.tls_version == TLS_VERSION_1_2) { hlen = SHA256_MAC_LEN; if (conn->verify.sha256_cert == NULL || - fast_crypto_hash_finish(conn->verify.sha256_cert, hpos, &hlen) < + crypto_hash_finish(conn->verify.sha256_cert, hpos, &hlen) < 0) { conn->verify.sha256_cert = NULL; tls_alert(conn, TLS_ALERT_LEVEL_FATAL, @@ -654,7 +654,7 @@ static int tls_write_client_finished(struct tlsv1_client *conn, if (conn->rl.tls_version >= TLS_VERSION_1_2) { hlen = SHA256_MAC_LEN; if (conn->verify.sha256_client == NULL || - fast_crypto_hash_finish(conn->verify.sha256_client, hash, &hlen) + crypto_hash_finish(conn->verify.sha256_client, hash, &hlen) < 0) { tls_alert(conn, TLS_ALERT_LEVEL_FATAL, TLS_ALERT_INTERNAL_ERROR); diff --git a/components/wpa_supplicant/src/tls/tlsv1_common.c b/components/wpa_supplicant/src/tls/tlsv1_common.c index 5380df876..f0ba62f27 100644 --- a/components/wpa_supplicant/src/tls/tlsv1_common.c +++ b/components/wpa_supplicant/src/tls/tlsv1_common.c @@ -221,9 +221,9 @@ int tls_verify_hash_init(struct tls_verify_hash *verify) return -1; } #ifdef CONFIG_TLSV12 - verify->sha256_client = fast_crypto_hash_init(CRYPTO_HASH_ALG_SHA256, NULL, 0); - verify->sha256_server = fast_crypto_hash_init(CRYPTO_HASH_ALG_SHA256, NULL, 0); - verify->sha256_cert = fast_crypto_hash_init(CRYPTO_HASH_ALG_SHA256, NULL, 0); + verify->sha256_client = crypto_hash_init(CRYPTO_HASH_ALG_SHA256, NULL, 0); + verify->sha256_server = crypto_hash_init(CRYPTO_HASH_ALG_SHA256, NULL, 0); + verify->sha256_cert = crypto_hash_init(CRYPTO_HASH_ALG_SHA256, NULL, 0); if (verify->sha256_client == NULL || verify->sha256_server == NULL || @@ -253,11 +253,11 @@ void tls_verify_hash_add(struct tls_verify_hash *verify, const u8 *buf, } #ifdef CONFIG_TLSV12 if (verify->sha256_client) - fast_crypto_hash_update(verify->sha256_client, buf, len); + crypto_hash_update(verify->sha256_client, buf, len); if (verify->sha256_server) - fast_crypto_hash_update(verify->sha256_server, buf, len); + crypto_hash_update(verify->sha256_server, buf, len); if (verify->sha256_cert) - fast_crypto_hash_update(verify->sha256_cert, buf, len); + crypto_hash_update(verify->sha256_cert, buf, len); #endif /* CONFIG_TLSV12 */ } @@ -277,9 +277,9 @@ void tls_verify_hash_free(struct tls_verify_hash *verify) verify->sha1_server = NULL; verify->sha1_cert = NULL; #ifdef CONFIG_TLSV12 - fast_crypto_hash_finish(verify->sha256_client, NULL, NULL); - fast_crypto_hash_finish(verify->sha256_server, NULL, NULL); - fast_crypto_hash_finish(verify->sha256_cert, NULL, NULL); + crypto_hash_finish(verify->sha256_client, NULL, NULL); + crypto_hash_finish(verify->sha256_server, NULL, NULL); + crypto_hash_finish(verify->sha256_cert, NULL, NULL); verify->sha256_client = NULL; verify->sha256_server = NULL; verify->sha256_cert = NULL; diff --git a/components/wpa_supplicant/src/tls/tlsv1_record.c b/components/wpa_supplicant/src/tls/tlsv1_record.c index 12b14e79b..8e3077d87 100644 --- a/components/wpa_supplicant/src/tls/tlsv1_record.c +++ b/components/wpa_supplicant/src/tls/tlsv1_record.c @@ -81,12 +81,12 @@ int tlsv1_record_change_write_cipher(struct tlsv1_record_layer *rl) os_memset(rl->write_seq_num, 0, TLS_SEQ_NUM_LEN); if (rl->write_cbc) { - fast_crypto_cipher_deinit(rl->write_cbc); + crypto_cipher_deinit(rl->write_cbc); rl->write_cbc = NULL; } if (rl->cipher_alg != CRYPTO_CIPHER_NULL) { - rl->write_cbc = fast_crypto_cipher_init(rl->cipher_alg, + rl->write_cbc = crypto_cipher_init(rl->cipher_alg, rl->write_iv, rl->write_key, rl->key_material_len); @@ -117,12 +117,12 @@ int tlsv1_record_change_read_cipher(struct tlsv1_record_layer *rl) os_memset(rl->read_seq_num, 0, TLS_SEQ_NUM_LEN); if (rl->read_cbc) { - fast_crypto_cipher_deinit(rl->read_cbc); + crypto_cipher_deinit(rl->read_cbc); rl->read_cbc = NULL; } if (rl->cipher_alg != CRYPTO_CIPHER_NULL) { - rl->read_cbc = fast_crypto_cipher_init(rl->cipher_alg, + rl->read_cbc = crypto_cipher_init(rl->cipher_alg, rl->read_iv, rl->read_key, rl->key_material_len); if (rl->read_cbc == NULL) { @@ -208,26 +208,26 @@ int tlsv1_record_send(struct tlsv1_record_layer *rl, u8 content_type, u8 *buf, * TLSCompressed.version + TLSCompressed.length + * TLSCompressed.fragment */ - hmac = fast_crypto_hash_init(rl->hash_alg, rl->write_mac_secret, rl->hash_size); + hmac = crypto_hash_init(rl->hash_alg, rl->write_mac_secret, rl->hash_size); if (hmac == NULL) { wpa_printf(MSG_DEBUG, "TLSv1: Record Layer - Failed " "to initialize HMAC"); return -1; } - fast_crypto_hash_update(hmac, rl->write_seq_num, TLS_SEQ_NUM_LEN); + crypto_hash_update(hmac, rl->write_seq_num, TLS_SEQ_NUM_LEN); /* type + version + length + fragment */ - fast_crypto_hash_update(hmac, ct_start, TLS_RECORD_HEADER_LEN); - fast_crypto_hash_update(hmac, payload, payload_len); + crypto_hash_update(hmac, ct_start, TLS_RECORD_HEADER_LEN); + crypto_hash_update(hmac, payload, payload_len); clen = buf + buf_size - pos; if (clen < rl->hash_size) { wpa_printf(MSG_DEBUG, "TLSv1: Record Layer - Not " "enough room for MAC"); - fast_crypto_hash_finish(hmac, NULL, NULL); + crypto_hash_finish(hmac, NULL, NULL); return -1; } - if ((int)fast_crypto_hash_finish(hmac, pos, &clen) < 0) { + if ((int)crypto_hash_finish(hmac, pos, &clen) < 0) { wpa_printf(MSG_DEBUG, "TLSv1: Record Layer - Failed to calculate HMAC"); return -1; } @@ -250,7 +250,7 @@ int tlsv1_record_send(struct tlsv1_record_layer *rl, u8 content_type, u8 *buf, pos += pad + 1; } - if ((int)fast_crypto_cipher_encrypt(rl->write_cbc, cpayload, + if ((int)crypto_cipher_encrypt(rl->write_cbc, cpayload, cpayload, pos - cpayload) < 0) return -1; } @@ -358,7 +358,7 @@ int tlsv1_record_receive(struct tlsv1_record_layer *rl, if (rl->read_cipher_suite != TLS_NULL_WITH_NULL_NULL) { size_t plen; - if ((int)fast_crypto_cipher_decrypt(rl->read_cbc, in_data, + if ((int)crypto_cipher_decrypt(rl->read_cbc, in_data, out_data, in_len) < 0) { *alert = TLS_ALERT_DECRYPTION_FAILED; return -1; @@ -438,7 +438,7 @@ int tlsv1_record_receive(struct tlsv1_record_layer *rl, plen -= rl->hash_size; - hmac = fast_crypto_hash_init(rl->hash_alg, rl->read_mac_secret, rl->hash_size); + hmac = crypto_hash_init(rl->hash_alg, rl->read_mac_secret, rl->hash_size); if (hmac == NULL) { wpa_printf(MSG_DEBUG, "TLSv1: Record Layer - Failed " @@ -447,15 +447,15 @@ int tlsv1_record_receive(struct tlsv1_record_layer *rl, return -1; } - fast_crypto_hash_update(hmac, rl->read_seq_num, TLS_SEQ_NUM_LEN); + crypto_hash_update(hmac, rl->read_seq_num, TLS_SEQ_NUM_LEN); /* type + version + length + fragment */ - fast_crypto_hash_update(hmac, in_data - TLS_RECORD_HEADER_LEN, 3); + crypto_hash_update(hmac, in_data - TLS_RECORD_HEADER_LEN, 3); WPA_PUT_BE16(len, plen); - fast_crypto_hash_update(hmac, len, 2); - fast_crypto_hash_update(hmac, out_data, plen); + crypto_hash_update(hmac, len, 2); + crypto_hash_update(hmac, out_data, plen); hlen = sizeof(hash); - if ((int)fast_crypto_hash_finish(hmac, hash, &hlen) < 0) { + if ((int)crypto_hash_finish(hmac, hash, &hlen) < 0) { wpa_printf(MSG_DEBUG, "TLSv1: Record Layer - Failed to calculate HMAC"); *alert = TLS_ALERT_INTERNAL_ERROR; return -1; diff --git a/components/wpa_supplicant/src/tls/tlsv1_server_read.c b/components/wpa_supplicant/src/tls/tlsv1_server_read.c index 28d1e2729..cc4266268 100644 --- a/components/wpa_supplicant/src/tls/tlsv1_server_read.c +++ b/components/wpa_supplicant/src/tls/tlsv1_server_read.c @@ -871,7 +871,7 @@ static int tls_process_certificate_verify(struct tlsv1_server *conn, u8 ct, hlen = SHA256_MAC_LEN; if (conn->verify.sha256_cert == NULL || - fast_crypto_hash_finish(conn->verify.sha256_cert, hpos, &hlen) < + crypto_hash_finish(conn->verify.sha256_cert, hpos, &hlen) < 0) { conn->verify.sha256_cert = NULL; tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL, diff --git a/components/wpa_supplicant/src/tls/tlsv1_server_write.c b/components/wpa_supplicant/src/tls/tlsv1_server_write.c index 39413e834..3d393bc9c 100644 --- a/components/wpa_supplicant/src/tls/tlsv1_server_write.c +++ b/components/wpa_supplicant/src/tls/tlsv1_server_write.c @@ -588,7 +588,7 @@ static int tls_write_server_finished(struct tlsv1_server *conn, if (conn->rl.tls_version >= TLS_VERSION_1_2) { hlen = SHA256_MAC_LEN; if (conn->verify.sha256_server == NULL || - fast_crypto_hash_finish(conn->verify.sha256_server, hash, &hlen) + crypto_hash_finish(conn->verify.sha256_server, hash, &hlen) < 0) { conn->verify.sha256_server = NULL; tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL, diff --git a/components/wpa_supplicant/src/tls/x509v3.c b/components/wpa_supplicant/src/tls/x509v3.c index d4f4652ff..2a5b5f3b4 100644 --- a/components/wpa_supplicant/src/tls/x509v3.c +++ b/components/wpa_supplicant/src/tls/x509v3.c @@ -1688,7 +1688,7 @@ skip_digest_oid: hash, hash_len); break; case 11: /* sha256WithRSAEncryption */ - fast_sha256_vector(1, &cert->tbs_cert_start, &cert->tbs_cert_len, + sha256_vector(1, &cert->tbs_cert_start, &cert->tbs_cert_len, hash); hash_len = 32; wpa_hexdump(MSG_MSGDUMP, "X509: Certificate hash (SHA256)", diff --git a/components/wpa_supplicant/src/wps/wps_attr_build.c b/components/wpa_supplicant/src/wps/wps_attr_build.c index d57096af1..bd2aa5e94 100644 --- a/components/wpa_supplicant/src/wps/wps_attr_build.c +++ b/components/wpa_supplicant/src/wps/wps_attr_build.c @@ -166,7 +166,7 @@ int wps_build_authenticator(struct wps_data *wps, struct wpabuf *msg) len[0] = wpabuf_len(wps->last_msg); addr[1] = wpabuf_head(msg); len[1] = wpabuf_len(msg); - fast_hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 2, addr, len, hash); + hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 2, addr, len, hash); wpa_printf(MSG_DEBUG, "WPS: * Authenticator"); wpabuf_put_be16(msg, ATTR_AUTHENTICATOR); wpabuf_put_be16(msg, WPS_AUTHENTICATOR_LEN); @@ -324,7 +324,7 @@ int wps_build_key_wrap_auth(struct wps_data *wps, struct wpabuf *msg) u8 hash[SHA256_MAC_LEN]; wpa_printf(MSG_DEBUG, "WPS: * Key Wrap Authenticator"); - fast_hmac_sha256(wps->authkey, WPS_AUTHKEY_LEN, wpabuf_head(msg), + hmac_sha256(wps->authkey, WPS_AUTHKEY_LEN, wpabuf_head(msg), wpabuf_len(msg), hash); wpabuf_put_be16(msg, ATTR_KEY_WRAP_AUTH); wpabuf_put_be16(msg, WPS_KWA_LEN); @@ -356,7 +356,7 @@ int wps_build_encr_settings(struct wps_data *wps, struct wpabuf *msg, data = wpabuf_put(msg, 0); wpabuf_put_buf(msg, plain); wpa_printf(MSG_DEBUG, "WPS: * AES 128 Encrypted Settings"); - if (fast_aes_128_cbc_encrypt(wps->keywrapkey, iv, data, wpabuf_len(plain))) + if (aes_128_cbc_encrypt(wps->keywrapkey, iv, data, wpabuf_len(plain))) return -1; return 0; } @@ -373,7 +373,7 @@ int wps_build_oob_dev_pw(struct wpabuf *msg, u16 dev_pw_id, addr[0] = wpabuf_head(pubkey); hash_len = wpabuf_len(pubkey); - fast_sha256_vector(1, addr, &hash_len, pubkey_hash); + sha256_vector(1, addr, &hash_len, pubkey_hash); wpabuf_put_be16(msg, ATTR_OOB_DEVICE_PASSWORD); wpabuf_put_be16(msg, WPS_OOB_PUBKEY_HASH_LEN + 2 + dev_pw_len); wpabuf_put_data(msg, pubkey_hash, WPS_OOB_PUBKEY_HASH_LEN); @@ -414,4 +414,4 @@ struct wpabuf * wps_ie_encapsulate(struct wpabuf *data) wpabuf_free(data); return ie; -} \ No newline at end of file +} diff --git a/components/wpa_supplicant/src/wps/wps_attr_process.c b/components/wpa_supplicant/src/wps/wps_attr_process.c index 15df0360a..112d683a3 100644 --- a/components/wpa_supplicant/src/wps/wps_attr_process.c +++ b/components/wpa_supplicant/src/wps/wps_attr_process.c @@ -38,7 +38,7 @@ int wps_process_authenticator(struct wps_data *wps, const u8 *authenticator, len[0] = wpabuf_len(wps->last_msg); addr[1] = wpabuf_head(msg); len[1] = wpabuf_len(msg) - 4 - WPS_AUTHENTICATOR_LEN; - fast_hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 2, addr, len, hash); + hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 2, addr, len, hash); if (os_memcmp(hash, authenticator, WPS_AUTHENTICATOR_LEN) != 0) { wpa_printf(MSG_DEBUG, "WPS: Incorrect Authenticator"); return -1; @@ -68,7 +68,7 @@ int wps_process_key_wrap_auth(struct wps_data *wps, struct wpabuf *msg, return -1; } - fast_hmac_sha256(wps->authkey, WPS_AUTHKEY_LEN, head, len, hash); + hmac_sha256(wps->authkey, WPS_AUTHKEY_LEN, head, len, hash); if (os_memcmp(hash, key_wrap_auth, WPS_KWA_LEN) != 0) { wpa_printf(MSG_DEBUG, "WPS: Invalid KWA"); return -1; diff --git a/components/wpa_supplicant/src/wps/wps_common.c b/components/wpa_supplicant/src/wps/wps_common.c index 8eaf3e9c1..e37a35b27 100644 --- a/components/wpa_supplicant/src/wps/wps_common.c +++ b/components/wpa_supplicant/src/wps/wps_common.c @@ -46,7 +46,7 @@ void wps_kdf(const u8 *key, const u8 *label_prefix, size_t label_prefix_len, for (i = 1; i <= iter; i++) { WPA_PUT_BE32(i_buf, i); - fast_hmac_sha256_vector(key, SHA256_MAC_LEN, 4, addr, len, hash); + hmac_sha256_vector(key, SHA256_MAC_LEN, 4, addr, len, hash); if (i < iter) { os_memcpy(opos, hash, SHA256_MAC_LEN); opos += SHA256_MAC_LEN; @@ -103,7 +103,7 @@ int wps_derive_keys(struct wps_data *wps) addr[0] = wpabuf_head(dh_shared); len[0] = wpabuf_len(dh_shared); - fast_sha256_vector(1, addr, len, dhkey); + sha256_vector(1, addr, len, dhkey); wpa_hexdump_key(MSG_DEBUG, "WPS: DHKey", dhkey, sizeof(dhkey)); wpabuf_free(dh_shared); @@ -114,7 +114,7 @@ int wps_derive_keys(struct wps_data *wps) len[1] = ETH_ALEN; addr[2] = wps->nonce_r; len[2] = WPS_NONCE_LEN; - fast_hmac_sha256_vector(dhkey, sizeof(dhkey), 3, addr, len, kdk); + hmac_sha256_vector(dhkey, sizeof(dhkey), 3, addr, len, kdk); wpa_hexdump_key(MSG_DEBUG, "WPS: KDK", kdk, sizeof(kdk)); wps_kdf(kdk, NULL, 0, "Wi-Fi Easy and Secure Key Derivation", @@ -139,10 +139,10 @@ void wps_derive_psk(struct wps_data *wps, const u8 *dev_passwd, { u8 hash[SHA256_MAC_LEN]; - fast_hmac_sha256(wps->authkey, WPS_AUTHKEY_LEN, dev_passwd, + hmac_sha256(wps->authkey, WPS_AUTHKEY_LEN, dev_passwd, (dev_passwd_len + 1) / 2, hash); os_memcpy(wps->psk1, hash, WPS_PSK_LEN); - fast_hmac_sha256(wps->authkey, WPS_AUTHKEY_LEN, + hmac_sha256(wps->authkey, WPS_AUTHKEY_LEN, dev_passwd + (dev_passwd_len + 1) / 2, dev_passwd_len / 2, hash); os_memcpy(wps->psk2, hash, WPS_PSK_LEN); @@ -177,7 +177,7 @@ struct wpabuf * wps_decrypt_encr_settings(struct wps_data *wps, const u8 *encr, wpa_hexdump(MSG_MSGDUMP, "WPS: Encrypted Settings", encr, encr_len); wpabuf_put_data(decrypted, encr + block_size, encr_len - block_size); wpa_printf(MSG_DEBUG, "WPS: AES Decrypt setting"); - if (fast_aes_128_cbc_decrypt(wps->keywrapkey, encr, wpabuf_mhead(decrypted), + if (aes_128_cbc_decrypt(wps->keywrapkey, encr, wpabuf_mhead(decrypted), wpabuf_len(decrypted))) { wpabuf_free(decrypted); return NULL; diff --git a/components/wpa_supplicant/src/wps/wps_enrollee.c b/components/wpa_supplicant/src/wps/wps_enrollee.c index ffe4d5789..7a3083657 100644 --- a/components/wpa_supplicant/src/wps/wps_enrollee.c +++ b/components/wpa_supplicant/src/wps/wps_enrollee.c @@ -74,7 +74,7 @@ static int wps_build_e_hash(struct wps_data *wps, struct wpabuf *msg) len[2] = wpabuf_len(wps->dh_pubkey_e); addr[3] = wpabuf_head(wps->dh_pubkey_r); len[3] = wpabuf_len(wps->dh_pubkey_r); - fast_hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 4, addr, len, hash); + hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 4, addr, len, hash); wpa_hexdump(MSG_DEBUG, "WPS: E-Hash1", hash, SHA256_MAC_LEN); wpa_printf(MSG_DEBUG, "WPS: * E-Hash2"); @@ -84,7 +84,7 @@ static int wps_build_e_hash(struct wps_data *wps, struct wpabuf *msg) /* E-Hash2 = HMAC_AuthKey(E-S2 || PSK2 || PK_E || PK_R) */ addr[0] = wps->snonce + WPS_SECRET_NONCE_LEN; addr[1] = wps->psk2; - fast_hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 4, addr, len, hash); + hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 4, addr, len, hash); wpa_hexdump(MSG_DEBUG, "WPS: E-Hash2", hash, SHA256_MAC_LEN); return 0; @@ -593,7 +593,7 @@ static int wps_process_r_snonce1(struct wps_data *wps, const u8 *r_snonce1) addr[3] = wpabuf_head(wps->dh_pubkey_r); len[3] = wpabuf_len(wps->dh_pubkey_r); - fast_hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 4, addr, len, hash); + hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 4, addr, len, hash); if (os_memcmp(wps->peer_hash1, hash, WPS_HASH_LEN) != 0) { wpa_printf(MSG_DEBUG, "WPS: R-Hash1 derived from R-S1 does " "not match with the pre-committed value"); @@ -633,7 +633,7 @@ static int wps_process_r_snonce2(struct wps_data *wps, const u8 *r_snonce2) addr[3] = wpabuf_head(wps->dh_pubkey_r); len[3] = wpabuf_len(wps->dh_pubkey_r); - fast_hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 4, addr, len, hash); + hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 4, addr, len, hash); if (os_memcmp(wps->peer_hash2, hash, WPS_HASH_LEN) != 0) { wpa_printf(MSG_DEBUG, "WPS: R-Hash2 derived from R-S2 does " diff --git a/components/wpa_supplicant/src/wps/wps_registrar.c b/components/wpa_supplicant/src/wps/wps_registrar.c index 3293ef626..e197dfdc0 100644 --- a/components/wpa_supplicant/src/wps/wps_registrar.c +++ b/components/wpa_supplicant/src/wps/wps_registrar.c @@ -1427,7 +1427,7 @@ static int wps_build_r_hash(struct wps_data *wps, struct wpabuf *msg) len[2] = wpabuf_len(wps->dh_pubkey_e); addr[3] = wpabuf_head(wps->dh_pubkey_r); len[3] = wpabuf_len(wps->dh_pubkey_r); - fast_hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 4, addr, len, hash); + hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 4, addr, len, hash); wpa_hexdump(MSG_DEBUG, "WPS: R-Hash1", hash, SHA256_MAC_LEN); wpa_printf(MSG_DEBUG, "WPS: * R-Hash2"); @@ -1437,7 +1437,7 @@ static int wps_build_r_hash(struct wps_data *wps, struct wpabuf *msg) /* R-Hash2 = HMAC_AuthKey(R-S2 || PSK2 || PK_E || PK_R) */ addr[0] = wps->snonce + WPS_SECRET_NONCE_LEN; addr[1] = wps->psk2; - fast_hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 4, addr, len, hash); + hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 4, addr, len, hash); wpa_hexdump(MSG_DEBUG, "WPS: R-Hash2", hash, SHA256_MAC_LEN); return 0; @@ -2170,7 +2170,7 @@ static int wps_process_e_snonce1(struct wps_data *wps, const u8 *e_snonce1) len[2] = wpabuf_len(wps->dh_pubkey_e); addr[3] = wpabuf_head(wps->dh_pubkey_r); len[3] = wpabuf_len(wps->dh_pubkey_r); - fast_hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 4, addr, len, hash); + hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 4, addr, len, hash); if (os_memcmp(wps->peer_hash1, hash, WPS_HASH_LEN) != 0) { wpa_printf(MSG_DEBUG, "WPS: E-Hash1 derived from E-S1 does " "not match with the pre-committed value"); @@ -2210,7 +2210,7 @@ static int wps_process_e_snonce2(struct wps_data *wps, const u8 *e_snonce2) addr[3] = wpabuf_head(wps->dh_pubkey_r); len[3] = wpabuf_len(wps->dh_pubkey_r); - fast_hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 4, addr, len, hash); + hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 4, addr, len, hash); if (os_memcmp(wps->peer_hash2, hash, WPS_HASH_LEN) != 0) { wpa_printf(MSG_DEBUG, "WPS: E-Hash2 derived from E-S2 does " "not match with the pre-committed value"); @@ -2547,7 +2547,7 @@ static enum wps_process_res wps_process_m1(struct wps_data *wps, wps->nfc_pw_token = token; addr[0] = attr->public_key; - fast_sha256_vector(1, addr, &attr->public_key_len, hash); + sha256_vector(1, addr, &attr->public_key_len, hash); if (os_memcmp(hash, wps->nfc_pw_token->pubkey_hash, WPS_OOB_PUBKEY_HASH_LEN) != 0) { wpa_printf(MSG_ERROR, "WPS: Public Key hash "