wpa_supplicant: Cleanup fast_xxx modules that use duplicate code
wpa_supplicant is using MbedTLS API's for crypto algorithms. For calling them a duplicate set of modules is maintained prepended with 'fast_'. Remove these and use flag USE_MBEDTLS_CRYPTO instead to separate modules calling MbedTLS API's from native implementation.
This commit is contained in:
parent
c8f5f47d5d
commit
900df44546
42 changed files with 506 additions and 1335 deletions
|
@ -5,7 +5,7 @@ if(NOT CONFIG_ESP32_NO_BLOBS)
|
||||||
endif()
|
endif()
|
||||||
|
|
||||||
idf_component_register(SRCS "src/coexist.c"
|
idf_component_register(SRCS "src/coexist.c"
|
||||||
"src/fast_crypto_ops.c"
|
"src/crypto_ops.c"
|
||||||
"src/lib_printf.c"
|
"src/lib_printf.c"
|
||||||
"src/mesh_event.c"
|
"src/mesh_event.c"
|
||||||
"src/phy_init.c"
|
"src/phy_init.c"
|
||||||
|
|
|
@ -22,19 +22,18 @@
|
||||||
#include "crypto/dh_group5.h"
|
#include "crypto/dh_group5.h"
|
||||||
#include "esp_wifi_crypto_types.h"
|
#include "esp_wifi_crypto_types.h"
|
||||||
/*
|
/*
|
||||||
* The parameters is used to set the cyrpto callback function for station connect when in security mode,
|
* This structure is used to set the cyrpto callback function for station to connect when in security mode.
|
||||||
* every callback function can register as fast_xxx or normal one, i.e, fast_aes_wrap or aes_wrap, the
|
* These functions either call MbedTLS API's if USE_MBEDTLS_CRYPTO flag is set through Kconfig, or native
|
||||||
* difference between them is the normal API is calculate by software, the fast one use the hardware
|
* API's otherwise. We recommend setting the flag since MbedTLS API's utilize hardware acceleration while
|
||||||
* crypto in it, can be faster than the normal one, so the callback function register in default is which
|
* native API's are use software implementations.
|
||||||
* we recommend, so as the API in WPS default and WPA2 default.
|
|
||||||
*/
|
*/
|
||||||
const wpa_crypto_funcs_t g_wifi_default_wpa_crypto_funcs = {
|
const wpa_crypto_funcs_t g_wifi_default_wpa_crypto_funcs = {
|
||||||
.size = sizeof(wpa_crypto_funcs_t),
|
.size = sizeof(wpa_crypto_funcs_t),
|
||||||
.version = ESP_WIFI_CRYPTO_VERSION,
|
.version = ESP_WIFI_CRYPTO_VERSION,
|
||||||
.aes_wrap = (esp_aes_wrap_t)fast_aes_wrap,
|
.aes_wrap = (esp_aes_wrap_t)aes_wrap,
|
||||||
.aes_unwrap = (esp_aes_unwrap_t)fast_aes_unwrap,
|
.aes_unwrap = (esp_aes_unwrap_t)aes_unwrap,
|
||||||
.hmac_sha256_vector = (esp_hmac_sha256_vector_t)fast_hmac_sha256_vector,
|
.hmac_sha256_vector = (esp_hmac_sha256_vector_t)hmac_sha256_vector,
|
||||||
.sha256_prf = (esp_sha256_prf_t)fast_sha256_prf,
|
.sha256_prf = (esp_sha256_prf_t)sha256_prf,
|
||||||
.hmac_md5 = (esp_hmac_md5_t)hmac_md5,
|
.hmac_md5 = (esp_hmac_md5_t)hmac_md5,
|
||||||
.hamc_md5_vector = (esp_hmac_md5_vector_t)hmac_md5_vector,
|
.hamc_md5_vector = (esp_hmac_md5_vector_t)hmac_md5_vector,
|
||||||
.hmac_sha1 = (esp_hmac_sha1_t)hmac_sha1,
|
.hmac_sha1 = (esp_hmac_sha1_t)hmac_sha1,
|
||||||
|
@ -53,6 +52,6 @@ const wpa_crypto_funcs_t g_wifi_default_wpa_crypto_funcs = {
|
||||||
};
|
};
|
||||||
|
|
||||||
const mesh_crypto_funcs_t g_wifi_default_mesh_crypto_funcs = {
|
const mesh_crypto_funcs_t g_wifi_default_mesh_crypto_funcs = {
|
||||||
.aes_128_encrypt = (esp_aes_128_encrypt_t)fast_aes_128_cbc_encrypt,
|
.aes_128_encrypt = (esp_aes_128_encrypt_t)aes_128_cbc_encrypt,
|
||||||
.aes_128_decrypt = (esp_aes_128_decrypt_t)fast_aes_128_cbc_decrypt,
|
.aes_128_decrypt = (esp_aes_128_decrypt_t)aes_128_cbc_decrypt,
|
||||||
};
|
};
|
|
@ -29,14 +29,6 @@ set(srcs "port/os_xtensa.c"
|
||||||
"src/crypto/sha1.c"
|
"src/crypto/sha1.c"
|
||||||
"src/crypto/sha256-internal.c"
|
"src/crypto/sha256-internal.c"
|
||||||
"src/crypto/sha256.c"
|
"src/crypto/sha256.c"
|
||||||
"src/fast_crypto/fast_aes-cbc.c"
|
|
||||||
"src/fast_crypto/fast_aes-unwrap.c"
|
|
||||||
"src/fast_crypto/fast_aes-wrap.c"
|
|
||||||
"src/fast_crypto/fast_crypto_internal-cipher.c"
|
|
||||||
"src/fast_crypto/fast_crypto_internal-modexp.c"
|
|
||||||
"src/fast_crypto/fast_crypto_internal.c"
|
|
||||||
"src/fast_crypto/fast_sha256-internal.c"
|
|
||||||
"src/fast_crypto/fast_sha256.c"
|
|
||||||
"src/eap_peer/chap.c"
|
"src/eap_peer/chap.c"
|
||||||
"src/eap_peer/eap.c"
|
"src/eap_peer/eap.c"
|
||||||
"src/eap_peer/eap_common.c"
|
"src/eap_peer/eap_common.c"
|
||||||
|
|
|
@ -27,4 +27,10 @@ menu "Supplicant"
|
||||||
help
|
help
|
||||||
Select this option to support EAP-PEAP.
|
Select this option to support EAP-PEAP.
|
||||||
|
|
||||||
|
config WPA_MBEDTLS_CRYPTO
|
||||||
|
bool "Use MbedTLS crypto API's"
|
||||||
|
default y
|
||||||
|
help
|
||||||
|
Select this option to use MbedTLS crypto API's which utilize hardware acceleration.
|
||||||
|
|
||||||
endmenu
|
endmenu
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
COMPONENT_ADD_INCLUDEDIRS := include port/include include/esp_supplicant
|
COMPONENT_ADD_INCLUDEDIRS := include port/include include/esp_supplicant
|
||||||
COMPONENT_PRIV_INCLUDEDIRS := src
|
COMPONENT_PRIV_INCLUDEDIRS := src
|
||||||
COMPONENT_SRCDIRS := port src/ap src/common src/crypto src/eap_peer src/fast_crypto src/rsn_supp src/tls src/utils src/esp_supplicant src/wps
|
COMPONENT_SRCDIRS := port src/ap src/common src/crypto src/eap_peer src/rsn_supp src/tls src/utils src/esp_supplicant src/wps
|
||||||
|
|
||||||
CFLAGS += -DESP_SUPPLICANT -DIEEE8021X_EAPOL -DEAP_PEER_METHOD -DEAP_MSCHAPv2 -DUSE_WPA2_TASK -DCONFIG_WPS2 -DCONFIG_WPS_PIN -DUSE_WPS_TASK -DESPRESSIF_USE -DESP32_WORKAROUND -DCONFIG_ECC -D__ets__ -Wno-strict-aliasing
|
CFLAGS += -DESP_SUPPLICANT -DIEEE8021X_EAPOL -DEAP_PEER_METHOD -DEAP_MSCHAPv2 -DUSE_WPA2_TASK -DCONFIG_WPS2 -DCONFIG_WPS_PIN -DUSE_WPS_TASK -DESPRESSIF_USE -DESP32_WORKAROUND -DCONFIG_ECC -D__ets__ -Wno-strict-aliasing
|
||||||
|
|
|
@ -44,10 +44,4 @@ int __must_check aes_128_cbc_encrypt(const u8 *key, const u8 *iv, u8 *data,
|
||||||
size_t data_len);
|
size_t data_len);
|
||||||
int __must_check aes_128_cbc_decrypt(const u8 *key, const u8 *iv, u8 *data,
|
int __must_check aes_128_cbc_decrypt(const u8 *key, const u8 *iv, u8 *data,
|
||||||
size_t data_len);
|
size_t data_len);
|
||||||
int __must_check fast_aes_wrap(const uint8_t *kek, int n, const uint8_t *plain, uint8_t *cipher);
|
|
||||||
int __must_check fast_aes_unwrap(const uint8_t *kek, int n, const uint8_t *cipher, uint8_t *plain);
|
|
||||||
int __must_check fast_aes_128_cbc_encrypt(const uint8_t *key, const uint8_t *iv, uint8_t *data,
|
|
||||||
size_t data_len);
|
|
||||||
int __must_check fast_aes_128_cbc_decrypt(const uint8_t *key, const uint8_t *iv, uint8_t *data,
|
|
||||||
size_t data_len);
|
|
||||||
#endif /* AES_WRAP_H */
|
#endif /* AES_WRAP_H */
|
||||||
|
|
|
@ -102,17 +102,6 @@ int __must_check fips186_2_prf(const u8 *seed, size_t seed_len, u8 *x,
|
||||||
int sha256_vector(size_t num_elem, const u8 *addr[], const size_t *len,
|
int sha256_vector(size_t num_elem, const u8 *addr[], const size_t *len,
|
||||||
u8 *mac);
|
u8 *mac);
|
||||||
|
|
||||||
/**
|
|
||||||
* fast_sha256_vector - fast SHA256 hash for data vector
|
|
||||||
* @num_elem: Number of elements in the data vector
|
|
||||||
* @addr: Pointers to the data areas
|
|
||||||
* @len: Lengths of the data blocks
|
|
||||||
* @mac: Buffer for the hash
|
|
||||||
* Returns: 0 on success, -1 on failure
|
|
||||||
*/
|
|
||||||
int fast_sha256_vector(size_t num_elem, const uint8_t *addr[], const size_t *len,
|
|
||||||
uint8_t *mac);
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* des_encrypt - Encrypt one block with DES
|
* des_encrypt - Encrypt one block with DES
|
||||||
* @clear: 8 octets (in)
|
* @clear: 8 octets (in)
|
||||||
|
@ -189,21 +178,6 @@ struct crypto_hash;
|
||||||
struct crypto_hash * crypto_hash_init(enum crypto_hash_alg alg, const u8 *key,
|
struct crypto_hash * crypto_hash_init(enum crypto_hash_alg alg, const u8 *key,
|
||||||
size_t key_len);
|
size_t key_len);
|
||||||
|
|
||||||
/**
|
|
||||||
* fast_crypto_hash_init - Initialize hash/HMAC function
|
|
||||||
* @alg: Hash algorithm
|
|
||||||
* @key: Key for keyed hash (e.g., HMAC) or %NULL if not needed
|
|
||||||
* @key_len: Length of the key in bytes
|
|
||||||
* Returns: Pointer to hash context to use with other hash functions or %NULL
|
|
||||||
* on failure
|
|
||||||
*
|
|
||||||
* This function is only used with internal TLSv1 implementation
|
|
||||||
* (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need
|
|
||||||
* to implement this.
|
|
||||||
*/
|
|
||||||
struct crypto_hash * fast_crypto_hash_init(enum crypto_hash_alg alg, const uint8_t *key,
|
|
||||||
size_t key_len);
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* crypto_hash_update - Add data to hash calculation
|
* crypto_hash_update - Add data to hash calculation
|
||||||
* @ctx: Context pointer from crypto_hash_init()
|
* @ctx: Context pointer from crypto_hash_init()
|
||||||
|
@ -216,18 +190,6 @@ struct crypto_hash * fast_crypto_hash_init(enum crypto_hash_alg alg, const uint8
|
||||||
*/
|
*/
|
||||||
void crypto_hash_update(struct crypto_hash *ctx, const u8 *data, size_t len);
|
void crypto_hash_update(struct crypto_hash *ctx, const u8 *data, size_t len);
|
||||||
|
|
||||||
/**
|
|
||||||
* fast_crypto_hash_update - Add data to hash calculation
|
|
||||||
* @ctx: Context pointer from crypto_hash_init()
|
|
||||||
* @data: Data buffer to add
|
|
||||||
* @len: Length of the buffer
|
|
||||||
*
|
|
||||||
* This function is only used with internal TLSv1 implementation
|
|
||||||
* (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need
|
|
||||||
* to implement this.
|
|
||||||
*/
|
|
||||||
void fast_crypto_hash_update(struct crypto_hash *ctx, const uint8_t *data, size_t len);
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* crypto_hash_finish - Complete hash calculation
|
* crypto_hash_finish - Complete hash calculation
|
||||||
* @ctx: Context pointer from crypto_hash_init()
|
* @ctx: Context pointer from crypto_hash_init()
|
||||||
|
@ -247,26 +209,6 @@ void fast_crypto_hash_update(struct crypto_hash *ctx, const uint8_t *data, size_
|
||||||
*/
|
*/
|
||||||
int crypto_hash_finish(struct crypto_hash *ctx, u8 *hash, size_t *len);
|
int crypto_hash_finish(struct crypto_hash *ctx, u8 *hash, size_t *len);
|
||||||
|
|
||||||
/**
|
|
||||||
* fast_crypto_hash_finish - Complete hash calculation
|
|
||||||
* @ctx: Context pointer from crypto_hash_init()
|
|
||||||
* @hash: Buffer for hash value or %NULL if caller is just freeing the hash
|
|
||||||
* context
|
|
||||||
* @len: Pointer to length of the buffer or %NULL if caller is just freeing the
|
|
||||||
* hash context; on return, this is set to the actual length of the hash value
|
|
||||||
* Returns: 0 on success, -1 if buffer is too small (len set to needed length),
|
|
||||||
* or -2 on other failures (including failed crypto_hash_update() operations)
|
|
||||||
*
|
|
||||||
* This function calculates the hash value and frees the context buffer that
|
|
||||||
* was used for hash calculation.
|
|
||||||
*
|
|
||||||
* This function is only used with internal TLSv1 implementation
|
|
||||||
* (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need
|
|
||||||
* to implement this.
|
|
||||||
*/
|
|
||||||
int fast_crypto_hash_finish(struct crypto_hash *ctx, uint8_t *hash, size_t *len);
|
|
||||||
|
|
||||||
|
|
||||||
enum crypto_cipher_alg {
|
enum crypto_cipher_alg {
|
||||||
CRYPTO_CIPHER_NULL = 0, CRYPTO_CIPHER_ALG_AES, CRYPTO_CIPHER_ALG_3DES,
|
CRYPTO_CIPHER_NULL = 0, CRYPTO_CIPHER_ALG_AES, CRYPTO_CIPHER_ALG_3DES,
|
||||||
CRYPTO_CIPHER_ALG_DES, CRYPTO_CIPHER_ALG_RC2, CRYPTO_CIPHER_ALG_RC4
|
CRYPTO_CIPHER_ALG_DES, CRYPTO_CIPHER_ALG_RC2, CRYPTO_CIPHER_ALG_RC4
|
||||||
|
@ -291,22 +233,6 @@ struct crypto_cipher * crypto_cipher_init(enum crypto_cipher_alg alg,
|
||||||
const u8 *iv, const u8 *key,
|
const u8 *iv, const u8 *key,
|
||||||
size_t key_len);
|
size_t key_len);
|
||||||
|
|
||||||
/**
|
|
||||||
* fast_crypto_cipher_init - Initialize block/stream cipher function
|
|
||||||
* @alg: Cipher algorithm
|
|
||||||
* @iv: Initialization vector for block ciphers or %NULL for stream ciphers
|
|
||||||
* @key: Cipher key
|
|
||||||
* @key_len: Length of key in bytes
|
|
||||||
* Returns: Pointer to cipher context to use with other cipher functions or
|
|
||||||
* %NULL on failure
|
|
||||||
*
|
|
||||||
* This function is only used with internal TLSv1 implementation
|
|
||||||
* (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need
|
|
||||||
* to implement this.
|
|
||||||
*/
|
|
||||||
struct crypto_cipher * fast_crypto_cipher_init(enum crypto_cipher_alg alg,
|
|
||||||
const uint8_t *iv, const uint8_t *key,
|
|
||||||
size_t key_len);
|
|
||||||
/**
|
/**
|
||||||
* crypto_cipher_encrypt - Cipher encrypt
|
* crypto_cipher_encrypt - Cipher encrypt
|
||||||
* @ctx: Context pointer from crypto_cipher_init()
|
* @ctx: Context pointer from crypto_cipher_init()
|
||||||
|
@ -322,21 +248,6 @@ struct crypto_cipher * fast_crypto_cipher_init(enum crypto_cipher_alg alg,
|
||||||
int __must_check crypto_cipher_encrypt(struct crypto_cipher *ctx,
|
int __must_check crypto_cipher_encrypt(struct crypto_cipher *ctx,
|
||||||
const u8 *plain, u8 *crypt, size_t len);
|
const u8 *plain, u8 *crypt, size_t len);
|
||||||
|
|
||||||
/**
|
|
||||||
* fast_crypto_cipher_encrypt - Cipher encrypt
|
|
||||||
* @ctx: Context pointer from crypto_cipher_init()
|
|
||||||
* @plain: Plaintext to cipher
|
|
||||||
* @crypt: Resulting ciphertext
|
|
||||||
* @len: Length of the plaintext
|
|
||||||
* Returns: 0 on success, -1 on failure
|
|
||||||
*
|
|
||||||
* This function is only used with internal TLSv1 implementation
|
|
||||||
* (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need
|
|
||||||
* to implement this.
|
|
||||||
*/
|
|
||||||
int __must_check fast_crypto_cipher_encrypt(struct crypto_cipher *ctx,
|
|
||||||
const uint8_t *plain, uint8_t *crypt, size_t len);
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* crypto_cipher_decrypt - Cipher decrypt
|
* crypto_cipher_decrypt - Cipher decrypt
|
||||||
* @ctx: Context pointer from crypto_cipher_init()
|
* @ctx: Context pointer from crypto_cipher_init()
|
||||||
|
@ -352,21 +263,6 @@ int __must_check fast_crypto_cipher_encrypt(struct crypto_cipher *ctx,
|
||||||
int __must_check crypto_cipher_decrypt(struct crypto_cipher *ctx,
|
int __must_check crypto_cipher_decrypt(struct crypto_cipher *ctx,
|
||||||
const u8 *crypt, u8 *plain, size_t len);
|
const u8 *crypt, u8 *plain, size_t len);
|
||||||
|
|
||||||
/**
|
|
||||||
* fast_crypto_cipher_decrypt - Cipher decrypt
|
|
||||||
* @ctx: Context pointer from crypto_cipher_init()
|
|
||||||
* @crypt: Ciphertext to decrypt
|
|
||||||
* @plain: Resulting plaintext
|
|
||||||
* @len: Length of the cipher text
|
|
||||||
* Returns: 0 on success, -1 on failure
|
|
||||||
*
|
|
||||||
* This function is only used with internal TLSv1 implementation
|
|
||||||
* (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need
|
|
||||||
* to implement this.
|
|
||||||
*/
|
|
||||||
int __must_check fast_crypto_cipher_decrypt(struct crypto_cipher *ctx,
|
|
||||||
const uint8_t *crypt, uint8_t *plain, size_t len);
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* crypto_cipher_decrypt - Free cipher context
|
* crypto_cipher_decrypt - Free cipher context
|
||||||
* @ctx: Context pointer from crypto_cipher_init()
|
* @ctx: Context pointer from crypto_cipher_init()
|
||||||
|
@ -377,16 +273,6 @@ int __must_check fast_crypto_cipher_decrypt(struct crypto_cipher *ctx,
|
||||||
*/
|
*/
|
||||||
void crypto_cipher_deinit(struct crypto_cipher *ctx);
|
void crypto_cipher_deinit(struct crypto_cipher *ctx);
|
||||||
|
|
||||||
/**
|
|
||||||
* fast_crypto_cipher_decrypt - Free cipher context
|
|
||||||
* @ctx: Context pointer from crypto_cipher_init()
|
|
||||||
*
|
|
||||||
* This function is only used with internal TLSv1 implementation
|
|
||||||
* (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need
|
|
||||||
* to implement this.
|
|
||||||
*/
|
|
||||||
void fast_crypto_cipher_deinit(struct crypto_cipher *ctx);
|
|
||||||
|
|
||||||
struct crypto_public_key;
|
struct crypto_public_key;
|
||||||
struct crypto_private_key;
|
struct crypto_private_key;
|
||||||
|
|
||||||
|
@ -565,31 +451,6 @@ int __must_check crypto_mod_exp(const u8 *base, size_t base_len,
|
||||||
const u8 *modulus, size_t modulus_len,
|
const u8 *modulus, size_t modulus_len,
|
||||||
u8 *result, size_t *result_len);
|
u8 *result, size_t *result_len);
|
||||||
|
|
||||||
/**
|
|
||||||
* fast_crypto_mod_exp - Modular exponentiation of large integers
|
|
||||||
* @base: Base integer (big endian byte array)
|
|
||||||
* @base_len: Length of base integer in bytes
|
|
||||||
* @power: Power integer (big endian byte array)
|
|
||||||
* @power_len: Length of power integer in bytes
|
|
||||||
* @modulus: Modulus integer (big endian byte array)
|
|
||||||
* @modulus_len: Length of modulus integer in bytes
|
|
||||||
* @result: Buffer for the result
|
|
||||||
* @result_len: Result length (max buffer size on input, real len on output)
|
|
||||||
* Returns: 0 on success, -1 on failure
|
|
||||||
*
|
|
||||||
* This function calculates result = base ^ power mod modulus. modules_len is
|
|
||||||
* used as the maximum size of modulus buffer. It is set to the used size on
|
|
||||||
* success.
|
|
||||||
*
|
|
||||||
* This function is only used with internal TLSv1 implementation
|
|
||||||
* (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need
|
|
||||||
* to implement this.
|
|
||||||
*/
|
|
||||||
int __must_check fast_crypto_mod_exp(const uint8_t *base, size_t base_len,
|
|
||||||
const uint8_t *power, size_t power_len,
|
|
||||||
const uint8_t *modulus, size_t modulus_len,
|
|
||||||
uint8_t *result, size_t *result_len);
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* rc4_skip - XOR RC4 stream to given data with skip-stream-start
|
* rc4_skip - XOR RC4 stream to given data with skip-stream-start
|
||||||
* @key: RC4 key
|
* @key: RC4 key
|
||||||
|
|
|
@ -24,10 +24,4 @@ void hmac_sha256(const u8 *key, size_t key_len, const u8 *data,
|
||||||
void sha256_prf(const u8 *key, size_t key_len, const char *label,
|
void sha256_prf(const u8 *key, size_t key_len, const char *label,
|
||||||
const u8 *data, size_t data_len, u8 *buf, size_t buf_len);
|
const u8 *data, size_t data_len, u8 *buf, size_t buf_len);
|
||||||
|
|
||||||
void fast_hmac_sha256_vector(const uint8_t *key, size_t key_len, size_t num_elem,
|
|
||||||
const uint8_t *addr[], const size_t *len, uint8_t *mac);
|
|
||||||
void fast_hmac_sha256(const uint8_t *key, size_t key_len, const uint8_t *data,
|
|
||||||
size_t data_len, uint8_t *mac);
|
|
||||||
void fast_sha256_prf(const uint8_t *key, size_t key_len, const char *label,
|
|
||||||
const uint8_t *data, size_t data_len, uint8_t *buf, size_t buf_len);
|
|
||||||
#endif /* SHA256_H */
|
#endif /* SHA256_H */
|
||||||
|
|
|
@ -29,4 +29,8 @@
|
||||||
#define EAP_PEAP 1
|
#define EAP_PEAP 1
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#if CONFIG_WPA_MBEDTLS_CRYPTO
|
||||||
|
#define USE_MBEDTLS_CRYPTO 1
|
||||||
|
#endif
|
||||||
|
|
||||||
#endif /* _SUPPLICANT_OPT_H */
|
#endif /* _SUPPLICANT_OPT_H */
|
||||||
|
|
|
@ -932,7 +932,7 @@ static int wpa_gmk_to_gtk(const u8 *gmk, const char *label, const u8 *addr,
|
||||||
ret = -1;
|
ret = -1;
|
||||||
|
|
||||||
#ifdef CONFIG_IEEE80211W
|
#ifdef CONFIG_IEEE80211W
|
||||||
fast_sha256_prf(gmk, WPA_GMK_LEN, label, data, sizeof(data), gtk, gtk_len);
|
sha256_prf(gmk, WPA_GMK_LEN, label, data, sizeof(data), gtk, gtk_len);
|
||||||
#else /* CONFIG_IEEE80211W */
|
#else /* CONFIG_IEEE80211W */
|
||||||
if (sha1_prf(gmk, WPA_GMK_LEN, label, data, sizeof(data), gtk, gtk_len) < 0)
|
if (sha1_prf(gmk, WPA_GMK_LEN, label, data, sizeof(data), gtk, gtk_len) < 0)
|
||||||
ret = -1;
|
ret = -1;
|
||||||
|
@ -1064,7 +1064,7 @@ void __wpa_send_eapol(struct wpa_authenticator *wpa_auth,
|
||||||
buf, key_data_len);
|
buf, key_data_len);
|
||||||
if (version == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES ||
|
if (version == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES ||
|
||||||
version == WPA_KEY_INFO_TYPE_AES_128_CMAC) {
|
version == WPA_KEY_INFO_TYPE_AES_128_CMAC) {
|
||||||
if (fast_aes_wrap(sm->PTK.kek, (key_data_len - 8) / 8, buf,
|
if (aes_wrap(sm->PTK.kek, (key_data_len - 8) / 8, buf,
|
||||||
(u8 *) (key + 1))) {
|
(u8 *) (key + 1))) {
|
||||||
os_free(hdr);
|
os_free(hdr);
|
||||||
os_free(buf);
|
os_free(buf);
|
||||||
|
|
|
@ -507,7 +507,7 @@ void wpa_pmk_to_ptk(const u8 *pmk, size_t pmk_len, const char *label,
|
||||||
|
|
||||||
#ifdef CONFIG_IEEE80211W
|
#ifdef CONFIG_IEEE80211W
|
||||||
if (use_sha256) {
|
if (use_sha256) {
|
||||||
fast_sha256_prf(pmk, pmk_len, label, data, sizeof(data),
|
sha256_prf(pmk, pmk_len, label, data, sizeof(data),
|
||||||
ptk, ptk_len);
|
ptk, ptk_len);
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
|
@ -549,7 +549,7 @@ void rsn_pmkid(const u8 *pmk, size_t pmk_len, const u8 *aa, const u8 *spa,
|
||||||
|
|
||||||
#ifdef CONFIG_IEEE80211W
|
#ifdef CONFIG_IEEE80211W
|
||||||
if (use_sha256) {
|
if (use_sha256) {
|
||||||
fast_hmac_sha256_vector(pmk, pmk_len, 3, addr, len, hash);
|
hmac_sha256_vector(pmk, pmk_len, 3, addr, len, hash);
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
#endif /* CONFIG_IEEE80211W */
|
#endif /* CONFIG_IEEE80211W */
|
||||||
|
|
|
@ -12,6 +12,21 @@
|
||||||
*
|
*
|
||||||
* See README and COPYING for more details.
|
* See README and COPYING for more details.
|
||||||
*/
|
*/
|
||||||
|
/*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
* you may not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Hardware crypto support Copyright 2017-2019 Espressif Systems (Shanghai) PTE LTD
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
#include "utils/includes.h"
|
#include "utils/includes.h"
|
||||||
|
|
||||||
|
@ -19,6 +34,72 @@
|
||||||
#include "crypto/aes.h"
|
#include "crypto/aes.h"
|
||||||
#include "crypto/aes_wrap.h"
|
#include "crypto/aes_wrap.h"
|
||||||
|
|
||||||
|
#ifdef USE_MBEDTLS_CRYPTO
|
||||||
|
#include "mbedtls/aes.h"
|
||||||
|
|
||||||
|
/**
|
||||||
|
* aes_128_cbc_encrypt - AES-128 CBC encryption
|
||||||
|
* @key: Encryption key
|
||||||
|
* @iv: Encryption IV for CBC mode (16 bytes)
|
||||||
|
* @data: Data to encrypt in-place
|
||||||
|
* @data_len: Length of data in bytes (must be divisible by 16)
|
||||||
|
* Returns: 0 on success, -1 on failure
|
||||||
|
*/
|
||||||
|
int
|
||||||
|
aes_128_cbc_encrypt(const u8 *key, const u8 *iv, u8 *data, size_t data_len)
|
||||||
|
{
|
||||||
|
int ret = 0;
|
||||||
|
mbedtls_aes_context ctx;
|
||||||
|
u8 cbc[AES_BLOCK_SIZE];
|
||||||
|
|
||||||
|
mbedtls_aes_init(&ctx);
|
||||||
|
|
||||||
|
ret = mbedtls_aes_setkey_enc(&ctx, key, 128);
|
||||||
|
if(ret < 0) {
|
||||||
|
mbedtls_aes_free(&ctx);
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
|
||||||
|
os_memcpy(cbc, iv, AES_BLOCK_SIZE);
|
||||||
|
ret = mbedtls_aes_crypt_cbc(&ctx, MBEDTLS_AES_ENCRYPT, data_len, cbc, data, data);
|
||||||
|
mbedtls_aes_free(&ctx);
|
||||||
|
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* aes_128_cbc_decrypt - AES-128 CBC decryption
|
||||||
|
* @key: Decryption key
|
||||||
|
* @iv: Decryption IV for CBC mode (16 bytes)
|
||||||
|
* @data: Data to decrypt in-place
|
||||||
|
* @data_len: Length of data in bytes (must be divisible by 16)
|
||||||
|
* Returns: 0 on success, -1 on failure
|
||||||
|
*/
|
||||||
|
int
|
||||||
|
aes_128_cbc_decrypt(const u8 *key, const u8 *iv, u8 *data, size_t data_len)
|
||||||
|
{
|
||||||
|
int ret = 0;
|
||||||
|
mbedtls_aes_context ctx;
|
||||||
|
u8 cbc[AES_BLOCK_SIZE];
|
||||||
|
|
||||||
|
mbedtls_aes_init(&ctx);
|
||||||
|
|
||||||
|
ret = mbedtls_aes_setkey_dec(&ctx, key, 128);
|
||||||
|
if(ret < 0) {
|
||||||
|
mbedtls_aes_free(&ctx);
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
|
||||||
|
os_memcpy(cbc, iv, AES_BLOCK_SIZE);
|
||||||
|
ret = mbedtls_aes_crypt_cbc(&ctx, MBEDTLS_AES_DECRYPT, data_len, cbc, data, data);
|
||||||
|
mbedtls_aes_free(&ctx);
|
||||||
|
|
||||||
|
return ret;
|
||||||
|
|
||||||
|
}
|
||||||
|
#else /* USE_MBEDTLS_CRYPTO */
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* aes_128_cbc_encrypt - AES-128 CBC encryption
|
* aes_128_cbc_encrypt - AES-128 CBC encryption
|
||||||
* @key: Encryption key
|
* @key: Encryption key
|
||||||
|
@ -86,3 +167,4 @@ aes_128_cbc_decrypt(const u8 *key, const u8 *iv, u8 *data, size_t data_len)
|
||||||
aes_decrypt_deinit(ctx);
|
aes_decrypt_deinit(ctx);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
#endif /* USE_MBEDTLS_CRYPTO */
|
||||||
|
|
|
@ -12,12 +12,31 @@
|
||||||
*
|
*
|
||||||
* See README and COPYING for more details.
|
* See README and COPYING for more details.
|
||||||
*/
|
*/
|
||||||
|
/*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
* you may not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Hardware crypto support Copyright 2017-2019 Espressif Systems (Shanghai) PTE LTD
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
#include "utils/includes.h"
|
#include "utils/includes.h"
|
||||||
|
|
||||||
#include "utils/common.h"
|
#include "utils/common.h"
|
||||||
|
#ifdef USE_MBEDTLS_CRYPTO
|
||||||
|
#include "mbedtls/aes.h"
|
||||||
|
#else /* USE_MBEDTLS_CRYPTO */
|
||||||
#include "crypto/aes.h"
|
#include "crypto/aes.h"
|
||||||
#include "crypto/aes_wrap.h"
|
#include "crypto/aes_wrap.h"
|
||||||
|
#endif /* USE_MBEDTLS_CRYPTO */
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* aes_unwrap - Unwrap key with AES Key Wrap Algorithm (128-bit KEK) (RFC3394)
|
* aes_unwrap - Unwrap key with AES Key Wrap Algorithm (128-bit KEK) (RFC3394)
|
||||||
|
@ -33,16 +52,30 @@ aes_unwrap(const u8 *kek, int n, const u8 *cipher, u8 *plain)
|
||||||
{
|
{
|
||||||
u8 a[8], *r, b[16];
|
u8 a[8], *r, b[16];
|
||||||
int i, j;
|
int i, j;
|
||||||
|
#ifdef USE_MBEDTLS_CRYPTO
|
||||||
|
int32_t ret = 0;
|
||||||
|
mbedtls_aes_context ctx;
|
||||||
|
#else /* USE_MBEDTLS_CRYPTO */
|
||||||
void *ctx;
|
void *ctx;
|
||||||
|
#endif /* USE_MBEDTLS_CRYPTO */
|
||||||
|
|
||||||
/* 1) Initialize variables. */
|
/* 1) Initialize variables. */
|
||||||
os_memcpy(a, cipher, 8);
|
os_memcpy(a, cipher, 8);
|
||||||
r = plain;
|
r = plain;
|
||||||
os_memcpy(r, cipher + 8, 8 * n);
|
os_memcpy(r, cipher + 8, 8 * n);
|
||||||
|
|
||||||
|
#ifdef USE_MBEDTLS_CRYPTO
|
||||||
|
mbedtls_aes_init(&ctx);
|
||||||
|
ret = mbedtls_aes_setkey_dec(&ctx, kek, 128);
|
||||||
|
if (ret < 0) {
|
||||||
|
mbedtls_aes_free(&ctx);
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
#else /* USE_MBEDTLS_CRYPTO */
|
||||||
ctx = aes_decrypt_init(kek, 16);
|
ctx = aes_decrypt_init(kek, 16);
|
||||||
if (ctx == NULL)
|
if (ctx == NULL)
|
||||||
return -1;
|
return -1;
|
||||||
|
#endif /* USE_MBEDTLS_CRYPTO */
|
||||||
|
|
||||||
/* 2) Compute intermediate values.
|
/* 2) Compute intermediate values.
|
||||||
* For j = 5 to 0
|
* For j = 5 to 0
|
||||||
|
@ -58,13 +91,21 @@ aes_unwrap(const u8 *kek, int n, const u8 *cipher, u8 *plain)
|
||||||
b[7] ^= n * j + i;
|
b[7] ^= n * j + i;
|
||||||
|
|
||||||
os_memcpy(b + 8, r, 8);
|
os_memcpy(b + 8, r, 8);
|
||||||
|
#ifdef USE_MBEDTLS_CRYPTO
|
||||||
|
ret = mbedtls_internal_aes_decrypt(&ctx, b, b);
|
||||||
|
#else /* USE_MBEDTLS_CRYPTO */
|
||||||
aes_decrypt(ctx, b, b);
|
aes_decrypt(ctx, b, b);
|
||||||
|
#endif /* USE_MBEDTLS_CRYPTO */
|
||||||
os_memcpy(a, b, 8);
|
os_memcpy(a, b, 8);
|
||||||
os_memcpy(r, b + 8, 8);
|
os_memcpy(r, b + 8, 8);
|
||||||
r -= 8;
|
r -= 8;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
#ifdef USE_MBEDTLS_CRYPTO
|
||||||
|
mbedtls_aes_free(&ctx);
|
||||||
|
#else /* USE_MBEDTLS_CRYPTO */
|
||||||
aes_decrypt_deinit(ctx);
|
aes_decrypt_deinit(ctx);
|
||||||
|
#endif /* USE_MBEDTLS_CRYPTO */
|
||||||
|
|
||||||
/* 3) Output results.
|
/* 3) Output results.
|
||||||
*
|
*
|
||||||
|
|
|
@ -6,12 +6,30 @@
|
||||||
* This software may be distributed under the terms of the BSD license.
|
* This software may be distributed under the terms of the BSD license.
|
||||||
* See README for more details.
|
* See README for more details.
|
||||||
*/
|
*/
|
||||||
|
/*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
* you may not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Hardware crypto support Copyright 2017-2019 Espressif Systems (Shanghai) PTE LTD
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
#include "utils/includes.h"
|
#include "utils/includes.h"
|
||||||
|
|
||||||
#include "utils/common.h"
|
#include "utils/common.h"
|
||||||
#include "crypto/aes.h"
|
#include "crypto/aes.h"
|
||||||
#include "crypto/aes_wrap.h"
|
#include "crypto/aes_wrap.h"
|
||||||
|
#ifdef USE_MBEDTLS_CRYPTO
|
||||||
|
#include "mbedtls/aes.h"
|
||||||
|
#endif /* USE_MBEDTLS_CRYPTO */
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* aes_wrap - Wrap keys with AES Key Wrap Algorithm (128-bit KEK) (RFC3394)
|
* aes_wrap - Wrap keys with AES Key Wrap Algorithm (128-bit KEK) (RFC3394)
|
||||||
|
@ -26,7 +44,12 @@ int aes_wrap(const u8 *kek, int n, const u8 *plain, u8 *cipher)
|
||||||
{
|
{
|
||||||
u8 *a, *r, b[16];
|
u8 *a, *r, b[16];
|
||||||
int i, j;
|
int i, j;
|
||||||
|
#ifdef USE_MBEDTLS_CRYPTO
|
||||||
|
int32_t ret = 0;
|
||||||
|
mbedtls_aes_context ctx;
|
||||||
|
#else /* USE_MBEDTLS_CRYPTO */
|
||||||
void *ctx;
|
void *ctx;
|
||||||
|
#endif /* USE_MBEDTLS_CRYPTO */
|
||||||
|
|
||||||
a = cipher;
|
a = cipher;
|
||||||
r = cipher + 8;
|
r = cipher + 8;
|
||||||
|
@ -35,9 +58,18 @@ int aes_wrap(const u8 *kek, int n, const u8 *plain, u8 *cipher)
|
||||||
os_memset(a, 0xa6, 8);
|
os_memset(a, 0xa6, 8);
|
||||||
os_memcpy(r, plain, 8 * n);
|
os_memcpy(r, plain, 8 * n);
|
||||||
|
|
||||||
|
#ifdef USE_MBEDTLS_CRYPTO
|
||||||
|
mbedtls_aes_init(&ctx);
|
||||||
|
ret = mbedtls_aes_setkey_enc(&ctx, kek, 128);
|
||||||
|
if (ret < 0) {
|
||||||
|
mbedtls_aes_free(&ctx);
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
#else /* USE_MBEDTLS_CRYPTO */
|
||||||
ctx = aes_encrypt_init(kek, 16);
|
ctx = aes_encrypt_init(kek, 16);
|
||||||
if (ctx == NULL)
|
if (ctx == NULL)
|
||||||
return -1;
|
return -1;
|
||||||
|
#endif /* USE_MBEDTLS_CRYPTO */
|
||||||
|
|
||||||
/* 2) Calculate intermediate values.
|
/* 2) Calculate intermediate values.
|
||||||
* For j = 0 to 5
|
* For j = 0 to 5
|
||||||
|
@ -51,14 +83,24 @@ int aes_wrap(const u8 *kek, int n, const u8 *plain, u8 *cipher)
|
||||||
for (i = 1; i <= n; i++) {
|
for (i = 1; i <= n; i++) {
|
||||||
os_memcpy(b, a, 8);
|
os_memcpy(b, a, 8);
|
||||||
os_memcpy(b + 8, r, 8);
|
os_memcpy(b + 8, r, 8);
|
||||||
|
#ifdef USE_MBEDTLS_CRYPTO
|
||||||
|
ret = mbedtls_internal_aes_encrypt(&ctx, b, b);
|
||||||
|
if (ret != 0)
|
||||||
|
break;
|
||||||
|
#else /* USE_MBEDTLS_CRYPTO */
|
||||||
aes_encrypt(ctx, b, b);
|
aes_encrypt(ctx, b, b);
|
||||||
|
#endif /* USE_MBEDTLS_CRYPTO */
|
||||||
os_memcpy(a, b, 8);
|
os_memcpy(a, b, 8);
|
||||||
a[7] ^= n * j + i;
|
a[7] ^= n * j + i;
|
||||||
os_memcpy(r, b + 8, 8);
|
os_memcpy(r, b + 8, 8);
|
||||||
r += 8;
|
r += 8;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
#ifdef USE_MBEDTLS_CRYPTO
|
||||||
|
mbedtls_aes_free(&ctx);
|
||||||
|
#else /* USE_MBEDTLS_CRYPTO */
|
||||||
aes_encrypt_deinit(ctx);
|
aes_encrypt_deinit(ctx);
|
||||||
|
#endif /* USE_MBEDTLS_CRYPTO */
|
||||||
|
|
||||||
/* 3) Output the results.
|
/* 3) Output the results.
|
||||||
*
|
*
|
||||||
|
|
|
@ -5,13 +5,32 @@
|
||||||
* This software may be distributed under the terms of the BSD license.
|
* This software may be distributed under the terms of the BSD license.
|
||||||
* See README for more details.
|
* See README for more details.
|
||||||
*/
|
*/
|
||||||
|
/*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
* you may not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Hardware crypto support Copyright 2017-2019 Espressif Systems (Shanghai) PTE LTD
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
#include "utils/common.h"
|
#include "utils/common.h"
|
||||||
|
#include "utils/includes.h"
|
||||||
#include "crypto/crypto.h"
|
#include "crypto/crypto.h"
|
||||||
#include "crypto/aes.h"
|
#include "crypto/aes.h"
|
||||||
#if defined(CONFIG_DES) || defined(CONFIG_DES3)
|
#if defined(CONFIG_DES) || defined(CONFIG_DES3)
|
||||||
#include "crypto/des_i.h"
|
#include "crypto/des_i.h"
|
||||||
#endif
|
#endif
|
||||||
|
#ifdef USE_MBEDTLS_CRYPTO
|
||||||
|
#include "mbedtls/aes.h"
|
||||||
|
#endif /* USE_MBEDTLS_CRYPTO */
|
||||||
|
|
||||||
struct crypto_cipher {
|
struct crypto_cipher {
|
||||||
enum crypto_cipher_alg alg;
|
enum crypto_cipher_alg alg;
|
||||||
|
@ -23,8 +42,13 @@ struct crypto_cipher {
|
||||||
} rc4;
|
} rc4;
|
||||||
struct {
|
struct {
|
||||||
u8 cbc[32];
|
u8 cbc[32];
|
||||||
|
#ifdef USE_MBEDTLS_CRYPTO
|
||||||
|
mbedtls_aes_context ctx_enc;
|
||||||
|
mbedtls_aes_context ctx_dec;
|
||||||
|
#else /* USE_MBEDTLS_CRYPTO */
|
||||||
void *ctx_enc;
|
void *ctx_enc;
|
||||||
void *ctx_dec;
|
void *ctx_dec;
|
||||||
|
#endif /* USE_MBEDTLS_CRYPTO */
|
||||||
} aes;
|
} aes;
|
||||||
#ifdef CONFIG_DES3
|
#ifdef CONFIG_DES3
|
||||||
struct {
|
struct {
|
||||||
|
@ -65,6 +89,12 @@ struct crypto_cipher * crypto_cipher_init(enum crypto_cipher_alg alg,
|
||||||
os_memcpy(ctx->u.rc4.key, key, key_len);
|
os_memcpy(ctx->u.rc4.key, key, key_len);
|
||||||
break;
|
break;
|
||||||
case CRYPTO_CIPHER_ALG_AES:
|
case CRYPTO_CIPHER_ALG_AES:
|
||||||
|
#ifdef USE_MBEDTLS_CRYPTO
|
||||||
|
mbedtls_aes_init(&(ctx->u.aes.ctx_enc));
|
||||||
|
mbedtls_aes_setkey_enc(&(ctx->u.aes.ctx_enc), key, key_len * 8);
|
||||||
|
mbedtls_aes_init(&(ctx->u.aes.ctx_dec));
|
||||||
|
mbedtls_aes_setkey_dec(&(ctx->u.aes.ctx_dec), key, key_len * 8);
|
||||||
|
#else /* USE_MBEDTLS_CRYPTO */
|
||||||
ctx->u.aes.ctx_enc = aes_encrypt_init(key, key_len);
|
ctx->u.aes.ctx_enc = aes_encrypt_init(key, key_len);
|
||||||
if (ctx->u.aes.ctx_enc == NULL) {
|
if (ctx->u.aes.ctx_enc == NULL) {
|
||||||
os_free(ctx);
|
os_free(ctx);
|
||||||
|
@ -76,6 +106,7 @@ struct crypto_cipher * crypto_cipher_init(enum crypto_cipher_alg alg,
|
||||||
os_free(ctx);
|
os_free(ctx);
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
#endif /* USE_MBEDTLS_CRYPTO */
|
||||||
os_memcpy(ctx->u.aes.cbc, iv, AES_BLOCK_SIZE);
|
os_memcpy(ctx->u.aes.cbc, iv, AES_BLOCK_SIZE);
|
||||||
break;
|
break;
|
||||||
#ifdef CONFIG_DES3
|
#ifdef CONFIG_DES3
|
||||||
|
@ -127,8 +158,14 @@ int crypto_cipher_encrypt(struct crypto_cipher *ctx, const u8 *plain,
|
||||||
for (i = 0; i < blocks; i++) {
|
for (i = 0; i < blocks; i++) {
|
||||||
for (j = 0; j < AES_BLOCK_SIZE; j++)
|
for (j = 0; j < AES_BLOCK_SIZE; j++)
|
||||||
ctx->u.aes.cbc[j] ^= plain[j];
|
ctx->u.aes.cbc[j] ^= plain[j];
|
||||||
|
#ifdef USE_MBEDTLS_CRYPTO
|
||||||
|
if (mbedtls_internal_aes_encrypt(&(ctx->u.aes.ctx_enc),
|
||||||
|
ctx->u.aes.cbc, ctx->u.aes.cbc) != 0)
|
||||||
|
return -1;
|
||||||
|
#else /* USE_MBEDTLS_CRYPTO */
|
||||||
aes_encrypt(ctx->u.aes.ctx_enc, ctx->u.aes.cbc,
|
aes_encrypt(ctx->u.aes.ctx_enc, ctx->u.aes.cbc,
|
||||||
ctx->u.aes.cbc);
|
ctx->u.aes.cbc);
|
||||||
|
#endif /* USE_MBEDTLS_CRYPTO */
|
||||||
os_memcpy(crypt, ctx->u.aes.cbc, AES_BLOCK_SIZE);
|
os_memcpy(crypt, ctx->u.aes.cbc, AES_BLOCK_SIZE);
|
||||||
plain += AES_BLOCK_SIZE;
|
plain += AES_BLOCK_SIZE;
|
||||||
crypt += AES_BLOCK_SIZE;
|
crypt += AES_BLOCK_SIZE;
|
||||||
|
@ -194,7 +231,13 @@ int crypto_cipher_decrypt(struct crypto_cipher *ctx, const u8 *crypt,
|
||||||
blocks = len / AES_BLOCK_SIZE;
|
blocks = len / AES_BLOCK_SIZE;
|
||||||
for (i = 0; i < blocks; i++) {
|
for (i = 0; i < blocks; i++) {
|
||||||
os_memcpy(tmp, crypt, AES_BLOCK_SIZE);
|
os_memcpy(tmp, crypt, AES_BLOCK_SIZE);
|
||||||
|
#ifdef USE_MBEDTLS_CRYPTO
|
||||||
|
if (mbedtls_internal_aes_decrypt(&(ctx->u.aes.ctx_dec),
|
||||||
|
crypt, plain) != 0)
|
||||||
|
return -1;
|
||||||
|
#else /* USE_MBEDTLS_CRYPTO */
|
||||||
aes_decrypt(ctx->u.aes.ctx_dec, crypt, plain);
|
aes_decrypt(ctx->u.aes.ctx_dec, crypt, plain);
|
||||||
|
#endif /* USE_MBEDTLS_CRYPTO */
|
||||||
for (j = 0; j < AES_BLOCK_SIZE; j++)
|
for (j = 0; j < AES_BLOCK_SIZE; j++)
|
||||||
plain[j] ^= ctx->u.aes.cbc[j];
|
plain[j] ^= ctx->u.aes.cbc[j];
|
||||||
os_memcpy(ctx->u.aes.cbc, tmp, AES_BLOCK_SIZE);
|
os_memcpy(ctx->u.aes.cbc, tmp, AES_BLOCK_SIZE);
|
||||||
|
@ -246,8 +289,13 @@ void crypto_cipher_deinit(struct crypto_cipher *ctx)
|
||||||
{
|
{
|
||||||
switch (ctx->alg) {
|
switch (ctx->alg) {
|
||||||
case CRYPTO_CIPHER_ALG_AES:
|
case CRYPTO_CIPHER_ALG_AES:
|
||||||
|
#ifdef USE_MBEDTLS_CRYPTO
|
||||||
|
mbedtls_aes_free(&(ctx->u.aes.ctx_enc));
|
||||||
|
mbedtls_aes_free(&(ctx->u.aes.ctx_dec));
|
||||||
|
#else /* USE_MBEDTLS_CRYPTO */
|
||||||
aes_encrypt_deinit(ctx->u.aes.ctx_enc);
|
aes_encrypt_deinit(ctx->u.aes.ctx_enc);
|
||||||
aes_decrypt_deinit(ctx->u.aes.ctx_dec);
|
aes_decrypt_deinit(ctx->u.aes.ctx_dec);
|
||||||
|
#endif /* USE_MBEDTLS_CRYPTO */
|
||||||
break;
|
break;
|
||||||
#ifdef CONFIG_DES3
|
#ifdef CONFIG_DES3
|
||||||
case CRYPTO_CIPHER_ALG_3DES:
|
case CRYPTO_CIPHER_ALG_3DES:
|
||||||
|
|
|
@ -11,14 +11,72 @@
|
||||||
*
|
*
|
||||||
* See README and COPYING for more details.
|
* See README and COPYING for more details.
|
||||||
*/
|
*/
|
||||||
|
/*
|
||||||
|
* Hardware crypto support Copyright 2017-2019 Espressif Systems (Shanghai) PTE LTD
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
* you may not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
#include "utils/includes.h"
|
#include "utils/includes.h"
|
||||||
|
|
||||||
#include "utils/common.h"
|
#include "utils/common.h"
|
||||||
|
#ifdef USE_MBEDTLS_CRYPTO
|
||||||
|
#include "mbedtls/bignum.h"
|
||||||
|
#else /* USE_MBEDTLS_CRYPTO */
|
||||||
#include "bignum.h"
|
#include "bignum.h"
|
||||||
|
#endif /* USE_MBEDTLS_CRYPTO */
|
||||||
#include "crypto/crypto.h"
|
#include "crypto/crypto.h"
|
||||||
|
|
||||||
|
#ifdef USE_MBEDTLS_CRYPTO
|
||||||
|
int
|
||||||
|
crypto_mod_exp(const uint8_t *base, size_t base_len,
|
||||||
|
const uint8_t *power, size_t power_len,
|
||||||
|
const uint8_t *modulus, size_t modulus_len,
|
||||||
|
uint8_t *result, size_t *result_len)
|
||||||
|
{
|
||||||
|
mbedtls_mpi bn_base, bn_exp, bn_modulus, bn_result, bn_rinv;
|
||||||
|
int ret = 0;
|
||||||
|
mbedtls_mpi_init(&bn_base);
|
||||||
|
mbedtls_mpi_init(&bn_exp);
|
||||||
|
mbedtls_mpi_init(&bn_modulus);
|
||||||
|
mbedtls_mpi_init(&bn_result);
|
||||||
|
mbedtls_mpi_init(&bn_rinv);
|
||||||
|
|
||||||
|
mbedtls_mpi_read_binary(&bn_base, base, base_len);
|
||||||
|
mbedtls_mpi_read_binary(&bn_exp, power, power_len);
|
||||||
|
mbedtls_mpi_read_binary(&bn_modulus, modulus, modulus_len);
|
||||||
|
|
||||||
|
ret = mbedtls_mpi_exp_mod(&bn_result, &bn_base, &bn_exp, &bn_modulus, &bn_rinv);
|
||||||
|
if (ret < 0) {
|
||||||
|
mbedtls_mpi_free(&bn_base);
|
||||||
|
mbedtls_mpi_free(&bn_exp);
|
||||||
|
mbedtls_mpi_free(&bn_modulus);
|
||||||
|
mbedtls_mpi_free(&bn_result);
|
||||||
|
mbedtls_mpi_free(&bn_rinv);
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
|
||||||
|
ret = mbedtls_mpi_write_binary(&bn_result, result, *result_len);
|
||||||
|
|
||||||
|
mbedtls_mpi_free(&bn_base);
|
||||||
|
mbedtls_mpi_free(&bn_exp);
|
||||||
|
mbedtls_mpi_free(&bn_modulus);
|
||||||
|
mbedtls_mpi_free(&bn_result);
|
||||||
|
mbedtls_mpi_free(&bn_rinv);
|
||||||
|
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
#else /* USE_MBEDTLS_CRYPTO */
|
||||||
int
|
int
|
||||||
crypto_mod_exp(const u8 *base, size_t base_len,
|
crypto_mod_exp(const u8 *base, size_t base_len,
|
||||||
const u8 *power, size_t power_len,
|
const u8 *power, size_t power_len,
|
||||||
|
@ -54,3 +112,4 @@ error:
|
||||||
bignum_deinit(bn_result);
|
bignum_deinit(bn_result);
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
#endif /* USE_MBEDTLS_CRYPTO */
|
||||||
|
|
|
@ -5,12 +5,30 @@
|
||||||
* This software may be distributed under the terms of the BSD license.
|
* This software may be distributed under the terms of the BSD license.
|
||||||
* See README for more details.
|
* See README for more details.
|
||||||
*/
|
*/
|
||||||
|
/*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
* you may not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Hardware crypto support Copyright 2017-2019 Espressif Systems (Shanghai) PTE LTD
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
#include "utils/includes.h"
|
#include "utils/includes.h"
|
||||||
#include "utils/common.h"
|
#include "utils/common.h"
|
||||||
#include "crypto/crypto.h"
|
#include "crypto/crypto.h"
|
||||||
#include "crypto/sha1_i.h"
|
#include "crypto/sha1_i.h"
|
||||||
#include "crypto/md5_i.h"
|
#include "crypto/md5_i.h"
|
||||||
|
#ifdef USE_MBEDTLS_CRYPTO
|
||||||
|
#include "mbedtls/sha256.h"
|
||||||
|
#endif
|
||||||
|
|
||||||
struct crypto_hash {
|
struct crypto_hash {
|
||||||
enum crypto_hash_alg alg;
|
enum crypto_hash_alg alg;
|
||||||
|
@ -18,7 +36,11 @@ struct crypto_hash {
|
||||||
struct MD5Context md5;
|
struct MD5Context md5;
|
||||||
struct SHA1Context sha1;
|
struct SHA1Context sha1;
|
||||||
#ifdef CONFIG_SHA256
|
#ifdef CONFIG_SHA256
|
||||||
|
#ifdef USE_MBEDTLS_CRYPTO
|
||||||
|
mbedtls_sha256_context sha256;
|
||||||
|
#else /* USE_MBEDTLS_CRYPTO */
|
||||||
struct sha256_state sha256;
|
struct sha256_state sha256;
|
||||||
|
#endif /* USE_MBEDTLS_CRYPTO */
|
||||||
#endif /* CONFIG_SHA256 */
|
#endif /* CONFIG_SHA256 */
|
||||||
} u;
|
} u;
|
||||||
u8 key[64];
|
u8 key[64];
|
||||||
|
@ -49,7 +71,12 @@ struct crypto_hash * crypto_hash_init(enum crypto_hash_alg alg, const u8 *key,
|
||||||
break;
|
break;
|
||||||
#ifdef CONFIG_SHA256
|
#ifdef CONFIG_SHA256
|
||||||
case CRYPTO_HASH_ALG_SHA256:
|
case CRYPTO_HASH_ALG_SHA256:
|
||||||
|
#ifdef USE_MBEDTLS_CRYPTO
|
||||||
|
mbedtls_sha256_init(&ctx->u.sha256);
|
||||||
|
mbedtls_sha256_starts(&ctx->u.sha256, 0);
|
||||||
|
#else /* USE_MBEDTLS_CRYPTO */
|
||||||
sha256_init(&ctx->u.sha256);
|
sha256_init(&ctx->u.sha256);
|
||||||
|
#endif /* USE_MBEDTLS_CRYPTO */
|
||||||
break;
|
break;
|
||||||
#endif /* CONFIG_SHA256 */
|
#endif /* CONFIG_SHA256 */
|
||||||
case CRYPTO_HASH_ALG_HMAC_MD5:
|
case CRYPTO_HASH_ALG_HMAC_MD5:
|
||||||
|
@ -93,9 +120,17 @@ struct crypto_hash * crypto_hash_init(enum crypto_hash_alg alg, const u8 *key,
|
||||||
#ifdef CONFIG_SHA256
|
#ifdef CONFIG_SHA256
|
||||||
case CRYPTO_HASH_ALG_HMAC_SHA256:
|
case CRYPTO_HASH_ALG_HMAC_SHA256:
|
||||||
if (key_len > sizeof(k_pad)) {
|
if (key_len > sizeof(k_pad)) {
|
||||||
|
#ifdef USE_MBEDTLS_CRYPTO
|
||||||
|
mbedtls_sha256_init(&ctx->u.sha256);
|
||||||
|
mbedtls_sha256_starts(&ctx->u.sha256, 0);
|
||||||
|
mbedtls_sha256_update(&ctx->u.sha256, key, key_len);
|
||||||
|
mbedtls_sha256_finish(&ctx->u.sha256, tk);
|
||||||
|
mbedtls_sha256_free(&ctx->u.sha256);
|
||||||
|
#else /* USE_MBEDTLS_CRYPTO */
|
||||||
sha256_init(&ctx->u.sha256);
|
sha256_init(&ctx->u.sha256);
|
||||||
sha256_process(&ctx->u.sha256, key, key_len);
|
sha256_process(&ctx->u.sha256, key, key_len);
|
||||||
sha256_done(&ctx->u.sha256, tk);
|
sha256_done(&ctx->u.sha256, tk);
|
||||||
|
#endif /* USE_MBEDTLS_CRYPTO */
|
||||||
key = tk;
|
key = tk;
|
||||||
key_len = 32;
|
key_len = 32;
|
||||||
}
|
}
|
||||||
|
@ -107,8 +142,14 @@ struct crypto_hash * crypto_hash_init(enum crypto_hash_alg alg, const u8 *key,
|
||||||
os_memset(k_pad + key_len, 0, sizeof(k_pad) - key_len);
|
os_memset(k_pad + key_len, 0, sizeof(k_pad) - key_len);
|
||||||
for (i = 0; i < sizeof(k_pad); i++)
|
for (i = 0; i < sizeof(k_pad); i++)
|
||||||
k_pad[i] ^= 0x36;
|
k_pad[i] ^= 0x36;
|
||||||
|
#ifdef USE_MBEDTLS_CRYPTO
|
||||||
|
mbedtls_sha256_init(&ctx->u.sha256);
|
||||||
|
mbedtls_sha256_starts(&ctx->u.sha256, 0);
|
||||||
|
mbedtls_sha256_update(&ctx->u.sha256, k_pad, sizeof(k_pad));
|
||||||
|
#else /* USE_MBEDTLS_CRYPTO */
|
||||||
sha256_init(&ctx->u.sha256);
|
sha256_init(&ctx->u.sha256);
|
||||||
sha256_process(&ctx->u.sha256, k_pad, sizeof(k_pad));
|
sha256_process(&ctx->u.sha256, k_pad, sizeof(k_pad));
|
||||||
|
#endif /* USE_MBEDTLS_CRYPTO */
|
||||||
break;
|
break;
|
||||||
#endif /* CONFIG_SHA256 */
|
#endif /* CONFIG_SHA256 */
|
||||||
default:
|
default:
|
||||||
|
@ -137,7 +178,11 @@ void crypto_hash_update(struct crypto_hash *ctx, const u8 *data, size_t len)
|
||||||
#ifdef CONFIG_SHA256
|
#ifdef CONFIG_SHA256
|
||||||
case CRYPTO_HASH_ALG_SHA256:
|
case CRYPTO_HASH_ALG_SHA256:
|
||||||
case CRYPTO_HASH_ALG_HMAC_SHA256:
|
case CRYPTO_HASH_ALG_HMAC_SHA256:
|
||||||
|
#ifdef USE_MBEDTLS_CRYPTO
|
||||||
|
mbedtls_sha256_update(&ctx->u.sha256, data, len);
|
||||||
|
#else /* USE_MBEDTLS_CRYPTO */
|
||||||
sha256_process(&ctx->u.sha256, data, len);
|
sha256_process(&ctx->u.sha256, data, len);
|
||||||
|
#endif /* USE_MBEDTLS_CRYPTO */
|
||||||
break;
|
break;
|
||||||
#endif /* CONFIG_SHA256 */
|
#endif /* CONFIG_SHA256 */
|
||||||
default:
|
default:
|
||||||
|
@ -186,7 +231,12 @@ int crypto_hash_finish(struct crypto_hash *ctx, u8 *mac, size_t *len)
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
*len = 32;
|
*len = 32;
|
||||||
|
#ifdef USE_MBEDTLS_CRYPTO
|
||||||
|
mbedtls_sha256_finish(&ctx->u.sha256, mac);
|
||||||
|
mbedtls_sha256_free(&ctx->u.sha256);
|
||||||
|
#else /* USE_MBEDTLS_CRYPTO */
|
||||||
sha256_done(&ctx->u.sha256, mac);
|
sha256_done(&ctx->u.sha256, mac);
|
||||||
|
#endif /* USE_MBEDTLS_CRYPTO */
|
||||||
break;
|
break;
|
||||||
#endif /* CONFIG_SHA256 */
|
#endif /* CONFIG_SHA256 */
|
||||||
case CRYPTO_HASH_ALG_HMAC_MD5:
|
case CRYPTO_HASH_ALG_HMAC_MD5:
|
||||||
|
@ -238,17 +288,31 @@ int crypto_hash_finish(struct crypto_hash *ctx, u8 *mac, size_t *len)
|
||||||
}
|
}
|
||||||
*len = 32;
|
*len = 32;
|
||||||
|
|
||||||
|
#ifdef USE_MBEDTLS_CRYPTO
|
||||||
|
mbedtls_sha256_finish(&ctx->u.sha256, mac);
|
||||||
|
mbedtls_sha256_free(&ctx->u.sha256);
|
||||||
|
#else /* USE_MBEDTLS_CRYPTO */
|
||||||
sha256_done(&ctx->u.sha256, mac);
|
sha256_done(&ctx->u.sha256, mac);
|
||||||
|
#endif /* USE_MBEDTLS_CRYPTO */
|
||||||
|
|
||||||
os_memcpy(k_pad, ctx->key, ctx->key_len);
|
os_memcpy(k_pad, ctx->key, ctx->key_len);
|
||||||
os_memset(k_pad + ctx->key_len, 0,
|
os_memset(k_pad + ctx->key_len, 0,
|
||||||
sizeof(k_pad) - ctx->key_len);
|
sizeof(k_pad) - ctx->key_len);
|
||||||
for (i = 0; i < sizeof(k_pad); i++)
|
for (i = 0; i < sizeof(k_pad); i++)
|
||||||
k_pad[i] ^= 0x5c;
|
k_pad[i] ^= 0x5c;
|
||||||
|
#ifdef USE_MBEDTLS_CRYPTO
|
||||||
|
mbedtls_sha256_init(&ctx->u.sha256);
|
||||||
|
mbedtls_sha256_starts(&ctx->u.sha256, 0);
|
||||||
|
mbedtls_sha256_update(&ctx->u.sha256, k_pad, sizeof(k_pad));
|
||||||
|
mbedtls_sha256_update(&ctx->u.sha256, mac, 32);
|
||||||
|
mbedtls_sha256_finish(&ctx->u.sha256, mac);
|
||||||
|
mbedtls_sha256_free(&ctx->u.sha256);
|
||||||
|
#else /* USE_MBEDTLS_CRYPTO */
|
||||||
sha256_init(&ctx->u.sha256);
|
sha256_init(&ctx->u.sha256);
|
||||||
sha256_process(&ctx->u.sha256, k_pad, sizeof(k_pad));
|
sha256_process(&ctx->u.sha256, k_pad, sizeof(k_pad));
|
||||||
sha256_process(&ctx->u.sha256, mac, 32);
|
sha256_process(&ctx->u.sha256, mac, 32);
|
||||||
sha256_done(&ctx->u.sha256, mac);
|
sha256_done(&ctx->u.sha256, mac);
|
||||||
|
#endif /* USE_MBEDTLS_CRYPTO */
|
||||||
break;
|
break;
|
||||||
#endif /* CONFIG_SHA256 */
|
#endif /* CONFIG_SHA256 */
|
||||||
default:
|
default:
|
||||||
|
|
|
@ -586,7 +586,7 @@ dh_init(const struct dh_group *dh, struct wpabuf **priv)
|
||||||
if (pv == NULL)
|
if (pv == NULL)
|
||||||
return NULL;
|
return NULL;
|
||||||
|
|
||||||
if (fast_crypto_mod_exp(dh->generator, dh->generator_len,
|
if (crypto_mod_exp(dh->generator, dh->generator_len,
|
||||||
wpabuf_head(*priv), wpabuf_len(*priv),
|
wpabuf_head(*priv), wpabuf_len(*priv),
|
||||||
dh->prime, dh->prime_len, wpabuf_mhead(pv),
|
dh->prime, dh->prime_len, wpabuf_mhead(pv),
|
||||||
&pv_len)) {
|
&pv_len)) {
|
||||||
|
@ -624,7 +624,7 @@ dh_derive_shared(const struct wpabuf *peer_public,
|
||||||
if (shared == NULL)
|
if (shared == NULL)
|
||||||
return NULL;
|
return NULL;
|
||||||
|
|
||||||
if (fast_crypto_mod_exp(wpabuf_head(peer_public), wpabuf_len(peer_public),
|
if (crypto_mod_exp(wpabuf_head(peer_public), wpabuf_len(peer_public),
|
||||||
wpabuf_head(own_private), wpabuf_len(own_private),
|
wpabuf_head(own_private), wpabuf_len(own_private),
|
||||||
dh->prime, dh->prime_len,
|
dh->prime, dh->prime_len,
|
||||||
wpabuf_mhead(shared), &shared_len)) {
|
wpabuf_mhead(shared), &shared_len)) {
|
||||||
|
|
|
@ -11,12 +11,73 @@
|
||||||
*
|
*
|
||||||
* See README and COPYING for more details.
|
* See README and COPYING for more details.
|
||||||
*/
|
*/
|
||||||
|
/*
|
||||||
|
* Hardware crypto support Copyright 2017-2019 Espressif Systems (Shanghai) PTE LTD
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
* you may not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
#include "utils/includes.h"
|
#include "utils/includes.h"
|
||||||
|
|
||||||
#include "utils/common.h"
|
#include "utils/common.h"
|
||||||
|
#ifdef USE_MBEDTLS_CRYPTO
|
||||||
|
#include "mbedtls/sha256.h"
|
||||||
|
#else /* USE_MBEDTLS_CRYPTO */
|
||||||
#include "crypto/sha256.h"
|
#include "crypto/sha256.h"
|
||||||
#include "crypto/crypto.h"
|
#include "crypto/crypto.h"
|
||||||
|
#endif /* USE_MBEDTLS_CRYPTO */
|
||||||
|
|
||||||
|
#ifdef USE_MBEDTLS_CRYPTO
|
||||||
|
/**
|
||||||
|
* sha256_vector - SHA256 hash for data vector
|
||||||
|
* @num_elem: Number of elements in the data vector
|
||||||
|
* @addr: Pointers to the data areas
|
||||||
|
* @len: Lengths of the data blocks
|
||||||
|
* @mac: Buffer for the hash
|
||||||
|
* Returns: 0 on success, -1 of failure
|
||||||
|
*/
|
||||||
|
int
|
||||||
|
sha256_vector(size_t num_elem, const u8 *addr[], const size_t *len,
|
||||||
|
u8 *mac)
|
||||||
|
{
|
||||||
|
int ret = 0;
|
||||||
|
mbedtls_sha256_context ctx;
|
||||||
|
|
||||||
|
mbedtls_sha256_init(&ctx);
|
||||||
|
|
||||||
|
if (mbedtls_sha256_starts_ret(&ctx, 0) != 0) {
|
||||||
|
ret = -1;
|
||||||
|
goto out;
|
||||||
|
}
|
||||||
|
|
||||||
|
for(size_t index = 0; index < num_elem; index++) {
|
||||||
|
if (mbedtls_sha256_update_ret(&ctx, addr[index], len[index]) != 0) {
|
||||||
|
ret = -1;
|
||||||
|
goto out;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if (mbedtls_sha256_finish_ret(&ctx, mac) != 0) {
|
||||||
|
ret = -1;
|
||||||
|
goto out;
|
||||||
|
}
|
||||||
|
|
||||||
|
out:
|
||||||
|
mbedtls_sha256_free(&ctx);
|
||||||
|
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
#else /* USE_MBEDTLS_CRYPTO */
|
||||||
|
|
||||||
#define SHA256_BLOCK_SIZE 64
|
#define SHA256_BLOCK_SIZE 64
|
||||||
|
|
||||||
|
@ -245,5 +306,6 @@ sha256_done(struct sha256_state *md, unsigned char *out)
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
#endif /* USE_MBEDTLS_CRYPTO */
|
||||||
|
|
||||||
/* ===== end - public domain SHA256 implementation ===== */
|
/* ===== end - public domain SHA256 implementation ===== */
|
||||||
|
|
|
@ -11,6 +11,21 @@
|
||||||
*
|
*
|
||||||
* See README and COPYING for more details.
|
* See README and COPYING for more details.
|
||||||
*/
|
*/
|
||||||
|
/*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
* you may not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Hardware crypto support Copyright 2017-2019 Espressif Systems (Shanghai) PTE LTD
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
#include "utils/includes.h"
|
#include "utils/includes.h"
|
||||||
|
|
||||||
|
|
|
@ -1,78 +0,0 @@
|
||||||
// Hardware crypto support Copyright 2017 Espressif Systems (Shanghai) PTE LTD
|
|
||||||
//
|
|
||||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
|
|
||||||
|
|
||||||
#include "utils/includes.h"
|
|
||||||
#include "utils/common.h"
|
|
||||||
#include "crypto/aes.h"
|
|
||||||
#include "crypto/aes_wrap.h"
|
|
||||||
#include "mbedtls/aes.h"
|
|
||||||
|
|
||||||
/**
|
|
||||||
* fast_aes_128_cbc_encrypt - AES-128 CBC encryption
|
|
||||||
* @key: Encryption key
|
|
||||||
* @iv: Encryption IV for CBC mode (16 bytes)
|
|
||||||
* @data: Data to encrypt in-place
|
|
||||||
* @data_len: Length of data in bytes (must be divisible by 16)
|
|
||||||
* Returns: 0 on success, -1 on failure
|
|
||||||
*/
|
|
||||||
int
|
|
||||||
fast_aes_128_cbc_encrypt(const uint8_t *key, const uint8_t *iv, uint8_t *data, size_t data_len)
|
|
||||||
{
|
|
||||||
int ret = 0;
|
|
||||||
mbedtls_aes_context ctx;
|
|
||||||
uint8_t cbc[AES_BLOCK_SIZE];
|
|
||||||
|
|
||||||
mbedtls_aes_init(&ctx);
|
|
||||||
|
|
||||||
ret = mbedtls_aes_setkey_enc(&ctx, key, 128);
|
|
||||||
|
|
||||||
if(ret < 0) {
|
|
||||||
mbedtls_aes_free(&ctx);
|
|
||||||
return ret;
|
|
||||||
}
|
|
||||||
|
|
||||||
os_memcpy(cbc, iv, AES_BLOCK_SIZE);
|
|
||||||
|
|
||||||
ret = mbedtls_aes_crypt_cbc(&ctx, MBEDTLS_AES_ENCRYPT, data_len, cbc, data, data);
|
|
||||||
|
|
||||||
mbedtls_aes_free(&ctx);
|
|
||||||
|
|
||||||
return ret;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
/**
|
|
||||||
* fast_aes_128_cbc_decrypt - AES-128 CBC decryption
|
|
||||||
* @key: Decryption key
|
|
||||||
* @iv: Decryption IV for CBC mode (16 bytes)
|
|
||||||
* @data: Data to decrypt in-place
|
|
||||||
* @data_len: Length of data in bytes (must be divisible by 16)
|
|
||||||
* Returns: 0 on success, -1 on failure
|
|
||||||
*/
|
|
||||||
int
|
|
||||||
fast_aes_128_cbc_decrypt(const uint8_t *key, const uint8_t *iv, uint8_t *data, size_t data_len)
|
|
||||||
{
|
|
||||||
int ret = 0;
|
|
||||||
mbedtls_aes_context ctx;
|
|
||||||
uint8_t cbc[AES_BLOCK_SIZE];
|
|
||||||
|
|
||||||
mbedtls_aes_init(&ctx);
|
|
||||||
|
|
||||||
ret = mbedtls_aes_setkey_dec(&ctx, key, 128);
|
|
||||||
|
|
||||||
if(ret < 0) {
|
|
||||||
mbedtls_aes_free(&ctx);
|
|
||||||
return ret;
|
|
||||||
}
|
|
||||||
|
|
||||||
os_memcpy(cbc, iv, AES_BLOCK_SIZE);
|
|
||||||
|
|
||||||
ret = mbedtls_aes_crypt_cbc(&ctx, MBEDTLS_AES_DECRYPT, data_len, cbc, data, data);
|
|
||||||
|
|
||||||
mbedtls_aes_free(&ctx);
|
|
||||||
|
|
||||||
return ret;
|
|
||||||
|
|
||||||
}
|
|
|
@ -1,84 +0,0 @@
|
||||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
// you may not use this file except in compliance with the License.
|
|
||||||
// You may obtain a copy of the License at
|
|
||||||
|
|
||||||
// http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
//
|
|
||||||
// Hardware crypto support Copyright 2017 Espressif Systems (Shanghai) PTE LTD
|
|
||||||
//
|
|
||||||
// Unless required by applicable law or agreed to in writing, software
|
|
||||||
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
// See the License for the specific language governing permissions and
|
|
||||||
// limitations under the License.
|
|
||||||
|
|
||||||
#include "utils/includes.h"
|
|
||||||
#include "utils/common.h"
|
|
||||||
#include "mbedtls/aes.h"
|
|
||||||
|
|
||||||
/**
|
|
||||||
* fast_aes_unwrap - Unwrap key with AES Key Wrap Algorithm (128-bit KEK) (RFC3394)
|
|
||||||
* @kek: Key encryption key (KEK)
|
|
||||||
* @n: Length of the plaintext key in 64-bit units; e.g., 2 = 128-bit = 16
|
|
||||||
* bytes
|
|
||||||
* @cipher: Wrapped key to be unwrapped, (n + 1) * 64 bits
|
|
||||||
* @plain: Plaintext key, n * 64 bits
|
|
||||||
* Returns: 0 on success, -1 on failure (e.g., integrity verification failed)
|
|
||||||
*/
|
|
||||||
int
|
|
||||||
fast_aes_unwrap(const uint8_t *kek, int n, const uint8_t *cipher, uint8_t *plain)
|
|
||||||
{
|
|
||||||
uint8_t a[8], *r, b[16];
|
|
||||||
int32_t i, j;
|
|
||||||
int32_t ret = 0;
|
|
||||||
mbedtls_aes_context ctx;
|
|
||||||
|
|
||||||
/* 1) Initialize variables. */
|
|
||||||
os_memcpy(a, cipher, 8);
|
|
||||||
r = plain;
|
|
||||||
os_memcpy(r, cipher + 8, 8 * n);
|
|
||||||
|
|
||||||
mbedtls_aes_init(&ctx);
|
|
||||||
ret = mbedtls_aes_setkey_dec(&ctx, kek, 128);
|
|
||||||
if (ret < 0) {
|
|
||||||
mbedtls_aes_free(&ctx);
|
|
||||||
return ret;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* 2) Compute intermediate values.
|
|
||||||
* For j = 5 to 0
|
|
||||||
* For i = n to 1
|
|
||||||
* B = AES-1(K, (A ^ t) | R[i]) where t = n*j+i
|
|
||||||
* A = MSB(64, B)
|
|
||||||
* R[i] = LSB(64, B)
|
|
||||||
*/
|
|
||||||
for (j = 5; j >= 0; j--) {
|
|
||||||
r = plain + (n - 1) * 8;
|
|
||||||
for (i = n; i >= 1; i--) {
|
|
||||||
os_memcpy(b, a, 8);
|
|
||||||
b[7] ^= n * j + i;
|
|
||||||
os_memcpy(b + 8, r, 8);
|
|
||||||
ret = mbedtls_internal_aes_decrypt(&ctx, b, b);
|
|
||||||
if (ret != 0) {
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
os_memcpy(a, b, 8);
|
|
||||||
os_memcpy(r, b + 8, 8);
|
|
||||||
r -= 8;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
mbedtls_aes_free(&ctx);
|
|
||||||
|
|
||||||
/* 3) Output results.
|
|
||||||
*
|
|
||||||
* These are already in @plain due to the location of temporary
|
|
||||||
* variables. Just verify that the IV matches with the expected value.
|
|
||||||
*/
|
|
||||||
for (i = 0; i < 8; i++) {
|
|
||||||
if (a[i] != 0xa6) {
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
return ret;
|
|
||||||
}
|
|
|
@ -1,83 +0,0 @@
|
||||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
// you may not use this file except in compliance with the License.
|
|
||||||
// You may obtain a copy of the License at
|
|
||||||
|
|
||||||
// http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
//
|
|
||||||
// Hardware crypto support Copyright 2017 Espressif Systems (Shanghai) PTE LTD
|
|
||||||
//
|
|
||||||
// Unless required by applicable law or agreed to in writing, software
|
|
||||||
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
// See the License for the specific language governing permissions and
|
|
||||||
// limitations under the License.
|
|
||||||
|
|
||||||
#include "utils/includes.h"
|
|
||||||
|
|
||||||
#include "utils/common.h"
|
|
||||||
#include "crypto/aes.h"
|
|
||||||
#include "crypto/aes_wrap.h"
|
|
||||||
#include "mbedtls/aes.h"
|
|
||||||
|
|
||||||
/**
|
|
||||||
* fast_aes_wrap - Wrap keys with AES Key Wrap Algorithm (128-bit KEK) (RFC3394)
|
|
||||||
* @kek: 16-octet Key encryption key (KEK)
|
|
||||||
* @n: Length of the plaintext key in 64-bit units; e.g., 2 = 128-bit = 16
|
|
||||||
* bytes
|
|
||||||
* @plain: Plaintext key to be wrapped, n * 64 bits
|
|
||||||
* @cipher: Wrapped key, (n + 1) * 64 bits
|
|
||||||
* Returns: 0 on success, -1 on failure
|
|
||||||
*/
|
|
||||||
int fast_aes_wrap(const uint8_t *kek, int n, const uint8_t *plain, uint8_t *cipher)
|
|
||||||
{
|
|
||||||
uint8_t *a, *r, b[16];
|
|
||||||
int32_t i, j;
|
|
||||||
int32_t ret = 0;
|
|
||||||
mbedtls_aes_context ctx;
|
|
||||||
|
|
||||||
a = cipher;
|
|
||||||
r = cipher + 8;
|
|
||||||
|
|
||||||
/* 1) Initialize variables. */
|
|
||||||
os_memset(a, 0xa6, 8);
|
|
||||||
os_memcpy(r, plain, 8 * n);
|
|
||||||
|
|
||||||
mbedtls_aes_init(&ctx);
|
|
||||||
ret = mbedtls_aes_setkey_enc(&ctx, kek, 128);
|
|
||||||
if (ret < 0) {
|
|
||||||
mbedtls_aes_free(&ctx);
|
|
||||||
return ret;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* 2) Calculate intermediate values.
|
|
||||||
* For j = 0 to 5
|
|
||||||
* For i=1 to n
|
|
||||||
* B = AES(K, A | R[i])
|
|
||||||
* A = MSB(64, B) ^ t where t = (n*j)+i
|
|
||||||
* R[i] = LSB(64, B)
|
|
||||||
*/
|
|
||||||
for (j = 0; j <= 5; j++) {
|
|
||||||
r = cipher + 8;
|
|
||||||
for (i = 1; i <= n; i++) {
|
|
||||||
os_memcpy(b, a, 8);
|
|
||||||
os_memcpy(b + 8, r, 8);
|
|
||||||
ret = mbedtls_internal_aes_encrypt(&ctx, b, b);
|
|
||||||
if (ret != 0) {
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
os_memcpy(a, b, 8);
|
|
||||||
a[7] ^= n * j + i;
|
|
||||||
os_memcpy(r, b + 8, 8);
|
|
||||||
r += 8;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
mbedtls_aes_free(&ctx);
|
|
||||||
|
|
||||||
/* 3) Output the results.
|
|
||||||
*
|
|
||||||
* These are already in @cipher due to the location of temporary
|
|
||||||
* variables.
|
|
||||||
*/
|
|
||||||
|
|
||||||
return ret;
|
|
||||||
}
|
|
|
@ -1,287 +0,0 @@
|
||||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
// you may not use this file except in compliance with the License.
|
|
||||||
// You may obtain a copy of the License at
|
|
||||||
|
|
||||||
// http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
//
|
|
||||||
// Hardware crypto support Copyright 2017 Espressif Systems (Shanghai) PTE LTD
|
|
||||||
//
|
|
||||||
// Unless required by applicable law or agreed to in writing, software
|
|
||||||
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
// See the License for the specific language governing permissions and
|
|
||||||
// limitations under the License.
|
|
||||||
|
|
||||||
//#include "utils/includes.h"
|
|
||||||
|
|
||||||
//#include "utils/common.h"
|
|
||||||
#include "utils/common.h"
|
|
||||||
#include "crypto/crypto.h"
|
|
||||||
#include "crypto/aes.h"
|
|
||||||
#if defined(CONFIG_DES) || defined(CONFIG_DES3)
|
|
||||||
#include "crypto/des_i.h"
|
|
||||||
#endif
|
|
||||||
#include "mbedtls/aes.h"
|
|
||||||
|
|
||||||
struct fast_crypto_cipher {
|
|
||||||
enum crypto_cipher_alg alg;
|
|
||||||
union {
|
|
||||||
struct {
|
|
||||||
size_t used_bytes;
|
|
||||||
uint8_t key[16];
|
|
||||||
size_t keylen;
|
|
||||||
} rc4;
|
|
||||||
struct {
|
|
||||||
uint8_t cbc[32];
|
|
||||||
mbedtls_aes_context ctx_enc;
|
|
||||||
mbedtls_aes_context ctx_dec;
|
|
||||||
} aes;
|
|
||||||
#ifdef CONFIG_DES3
|
|
||||||
struct {
|
|
||||||
struct des3_key_s key;
|
|
||||||
uint8_t cbc[8];
|
|
||||||
} des3;
|
|
||||||
#endif
|
|
||||||
#ifdef CONFIG_DES
|
|
||||||
struct {
|
|
||||||
uint32_t ek[32];
|
|
||||||
uint32_t dk[32];
|
|
||||||
uint32_t cbc[8];
|
|
||||||
} des;
|
|
||||||
#endif
|
|
||||||
} u;
|
|
||||||
};
|
|
||||||
|
|
||||||
|
|
||||||
struct crypto_cipher * fast_crypto_cipher_init(enum crypto_cipher_alg alg,
|
|
||||||
const uint8_t *iv, const uint8_t *key,
|
|
||||||
size_t key_len)
|
|
||||||
{
|
|
||||||
struct fast_crypto_cipher *ctx;
|
|
||||||
|
|
||||||
ctx = (struct fast_crypto_cipher *)os_zalloc(sizeof(*ctx));
|
|
||||||
if (ctx == NULL) {
|
|
||||||
return NULL;
|
|
||||||
}
|
|
||||||
|
|
||||||
ctx->alg = alg;
|
|
||||||
|
|
||||||
switch (alg) {
|
|
||||||
case CRYPTO_CIPHER_ALG_RC4:
|
|
||||||
if (key_len > sizeof(ctx->u.rc4.key)) {
|
|
||||||
os_free(ctx);
|
|
||||||
return NULL;
|
|
||||||
}
|
|
||||||
ctx->u.rc4.keylen = key_len;
|
|
||||||
os_memcpy(ctx->u.rc4.key, key, key_len);
|
|
||||||
break;
|
|
||||||
case CRYPTO_CIPHER_ALG_AES:
|
|
||||||
mbedtls_aes_init(&(ctx->u.aes.ctx_enc));
|
|
||||||
mbedtls_aes_setkey_enc(&(ctx->u.aes.ctx_enc), key, key_len * 8);
|
|
||||||
mbedtls_aes_init(&(ctx->u.aes.ctx_dec));
|
|
||||||
mbedtls_aes_setkey_dec(&(ctx->u.aes.ctx_dec), key, key_len * 8);
|
|
||||||
os_memcpy(ctx->u.aes.cbc, iv, AES_BLOCK_SIZE);
|
|
||||||
break;
|
|
||||||
#ifdef CONFIG_DES3
|
|
||||||
case CRYPTO_CIPHER_ALG_3DES:
|
|
||||||
if (key_len != 24) {
|
|
||||||
os_free(ctx);
|
|
||||||
return NULL;
|
|
||||||
}
|
|
||||||
des3_key_setup(key, &ctx->u.des3.key);
|
|
||||||
os_memcpy(ctx->u.des3.cbc, iv, 8);
|
|
||||||
break;
|
|
||||||
#endif
|
|
||||||
#ifdef CONFIG_DES
|
|
||||||
case CRYPTO_CIPHER_ALG_DES:
|
|
||||||
if (key_len != 8) {
|
|
||||||
os_free(ctx);
|
|
||||||
return NULL;
|
|
||||||
}
|
|
||||||
des_key_setup(key, ctx->u.des.ek, ctx->u.des.dk);
|
|
||||||
os_memcpy(ctx->u.des.cbc, iv, 8);
|
|
||||||
break;
|
|
||||||
#endif
|
|
||||||
default:
|
|
||||||
os_free(ctx);
|
|
||||||
return NULL;
|
|
||||||
}
|
|
||||||
|
|
||||||
return (struct crypto_cipher *)ctx;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
int fast_crypto_cipher_encrypt(struct crypto_cipher *ctx, const uint8_t *plain,
|
|
||||||
uint8_t *crypt, size_t len)
|
|
||||||
{
|
|
||||||
size_t i, j, blocks;
|
|
||||||
struct fast_crypto_cipher *fast_ctx;
|
|
||||||
|
|
||||||
fast_ctx = (struct fast_crypto_cipher *)ctx;
|
|
||||||
|
|
||||||
switch (fast_ctx->alg) {
|
|
||||||
case CRYPTO_CIPHER_ALG_RC4:
|
|
||||||
if (plain != crypt) {
|
|
||||||
os_memcpy(crypt, plain, len);
|
|
||||||
}
|
|
||||||
rc4_skip(fast_ctx->u.rc4.key, fast_ctx->u.rc4.keylen,
|
|
||||||
fast_ctx->u.rc4.used_bytes, crypt, len);
|
|
||||||
fast_ctx->u.rc4.used_bytes += len;
|
|
||||||
break;
|
|
||||||
case CRYPTO_CIPHER_ALG_AES:
|
|
||||||
if (len % AES_BLOCK_SIZE) {
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
blocks = len / AES_BLOCK_SIZE;
|
|
||||||
for (i = 0; i < blocks; i++) {
|
|
||||||
for (j = 0; j < AES_BLOCK_SIZE; j++)
|
|
||||||
fast_ctx->u.aes.cbc[j] ^= plain[j];
|
|
||||||
if (mbedtls_internal_aes_encrypt(&(fast_ctx->u.aes.ctx_enc), fast_ctx->u.aes.cbc, fast_ctx->u.aes.cbc) != 0) {
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
os_memcpy(crypt, fast_ctx->u.aes.cbc, AES_BLOCK_SIZE);
|
|
||||||
plain += AES_BLOCK_SIZE;
|
|
||||||
crypt += AES_BLOCK_SIZE;
|
|
||||||
}
|
|
||||||
break;
|
|
||||||
#ifdef CONFIG_DES3
|
|
||||||
case CRYPTO_CIPHER_ALG_3DES:
|
|
||||||
if (len % 8) {
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
blocks = len / 8;
|
|
||||||
for (i = 0; i < blocks; i++) {
|
|
||||||
for (j = 0; j < 8; j++)
|
|
||||||
fast_ctx->u.des3.cbc[j] ^= plain[j];
|
|
||||||
des3_encrypt(fast_ctx->u.des3.cbc, &fast_ctx->u.des3.key,
|
|
||||||
fast_ctx->u.des3.cbc);
|
|
||||||
os_memcpy(crypt, fast_ctx->u.des3.cbc, 8);
|
|
||||||
plain += 8;
|
|
||||||
crypt += 8;
|
|
||||||
}
|
|
||||||
break;
|
|
||||||
#endif
|
|
||||||
#ifdef CONFIG_DES
|
|
||||||
case CRYPTO_CIPHER_ALG_DES:
|
|
||||||
if (len % 8) {
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
blocks = len / 8;
|
|
||||||
for (i = 0; i < blocks; i++) {
|
|
||||||
for (j = 0; j < 8; j++)
|
|
||||||
fast_ctx->u.des3.cbc[j] ^= plain[j];
|
|
||||||
des_block_encrypt(fast_ctx->u.des.cbc, fast_ctx->u.des.ek,
|
|
||||||
fast_ctx->u.des.cbc);
|
|
||||||
os_memcpy(crypt, fast_ctx->u.des.cbc, 8);
|
|
||||||
plain += 8;
|
|
||||||
crypt += 8;
|
|
||||||
}
|
|
||||||
break;
|
|
||||||
#endif
|
|
||||||
default:
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
int fast_crypto_cipher_decrypt(struct crypto_cipher *ctx, const uint8_t *crypt,
|
|
||||||
uint8_t *plain, size_t len)
|
|
||||||
{
|
|
||||||
size_t i, j, blocks;
|
|
||||||
uint8_t tmp[32];
|
|
||||||
struct fast_crypto_cipher *fast_ctx;
|
|
||||||
|
|
||||||
fast_ctx = (struct fast_crypto_cipher *)ctx;
|
|
||||||
|
|
||||||
switch (fast_ctx->alg) {
|
|
||||||
case CRYPTO_CIPHER_ALG_RC4:
|
|
||||||
if (plain != crypt) {
|
|
||||||
os_memcpy(plain, crypt, len);
|
|
||||||
}
|
|
||||||
rc4_skip(fast_ctx->u.rc4.key, fast_ctx->u.rc4.keylen,
|
|
||||||
fast_ctx->u.rc4.used_bytes, plain, len);
|
|
||||||
fast_ctx->u.rc4.used_bytes += len;
|
|
||||||
break;
|
|
||||||
case CRYPTO_CIPHER_ALG_AES:
|
|
||||||
if (len % AES_BLOCK_SIZE) {
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
blocks = len / AES_BLOCK_SIZE;
|
|
||||||
for (i = 0; i < blocks; i++) {
|
|
||||||
os_memcpy(tmp, crypt, AES_BLOCK_SIZE);
|
|
||||||
if (mbedtls_internal_aes_decrypt(&(fast_ctx->u.aes.ctx_dec), crypt, plain) != 0) {
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
for (j = 0; j < AES_BLOCK_SIZE; j++)
|
|
||||||
plain[j] ^= fast_ctx->u.aes.cbc[j];
|
|
||||||
os_memcpy(fast_ctx->u.aes.cbc, tmp, AES_BLOCK_SIZE);
|
|
||||||
plain += AES_BLOCK_SIZE;
|
|
||||||
crypt += AES_BLOCK_SIZE;
|
|
||||||
}
|
|
||||||
break;
|
|
||||||
#ifdef CONFIG_DES3
|
|
||||||
case CRYPTO_CIPHER_ALG_3DES:
|
|
||||||
if (len % 8) {
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
blocks = len / 8;
|
|
||||||
for (i = 0; i < blocks; i++) {
|
|
||||||
os_memcpy(tmp, crypt, 8);
|
|
||||||
des3_decrypt(crypt, &fast_ctx->u.des3.key, plain);
|
|
||||||
for (j = 0; j < 8; j++) {
|
|
||||||
plain[j] ^= fast_ctx->u.des3.cbc[j];
|
|
||||||
}
|
|
||||||
os_memcpy(fast_ctx->u.des3.cbc, tmp, 8);
|
|
||||||
plain += 8;
|
|
||||||
crypt += 8;
|
|
||||||
}
|
|
||||||
break;
|
|
||||||
#endif
|
|
||||||
#ifdef CONFIG_DES
|
|
||||||
case CRYPTO_CIPHER_ALG_DES:
|
|
||||||
if (len % 8) {
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
blocks = len / 8;
|
|
||||||
for (i = 0; i < blocks; i++) {
|
|
||||||
os_memcpy(tmp, crypt, 8);
|
|
||||||
des_block_decrypt(crypt, fast_ctx->u.des.dk, plain);
|
|
||||||
for (j = 0; j < 8; j++) {
|
|
||||||
plain[j] ^= fast_ctx->u.des.cbc[j];
|
|
||||||
}
|
|
||||||
os_memcpy(fast_ctx->u.des.cbc, tmp, 8);
|
|
||||||
plain += 8;
|
|
||||||
crypt += 8;
|
|
||||||
}
|
|
||||||
break;
|
|
||||||
#endif
|
|
||||||
default:
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
void fast_crypto_cipher_deinit(struct crypto_cipher *ctx)
|
|
||||||
{
|
|
||||||
struct fast_crypto_cipher *fast_ctx;
|
|
||||||
|
|
||||||
fast_ctx = (struct fast_crypto_cipher *)ctx;
|
|
||||||
|
|
||||||
switch (fast_ctx->alg) {
|
|
||||||
case CRYPTO_CIPHER_ALG_AES:
|
|
||||||
mbedtls_aes_free(&(fast_ctx->u.aes.ctx_enc));
|
|
||||||
mbedtls_aes_free(&(fast_ctx->u.aes.ctx_dec));
|
|
||||||
break;
|
|
||||||
#ifdef CONFIG_DES3
|
|
||||||
case CRYPTO_CIPHER_ALG_3DES:
|
|
||||||
break;
|
|
||||||
#endif
|
|
||||||
default:
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
os_free(ctx);
|
|
||||||
}
|
|
|
@ -1,59 +0,0 @@
|
||||||
// Hardware crypto support Copyright 2017 Espressif Systems (Shanghai) PTE LTD
|
|
||||||
//
|
|
||||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
// you may not use this file except in compliance with the License.
|
|
||||||
// You may obtain a copy of the License at
|
|
||||||
|
|
||||||
// http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
//
|
|
||||||
// Unless required by applicable law or agreed to in writing, software
|
|
||||||
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
// See the License for the specific language governing permissions and
|
|
||||||
// limitations under the License.
|
|
||||||
|
|
||||||
#include "utils/includes.h"
|
|
||||||
|
|
||||||
#include "utils/common.h"
|
|
||||||
#include "crypto/crypto.h"
|
|
||||||
#include "mbedtls/bignum.h"
|
|
||||||
|
|
||||||
int
|
|
||||||
fast_crypto_mod_exp(const uint8_t *base, size_t base_len,
|
|
||||||
const uint8_t *power, size_t power_len,
|
|
||||||
const uint8_t *modulus, size_t modulus_len,
|
|
||||||
uint8_t *result, size_t *result_len)
|
|
||||||
{
|
|
||||||
mbedtls_mpi bn_base, bn_exp, bn_modulus, bn_result, bn_rinv;
|
|
||||||
int32_t ret = 0;
|
|
||||||
mbedtls_mpi_init(&bn_base);
|
|
||||||
mbedtls_mpi_init(&bn_exp);
|
|
||||||
mbedtls_mpi_init(&bn_modulus);
|
|
||||||
mbedtls_mpi_init(&bn_result);
|
|
||||||
mbedtls_mpi_init(&bn_rinv);
|
|
||||||
|
|
||||||
mbedtls_mpi_read_binary(&bn_base, base, base_len);
|
|
||||||
mbedtls_mpi_read_binary(&bn_exp, power, power_len);
|
|
||||||
mbedtls_mpi_read_binary(&bn_modulus, modulus, modulus_len);
|
|
||||||
|
|
||||||
ret = mbedtls_mpi_exp_mod(&bn_result, &bn_base, &bn_exp, &bn_modulus, &bn_rinv);
|
|
||||||
if (ret < 0) {
|
|
||||||
mbedtls_mpi_free(&bn_base);
|
|
||||||
mbedtls_mpi_free(&bn_exp);
|
|
||||||
mbedtls_mpi_free(&bn_modulus);
|
|
||||||
mbedtls_mpi_free(&bn_result);
|
|
||||||
mbedtls_mpi_free(&bn_rinv);
|
|
||||||
return ret;
|
|
||||||
}
|
|
||||||
|
|
||||||
ret = mbedtls_mpi_write_binary(&bn_result, result, *result_len);
|
|
||||||
|
|
||||||
|
|
||||||
mbedtls_mpi_free(&bn_base);
|
|
||||||
mbedtls_mpi_free(&bn_exp);
|
|
||||||
mbedtls_mpi_free(&bn_modulus);
|
|
||||||
mbedtls_mpi_free(&bn_result);
|
|
||||||
mbedtls_mpi_free(&bn_rinv);
|
|
||||||
|
|
||||||
return ret;
|
|
||||||
}
|
|
|
@ -1,278 +0,0 @@
|
||||||
/*
|
|
||||||
* Crypto wrapper for internal crypto implementation
|
|
||||||
* Copyright (c) 2006-2011, Jouni Malinen <j@w1.fi>
|
|
||||||
*
|
|
||||||
* Hardware crypto support Copyright 2017 Espressif Systems (Shanghai) PTE LTD
|
|
||||||
*
|
|
||||||
* This software may be distributed under the terms of the BSD license.
|
|
||||||
* See README for more details.
|
|
||||||
*/
|
|
||||||
|
|
||||||
#include "utils/includes.h"
|
|
||||||
#include "utils/common.h"
|
|
||||||
#include "crypto/crypto.h"
|
|
||||||
#include "crypto/sha1_i.h"
|
|
||||||
#include "crypto/md5_i.h"
|
|
||||||
#include "mbedtls/sha256.h"
|
|
||||||
|
|
||||||
|
|
||||||
struct fast_crypto_hash {
|
|
||||||
enum crypto_hash_alg alg;
|
|
||||||
union {
|
|
||||||
struct MD5Context md5;
|
|
||||||
struct SHA1Context sha1;
|
|
||||||
#ifdef CONFIG_SHA256
|
|
||||||
mbedtls_sha256_context sha256;
|
|
||||||
#endif /* CONFIG_SHA256 */
|
|
||||||
} u;
|
|
||||||
u8 key[64];
|
|
||||||
size_t key_len;
|
|
||||||
};
|
|
||||||
|
|
||||||
struct crypto_hash * fast_crypto_hash_init(enum crypto_hash_alg alg, const u8 *key,
|
|
||||||
size_t key_len)
|
|
||||||
{
|
|
||||||
struct fast_crypto_hash *ctx;
|
|
||||||
u8 k_pad[64];
|
|
||||||
u8 tk[32];
|
|
||||||
size_t i;
|
|
||||||
|
|
||||||
ctx = (struct fast_crypto_hash *)os_zalloc(sizeof(*ctx));
|
|
||||||
if (ctx == NULL)
|
|
||||||
return NULL;
|
|
||||||
|
|
||||||
ctx->alg = alg;
|
|
||||||
|
|
||||||
switch (alg) {
|
|
||||||
case CRYPTO_HASH_ALG_MD5:
|
|
||||||
MD5Init(&ctx->u.md5);
|
|
||||||
break;
|
|
||||||
case CRYPTO_HASH_ALG_SHA1:
|
|
||||||
SHA1Init(&ctx->u.sha1);
|
|
||||||
break;
|
|
||||||
#ifdef CONFIG_SHA256
|
|
||||||
case CRYPTO_HASH_ALG_SHA256:
|
|
||||||
mbedtls_sha256_init(&ctx->u.sha256);
|
|
||||||
mbedtls_sha256_starts(&ctx->u.sha256, 0);
|
|
||||||
break;
|
|
||||||
#endif /* CONFIG_SHA256 */
|
|
||||||
case CRYPTO_HASH_ALG_HMAC_MD5:
|
|
||||||
if (key_len > sizeof(k_pad)) {
|
|
||||||
MD5Init(&ctx->u.md5);
|
|
||||||
MD5Update(&ctx->u.md5, key, key_len);
|
|
||||||
MD5Final(tk, &ctx->u.md5);
|
|
||||||
key = tk;
|
|
||||||
key_len = 16;
|
|
||||||
}
|
|
||||||
os_memcpy(ctx->key, key, key_len);
|
|
||||||
ctx->key_len = key_len;
|
|
||||||
|
|
||||||
os_memcpy(k_pad, key, key_len);
|
|
||||||
if (key_len < sizeof(k_pad))
|
|
||||||
os_memset(k_pad + key_len, 0, sizeof(k_pad) - key_len);
|
|
||||||
for (i = 0; i < sizeof(k_pad); i++)
|
|
||||||
k_pad[i] ^= 0x36;
|
|
||||||
MD5Init(&ctx->u.md5);
|
|
||||||
MD5Update(&ctx->u.md5, k_pad, sizeof(k_pad));
|
|
||||||
break;
|
|
||||||
case CRYPTO_HASH_ALG_HMAC_SHA1:
|
|
||||||
if (key_len > sizeof(k_pad)) {
|
|
||||||
SHA1Init(&ctx->u.sha1);
|
|
||||||
SHA1Update(&ctx->u.sha1, key, key_len);
|
|
||||||
SHA1Final(tk, &ctx->u.sha1);
|
|
||||||
key = tk;
|
|
||||||
key_len = 20;
|
|
||||||
}
|
|
||||||
os_memcpy(ctx->key, key, key_len);
|
|
||||||
ctx->key_len = key_len;
|
|
||||||
|
|
||||||
os_memcpy(k_pad, key, key_len);
|
|
||||||
if (key_len < sizeof(k_pad))
|
|
||||||
os_memset(k_pad + key_len, 0, sizeof(k_pad) - key_len);
|
|
||||||
for (i = 0; i < sizeof(k_pad); i++)
|
|
||||||
k_pad[i] ^= 0x36;
|
|
||||||
SHA1Init(&ctx->u.sha1);
|
|
||||||
SHA1Update(&ctx->u.sha1, k_pad, sizeof(k_pad));
|
|
||||||
break;
|
|
||||||
#ifdef CONFIG_SHA256
|
|
||||||
case CRYPTO_HASH_ALG_HMAC_SHA256:
|
|
||||||
if (key_len > sizeof(k_pad)) {
|
|
||||||
mbedtls_sha256_init(&ctx->u.sha256);
|
|
||||||
mbedtls_sha256_starts(&ctx->u.sha256, 0);
|
|
||||||
mbedtls_sha256_update(&ctx->u.sha256, key, key_len);
|
|
||||||
mbedtls_sha256_finish(&ctx->u.sha256, tk);
|
|
||||||
mbedtls_sha256_free(&ctx->u.sha256);
|
|
||||||
key = tk;
|
|
||||||
key_len = 32;
|
|
||||||
}
|
|
||||||
os_memcpy(ctx->key, key, key_len);
|
|
||||||
ctx->key_len = key_len;
|
|
||||||
|
|
||||||
os_memcpy(k_pad, key, key_len);
|
|
||||||
if (key_len < sizeof(k_pad))
|
|
||||||
os_memset(k_pad + key_len, 0, sizeof(k_pad) - key_len);
|
|
||||||
for (i = 0; i < sizeof(k_pad); i++)
|
|
||||||
k_pad[i] ^= 0x36;
|
|
||||||
mbedtls_sha256_init(&ctx->u.sha256);
|
|
||||||
mbedtls_sha256_starts(&ctx->u.sha256, 0);
|
|
||||||
mbedtls_sha256_update(&ctx->u.sha256, k_pad, sizeof(k_pad));
|
|
||||||
break;
|
|
||||||
#endif /* CONFIG_SHA256 */
|
|
||||||
default:
|
|
||||||
os_free(ctx);
|
|
||||||
return NULL;
|
|
||||||
}
|
|
||||||
|
|
||||||
return (struct crypto_hash *)ctx;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
void fast_crypto_hash_update(struct crypto_hash *ctx, const u8 *data, size_t len)
|
|
||||||
{
|
|
||||||
|
|
||||||
struct fast_crypto_hash *fast_ctx;
|
|
||||||
fast_ctx = (struct fast_crypto_hash *)ctx;
|
|
||||||
|
|
||||||
if (fast_ctx == NULL)
|
|
||||||
return;
|
|
||||||
|
|
||||||
switch (fast_ctx->alg) {
|
|
||||||
case CRYPTO_HASH_ALG_MD5:
|
|
||||||
case CRYPTO_HASH_ALG_HMAC_MD5:
|
|
||||||
MD5Update(&fast_ctx->u.md5, data, len);
|
|
||||||
break;
|
|
||||||
case CRYPTO_HASH_ALG_SHA1:
|
|
||||||
case CRYPTO_HASH_ALG_HMAC_SHA1:
|
|
||||||
SHA1Update(&fast_ctx->u.sha1, data, len);
|
|
||||||
break;
|
|
||||||
#ifdef CONFIG_SHA256
|
|
||||||
case CRYPTO_HASH_ALG_SHA256:
|
|
||||||
case CRYPTO_HASH_ALG_HMAC_SHA256:
|
|
||||||
mbedtls_sha256_update(&fast_ctx->u.sha256, data, len);
|
|
||||||
break;
|
|
||||||
#endif /* CONFIG_SHA256 */
|
|
||||||
default:
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
int fast_crypto_hash_finish(struct crypto_hash *ctx, u8 *mac, size_t *len)
|
|
||||||
{
|
|
||||||
u8 k_pad[64];
|
|
||||||
size_t i;
|
|
||||||
struct fast_crypto_hash *fast_ctx;
|
|
||||||
|
|
||||||
if (ctx == NULL)
|
|
||||||
return -2;
|
|
||||||
|
|
||||||
fast_ctx = (struct fast_crypto_hash *)ctx;
|
|
||||||
|
|
||||||
if (mac == NULL || len == NULL) {
|
|
||||||
os_free(fast_ctx);
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
switch (fast_ctx->alg) {
|
|
||||||
case CRYPTO_HASH_ALG_MD5:
|
|
||||||
if (*len < 16) {
|
|
||||||
*len = 16;
|
|
||||||
os_free(fast_ctx);
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
*len = 16;
|
|
||||||
MD5Final(mac, &fast_ctx->u.md5);
|
|
||||||
break;
|
|
||||||
case CRYPTO_HASH_ALG_SHA1:
|
|
||||||
if (*len < 20) {
|
|
||||||
*len = 20;
|
|
||||||
os_free(fast_ctx);
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
*len = 20;
|
|
||||||
SHA1Final(mac, &fast_ctx->u.sha1);
|
|
||||||
break;
|
|
||||||
#ifdef CONFIG_SHA256
|
|
||||||
case CRYPTO_HASH_ALG_SHA256:
|
|
||||||
if (*len < 32) {
|
|
||||||
*len = 32;
|
|
||||||
os_free(fast_ctx);
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
*len = 32;
|
|
||||||
mbedtls_sha256_finish(&fast_ctx->u.sha256, mac);
|
|
||||||
mbedtls_sha256_free(&fast_ctx->u.sha256);
|
|
||||||
break;
|
|
||||||
#endif /* CONFIG_SHA256 */
|
|
||||||
case CRYPTO_HASH_ALG_HMAC_MD5:
|
|
||||||
if (*len < 16) {
|
|
||||||
*len = 16;
|
|
||||||
os_free(fast_ctx);
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
*len = 16;
|
|
||||||
|
|
||||||
MD5Final(mac, &fast_ctx->u.md5);
|
|
||||||
|
|
||||||
os_memcpy(k_pad, fast_ctx->key, fast_ctx->key_len);
|
|
||||||
os_memset(k_pad + fast_ctx->key_len, 0,
|
|
||||||
sizeof(k_pad) - fast_ctx->key_len);
|
|
||||||
for (i = 0; i < sizeof(k_pad); i++)
|
|
||||||
k_pad[i] ^= 0x5c;
|
|
||||||
MD5Init(&fast_ctx->u.md5);
|
|
||||||
MD5Update(&fast_ctx->u.md5, k_pad, sizeof(k_pad));
|
|
||||||
MD5Update(&fast_ctx->u.md5, mac, 16);
|
|
||||||
MD5Final(mac, &fast_ctx->u.md5);
|
|
||||||
break;
|
|
||||||
case CRYPTO_HASH_ALG_HMAC_SHA1:
|
|
||||||
if (*len < 20) {
|
|
||||||
*len = 20;
|
|
||||||
os_free(ctx);
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
*len = 20;
|
|
||||||
|
|
||||||
SHA1Final(mac, &fast_ctx->u.sha1);
|
|
||||||
os_memcpy(k_pad, fast_ctx->key, fast_ctx->key_len);
|
|
||||||
os_memset(k_pad + fast_ctx->key_len, 0,
|
|
||||||
sizeof(k_pad) - fast_ctx->key_len);
|
|
||||||
for (i = 0; i < sizeof(k_pad); i++)
|
|
||||||
k_pad[i] ^= 0x5c;
|
|
||||||
SHA1Init(&fast_ctx->u.sha1);
|
|
||||||
SHA1Update(&fast_ctx->u.sha1, k_pad, sizeof(k_pad));
|
|
||||||
SHA1Update(&fast_ctx->u.sha1, mac, 20);
|
|
||||||
SHA1Final(mac, &fast_ctx->u.sha1);
|
|
||||||
break;
|
|
||||||
#ifdef CONFIG_SHA256
|
|
||||||
case CRYPTO_HASH_ALG_HMAC_SHA256:
|
|
||||||
if (*len < 32) {
|
|
||||||
*len = 32;
|
|
||||||
os_free(fast_ctx);
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
*len = 32;
|
|
||||||
mbedtls_sha256_finish(&fast_ctx->u.sha256, mac);
|
|
||||||
mbedtls_sha256_free(&fast_ctx->u.sha256);
|
|
||||||
|
|
||||||
os_memcpy(k_pad, fast_ctx->key, fast_ctx->key_len);
|
|
||||||
os_memset(k_pad + fast_ctx->key_len, 0,
|
|
||||||
sizeof(k_pad) - fast_ctx->key_len);
|
|
||||||
for (i = 0; i < sizeof(k_pad); i++)
|
|
||||||
k_pad[i] ^= 0x5c;
|
|
||||||
mbedtls_sha256_init(&fast_ctx->u.sha256);
|
|
||||||
mbedtls_sha256_starts(&fast_ctx->u.sha256, 0);
|
|
||||||
mbedtls_sha256_update(&fast_ctx->u.sha256, k_pad, sizeof(k_pad));
|
|
||||||
mbedtls_sha256_update(&fast_ctx->u.sha256, mac, 32);
|
|
||||||
mbedtls_sha256_finish(&fast_ctx->u.sha256, mac);
|
|
||||||
mbedtls_sha256_free(&fast_ctx->u.sha256);
|
|
||||||
break;
|
|
||||||
#endif /* CONFIG_SHA256 */
|
|
||||||
default:
|
|
||||||
os_free(fast_ctx);
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
|
|
||||||
os_free(fast_ctx);
|
|
||||||
|
|
||||||
return 0;
|
|
||||||
}
|
|
|
@ -1,58 +0,0 @@
|
||||||
// Hardware crypto support Copyright 2017 Espressif Systems (Shanghai) PTE LTD
|
|
||||||
//
|
|
||||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
// you may not use this file except in compliance with the License.
|
|
||||||
// You may obtain a copy of the License at
|
|
||||||
|
|
||||||
// http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
//
|
|
||||||
// Unless required by applicable law or agreed to in writing, software
|
|
||||||
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
// See the License for the specific language governing permissions and
|
|
||||||
// limitations under the License.
|
|
||||||
|
|
||||||
#include "utils/includes.h"
|
|
||||||
#include "utils/common.h"
|
|
||||||
#include "mbedtls/sha256.h"
|
|
||||||
|
|
||||||
/**
|
|
||||||
* fast_sha256_vector - SHA256 hash for data vector
|
|
||||||
* @num_elem: Number of elements in the data vector
|
|
||||||
* @addr: Pointers to the data areas
|
|
||||||
* @len: Lengths of the data blocks
|
|
||||||
* @mac: Buffer for the hash
|
|
||||||
* Returns: 0 on success, -1 of failure
|
|
||||||
*/
|
|
||||||
int
|
|
||||||
fast_sha256_vector(size_t num_elem, const uint8_t *addr[], const size_t *len,
|
|
||||||
uint8_t *mac)
|
|
||||||
{
|
|
||||||
int ret = 0;
|
|
||||||
mbedtls_sha256_context ctx;
|
|
||||||
|
|
||||||
mbedtls_sha256_init(&ctx);
|
|
||||||
|
|
||||||
if (mbedtls_sha256_starts_ret(&ctx, 0) != 0) {
|
|
||||||
ret = -1;
|
|
||||||
goto out;
|
|
||||||
}
|
|
||||||
|
|
||||||
for(size_t index = 0; index < num_elem; index++) {
|
|
||||||
if (mbedtls_sha256_update_ret(&ctx, addr[index], len[index]) != 0) {
|
|
||||||
ret = -1;
|
|
||||||
goto out;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if (mbedtls_sha256_finish_ret(&ctx, mac) != 0) {
|
|
||||||
ret = -1;
|
|
||||||
goto out;
|
|
||||||
}
|
|
||||||
|
|
||||||
out:
|
|
||||||
mbedtls_sha256_free(&ctx);
|
|
||||||
|
|
||||||
return ret;
|
|
||||||
}
|
|
||||||
|
|
|
@ -1,165 +0,0 @@
|
||||||
/*
|
|
||||||
* SHA-256 hash implementation and interface functions
|
|
||||||
* Copyright (c) 2003-2007, Jouni Malinen <j@w1.fi>
|
|
||||||
*
|
|
||||||
* Hardware crypto support Copyright 2017 Espressif Systems (Shanghai) PTE LTD
|
|
||||||
*
|
|
||||||
* This program is free software; you can redistribute it and/or modify
|
|
||||||
* it under the terms of the GNU General Public License version 2 as
|
|
||||||
* published by the Free Software Foundation.
|
|
||||||
*
|
|
||||||
* Alternatively, this software may be distributed under the terms of BSD
|
|
||||||
* license.
|
|
||||||
*
|
|
||||||
* See README and COPYING for more details.
|
|
||||||
*/
|
|
||||||
|
|
||||||
#include "utils/includes.h"
|
|
||||||
|
|
||||||
#include "utils/common.h"
|
|
||||||
#include "crypto/sha256.h"
|
|
||||||
#include "crypto/crypto.h"
|
|
||||||
|
|
||||||
|
|
||||||
/**
|
|
||||||
* fast_hmac_sha256_vector - HMAC-SHA256 over data vector (RFC 2104)
|
|
||||||
* @key: Key for HMAC operations
|
|
||||||
* @key_len: Length of the key in bytes
|
|
||||||
* @num_elem: Number of elements in the data vector
|
|
||||||
* @addr: Pointers to the data areas
|
|
||||||
* @len: Lengths of the data blocks
|
|
||||||
* @mac: Buffer for the hash (32 bytes)
|
|
||||||
*/
|
|
||||||
void
|
|
||||||
fast_hmac_sha256_vector(const uint8_t *key, size_t key_len, size_t num_elem,
|
|
||||||
const uint8_t *addr[], const size_t *len, uint8_t *mac)
|
|
||||||
{
|
|
||||||
uint8_t k_pad[64]; /* padding - key XORd with ipad/opad */
|
|
||||||
uint8_t tk[32];
|
|
||||||
const uint8_t *_addr[6];
|
|
||||||
size_t _len[6], i;
|
|
||||||
|
|
||||||
if (num_elem > 5) {
|
|
||||||
/*
|
|
||||||
* Fixed limit on the number of fragments to avoid having to
|
|
||||||
* allocate memory (which could fail).
|
|
||||||
*/
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* if key is longer than 64 bytes reset it to key = SHA256(key) */
|
|
||||||
if (key_len > 64) {
|
|
||||||
fast_sha256_vector(1, &key, &key_len, tk);
|
|
||||||
key = tk;
|
|
||||||
key_len = 32;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* the HMAC_SHA256 transform looks like:
|
|
||||||
*
|
|
||||||
* SHA256(K XOR opad, SHA256(K XOR ipad, text))
|
|
||||||
*
|
|
||||||
* where K is an n byte key
|
|
||||||
* ipad is the byte 0x36 repeated 64 times
|
|
||||||
* opad is the byte 0x5c repeated 64 times
|
|
||||||
* and text is the data being protected
|
|
||||||
*/
|
|
||||||
|
|
||||||
/* start out by storing key in ipad */
|
|
||||||
os_memset(k_pad, 0, sizeof(k_pad));
|
|
||||||
os_memcpy(k_pad, key, key_len);
|
|
||||||
/* XOR key with ipad values */
|
|
||||||
for (i = 0; i < 64; i++) {
|
|
||||||
k_pad[i] ^= 0x36;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* perform inner SHA256 */
|
|
||||||
_addr[0] = k_pad;
|
|
||||||
_len[0] = 64;
|
|
||||||
for (i = 0; i < num_elem; i++) {
|
|
||||||
_addr[i + 1] = addr[i];
|
|
||||||
_len[i + 1] = len[i];
|
|
||||||
}
|
|
||||||
fast_sha256_vector(1 + num_elem, _addr, _len, mac);
|
|
||||||
|
|
||||||
os_memset(k_pad, 0, sizeof(k_pad));
|
|
||||||
os_memcpy(k_pad, key, key_len);
|
|
||||||
/* XOR key with opad values */
|
|
||||||
for (i = 0; i < 64; i++) {
|
|
||||||
k_pad[i] ^= 0x5c;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* perform outer SHA256 */
|
|
||||||
_addr[0] = k_pad;
|
|
||||||
_len[0] = 64;
|
|
||||||
_addr[1] = mac;
|
|
||||||
_len[1] = SHA256_MAC_LEN;
|
|
||||||
fast_sha256_vector(2, _addr, _len, mac);
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
/**
|
|
||||||
* fast_hmac_sha256 - HMAC-SHA256 over data buffer (RFC 2104)
|
|
||||||
* @key: Key for HMAC operations
|
|
||||||
* @key_len: Length of the key in bytes
|
|
||||||
* @data: Pointers to the data area
|
|
||||||
* @data_len: Length of the data area
|
|
||||||
* @mac: Buffer for the hash (20 bytes)
|
|
||||||
*/
|
|
||||||
void
|
|
||||||
fast_hmac_sha256(const uint8_t *key, size_t key_len, const uint8_t *data,
|
|
||||||
size_t data_len, uint8_t *mac)
|
|
||||||
{
|
|
||||||
fast_hmac_sha256_vector(key, key_len, 1, &data, &data_len, mac);
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
/**
|
|
||||||
* fast_sha256_prf - SHA256-based Pseudo-Random Function (IEEE 802.11r, 8.5.1.5.2)
|
|
||||||
* @key: Key for PRF
|
|
||||||
* @key_len: Length of the key in bytes
|
|
||||||
* @label: A unique label for each purpose of the PRF
|
|
||||||
* @data: Extra data to bind into the key
|
|
||||||
* @data_len: Length of the data
|
|
||||||
* @buf: Buffer for the generated pseudo-random key
|
|
||||||
* @buf_len: Number of bytes of key to generate
|
|
||||||
*
|
|
||||||
* This function is used to derive new, cryptographically separate keys from a
|
|
||||||
* given key.
|
|
||||||
*/
|
|
||||||
void
|
|
||||||
fast_sha256_prf(const uint8_t *key, size_t key_len, const char *label,
|
|
||||||
const uint8_t *data, size_t data_len, uint8_t *buf, size_t buf_len)
|
|
||||||
{
|
|
||||||
uint16_t counter = 1;
|
|
||||||
size_t pos, plen;
|
|
||||||
uint8_t hash[SHA256_MAC_LEN];
|
|
||||||
const uint8_t *addr[4];
|
|
||||||
size_t len[4];
|
|
||||||
uint8_t counter_le[2], length_le[2];
|
|
||||||
|
|
||||||
addr[0] = counter_le;
|
|
||||||
len[0] = 2;
|
|
||||||
addr[1] = (uint8_t *) label;
|
|
||||||
len[1] = os_strlen(label);
|
|
||||||
addr[2] = data;
|
|
||||||
len[2] = data_len;
|
|
||||||
addr[3] = length_le;
|
|
||||||
len[3] = sizeof(length_le);
|
|
||||||
|
|
||||||
WPA_PUT_LE16(length_le, buf_len * 8);
|
|
||||||
pos = 0;
|
|
||||||
while (pos < buf_len) {
|
|
||||||
plen = buf_len - pos;
|
|
||||||
WPA_PUT_LE16(counter_le, counter);
|
|
||||||
if (plen >= SHA256_MAC_LEN) {
|
|
||||||
fast_hmac_sha256_vector(key, key_len, 4, addr, len,
|
|
||||||
&buf[pos]);
|
|
||||||
pos += SHA256_MAC_LEN;
|
|
||||||
} else {
|
|
||||||
fast_hmac_sha256_vector(key, key_len, 4, addr, len, hash);
|
|
||||||
os_memcpy(&buf[pos], hash, plen);
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
counter++;
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -1179,7 +1179,7 @@ failed:
|
||||||
#endif
|
#endif
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
if (fast_aes_unwrap(sm->ptk.kek, maxkeylen / 8,
|
if (aes_unwrap(sm->ptk.kek, maxkeylen / 8,
|
||||||
(const u8 *) (key + 1), gd->gtk)) {
|
(const u8 *) (key + 1), gd->gtk)) {
|
||||||
#ifdef DEBUG_PRINT
|
#ifdef DEBUG_PRINT
|
||||||
wpa_printf(MSG_DEBUG, "WPA: AES unwrap "
|
wpa_printf(MSG_DEBUG, "WPA: AES unwrap "
|
||||||
|
@ -1424,7 +1424,7 @@ failed:
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
*/
|
*/
|
||||||
if (fast_aes_unwrap(sm->ptk.kek, keydatalen / 8,
|
if (aes_unwrap(sm->ptk.kek, keydatalen / 8,
|
||||||
(u8 *) (key + 1), buf)) {
|
(u8 *) (key + 1), buf)) {
|
||||||
#ifdef DEBUG_PRINT
|
#ifdef DEBUG_PRINT
|
||||||
wpa_printf(MSG_DEBUG, "WPA: AES unwrap failed - "
|
wpa_printf(MSG_DEBUG, "WPA: AES unwrap failed - "
|
||||||
|
|
|
@ -165,7 +165,7 @@ static struct crypto_cipher * pkcs5_crypto_init(struct pkcs5_params *params,
|
||||||
wpa_hexdump_key(MSG_DEBUG, "PKCS #5: DES key", hash, 8);
|
wpa_hexdump_key(MSG_DEBUG, "PKCS #5: DES key", hash, 8);
|
||||||
wpa_hexdump_key(MSG_DEBUG, "PKCS #5: DES IV", hash + 8, 8);
|
wpa_hexdump_key(MSG_DEBUG, "PKCS #5: DES IV", hash + 8, 8);
|
||||||
|
|
||||||
return fast_crypto_cipher_init(CRYPTO_CIPHER_ALG_DES, hash + 8, hash, 8);
|
return crypto_cipher_init(CRYPTO_CIPHER_ALG_DES, hash + 8, hash, 8);
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -194,24 +194,24 @@ u8 * pkcs5_decrypt(const u8 *enc_alg, size_t enc_alg_len,
|
||||||
if (enc_data_len < 16 || enc_data_len % 8) {
|
if (enc_data_len < 16 || enc_data_len % 8) {
|
||||||
wpa_printf(MSG_INFO, "PKCS #5: invalid length of ciphertext "
|
wpa_printf(MSG_INFO, "PKCS #5: invalid length of ciphertext "
|
||||||
"%d", (int) enc_data_len);
|
"%d", (int) enc_data_len);
|
||||||
fast_crypto_cipher_deinit(ctx);
|
crypto_cipher_deinit(ctx);
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
eb = os_malloc(enc_data_len);
|
eb = os_malloc(enc_data_len);
|
||||||
if (eb == NULL) {
|
if (eb == NULL) {
|
||||||
fast_crypto_cipher_deinit(ctx);
|
crypto_cipher_deinit(ctx);
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
if ((int)fast_crypto_cipher_decrypt(ctx, enc_data, eb, enc_data_len) < 0) {
|
if ((int)crypto_cipher_decrypt(ctx, enc_data, eb, enc_data_len) < 0) {
|
||||||
wpa_printf(MSG_DEBUG, "PKCS #5: Failed to decrypt EB");
|
wpa_printf(MSG_DEBUG, "PKCS #5: Failed to decrypt EB");
|
||||||
fast_crypto_cipher_deinit(ctx);
|
crypto_cipher_deinit(ctx);
|
||||||
os_free(eb);
|
os_free(eb);
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
fast_crypto_cipher_deinit(ctx);
|
crypto_cipher_deinit(ctx);
|
||||||
|
|
||||||
pad = eb[enc_data_len - 1];
|
pad = eb[enc_data_len - 1];
|
||||||
if (pad > 8) {
|
if (pad > 8) {
|
||||||
|
|
|
@ -816,7 +816,7 @@ static int tls_process_server_finished(struct tlsv1_client *conn, u8 ct,
|
||||||
if (conn->rl.tls_version >= TLS_VERSION_1_2) {
|
if (conn->rl.tls_version >= TLS_VERSION_1_2) {
|
||||||
hlen = SHA256_MAC_LEN;
|
hlen = SHA256_MAC_LEN;
|
||||||
if (conn->verify.sha256_server == NULL ||
|
if (conn->verify.sha256_server == NULL ||
|
||||||
fast_crypto_hash_finish(conn->verify.sha256_server, hash, &hlen) < 0) {
|
crypto_hash_finish(conn->verify.sha256_server, hash, &hlen) < 0) {
|
||||||
tls_alert(conn, TLS_ALERT_LEVEL_FATAL, TLS_ALERT_INTERNAL_ERROR);
|
tls_alert(conn, TLS_ALERT_LEVEL_FATAL, TLS_ALERT_INTERNAL_ERROR);
|
||||||
conn->verify.sha256_server = NULL;
|
conn->verify.sha256_server = NULL;
|
||||||
return -1;
|
return -1;
|
||||||
|
|
|
@ -476,7 +476,7 @@ static int tls_write_client_certificate_verify(struct tlsv1_client *conn,
|
||||||
if (conn->rl.tls_version == TLS_VERSION_1_2) {
|
if (conn->rl.tls_version == TLS_VERSION_1_2) {
|
||||||
hlen = SHA256_MAC_LEN;
|
hlen = SHA256_MAC_LEN;
|
||||||
if (conn->verify.sha256_cert == NULL ||
|
if (conn->verify.sha256_cert == NULL ||
|
||||||
fast_crypto_hash_finish(conn->verify.sha256_cert, hpos, &hlen) <
|
crypto_hash_finish(conn->verify.sha256_cert, hpos, &hlen) <
|
||||||
0) {
|
0) {
|
||||||
conn->verify.sha256_cert = NULL;
|
conn->verify.sha256_cert = NULL;
|
||||||
tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
|
tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
|
||||||
|
@ -654,7 +654,7 @@ static int tls_write_client_finished(struct tlsv1_client *conn,
|
||||||
if (conn->rl.tls_version >= TLS_VERSION_1_2) {
|
if (conn->rl.tls_version >= TLS_VERSION_1_2) {
|
||||||
hlen = SHA256_MAC_LEN;
|
hlen = SHA256_MAC_LEN;
|
||||||
if (conn->verify.sha256_client == NULL ||
|
if (conn->verify.sha256_client == NULL ||
|
||||||
fast_crypto_hash_finish(conn->verify.sha256_client, hash, &hlen)
|
crypto_hash_finish(conn->verify.sha256_client, hash, &hlen)
|
||||||
< 0) {
|
< 0) {
|
||||||
tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
|
tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
|
||||||
TLS_ALERT_INTERNAL_ERROR);
|
TLS_ALERT_INTERNAL_ERROR);
|
||||||
|
|
|
@ -221,9 +221,9 @@ int tls_verify_hash_init(struct tls_verify_hash *verify)
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
#ifdef CONFIG_TLSV12
|
#ifdef CONFIG_TLSV12
|
||||||
verify->sha256_client = fast_crypto_hash_init(CRYPTO_HASH_ALG_SHA256, NULL, 0);
|
verify->sha256_client = crypto_hash_init(CRYPTO_HASH_ALG_SHA256, NULL, 0);
|
||||||
verify->sha256_server = fast_crypto_hash_init(CRYPTO_HASH_ALG_SHA256, NULL, 0);
|
verify->sha256_server = crypto_hash_init(CRYPTO_HASH_ALG_SHA256, NULL, 0);
|
||||||
verify->sha256_cert = fast_crypto_hash_init(CRYPTO_HASH_ALG_SHA256, NULL, 0);
|
verify->sha256_cert = crypto_hash_init(CRYPTO_HASH_ALG_SHA256, NULL, 0);
|
||||||
|
|
||||||
if (verify->sha256_client == NULL ||
|
if (verify->sha256_client == NULL ||
|
||||||
verify->sha256_server == NULL ||
|
verify->sha256_server == NULL ||
|
||||||
|
@ -253,11 +253,11 @@ void tls_verify_hash_add(struct tls_verify_hash *verify, const u8 *buf,
|
||||||
}
|
}
|
||||||
#ifdef CONFIG_TLSV12
|
#ifdef CONFIG_TLSV12
|
||||||
if (verify->sha256_client)
|
if (verify->sha256_client)
|
||||||
fast_crypto_hash_update(verify->sha256_client, buf, len);
|
crypto_hash_update(verify->sha256_client, buf, len);
|
||||||
if (verify->sha256_server)
|
if (verify->sha256_server)
|
||||||
fast_crypto_hash_update(verify->sha256_server, buf, len);
|
crypto_hash_update(verify->sha256_server, buf, len);
|
||||||
if (verify->sha256_cert)
|
if (verify->sha256_cert)
|
||||||
fast_crypto_hash_update(verify->sha256_cert, buf, len);
|
crypto_hash_update(verify->sha256_cert, buf, len);
|
||||||
#endif /* CONFIG_TLSV12 */
|
#endif /* CONFIG_TLSV12 */
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -277,9 +277,9 @@ void tls_verify_hash_free(struct tls_verify_hash *verify)
|
||||||
verify->sha1_server = NULL;
|
verify->sha1_server = NULL;
|
||||||
verify->sha1_cert = NULL;
|
verify->sha1_cert = NULL;
|
||||||
#ifdef CONFIG_TLSV12
|
#ifdef CONFIG_TLSV12
|
||||||
fast_crypto_hash_finish(verify->sha256_client, NULL, NULL);
|
crypto_hash_finish(verify->sha256_client, NULL, NULL);
|
||||||
fast_crypto_hash_finish(verify->sha256_server, NULL, NULL);
|
crypto_hash_finish(verify->sha256_server, NULL, NULL);
|
||||||
fast_crypto_hash_finish(verify->sha256_cert, NULL, NULL);
|
crypto_hash_finish(verify->sha256_cert, NULL, NULL);
|
||||||
verify->sha256_client = NULL;
|
verify->sha256_client = NULL;
|
||||||
verify->sha256_server = NULL;
|
verify->sha256_server = NULL;
|
||||||
verify->sha256_cert = NULL;
|
verify->sha256_cert = NULL;
|
||||||
|
|
|
@ -81,12 +81,12 @@ int tlsv1_record_change_write_cipher(struct tlsv1_record_layer *rl)
|
||||||
os_memset(rl->write_seq_num, 0, TLS_SEQ_NUM_LEN);
|
os_memset(rl->write_seq_num, 0, TLS_SEQ_NUM_LEN);
|
||||||
|
|
||||||
if (rl->write_cbc) {
|
if (rl->write_cbc) {
|
||||||
fast_crypto_cipher_deinit(rl->write_cbc);
|
crypto_cipher_deinit(rl->write_cbc);
|
||||||
rl->write_cbc = NULL;
|
rl->write_cbc = NULL;
|
||||||
|
|
||||||
}
|
}
|
||||||
if (rl->cipher_alg != CRYPTO_CIPHER_NULL) {
|
if (rl->cipher_alg != CRYPTO_CIPHER_NULL) {
|
||||||
rl->write_cbc = fast_crypto_cipher_init(rl->cipher_alg,
|
rl->write_cbc = crypto_cipher_init(rl->cipher_alg,
|
||||||
rl->write_iv, rl->write_key,
|
rl->write_iv, rl->write_key,
|
||||||
rl->key_material_len);
|
rl->key_material_len);
|
||||||
|
|
||||||
|
@ -117,12 +117,12 @@ int tlsv1_record_change_read_cipher(struct tlsv1_record_layer *rl)
|
||||||
os_memset(rl->read_seq_num, 0, TLS_SEQ_NUM_LEN);
|
os_memset(rl->read_seq_num, 0, TLS_SEQ_NUM_LEN);
|
||||||
|
|
||||||
if (rl->read_cbc) {
|
if (rl->read_cbc) {
|
||||||
fast_crypto_cipher_deinit(rl->read_cbc);
|
crypto_cipher_deinit(rl->read_cbc);
|
||||||
rl->read_cbc = NULL;
|
rl->read_cbc = NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (rl->cipher_alg != CRYPTO_CIPHER_NULL) {
|
if (rl->cipher_alg != CRYPTO_CIPHER_NULL) {
|
||||||
rl->read_cbc = fast_crypto_cipher_init(rl->cipher_alg,
|
rl->read_cbc = crypto_cipher_init(rl->cipher_alg,
|
||||||
rl->read_iv, rl->read_key,
|
rl->read_iv, rl->read_key,
|
||||||
rl->key_material_len);
|
rl->key_material_len);
|
||||||
if (rl->read_cbc == NULL) {
|
if (rl->read_cbc == NULL) {
|
||||||
|
@ -208,26 +208,26 @@ int tlsv1_record_send(struct tlsv1_record_layer *rl, u8 content_type, u8 *buf,
|
||||||
* TLSCompressed.version + TLSCompressed.length +
|
* TLSCompressed.version + TLSCompressed.length +
|
||||||
* TLSCompressed.fragment
|
* TLSCompressed.fragment
|
||||||
*/
|
*/
|
||||||
hmac = fast_crypto_hash_init(rl->hash_alg, rl->write_mac_secret, rl->hash_size);
|
hmac = crypto_hash_init(rl->hash_alg, rl->write_mac_secret, rl->hash_size);
|
||||||
if (hmac == NULL) {
|
if (hmac == NULL) {
|
||||||
wpa_printf(MSG_DEBUG, "TLSv1: Record Layer - Failed "
|
wpa_printf(MSG_DEBUG, "TLSv1: Record Layer - Failed "
|
||||||
"to initialize HMAC");
|
"to initialize HMAC");
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
fast_crypto_hash_update(hmac, rl->write_seq_num, TLS_SEQ_NUM_LEN);
|
crypto_hash_update(hmac, rl->write_seq_num, TLS_SEQ_NUM_LEN);
|
||||||
/* type + version + length + fragment */
|
/* type + version + length + fragment */
|
||||||
fast_crypto_hash_update(hmac, ct_start, TLS_RECORD_HEADER_LEN);
|
crypto_hash_update(hmac, ct_start, TLS_RECORD_HEADER_LEN);
|
||||||
fast_crypto_hash_update(hmac, payload, payload_len);
|
crypto_hash_update(hmac, payload, payload_len);
|
||||||
clen = buf + buf_size - pos;
|
clen = buf + buf_size - pos;
|
||||||
if (clen < rl->hash_size) {
|
if (clen < rl->hash_size) {
|
||||||
wpa_printf(MSG_DEBUG, "TLSv1: Record Layer - Not "
|
wpa_printf(MSG_DEBUG, "TLSv1: Record Layer - Not "
|
||||||
"enough room for MAC");
|
"enough room for MAC");
|
||||||
fast_crypto_hash_finish(hmac, NULL, NULL);
|
crypto_hash_finish(hmac, NULL, NULL);
|
||||||
|
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
if ((int)fast_crypto_hash_finish(hmac, pos, &clen) < 0) {
|
if ((int)crypto_hash_finish(hmac, pos, &clen) < 0) {
|
||||||
wpa_printf(MSG_DEBUG, "TLSv1: Record Layer - Failed to calculate HMAC");
|
wpa_printf(MSG_DEBUG, "TLSv1: Record Layer - Failed to calculate HMAC");
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
@ -250,7 +250,7 @@ int tlsv1_record_send(struct tlsv1_record_layer *rl, u8 content_type, u8 *buf,
|
||||||
pos += pad + 1;
|
pos += pad + 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
if ((int)fast_crypto_cipher_encrypt(rl->write_cbc, cpayload,
|
if ((int)crypto_cipher_encrypt(rl->write_cbc, cpayload,
|
||||||
cpayload, pos - cpayload) < 0)
|
cpayload, pos - cpayload) < 0)
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
@ -358,7 +358,7 @@ int tlsv1_record_receive(struct tlsv1_record_layer *rl,
|
||||||
|
|
||||||
if (rl->read_cipher_suite != TLS_NULL_WITH_NULL_NULL) {
|
if (rl->read_cipher_suite != TLS_NULL_WITH_NULL_NULL) {
|
||||||
size_t plen;
|
size_t plen;
|
||||||
if ((int)fast_crypto_cipher_decrypt(rl->read_cbc, in_data,
|
if ((int)crypto_cipher_decrypt(rl->read_cbc, in_data,
|
||||||
out_data, in_len) < 0) {
|
out_data, in_len) < 0) {
|
||||||
*alert = TLS_ALERT_DECRYPTION_FAILED;
|
*alert = TLS_ALERT_DECRYPTION_FAILED;
|
||||||
return -1;
|
return -1;
|
||||||
|
@ -438,7 +438,7 @@ int tlsv1_record_receive(struct tlsv1_record_layer *rl,
|
||||||
|
|
||||||
plen -= rl->hash_size;
|
plen -= rl->hash_size;
|
||||||
|
|
||||||
hmac = fast_crypto_hash_init(rl->hash_alg, rl->read_mac_secret, rl->hash_size);
|
hmac = crypto_hash_init(rl->hash_alg, rl->read_mac_secret, rl->hash_size);
|
||||||
|
|
||||||
if (hmac == NULL) {
|
if (hmac == NULL) {
|
||||||
wpa_printf(MSG_DEBUG, "TLSv1: Record Layer - Failed "
|
wpa_printf(MSG_DEBUG, "TLSv1: Record Layer - Failed "
|
||||||
|
@ -447,15 +447,15 @@ int tlsv1_record_receive(struct tlsv1_record_layer *rl,
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
fast_crypto_hash_update(hmac, rl->read_seq_num, TLS_SEQ_NUM_LEN);
|
crypto_hash_update(hmac, rl->read_seq_num, TLS_SEQ_NUM_LEN);
|
||||||
/* type + version + length + fragment */
|
/* type + version + length + fragment */
|
||||||
fast_crypto_hash_update(hmac, in_data - TLS_RECORD_HEADER_LEN, 3);
|
crypto_hash_update(hmac, in_data - TLS_RECORD_HEADER_LEN, 3);
|
||||||
WPA_PUT_BE16(len, plen);
|
WPA_PUT_BE16(len, plen);
|
||||||
fast_crypto_hash_update(hmac, len, 2);
|
crypto_hash_update(hmac, len, 2);
|
||||||
fast_crypto_hash_update(hmac, out_data, plen);
|
crypto_hash_update(hmac, out_data, plen);
|
||||||
|
|
||||||
hlen = sizeof(hash);
|
hlen = sizeof(hash);
|
||||||
if ((int)fast_crypto_hash_finish(hmac, hash, &hlen) < 0) {
|
if ((int)crypto_hash_finish(hmac, hash, &hlen) < 0) {
|
||||||
wpa_printf(MSG_DEBUG, "TLSv1: Record Layer - Failed to calculate HMAC");
|
wpa_printf(MSG_DEBUG, "TLSv1: Record Layer - Failed to calculate HMAC");
|
||||||
*alert = TLS_ALERT_INTERNAL_ERROR;
|
*alert = TLS_ALERT_INTERNAL_ERROR;
|
||||||
return -1;
|
return -1;
|
||||||
|
|
|
@ -871,7 +871,7 @@ static int tls_process_certificate_verify(struct tlsv1_server *conn, u8 ct,
|
||||||
|
|
||||||
hlen = SHA256_MAC_LEN;
|
hlen = SHA256_MAC_LEN;
|
||||||
if (conn->verify.sha256_cert == NULL ||
|
if (conn->verify.sha256_cert == NULL ||
|
||||||
fast_crypto_hash_finish(conn->verify.sha256_cert, hpos, &hlen) <
|
crypto_hash_finish(conn->verify.sha256_cert, hpos, &hlen) <
|
||||||
0) {
|
0) {
|
||||||
conn->verify.sha256_cert = NULL;
|
conn->verify.sha256_cert = NULL;
|
||||||
tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
|
tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
|
||||||
|
|
|
@ -588,7 +588,7 @@ static int tls_write_server_finished(struct tlsv1_server *conn,
|
||||||
if (conn->rl.tls_version >= TLS_VERSION_1_2) {
|
if (conn->rl.tls_version >= TLS_VERSION_1_2) {
|
||||||
hlen = SHA256_MAC_LEN;
|
hlen = SHA256_MAC_LEN;
|
||||||
if (conn->verify.sha256_server == NULL ||
|
if (conn->verify.sha256_server == NULL ||
|
||||||
fast_crypto_hash_finish(conn->verify.sha256_server, hash, &hlen)
|
crypto_hash_finish(conn->verify.sha256_server, hash, &hlen)
|
||||||
< 0) {
|
< 0) {
|
||||||
conn->verify.sha256_server = NULL;
|
conn->verify.sha256_server = NULL;
|
||||||
tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
|
tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
|
||||||
|
|
|
@ -1688,7 +1688,7 @@ skip_digest_oid:
|
||||||
hash, hash_len);
|
hash, hash_len);
|
||||||
break;
|
break;
|
||||||
case 11: /* sha256WithRSAEncryption */
|
case 11: /* sha256WithRSAEncryption */
|
||||||
fast_sha256_vector(1, &cert->tbs_cert_start, &cert->tbs_cert_len,
|
sha256_vector(1, &cert->tbs_cert_start, &cert->tbs_cert_len,
|
||||||
hash);
|
hash);
|
||||||
hash_len = 32;
|
hash_len = 32;
|
||||||
wpa_hexdump(MSG_MSGDUMP, "X509: Certificate hash (SHA256)",
|
wpa_hexdump(MSG_MSGDUMP, "X509: Certificate hash (SHA256)",
|
||||||
|
|
|
@ -166,7 +166,7 @@ int wps_build_authenticator(struct wps_data *wps, struct wpabuf *msg)
|
||||||
len[0] = wpabuf_len(wps->last_msg);
|
len[0] = wpabuf_len(wps->last_msg);
|
||||||
addr[1] = wpabuf_head(msg);
|
addr[1] = wpabuf_head(msg);
|
||||||
len[1] = wpabuf_len(msg);
|
len[1] = wpabuf_len(msg);
|
||||||
fast_hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 2, addr, len, hash);
|
hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 2, addr, len, hash);
|
||||||
wpa_printf(MSG_DEBUG, "WPS: * Authenticator");
|
wpa_printf(MSG_DEBUG, "WPS: * Authenticator");
|
||||||
wpabuf_put_be16(msg, ATTR_AUTHENTICATOR);
|
wpabuf_put_be16(msg, ATTR_AUTHENTICATOR);
|
||||||
wpabuf_put_be16(msg, WPS_AUTHENTICATOR_LEN);
|
wpabuf_put_be16(msg, WPS_AUTHENTICATOR_LEN);
|
||||||
|
@ -324,7 +324,7 @@ int wps_build_key_wrap_auth(struct wps_data *wps, struct wpabuf *msg)
|
||||||
u8 hash[SHA256_MAC_LEN];
|
u8 hash[SHA256_MAC_LEN];
|
||||||
|
|
||||||
wpa_printf(MSG_DEBUG, "WPS: * Key Wrap Authenticator");
|
wpa_printf(MSG_DEBUG, "WPS: * Key Wrap Authenticator");
|
||||||
fast_hmac_sha256(wps->authkey, WPS_AUTHKEY_LEN, wpabuf_head(msg),
|
hmac_sha256(wps->authkey, WPS_AUTHKEY_LEN, wpabuf_head(msg),
|
||||||
wpabuf_len(msg), hash);
|
wpabuf_len(msg), hash);
|
||||||
wpabuf_put_be16(msg, ATTR_KEY_WRAP_AUTH);
|
wpabuf_put_be16(msg, ATTR_KEY_WRAP_AUTH);
|
||||||
wpabuf_put_be16(msg, WPS_KWA_LEN);
|
wpabuf_put_be16(msg, WPS_KWA_LEN);
|
||||||
|
@ -356,7 +356,7 @@ int wps_build_encr_settings(struct wps_data *wps, struct wpabuf *msg,
|
||||||
data = wpabuf_put(msg, 0);
|
data = wpabuf_put(msg, 0);
|
||||||
wpabuf_put_buf(msg, plain);
|
wpabuf_put_buf(msg, plain);
|
||||||
wpa_printf(MSG_DEBUG, "WPS: * AES 128 Encrypted Settings");
|
wpa_printf(MSG_DEBUG, "WPS: * AES 128 Encrypted Settings");
|
||||||
if (fast_aes_128_cbc_encrypt(wps->keywrapkey, iv, data, wpabuf_len(plain)))
|
if (aes_128_cbc_encrypt(wps->keywrapkey, iv, data, wpabuf_len(plain)))
|
||||||
return -1;
|
return -1;
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
@ -373,7 +373,7 @@ int wps_build_oob_dev_pw(struct wpabuf *msg, u16 dev_pw_id,
|
||||||
|
|
||||||
addr[0] = wpabuf_head(pubkey);
|
addr[0] = wpabuf_head(pubkey);
|
||||||
hash_len = wpabuf_len(pubkey);
|
hash_len = wpabuf_len(pubkey);
|
||||||
fast_sha256_vector(1, addr, &hash_len, pubkey_hash);
|
sha256_vector(1, addr, &hash_len, pubkey_hash);
|
||||||
wpabuf_put_be16(msg, ATTR_OOB_DEVICE_PASSWORD);
|
wpabuf_put_be16(msg, ATTR_OOB_DEVICE_PASSWORD);
|
||||||
wpabuf_put_be16(msg, WPS_OOB_PUBKEY_HASH_LEN + 2 + dev_pw_len);
|
wpabuf_put_be16(msg, WPS_OOB_PUBKEY_HASH_LEN + 2 + dev_pw_len);
|
||||||
wpabuf_put_data(msg, pubkey_hash, WPS_OOB_PUBKEY_HASH_LEN);
|
wpabuf_put_data(msg, pubkey_hash, WPS_OOB_PUBKEY_HASH_LEN);
|
||||||
|
|
|
@ -38,7 +38,7 @@ int wps_process_authenticator(struct wps_data *wps, const u8 *authenticator,
|
||||||
len[0] = wpabuf_len(wps->last_msg);
|
len[0] = wpabuf_len(wps->last_msg);
|
||||||
addr[1] = wpabuf_head(msg);
|
addr[1] = wpabuf_head(msg);
|
||||||
len[1] = wpabuf_len(msg) - 4 - WPS_AUTHENTICATOR_LEN;
|
len[1] = wpabuf_len(msg) - 4 - WPS_AUTHENTICATOR_LEN;
|
||||||
fast_hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 2, addr, len, hash);
|
hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 2, addr, len, hash);
|
||||||
if (os_memcmp(hash, authenticator, WPS_AUTHENTICATOR_LEN) != 0) {
|
if (os_memcmp(hash, authenticator, WPS_AUTHENTICATOR_LEN) != 0) {
|
||||||
wpa_printf(MSG_DEBUG, "WPS: Incorrect Authenticator");
|
wpa_printf(MSG_DEBUG, "WPS: Incorrect Authenticator");
|
||||||
return -1;
|
return -1;
|
||||||
|
@ -68,7 +68,7 @@ int wps_process_key_wrap_auth(struct wps_data *wps, struct wpabuf *msg,
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
fast_hmac_sha256(wps->authkey, WPS_AUTHKEY_LEN, head, len, hash);
|
hmac_sha256(wps->authkey, WPS_AUTHKEY_LEN, head, len, hash);
|
||||||
if (os_memcmp(hash, key_wrap_auth, WPS_KWA_LEN) != 0) {
|
if (os_memcmp(hash, key_wrap_auth, WPS_KWA_LEN) != 0) {
|
||||||
wpa_printf(MSG_DEBUG, "WPS: Invalid KWA");
|
wpa_printf(MSG_DEBUG, "WPS: Invalid KWA");
|
||||||
return -1;
|
return -1;
|
||||||
|
|
|
@ -46,7 +46,7 @@ void wps_kdf(const u8 *key, const u8 *label_prefix, size_t label_prefix_len,
|
||||||
|
|
||||||
for (i = 1; i <= iter; i++) {
|
for (i = 1; i <= iter; i++) {
|
||||||
WPA_PUT_BE32(i_buf, i);
|
WPA_PUT_BE32(i_buf, i);
|
||||||
fast_hmac_sha256_vector(key, SHA256_MAC_LEN, 4, addr, len, hash);
|
hmac_sha256_vector(key, SHA256_MAC_LEN, 4, addr, len, hash);
|
||||||
if (i < iter) {
|
if (i < iter) {
|
||||||
os_memcpy(opos, hash, SHA256_MAC_LEN);
|
os_memcpy(opos, hash, SHA256_MAC_LEN);
|
||||||
opos += SHA256_MAC_LEN;
|
opos += SHA256_MAC_LEN;
|
||||||
|
@ -103,7 +103,7 @@ int wps_derive_keys(struct wps_data *wps)
|
||||||
addr[0] = wpabuf_head(dh_shared);
|
addr[0] = wpabuf_head(dh_shared);
|
||||||
len[0] = wpabuf_len(dh_shared);
|
len[0] = wpabuf_len(dh_shared);
|
||||||
|
|
||||||
fast_sha256_vector(1, addr, len, dhkey);
|
sha256_vector(1, addr, len, dhkey);
|
||||||
wpa_hexdump_key(MSG_DEBUG, "WPS: DHKey", dhkey, sizeof(dhkey));
|
wpa_hexdump_key(MSG_DEBUG, "WPS: DHKey", dhkey, sizeof(dhkey));
|
||||||
wpabuf_free(dh_shared);
|
wpabuf_free(dh_shared);
|
||||||
|
|
||||||
|
@ -114,7 +114,7 @@ int wps_derive_keys(struct wps_data *wps)
|
||||||
len[1] = ETH_ALEN;
|
len[1] = ETH_ALEN;
|
||||||
addr[2] = wps->nonce_r;
|
addr[2] = wps->nonce_r;
|
||||||
len[2] = WPS_NONCE_LEN;
|
len[2] = WPS_NONCE_LEN;
|
||||||
fast_hmac_sha256_vector(dhkey, sizeof(dhkey), 3, addr, len, kdk);
|
hmac_sha256_vector(dhkey, sizeof(dhkey), 3, addr, len, kdk);
|
||||||
wpa_hexdump_key(MSG_DEBUG, "WPS: KDK", kdk, sizeof(kdk));
|
wpa_hexdump_key(MSG_DEBUG, "WPS: KDK", kdk, sizeof(kdk));
|
||||||
|
|
||||||
wps_kdf(kdk, NULL, 0, "Wi-Fi Easy and Secure Key Derivation",
|
wps_kdf(kdk, NULL, 0, "Wi-Fi Easy and Secure Key Derivation",
|
||||||
|
@ -139,10 +139,10 @@ void wps_derive_psk(struct wps_data *wps, const u8 *dev_passwd,
|
||||||
{
|
{
|
||||||
u8 hash[SHA256_MAC_LEN];
|
u8 hash[SHA256_MAC_LEN];
|
||||||
|
|
||||||
fast_hmac_sha256(wps->authkey, WPS_AUTHKEY_LEN, dev_passwd,
|
hmac_sha256(wps->authkey, WPS_AUTHKEY_LEN, dev_passwd,
|
||||||
(dev_passwd_len + 1) / 2, hash);
|
(dev_passwd_len + 1) / 2, hash);
|
||||||
os_memcpy(wps->psk1, hash, WPS_PSK_LEN);
|
os_memcpy(wps->psk1, hash, WPS_PSK_LEN);
|
||||||
fast_hmac_sha256(wps->authkey, WPS_AUTHKEY_LEN,
|
hmac_sha256(wps->authkey, WPS_AUTHKEY_LEN,
|
||||||
dev_passwd + (dev_passwd_len + 1) / 2,
|
dev_passwd + (dev_passwd_len + 1) / 2,
|
||||||
dev_passwd_len / 2, hash);
|
dev_passwd_len / 2, hash);
|
||||||
os_memcpy(wps->psk2, hash, WPS_PSK_LEN);
|
os_memcpy(wps->psk2, hash, WPS_PSK_LEN);
|
||||||
|
@ -177,7 +177,7 @@ struct wpabuf * wps_decrypt_encr_settings(struct wps_data *wps, const u8 *encr,
|
||||||
wpa_hexdump(MSG_MSGDUMP, "WPS: Encrypted Settings", encr, encr_len);
|
wpa_hexdump(MSG_MSGDUMP, "WPS: Encrypted Settings", encr, encr_len);
|
||||||
wpabuf_put_data(decrypted, encr + block_size, encr_len - block_size);
|
wpabuf_put_data(decrypted, encr + block_size, encr_len - block_size);
|
||||||
wpa_printf(MSG_DEBUG, "WPS: AES Decrypt setting");
|
wpa_printf(MSG_DEBUG, "WPS: AES Decrypt setting");
|
||||||
if (fast_aes_128_cbc_decrypt(wps->keywrapkey, encr, wpabuf_mhead(decrypted),
|
if (aes_128_cbc_decrypt(wps->keywrapkey, encr, wpabuf_mhead(decrypted),
|
||||||
wpabuf_len(decrypted))) {
|
wpabuf_len(decrypted))) {
|
||||||
wpabuf_free(decrypted);
|
wpabuf_free(decrypted);
|
||||||
return NULL;
|
return NULL;
|
||||||
|
|
|
@ -74,7 +74,7 @@ static int wps_build_e_hash(struct wps_data *wps, struct wpabuf *msg)
|
||||||
len[2] = wpabuf_len(wps->dh_pubkey_e);
|
len[2] = wpabuf_len(wps->dh_pubkey_e);
|
||||||
addr[3] = wpabuf_head(wps->dh_pubkey_r);
|
addr[3] = wpabuf_head(wps->dh_pubkey_r);
|
||||||
len[3] = wpabuf_len(wps->dh_pubkey_r);
|
len[3] = wpabuf_len(wps->dh_pubkey_r);
|
||||||
fast_hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 4, addr, len, hash);
|
hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 4, addr, len, hash);
|
||||||
wpa_hexdump(MSG_DEBUG, "WPS: E-Hash1", hash, SHA256_MAC_LEN);
|
wpa_hexdump(MSG_DEBUG, "WPS: E-Hash1", hash, SHA256_MAC_LEN);
|
||||||
|
|
||||||
wpa_printf(MSG_DEBUG, "WPS: * E-Hash2");
|
wpa_printf(MSG_DEBUG, "WPS: * E-Hash2");
|
||||||
|
@ -84,7 +84,7 @@ static int wps_build_e_hash(struct wps_data *wps, struct wpabuf *msg)
|
||||||
/* E-Hash2 = HMAC_AuthKey(E-S2 || PSK2 || PK_E || PK_R) */
|
/* E-Hash2 = HMAC_AuthKey(E-S2 || PSK2 || PK_E || PK_R) */
|
||||||
addr[0] = wps->snonce + WPS_SECRET_NONCE_LEN;
|
addr[0] = wps->snonce + WPS_SECRET_NONCE_LEN;
|
||||||
addr[1] = wps->psk2;
|
addr[1] = wps->psk2;
|
||||||
fast_hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 4, addr, len, hash);
|
hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 4, addr, len, hash);
|
||||||
wpa_hexdump(MSG_DEBUG, "WPS: E-Hash2", hash, SHA256_MAC_LEN);
|
wpa_hexdump(MSG_DEBUG, "WPS: E-Hash2", hash, SHA256_MAC_LEN);
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
|
@ -593,7 +593,7 @@ static int wps_process_r_snonce1(struct wps_data *wps, const u8 *r_snonce1)
|
||||||
addr[3] = wpabuf_head(wps->dh_pubkey_r);
|
addr[3] = wpabuf_head(wps->dh_pubkey_r);
|
||||||
len[3] = wpabuf_len(wps->dh_pubkey_r);
|
len[3] = wpabuf_len(wps->dh_pubkey_r);
|
||||||
|
|
||||||
fast_hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 4, addr, len, hash);
|
hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 4, addr, len, hash);
|
||||||
if (os_memcmp(wps->peer_hash1, hash, WPS_HASH_LEN) != 0) {
|
if (os_memcmp(wps->peer_hash1, hash, WPS_HASH_LEN) != 0) {
|
||||||
wpa_printf(MSG_DEBUG, "WPS: R-Hash1 derived from R-S1 does "
|
wpa_printf(MSG_DEBUG, "WPS: R-Hash1 derived from R-S1 does "
|
||||||
"not match with the pre-committed value");
|
"not match with the pre-committed value");
|
||||||
|
@ -633,7 +633,7 @@ static int wps_process_r_snonce2(struct wps_data *wps, const u8 *r_snonce2)
|
||||||
addr[3] = wpabuf_head(wps->dh_pubkey_r);
|
addr[3] = wpabuf_head(wps->dh_pubkey_r);
|
||||||
len[3] = wpabuf_len(wps->dh_pubkey_r);
|
len[3] = wpabuf_len(wps->dh_pubkey_r);
|
||||||
|
|
||||||
fast_hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 4, addr, len, hash);
|
hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 4, addr, len, hash);
|
||||||
|
|
||||||
if (os_memcmp(wps->peer_hash2, hash, WPS_HASH_LEN) != 0) {
|
if (os_memcmp(wps->peer_hash2, hash, WPS_HASH_LEN) != 0) {
|
||||||
wpa_printf(MSG_DEBUG, "WPS: R-Hash2 derived from R-S2 does "
|
wpa_printf(MSG_DEBUG, "WPS: R-Hash2 derived from R-S2 does "
|
||||||
|
|
|
@ -1427,7 +1427,7 @@ static int wps_build_r_hash(struct wps_data *wps, struct wpabuf *msg)
|
||||||
len[2] = wpabuf_len(wps->dh_pubkey_e);
|
len[2] = wpabuf_len(wps->dh_pubkey_e);
|
||||||
addr[3] = wpabuf_head(wps->dh_pubkey_r);
|
addr[3] = wpabuf_head(wps->dh_pubkey_r);
|
||||||
len[3] = wpabuf_len(wps->dh_pubkey_r);
|
len[3] = wpabuf_len(wps->dh_pubkey_r);
|
||||||
fast_hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 4, addr, len, hash);
|
hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 4, addr, len, hash);
|
||||||
wpa_hexdump(MSG_DEBUG, "WPS: R-Hash1", hash, SHA256_MAC_LEN);
|
wpa_hexdump(MSG_DEBUG, "WPS: R-Hash1", hash, SHA256_MAC_LEN);
|
||||||
|
|
||||||
wpa_printf(MSG_DEBUG, "WPS: * R-Hash2");
|
wpa_printf(MSG_DEBUG, "WPS: * R-Hash2");
|
||||||
|
@ -1437,7 +1437,7 @@ static int wps_build_r_hash(struct wps_data *wps, struct wpabuf *msg)
|
||||||
/* R-Hash2 = HMAC_AuthKey(R-S2 || PSK2 || PK_E || PK_R) */
|
/* R-Hash2 = HMAC_AuthKey(R-S2 || PSK2 || PK_E || PK_R) */
|
||||||
addr[0] = wps->snonce + WPS_SECRET_NONCE_LEN;
|
addr[0] = wps->snonce + WPS_SECRET_NONCE_LEN;
|
||||||
addr[1] = wps->psk2;
|
addr[1] = wps->psk2;
|
||||||
fast_hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 4, addr, len, hash);
|
hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 4, addr, len, hash);
|
||||||
wpa_hexdump(MSG_DEBUG, "WPS: R-Hash2", hash, SHA256_MAC_LEN);
|
wpa_hexdump(MSG_DEBUG, "WPS: R-Hash2", hash, SHA256_MAC_LEN);
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
|
@ -2170,7 +2170,7 @@ static int wps_process_e_snonce1(struct wps_data *wps, const u8 *e_snonce1)
|
||||||
len[2] = wpabuf_len(wps->dh_pubkey_e);
|
len[2] = wpabuf_len(wps->dh_pubkey_e);
|
||||||
addr[3] = wpabuf_head(wps->dh_pubkey_r);
|
addr[3] = wpabuf_head(wps->dh_pubkey_r);
|
||||||
len[3] = wpabuf_len(wps->dh_pubkey_r);
|
len[3] = wpabuf_len(wps->dh_pubkey_r);
|
||||||
fast_hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 4, addr, len, hash);
|
hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 4, addr, len, hash);
|
||||||
if (os_memcmp(wps->peer_hash1, hash, WPS_HASH_LEN) != 0) {
|
if (os_memcmp(wps->peer_hash1, hash, WPS_HASH_LEN) != 0) {
|
||||||
wpa_printf(MSG_DEBUG, "WPS: E-Hash1 derived from E-S1 does "
|
wpa_printf(MSG_DEBUG, "WPS: E-Hash1 derived from E-S1 does "
|
||||||
"not match with the pre-committed value");
|
"not match with the pre-committed value");
|
||||||
|
@ -2210,7 +2210,7 @@ static int wps_process_e_snonce2(struct wps_data *wps, const u8 *e_snonce2)
|
||||||
addr[3] = wpabuf_head(wps->dh_pubkey_r);
|
addr[3] = wpabuf_head(wps->dh_pubkey_r);
|
||||||
len[3] = wpabuf_len(wps->dh_pubkey_r);
|
len[3] = wpabuf_len(wps->dh_pubkey_r);
|
||||||
|
|
||||||
fast_hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 4, addr, len, hash);
|
hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 4, addr, len, hash);
|
||||||
if (os_memcmp(wps->peer_hash2, hash, WPS_HASH_LEN) != 0) {
|
if (os_memcmp(wps->peer_hash2, hash, WPS_HASH_LEN) != 0) {
|
||||||
wpa_printf(MSG_DEBUG, "WPS: E-Hash2 derived from E-S2 does "
|
wpa_printf(MSG_DEBUG, "WPS: E-Hash2 derived from E-S2 does "
|
||||||
"not match with the pre-committed value");
|
"not match with the pre-committed value");
|
||||||
|
@ -2547,7 +2547,7 @@ static enum wps_process_res wps_process_m1(struct wps_data *wps,
|
||||||
wps->nfc_pw_token = token;
|
wps->nfc_pw_token = token;
|
||||||
|
|
||||||
addr[0] = attr->public_key;
|
addr[0] = attr->public_key;
|
||||||
fast_sha256_vector(1, addr, &attr->public_key_len, hash);
|
sha256_vector(1, addr, &attr->public_key_len, hash);
|
||||||
if (os_memcmp(hash, wps->nfc_pw_token->pubkey_hash,
|
if (os_memcmp(hash, wps->nfc_pw_token->pubkey_hash,
|
||||||
WPS_OOB_PUBKEY_HASH_LEN) != 0) {
|
WPS_OOB_PUBKEY_HASH_LEN) != 0) {
|
||||||
wpa_printf(MSG_ERROR, "WPS: Public Key hash "
|
wpa_printf(MSG_ERROR, "WPS: Public Key hash "
|
||||||
|
|
Loading…
Reference in a new issue