208 lines
4.0 KiB
C
208 lines
4.0 KiB
C
/*
|
|
* WPA Supplicant / wrapper functions for libcrypto
|
|
* Copyright (c) 2004-2005, Jouni Malinen <j@w1.fi>
|
|
*
|
|
* This program is free software; you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License version 2 as
|
|
* published by the Free Software Foundation.
|
|
*
|
|
* Alternatively, this software may be distributed under the terms of BSD
|
|
* license.
|
|
*
|
|
* See README and COPYING for more details.
|
|
*/
|
|
|
|
#include "includes.h"
|
|
#include <openssl/opensslv.h>
|
|
#include <openssl/md4.h>
|
|
#include <openssl/md5.h>
|
|
#include <openssl/sha.h>
|
|
#include <openssl/des.h>
|
|
#include <openssl/aes.h>
|
|
|
|
#include "common.h"
|
|
#include "crypto.h"
|
|
|
|
#if OPENSSL_VERSION_NUMBER < 0x00907000
|
|
#define DES_key_schedule des_key_schedule
|
|
#define DES_cblock des_cblock
|
|
#define DES_set_key(key, schedule) des_set_key((key), *(schedule))
|
|
#define DES_ecb_encrypt(input, output, ks, enc) \
|
|
des_ecb_encrypt((input), (output), *(ks), (enc))
|
|
#endif /* openssl < 0.9.7 */
|
|
|
|
|
|
void md4_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac)
|
|
{
|
|
MD4_CTX ctx;
|
|
size_t i;
|
|
|
|
MD4_Init(&ctx);
|
|
for (i = 0; i < num_elem; i++)
|
|
MD4_Update(&ctx, addr[i], len[i]);
|
|
MD4_Final(mac, &ctx);
|
|
}
|
|
|
|
|
|
void des_encrypt(const u8 *clear, const u8 *key, u8 *cypher)
|
|
{
|
|
u8 pkey[8], next, tmp;
|
|
int i;
|
|
DES_key_schedule ks;
|
|
|
|
/* Add parity bits to the key */
|
|
next = 0;
|
|
for (i = 0; i < 7; i++) {
|
|
tmp = key[i];
|
|
pkey[i] = (tmp >> i) | next | 1;
|
|
next = tmp << (7 - i);
|
|
}
|
|
pkey[i] = next | 1;
|
|
|
|
DES_set_key(&pkey, &ks);
|
|
DES_ecb_encrypt((DES_cblock *) clear, (DES_cblock *) cypher, &ks,
|
|
DES_ENCRYPT);
|
|
}
|
|
|
|
|
|
#ifdef EAP_TLS_FUNCS
|
|
void md5_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac)
|
|
{
|
|
MD5_CTX ctx;
|
|
size_t i;
|
|
|
|
MD5_Init(&ctx);
|
|
for (i = 0; i < num_elem; i++)
|
|
MD5_Update(&ctx, addr[i], len[i]);
|
|
MD5_Final(mac, &ctx);
|
|
}
|
|
|
|
|
|
void sha1_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac)
|
|
{
|
|
SHA_CTX ctx;
|
|
size_t i;
|
|
|
|
SHA1_Init(&ctx);
|
|
for (i = 0; i < num_elem; i++)
|
|
SHA1_Update(&ctx, addr[i], len[i]);
|
|
SHA1_Final(mac, &ctx);
|
|
}
|
|
|
|
|
|
static void sha1_transform(u8 *state, const u8 data[64])
|
|
{
|
|
SHA_CTX context;
|
|
os_memset(&context, 0, sizeof(context));
|
|
os_memcpy(&context.h0, state, 5 * 4);
|
|
SHA1_Transform(&context, data);
|
|
os_memcpy(state, &context.h0, 5 * 4);
|
|
}
|
|
|
|
|
|
int fips186_2_prf(const u8 *seed, size_t seed_len, u8 *x, size_t xlen)
|
|
{
|
|
u8 xkey[64];
|
|
u32 t[5], _t[5];
|
|
int i, j, m, k;
|
|
u8 *xpos = x;
|
|
u32 carry;
|
|
|
|
if (seed_len > sizeof(xkey))
|
|
seed_len = sizeof(xkey);
|
|
|
|
/* FIPS 186-2 + change notice 1 */
|
|
|
|
os_memcpy(xkey, seed, seed_len);
|
|
os_memset(xkey + seed_len, 0, 64 - seed_len);
|
|
t[0] = 0x67452301;
|
|
t[1] = 0xEFCDAB89;
|
|
t[2] = 0x98BADCFE;
|
|
t[3] = 0x10325476;
|
|
t[4] = 0xC3D2E1F0;
|
|
|
|
m = xlen / 40;
|
|
for (j = 0; j < m; j++) {
|
|
/* XSEED_j = 0 */
|
|
for (i = 0; i < 2; i++) {
|
|
/* XVAL = (XKEY + XSEED_j) mod 2^b */
|
|
|
|
/* w_i = G(t, XVAL) */
|
|
os_memcpy(_t, t, 20);
|
|
sha1_transform((u8 *) _t, xkey);
|
|
_t[0] = host_to_be32(_t[0]);
|
|
_t[1] = host_to_be32(_t[1]);
|
|
_t[2] = host_to_be32(_t[2]);
|
|
_t[3] = host_to_be32(_t[3]);
|
|
_t[4] = host_to_be32(_t[4]);
|
|
os_memcpy(xpos, _t, 20);
|
|
|
|
/* XKEY = (1 + XKEY + w_i) mod 2^b */
|
|
carry = 1;
|
|
for (k = 19; k >= 0; k--) {
|
|
carry += xkey[k] + xpos[k];
|
|
xkey[k] = carry & 0xff;
|
|
carry >>= 8;
|
|
}
|
|
|
|
xpos += 20;
|
|
}
|
|
/* x_j = w_0|w_1 */
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|
|
|
|
void * aes_encrypt_init(const u8 *key, size_t len)
|
|
{
|
|
AES_KEY *ak;
|
|
ak = os_malloc(sizeof(*ak));
|
|
if (ak == NULL)
|
|
return NULL;
|
|
if (AES_set_encrypt_key(key, 8 * len, ak) < 0) {
|
|
os_free(ak);
|
|
return NULL;
|
|
}
|
|
return ak;
|
|
}
|
|
|
|
|
|
void aes_encrypt(void *ctx, const u8 *plain, u8 *crypt)
|
|
{
|
|
AES_encrypt(plain, crypt, ctx);
|
|
}
|
|
|
|
|
|
void aes_encrypt_deinit(void *ctx)
|
|
{
|
|
os_free(ctx);
|
|
}
|
|
|
|
|
|
void * aes_decrypt_init(const u8 *key, size_t len)
|
|
{
|
|
AES_KEY *ak;
|
|
ak = os_malloc(sizeof(*ak));
|
|
if (ak == NULL)
|
|
return NULL;
|
|
if (AES_set_decrypt_key(key, 8 * len, ak) < 0) {
|
|
os_free(ak);
|
|
return NULL;
|
|
}
|
|
return ak;
|
|
}
|
|
|
|
|
|
void aes_decrypt(void *ctx, const u8 *crypt, u8 *plain)
|
|
{
|
|
AES_decrypt(crypt, plain, ctx);
|
|
}
|
|
|
|
|
|
void aes_decrypt_deinit(void *ctx)
|
|
{
|
|
os_free(ctx);
|
|
}
|
|
#endif /* EAP_TLS_FUNCS */
|