16d49e1aeSJan Lentfer /* 23ff40c12SJohn Marino * Wrapper functions for crypto libraries 3*a1157835SDaniel Fojt * Copyright (c) 2004-2017, Jouni Malinen <j@w1.fi> 46d49e1aeSJan Lentfer * 53ff40c12SJohn Marino * This software may be distributed under the terms of the BSD license. 63ff40c12SJohn Marino * See README for more details. 76d49e1aeSJan Lentfer * 86d49e1aeSJan Lentfer * This file defines the cryptographic functions that need to be implemented 96d49e1aeSJan Lentfer * for wpa_supplicant and hostapd. When TLS is not used, internal 106d49e1aeSJan Lentfer * implementation of MD5, SHA1, and AES is used and no external libraries are 116d49e1aeSJan Lentfer * required. When TLS is enabled (e.g., by enabling EAP-TLS or EAP-PEAP), the 126d49e1aeSJan Lentfer * crypto library used by the TLS implementation is expected to be used for 136d49e1aeSJan Lentfer * non-TLS needs, too, in order to save space by not implementing these 146d49e1aeSJan Lentfer * functions twice. 156d49e1aeSJan Lentfer * 166d49e1aeSJan Lentfer * Wrapper code for using each crypto library is in its own file (crypto*.c) 176d49e1aeSJan Lentfer * and one of these files is build and linked in to provide the functions 186d49e1aeSJan Lentfer * defined here. 196d49e1aeSJan Lentfer */ 206d49e1aeSJan Lentfer 216d49e1aeSJan Lentfer #ifndef CRYPTO_H 226d49e1aeSJan Lentfer #define CRYPTO_H 236d49e1aeSJan Lentfer 246d49e1aeSJan Lentfer /** 256d49e1aeSJan Lentfer * md4_vector - MD4 hash for data vector 266d49e1aeSJan Lentfer * @num_elem: Number of elements in the data vector 276d49e1aeSJan Lentfer * @addr: Pointers to the data areas 286d49e1aeSJan Lentfer * @len: Lengths of the data blocks 296d49e1aeSJan Lentfer * @mac: Buffer for the hash 303ff40c12SJohn Marino * Returns: 0 on success, -1 on failure 316d49e1aeSJan Lentfer */ 323ff40c12SJohn Marino int md4_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac); 336d49e1aeSJan Lentfer 346d49e1aeSJan Lentfer /** 356d49e1aeSJan Lentfer * md5_vector - MD5 hash for data vector 366d49e1aeSJan Lentfer * @num_elem: Number of elements in the data vector 376d49e1aeSJan Lentfer * @addr: Pointers to the data areas 386d49e1aeSJan Lentfer * @len: Lengths of the data blocks 396d49e1aeSJan Lentfer * @mac: Buffer for the hash 403ff40c12SJohn Marino * Returns: 0 on success, -1 on failure 416d49e1aeSJan Lentfer */ 423ff40c12SJohn Marino int md5_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac); 433ff40c12SJohn Marino 446d49e1aeSJan Lentfer 456d49e1aeSJan Lentfer /** 466d49e1aeSJan Lentfer * sha1_vector - SHA-1 hash for data vector 476d49e1aeSJan Lentfer * @num_elem: Number of elements in the data vector 486d49e1aeSJan Lentfer * @addr: Pointers to the data areas 496d49e1aeSJan Lentfer * @len: Lengths of the data blocks 506d49e1aeSJan Lentfer * @mac: Buffer for the hash 513ff40c12SJohn Marino * Returns: 0 on success, -1 on failure 526d49e1aeSJan Lentfer */ 533ff40c12SJohn Marino int sha1_vector(size_t num_elem, const u8 *addr[], const size_t *len, 546d49e1aeSJan Lentfer u8 *mac); 556d49e1aeSJan Lentfer 566d49e1aeSJan Lentfer /** 576d49e1aeSJan Lentfer * fips186_2-prf - NIST FIPS Publication 186-2 change notice 1 PRF 586d49e1aeSJan Lentfer * @seed: Seed/key for the PRF 596d49e1aeSJan Lentfer * @seed_len: Seed length in bytes 606d49e1aeSJan Lentfer * @x: Buffer for PRF output 616d49e1aeSJan Lentfer * @xlen: Output length in bytes 626d49e1aeSJan Lentfer * Returns: 0 on success, -1 on failure 636d49e1aeSJan Lentfer * 646d49e1aeSJan Lentfer * This function implements random number generation specified in NIST FIPS 656d49e1aeSJan Lentfer * Publication 186-2 for EAP-SIM. This PRF uses a function that is similar to 666d49e1aeSJan Lentfer * SHA-1, but has different message padding. 676d49e1aeSJan Lentfer */ 686d49e1aeSJan Lentfer int __must_check fips186_2_prf(const u8 *seed, size_t seed_len, u8 *x, 696d49e1aeSJan Lentfer size_t xlen); 706d49e1aeSJan Lentfer 716d49e1aeSJan Lentfer /** 726d49e1aeSJan Lentfer * sha256_vector - SHA256 hash for data vector 736d49e1aeSJan Lentfer * @num_elem: Number of elements in the data vector 746d49e1aeSJan Lentfer * @addr: Pointers to the data areas 756d49e1aeSJan Lentfer * @len: Lengths of the data blocks 766d49e1aeSJan Lentfer * @mac: Buffer for the hash 773ff40c12SJohn Marino * Returns: 0 on success, -1 on failure 786d49e1aeSJan Lentfer */ 793ff40c12SJohn Marino int sha256_vector(size_t num_elem, const u8 *addr[], const size_t *len, 806d49e1aeSJan Lentfer u8 *mac); 816d49e1aeSJan Lentfer 826d49e1aeSJan Lentfer /** 83*a1157835SDaniel Fojt * sha384_vector - SHA384 hash for data vector 84*a1157835SDaniel Fojt * @num_elem: Number of elements in the data vector 85*a1157835SDaniel Fojt * @addr: Pointers to the data areas 86*a1157835SDaniel Fojt * @len: Lengths of the data blocks 87*a1157835SDaniel Fojt * @mac: Buffer for the hash 88*a1157835SDaniel Fojt * Returns: 0 on success, -1 on failure 89*a1157835SDaniel Fojt */ 90*a1157835SDaniel Fojt int sha384_vector(size_t num_elem, const u8 *addr[], const size_t *len, 91*a1157835SDaniel Fojt u8 *mac); 92*a1157835SDaniel Fojt 93*a1157835SDaniel Fojt /** 94*a1157835SDaniel Fojt * sha512_vector - SHA512 hash for data vector 95*a1157835SDaniel Fojt * @num_elem: Number of elements in the data vector 96*a1157835SDaniel Fojt * @addr: Pointers to the data areas 97*a1157835SDaniel Fojt * @len: Lengths of the data blocks 98*a1157835SDaniel Fojt * @mac: Buffer for the hash 99*a1157835SDaniel Fojt * Returns: 0 on success, -1 on failure 100*a1157835SDaniel Fojt */ 101*a1157835SDaniel Fojt int sha512_vector(size_t num_elem, const u8 *addr[], const size_t *len, 102*a1157835SDaniel Fojt u8 *mac); 103*a1157835SDaniel Fojt 104*a1157835SDaniel Fojt /** 1056d49e1aeSJan Lentfer * des_encrypt - Encrypt one block with DES 1066d49e1aeSJan Lentfer * @clear: 8 octets (in) 1076d49e1aeSJan Lentfer * @key: 7 octets (in) (no parity bits included) 1086d49e1aeSJan Lentfer * @cypher: 8 octets (out) 109*a1157835SDaniel Fojt * Returns: 0 on success, -1 on failure 1106d49e1aeSJan Lentfer */ 111*a1157835SDaniel Fojt int des_encrypt(const u8 *clear, const u8 *key, u8 *cypher); 1126d49e1aeSJan Lentfer 1136d49e1aeSJan Lentfer /** 1146d49e1aeSJan Lentfer * aes_encrypt_init - Initialize AES for encryption 1156d49e1aeSJan Lentfer * @key: Encryption key 1166d49e1aeSJan Lentfer * @len: Key length in bytes (usually 16, i.e., 128 bits) 1176d49e1aeSJan Lentfer * Returns: Pointer to context data or %NULL on failure 1186d49e1aeSJan Lentfer */ 1196d49e1aeSJan Lentfer void * aes_encrypt_init(const u8 *key, size_t len); 1206d49e1aeSJan Lentfer 1216d49e1aeSJan Lentfer /** 1226d49e1aeSJan Lentfer * aes_encrypt - Encrypt one AES block 1236d49e1aeSJan Lentfer * @ctx: Context pointer from aes_encrypt_init() 1246d49e1aeSJan Lentfer * @plain: Plaintext data to be encrypted (16 bytes) 1256d49e1aeSJan Lentfer * @crypt: Buffer for the encrypted data (16 bytes) 126*a1157835SDaniel Fojt * Returns: 0 on success, -1 on failure 1276d49e1aeSJan Lentfer */ 128*a1157835SDaniel Fojt int aes_encrypt(void *ctx, const u8 *plain, u8 *crypt); 1296d49e1aeSJan Lentfer 1306d49e1aeSJan Lentfer /** 1316d49e1aeSJan Lentfer * aes_encrypt_deinit - Deinitialize AES encryption 1326d49e1aeSJan Lentfer * @ctx: Context pointer from aes_encrypt_init() 1336d49e1aeSJan Lentfer */ 1346d49e1aeSJan Lentfer void aes_encrypt_deinit(void *ctx); 1356d49e1aeSJan Lentfer 1366d49e1aeSJan Lentfer /** 1376d49e1aeSJan Lentfer * aes_decrypt_init - Initialize AES for decryption 1386d49e1aeSJan Lentfer * @key: Decryption key 1396d49e1aeSJan Lentfer * @len: Key length in bytes (usually 16, i.e., 128 bits) 1406d49e1aeSJan Lentfer * Returns: Pointer to context data or %NULL on failure 1416d49e1aeSJan Lentfer */ 1426d49e1aeSJan Lentfer void * aes_decrypt_init(const u8 *key, size_t len); 1436d49e1aeSJan Lentfer 1446d49e1aeSJan Lentfer /** 1456d49e1aeSJan Lentfer * aes_decrypt - Decrypt one AES block 1466d49e1aeSJan Lentfer * @ctx: Context pointer from aes_encrypt_init() 1476d49e1aeSJan Lentfer * @crypt: Encrypted data (16 bytes) 1486d49e1aeSJan Lentfer * @plain: Buffer for the decrypted data (16 bytes) 149*a1157835SDaniel Fojt * Returns: 0 on success, -1 on failure 1506d49e1aeSJan Lentfer */ 151*a1157835SDaniel Fojt int aes_decrypt(void *ctx, const u8 *crypt, u8 *plain); 1526d49e1aeSJan Lentfer 1536d49e1aeSJan Lentfer /** 1546d49e1aeSJan Lentfer * aes_decrypt_deinit - Deinitialize AES decryption 1556d49e1aeSJan Lentfer * @ctx: Context pointer from aes_encrypt_init() 1566d49e1aeSJan Lentfer */ 1576d49e1aeSJan Lentfer void aes_decrypt_deinit(void *ctx); 1586d49e1aeSJan Lentfer 1596d49e1aeSJan Lentfer 1606d49e1aeSJan Lentfer enum crypto_hash_alg { 1616d49e1aeSJan Lentfer CRYPTO_HASH_ALG_MD5, CRYPTO_HASH_ALG_SHA1, 1623ff40c12SJohn Marino CRYPTO_HASH_ALG_HMAC_MD5, CRYPTO_HASH_ALG_HMAC_SHA1, 163*a1157835SDaniel Fojt CRYPTO_HASH_ALG_SHA256, CRYPTO_HASH_ALG_HMAC_SHA256, 164*a1157835SDaniel Fojt CRYPTO_HASH_ALG_SHA384, CRYPTO_HASH_ALG_SHA512 1656d49e1aeSJan Lentfer }; 1666d49e1aeSJan Lentfer 1676d49e1aeSJan Lentfer struct crypto_hash; 1686d49e1aeSJan Lentfer 1696d49e1aeSJan Lentfer /** 1706d49e1aeSJan Lentfer * crypto_hash_init - Initialize hash/HMAC function 1716d49e1aeSJan Lentfer * @alg: Hash algorithm 1726d49e1aeSJan Lentfer * @key: Key for keyed hash (e.g., HMAC) or %NULL if not needed 1736d49e1aeSJan Lentfer * @key_len: Length of the key in bytes 1746d49e1aeSJan Lentfer * Returns: Pointer to hash context to use with other hash functions or %NULL 1756d49e1aeSJan Lentfer * on failure 1766d49e1aeSJan Lentfer * 1776d49e1aeSJan Lentfer * This function is only used with internal TLSv1 implementation 1786d49e1aeSJan Lentfer * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need 1796d49e1aeSJan Lentfer * to implement this. 1806d49e1aeSJan Lentfer */ 1816d49e1aeSJan Lentfer struct crypto_hash * crypto_hash_init(enum crypto_hash_alg alg, const u8 *key, 1826d49e1aeSJan Lentfer size_t key_len); 1836d49e1aeSJan Lentfer 1846d49e1aeSJan Lentfer /** 1856d49e1aeSJan Lentfer * crypto_hash_update - Add data to hash calculation 1866d49e1aeSJan Lentfer * @ctx: Context pointer from crypto_hash_init() 1876d49e1aeSJan Lentfer * @data: Data buffer to add 1886d49e1aeSJan Lentfer * @len: Length of the buffer 1896d49e1aeSJan Lentfer * 1906d49e1aeSJan Lentfer * This function is only used with internal TLSv1 implementation 1916d49e1aeSJan Lentfer * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need 1926d49e1aeSJan Lentfer * to implement this. 1936d49e1aeSJan Lentfer */ 1946d49e1aeSJan Lentfer void crypto_hash_update(struct crypto_hash *ctx, const u8 *data, size_t len); 1956d49e1aeSJan Lentfer 1966d49e1aeSJan Lentfer /** 1976d49e1aeSJan Lentfer * crypto_hash_finish - Complete hash calculation 1986d49e1aeSJan Lentfer * @ctx: Context pointer from crypto_hash_init() 1996d49e1aeSJan Lentfer * @hash: Buffer for hash value or %NULL if caller is just freeing the hash 2006d49e1aeSJan Lentfer * context 2016d49e1aeSJan Lentfer * @len: Pointer to length of the buffer or %NULL if caller is just freeing the 2026d49e1aeSJan Lentfer * hash context; on return, this is set to the actual length of the hash value 2036d49e1aeSJan Lentfer * Returns: 0 on success, -1 if buffer is too small (len set to needed length), 2046d49e1aeSJan Lentfer * or -2 on other failures (including failed crypto_hash_update() operations) 2056d49e1aeSJan Lentfer * 2066d49e1aeSJan Lentfer * This function calculates the hash value and frees the context buffer that 2076d49e1aeSJan Lentfer * was used for hash calculation. 2086d49e1aeSJan Lentfer * 2096d49e1aeSJan Lentfer * This function is only used with internal TLSv1 implementation 2106d49e1aeSJan Lentfer * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need 2116d49e1aeSJan Lentfer * to implement this. 2126d49e1aeSJan Lentfer */ 2136d49e1aeSJan Lentfer int crypto_hash_finish(struct crypto_hash *ctx, u8 *hash, size_t *len); 2146d49e1aeSJan Lentfer 2156d49e1aeSJan Lentfer 2166d49e1aeSJan Lentfer enum crypto_cipher_alg { 2176d49e1aeSJan Lentfer CRYPTO_CIPHER_NULL = 0, CRYPTO_CIPHER_ALG_AES, CRYPTO_CIPHER_ALG_3DES, 2186d49e1aeSJan Lentfer CRYPTO_CIPHER_ALG_DES, CRYPTO_CIPHER_ALG_RC2, CRYPTO_CIPHER_ALG_RC4 2196d49e1aeSJan Lentfer }; 2206d49e1aeSJan Lentfer 2216d49e1aeSJan Lentfer struct crypto_cipher; 2226d49e1aeSJan Lentfer 2236d49e1aeSJan Lentfer /** 2246d49e1aeSJan Lentfer * crypto_cipher_init - Initialize block/stream cipher function 2256d49e1aeSJan Lentfer * @alg: Cipher algorithm 2266d49e1aeSJan Lentfer * @iv: Initialization vector for block ciphers or %NULL for stream ciphers 2276d49e1aeSJan Lentfer * @key: Cipher key 2286d49e1aeSJan Lentfer * @key_len: Length of key in bytes 2296d49e1aeSJan Lentfer * Returns: Pointer to cipher context to use with other cipher functions or 2306d49e1aeSJan Lentfer * %NULL on failure 2316d49e1aeSJan Lentfer * 2326d49e1aeSJan Lentfer * This function is only used with internal TLSv1 implementation 2336d49e1aeSJan Lentfer * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need 2346d49e1aeSJan Lentfer * to implement this. 2356d49e1aeSJan Lentfer */ 2366d49e1aeSJan Lentfer struct crypto_cipher * crypto_cipher_init(enum crypto_cipher_alg alg, 2376d49e1aeSJan Lentfer const u8 *iv, const u8 *key, 2386d49e1aeSJan Lentfer size_t key_len); 2396d49e1aeSJan Lentfer 2406d49e1aeSJan Lentfer /** 2416d49e1aeSJan Lentfer * crypto_cipher_encrypt - Cipher encrypt 2426d49e1aeSJan Lentfer * @ctx: Context pointer from crypto_cipher_init() 2436d49e1aeSJan Lentfer * @plain: Plaintext to cipher 2446d49e1aeSJan Lentfer * @crypt: Resulting ciphertext 2456d49e1aeSJan Lentfer * @len: Length of the plaintext 2466d49e1aeSJan Lentfer * Returns: 0 on success, -1 on failure 2476d49e1aeSJan Lentfer * 2486d49e1aeSJan Lentfer * This function is only used with internal TLSv1 implementation 2496d49e1aeSJan Lentfer * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need 2506d49e1aeSJan Lentfer * to implement this. 2516d49e1aeSJan Lentfer */ 2526d49e1aeSJan Lentfer int __must_check crypto_cipher_encrypt(struct crypto_cipher *ctx, 2536d49e1aeSJan Lentfer const u8 *plain, u8 *crypt, size_t len); 2546d49e1aeSJan Lentfer 2556d49e1aeSJan Lentfer /** 2566d49e1aeSJan Lentfer * crypto_cipher_decrypt - Cipher decrypt 2576d49e1aeSJan Lentfer * @ctx: Context pointer from crypto_cipher_init() 2586d49e1aeSJan Lentfer * @crypt: Ciphertext to decrypt 2596d49e1aeSJan Lentfer * @plain: Resulting plaintext 2606d49e1aeSJan Lentfer * @len: Length of the cipher text 2616d49e1aeSJan Lentfer * Returns: 0 on success, -1 on failure 2626d49e1aeSJan Lentfer * 2636d49e1aeSJan Lentfer * This function is only used with internal TLSv1 implementation 2646d49e1aeSJan Lentfer * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need 2656d49e1aeSJan Lentfer * to implement this. 2666d49e1aeSJan Lentfer */ 2676d49e1aeSJan Lentfer int __must_check crypto_cipher_decrypt(struct crypto_cipher *ctx, 2686d49e1aeSJan Lentfer const u8 *crypt, u8 *plain, size_t len); 2696d49e1aeSJan Lentfer 2706d49e1aeSJan Lentfer /** 2716d49e1aeSJan Lentfer * crypto_cipher_decrypt - Free cipher context 2726d49e1aeSJan Lentfer * @ctx: Context pointer from crypto_cipher_init() 2736d49e1aeSJan Lentfer * 2746d49e1aeSJan Lentfer * This function is only used with internal TLSv1 implementation 2756d49e1aeSJan Lentfer * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need 2766d49e1aeSJan Lentfer * to implement this. 2776d49e1aeSJan Lentfer */ 2786d49e1aeSJan Lentfer void crypto_cipher_deinit(struct crypto_cipher *ctx); 2796d49e1aeSJan Lentfer 2806d49e1aeSJan Lentfer 2816d49e1aeSJan Lentfer struct crypto_public_key; 2826d49e1aeSJan Lentfer struct crypto_private_key; 2836d49e1aeSJan Lentfer 2846d49e1aeSJan Lentfer /** 2856d49e1aeSJan Lentfer * crypto_public_key_import - Import an RSA public key 2866d49e1aeSJan Lentfer * @key: Key buffer (DER encoded RSA public key) 2876d49e1aeSJan Lentfer * @len: Key buffer length in bytes 2886d49e1aeSJan Lentfer * Returns: Pointer to the public key or %NULL on failure 2896d49e1aeSJan Lentfer * 2906d49e1aeSJan Lentfer * This function can just return %NULL if the crypto library supports X.509 2916d49e1aeSJan Lentfer * parsing. In that case, crypto_public_key_from_cert() is used to import the 2926d49e1aeSJan Lentfer * public key from a certificate. 2936d49e1aeSJan Lentfer * 2946d49e1aeSJan Lentfer * This function is only used with internal TLSv1 implementation 2956d49e1aeSJan Lentfer * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need 2966d49e1aeSJan Lentfer * to implement this. 2976d49e1aeSJan Lentfer */ 2986d49e1aeSJan Lentfer struct crypto_public_key * crypto_public_key_import(const u8 *key, size_t len); 2996d49e1aeSJan Lentfer 300*a1157835SDaniel Fojt struct crypto_public_key * 301*a1157835SDaniel Fojt crypto_public_key_import_parts(const u8 *n, size_t n_len, 302*a1157835SDaniel Fojt const u8 *e, size_t e_len); 303*a1157835SDaniel Fojt 3046d49e1aeSJan Lentfer /** 3056d49e1aeSJan Lentfer * crypto_private_key_import - Import an RSA private key 3066d49e1aeSJan Lentfer * @key: Key buffer (DER encoded RSA private key) 3076d49e1aeSJan Lentfer * @len: Key buffer length in bytes 3083ff40c12SJohn Marino * @passwd: Key encryption password or %NULL if key is not encrypted 3096d49e1aeSJan Lentfer * Returns: Pointer to the private key or %NULL on failure 3106d49e1aeSJan Lentfer * 3116d49e1aeSJan Lentfer * This function is only used with internal TLSv1 implementation 3126d49e1aeSJan Lentfer * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need 3136d49e1aeSJan Lentfer * to implement this. 3146d49e1aeSJan Lentfer */ 3156d49e1aeSJan Lentfer struct crypto_private_key * crypto_private_key_import(const u8 *key, 3163ff40c12SJohn Marino size_t len, 3173ff40c12SJohn Marino const char *passwd); 3186d49e1aeSJan Lentfer 3196d49e1aeSJan Lentfer /** 3206d49e1aeSJan Lentfer * crypto_public_key_from_cert - Import an RSA public key from a certificate 3216d49e1aeSJan Lentfer * @buf: DER encoded X.509 certificate 3226d49e1aeSJan Lentfer * @len: Certificate buffer length in bytes 3236d49e1aeSJan Lentfer * Returns: Pointer to public key or %NULL on failure 3246d49e1aeSJan Lentfer * 3256d49e1aeSJan Lentfer * This function can just return %NULL if the crypto library does not support 3266d49e1aeSJan Lentfer * X.509 parsing. In that case, internal code will be used to parse the 3276d49e1aeSJan Lentfer * certificate and public key is imported using crypto_public_key_import(). 3286d49e1aeSJan Lentfer * 3296d49e1aeSJan Lentfer * This function is only used with internal TLSv1 implementation 3306d49e1aeSJan Lentfer * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need 3316d49e1aeSJan Lentfer * to implement this. 3326d49e1aeSJan Lentfer */ 3336d49e1aeSJan Lentfer struct crypto_public_key * crypto_public_key_from_cert(const u8 *buf, 3346d49e1aeSJan Lentfer size_t len); 3356d49e1aeSJan Lentfer 3366d49e1aeSJan Lentfer /** 3376d49e1aeSJan Lentfer * crypto_public_key_encrypt_pkcs1_v15 - Public key encryption (PKCS #1 v1.5) 3386d49e1aeSJan Lentfer * @key: Public key 3396d49e1aeSJan Lentfer * @in: Plaintext buffer 3406d49e1aeSJan Lentfer * @inlen: Length of plaintext buffer in bytes 3416d49e1aeSJan Lentfer * @out: Output buffer for encrypted data 3426d49e1aeSJan Lentfer * @outlen: Length of output buffer in bytes; set to used length on success 3436d49e1aeSJan Lentfer * Returns: 0 on success, -1 on failure 3446d49e1aeSJan Lentfer * 3456d49e1aeSJan Lentfer * This function is only used with internal TLSv1 implementation 3466d49e1aeSJan Lentfer * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need 3476d49e1aeSJan Lentfer * to implement this. 3486d49e1aeSJan Lentfer */ 3496d49e1aeSJan Lentfer int __must_check crypto_public_key_encrypt_pkcs1_v15( 3506d49e1aeSJan Lentfer struct crypto_public_key *key, const u8 *in, size_t inlen, 3516d49e1aeSJan Lentfer u8 *out, size_t *outlen); 3526d49e1aeSJan Lentfer 3536d49e1aeSJan Lentfer /** 3546d49e1aeSJan Lentfer * crypto_private_key_decrypt_pkcs1_v15 - Private key decryption (PKCS #1 v1.5) 3556d49e1aeSJan Lentfer * @key: Private key 3566d49e1aeSJan Lentfer * @in: Encrypted buffer 3576d49e1aeSJan Lentfer * @inlen: Length of encrypted buffer in bytes 3586d49e1aeSJan Lentfer * @out: Output buffer for encrypted data 3596d49e1aeSJan Lentfer * @outlen: Length of output buffer in bytes; set to used length on success 3606d49e1aeSJan Lentfer * Returns: 0 on success, -1 on failure 3616d49e1aeSJan Lentfer * 3626d49e1aeSJan Lentfer * This function is only used with internal TLSv1 implementation 3636d49e1aeSJan Lentfer * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need 3646d49e1aeSJan Lentfer * to implement this. 3656d49e1aeSJan Lentfer */ 3666d49e1aeSJan Lentfer int __must_check crypto_private_key_decrypt_pkcs1_v15( 3676d49e1aeSJan Lentfer struct crypto_private_key *key, const u8 *in, size_t inlen, 3686d49e1aeSJan Lentfer u8 *out, size_t *outlen); 3696d49e1aeSJan Lentfer 3706d49e1aeSJan Lentfer /** 3716d49e1aeSJan Lentfer * crypto_private_key_sign_pkcs1 - Sign with private key (PKCS #1) 3726d49e1aeSJan Lentfer * @key: Private key from crypto_private_key_import() 3736d49e1aeSJan Lentfer * @in: Plaintext buffer 3746d49e1aeSJan Lentfer * @inlen: Length of plaintext buffer in bytes 3756d49e1aeSJan Lentfer * @out: Output buffer for encrypted (signed) data 3766d49e1aeSJan Lentfer * @outlen: Length of output buffer in bytes; set to used length on success 3776d49e1aeSJan Lentfer * Returns: 0 on success, -1 on failure 3786d49e1aeSJan Lentfer * 3796d49e1aeSJan Lentfer * This function is only used with internal TLSv1 implementation 3806d49e1aeSJan Lentfer * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need 3816d49e1aeSJan Lentfer * to implement this. 3826d49e1aeSJan Lentfer */ 3836d49e1aeSJan Lentfer int __must_check crypto_private_key_sign_pkcs1(struct crypto_private_key *key, 3846d49e1aeSJan Lentfer const u8 *in, size_t inlen, 3856d49e1aeSJan Lentfer u8 *out, size_t *outlen); 3866d49e1aeSJan Lentfer 3876d49e1aeSJan Lentfer /** 3886d49e1aeSJan Lentfer * crypto_public_key_free - Free public key 3896d49e1aeSJan Lentfer * @key: Public key 3906d49e1aeSJan Lentfer * 3916d49e1aeSJan Lentfer * This function is only used with internal TLSv1 implementation 3926d49e1aeSJan Lentfer * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need 3936d49e1aeSJan Lentfer * to implement this. 3946d49e1aeSJan Lentfer */ 3956d49e1aeSJan Lentfer void crypto_public_key_free(struct crypto_public_key *key); 3966d49e1aeSJan Lentfer 3976d49e1aeSJan Lentfer /** 3986d49e1aeSJan Lentfer * crypto_private_key_free - Free private key 3996d49e1aeSJan Lentfer * @key: Private key from crypto_private_key_import() 4006d49e1aeSJan Lentfer * 4016d49e1aeSJan Lentfer * This function is only used with internal TLSv1 implementation 4026d49e1aeSJan Lentfer * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need 4036d49e1aeSJan Lentfer * to implement this. 4046d49e1aeSJan Lentfer */ 4056d49e1aeSJan Lentfer void crypto_private_key_free(struct crypto_private_key *key); 4066d49e1aeSJan Lentfer 4076d49e1aeSJan Lentfer /** 4086d49e1aeSJan Lentfer * crypto_public_key_decrypt_pkcs1 - Decrypt PKCS #1 signature 4096d49e1aeSJan Lentfer * @key: Public key 4106d49e1aeSJan Lentfer * @crypt: Encrypted signature data (using the private key) 4116d49e1aeSJan Lentfer * @crypt_len: Encrypted signature data length 4126d49e1aeSJan Lentfer * @plain: Buffer for plaintext (at least crypt_len bytes) 4136d49e1aeSJan Lentfer * @plain_len: Plaintext length (max buffer size on input, real len on output); 4146d49e1aeSJan Lentfer * Returns: 0 on success, -1 on failure 4156d49e1aeSJan Lentfer */ 4166d49e1aeSJan Lentfer int __must_check crypto_public_key_decrypt_pkcs1( 4176d49e1aeSJan Lentfer struct crypto_public_key *key, const u8 *crypt, size_t crypt_len, 4186d49e1aeSJan Lentfer u8 *plain, size_t *plain_len); 4196d49e1aeSJan Lentfer 420*a1157835SDaniel Fojt int crypto_dh_init(u8 generator, const u8 *prime, size_t prime_len, u8 *privkey, 421*a1157835SDaniel Fojt u8 *pubkey); 422*a1157835SDaniel Fojt int crypto_dh_derive_secret(u8 generator, const u8 *prime, size_t prime_len, 423*a1157835SDaniel Fojt const u8 *order, size_t order_len, 424*a1157835SDaniel Fojt const u8 *privkey, size_t privkey_len, 425*a1157835SDaniel Fojt const u8 *pubkey, size_t pubkey_len, 426*a1157835SDaniel Fojt u8 *secret, size_t *len); 427*a1157835SDaniel Fojt 4286d49e1aeSJan Lentfer /** 4296d49e1aeSJan Lentfer * crypto_global_init - Initialize crypto wrapper 4306d49e1aeSJan Lentfer * 4316d49e1aeSJan Lentfer * This function is only used with internal TLSv1 implementation 4326d49e1aeSJan Lentfer * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need 4336d49e1aeSJan Lentfer * to implement this. 4346d49e1aeSJan Lentfer */ 4356d49e1aeSJan Lentfer int __must_check crypto_global_init(void); 4366d49e1aeSJan Lentfer 4376d49e1aeSJan Lentfer /** 4386d49e1aeSJan Lentfer * crypto_global_deinit - Deinitialize crypto wrapper 4396d49e1aeSJan Lentfer * 4406d49e1aeSJan Lentfer * This function is only used with internal TLSv1 implementation 4416d49e1aeSJan Lentfer * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need 4426d49e1aeSJan Lentfer * to implement this. 4436d49e1aeSJan Lentfer */ 4446d49e1aeSJan Lentfer void crypto_global_deinit(void); 4456d49e1aeSJan Lentfer 4466d49e1aeSJan Lentfer /** 4476d49e1aeSJan Lentfer * crypto_mod_exp - Modular exponentiation of large integers 4486d49e1aeSJan Lentfer * @base: Base integer (big endian byte array) 4496d49e1aeSJan Lentfer * @base_len: Length of base integer in bytes 4506d49e1aeSJan Lentfer * @power: Power integer (big endian byte array) 4516d49e1aeSJan Lentfer * @power_len: Length of power integer in bytes 4526d49e1aeSJan Lentfer * @modulus: Modulus integer (big endian byte array) 4536d49e1aeSJan Lentfer * @modulus_len: Length of modulus integer in bytes 4546d49e1aeSJan Lentfer * @result: Buffer for the result 4556d49e1aeSJan Lentfer * @result_len: Result length (max buffer size on input, real len on output) 4566d49e1aeSJan Lentfer * Returns: 0 on success, -1 on failure 4576d49e1aeSJan Lentfer * 4586d49e1aeSJan Lentfer * This function calculates result = base ^ power mod modulus. modules_len is 4596d49e1aeSJan Lentfer * used as the maximum size of modulus buffer. It is set to the used size on 4606d49e1aeSJan Lentfer * success. 4616d49e1aeSJan Lentfer * 4626d49e1aeSJan Lentfer * This function is only used with internal TLSv1 implementation 4636d49e1aeSJan Lentfer * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need 4646d49e1aeSJan Lentfer * to implement this. 4656d49e1aeSJan Lentfer */ 4666d49e1aeSJan Lentfer int __must_check crypto_mod_exp(const u8 *base, size_t base_len, 4676d49e1aeSJan Lentfer const u8 *power, size_t power_len, 4686d49e1aeSJan Lentfer const u8 *modulus, size_t modulus_len, 4696d49e1aeSJan Lentfer u8 *result, size_t *result_len); 4706d49e1aeSJan Lentfer 4713ff40c12SJohn Marino /** 4723ff40c12SJohn Marino * rc4_skip - XOR RC4 stream to given data with skip-stream-start 4733ff40c12SJohn Marino * @key: RC4 key 4743ff40c12SJohn Marino * @keylen: RC4 key length 4753ff40c12SJohn Marino * @skip: number of bytes to skip from the beginning of the RC4 stream 4763ff40c12SJohn Marino * @data: data to be XOR'ed with RC4 stream 4773ff40c12SJohn Marino * @data_len: buf length 4783ff40c12SJohn Marino * Returns: 0 on success, -1 on failure 4793ff40c12SJohn Marino * 4803ff40c12SJohn Marino * Generate RC4 pseudo random stream for the given key, skip beginning of the 4813ff40c12SJohn Marino * stream, and XOR the end result with the data buffer to perform RC4 4823ff40c12SJohn Marino * encryption/decryption. 4833ff40c12SJohn Marino */ 4843ff40c12SJohn Marino int rc4_skip(const u8 *key, size_t keylen, size_t skip, 4853ff40c12SJohn Marino u8 *data, size_t data_len); 4863ff40c12SJohn Marino 4873ff40c12SJohn Marino /** 4883ff40c12SJohn Marino * crypto_get_random - Generate cryptographically strong pseudy-random bytes 4893ff40c12SJohn Marino * @buf: Buffer for data 4903ff40c12SJohn Marino * @len: Number of bytes to generate 4913ff40c12SJohn Marino * Returns: 0 on success, -1 on failure 4923ff40c12SJohn Marino * 4933ff40c12SJohn Marino * If the PRNG does not have enough entropy to ensure unpredictable byte 4943ff40c12SJohn Marino * sequence, this functions must return -1. 4953ff40c12SJohn Marino */ 4963ff40c12SJohn Marino int crypto_get_random(void *buf, size_t len); 4973ff40c12SJohn Marino 4983ff40c12SJohn Marino 4993ff40c12SJohn Marino /** 5003ff40c12SJohn Marino * struct crypto_bignum - bignum 5013ff40c12SJohn Marino * 5023ff40c12SJohn Marino * Internal data structure for bignum implementation. The contents is specific 5033ff40c12SJohn Marino * to the used crypto library. 5043ff40c12SJohn Marino */ 5053ff40c12SJohn Marino struct crypto_bignum; 5063ff40c12SJohn Marino 5073ff40c12SJohn Marino /** 5083ff40c12SJohn Marino * crypto_bignum_init - Allocate memory for bignum 5093ff40c12SJohn Marino * Returns: Pointer to allocated bignum or %NULL on failure 5103ff40c12SJohn Marino */ 5113ff40c12SJohn Marino struct crypto_bignum * crypto_bignum_init(void); 5123ff40c12SJohn Marino 5133ff40c12SJohn Marino /** 5143ff40c12SJohn Marino * crypto_bignum_init_set - Allocate memory for bignum and set the value 5153ff40c12SJohn Marino * @buf: Buffer with unsigned binary value 5163ff40c12SJohn Marino * @len: Length of buf in octets 5173ff40c12SJohn Marino * Returns: Pointer to allocated bignum or %NULL on failure 5183ff40c12SJohn Marino */ 5193ff40c12SJohn Marino struct crypto_bignum * crypto_bignum_init_set(const u8 *buf, size_t len); 5203ff40c12SJohn Marino 5213ff40c12SJohn Marino /** 5223ff40c12SJohn Marino * crypto_bignum_deinit - Free bignum 5233ff40c12SJohn Marino * @n: Bignum from crypto_bignum_init() or crypto_bignum_init_set() 5243ff40c12SJohn Marino * @clear: Whether to clear the value from memory 5253ff40c12SJohn Marino */ 5263ff40c12SJohn Marino void crypto_bignum_deinit(struct crypto_bignum *n, int clear); 5273ff40c12SJohn Marino 5283ff40c12SJohn Marino /** 5293ff40c12SJohn Marino * crypto_bignum_to_bin - Set binary buffer to unsigned bignum 5303ff40c12SJohn Marino * @a: Bignum 5313ff40c12SJohn Marino * @buf: Buffer for the binary number 5323ff40c12SJohn Marino * @len: Length of @buf in octets 5333ff40c12SJohn Marino * @padlen: Length in octets to pad the result to or 0 to indicate no padding 5343ff40c12SJohn Marino * Returns: Number of octets written on success, -1 on failure 5353ff40c12SJohn Marino */ 5363ff40c12SJohn Marino int crypto_bignum_to_bin(const struct crypto_bignum *a, 5373ff40c12SJohn Marino u8 *buf, size_t buflen, size_t padlen); 5383ff40c12SJohn Marino 5393ff40c12SJohn Marino /** 540*a1157835SDaniel Fojt * crypto_bignum_rand - Create a random number in range of modulus 541*a1157835SDaniel Fojt * @r: Bignum; set to a random value 542*a1157835SDaniel Fojt * @m: Bignum; modulus 543*a1157835SDaniel Fojt * Returns: 0 on success, -1 on failure 544*a1157835SDaniel Fojt */ 545*a1157835SDaniel Fojt int crypto_bignum_rand(struct crypto_bignum *r, const struct crypto_bignum *m); 546*a1157835SDaniel Fojt 547*a1157835SDaniel Fojt /** 5483ff40c12SJohn Marino * crypto_bignum_add - c = a + b 5493ff40c12SJohn Marino * @a: Bignum 5503ff40c12SJohn Marino * @b: Bignum 5513ff40c12SJohn Marino * @c: Bignum; used to store the result of a + b 5523ff40c12SJohn Marino * Returns: 0 on success, -1 on failure 5533ff40c12SJohn Marino */ 5543ff40c12SJohn Marino int crypto_bignum_add(const struct crypto_bignum *a, 5553ff40c12SJohn Marino const struct crypto_bignum *b, 5563ff40c12SJohn Marino struct crypto_bignum *c); 5573ff40c12SJohn Marino 5583ff40c12SJohn Marino /** 5593ff40c12SJohn Marino * crypto_bignum_mod - c = a % b 5603ff40c12SJohn Marino * @a: Bignum 5613ff40c12SJohn Marino * @b: Bignum 5623ff40c12SJohn Marino * @c: Bignum; used to store the result of a % b 5633ff40c12SJohn Marino * Returns: 0 on success, -1 on failure 5643ff40c12SJohn Marino */ 5653ff40c12SJohn Marino int crypto_bignum_mod(const struct crypto_bignum *a, 5663ff40c12SJohn Marino const struct crypto_bignum *b, 5673ff40c12SJohn Marino struct crypto_bignum *c); 5683ff40c12SJohn Marino 5693ff40c12SJohn Marino /** 5703ff40c12SJohn Marino * crypto_bignum_exptmod - Modular exponentiation: d = a^b (mod c) 5713ff40c12SJohn Marino * @a: Bignum; base 5723ff40c12SJohn Marino * @b: Bignum; exponent 5733ff40c12SJohn Marino * @c: Bignum; modulus 5743ff40c12SJohn Marino * @d: Bignum; used to store the result of a^b (mod c) 5753ff40c12SJohn Marino * Returns: 0 on success, -1 on failure 5763ff40c12SJohn Marino */ 5773ff40c12SJohn Marino int crypto_bignum_exptmod(const struct crypto_bignum *a, 5783ff40c12SJohn Marino const struct crypto_bignum *b, 5793ff40c12SJohn Marino const struct crypto_bignum *c, 5803ff40c12SJohn Marino struct crypto_bignum *d); 5813ff40c12SJohn Marino 5823ff40c12SJohn Marino /** 5833ff40c12SJohn Marino * crypto_bignum_inverse - Inverse a bignum so that a * c = 1 (mod b) 5843ff40c12SJohn Marino * @a: Bignum 5853ff40c12SJohn Marino * @b: Bignum 5863ff40c12SJohn Marino * @c: Bignum; used to store the result 5873ff40c12SJohn Marino * Returns: 0 on success, -1 on failure 5883ff40c12SJohn Marino */ 5893ff40c12SJohn Marino int crypto_bignum_inverse(const struct crypto_bignum *a, 5903ff40c12SJohn Marino const struct crypto_bignum *b, 5913ff40c12SJohn Marino struct crypto_bignum *c); 5923ff40c12SJohn Marino 5933ff40c12SJohn Marino /** 5943ff40c12SJohn Marino * crypto_bignum_sub - c = a - b 5953ff40c12SJohn Marino * @a: Bignum 5963ff40c12SJohn Marino * @b: Bignum 5973ff40c12SJohn Marino * @c: Bignum; used to store the result of a - b 5983ff40c12SJohn Marino * Returns: 0 on success, -1 on failure 5993ff40c12SJohn Marino */ 6003ff40c12SJohn Marino int crypto_bignum_sub(const struct crypto_bignum *a, 6013ff40c12SJohn Marino const struct crypto_bignum *b, 6023ff40c12SJohn Marino struct crypto_bignum *c); 6033ff40c12SJohn Marino 6043ff40c12SJohn Marino /** 6053ff40c12SJohn Marino * crypto_bignum_div - c = a / b 6063ff40c12SJohn Marino * @a: Bignum 6073ff40c12SJohn Marino * @b: Bignum 6083ff40c12SJohn Marino * @c: Bignum; used to store the result of a / b 6093ff40c12SJohn Marino * Returns: 0 on success, -1 on failure 6103ff40c12SJohn Marino */ 6113ff40c12SJohn Marino int crypto_bignum_div(const struct crypto_bignum *a, 6123ff40c12SJohn Marino const struct crypto_bignum *b, 6133ff40c12SJohn Marino struct crypto_bignum *c); 6143ff40c12SJohn Marino 6153ff40c12SJohn Marino /** 6163ff40c12SJohn Marino * crypto_bignum_mulmod - d = a * b (mod c) 6173ff40c12SJohn Marino * @a: Bignum 6183ff40c12SJohn Marino * @b: Bignum 6193ff40c12SJohn Marino * @c: Bignum 6203ff40c12SJohn Marino * @d: Bignum; used to store the result of (a * b) % c 6213ff40c12SJohn Marino * Returns: 0 on success, -1 on failure 6223ff40c12SJohn Marino */ 6233ff40c12SJohn Marino int crypto_bignum_mulmod(const struct crypto_bignum *a, 6243ff40c12SJohn Marino const struct crypto_bignum *b, 6253ff40c12SJohn Marino const struct crypto_bignum *c, 6263ff40c12SJohn Marino struct crypto_bignum *d); 6273ff40c12SJohn Marino 6283ff40c12SJohn Marino /** 629*a1157835SDaniel Fojt * crypto_bignum_rshift - r = a >> n 630*a1157835SDaniel Fojt * @a: Bignum 631*a1157835SDaniel Fojt * @n: Number of bits 632*a1157835SDaniel Fojt * @r: Bignum; used to store the result of a >> n 633*a1157835SDaniel Fojt * Returns: 0 on success, -1 on failure 634*a1157835SDaniel Fojt */ 635*a1157835SDaniel Fojt int crypto_bignum_rshift(const struct crypto_bignum *a, int n, 636*a1157835SDaniel Fojt struct crypto_bignum *r); 637*a1157835SDaniel Fojt 638*a1157835SDaniel Fojt /** 6393ff40c12SJohn Marino * crypto_bignum_cmp - Compare two bignums 6403ff40c12SJohn Marino * @a: Bignum 6413ff40c12SJohn Marino * @b: Bignum 6423ff40c12SJohn Marino * Returns: -1 if a < b, 0 if a == b, or 1 if a > b 6433ff40c12SJohn Marino */ 6443ff40c12SJohn Marino int crypto_bignum_cmp(const struct crypto_bignum *a, 6453ff40c12SJohn Marino const struct crypto_bignum *b); 6463ff40c12SJohn Marino 6473ff40c12SJohn Marino /** 6483ff40c12SJohn Marino * crypto_bignum_is_zero - Is the given bignum zero 6493ff40c12SJohn Marino * @a: Bignum 6503ff40c12SJohn Marino * Returns: 1 if @a is zero or 0 if not 6513ff40c12SJohn Marino */ 6523ff40c12SJohn Marino int crypto_bignum_is_zero(const struct crypto_bignum *a); 6533ff40c12SJohn Marino 6543ff40c12SJohn Marino /** 6553ff40c12SJohn Marino * crypto_bignum_is_one - Is the given bignum one 6563ff40c12SJohn Marino * @a: Bignum 6573ff40c12SJohn Marino * Returns: 1 if @a is one or 0 if not 6583ff40c12SJohn Marino */ 6593ff40c12SJohn Marino int crypto_bignum_is_one(const struct crypto_bignum *a); 6603ff40c12SJohn Marino 6613ff40c12SJohn Marino /** 662*a1157835SDaniel Fojt * crypto_bignum_is_odd - Is the given bignum odd 663*a1157835SDaniel Fojt * @a: Bignum 664*a1157835SDaniel Fojt * Returns: 1 if @a is odd or 0 if not 665*a1157835SDaniel Fojt */ 666*a1157835SDaniel Fojt int crypto_bignum_is_odd(const struct crypto_bignum *a); 667*a1157835SDaniel Fojt 668*a1157835SDaniel Fojt /** 669*a1157835SDaniel Fojt * crypto_bignum_legendre - Compute the Legendre symbol (a/p) 670*a1157835SDaniel Fojt * @a: Bignum 671*a1157835SDaniel Fojt * @p: Bignum 672*a1157835SDaniel Fojt * Returns: Legendre symbol -1,0,1 on success; -2 on calculation failure 673*a1157835SDaniel Fojt */ 674*a1157835SDaniel Fojt int crypto_bignum_legendre(const struct crypto_bignum *a, 675*a1157835SDaniel Fojt const struct crypto_bignum *p); 676*a1157835SDaniel Fojt 677*a1157835SDaniel Fojt /** 6783ff40c12SJohn Marino * struct crypto_ec - Elliptic curve context 6793ff40c12SJohn Marino * 6803ff40c12SJohn Marino * Internal data structure for EC implementation. The contents is specific 6813ff40c12SJohn Marino * to the used crypto library. 6823ff40c12SJohn Marino */ 6833ff40c12SJohn Marino struct crypto_ec; 6843ff40c12SJohn Marino 6853ff40c12SJohn Marino /** 6863ff40c12SJohn Marino * crypto_ec_init - Initialize elliptic curve context 6873ff40c12SJohn Marino * @group: Identifying number for the ECC group (IANA "Group Description" 6883ff40c12SJohn Marino * attribute registrty for RFC 2409) 6893ff40c12SJohn Marino * Returns: Pointer to EC context or %NULL on failure 6903ff40c12SJohn Marino */ 6913ff40c12SJohn Marino struct crypto_ec * crypto_ec_init(int group); 6923ff40c12SJohn Marino 6933ff40c12SJohn Marino /** 6943ff40c12SJohn Marino * crypto_ec_deinit - Deinitialize elliptic curve context 6953ff40c12SJohn Marino * @e: EC context from crypto_ec_init() 6963ff40c12SJohn Marino */ 6973ff40c12SJohn Marino void crypto_ec_deinit(struct crypto_ec *e); 6983ff40c12SJohn Marino 6993ff40c12SJohn Marino /** 7003ff40c12SJohn Marino * crypto_ec_prime_len - Get length of the prime in octets 7013ff40c12SJohn Marino * @e: EC context from crypto_ec_init() 7023ff40c12SJohn Marino * Returns: Length of the prime defining the group 7033ff40c12SJohn Marino */ 7043ff40c12SJohn Marino size_t crypto_ec_prime_len(struct crypto_ec *e); 7053ff40c12SJohn Marino 7063ff40c12SJohn Marino /** 7073ff40c12SJohn Marino * crypto_ec_prime_len_bits - Get length of the prime in bits 7083ff40c12SJohn Marino * @e: EC context from crypto_ec_init() 7093ff40c12SJohn Marino * Returns: Length of the prime defining the group in bits 7103ff40c12SJohn Marino */ 7113ff40c12SJohn Marino size_t crypto_ec_prime_len_bits(struct crypto_ec *e); 7123ff40c12SJohn Marino 7133ff40c12SJohn Marino /** 714*a1157835SDaniel Fojt * crypto_ec_order_len - Get length of the order in octets 715*a1157835SDaniel Fojt * @e: EC context from crypto_ec_init() 716*a1157835SDaniel Fojt * Returns: Length of the order defining the group 717*a1157835SDaniel Fojt */ 718*a1157835SDaniel Fojt size_t crypto_ec_order_len(struct crypto_ec *e); 719*a1157835SDaniel Fojt 720*a1157835SDaniel Fojt /** 7213ff40c12SJohn Marino * crypto_ec_get_prime - Get prime defining an EC group 7223ff40c12SJohn Marino * @e: EC context from crypto_ec_init() 7233ff40c12SJohn Marino * Returns: Prime (bignum) defining the group 7243ff40c12SJohn Marino */ 7253ff40c12SJohn Marino const struct crypto_bignum * crypto_ec_get_prime(struct crypto_ec *e); 7263ff40c12SJohn Marino 7273ff40c12SJohn Marino /** 7283ff40c12SJohn Marino * crypto_ec_get_order - Get order of an EC group 7293ff40c12SJohn Marino * @e: EC context from crypto_ec_init() 7303ff40c12SJohn Marino * Returns: Order (bignum) of the group 7313ff40c12SJohn Marino */ 7323ff40c12SJohn Marino const struct crypto_bignum * crypto_ec_get_order(struct crypto_ec *e); 7333ff40c12SJohn Marino 7343ff40c12SJohn Marino /** 7353ff40c12SJohn Marino * struct crypto_ec_point - Elliptic curve point 7363ff40c12SJohn Marino * 7373ff40c12SJohn Marino * Internal data structure for EC implementation to represent a point. The 7383ff40c12SJohn Marino * contents is specific to the used crypto library. 7393ff40c12SJohn Marino */ 7403ff40c12SJohn Marino struct crypto_ec_point; 7413ff40c12SJohn Marino 7423ff40c12SJohn Marino /** 7433ff40c12SJohn Marino * crypto_ec_point_init - Initialize data for an EC point 7443ff40c12SJohn Marino * @e: EC context from crypto_ec_init() 7453ff40c12SJohn Marino * Returns: Pointer to EC point data or %NULL on failure 7463ff40c12SJohn Marino */ 7473ff40c12SJohn Marino struct crypto_ec_point * crypto_ec_point_init(struct crypto_ec *e); 7483ff40c12SJohn Marino 7493ff40c12SJohn Marino /** 7503ff40c12SJohn Marino * crypto_ec_point_deinit - Deinitialize EC point data 7513ff40c12SJohn Marino * @p: EC point data from crypto_ec_point_init() 7523ff40c12SJohn Marino * @clear: Whether to clear the EC point value from memory 7533ff40c12SJohn Marino */ 7543ff40c12SJohn Marino void crypto_ec_point_deinit(struct crypto_ec_point *p, int clear); 7553ff40c12SJohn Marino 7563ff40c12SJohn Marino /** 757*a1157835SDaniel Fojt * crypto_ec_point_x - Copies the x-ordinate point into big number 758*a1157835SDaniel Fojt * @e: EC context from crypto_ec_init() 759*a1157835SDaniel Fojt * @p: EC point data 760*a1157835SDaniel Fojt * @x: Big number to set to the copy of x-ordinate 761*a1157835SDaniel Fojt * Returns: 0 on success, -1 on failure 762*a1157835SDaniel Fojt */ 763*a1157835SDaniel Fojt int crypto_ec_point_x(struct crypto_ec *e, const struct crypto_ec_point *p, 764*a1157835SDaniel Fojt struct crypto_bignum *x); 765*a1157835SDaniel Fojt 766*a1157835SDaniel Fojt /** 7673ff40c12SJohn Marino * crypto_ec_point_to_bin - Write EC point value as binary data 7683ff40c12SJohn Marino * @e: EC context from crypto_ec_init() 7693ff40c12SJohn Marino * @p: EC point data from crypto_ec_point_init() 7703ff40c12SJohn Marino * @x: Buffer for writing the binary data for x coordinate or %NULL if not used 7713ff40c12SJohn Marino * @y: Buffer for writing the binary data for y coordinate or %NULL if not used 7723ff40c12SJohn Marino * Returns: 0 on success, -1 on failure 7733ff40c12SJohn Marino * 7743ff40c12SJohn Marino * This function can be used to write an EC point as binary data in a format 7753ff40c12SJohn Marino * that has the x and y coordinates in big endian byte order fields padded to 7763ff40c12SJohn Marino * the length of the prime defining the group. 7773ff40c12SJohn Marino */ 7783ff40c12SJohn Marino int crypto_ec_point_to_bin(struct crypto_ec *e, 7793ff40c12SJohn Marino const struct crypto_ec_point *point, u8 *x, u8 *y); 7803ff40c12SJohn Marino 7813ff40c12SJohn Marino /** 7823ff40c12SJohn Marino * crypto_ec_point_from_bin - Create EC point from binary data 7833ff40c12SJohn Marino * @e: EC context from crypto_ec_init() 7843ff40c12SJohn Marino * @val: Binary data to read the EC point from 7853ff40c12SJohn Marino * Returns: Pointer to EC point data or %NULL on failure 7863ff40c12SJohn Marino * 7873ff40c12SJohn Marino * This function readers x and y coordinates of the EC point from the provided 7883ff40c12SJohn Marino * buffer assuming the values are in big endian byte order with fields padded to 7893ff40c12SJohn Marino * the length of the prime defining the group. 7903ff40c12SJohn Marino */ 7913ff40c12SJohn Marino struct crypto_ec_point * crypto_ec_point_from_bin(struct crypto_ec *e, 7923ff40c12SJohn Marino const u8 *val); 7933ff40c12SJohn Marino 7943ff40c12SJohn Marino /** 795*a1157835SDaniel Fojt * crypto_ec_point_add - c = a + b 7963ff40c12SJohn Marino * @e: EC context from crypto_ec_init() 7973ff40c12SJohn Marino * @a: Bignum 7983ff40c12SJohn Marino * @b: Bignum 7993ff40c12SJohn Marino * @c: Bignum; used to store the result of a + b 8003ff40c12SJohn Marino * Returns: 0 on success, -1 on failure 8013ff40c12SJohn Marino */ 8023ff40c12SJohn Marino int crypto_ec_point_add(struct crypto_ec *e, const struct crypto_ec_point *a, 8033ff40c12SJohn Marino const struct crypto_ec_point *b, 8043ff40c12SJohn Marino struct crypto_ec_point *c); 8053ff40c12SJohn Marino 8063ff40c12SJohn Marino /** 807*a1157835SDaniel Fojt * crypto_ec_point_mul - res = b * p 8083ff40c12SJohn Marino * @e: EC context from crypto_ec_init() 8093ff40c12SJohn Marino * @p: EC point 8103ff40c12SJohn Marino * @b: Bignum 8113ff40c12SJohn Marino * @res: EC point; used to store the result of b * p 8123ff40c12SJohn Marino * Returns: 0 on success, -1 on failure 8133ff40c12SJohn Marino */ 8143ff40c12SJohn Marino int crypto_ec_point_mul(struct crypto_ec *e, const struct crypto_ec_point *p, 8153ff40c12SJohn Marino const struct crypto_bignum *b, 8163ff40c12SJohn Marino struct crypto_ec_point *res); 8173ff40c12SJohn Marino 8183ff40c12SJohn Marino /** 8193ff40c12SJohn Marino * crypto_ec_point_invert - Compute inverse of an EC point 8203ff40c12SJohn Marino * @e: EC context from crypto_ec_init() 8213ff40c12SJohn Marino * @p: EC point to invert (and result of the operation) 8223ff40c12SJohn Marino * Returns: 0 on success, -1 on failure 8233ff40c12SJohn Marino */ 8243ff40c12SJohn Marino int crypto_ec_point_invert(struct crypto_ec *e, struct crypto_ec_point *p); 8253ff40c12SJohn Marino 8263ff40c12SJohn Marino /** 8273ff40c12SJohn Marino * crypto_ec_point_solve_y_coord - Solve y coordinate for an x coordinate 8283ff40c12SJohn Marino * @e: EC context from crypto_ec_init() 8293ff40c12SJohn Marino * @p: EC point to use for the returning the result 8303ff40c12SJohn Marino * @x: x coordinate 8313ff40c12SJohn Marino * @y_bit: y-bit (0 or 1) for selecting the y value to use 8323ff40c12SJohn Marino * Returns: 0 on success, -1 on failure 8333ff40c12SJohn Marino */ 8343ff40c12SJohn Marino int crypto_ec_point_solve_y_coord(struct crypto_ec *e, 8353ff40c12SJohn Marino struct crypto_ec_point *p, 8363ff40c12SJohn Marino const struct crypto_bignum *x, int y_bit); 8373ff40c12SJohn Marino 8383ff40c12SJohn Marino /** 839*a1157835SDaniel Fojt * crypto_ec_point_compute_y_sqr - Compute y^2 = x^3 + ax + b 840*a1157835SDaniel Fojt * @e: EC context from crypto_ec_init() 841*a1157835SDaniel Fojt * @x: x coordinate 842*a1157835SDaniel Fojt * Returns: y^2 on success, %NULL failure 843*a1157835SDaniel Fojt */ 844*a1157835SDaniel Fojt struct crypto_bignum * 845*a1157835SDaniel Fojt crypto_ec_point_compute_y_sqr(struct crypto_ec *e, 846*a1157835SDaniel Fojt const struct crypto_bignum *x); 847*a1157835SDaniel Fojt 848*a1157835SDaniel Fojt /** 8493ff40c12SJohn Marino * crypto_ec_point_is_at_infinity - Check whether EC point is neutral element 8503ff40c12SJohn Marino * @e: EC context from crypto_ec_init() 8513ff40c12SJohn Marino * @p: EC point 8523ff40c12SJohn Marino * Returns: 1 if the specified EC point is the neutral element of the group or 8533ff40c12SJohn Marino * 0 if not 8543ff40c12SJohn Marino */ 8553ff40c12SJohn Marino int crypto_ec_point_is_at_infinity(struct crypto_ec *e, 8563ff40c12SJohn Marino const struct crypto_ec_point *p); 8573ff40c12SJohn Marino 8583ff40c12SJohn Marino /** 8593ff40c12SJohn Marino * crypto_ec_point_is_on_curve - Check whether EC point is on curve 8603ff40c12SJohn Marino * @e: EC context from crypto_ec_init() 8613ff40c12SJohn Marino * @p: EC point 8623ff40c12SJohn Marino * Returns: 1 if the specified EC point is on the curve or 0 if not 8633ff40c12SJohn Marino */ 8643ff40c12SJohn Marino int crypto_ec_point_is_on_curve(struct crypto_ec *e, 8653ff40c12SJohn Marino const struct crypto_ec_point *p); 8663ff40c12SJohn Marino 867*a1157835SDaniel Fojt /** 868*a1157835SDaniel Fojt * crypto_ec_point_cmp - Compare two EC points 869*a1157835SDaniel Fojt * @e: EC context from crypto_ec_init() 870*a1157835SDaniel Fojt * @a: EC point 871*a1157835SDaniel Fojt * @b: EC point 872*a1157835SDaniel Fojt * Returns: 0 on equal, non-zero otherwise 873*a1157835SDaniel Fojt */ 874*a1157835SDaniel Fojt int crypto_ec_point_cmp(const struct crypto_ec *e, 875*a1157835SDaniel Fojt const struct crypto_ec_point *a, 876*a1157835SDaniel Fojt const struct crypto_ec_point *b); 877*a1157835SDaniel Fojt 878*a1157835SDaniel Fojt struct crypto_ecdh; 879*a1157835SDaniel Fojt 880*a1157835SDaniel Fojt struct crypto_ecdh * crypto_ecdh_init(int group); 881*a1157835SDaniel Fojt struct wpabuf * crypto_ecdh_get_pubkey(struct crypto_ecdh *ecdh, int inc_y); 882*a1157835SDaniel Fojt struct wpabuf * crypto_ecdh_set_peerkey(struct crypto_ecdh *ecdh, int inc_y, 883*a1157835SDaniel Fojt const u8 *key, size_t len); 884*a1157835SDaniel Fojt void crypto_ecdh_deinit(struct crypto_ecdh *ecdh); 885*a1157835SDaniel Fojt 8866d49e1aeSJan Lentfer #endif /* CRYPTO_H */ 887