1 /* 2 * WPA Supplicant / wrapper functions for libcrypto 3 * Copyright (c) 2004-2005, Jouni Malinen <j@w1.fi> 4 * 5 * This program is free software; you can redistribute it and/or modify 6 * it under the terms of the GNU General Public License version 2 as 7 * published by the Free Software Foundation. 8 * 9 * Alternatively, this software may be distributed under the terms of BSD 10 * license. 11 * 12 * See README and COPYING for more details. 13 */ 14 15 #include "includes.h" 16 #include <openssl/opensslv.h> 17 #include <openssl/md4.h> 18 #include <openssl/md5.h> 19 #include <openssl/sha.h> 20 #include <openssl/des.h> 21 #include <openssl/aes.h> 22 #include <openssl/bn.h> 23 #include <openssl/evp.h> 24 25 #include "common.h" 26 #include "crypto.h" 27 28 #if OPENSSL_VERSION_NUMBER < 0x00907000 29 #define DES_key_schedule des_key_schedule 30 #define DES_cblock des_cblock 31 #define DES_set_key(key, schedule) des_set_key((key), *(schedule)) 32 #define DES_ecb_encrypt(input, output, ks, enc) \ 33 des_ecb_encrypt((input), (output), *(ks), (enc)) 34 #endif /* openssl < 0.9.7 */ 35 36 37 void md4_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac) 38 { 39 MD4_CTX ctx; 40 size_t i; 41 42 MD4_Init(&ctx); 43 for (i = 0; i < num_elem; i++) 44 MD4_Update(&ctx, addr[i], len[i]); 45 MD4_Final(mac, &ctx); 46 } 47 48 49 void des_encrypt(const u8 *clear, const u8 *key, u8 *cypher) 50 { 51 u8 pkey[8], next, tmp; 52 int i; 53 DES_key_schedule ks; 54 55 /* Add parity bits to the key */ 56 next = 0; 57 for (i = 0; i < 7; i++) { 58 tmp = key[i]; 59 pkey[i] = (tmp >> i) | next | 1; 60 next = tmp << (7 - i); 61 } 62 pkey[i] = next | 1; 63 64 DES_set_key(&pkey, &ks); 65 DES_ecb_encrypt((DES_cblock *) clear, (DES_cblock *) cypher, &ks, 66 DES_ENCRYPT); 67 } 68 69 70 void md5_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac) 71 { 72 MD5_CTX ctx; 73 size_t i; 74 75 MD5_Init(&ctx); 76 for (i = 0; i < num_elem; i++) 77 MD5_Update(&ctx, addr[i], len[i]); 78 MD5_Final(mac, &ctx); 79 } 80 81 82 void sha1_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac) 83 { 84 SHA_CTX ctx; 85 size_t i; 86 87 SHA1_Init(&ctx); 88 for (i = 0; i < num_elem; i++) 89 SHA1_Update(&ctx, addr[i], len[i]); 90 SHA1_Final(mac, &ctx); 91 } 92 93 94 #ifndef CONFIG_NO_FIPS186_2_PRF 95 static void sha1_transform(u8 *state, const u8 data[64]) 96 { 97 SHA_CTX context; 98 os_memset(&context, 0, sizeof(context)); 99 os_memcpy(&context.h0, state, 5 * 4); 100 SHA1_Transform(&context, data); 101 os_memcpy(state, &context.h0, 5 * 4); 102 } 103 104 105 int fips186_2_prf(const u8 *seed, size_t seed_len, u8 *x, size_t xlen) 106 { 107 u8 xkey[64]; 108 u32 t[5], _t[5]; 109 int i, j, m, k; 110 u8 *xpos = x; 111 u32 carry; 112 113 if (seed_len > sizeof(xkey)) 114 seed_len = sizeof(xkey); 115 116 /* FIPS 186-2 + change notice 1 */ 117 118 os_memcpy(xkey, seed, seed_len); 119 os_memset(xkey + seed_len, 0, 64 - seed_len); 120 t[0] = 0x67452301; 121 t[1] = 0xEFCDAB89; 122 t[2] = 0x98BADCFE; 123 t[3] = 0x10325476; 124 t[4] = 0xC3D2E1F0; 125 126 m = xlen / 40; 127 for (j = 0; j < m; j++) { 128 /* XSEED_j = 0 */ 129 for (i = 0; i < 2; i++) { 130 /* XVAL = (XKEY + XSEED_j) mod 2^b */ 131 132 /* w_i = G(t, XVAL) */ 133 os_memcpy(_t, t, 20); 134 sha1_transform((u8 *) _t, xkey); 135 _t[0] = host_to_be32(_t[0]); 136 _t[1] = host_to_be32(_t[1]); 137 _t[2] = host_to_be32(_t[2]); 138 _t[3] = host_to_be32(_t[3]); 139 _t[4] = host_to_be32(_t[4]); 140 os_memcpy(xpos, _t, 20); 141 142 /* XKEY = (1 + XKEY + w_i) mod 2^b */ 143 carry = 1; 144 for (k = 19; k >= 0; k--) { 145 carry += xkey[k] + xpos[k]; 146 xkey[k] = carry & 0xff; 147 carry >>= 8; 148 } 149 150 xpos += 20; 151 } 152 /* x_j = w_0|w_1 */ 153 } 154 155 return 0; 156 } 157 #endif /* CONFIG_NO_FIPS186_2_PRF */ 158 159 160 void * aes_encrypt_init(const u8 *key, size_t len) 161 { 162 AES_KEY *ak; 163 ak = os_malloc(sizeof(*ak)); 164 if (ak == NULL) 165 return NULL; 166 if (AES_set_encrypt_key(key, 8 * len, ak) < 0) { 167 os_free(ak); 168 return NULL; 169 } 170 return ak; 171 } 172 173 174 void aes_encrypt(void *ctx, const u8 *plain, u8 *crypt) 175 { 176 AES_encrypt(plain, crypt, ctx); 177 } 178 179 180 void aes_encrypt_deinit(void *ctx) 181 { 182 os_free(ctx); 183 } 184 185 186 void * aes_decrypt_init(const u8 *key, size_t len) 187 { 188 AES_KEY *ak; 189 ak = os_malloc(sizeof(*ak)); 190 if (ak == NULL) 191 return NULL; 192 if (AES_set_decrypt_key(key, 8 * len, ak) < 0) { 193 os_free(ak); 194 return NULL; 195 } 196 return ak; 197 } 198 199 200 void aes_decrypt(void *ctx, const u8 *crypt, u8 *plain) 201 { 202 AES_decrypt(crypt, plain, ctx); 203 } 204 205 206 void aes_decrypt_deinit(void *ctx) 207 { 208 os_free(ctx); 209 } 210 211 212 int crypto_mod_exp(const u8 *base, size_t base_len, 213 const u8 *power, size_t power_len, 214 const u8 *modulus, size_t modulus_len, 215 u8 *result, size_t *result_len) 216 { 217 BIGNUM *bn_base, *bn_exp, *bn_modulus, *bn_result; 218 int ret = -1; 219 BN_CTX *ctx; 220 221 ctx = BN_CTX_new(); 222 if (ctx == NULL) 223 return -1; 224 225 bn_base = BN_bin2bn(base, base_len, NULL); 226 bn_exp = BN_bin2bn(power, power_len, NULL); 227 bn_modulus = BN_bin2bn(modulus, modulus_len, NULL); 228 bn_result = BN_new(); 229 230 if (bn_base == NULL || bn_exp == NULL || bn_modulus == NULL || 231 bn_result == NULL) 232 goto error; 233 234 if (BN_mod_exp(bn_result, bn_base, bn_exp, bn_modulus, ctx) != 1) 235 goto error; 236 237 *result_len = BN_bn2bin(bn_result, result); 238 ret = 0; 239 240 error: 241 BN_free(bn_base); 242 BN_free(bn_exp); 243 BN_free(bn_modulus); 244 BN_free(bn_result); 245 BN_CTX_free(ctx); 246 return ret; 247 } 248 249 250 struct crypto_cipher { 251 EVP_CIPHER_CTX enc; 252 EVP_CIPHER_CTX dec; 253 }; 254 255 256 struct crypto_cipher * crypto_cipher_init(enum crypto_cipher_alg alg, 257 const u8 *iv, const u8 *key, 258 size_t key_len) 259 { 260 struct crypto_cipher *ctx; 261 const EVP_CIPHER *cipher; 262 263 ctx = os_zalloc(sizeof(*ctx)); 264 if (ctx == NULL) 265 return NULL; 266 267 switch (alg) { 268 #ifndef OPENSSL_NO_RC4 269 case CRYPTO_CIPHER_ALG_RC4: 270 cipher = EVP_rc4(); 271 break; 272 #endif /* OPENSSL_NO_RC4 */ 273 #ifndef OPENSSL_NO_AES 274 case CRYPTO_CIPHER_ALG_AES: 275 switch (key_len) { 276 case 16: 277 cipher = EVP_aes_128_cbc(); 278 break; 279 case 24: 280 cipher = EVP_aes_192_cbc(); 281 break; 282 case 32: 283 cipher = EVP_aes_256_cbc(); 284 break; 285 default: 286 os_free(ctx); 287 return NULL; 288 } 289 break; 290 #endif /* OPENSSL_NO_AES */ 291 #ifndef OPENSSL_NO_DES 292 case CRYPTO_CIPHER_ALG_3DES: 293 cipher = EVP_des_ede3_cbc(); 294 break; 295 case CRYPTO_CIPHER_ALG_DES: 296 cipher = EVP_des_cbc(); 297 break; 298 #endif /* OPENSSL_NO_DES */ 299 #ifndef OPENSSL_NO_RC2 300 case CRYPTO_CIPHER_ALG_RC2: 301 cipher = EVP_rc2_ecb(); 302 break; 303 #endif /* OPENSSL_NO_RC2 */ 304 default: 305 os_free(ctx); 306 return NULL; 307 } 308 309 EVP_CIPHER_CTX_init(&ctx->enc); 310 EVP_CIPHER_CTX_set_padding(&ctx->enc, 0); 311 if (!EVP_EncryptInit_ex(&ctx->enc, cipher, NULL, NULL, NULL) || 312 !EVP_CIPHER_CTX_set_key_length(&ctx->enc, key_len) || 313 !EVP_EncryptInit_ex(&ctx->enc, cipher, NULL, key, iv)) { 314 EVP_CIPHER_CTX_cleanup(&ctx->enc); 315 os_free(ctx); 316 return NULL; 317 } 318 319 EVP_CIPHER_CTX_init(&ctx->dec); 320 EVP_CIPHER_CTX_set_padding(&ctx->dec, 0); 321 if (!EVP_DecryptInit_ex(&ctx->dec, cipher, NULL, NULL, NULL) || 322 !EVP_CIPHER_CTX_set_key_length(&ctx->dec, key_len) || 323 !EVP_DecryptInit_ex(&ctx->dec, cipher, NULL, key, iv)) { 324 EVP_CIPHER_CTX_cleanup(&ctx->enc); 325 EVP_CIPHER_CTX_cleanup(&ctx->dec); 326 os_free(ctx); 327 return NULL; 328 } 329 330 return ctx; 331 } 332 333 334 int crypto_cipher_encrypt(struct crypto_cipher *ctx, const u8 *plain, 335 u8 *crypt, size_t len) 336 { 337 int outl; 338 if (!EVP_EncryptUpdate(&ctx->enc, crypt, &outl, plain, len)) 339 return -1; 340 return 0; 341 } 342 343 344 int crypto_cipher_decrypt(struct crypto_cipher *ctx, const u8 *crypt, 345 u8 *plain, size_t len) 346 { 347 int outl; 348 outl = len; 349 if (!EVP_DecryptUpdate(&ctx->dec, plain, &outl, crypt, len)) 350 return -1; 351 return 0; 352 } 353 354 355 void crypto_cipher_deinit(struct crypto_cipher *ctx) 356 { 357 EVP_CIPHER_CTX_cleanup(&ctx->enc); 358 EVP_CIPHER_CTX_cleanup(&ctx->dec); 359 os_free(ctx); 360 } 361