contrib/wpa_supplicant-0.5.8/crypto.c

   1 /*
   2  * WPA Supplicant / wrapper functions for libcrypto
   3  * Copyright (c) 2004-2005, Jouni Malinen <j@w1.fi>
   4  *
   5  * This program is free software; you can redistribute it and/or modify
   6  * it under the terms of the GNU General Public License version 2 as
   7  * published by the Free Software Foundation.
   8  *
   9  * Alternatively, this software may be distributed under the terms of BSD
  10  * license.
  11  *
  12  * See README and COPYING for more details.
  13  */
  14
  15 #include "includes.h"
  16 #include <openssl/opensslv.h>
  17 #include <openssl/md4.h>
  18 #include <openssl/md5.h>
  19 #include <openssl/sha.h>
  20 #include <openssl/des.h>
  21 #include <openssl/aes.h>
  22
  23 #include "common.h"
  24 #include "crypto.h"
  25
  26 #if OPENSSL_VERSION_NUMBER < 0x00907000
  27 #define DES_key_schedule des_key_schedule
  28 #define DES_cblock des_cblock
  29 #define DES_set_key(key, schedule) des_set_key((key), *(schedule))
  30 #define DES_ecb_encrypt(input, output, ks, enc) \
  31         des_ecb_encrypt((input), (output), *(ks), (enc))
  32 #endif /* openssl < 0.9.7 */
  33
  34
  35 void md4_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac)
  36 {
  37         MD4_CTX ctx;
  38         size_t i;
  39
  40         MD4_Init(&ctx);
  41         for (i = 0; i < num_elem; i++)
  42                 MD4_Update(&ctx, addr[i], len[i]);
  43         MD4_Final(mac, &ctx);
  44 }
  45
  46
  47 void des_encrypt(const u8 *clear, const u8 *key, u8 *cypher)
  48 {
  49         u8 pkey[8], next, tmp;
  50         int i;
  51         DES_key_schedule ks;
  52
  53         /* Add parity bits to the key */
  54         next = 0;
  55         for (i = 0; i < 7; i++) {
  56                 tmp = key[i];
  57                 pkey[i] = (tmp >> i) | next | 1;
  58                 next = tmp << (7 - i);
  59         }
  60         pkey[i] = next | 1;
  61
  62         DES_set_key(&pkey, &ks);
  63         DES_ecb_encrypt((DES_cblock *) clear, (DES_cblock *) cypher, &ks,
  64                         DES_ENCRYPT);
  65 }
  66
  67
  68 #ifdef EAP_TLS_FUNCS
  69 void md5_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac)
  70 {
  71         MD5_CTX ctx;
  72         size_t i;
  73
  74         MD5_Init(&ctx);
  75         for (i = 0; i < num_elem; i++)
  76                 MD5_Update(&ctx, addr[i], len[i]);
  77         MD5_Final(mac, &ctx);
  78 }
  79
  80
  81 void sha1_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac)
  82 {
  83         SHA_CTX ctx;
  84         size_t i;
  85
  86         SHA1_Init(&ctx);
  87         for (i = 0; i < num_elem; i++)
  88                 SHA1_Update(&ctx, addr[i], len[i]);
  89         SHA1_Final(mac, &ctx);
  90 }
  91
  92
  93 static void sha1_transform(u8 *state, const u8 data[64])
  94 {
  95         SHA_CTX context;
  96         os_memset(&context, 0, sizeof(context));
  97         os_memcpy(&context.h0, state, 5 * 4);
  98         SHA1_Transform(&context, data);
  99         os_memcpy(state, &context.h0, 5 * 4);
 100 }
 101
 102
 103 int fips186_2_prf(const u8 *seed, size_t seed_len, u8 *x, size_t xlen)
 104 {
 105         u8 xkey[64];
 106         u32 t[5], _t[5];
 107         int i, j, m, k;
 108         u8 *xpos = x;
 109         u32 carry;
 110
 111         if (seed_len > sizeof(xkey))
 112                 seed_len = sizeof(xkey);
 113
 114         /* FIPS 186-2 + change notice 1 */
 115
 116         os_memcpy(xkey, seed, seed_len);
 117         os_memset(xkey + seed_len, 0, 64 - seed_len);
 118         t[0] = 0x67452301;
 119         t[1] = 0xEFCDAB89;
 120         t[2] = 0x98BADCFE;
 121         t[3] = 0x10325476;
 122         t[4] = 0xC3D2E1F0;
 123
 124         m = xlen / 40;
 125         for (j = 0; j < m; j++) {
 126                 /* XSEED_j = 0 */
 127                 for (i = 0; i < 2; i++) {
 128                         /* XVAL = (XKEY + XSEED_j) mod 2^b */
 129
 130                         /* w_i = G(t, XVAL) */
 131                         os_memcpy(_t, t, 20);
 132                         sha1_transform((u8 *) _t, xkey);
 133                         _t[0] = host_to_be32(_t[0]);
 134                         _t[1] = host_to_be32(_t[1]);
 135                         _t[2] = host_to_be32(_t[2]);
 136                         _t[3] = host_to_be32(_t[3]);
 137                         _t[4] = host_to_be32(_t[4]);
 138                         os_memcpy(xpos, _t, 20);
 139
 140                         /* XKEY = (1 + XKEY + w_i) mod 2^b */
 141                         carry = 1;
 142                         for (k = 19; k >= 0; k--) {
 143                                 carry += xkey[k] + xpos[k];
 144                                 xkey[k] = carry & 0xff;
 145                                 carry >>= 8;
 146                         }
 147
 148                         xpos += 20;
 149                 }
 150                 /* x_j = w_0|w_1 */
 151         }
 152
 153         return 0;
 154 }
 155
 156
 157 void * aes_encrypt_init(const u8 *key, size_t len)
 158 {
 159         AES_KEY *ak;
 160         ak = os_malloc(sizeof(*ak));
 161         if (ak == NULL)
 162                 return NULL;
 163         if (AES_set_encrypt_key(key, 8 * len, ak) < 0) {
 164                 os_free(ak);
 165                 return NULL;
 166         }
 167         return ak;
 168 }
 169
 170
 171 void aes_encrypt(void *ctx, const u8 *plain, u8 *crypt)
 172 {
 173         AES_encrypt(plain, crypt, ctx);
 174 }
 175
 176
 177 void aes_encrypt_deinit(void *ctx)
 178 {
 179         os_free(ctx);
 180 }
 181
 182
 183 void * aes_decrypt_init(const u8 *key, size_t len)
 184 {
 185         AES_KEY *ak;
 186         ak = os_malloc(sizeof(*ak));
 187         if (ak == NULL)
 188                 return NULL;
 189         if (AES_set_decrypt_key(key, 8 * len, ak) < 0) {
 190                 os_free(ak);
 191                 return NULL;
 192         }
 193         return ak;
 194 }
 195
 196
 197 void aes_decrypt(void *ctx, const u8 *crypt, u8 *plain)
 198 {
 199         AES_decrypt(crypt, plain, ctx);
 200 }
 201
 202
 203 void aes_decrypt_deinit(void *ctx)
 204 {
 205         os_free(ctx);
 206 }
 207 #endif /* EAP_TLS_FUNCS */