1 /* 2 * Wrapper functions for crypto libraries 3 * Copyright (c) 2004-2017, Jouni Malinen <j@w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 * 8 * This file defines the cryptographic functions that need to be implemented 9 * for wpa_supplicant and hostapd. When TLS is not used, internal 10 * implementation of MD5, SHA1, and AES is used and no external libraries are 11 * required. When TLS is enabled (e.g., by enabling EAP-TLS or EAP-PEAP), the 12 * crypto library used by the TLS implementation is expected to be used for 13 * non-TLS needs, too, in order to save space by not implementing these 14 * functions twice. 15 * 16 * Wrapper code for using each crypto library is in its own file (crypto*.c) 17 * and one of these files is build and linked in to provide the functions 18 * defined here. 19 */ 20 21 #ifndef CRYPTO_H 22 #define CRYPTO_H 23 24 #define HMAC_VECTOR_MAX_ELEM 11 25 26 /** 27 * md4_vector - MD4 hash for data vector 28 * @num_elem: Number of elements in the data vector 29 * @addr: Pointers to the data areas 30 * @len: Lengths of the data blocks 31 * @mac: Buffer for the hash 32 * Returns: 0 on success, -1 on failure 33 */ 34 int md4_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac); 35 36 /** 37 * md5_vector - MD5 hash for data vector 38 * @num_elem: Number of elements in the data vector 39 * @addr: Pointers to the data areas 40 * @len: Lengths of the data blocks 41 * @mac: Buffer for the hash 42 * Returns: 0 on success, -1 on failure 43 */ 44 int md5_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac); 45 46 47 /** 48 * sha1_vector - SHA-1 hash for data vector 49 * @num_elem: Number of elements in the data vector 50 * @addr: Pointers to the data areas 51 * @len: Lengths of the data blocks 52 * @mac: Buffer for the hash 53 * Returns: 0 on success, -1 on failure 54 */ 55 int sha1_vector(size_t num_elem, const u8 *addr[], const size_t *len, 56 u8 *mac); 57 58 /** 59 * fips186_2-prf - NIST FIPS Publication 186-2 change notice 1 PRF 60 * @seed: Seed/key for the PRF 61 * @seed_len: Seed length in bytes 62 * @x: Buffer for PRF output 63 * @xlen: Output length in bytes 64 * Returns: 0 on success, -1 on failure 65 * 66 * This function implements random number generation specified in NIST FIPS 67 * Publication 186-2 for EAP-SIM. This PRF uses a function that is similar to 68 * SHA-1, but has different message padding. 69 */ 70 int __must_check fips186_2_prf(const u8 *seed, size_t seed_len, u8 *x, 71 size_t xlen); 72 73 /** 74 * sha256_vector - SHA256 hash for data vector 75 * @num_elem: Number of elements in the data vector 76 * @addr: Pointers to the data areas 77 * @len: Lengths of the data blocks 78 * @mac: Buffer for the hash 79 * Returns: 0 on success, -1 on failure 80 */ 81 int sha256_vector(size_t num_elem, const u8 *addr[], const size_t *len, 82 u8 *mac); 83 84 /** 85 * sha384_vector - SHA384 hash for data vector 86 * @num_elem: Number of elements in the data vector 87 * @addr: Pointers to the data areas 88 * @len: Lengths of the data blocks 89 * @mac: Buffer for the hash 90 * Returns: 0 on success, -1 on failure 91 */ 92 int sha384_vector(size_t num_elem, const u8 *addr[], const size_t *len, 93 u8 *mac); 94 95 /** 96 * sha512_vector - SHA512 hash for data vector 97 * @num_elem: Number of elements in the data vector 98 * @addr: Pointers to the data areas 99 * @len: Lengths of the data blocks 100 * @mac: Buffer for the hash 101 * Returns: 0 on success, -1 on failure 102 */ 103 int sha512_vector(size_t num_elem, const u8 *addr[], const size_t *len, 104 u8 *mac); 105 106 /** 107 * des_encrypt - Encrypt one block with DES 108 * @clear: 8 octets (in) 109 * @key: 7 octets (in) (no parity bits included) 110 * @cypher: 8 octets (out) 111 * Returns: 0 on success, -1 on failure 112 */ 113 int des_encrypt(const u8 *clear, const u8 *key, u8 *cypher); 114 115 /** 116 * aes_encrypt_init - Initialize AES for encryption 117 * @key: Encryption key 118 * @len: Key length in bytes (usually 16, i.e., 128 bits) 119 * Returns: Pointer to context data or %NULL on failure 120 */ 121 void * aes_encrypt_init(const u8 *key, size_t len); 122 123 /** 124 * aes_encrypt - Encrypt one AES block 125 * @ctx: Context pointer from aes_encrypt_init() 126 * @plain: Plaintext data to be encrypted (16 bytes) 127 * @crypt: Buffer for the encrypted data (16 bytes) 128 * Returns: 0 on success, -1 on failure 129 */ 130 int aes_encrypt(void *ctx, const u8 *plain, u8 *crypt); 131 132 /** 133 * aes_encrypt_deinit - Deinitialize AES encryption 134 * @ctx: Context pointer from aes_encrypt_init() 135 */ 136 void aes_encrypt_deinit(void *ctx); 137 138 /** 139 * aes_decrypt_init - Initialize AES for decryption 140 * @key: Decryption key 141 * @len: Key length in bytes (usually 16, i.e., 128 bits) 142 * Returns: Pointer to context data or %NULL on failure 143 */ 144 void * aes_decrypt_init(const u8 *key, size_t len); 145 146 /** 147 * aes_decrypt - Decrypt one AES block 148 * @ctx: Context pointer from aes_encrypt_init() 149 * @crypt: Encrypted data (16 bytes) 150 * @plain: Buffer for the decrypted data (16 bytes) 151 * Returns: 0 on success, -1 on failure 152 */ 153 int aes_decrypt(void *ctx, const u8 *crypt, u8 *plain); 154 155 /** 156 * aes_decrypt_deinit - Deinitialize AES decryption 157 * @ctx: Context pointer from aes_encrypt_init() 158 */ 159 void aes_decrypt_deinit(void *ctx); 160 161 162 enum crypto_hash_alg { 163 CRYPTO_HASH_ALG_MD5, CRYPTO_HASH_ALG_SHA1, 164 CRYPTO_HASH_ALG_HMAC_MD5, CRYPTO_HASH_ALG_HMAC_SHA1, 165 CRYPTO_HASH_ALG_SHA256, CRYPTO_HASH_ALG_HMAC_SHA256, 166 CRYPTO_HASH_ALG_SHA384, CRYPTO_HASH_ALG_SHA512 167 }; 168 169 struct crypto_hash; 170 171 /** 172 * crypto_hash_init - Initialize hash/HMAC function 173 * @alg: Hash algorithm 174 * @key: Key for keyed hash (e.g., HMAC) or %NULL if not needed 175 * @key_len: Length of the key in bytes 176 * Returns: Pointer to hash context to use with other hash functions or %NULL 177 * on failure 178 * 179 * This function is only used with internal TLSv1 implementation 180 * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need 181 * to implement this. 182 */ 183 struct crypto_hash * crypto_hash_init(enum crypto_hash_alg alg, const u8 *key, 184 size_t key_len); 185 186 /** 187 * crypto_hash_update - Add data to hash calculation 188 * @ctx: Context pointer from crypto_hash_init() 189 * @data: Data buffer to add 190 * @len: Length of the buffer 191 * 192 * This function is only used with internal TLSv1 implementation 193 * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need 194 * to implement this. 195 */ 196 void crypto_hash_update(struct crypto_hash *ctx, const u8 *data, size_t len); 197 198 /** 199 * crypto_hash_finish - Complete hash calculation 200 * @ctx: Context pointer from crypto_hash_init() 201 * @hash: Buffer for hash value or %NULL if caller is just freeing the hash 202 * context 203 * @len: Pointer to length of the buffer or %NULL if caller is just freeing the 204 * hash context; on return, this is set to the actual length of the hash value 205 * Returns: 0 on success, -1 if buffer is too small (len set to needed length), 206 * or -2 on other failures (including failed crypto_hash_update() operations) 207 * 208 * This function calculates the hash value and frees the context buffer that 209 * was used for hash calculation. 210 * 211 * This function is only used with internal TLSv1 implementation 212 * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need 213 * to implement this. 214 */ 215 int crypto_hash_finish(struct crypto_hash *ctx, u8 *hash, size_t *len); 216 217 218 enum crypto_cipher_alg { 219 CRYPTO_CIPHER_NULL = 0, CRYPTO_CIPHER_ALG_AES, CRYPTO_CIPHER_ALG_3DES, 220 CRYPTO_CIPHER_ALG_DES, CRYPTO_CIPHER_ALG_RC2, CRYPTO_CIPHER_ALG_RC4 221 }; 222 223 struct crypto_cipher; 224 225 /** 226 * crypto_cipher_init - Initialize block/stream cipher function 227 * @alg: Cipher algorithm 228 * @iv: Initialization vector for block ciphers or %NULL for stream ciphers 229 * @key: Cipher key 230 * @key_len: Length of key in bytes 231 * Returns: Pointer to cipher context to use with other cipher functions or 232 * %NULL on failure 233 * 234 * This function is only used with internal TLSv1 implementation 235 * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need 236 * to implement this. 237 */ 238 struct crypto_cipher * crypto_cipher_init(enum crypto_cipher_alg alg, 239 const u8 *iv, const u8 *key, 240 size_t key_len); 241 242 /** 243 * crypto_cipher_encrypt - Cipher encrypt 244 * @ctx: Context pointer from crypto_cipher_init() 245 * @plain: Plaintext to cipher 246 * @crypt: Resulting ciphertext 247 * @len: Length of the plaintext 248 * Returns: 0 on success, -1 on failure 249 * 250 * This function is only used with internal TLSv1 implementation 251 * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need 252 * to implement this. 253 */ 254 int __must_check crypto_cipher_encrypt(struct crypto_cipher *ctx, 255 const u8 *plain, u8 *crypt, size_t len); 256 257 /** 258 * crypto_cipher_decrypt - Cipher decrypt 259 * @ctx: Context pointer from crypto_cipher_init() 260 * @crypt: Ciphertext to decrypt 261 * @plain: Resulting plaintext 262 * @len: Length of the cipher text 263 * Returns: 0 on success, -1 on failure 264 * 265 * This function is only used with internal TLSv1 implementation 266 * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need 267 * to implement this. 268 */ 269 int __must_check crypto_cipher_decrypt(struct crypto_cipher *ctx, 270 const u8 *crypt, u8 *plain, size_t len); 271 272 /** 273 * crypto_cipher_decrypt - Free cipher context 274 * @ctx: Context pointer from crypto_cipher_init() 275 * 276 * This function is only used with internal TLSv1 implementation 277 * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need 278 * to implement this. 279 */ 280 void crypto_cipher_deinit(struct crypto_cipher *ctx); 281 282 283 struct crypto_public_key; 284 struct crypto_private_key; 285 286 /** 287 * crypto_public_key_import - Import an RSA public key 288 * @key: Key buffer (DER encoded RSA public key) 289 * @len: Key buffer length in bytes 290 * Returns: Pointer to the public key or %NULL on failure 291 * 292 * This function can just return %NULL if the crypto library supports X.509 293 * parsing. In that case, crypto_public_key_from_cert() is used to import the 294 * public key from a certificate. 295 * 296 * This function is only used with internal TLSv1 implementation 297 * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need 298 * to implement this. 299 */ 300 struct crypto_public_key * crypto_public_key_import(const u8 *key, size_t len); 301 302 struct crypto_public_key * 303 crypto_public_key_import_parts(const u8 *n, size_t n_len, 304 const u8 *e, size_t e_len); 305 306 /** 307 * crypto_private_key_import - Import an RSA private key 308 * @key: Key buffer (DER encoded RSA private key) 309 * @len: Key buffer length in bytes 310 * @passwd: Key encryption password or %NULL if key is not encrypted 311 * Returns: Pointer to the private key or %NULL on failure 312 * 313 * This function is only used with internal TLSv1 implementation 314 * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need 315 * to implement this. 316 */ 317 struct crypto_private_key * crypto_private_key_import(const u8 *key, 318 size_t len, 319 const char *passwd); 320 321 /** 322 * crypto_public_key_from_cert - Import an RSA public key from a certificate 323 * @buf: DER encoded X.509 certificate 324 * @len: Certificate buffer length in bytes 325 * Returns: Pointer to public key or %NULL on failure 326 * 327 * This function can just return %NULL if the crypto library does not support 328 * X.509 parsing. In that case, internal code will be used to parse the 329 * certificate and public key is imported using crypto_public_key_import(). 330 * 331 * This function is only used with internal TLSv1 implementation 332 * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need 333 * to implement this. 334 */ 335 struct crypto_public_key * crypto_public_key_from_cert(const u8 *buf, 336 size_t len); 337 338 /** 339 * crypto_public_key_encrypt_pkcs1_v15 - Public key encryption (PKCS #1 v1.5) 340 * @key: Public key 341 * @in: Plaintext buffer 342 * @inlen: Length of plaintext buffer in bytes 343 * @out: Output buffer for encrypted data 344 * @outlen: Length of output buffer in bytes; set to used length on success 345 * Returns: 0 on success, -1 on failure 346 * 347 * This function is only used with internal TLSv1 implementation 348 * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need 349 * to implement this. 350 */ 351 int __must_check crypto_public_key_encrypt_pkcs1_v15( 352 struct crypto_public_key *key, const u8 *in, size_t inlen, 353 u8 *out, size_t *outlen); 354 355 /** 356 * crypto_private_key_decrypt_pkcs1_v15 - Private key decryption (PKCS #1 v1.5) 357 * @key: Private key 358 * @in: Encrypted buffer 359 * @inlen: Length of encrypted buffer in bytes 360 * @out: Output buffer for encrypted data 361 * @outlen: Length of output buffer in bytes; set to used length on success 362 * Returns: 0 on success, -1 on failure 363 * 364 * This function is only used with internal TLSv1 implementation 365 * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need 366 * to implement this. 367 */ 368 int __must_check crypto_private_key_decrypt_pkcs1_v15( 369 struct crypto_private_key *key, const u8 *in, size_t inlen, 370 u8 *out, size_t *outlen); 371 372 /** 373 * crypto_private_key_sign_pkcs1 - Sign with private key (PKCS #1) 374 * @key: Private key from crypto_private_key_import() 375 * @in: Plaintext buffer 376 * @inlen: Length of plaintext buffer in bytes 377 * @out: Output buffer for encrypted (signed) data 378 * @outlen: Length of output buffer in bytes; set to used length on success 379 * Returns: 0 on success, -1 on failure 380 * 381 * This function is only used with internal TLSv1 implementation 382 * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need 383 * to implement this. 384 */ 385 int __must_check crypto_private_key_sign_pkcs1(struct crypto_private_key *key, 386 const u8 *in, size_t inlen, 387 u8 *out, size_t *outlen); 388 389 /** 390 * crypto_public_key_free - Free public key 391 * @key: Public key 392 * 393 * This function is only used with internal TLSv1 implementation 394 * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need 395 * to implement this. 396 */ 397 void crypto_public_key_free(struct crypto_public_key *key); 398 399 /** 400 * crypto_private_key_free - Free private key 401 * @key: Private key from crypto_private_key_import() 402 * 403 * This function is only used with internal TLSv1 implementation 404 * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need 405 * to implement this. 406 */ 407 void crypto_private_key_free(struct crypto_private_key *key); 408 409 /** 410 * crypto_public_key_decrypt_pkcs1 - Decrypt PKCS #1 signature 411 * @key: Public key 412 * @crypt: Encrypted signature data (using the private key) 413 * @crypt_len: Encrypted signature data length 414 * @plain: Buffer for plaintext (at least crypt_len bytes) 415 * @plain_len: Plaintext length (max buffer size on input, real len on output); 416 * Returns: 0 on success, -1 on failure 417 */ 418 int __must_check crypto_public_key_decrypt_pkcs1( 419 struct crypto_public_key *key, const u8 *crypt, size_t crypt_len, 420 u8 *plain, size_t *plain_len); 421 422 int crypto_dh_init(u8 generator, const u8 *prime, size_t prime_len, u8 *privkey, 423 u8 *pubkey); 424 int crypto_dh_derive_secret(u8 generator, const u8 *prime, size_t prime_len, 425 const u8 *order, size_t order_len, 426 const u8 *privkey, size_t privkey_len, 427 const u8 *pubkey, size_t pubkey_len, 428 u8 *secret, size_t *len); 429 430 /** 431 * crypto_global_init - Initialize crypto wrapper 432 * 433 * This function is only used with internal TLSv1 implementation 434 * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need 435 * to implement this. 436 */ 437 int __must_check crypto_global_init(void); 438 439 /** 440 * crypto_global_deinit - Deinitialize crypto wrapper 441 * 442 * This function is only used with internal TLSv1 implementation 443 * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need 444 * to implement this. 445 */ 446 void crypto_global_deinit(void); 447 448 /** 449 * crypto_mod_exp - Modular exponentiation of large integers 450 * @base: Base integer (big endian byte array) 451 * @base_len: Length of base integer in bytes 452 * @power: Power integer (big endian byte array) 453 * @power_len: Length of power integer in bytes 454 * @modulus: Modulus integer (big endian byte array) 455 * @modulus_len: Length of modulus integer in bytes 456 * @result: Buffer for the result 457 * @result_len: Result length (max buffer size on input, real len on output) 458 * Returns: 0 on success, -1 on failure 459 * 460 * This function calculates result = base ^ power mod modulus. modules_len is 461 * used as the maximum size of modulus buffer. It is set to the used size on 462 * success. 463 * 464 * This function is only used with internal TLSv1 implementation 465 * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need 466 * to implement this. 467 */ 468 int __must_check crypto_mod_exp(const u8 *base, size_t base_len, 469 const u8 *power, size_t power_len, 470 const u8 *modulus, size_t modulus_len, 471 u8 *result, size_t *result_len); 472 473 /** 474 * rc4_skip - XOR RC4 stream to given data with skip-stream-start 475 * @key: RC4 key 476 * @keylen: RC4 key length 477 * @skip: number of bytes to skip from the beginning of the RC4 stream 478 * @data: data to be XOR'ed with RC4 stream 479 * @data_len: buf length 480 * Returns: 0 on success, -1 on failure 481 * 482 * Generate RC4 pseudo random stream for the given key, skip beginning of the 483 * stream, and XOR the end result with the data buffer to perform RC4 484 * encryption/decryption. 485 */ 486 int rc4_skip(const u8 *key, size_t keylen, size_t skip, 487 u8 *data, size_t data_len); 488 489 /** 490 * crypto_get_random - Generate cryptographically strong pseudo-random bytes 491 * @buf: Buffer for data 492 * @len: Number of bytes to generate 493 * Returns: 0 on success, -1 on failure 494 * 495 * If the PRNG does not have enough entropy to ensure unpredictable byte 496 * sequence, this functions must return -1. 497 */ 498 int crypto_get_random(void *buf, size_t len); 499 500 /** 501 * crypto_pkcs7_get_certificates - Extract X.509 certificates from PKCS#7 data 502 * @pkcs7: DER encoded PKCS#7 data 503 * Returns: Buffer of the extracted PEM X.509 certificates or %NULL on failure 504 */ 505 struct wpabuf * crypto_pkcs7_get_certificates(const struct wpabuf *pkcs7); 506 507 508 /** 509 * struct crypto_bignum - bignum 510 * 511 * Internal data structure for bignum implementation. The contents is specific 512 * to the used crypto library. 513 */ 514 struct crypto_bignum; 515 516 /** 517 * crypto_bignum_init - Allocate memory for bignum 518 * Returns: Pointer to allocated bignum or %NULL on failure 519 */ 520 struct crypto_bignum * crypto_bignum_init(void); 521 522 /** 523 * crypto_bignum_init_set - Allocate memory for bignum and set the value 524 * @buf: Buffer with unsigned binary value 525 * @len: Length of buf in octets 526 * Returns: Pointer to allocated bignum or %NULL on failure 527 */ 528 struct crypto_bignum * crypto_bignum_init_set(const u8 *buf, size_t len); 529 530 /** 531 * crypto_bignum_init_set - Allocate memory for bignum and set the value (uint) 532 * @val: Value to set 533 * Returns: Pointer to allocated bignum or %NULL on failure 534 */ 535 struct crypto_bignum * crypto_bignum_init_uint(unsigned int val); 536 537 /** 538 * crypto_bignum_deinit - Free bignum 539 * @n: Bignum from crypto_bignum_init() or crypto_bignum_init_set() 540 * @clear: Whether to clear the value from memory 541 */ 542 void crypto_bignum_deinit(struct crypto_bignum *n, int clear); 543 544 /** 545 * crypto_bignum_to_bin - Set binary buffer to unsigned bignum 546 * @a: Bignum 547 * @buf: Buffer for the binary number 548 * @len: Length of @buf in octets 549 * @padlen: Length in octets to pad the result to or 0 to indicate no padding 550 * Returns: Number of octets written on success, -1 on failure 551 */ 552 int crypto_bignum_to_bin(const struct crypto_bignum *a, 553 u8 *buf, size_t buflen, size_t padlen); 554 555 /** 556 * crypto_bignum_rand - Create a random number in range of modulus 557 * @r: Bignum; set to a random value 558 * @m: Bignum; modulus 559 * Returns: 0 on success, -1 on failure 560 */ 561 int crypto_bignum_rand(struct crypto_bignum *r, const struct crypto_bignum *m); 562 563 /** 564 * crypto_bignum_add - c = a + b 565 * @a: Bignum 566 * @b: Bignum 567 * @c: Bignum; used to store the result of a + b 568 * Returns: 0 on success, -1 on failure 569 */ 570 int crypto_bignum_add(const struct crypto_bignum *a, 571 const struct crypto_bignum *b, 572 struct crypto_bignum *c); 573 574 /** 575 * crypto_bignum_mod - c = a % b 576 * @a: Bignum 577 * @b: Bignum 578 * @c: Bignum; used to store the result of a % b 579 * Returns: 0 on success, -1 on failure 580 */ 581 int crypto_bignum_mod(const struct crypto_bignum *a, 582 const struct crypto_bignum *b, 583 struct crypto_bignum *c); 584 585 /** 586 * crypto_bignum_exptmod - Modular exponentiation: d = a^b (mod c) 587 * @a: Bignum; base 588 * @b: Bignum; exponent 589 * @c: Bignum; modulus 590 * @d: Bignum; used to store the result of a^b (mod c) 591 * Returns: 0 on success, -1 on failure 592 */ 593 int crypto_bignum_exptmod(const struct crypto_bignum *a, 594 const struct crypto_bignum *b, 595 const struct crypto_bignum *c, 596 struct crypto_bignum *d); 597 598 /** 599 * crypto_bignum_inverse - Inverse a bignum so that a * c = 1 (mod b) 600 * @a: Bignum 601 * @b: Bignum 602 * @c: Bignum; used to store the result 603 * Returns: 0 on success, -1 on failure 604 */ 605 int crypto_bignum_inverse(const struct crypto_bignum *a, 606 const struct crypto_bignum *b, 607 struct crypto_bignum *c); 608 609 /** 610 * crypto_bignum_sub - c = a - b 611 * @a: Bignum 612 * @b: Bignum 613 * @c: Bignum; used to store the result of a - b 614 * Returns: 0 on success, -1 on failure 615 */ 616 int crypto_bignum_sub(const struct crypto_bignum *a, 617 const struct crypto_bignum *b, 618 struct crypto_bignum *c); 619 620 /** 621 * crypto_bignum_div - c = a / b 622 * @a: Bignum 623 * @b: Bignum 624 * @c: Bignum; used to store the result of a / b 625 * Returns: 0 on success, -1 on failure 626 */ 627 int crypto_bignum_div(const struct crypto_bignum *a, 628 const struct crypto_bignum *b, 629 struct crypto_bignum *c); 630 631 /** 632 * crypto_bignum_addmod - d = a + b (mod c) 633 * @a: Bignum 634 * @b: Bignum 635 * @c: Bignum 636 * @d: Bignum; used to store the result of (a + b) % c 637 * Returns: 0 on success, -1 on failure 638 */ 639 int crypto_bignum_addmod(const struct crypto_bignum *a, 640 const struct crypto_bignum *b, 641 const struct crypto_bignum *c, 642 struct crypto_bignum *d); 643 644 /** 645 * crypto_bignum_mulmod - d = a * b (mod c) 646 * @a: Bignum 647 * @b: Bignum 648 * @c: Bignum 649 * @d: Bignum; used to store the result of (a * b) % c 650 * Returns: 0 on success, -1 on failure 651 */ 652 int crypto_bignum_mulmod(const struct crypto_bignum *a, 653 const struct crypto_bignum *b, 654 const struct crypto_bignum *c, 655 struct crypto_bignum *d); 656 657 /** 658 * crypto_bignum_sqrmod - c = a^2 (mod b) 659 * @a: Bignum 660 * @b: Bignum 661 * @c: Bignum; used to store the result of a^2 % b 662 * Returns: 0 on success, -1 on failure 663 */ 664 int crypto_bignum_sqrmod(const struct crypto_bignum *a, 665 const struct crypto_bignum *b, 666 struct crypto_bignum *c); 667 668 /** 669 * crypto_bignum_sqrmod - c = a^2 (mod b) 670 * @a: Bignum 671 * @b: Bignum 672 * @c: Bignum; used to store the result of a^2 % b 673 * Returns: 0 on success, -1 on failure 674 */ 675 int crypto_bignum_sqrmod(const struct crypto_bignum *a, 676 const struct crypto_bignum *b, 677 struct crypto_bignum *c); 678 679 /** 680 * crypto_bignum_rshift - r = a >> n 681 * @a: Bignum 682 * @n: Number of bits 683 * @r: Bignum; used to store the result of a >> n 684 * Returns: 0 on success, -1 on failure 685 */ 686 int crypto_bignum_rshift(const struct crypto_bignum *a, int n, 687 struct crypto_bignum *r); 688 689 /** 690 * crypto_bignum_cmp - Compare two bignums 691 * @a: Bignum 692 * @b: Bignum 693 * Returns: -1 if a < b, 0 if a == b, or 1 if a > b 694 */ 695 int crypto_bignum_cmp(const struct crypto_bignum *a, 696 const struct crypto_bignum *b); 697 698 /** 699 * crypto_bignum_is_zero - Is the given bignum zero 700 * @a: Bignum 701 * Returns: 1 if @a is zero or 0 if not 702 */ 703 int crypto_bignum_is_zero(const struct crypto_bignum *a); 704 705 /** 706 * crypto_bignum_is_one - Is the given bignum one 707 * @a: Bignum 708 * Returns: 1 if @a is one or 0 if not 709 */ 710 int crypto_bignum_is_one(const struct crypto_bignum *a); 711 712 /** 713 * crypto_bignum_is_odd - Is the given bignum odd 714 * @a: Bignum 715 * Returns: 1 if @a is odd or 0 if not 716 */ 717 int crypto_bignum_is_odd(const struct crypto_bignum *a); 718 719 /** 720 * crypto_bignum_legendre - Compute the Legendre symbol (a/p) 721 * @a: Bignum 722 * @p: Bignum 723 * Returns: Legendre symbol -1,0,1 on success; -2 on calculation failure 724 */ 725 int crypto_bignum_legendre(const struct crypto_bignum *a, 726 const struct crypto_bignum *p); 727 728 /** 729 * struct crypto_ec - Elliptic curve context 730 * 731 * Internal data structure for EC implementation. The contents is specific 732 * to the used crypto library. 733 */ 734 struct crypto_ec; 735 736 /** 737 * struct crypto_ec_point - Elliptic curve point 738 * 739 * Internal data structure for EC implementation to represent a point. The 740 * contents is specific to the used crypto library. 741 */ 742 struct crypto_ec_point; 743 744 /** 745 * crypto_ec_init - Initialize elliptic curve context 746 * @group: Identifying number for the ECC group (IANA "Group Description" 747 * attribute registrty for RFC 2409) 748 * Returns: Pointer to EC context or %NULL on failure 749 */ 750 struct crypto_ec * crypto_ec_init(int group); 751 752 /** 753 * crypto_ec_deinit - Deinitialize elliptic curve context 754 * @e: EC context from crypto_ec_init() 755 */ 756 void crypto_ec_deinit(struct crypto_ec *e); 757 758 /** 759 * crypto_ec_prime_len - Get length of the prime in octets 760 * @e: EC context from crypto_ec_init() 761 * Returns: Length of the prime defining the group 762 */ 763 size_t crypto_ec_prime_len(struct crypto_ec *e); 764 765 /** 766 * crypto_ec_prime_len_bits - Get length of the prime in bits 767 * @e: EC context from crypto_ec_init() 768 * Returns: Length of the prime defining the group in bits 769 */ 770 size_t crypto_ec_prime_len_bits(struct crypto_ec *e); 771 772 /** 773 * crypto_ec_order_len - Get length of the order in octets 774 * @e: EC context from crypto_ec_init() 775 * Returns: Length of the order defining the group 776 */ 777 size_t crypto_ec_order_len(struct crypto_ec *e); 778 779 /** 780 * crypto_ec_get_prime - Get prime defining an EC group 781 * @e: EC context from crypto_ec_init() 782 * Returns: Prime (bignum) defining the group 783 */ 784 const struct crypto_bignum * crypto_ec_get_prime(struct crypto_ec *e); 785 786 /** 787 * crypto_ec_get_order - Get order of an EC group 788 * @e: EC context from crypto_ec_init() 789 * Returns: Order (bignum) of the group 790 */ 791 const struct crypto_bignum * crypto_ec_get_order(struct crypto_ec *e); 792 793 const struct crypto_bignum * crypto_ec_get_a(struct crypto_ec *e); 794 const struct crypto_bignum * crypto_ec_get_b(struct crypto_ec *e); 795 796 /** 797 * crypto_ec_get_a - Get 'a' coefficient of an EC group's curve 798 * @e: EC context from crypto_ec_init() 799 * Returns: 'a' coefficient (bignum) of the group 800 */ 801 const struct crypto_bignum * crypto_ec_get_a(struct crypto_ec *e); 802 803 /** 804 * crypto_ec_get_b - Get 'b' coeffiecient of an EC group's curve 805 * @e: EC context from crypto_ec_init() 806 * Returns: 'b' coefficient (bignum) of the group 807 */ 808 const struct crypto_bignum * crypto_ec_get_b(struct crypto_ec *e); 809 810 /** 811 * crypto_ec_get_generator - Get generator point of the EC group's curve 812 * @e: EC context from crypto_ec_init() 813 * Returns: Pointer to generator point 814 */ 815 const struct crypto_ec_point * crypto_ec_get_generator(struct crypto_ec *e); 816 817 /** 818 * crypto_ec_point_init - Initialize data for an EC point 819 * @e: EC context from crypto_ec_init() 820 * Returns: Pointer to EC point data or %NULL on failure 821 */ 822 struct crypto_ec_point * crypto_ec_point_init(struct crypto_ec *e); 823 824 /** 825 * crypto_ec_point_deinit - Deinitialize EC point data 826 * @p: EC point data from crypto_ec_point_init() 827 * @clear: Whether to clear the EC point value from memory 828 */ 829 void crypto_ec_point_deinit(struct crypto_ec_point *p, int clear); 830 831 /** 832 * crypto_ec_point_x - Copies the x-ordinate point into big number 833 * @e: EC context from crypto_ec_init() 834 * @p: EC point data 835 * @x: Big number to set to the copy of x-ordinate 836 * Returns: 0 on success, -1 on failure 837 */ 838 int crypto_ec_point_x(struct crypto_ec *e, const struct crypto_ec_point *p, 839 struct crypto_bignum *x); 840 841 /** 842 * crypto_ec_point_to_bin - Write EC point value as binary data 843 * @e: EC context from crypto_ec_init() 844 * @p: EC point data from crypto_ec_point_init() 845 * @x: Buffer for writing the binary data for x coordinate or %NULL if not used 846 * @y: Buffer for writing the binary data for y coordinate or %NULL if not used 847 * Returns: 0 on success, -1 on failure 848 * 849 * This function can be used to write an EC point as binary data in a format 850 * that has the x and y coordinates in big endian byte order fields padded to 851 * the length of the prime defining the group. 852 */ 853 int crypto_ec_point_to_bin(struct crypto_ec *e, 854 const struct crypto_ec_point *point, u8 *x, u8 *y); 855 856 /** 857 * crypto_ec_point_from_bin - Create EC point from binary data 858 * @e: EC context from crypto_ec_init() 859 * @val: Binary data to read the EC point from 860 * Returns: Pointer to EC point data or %NULL on failure 861 * 862 * This function readers x and y coordinates of the EC point from the provided 863 * buffer assuming the values are in big endian byte order with fields padded to 864 * the length of the prime defining the group. 865 */ 866 struct crypto_ec_point * crypto_ec_point_from_bin(struct crypto_ec *e, 867 const u8 *val); 868 869 /** 870 * crypto_ec_point_add - c = a + b 871 * @e: EC context from crypto_ec_init() 872 * @a: Bignum 873 * @b: Bignum 874 * @c: Bignum; used to store the result of a + b 875 * Returns: 0 on success, -1 on failure 876 */ 877 int crypto_ec_point_add(struct crypto_ec *e, const struct crypto_ec_point *a, 878 const struct crypto_ec_point *b, 879 struct crypto_ec_point *c); 880 881 /** 882 * crypto_ec_point_mul - res = b * p 883 * @e: EC context from crypto_ec_init() 884 * @p: EC point 885 * @b: Bignum 886 * @res: EC point; used to store the result of b * p 887 * Returns: 0 on success, -1 on failure 888 */ 889 int crypto_ec_point_mul(struct crypto_ec *e, const struct crypto_ec_point *p, 890 const struct crypto_bignum *b, 891 struct crypto_ec_point *res); 892 893 /** 894 * crypto_ec_point_invert - Compute inverse of an EC point 895 * @e: EC context from crypto_ec_init() 896 * @p: EC point to invert (and result of the operation) 897 * Returns: 0 on success, -1 on failure 898 */ 899 int crypto_ec_point_invert(struct crypto_ec *e, struct crypto_ec_point *p); 900 901 /** 902 * crypto_ec_point_compute_y_sqr - Compute y^2 = x^3 + ax + b 903 * @e: EC context from crypto_ec_init() 904 * @x: x coordinate 905 * Returns: y^2 on success, %NULL failure 906 */ 907 struct crypto_bignum * 908 crypto_ec_point_compute_y_sqr(struct crypto_ec *e, 909 const struct crypto_bignum *x); 910 911 /** 912 * crypto_ec_point_is_at_infinity - Check whether EC point is neutral element 913 * @e: EC context from crypto_ec_init() 914 * @p: EC point 915 * Returns: 1 if the specified EC point is the neutral element of the group or 916 * 0 if not 917 */ 918 int crypto_ec_point_is_at_infinity(struct crypto_ec *e, 919 const struct crypto_ec_point *p); 920 921 /** 922 * crypto_ec_point_is_on_curve - Check whether EC point is on curve 923 * @e: EC context from crypto_ec_init() 924 * @p: EC point 925 * Returns: 1 if the specified EC point is on the curve or 0 if not 926 */ 927 int crypto_ec_point_is_on_curve(struct crypto_ec *e, 928 const struct crypto_ec_point *p); 929 930 /** 931 * crypto_ec_point_cmp - Compare two EC points 932 * @e: EC context from crypto_ec_init() 933 * @a: EC point 934 * @b: EC point 935 * Returns: 0 on equal, non-zero otherwise 936 */ 937 int crypto_ec_point_cmp(const struct crypto_ec *e, 938 const struct crypto_ec_point *a, 939 const struct crypto_ec_point *b); 940 941 /** 942 * crypto_ec_point_debug_print - Dump EC point to debug log 943 * @e: EC context from crypto_ec_init() 944 * @p: EC point 945 * @title: Name of the EC point in the trace 946 */ 947 void crypto_ec_point_debug_print(const struct crypto_ec *e, 948 const struct crypto_ec_point *p, 949 const char *title); 950 951 /** 952 * struct crypto_ec_key - Elliptic curve key pair 953 * 954 * Internal data structure for EC key pair. The contents is specific to the used 955 * crypto library. 956 */ 957 struct crypto_ec_key; 958 959 /** 960 * struct crypto_ecdh - Elliptic Curve Diffie–Hellman context 961 * 962 * Internal data structure for ECDH. The contents is specific to the used 963 * crypto library. 964 */ 965 struct crypto_ecdh; 966 967 /** 968 * crypto_ecdh_init - Initialize elliptic curve Diffie–Hellman context 969 * @group: Identifying number for the ECC group (IANA "Group Description" 970 * attribute registry for RFC 2409) 971 * This function generates an ephemeral key pair. 972 * Returns: Pointer to ECDH context or %NULL on failure 973 */ 974 struct crypto_ecdh * crypto_ecdh_init(int group); 975 976 /** 977 * crypto_ecdh_init2 - Initialize elliptic curve Diffie–Hellman context with a 978 * given EC key 979 * @group: Identifying number for the ECC group (IANA "Group Description" 980 * attribute registry for RFC 2409) 981 * @own_key: Our own EC Key 982 * Returns: Pointer to ECDH context or %NULL on failure 983 */ 984 struct crypto_ecdh * crypto_ecdh_init2(int group, 985 struct crypto_ec_key *own_key); 986 987 /** 988 * crypto_ecdh_get_pubkey - Retrieve public key from ECDH context 989 * @ecdh: ECDH context from crypto_ecdh_init() or crypto_ecdh_init2() 990 * @inc_y: Whether public key should include y coordinate (explicit form) 991 * or not (compressed form) 992 * Returns: Binary data f the public key or %NULL on failure 993 */ 994 struct wpabuf * crypto_ecdh_get_pubkey(struct crypto_ecdh *ecdh, int inc_y); 995 996 /** 997 * crypto_ecdh_set_peerkey - Compute ECDH secret 998 * @ecdh: ECDH context from crypto_ecdh_init() or crypto_ecdh_init2() 999 * @inc_y: Whether peer's public key includes y coordinate (explicit form) 1000 * or not (compressed form) 1001 * @key: Binary data of the peer's public key 1002 * @len: Length of the @key buffer 1003 * Returns: Binary data with the EDCH secret or %NULL on failure 1004 */ 1005 struct wpabuf * crypto_ecdh_set_peerkey(struct crypto_ecdh *ecdh, int inc_y, 1006 const u8 *key, size_t len); 1007 1008 /** 1009 * crypto_ecdh_deinit - Free ECDH context 1010 * @ecdh: ECDH context from crypto_ecdh_init() or crypto_ecdh_init2() 1011 */ 1012 void crypto_ecdh_deinit(struct crypto_ecdh *ecdh); 1013 1014 /** 1015 * crypto_ecdh_prime_len - Get length of the prime in octets 1016 * @e: ECDH context from crypto_ecdh_init() 1017 * Returns: Length of the prime defining the group 1018 */ 1019 size_t crypto_ecdh_prime_len(struct crypto_ecdh *ecdh); 1020 1021 /** 1022 * crypto_ec_key_parse_priv - Initialize EC key pair from ECPrivateKey ASN.1 1023 * @der: DER encoding of ASN.1 ECPrivateKey 1024 * @der_len: Length of @der buffer 1025 * Returns: EC key or %NULL on failure 1026 */ 1027 struct crypto_ec_key * crypto_ec_key_parse_priv(const u8 *der, size_t der_len); 1028 1029 /** 1030 * crypto_ec_key_set_priv - Initialize EC key pair from raw key data 1031 * @group: Identifying number for the ECC group 1032 * @raw: Raw key data 1033 * @raw_len: Length of @raw buffer 1034 * Returns: EC key or %NULL on failure 1035 */ 1036 struct crypto_ec_key * crypto_ec_key_set_priv(int group, 1037 const u8 *raw, size_t raw_len); 1038 1039 /** 1040 * crypto_ec_key_parse_pub - Initialize EC key pair from SubjectPublicKeyInfo ASN.1 1041 * @der: DER encoding of ASN.1 SubjectPublicKeyInfo 1042 * @der_len: Length of @der buffer 1043 * Returns: EC key or %NULL on failure 1044 */ 1045 struct crypto_ec_key * crypto_ec_key_parse_pub(const u8 *der, size_t der_len); 1046 1047 /** 1048 * crypto_ec_key_set_pub - Initialize an EC public key from EC point coordinates 1049 * @group: Identifying number for the ECC group 1050 * @x: X coordinate of the public key 1051 * @y: Y coordinate of the public key 1052 * @len: Length of @x and @y buffer 1053 * Returns: EC key or %NULL on failure 1054 * 1055 * This function initialize an EC key from public key coordinates, in big endian 1056 * byte order padded to the length of the prime defining the group. 1057 */ 1058 struct crypto_ec_key * crypto_ec_key_set_pub(int group, const u8 *x, 1059 const u8 *y, size_t len); 1060 1061 /** 1062 * crypto_ec_key_set_pub_point - Initialize an EC public key from EC point 1063 * @e: EC context from crypto_ec_init() 1064 * @pub: Public key point 1065 * Returns: EC key or %NULL on failure 1066 */ 1067 struct crypto_ec_key * 1068 crypto_ec_key_set_pub_point(struct crypto_ec *e, 1069 const struct crypto_ec_point *pub); 1070 1071 /** 1072 * crypto_ec_key_gen - Generate EC key pair 1073 * @group: Identifying number for the ECC group 1074 * Returns: EC key or %NULL on failure 1075 */ 1076 struct crypto_ec_key * crypto_ec_key_gen(int group); 1077 1078 /** 1079 * crypto_ec_key_deinit - Free EC key 1080 * @key: EC key from crypto_ec_key_parse_pub/priv() or crypto_ec_key_gen() 1081 */ 1082 void crypto_ec_key_deinit(struct crypto_ec_key *key); 1083 1084 /** 1085 * crypto_ec_key_get_subject_public_key - Get SubjectPublicKeyInfo ASN.1 for an EC key 1086 * @key: EC key from crypto_ec_key_parse/set_pub/priv() or crypto_ec_key_gen() 1087 * Returns: Buffer with DER encoding of ASN.1 SubjectPublicKeyInfo using 1088 * compressed point format, or %NULL on failure 1089 */ 1090 struct wpabuf * crypto_ec_key_get_subject_public_key(struct crypto_ec_key *key); 1091 1092 /** 1093 * crypto_ec_key_get_ecprivate_key - Get ECPrivateKey ASN.1 for a EC key 1094 * @key: EC key from crypto_ec_key_parse_priv() or crypto_ec_key_gen() 1095 * @include_pub: Whether to include public key in the ASN.1 sequence 1096 * Returns: Buffer with DER encoding of ASN.1 ECPrivateKey or %NULL on failure 1097 */ 1098 struct wpabuf * crypto_ec_key_get_ecprivate_key(struct crypto_ec_key *key, 1099 bool include_pub); 1100 1101 /** 1102 * crypto_ec_key_get_pubkey_point - Get public key point coordinates 1103 * @key: EC key from crypto_ec_key_parse/set_pub() or crypto_ec_key_parse_priv() 1104 * @prefix: Whether output buffer should include the octet to indicate 1105 * coordinate form (as defined for SubjectPublicKeyInfo) 1106 * Returns: Buffer with coordinates of public key in uncompressed form or %NULL 1107 * on failure 1108 */ 1109 struct wpabuf * crypto_ec_key_get_pubkey_point(struct crypto_ec_key *key, 1110 int prefix); 1111 1112 /** 1113 * crypto_ec_key_get_public_key - Get EC public key as an EC point 1114 * @key: EC key from crypto_ec_key_parse/set_pub() or crypto_ec_key_parse_priv() 1115 * Returns: Public key as an EC point or %NULL on failure 1116 * 1117 * The caller needs to free the returned value with crypto_ec_point_deinit(). 1118 */ 1119 struct crypto_ec_point * 1120 crypto_ec_key_get_public_key(struct crypto_ec_key *key); 1121 1122 /** 1123 * crypto_ec_key_get_private_key - Get EC private key as a bignum 1124 * @key: EC key from crypto_ec_key_parse/set_pub() or crypto_ec_key_parse_priv() 1125 * Returns: Private key as a bignum or %NULL on failure 1126 * 1127 * The caller needs to free the returned value with crypto_bignum_deinit(). 1128 */ 1129 struct crypto_bignum * 1130 crypto_ec_key_get_private_key(struct crypto_ec_key *key); 1131 1132 /** 1133 * crypto_ec_key_sign - Sign a buffer with an EC key 1134 * @key: EC key from crypto_ec_key_parse_priv() or crypto_ec_key_gen() 1135 * @data: Data to sign 1136 * @len: Length of @data buffer 1137 * Returns: Buffer with DER encoding of ASN.1 Ecdsa-Sig-Value or %NULL on failure 1138 */ 1139 struct wpabuf * crypto_ec_key_sign(struct crypto_ec_key *key, const u8 *data, 1140 size_t len); 1141 1142 /** 1143 * crypto_ec_key_sign_r_s - Sign a buffer with an EC key 1144 * @key: EC key from crypto_ec_key_parse_priv() or crypto_ec_key_gen() 1145 * @data: Data to sign 1146 * @len: Length of @data buffer 1147 * Returns: Buffer with the concatenated r and s values. Each value is in big 1148 * endian byte order padded to the length of the prime defining the group of 1149 * the key. 1150 */ 1151 struct wpabuf * crypto_ec_key_sign_r_s(struct crypto_ec_key *key, 1152 const u8 *data, size_t len); 1153 1154 /** 1155 * crypto_ec_key_verify_signature - Verify ECDSA signature 1156 * @key: EC key from crypto_ec_key_parse/set_pub() or crypto_ec_key_gen() 1157 * @data: Data to be signed 1158 * @len: Length of @data buffer 1159 * @sig: DER encoding of ASN.1 Ecdsa-Sig-Value 1160 * @sig_len: Length of @sig buffer 1161 * Returns: 1 if signature is valid, 0 if signature is invalid and -1 on failure 1162 */ 1163 int crypto_ec_key_verify_signature(struct crypto_ec_key *key, const u8 *data, 1164 size_t len, const u8 *sig, size_t sig_len); 1165 1166 /** 1167 * crypto_ec_key_verify_signature_r_s - Verify signature 1168 * @key: EC key from crypto_ec_key_parse/set_pub() or crypto_ec_key_gen() 1169 * @data: Data to signed 1170 * @len: Length of @data buffer 1171 * @r: Binary data, in big endian byte order, of the 'r' field of the ECDSA 1172 * signature. 1173 * @s: Binary data, in big endian byte order, of the 's' field of the ECDSA 1174 * signature. 1175 * @r_len: Length of @r buffer 1176 * @s_len: Length of @s buffer 1177 * Returns: 1 if signature is valid, 0 if signature is invalid, or -1 on failure 1178 */ 1179 int crypto_ec_key_verify_signature_r_s(struct crypto_ec_key *key, 1180 const u8 *data, size_t len, 1181 const u8 *r, size_t r_len, 1182 const u8 *s, size_t s_len); 1183 1184 /** 1185 * crypto_ec_key_group - Get IANA group identifier for an EC key 1186 * @key: EC key from crypto_ec_key_parse/set_pub/priv() or crypto_ec_key_gen() 1187 * Returns: IANA group identifier and -1 on failure 1188 */ 1189 int crypto_ec_key_group(struct crypto_ec_key *key); 1190 1191 /** 1192 * crypto_ec_key_cmp - Compare two EC public keys 1193 * @key1: Key 1 1194 * @key2: Key 2 1195 * Returns: 0 if public keys are identical, -1 otherwise 1196 */ 1197 int crypto_ec_key_cmp(struct crypto_ec_key *key1, struct crypto_ec_key *key2); 1198 1199 /** 1200 * crypto_ec_key_debug_print - Dump EC key to debug log 1201 * @key: EC key from crypto_ec_key_parse/set_pub/priv() or crypto_ec_key_gen() 1202 * @title: Name of the EC point in the trace 1203 */ 1204 void crypto_ec_key_debug_print(const struct crypto_ec_key *key, 1205 const char *title); 1206 1207 /** 1208 * struct crypto_csr - Certification Signing Request 1209 * 1210 * Internal data structure for CSR. The contents is specific to the used 1211 * crypto library. 1212 * For now it is assumed that only an EC public key can be used 1213 */ 1214 struct crypto_csr; 1215 1216 /** 1217 * enum crypto_csr_name - CSR name type 1218 */ 1219 enum crypto_csr_name { 1220 CSR_NAME_CN, 1221 CSR_NAME_SN, 1222 CSR_NAME_C, 1223 CSR_NAME_O, 1224 CSR_NAME_OU, 1225 }; 1226 1227 /** 1228 * enum crypto_csr_attr - CSR attribute 1229 */ 1230 enum crypto_csr_attr { 1231 CSR_ATTR_CHALLENGE_PASSWORD, 1232 }; 1233 1234 /** 1235 * crypto_csr_init - Initialize empty CSR 1236 * Returns: Pointer to CSR data or %NULL on failure 1237 */ 1238 struct crypto_csr * crypto_csr_init(void); 1239 1240 /** 1241 * crypto_csr_verify - Initialize CSR from CertificationRequest 1242 * @req: DER encoding of ASN.1 CertificationRequest 1243 * 1244 * Returns: Pointer to CSR data or %NULL on failure or if signature is invalid 1245 */ 1246 struct crypto_csr * crypto_csr_verify(const struct wpabuf *req); 1247 1248 /** 1249 * crypto_csr_deinit - Free CSR structure 1250 * @csr: CSR structure from @crypto_csr_init() or crypto_csr_verify() 1251 */ 1252 void crypto_csr_deinit(struct crypto_csr *csr); 1253 1254 /** 1255 * crypto_csr_set_ec_public_key - Set public key in CSR 1256 * @csr: CSR structure from @crypto_csr_init() 1257 * @key: EC public key to set as public key in the CSR 1258 * Returns: 0 on success, -1 on failure 1259 */ 1260 int crypto_csr_set_ec_public_key(struct crypto_csr *csr, 1261 struct crypto_ec_key *key); 1262 1263 /** 1264 * crypto_csr_set_name - Set name entry in CSR SubjectName 1265 * @csr: CSR structure from @crypto_csr_init() 1266 * @type: Name type to add into the CSR SubjectName 1267 * @name: UTF-8 string to write in the CSR SubjectName 1268 * Returns: 0 on success, -1 on failure 1269 */ 1270 int crypto_csr_set_name(struct crypto_csr *csr, enum crypto_csr_name type, 1271 const char *name); 1272 1273 /** 1274 * crypto_csr_set_attribute - Set attribute in CSR 1275 * @csr: CSR structure from @crypto_csr_init() 1276 * @attr: Attribute identifier 1277 * @attr_type: ASN.1 type of @value buffer 1278 * @value: Attribute value 1279 * @len: length of @value buffer 1280 * Returns: 0 on success, -1 on failure 1281 */ 1282 int crypto_csr_set_attribute(struct crypto_csr *csr, enum crypto_csr_attr attr, 1283 int attr_type, const u8 *value, size_t len); 1284 1285 /** 1286 * crypto_csr_get_attribute - Get attribute from CSR 1287 * @csr: CSR structure from @crypto_csr_verify() 1288 * @attr: Updated with atribute identifier 1289 * @len: Updated with length of returned buffer 1290 * @type: ASN.1 type of the attribute buffer 1291 * Returns: Type, length, and pointer on attribute value or %NULL on failure 1292 */ 1293 const u8 * crypto_csr_get_attribute(struct crypto_csr *csr, 1294 enum crypto_csr_attr attr, 1295 size_t *len, int *type); 1296 1297 /** 1298 * crypto_csr_sign - Sign CSR and return ASN.1 CertificationRequest 1299 * @csr: CSR structure from @crypto_csr_init() 1300 * @key: Private key to sign the CSR (for now ony EC key are supported) 1301 * @algo: Hash algorithm to use for the signature 1302 * Returns: DER encoding of ASN.1 CertificationRequest for the CSR or %NULL on 1303 * failure 1304 */ 1305 struct wpabuf * crypto_csr_sign(struct crypto_csr *csr, 1306 struct crypto_ec_key *key, 1307 enum crypto_hash_alg algo); 1308 1309 struct crypto_rsa_key; 1310 1311 /** 1312 * crypto_rsa_key_read - Read an RSA key 1313 * @file: File from which to read (PEM encoded, can be X.509v3 certificate) 1314 * @private_key: Whether to read the private key instead of public key 1315 * Returns: RSA key or %NULL on failure 1316 */ 1317 struct crypto_rsa_key * crypto_rsa_key_read(const char *file, bool private_key); 1318 1319 /** 1320 * crypto_rsa_oaep_sha256_encrypt - RSA-OAEP-SHA-256 encryption 1321 * @key: RSA key from crypto_rsa_key_read() 1322 * @in: Plaintext input data 1323 * Returns: Encrypted output data or %NULL on failure 1324 */ 1325 struct wpabuf * crypto_rsa_oaep_sha256_encrypt(struct crypto_rsa_key *key, 1326 const struct wpabuf *in); 1327 1328 /** 1329 * crypto_rsa_oaep_sha256_decrypt - RSA-OAEP-SHA-256 decryption 1330 * @key: RSA key from crypto_rsa_key_read() 1331 * @in: Encrypted input data 1332 * Returns: Decrypted output data or %NULL on failure 1333 */ 1334 struct wpabuf * crypto_rsa_oaep_sha256_decrypt(struct crypto_rsa_key *key, 1335 const struct wpabuf *in); 1336 1337 /** 1338 * crypto_rsa_key_free - Free an RSA key 1339 * @key: RSA key from crypto_rsa_key_read() 1340 */ 1341 void crypto_rsa_key_free(struct crypto_rsa_key *key); 1342 1343 enum hpke_mode { 1344 HPKE_MODE_BASE = 0x00, 1345 HPKE_MODE_PSK = 0x01, 1346 HPKE_MODE_AUTH = 0x02, 1347 HPKE_MODE_AUTH_PSK = 0x03, 1348 }; 1349 1350 enum hpke_kem_id { 1351 HPKE_DHKEM_P256_HKDF_SHA256 = 0x0010, 1352 HPKE_DHKEM_P384_HKDF_SHA384 = 0x0011, 1353 HPKE_DHKEM_P521_HKDF_SHA512 = 0x0012, 1354 HPKE_DHKEM_X5519_HKDF_SHA256 = 0x0020, 1355 HPKE_DHKEM_X448_HKDF_SHA512 = 0x0021, 1356 }; 1357 1358 enum hpke_kdf_id { 1359 HPKE_KDF_HKDF_SHA256 = 0x0001, 1360 HPKE_KDF_HKDF_SHA384 = 0x0002, 1361 HPKE_KDF_HKDF_SHA512 = 0x0003, 1362 }; 1363 1364 enum hpke_aead_id { 1365 HPKE_AEAD_AES_128_GCM = 0x0001, 1366 HPKE_AEAD_AES_256_GCM = 0x0002, 1367 HPKE_AEAD_CHACHA20POLY1305 = 0x0003, 1368 }; 1369 1370 /** 1371 * hpke_base_seal - HPKE base mode single-shot encrypt 1372 * Returns: enc | ct; or %NULL on failure 1373 */ 1374 struct wpabuf * hpke_base_seal(enum hpke_kem_id kem_id, 1375 enum hpke_kdf_id kdf_id, 1376 enum hpke_aead_id aead_id, 1377 struct crypto_ec_key *peer_pub, 1378 const u8 *info, size_t info_len, 1379 const u8 *aad, size_t aad_len, 1380 const u8 *pt, size_t pt_len); 1381 1382 /** 1383 * hpke_base_open - HPKE base mode single-shot decrypt 1384 * @enc_ct: enc | ct 1385 * Returns: pt; or %NULL on failure 1386 */ 1387 struct wpabuf * hpke_base_open(enum hpke_kem_id kem_id, 1388 enum hpke_kdf_id kdf_id, 1389 enum hpke_aead_id aead_id, 1390 struct crypto_ec_key *own_priv, 1391 const u8 *info, size_t info_len, 1392 const u8 *aad, size_t aad_len, 1393 const u8 *enc_ct, size_t enc_ct_len); 1394 1395 /** 1396 * crypto_unload - Unload crypto resources 1397 * 1398 * This function is called just before the process exits to allow dynamic 1399 * resource allocations to be freed. 1400 */ 1401 void crypto_unload(void); 1402 1403 #endif /* CRYPTO_H */ 1404