1 /* 2 * WPA Supplicant / wrapper functions for libcrypto 3 * Copyright (c) 2004-2005, Jouni Malinen <j (at) w1.fi> 4 * 5 * This program is free software; you can redistribute it and/or modify 6 * it under the terms of the GNU General Public License version 2 as 7 * published by the Free Software Foundation. 8 * 9 * Alternatively, this software may be distributed under the terms of BSD 10 * license. 11 * 12 * See README and COPYING for more details. 13 */ 14 15 #include "includes.h" 16 #include <openssl/opensslv.h> 17 #include <openssl/md4.h> 18 #include <openssl/md5.h> 19 #include <openssl/sha.h> 20 #include <openssl/des.h> 21 #include <openssl/aes.h> 22 23 #include "common.h" 24 #include "crypto.h" 25 26 #if OPENSSL_VERSION_NUMBER < 0x00907000 27 #define DES_key_schedule des_key_schedule 28 #define DES_cblock des_cblock 29 #define DES_set_key(key, schedule) des_set_key((key), *(schedule)) 30 #define DES_ecb_encrypt(input, output, ks, enc) \ 31 des_ecb_encrypt((input), (output), *(ks), (enc)) 32 #endif /* openssl < 0.9.7 */ 33 34 35 void md4_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac) 36 { 37 MD4_CTX ctx; 38 size_t i; 39 40 MD4_Init(&ctx); 41 for (i = 0; i < num_elem; i++) 42 MD4_Update(&ctx, addr[i], len[i]); 43 MD4_Final(mac, &ctx); 44 } 45 46 47 void des_encrypt(const u8 *clear, const u8 *key, u8 *cypher) 48 { 49 u8 pkey[8], next, tmp; 50 int i; 51 DES_key_schedule ks; 52 53 /* Add parity bits to the key */ 54 next = 0; 55 for (i = 0; i < 7; i++) { 56 tmp = key[i]; 57 pkey[i] = (tmp >> i) | next | 1; 58 next = tmp << (7 - i); 59 } 60 pkey[i] = next | 1; 61 62 DES_set_key(&pkey, &ks); 63 DES_ecb_encrypt((DES_cblock *) clear, (DES_cblock *) cypher, &ks, 64 DES_ENCRYPT); 65 } 66 67 68 #ifdef EAP_TLS_FUNCS 69 void md5_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac) 70 { 71 MD5_CTX ctx; 72 size_t i; 73 74 MD5_Init(&ctx); 75 for (i = 0; i < num_elem; i++) 76 MD5_Update(&ctx, addr[i], len[i]); 77 MD5_Final(mac, &ctx); 78 } 79 80 81 void sha1_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac) 82 { 83 SHA_CTX ctx; 84 size_t i; 85 86 SHA1_Init(&ctx); 87 for (i = 0; i < num_elem; i++) 88 SHA1_Update(&ctx, addr[i], len[i]); 89 SHA1_Final(mac, &ctx); 90 } 91 92 93 static void sha1_transform(u8 *state, const u8 data[64]) 94 { 95 SHA_CTX context; 96 os_memset(&context, 0, sizeof(context)); 97 os_memcpy(&context.h0, state, 5 * 4); 98 SHA1_Transform(&context, data); 99 os_memcpy(state, &context.h0, 5 * 4); 100 } 101 102 103 int fips186_2_prf(const u8 *seed, size_t seed_len, u8 *x, size_t xlen) 104 { 105 u8 xkey[64]; 106 u32 t[5], _t[5]; 107 int i, j, m, k; 108 u8 *xpos = x; 109 u32 carry; 110 111 if (seed_len > sizeof(xkey)) 112 seed_len = sizeof(xkey); 113 114 /* FIPS 186-2 + change notice 1 */ 115 116 os_memcpy(xkey, seed, seed_len); 117 os_memset(xkey + seed_len, 0, 64 - seed_len); 118 t[0] = 0x67452301; 119 t[1] = 0xEFCDAB89; 120 t[2] = 0x98BADCFE; 121 t[3] = 0x10325476; 122 t[4] = 0xC3D2E1F0; 123 124 m = xlen / 40; 125 for (j = 0; j < m; j++) { 126 /* XSEED_j = 0 */ 127 for (i = 0; i < 2; i++) { 128 /* XVAL = (XKEY + XSEED_j) mod 2^b */ 129 130 /* w_i = G(t, XVAL) */ 131 os_memcpy(_t, t, 20); 132 sha1_transform((u8 *) _t, xkey); 133 _t[0] = host_to_be32(_t[0]); 134 _t[1] = host_to_be32(_t[1]); 135 _t[2] = host_to_be32(_t[2]); 136 _t[3] = host_to_be32(_t[3]); 137 _t[4] = host_to_be32(_t[4]); 138 os_memcpy(xpos, _t, 20); 139 140 /* XKEY = (1 + XKEY + w_i) mod 2^b */ 141 carry = 1; 142 for (k = 19; k >= 0; k--) { 143 carry += xkey[k] + xpos[k]; 144 xkey[k] = carry & 0xff; 145 carry >>= 8; 146 } 147 148 xpos += 20; 149 } 150 /* x_j = w_0|w_1 */ 151 } 152 153 return 0; 154 } 155 156 157 void * aes_encrypt_init(const u8 *key, size_t len) 158 { 159 AES_KEY *ak; 160 ak = os_malloc(sizeof(*ak)); 161 if (ak == NULL) 162 return NULL; 163 if (AES_set_encrypt_key(key, 8 * len, ak) < 0) { 164 os_free(ak); 165 return NULL; 166 } 167 return ak; 168 } 169 170 171 void aes_encrypt(void *ctx, const u8 *plain, u8 *crypt) 172 { 173 AES_encrypt(plain, crypt, ctx); 174 } 175 176 177 void aes_encrypt_deinit(void *ctx) 178 { 179 os_free(ctx); 180 } 181 182 183 void * aes_decrypt_init(const u8 *key, size_t len) 184 { 185 AES_KEY *ak; 186 ak = os_malloc(sizeof(*ak)); 187 if (ak == NULL) 188 return NULL; 189 if (AES_set_decrypt_key(key, 8 * len, ak) < 0) { 190 os_free(ak); 191 return NULL; 192 } 193 return ak; 194 } 195 196 197 void aes_decrypt(void *ctx, const u8 *crypt, u8 *plain) 198 { 199 AES_decrypt(crypt, plain, ctx); 200 } 201 202 203 void aes_decrypt_deinit(void *ctx) 204 { 205 os_free(ctx); 206 } 207 #endif /* EAP_TLS_FUNCS */ 208