1 /* 2 * WPA Supplicant / wrapper functions for libgcrypt 3 * Copyright (c) 2004-2009, Jouni Malinen <j (at) w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9 #include "includes.h" 10 #include <gcrypt.h> 11 12 #include "common.h" 13 #include "crypto.h" 14 15 int md4_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac) 16 { 17 gcry_md_hd_t hd; 18 unsigned char *p; 19 size_t i; 20 21 if (gcry_md_open(&hd, GCRY_MD_MD4, 0) != GPG_ERR_NO_ERROR) 22 return -1; 23 for (i = 0; i < num_elem; i++) 24 gcry_md_write(hd, addr[i], len[i]); 25 p = gcry_md_read(hd, GCRY_MD_MD4); 26 if (p) 27 memcpy(mac, p, gcry_md_get_algo_dlen(GCRY_MD_MD4)); 28 gcry_md_close(hd); 29 return 0; 30 } 31 32 33 void des_encrypt(const u8 *clear, const u8 *key, u8 *cypher) 34 { 35 gcry_cipher_hd_t hd; 36 u8 pkey[8], next, tmp; 37 int i; 38 39 /* Add parity bits to the key */ 40 next = 0; 41 for (i = 0; i < 7; i++) { 42 tmp = key[i]; 43 pkey[i] = (tmp >> i) | next | 1; 44 next = tmp << (7 - i); 45 } 46 pkey[i] = next | 1; 47 48 gcry_cipher_open(&hd, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_ECB, 0); 49 gcry_err_code(gcry_cipher_setkey(hd, pkey, 8)); 50 gcry_cipher_encrypt(hd, cypher, 8, clear, 8); 51 gcry_cipher_close(hd); 52 } 53 54 55 int md5_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac) 56 { 57 gcry_md_hd_t hd; 58 unsigned char *p; 59 size_t i; 60 61 if (gcry_md_open(&hd, GCRY_MD_MD5, 0) != GPG_ERR_NO_ERROR) 62 return -1; 63 for (i = 0; i < num_elem; i++) 64 gcry_md_write(hd, addr[i], len[i]); 65 p = gcry_md_read(hd, GCRY_MD_MD5); 66 if (p) 67 memcpy(mac, p, gcry_md_get_algo_dlen(GCRY_MD_MD5)); 68 gcry_md_close(hd); 69 return 0; 70 } 71 72 73 int sha1_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac) 74 { 75 gcry_md_hd_t hd; 76 unsigned char *p; 77 size_t i; 78 79 if (gcry_md_open(&hd, GCRY_MD_SHA1, 0) != GPG_ERR_NO_ERROR) 80 return -1; 81 for (i = 0; i < num_elem; i++) 82 gcry_md_write(hd, addr[i], len[i]); 83 p = gcry_md_read(hd, GCRY_MD_SHA1); 84 if (p) 85 memcpy(mac, p, gcry_md_get_algo_dlen(GCRY_MD_SHA1)); 86 gcry_md_close(hd); 87 return 0; 88 } 89 90 91 void * aes_encrypt_init(const u8 *key, size_t len) 92 { 93 gcry_cipher_hd_t hd; 94 95 if (gcry_cipher_open(&hd, GCRY_CIPHER_AES, GCRY_CIPHER_MODE_ECB, 0) != 96 GPG_ERR_NO_ERROR) { 97 printf("cipher open failed\n"); 98 return NULL; 99 } 100 if (gcry_cipher_setkey(hd, key, len) != GPG_ERR_NO_ERROR) { 101 printf("setkey failed\n"); 102 gcry_cipher_close(hd); 103 return NULL; 104 } 105 106 return hd; 107 } 108 109 110 void aes_encrypt(void *ctx, const u8 *plain, u8 *crypt) 111 { 112 gcry_cipher_hd_t hd = ctx; 113 gcry_cipher_encrypt(hd, crypt, 16, plain, 16); 114 } 115 116 117 void aes_encrypt_deinit(void *ctx) 118 { 119 gcry_cipher_hd_t hd = ctx; 120 gcry_cipher_close(hd); 121 } 122 123 124 void * aes_decrypt_init(const u8 *key, size_t len) 125 { 126 gcry_cipher_hd_t hd; 127 128 if (gcry_cipher_open(&hd, GCRY_CIPHER_AES, GCRY_CIPHER_MODE_ECB, 0) != 129 GPG_ERR_NO_ERROR) 130 return NULL; 131 if (gcry_cipher_setkey(hd, key, len) != GPG_ERR_NO_ERROR) { 132 gcry_cipher_close(hd); 133 return NULL; 134 } 135 136 return hd; 137 } 138 139 140 void aes_decrypt(void *ctx, const u8 *crypt, u8 *plain) 141 { 142 gcry_cipher_hd_t hd = ctx; 143 gcry_cipher_decrypt(hd, plain, 16, crypt, 16); 144 } 145 146 147 void aes_decrypt_deinit(void *ctx) 148 { 149 gcry_cipher_hd_t hd = ctx; 150 gcry_cipher_close(hd); 151 } 152 153 154 int crypto_mod_exp(const u8 *base, size_t base_len, 155 const u8 *power, size_t power_len, 156 const u8 *modulus, size_t modulus_len, 157 u8 *result, size_t *result_len) 158 { 159 gcry_mpi_t bn_base = NULL, bn_exp = NULL, bn_modulus = NULL, 160 bn_result = NULL; 161 int ret = -1; 162 163 if (gcry_mpi_scan(&bn_base, GCRYMPI_FMT_USG, base, base_len, NULL) != 164 GPG_ERR_NO_ERROR || 165 gcry_mpi_scan(&bn_exp, GCRYMPI_FMT_USG, power, power_len, NULL) != 166 GPG_ERR_NO_ERROR || 167 gcry_mpi_scan(&bn_modulus, GCRYMPI_FMT_USG, modulus, modulus_len, 168 NULL) != GPG_ERR_NO_ERROR) 169 goto error; 170 bn_result = gcry_mpi_new(modulus_len * 8); 171 172 gcry_mpi_powm(bn_result, bn_base, bn_exp, bn_modulus); 173 174 if (gcry_mpi_print(GCRYMPI_FMT_USG, result, *result_len, result_len, 175 bn_result) != GPG_ERR_NO_ERROR) 176 goto error; 177 178 ret = 0; 179 180 error: 181 gcry_mpi_release(bn_base); 182 gcry_mpi_release(bn_exp); 183 gcry_mpi_release(bn_modulus); 184 gcry_mpi_release(bn_result); 185 return ret; 186 } 187 188 189 struct crypto_cipher { 190 gcry_cipher_hd_t enc; 191 gcry_cipher_hd_t dec; 192 }; 193 194 195 struct crypto_cipher * crypto_cipher_init(enum crypto_cipher_alg alg, 196 const u8 *iv, const u8 *key, 197 size_t key_len) 198 { 199 struct crypto_cipher *ctx; 200 gcry_error_t res; 201 enum gcry_cipher_algos a; 202 int ivlen; 203 204 ctx = os_zalloc(sizeof(*ctx)); 205 if (ctx == NULL) 206 return NULL; 207 208 switch (alg) { 209 case CRYPTO_CIPHER_ALG_RC4: 210 a = GCRY_CIPHER_ARCFOUR; 211 res = gcry_cipher_open(&ctx->enc, a, GCRY_CIPHER_MODE_STREAM, 212 0); 213 gcry_cipher_open(&ctx->dec, a, GCRY_CIPHER_MODE_STREAM, 0); 214 break; 215 case CRYPTO_CIPHER_ALG_AES: 216 if (key_len == 24) 217 a = GCRY_CIPHER_AES192; 218 else if (key_len == 32) 219 a = GCRY_CIPHER_AES256; 220 else 221 a = GCRY_CIPHER_AES; 222 res = gcry_cipher_open(&ctx->enc, a, GCRY_CIPHER_MODE_CBC, 0); 223 gcry_cipher_open(&ctx->dec, a, GCRY_CIPHER_MODE_CBC, 0); 224 break; 225 case CRYPTO_CIPHER_ALG_3DES: 226 a = GCRY_CIPHER_3DES; 227 res = gcry_cipher_open(&ctx->enc, a, GCRY_CIPHER_MODE_CBC, 0); 228 gcry_cipher_open(&ctx->dec, a, GCRY_CIPHER_MODE_CBC, 0); 229 break; 230 case CRYPTO_CIPHER_ALG_DES: 231 a = GCRY_CIPHER_DES; 232 res = gcry_cipher_open(&ctx->enc, a, GCRY_CIPHER_MODE_CBC, 0); 233 gcry_cipher_open(&ctx->dec, a, GCRY_CIPHER_MODE_CBC, 0); 234 break; 235 case CRYPTO_CIPHER_ALG_RC2: 236 if (key_len == 5) 237 a = GCRY_CIPHER_RFC2268_40; 238 else 239 a = GCRY_CIPHER_RFC2268_128; 240 res = gcry_cipher_open(&ctx->enc, a, GCRY_CIPHER_MODE_CBC, 0); 241 gcry_cipher_open(&ctx->dec, a, GCRY_CIPHER_MODE_CBC, 0); 242 break; 243 default: 244 os_free(ctx); 245 return NULL; 246 } 247 248 if (res != GPG_ERR_NO_ERROR) { 249 os_free(ctx); 250 return NULL; 251 } 252 253 if (gcry_cipher_setkey(ctx->enc, key, key_len) != GPG_ERR_NO_ERROR || 254 gcry_cipher_setkey(ctx->dec, key, key_len) != GPG_ERR_NO_ERROR) { 255 gcry_cipher_close(ctx->enc); 256 gcry_cipher_close(ctx->dec); 257 os_free(ctx); 258 return NULL; 259 } 260 261 ivlen = gcry_cipher_get_algo_blklen(a); 262 if (gcry_cipher_setiv(ctx->enc, iv, ivlen) != GPG_ERR_NO_ERROR || 263 gcry_cipher_setiv(ctx->dec, iv, ivlen) != GPG_ERR_NO_ERROR) { 264 gcry_cipher_close(ctx->enc); 265 gcry_cipher_close(ctx->dec); 266 os_free(ctx); 267 return NULL; 268 } 269 270 return ctx; 271 } 272 273 274 int crypto_cipher_encrypt(struct crypto_cipher *ctx, const u8 *plain, 275 u8 *crypt, size_t len) 276 { 277 if (gcry_cipher_encrypt(ctx->enc, crypt, len, plain, len) != 278 GPG_ERR_NO_ERROR) 279 return -1; 280 return 0; 281 } 282 283 284 int crypto_cipher_decrypt(struct crypto_cipher *ctx, const u8 *crypt, 285 u8 *plain, size_t len) 286 { 287 if (gcry_cipher_decrypt(ctx->dec, plain, len, crypt, len) != 288 GPG_ERR_NO_ERROR) 289 return -1; 290 return 0; 291 } 292 293 294 void crypto_cipher_deinit(struct crypto_cipher *ctx) 295 { 296 gcry_cipher_close(ctx->enc); 297 gcry_cipher_close(ctx->dec); 298 os_free(ctx); 299 } 300