1 /* 2 * Wrapper functions for crypto libraries 3 * Copyright (c) 2004-2017, Jouni Malinen <j@w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 * 8 * This file defines the cryptographic functions that need to be implemented 9 * for wpa_supplicant and hostapd. When TLS is not used, internal 10 * implementation of MD5, SHA1, and AES is used and no external libraries are 11 * required. When TLS is enabled (e.g., by enabling EAP-TLS or EAP-PEAP), the 12 * crypto library used by the TLS implementation is expected to be used for 13 * non-TLS needs, too, in order to save space by not implementing these 14 * functions twice. 15 * 16 * Wrapper code for using each crypto library is in its own file (crypto*.c) 17 * and one of these files is build and linked in to provide the functions 18 * defined here. 19 */ 20 21 #ifndef CRYPTO_H 22 #define CRYPTO_H 23 24 #define HMAC_VECTOR_MAX_ELEM 11 25 26 /** 27 * md4_vector - MD4 hash for data vector 28 * @num_elem: Number of elements in the data vector 29 * @addr: Pointers to the data areas 30 * @len: Lengths of the data blocks 31 * @mac: Buffer for the hash 32 * Returns: 0 on success, -1 on failure 33 */ 34 int md4_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac); 35 36 /** 37 * md5_vector - MD5 hash for data vector 38 * @num_elem: Number of elements in the data vector 39 * @addr: Pointers to the data areas 40 * @len: Lengths of the data blocks 41 * @mac: Buffer for the hash 42 * Returns: 0 on success, -1 on failure 43 */ 44 int md5_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac); 45 46 47 /** 48 * sha1_vector - SHA-1 hash for data vector 49 * @num_elem: Number of elements in the data vector 50 * @addr: Pointers to the data areas 51 * @len: Lengths of the data blocks 52 * @mac: Buffer for the hash 53 * Returns: 0 on success, -1 on failure 54 */ 55 int sha1_vector(size_t num_elem, const u8 *addr[], const size_t *len, 56 u8 *mac); 57 58 /** 59 * fips186_2-prf - NIST FIPS Publication 186-2 change notice 1 PRF 60 * @seed: Seed/key for the PRF 61 * @seed_len: Seed length in bytes 62 * @x: Buffer for PRF output 63 * @xlen: Output length in bytes 64 * Returns: 0 on success, -1 on failure 65 * 66 * This function implements random number generation specified in NIST FIPS 67 * Publication 186-2 for EAP-SIM. This PRF uses a function that is similar to 68 * SHA-1, but has different message padding. 69 */ 70 int __must_check fips186_2_prf(const u8 *seed, size_t seed_len, u8 *x, 71 size_t xlen); 72 73 /** 74 * sha256_vector - SHA256 hash for data vector 75 * @num_elem: Number of elements in the data vector 76 * @addr: Pointers to the data areas 77 * @len: Lengths of the data blocks 78 * @mac: Buffer for the hash 79 * Returns: 0 on success, -1 on failure 80 */ 81 int sha256_vector(size_t num_elem, const u8 *addr[], const size_t *len, 82 u8 *mac); 83 84 /** 85 * sha384_vector - SHA384 hash for data vector 86 * @num_elem: Number of elements in the data vector 87 * @addr: Pointers to the data areas 88 * @len: Lengths of the data blocks 89 * @mac: Buffer for the hash 90 * Returns: 0 on success, -1 on failure 91 */ 92 int sha384_vector(size_t num_elem, const u8 *addr[], const size_t *len, 93 u8 *mac); 94 95 /** 96 * sha512_vector - SHA512 hash for data vector 97 * @num_elem: Number of elements in the data vector 98 * @addr: Pointers to the data areas 99 * @len: Lengths of the data blocks 100 * @mac: Buffer for the hash 101 * Returns: 0 on success, -1 on failure 102 */ 103 int sha512_vector(size_t num_elem, const u8 *addr[], const size_t *len, 104 u8 *mac); 105 106 /** 107 * des_encrypt - Encrypt one block with DES 108 * @clear: 8 octets (in) 109 * @key: 7 octets (in) (no parity bits included) 110 * @cypher: 8 octets (out) 111 * Returns: 0 on success, -1 on failure 112 */ 113 int des_encrypt(const u8 *clear, const u8 *key, u8 *cypher); 114 115 /** 116 * aes_encrypt_init - Initialize AES for encryption 117 * @key: Encryption key 118 * @len: Key length in bytes (usually 16, i.e., 128 bits) 119 * Returns: Pointer to context data or %NULL on failure 120 */ 121 void * aes_encrypt_init(const u8 *key, size_t len); 122 123 /** 124 * aes_encrypt - Encrypt one AES block 125 * @ctx: Context pointer from aes_encrypt_init() 126 * @plain: Plaintext data to be encrypted (16 bytes) 127 * @crypt: Buffer for the encrypted data (16 bytes) 128 * Returns: 0 on success, -1 on failure 129 */ 130 int aes_encrypt(void *ctx, const u8 *plain, u8 *crypt); 131 132 /** 133 * aes_encrypt_deinit - Deinitialize AES encryption 134 * @ctx: Context pointer from aes_encrypt_init() 135 */ 136 void aes_encrypt_deinit(void *ctx); 137 138 /** 139 * aes_decrypt_init - Initialize AES for decryption 140 * @key: Decryption key 141 * @len: Key length in bytes (usually 16, i.e., 128 bits) 142 * Returns: Pointer to context data or %NULL on failure 143 */ 144 void * aes_decrypt_init(const u8 *key, size_t len); 145 146 /** 147 * aes_decrypt - Decrypt one AES block 148 * @ctx: Context pointer from aes_encrypt_init() 149 * @crypt: Encrypted data (16 bytes) 150 * @plain: Buffer for the decrypted data (16 bytes) 151 * Returns: 0 on success, -1 on failure 152 */ 153 int aes_decrypt(void *ctx, const u8 *crypt, u8 *plain); 154 155 /** 156 * aes_decrypt_deinit - Deinitialize AES decryption 157 * @ctx: Context pointer from aes_encrypt_init() 158 */ 159 void aes_decrypt_deinit(void *ctx); 160 161 162 enum crypto_hash_alg { 163 CRYPTO_HASH_ALG_MD5, CRYPTO_HASH_ALG_SHA1, 164 CRYPTO_HASH_ALG_HMAC_MD5, CRYPTO_HASH_ALG_HMAC_SHA1, 165 CRYPTO_HASH_ALG_SHA256, CRYPTO_HASH_ALG_HMAC_SHA256, 166 CRYPTO_HASH_ALG_SHA384, CRYPTO_HASH_ALG_SHA512 167 }; 168 169 struct crypto_hash; 170 171 /** 172 * crypto_hash_init - Initialize hash/HMAC function 173 * @alg: Hash algorithm 174 * @key: Key for keyed hash (e.g., HMAC) or %NULL if not needed 175 * @key_len: Length of the key in bytes 176 * Returns: Pointer to hash context to use with other hash functions or %NULL 177 * on failure 178 * 179 * This function is only used with internal TLSv1 implementation 180 * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need 181 * to implement this. 182 */ 183 struct crypto_hash * crypto_hash_init(enum crypto_hash_alg alg, const u8 *key, 184 size_t key_len); 185 186 /** 187 * crypto_hash_update - Add data to hash calculation 188 * @ctx: Context pointer from crypto_hash_init() 189 * @data: Data buffer to add 190 * @len: Length of the buffer 191 * 192 * This function is only used with internal TLSv1 implementation 193 * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need 194 * to implement this. 195 */ 196 void crypto_hash_update(struct crypto_hash *ctx, const u8 *data, size_t len); 197 198 /** 199 * crypto_hash_finish - Complete hash calculation 200 * @ctx: Context pointer from crypto_hash_init() 201 * @hash: Buffer for hash value or %NULL if caller is just freeing the hash 202 * context 203 * @len: Pointer to length of the buffer or %NULL if caller is just freeing the 204 * hash context; on return, this is set to the actual length of the hash value 205 * Returns: 0 on success, -1 if buffer is too small (len set to needed length), 206 * or -2 on other failures (including failed crypto_hash_update() operations) 207 * 208 * This function calculates the hash value and frees the context buffer that 209 * was used for hash calculation. 210 * 211 * This function is only used with internal TLSv1 implementation 212 * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need 213 * to implement this. 214 */ 215 int crypto_hash_finish(struct crypto_hash *ctx, u8 *hash, size_t *len); 216 217 218 enum crypto_cipher_alg { 219 CRYPTO_CIPHER_NULL = 0, CRYPTO_CIPHER_ALG_AES, CRYPTO_CIPHER_ALG_3DES, 220 CRYPTO_CIPHER_ALG_DES, CRYPTO_CIPHER_ALG_RC2, CRYPTO_CIPHER_ALG_RC4 221 }; 222 223 struct crypto_cipher; 224 225 /** 226 * crypto_cipher_init - Initialize block/stream cipher function 227 * @alg: Cipher algorithm 228 * @iv: Initialization vector for block ciphers or %NULL for stream ciphers 229 * @key: Cipher key 230 * @key_len: Length of key in bytes 231 * Returns: Pointer to cipher context to use with other cipher functions or 232 * %NULL on failure 233 * 234 * This function is only used with internal TLSv1 implementation 235 * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need 236 * to implement this. 237 */ 238 struct crypto_cipher * crypto_cipher_init(enum crypto_cipher_alg alg, 239 const u8 *iv, const u8 *key, 240 size_t key_len); 241 242 /** 243 * crypto_cipher_encrypt - Cipher encrypt 244 * @ctx: Context pointer from crypto_cipher_init() 245 * @plain: Plaintext to cipher 246 * @crypt: Resulting ciphertext 247 * @len: Length of the plaintext 248 * Returns: 0 on success, -1 on failure 249 * 250 * This function is only used with internal TLSv1 implementation 251 * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need 252 * to implement this. 253 */ 254 int __must_check crypto_cipher_encrypt(struct crypto_cipher *ctx, 255 const u8 *plain, u8 *crypt, size_t len); 256 257 /** 258 * crypto_cipher_decrypt - Cipher decrypt 259 * @ctx: Context pointer from crypto_cipher_init() 260 * @crypt: Ciphertext to decrypt 261 * @plain: Resulting plaintext 262 * @len: Length of the cipher text 263 * Returns: 0 on success, -1 on failure 264 * 265 * This function is only used with internal TLSv1 implementation 266 * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need 267 * to implement this. 268 */ 269 int __must_check crypto_cipher_decrypt(struct crypto_cipher *ctx, 270 const u8 *crypt, u8 *plain, size_t len); 271 272 /** 273 * crypto_cipher_decrypt - Free cipher context 274 * @ctx: Context pointer from crypto_cipher_init() 275 * 276 * This function is only used with internal TLSv1 implementation 277 * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need 278 * to implement this. 279 */ 280 void crypto_cipher_deinit(struct crypto_cipher *ctx); 281 282 283 struct crypto_public_key; 284 struct crypto_private_key; 285 286 /** 287 * crypto_public_key_import - Import an RSA public key 288 * @key: Key buffer (DER encoded RSA public key) 289 * @len: Key buffer length in bytes 290 * Returns: Pointer to the public key or %NULL on failure 291 * 292 * This function can just return %NULL if the crypto library supports X.509 293 * parsing. In that case, crypto_public_key_from_cert() is used to import the 294 * public key from a certificate. 295 * 296 * This function is only used with internal TLSv1 implementation 297 * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need 298 * to implement this. 299 */ 300 struct crypto_public_key * crypto_public_key_import(const u8 *key, size_t len); 301 302 struct crypto_public_key * 303 crypto_public_key_import_parts(const u8 *n, size_t n_len, 304 const u8 *e, size_t e_len); 305 306 /** 307 * crypto_private_key_import - Import an RSA private key 308 * @key: Key buffer (DER encoded RSA private key) 309 * @len: Key buffer length in bytes 310 * @passwd: Key encryption password or %NULL if key is not encrypted 311 * Returns: Pointer to the private key or %NULL on failure 312 * 313 * This function is only used with internal TLSv1 implementation 314 * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need 315 * to implement this. 316 */ 317 struct crypto_private_key * crypto_private_key_import(const u8 *key, 318 size_t len, 319 const char *passwd); 320 321 /** 322 * crypto_public_key_from_cert - Import an RSA public key from a certificate 323 * @buf: DER encoded X.509 certificate 324 * @len: Certificate buffer length in bytes 325 * Returns: Pointer to public key or %NULL on failure 326 * 327 * This function can just return %NULL if the crypto library does not support 328 * X.509 parsing. In that case, internal code will be used to parse the 329 * certificate and public key is imported using crypto_public_key_import(). 330 * 331 * This function is only used with internal TLSv1 implementation 332 * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need 333 * to implement this. 334 */ 335 struct crypto_public_key * crypto_public_key_from_cert(const u8 *buf, 336 size_t len); 337 338 /** 339 * crypto_public_key_encrypt_pkcs1_v15 - Public key encryption (PKCS #1 v1.5) 340 * @key: Public key 341 * @in: Plaintext buffer 342 * @inlen: Length of plaintext buffer in bytes 343 * @out: Output buffer for encrypted data 344 * @outlen: Length of output buffer in bytes; set to used length on success 345 * Returns: 0 on success, -1 on failure 346 * 347 * This function is only used with internal TLSv1 implementation 348 * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need 349 * to implement this. 350 */ 351 int __must_check crypto_public_key_encrypt_pkcs1_v15( 352 struct crypto_public_key *key, const u8 *in, size_t inlen, 353 u8 *out, size_t *outlen); 354 355 /** 356 * crypto_private_key_decrypt_pkcs1_v15 - Private key decryption (PKCS #1 v1.5) 357 * @key: Private key 358 * @in: Encrypted buffer 359 * @inlen: Length of encrypted buffer in bytes 360 * @out: Output buffer for encrypted data 361 * @outlen: Length of output buffer in bytes; set to used length on success 362 * Returns: 0 on success, -1 on failure 363 * 364 * This function is only used with internal TLSv1 implementation 365 * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need 366 * to implement this. 367 */ 368 int __must_check crypto_private_key_decrypt_pkcs1_v15( 369 struct crypto_private_key *key, const u8 *in, size_t inlen, 370 u8 *out, size_t *outlen); 371 372 /** 373 * crypto_private_key_sign_pkcs1 - Sign with private key (PKCS #1) 374 * @key: Private key from crypto_private_key_import() 375 * @in: Plaintext buffer 376 * @inlen: Length of plaintext buffer in bytes 377 * @out: Output buffer for encrypted (signed) data 378 * @outlen: Length of output buffer in bytes; set to used length on success 379 * Returns: 0 on success, -1 on failure 380 * 381 * This function is only used with internal TLSv1 implementation 382 * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need 383 * to implement this. 384 */ 385 int __must_check crypto_private_key_sign_pkcs1(struct crypto_private_key *key, 386 const u8 *in, size_t inlen, 387 u8 *out, size_t *outlen); 388 389 /** 390 * crypto_public_key_free - Free public key 391 * @key: Public key 392 * 393 * This function is only used with internal TLSv1 implementation 394 * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need 395 * to implement this. 396 */ 397 void crypto_public_key_free(struct crypto_public_key *key); 398 399 /** 400 * crypto_private_key_free - Free private key 401 * @key: Private key from crypto_private_key_import() 402 * 403 * This function is only used with internal TLSv1 implementation 404 * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need 405 * to implement this. 406 */ 407 void crypto_private_key_free(struct crypto_private_key *key); 408 409 /** 410 * crypto_public_key_decrypt_pkcs1 - Decrypt PKCS #1 signature 411 * @key: Public key 412 * @crypt: Encrypted signature data (using the private key) 413 * @crypt_len: Encrypted signature data length 414 * @plain: Buffer for plaintext (at least crypt_len bytes) 415 * @plain_len: Plaintext length (max buffer size on input, real len on output); 416 * Returns: 0 on success, -1 on failure 417 */ 418 int __must_check crypto_public_key_decrypt_pkcs1( 419 struct crypto_public_key *key, const u8 *crypt, size_t crypt_len, 420 u8 *plain, size_t *plain_len); 421 422 int crypto_dh_init(u8 generator, const u8 *prime, size_t prime_len, u8 *privkey, 423 u8 *pubkey); 424 int crypto_dh_derive_secret(u8 generator, const u8 *prime, size_t prime_len, 425 const u8 *order, size_t order_len, 426 const u8 *privkey, size_t privkey_len, 427 const u8 *pubkey, size_t pubkey_len, 428 u8 *secret, size_t *len); 429 430 /** 431 * crypto_global_init - Initialize crypto wrapper 432 * 433 * This function is only used with internal TLSv1 implementation 434 * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need 435 * to implement this. 436 */ 437 int __must_check crypto_global_init(void); 438 439 /** 440 * crypto_global_deinit - Deinitialize crypto wrapper 441 * 442 * This function is only used with internal TLSv1 implementation 443 * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need 444 * to implement this. 445 */ 446 void crypto_global_deinit(void); 447 448 /** 449 * crypto_mod_exp - Modular exponentiation of large integers 450 * @base: Base integer (big endian byte array) 451 * @base_len: Length of base integer in bytes 452 * @power: Power integer (big endian byte array) 453 * @power_len: Length of power integer in bytes 454 * @modulus: Modulus integer (big endian byte array) 455 * @modulus_len: Length of modulus integer in bytes 456 * @result: Buffer for the result 457 * @result_len: Result length (max buffer size on input, real len on output) 458 * Returns: 0 on success, -1 on failure 459 * 460 * This function calculates result = base ^ power mod modulus. modules_len is 461 * used as the maximum size of modulus buffer. It is set to the used size on 462 * success. 463 * 464 * This function is only used with internal TLSv1 implementation 465 * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need 466 * to implement this. 467 */ 468 int __must_check crypto_mod_exp(const u8 *base, size_t base_len, 469 const u8 *power, size_t power_len, 470 const u8 *modulus, size_t modulus_len, 471 u8 *result, size_t *result_len); 472 473 /** 474 * rc4_skip - XOR RC4 stream to given data with skip-stream-start 475 * @key: RC4 key 476 * @keylen: RC4 key length 477 * @skip: number of bytes to skip from the beginning of the RC4 stream 478 * @data: data to be XOR'ed with RC4 stream 479 * @data_len: buf length 480 * Returns: 0 on success, -1 on failure 481 * 482 * Generate RC4 pseudo random stream for the given key, skip beginning of the 483 * stream, and XOR the end result with the data buffer to perform RC4 484 * encryption/decryption. 485 */ 486 int rc4_skip(const u8 *key, size_t keylen, size_t skip, 487 u8 *data, size_t data_len); 488 489 /** 490 * crypto_get_random - Generate cryptographically strong pseudo-random bytes 491 * @buf: Buffer for data 492 * @len: Number of bytes to generate 493 * Returns: 0 on success, -1 on failure 494 * 495 * If the PRNG does not have enough entropy to ensure unpredictable byte 496 * sequence, this functions must return -1. 497 */ 498 int crypto_get_random(void *buf, size_t len); 499 500 /** 501 * crypto_pkcs7_get_certificates - Extract X.509 certificates from PKCS#7 data 502 * @pkcs7: DER encoded PKCS#7 data 503 * Returns: Buffer of the extracted PEM X.509 certificates or %NULL on failure 504 */ 505 struct wpabuf * crypto_pkcs7_get_certificates(const struct wpabuf *pkcs7); 506 507 508 /** 509 * struct crypto_bignum - bignum 510 * 511 * Internal data structure for bignum implementation. The contents is specific 512 * to the used crypto library. 513 */ 514 struct crypto_bignum; 515 516 /** 517 * crypto_bignum_init - Allocate memory for bignum 518 * Returns: Pointer to allocated bignum or %NULL on failure 519 */ 520 struct crypto_bignum * crypto_bignum_init(void); 521 522 /** 523 * crypto_bignum_init_set - Allocate memory for bignum and set the value 524 * @buf: Buffer with unsigned binary value 525 * @len: Length of buf in octets 526 * Returns: Pointer to allocated bignum or %NULL on failure 527 */ 528 struct crypto_bignum * crypto_bignum_init_set(const u8 *buf, size_t len); 529 530 /** 531 * crypto_bignum_init_set - Allocate memory for bignum and set the value (uint) 532 * @val: Value to set 533 * Returns: Pointer to allocated bignum or %NULL on failure 534 */ 535 struct crypto_bignum * crypto_bignum_init_uint(unsigned int val); 536 537 /** 538 * crypto_bignum_deinit - Free bignum 539 * @n: Bignum from crypto_bignum_init() or crypto_bignum_init_set() 540 * @clear: Whether to clear the value from memory 541 */ 542 void crypto_bignum_deinit(struct crypto_bignum *n, int clear); 543 544 /** 545 * crypto_bignum_to_bin - Set binary buffer to unsigned bignum 546 * @a: Bignum 547 * @buf: Buffer for the binary number 548 * @len: Length of @buf in octets 549 * @padlen: Length in octets to pad the result to or 0 to indicate no padding 550 * Returns: Number of octets written on success, -1 on failure 551 */ 552 int crypto_bignum_to_bin(const struct crypto_bignum *a, 553 u8 *buf, size_t buflen, size_t padlen); 554 555 /** 556 * crypto_bignum_rand - Create a random number in range of modulus 557 * @r: Bignum; set to a random value 558 * @m: Bignum; modulus 559 * Returns: 0 on success, -1 on failure 560 */ 561 int crypto_bignum_rand(struct crypto_bignum *r, const struct crypto_bignum *m); 562 563 /** 564 * crypto_bignum_add - c = a + b 565 * @a: Bignum 566 * @b: Bignum 567 * @c: Bignum; used to store the result of a + b 568 * Returns: 0 on success, -1 on failure 569 */ 570 int crypto_bignum_add(const struct crypto_bignum *a, 571 const struct crypto_bignum *b, 572 struct crypto_bignum *c); 573 574 /** 575 * crypto_bignum_mod - c = a % b 576 * @a: Bignum 577 * @b: Bignum 578 * @c: Bignum; used to store the result of a % b 579 * Returns: 0 on success, -1 on failure 580 */ 581 int crypto_bignum_mod(const struct crypto_bignum *a, 582 const struct crypto_bignum *b, 583 struct crypto_bignum *c); 584 585 /** 586 * crypto_bignum_exptmod - Modular exponentiation: d = a^b (mod c) 587 * @a: Bignum; base 588 * @b: Bignum; exponent 589 * @c: Bignum; modulus 590 * @d: Bignum; used to store the result of a^b (mod c) 591 * Returns: 0 on success, -1 on failure 592 */ 593 int crypto_bignum_exptmod(const struct crypto_bignum *a, 594 const struct crypto_bignum *b, 595 const struct crypto_bignum *c, 596 struct crypto_bignum *d); 597 598 /** 599 * crypto_bignum_inverse - Inverse a bignum so that a * c = 1 (mod b) 600 * @a: Bignum 601 * @b: Bignum 602 * @c: Bignum; used to store the result 603 * Returns: 0 on success, -1 on failure 604 */ 605 int crypto_bignum_inverse(const struct crypto_bignum *a, 606 const struct crypto_bignum *b, 607 struct crypto_bignum *c); 608 609 /** 610 * crypto_bignum_sub - c = a - b 611 * @a: Bignum 612 * @b: Bignum 613 * @c: Bignum; used to store the result of a - b 614 * Returns: 0 on success, -1 on failure 615 */ 616 int crypto_bignum_sub(const struct crypto_bignum *a, 617 const struct crypto_bignum *b, 618 struct crypto_bignum *c); 619 620 /** 621 * crypto_bignum_div - c = a / b 622 * @a: Bignum 623 * @b: Bignum 624 * @c: Bignum; used to store the result of a / b 625 * Returns: 0 on success, -1 on failure 626 */ 627 int crypto_bignum_div(const struct crypto_bignum *a, 628 const struct crypto_bignum *b, 629 struct crypto_bignum *c); 630 631 /** 632 * crypto_bignum_addmod - d = a + b (mod c) 633 * @a: Bignum 634 * @b: Bignum 635 * @c: Bignum 636 * @d: Bignum; used to store the result of (a + b) % c 637 * Returns: 0 on success, -1 on failure 638 */ 639 int crypto_bignum_addmod(const struct crypto_bignum *a, 640 const struct crypto_bignum *b, 641 const struct crypto_bignum *c, 642 struct crypto_bignum *d); 643 644 /** 645 * crypto_bignum_mulmod - d = a * b (mod c) 646 * @a: Bignum 647 * @b: Bignum 648 * @c: Bignum 649 * @d: Bignum; used to store the result of (a * b) % c 650 * Returns: 0 on success, -1 on failure 651 */ 652 int crypto_bignum_mulmod(const struct crypto_bignum *a, 653 const struct crypto_bignum *b, 654 const struct crypto_bignum *c, 655 struct crypto_bignum *d); 656 657 /** 658 * crypto_bignum_sqrmod - c = a^2 (mod b) 659 * @a: Bignum 660 * @b: Bignum 661 * @c: Bignum; used to store the result of a^2 % b 662 * Returns: 0 on success, -1 on failure 663 */ 664 int crypto_bignum_sqrmod(const struct crypto_bignum *a, 665 const struct crypto_bignum *b, 666 struct crypto_bignum *c); 667 668 /** 669 * crypto_bignum_rshift - r = a >> n 670 * @a: Bignum 671 * @n: Number of bits 672 * @r: Bignum; used to store the result of a >> n 673 * Returns: 0 on success, -1 on failure 674 */ 675 int crypto_bignum_rshift(const struct crypto_bignum *a, int n, 676 struct crypto_bignum *r); 677 678 /** 679 * crypto_bignum_cmp - Compare two bignums 680 * @a: Bignum 681 * @b: Bignum 682 * Returns: -1 if a < b, 0 if a == b, or 1 if a > b 683 */ 684 int crypto_bignum_cmp(const struct crypto_bignum *a, 685 const struct crypto_bignum *b); 686 687 /** 688 * crypto_bignum_is_zero - Is the given bignum zero 689 * @a: Bignum 690 * Returns: 1 if @a is zero or 0 if not 691 */ 692 int crypto_bignum_is_zero(const struct crypto_bignum *a); 693 694 /** 695 * crypto_bignum_is_one - Is the given bignum one 696 * @a: Bignum 697 * Returns: 1 if @a is one or 0 if not 698 */ 699 int crypto_bignum_is_one(const struct crypto_bignum *a); 700 701 /** 702 * crypto_bignum_is_odd - Is the given bignum odd 703 * @a: Bignum 704 * Returns: 1 if @a is odd or 0 if not 705 */ 706 int crypto_bignum_is_odd(const struct crypto_bignum *a); 707 708 /** 709 * crypto_bignum_legendre - Compute the Legendre symbol (a/p) 710 * @a: Bignum 711 * @p: Bignum 712 * Returns: Legendre symbol -1,0,1 on success; -2 on calculation failure 713 */ 714 int crypto_bignum_legendre(const struct crypto_bignum *a, 715 const struct crypto_bignum *p); 716 717 /** 718 * struct crypto_ec - Elliptic curve context 719 * 720 * Internal data structure for EC implementation. The contents is specific 721 * to the used crypto library. 722 */ 723 struct crypto_ec; 724 725 /** 726 * struct crypto_ec_point - Elliptic curve point 727 * 728 * Internal data structure for EC implementation to represent a point. The 729 * contents is specific to the used crypto library. 730 */ 731 struct crypto_ec_point; 732 733 /** 734 * crypto_ec_init - Initialize elliptic curve context 735 * @group: Identifying number for the ECC group (IANA "Group Description" 736 * attribute registrty for RFC 2409) 737 * Returns: Pointer to EC context or %NULL on failure 738 */ 739 struct crypto_ec * crypto_ec_init(int group); 740 741 /** 742 * crypto_ec_deinit - Deinitialize elliptic curve context 743 * @e: EC context from crypto_ec_init() 744 */ 745 void crypto_ec_deinit(struct crypto_ec *e); 746 747 /** 748 * crypto_ec_prime_len - Get length of the prime in octets 749 * @e: EC context from crypto_ec_init() 750 * Returns: Length of the prime defining the group 751 */ 752 size_t crypto_ec_prime_len(struct crypto_ec *e); 753 754 /** 755 * crypto_ec_prime_len_bits - Get length of the prime in bits 756 * @e: EC context from crypto_ec_init() 757 * Returns: Length of the prime defining the group in bits 758 */ 759 size_t crypto_ec_prime_len_bits(struct crypto_ec *e); 760 761 /** 762 * crypto_ec_order_len - Get length of the order in octets 763 * @e: EC context from crypto_ec_init() 764 * Returns: Length of the order defining the group 765 */ 766 size_t crypto_ec_order_len(struct crypto_ec *e); 767 768 /** 769 * crypto_ec_get_prime - Get prime defining an EC group 770 * @e: EC context from crypto_ec_init() 771 * Returns: Prime (bignum) defining the group 772 */ 773 const struct crypto_bignum * crypto_ec_get_prime(struct crypto_ec *e); 774 775 /** 776 * crypto_ec_get_order - Get order of an EC group 777 * @e: EC context from crypto_ec_init() 778 * Returns: Order (bignum) of the group 779 */ 780 const struct crypto_bignum * crypto_ec_get_order(struct crypto_ec *e); 781 782 /** 783 * crypto_ec_get_a - Get 'a' coefficient of an EC group's curve 784 * @e: EC context from crypto_ec_init() 785 * Returns: 'a' coefficient (bignum) of the group 786 */ 787 const struct crypto_bignum * crypto_ec_get_a(struct crypto_ec *e); 788 789 /** 790 * crypto_ec_get_b - Get 'b' coeffiecient of an EC group's curve 791 * @e: EC context from crypto_ec_init() 792 * Returns: 'b' coefficient (bignum) of the group 793 */ 794 const struct crypto_bignum * crypto_ec_get_b(struct crypto_ec *e); 795 796 /** 797 * crypto_ec_get_generator - Get generator point of the EC group's curve 798 * @e: EC context from crypto_ec_init() 799 * Returns: Pointer to generator point 800 */ 801 const struct crypto_ec_point * crypto_ec_get_generator(struct crypto_ec *e); 802 803 /** 804 * crypto_ec_point_init - Initialize data for an EC point 805 * @e: EC context from crypto_ec_init() 806 * Returns: Pointer to EC point data or %NULL on failure 807 */ 808 struct crypto_ec_point * crypto_ec_point_init(struct crypto_ec *e); 809 810 /** 811 * crypto_ec_point_deinit - Deinitialize EC point data 812 * @p: EC point data from crypto_ec_point_init() 813 * @clear: Whether to clear the EC point value from memory 814 */ 815 void crypto_ec_point_deinit(struct crypto_ec_point *p, int clear); 816 817 /** 818 * crypto_ec_point_x - Copies the x-ordinate point into big number 819 * @e: EC context from crypto_ec_init() 820 * @p: EC point data 821 * @x: Big number to set to the copy of x-ordinate 822 * Returns: 0 on success, -1 on failure 823 */ 824 int crypto_ec_point_x(struct crypto_ec *e, const struct crypto_ec_point *p, 825 struct crypto_bignum *x); 826 827 /** 828 * crypto_ec_point_to_bin - Write EC point value as binary data 829 * @e: EC context from crypto_ec_init() 830 * @p: EC point data from crypto_ec_point_init() 831 * @x: Buffer for writing the binary data for x coordinate or %NULL if not used 832 * @y: Buffer for writing the binary data for y coordinate or %NULL if not used 833 * Returns: 0 on success, -1 on failure 834 * 835 * This function can be used to write an EC point as binary data in a format 836 * that has the x and y coordinates in big endian byte order fields padded to 837 * the length of the prime defining the group. 838 */ 839 int crypto_ec_point_to_bin(struct crypto_ec *e, 840 const struct crypto_ec_point *point, u8 *x, u8 *y); 841 842 /** 843 * crypto_ec_point_from_bin - Create EC point from binary data 844 * @e: EC context from crypto_ec_init() 845 * @val: Binary data to read the EC point from 846 * Returns: Pointer to EC point data or %NULL on failure 847 * 848 * This function readers x and y coordinates of the EC point from the provided 849 * buffer assuming the values are in big endian byte order with fields padded to 850 * the length of the prime defining the group. 851 */ 852 struct crypto_ec_point * crypto_ec_point_from_bin(struct crypto_ec *e, 853 const u8 *val); 854 855 /** 856 * crypto_ec_point_add - c = a + b 857 * @e: EC context from crypto_ec_init() 858 * @a: Bignum 859 * @b: Bignum 860 * @c: Bignum; used to store the result of a + b 861 * Returns: 0 on success, -1 on failure 862 */ 863 int crypto_ec_point_add(struct crypto_ec *e, const struct crypto_ec_point *a, 864 const struct crypto_ec_point *b, 865 struct crypto_ec_point *c); 866 867 /** 868 * crypto_ec_point_mul - res = b * p 869 * @e: EC context from crypto_ec_init() 870 * @p: EC point 871 * @b: Bignum 872 * @res: EC point; used to store the result of b * p 873 * Returns: 0 on success, -1 on failure 874 */ 875 int crypto_ec_point_mul(struct crypto_ec *e, const struct crypto_ec_point *p, 876 const struct crypto_bignum *b, 877 struct crypto_ec_point *res); 878 879 /** 880 * crypto_ec_point_invert - Compute inverse of an EC point 881 * @e: EC context from crypto_ec_init() 882 * @p: EC point to invert (and result of the operation) 883 * Returns: 0 on success, -1 on failure 884 */ 885 int crypto_ec_point_invert(struct crypto_ec *e, struct crypto_ec_point *p); 886 887 /** 888 * crypto_ec_point_compute_y_sqr - Compute y^2 = x^3 + ax + b 889 * @e: EC context from crypto_ec_init() 890 * @x: x coordinate 891 * Returns: y^2 on success, %NULL failure 892 */ 893 struct crypto_bignum * 894 crypto_ec_point_compute_y_sqr(struct crypto_ec *e, 895 const struct crypto_bignum *x); 896 897 /** 898 * crypto_ec_point_is_at_infinity - Check whether EC point is neutral element 899 * @e: EC context from crypto_ec_init() 900 * @p: EC point 901 * Returns: 1 if the specified EC point is the neutral element of the group or 902 * 0 if not 903 */ 904 int crypto_ec_point_is_at_infinity(struct crypto_ec *e, 905 const struct crypto_ec_point *p); 906 907 /** 908 * crypto_ec_point_is_on_curve - Check whether EC point is on curve 909 * @e: EC context from crypto_ec_init() 910 * @p: EC point 911 * Returns: 1 if the specified EC point is on the curve or 0 if not 912 */ 913 int crypto_ec_point_is_on_curve(struct crypto_ec *e, 914 const struct crypto_ec_point *p); 915 916 /** 917 * crypto_ec_point_cmp - Compare two EC points 918 * @e: EC context from crypto_ec_init() 919 * @a: EC point 920 * @b: EC point 921 * Returns: 0 on equal, non-zero otherwise 922 */ 923 int crypto_ec_point_cmp(const struct crypto_ec *e, 924 const struct crypto_ec_point *a, 925 const struct crypto_ec_point *b); 926 927 /** 928 * crypto_ec_point_debug_print - Dump EC point to debug log 929 * @e: EC context from crypto_ec_init() 930 * @p: EC point 931 * @title: Name of the EC point in the trace 932 */ 933 void crypto_ec_point_debug_print(const struct crypto_ec *e, 934 const struct crypto_ec_point *p, 935 const char *title); 936 937 /** 938 * struct crypto_ec_key - Elliptic curve key pair 939 * 940 * Internal data structure for EC key pair. The contents is specific to the used 941 * crypto library. 942 */ 943 struct crypto_ec_key; 944 945 /** 946 * struct crypto_ecdh - Elliptic Curve Diffie–Hellman context 947 * 948 * Internal data structure for ECDH. The contents is specific to the used 949 * crypto library. 950 */ 951 struct crypto_ecdh; 952 953 /** 954 * crypto_ecdh_init - Initialize elliptic curve Diffie–Hellman context 955 * @group: Identifying number for the ECC group (IANA "Group Description" 956 * attribute registry for RFC 2409) 957 * This function generates an ephemeral key pair. 958 * Returns: Pointer to ECDH context or %NULL on failure 959 */ 960 struct crypto_ecdh * crypto_ecdh_init(int group); 961 962 /** 963 * crypto_ecdh_init2 - Initialize elliptic curve Diffie–Hellman context with a 964 * given EC key 965 * @group: Identifying number for the ECC group (IANA "Group Description" 966 * attribute registry for RFC 2409) 967 * @own_key: Our own EC Key 968 * Returns: Pointer to ECDH context or %NULL on failure 969 */ 970 struct crypto_ecdh * crypto_ecdh_init2(int group, 971 struct crypto_ec_key *own_key); 972 973 /** 974 * crypto_ecdh_get_pubkey - Retrieve public key from ECDH context 975 * @ecdh: ECDH context from crypto_ecdh_init() or crypto_ecdh_init2() 976 * @inc_y: Whether public key should include y coordinate (explicit form) 977 * or not (compressed form) 978 * Returns: Binary data f the public key or %NULL on failure 979 */ 980 struct wpabuf * crypto_ecdh_get_pubkey(struct crypto_ecdh *ecdh, int inc_y); 981 982 /** 983 * crypto_ecdh_set_peerkey - Compute ECDH secret 984 * @ecdh: ECDH context from crypto_ecdh_init() or crypto_ecdh_init2() 985 * @inc_y: Whether peer's public key includes y coordinate (explicit form) 986 * or not (compressed form) 987 * @key: Binary data of the peer's public key 988 * @len: Length of the @key buffer 989 * Returns: Binary data with the EDCH secret or %NULL on failure 990 */ 991 struct wpabuf * crypto_ecdh_set_peerkey(struct crypto_ecdh *ecdh, int inc_y, 992 const u8 *key, size_t len); 993 994 /** 995 * crypto_ecdh_deinit - Free ECDH context 996 * @ecdh: ECDH context from crypto_ecdh_init() or crypto_ecdh_init2() 997 */ 998 void crypto_ecdh_deinit(struct crypto_ecdh *ecdh); 999 1000 /** 1001 * crypto_ecdh_prime_len - Get length of the prime in octets 1002 * @e: ECDH context from crypto_ecdh_init() 1003 * Returns: Length of the prime defining the group 1004 */ 1005 size_t crypto_ecdh_prime_len(struct crypto_ecdh *ecdh); 1006 1007 /** 1008 * crypto_ec_key_parse_priv - Initialize EC key pair from ECPrivateKey ASN.1 1009 * @der: DER encoding of ASN.1 ECPrivateKey 1010 * @der_len: Length of @der buffer 1011 * Returns: EC key or %NULL on failure 1012 */ 1013 struct crypto_ec_key * crypto_ec_key_parse_priv(const u8 *der, size_t der_len); 1014 1015 /** 1016 * crypto_ec_key_set_priv - Initialize EC key pair from raw key data 1017 * @group: Identifying number for the ECC group 1018 * @raw: Raw key data 1019 * @raw_len: Length of @raw buffer 1020 * Returns: EC key or %NULL on failure 1021 */ 1022 struct crypto_ec_key * crypto_ec_key_set_priv(int group, 1023 const u8 *raw, size_t raw_len); 1024 1025 /** 1026 * crypto_ec_key_parse_pub - Initialize EC key pair from SubjectPublicKeyInfo ASN.1 1027 * @der: DER encoding of ASN.1 SubjectPublicKeyInfo 1028 * @der_len: Length of @der buffer 1029 * Returns: EC key or %NULL on failure 1030 */ 1031 struct crypto_ec_key * crypto_ec_key_parse_pub(const u8 *der, size_t der_len); 1032 1033 /** 1034 * crypto_ec_key_set_pub - Initialize an EC public key from EC point coordinates 1035 * @group: Identifying number for the ECC group 1036 * @x: X coordinate of the public key 1037 * @y: Y coordinate of the public key 1038 * @len: Length of @x and @y buffer 1039 * Returns: EC key or %NULL on failure 1040 * 1041 * This function initialize an EC key from public key coordinates, in big endian 1042 * byte order padded to the length of the prime defining the group. 1043 */ 1044 struct crypto_ec_key * crypto_ec_key_set_pub(int group, const u8 *x, 1045 const u8 *y, size_t len); 1046 1047 /** 1048 * crypto_ec_key_set_pub_point - Initialize an EC public key from EC point 1049 * @e: EC context from crypto_ec_init() 1050 * @pub: Public key point 1051 * Returns: EC key or %NULL on failure 1052 */ 1053 struct crypto_ec_key * 1054 crypto_ec_key_set_pub_point(struct crypto_ec *e, 1055 const struct crypto_ec_point *pub); 1056 1057 /** 1058 * crypto_ec_key_gen - Generate EC key pair 1059 * @group: Identifying number for the ECC group 1060 * Returns: EC key or %NULL on failure 1061 */ 1062 struct crypto_ec_key * crypto_ec_key_gen(int group); 1063 1064 /** 1065 * crypto_ec_key_deinit - Free EC key 1066 * @key: EC key from crypto_ec_key_parse_pub/priv() or crypto_ec_key_gen() 1067 */ 1068 void crypto_ec_key_deinit(struct crypto_ec_key *key); 1069 1070 /** 1071 * crypto_ec_key_get_subject_public_key - Get SubjectPublicKeyInfo ASN.1 for an EC key 1072 * @key: EC key from crypto_ec_key_parse/set_pub/priv() or crypto_ec_key_gen() 1073 * Returns: Buffer with DER encoding of ASN.1 SubjectPublicKeyInfo using 1074 * compressed point format, or %NULL on failure 1075 */ 1076 struct wpabuf * crypto_ec_key_get_subject_public_key(struct crypto_ec_key *key); 1077 1078 /** 1079 * crypto_ec_key_get_ecprivate_key - Get ECPrivateKey ASN.1 for a EC key 1080 * @key: EC key from crypto_ec_key_parse_priv() or crypto_ec_key_gen() 1081 * @include_pub: Whether to include public key in the ASN.1 sequence 1082 * Returns: Buffer with DER encoding of ASN.1 ECPrivateKey or %NULL on failure 1083 */ 1084 struct wpabuf * crypto_ec_key_get_ecprivate_key(struct crypto_ec_key *key, 1085 bool include_pub); 1086 1087 /** 1088 * crypto_ec_key_get_pubkey_point - Get public key point coordinates 1089 * @key: EC key from crypto_ec_key_parse/set_pub() or crypto_ec_key_parse_priv() 1090 * @prefix: Whether output buffer should include the octet to indicate 1091 * coordinate form (as defined for SubjectPublicKeyInfo) 1092 * Returns: Buffer with coordinates of public key in uncompressed form or %NULL 1093 * on failure 1094 */ 1095 struct wpabuf * crypto_ec_key_get_pubkey_point(struct crypto_ec_key *key, 1096 int prefix); 1097 1098 /** 1099 * crypto_ec_key_get_public_key - Get EC public key as an EC point 1100 * @key: EC key from crypto_ec_key_parse/set_pub() or crypto_ec_key_parse_priv() 1101 * Returns: Public key as an EC point or %NULL on failure 1102 * 1103 * The caller needs to free the returned value with crypto_ec_point_deinit(). 1104 */ 1105 struct crypto_ec_point * 1106 crypto_ec_key_get_public_key(struct crypto_ec_key *key); 1107 1108 /** 1109 * crypto_ec_key_get_private_key - Get EC private key as a bignum 1110 * @key: EC key from crypto_ec_key_parse/set_pub() or crypto_ec_key_parse_priv() 1111 * Returns: Private key as a bignum or %NULL on failure 1112 * 1113 * The caller needs to free the returned value with crypto_bignum_deinit(). 1114 */ 1115 struct crypto_bignum * 1116 crypto_ec_key_get_private_key(struct crypto_ec_key *key); 1117 1118 /** 1119 * crypto_ec_key_sign - Sign a buffer with an EC key 1120 * @key: EC key from crypto_ec_key_parse_priv() or crypto_ec_key_gen() 1121 * @data: Data to sign 1122 * @len: Length of @data buffer 1123 * Returns: Buffer with DER encoding of ASN.1 Ecdsa-Sig-Value or %NULL on failure 1124 */ 1125 struct wpabuf * crypto_ec_key_sign(struct crypto_ec_key *key, const u8 *data, 1126 size_t len); 1127 1128 /** 1129 * crypto_ec_key_sign_r_s - Sign a buffer with an EC key 1130 * @key: EC key from crypto_ec_key_parse_priv() or crypto_ec_key_gen() 1131 * @data: Data to sign 1132 * @len: Length of @data buffer 1133 * Returns: Buffer with the concatenated r and s values. Each value is in big 1134 * endian byte order padded to the length of the prime defining the group of 1135 * the key. 1136 */ 1137 struct wpabuf * crypto_ec_key_sign_r_s(struct crypto_ec_key *key, 1138 const u8 *data, size_t len); 1139 1140 /** 1141 * crypto_ec_key_verify_signature - Verify ECDSA signature 1142 * @key: EC key from crypto_ec_key_parse/set_pub() or crypto_ec_key_gen() 1143 * @data: Data to be signed 1144 * @len: Length of @data buffer 1145 * @sig: DER encoding of ASN.1 Ecdsa-Sig-Value 1146 * @sig_len: Length of @sig buffer 1147 * Returns: 1 if signature is valid, 0 if signature is invalid and -1 on failure 1148 */ 1149 int crypto_ec_key_verify_signature(struct crypto_ec_key *key, const u8 *data, 1150 size_t len, const u8 *sig, size_t sig_len); 1151 1152 /** 1153 * crypto_ec_key_verify_signature_r_s - Verify signature 1154 * @key: EC key from crypto_ec_key_parse/set_pub() or crypto_ec_key_gen() 1155 * @data: Data to signed 1156 * @len: Length of @data buffer 1157 * @r: Binary data, in big endian byte order, of the 'r' field of the ECDSA 1158 * signature. 1159 * @s: Binary data, in big endian byte order, of the 's' field of the ECDSA 1160 * signature. 1161 * @r_len: Length of @r buffer 1162 * @s_len: Length of @s buffer 1163 * Returns: 1 if signature is valid, 0 if signature is invalid, or -1 on failure 1164 */ 1165 int crypto_ec_key_verify_signature_r_s(struct crypto_ec_key *key, 1166 const u8 *data, size_t len, 1167 const u8 *r, size_t r_len, 1168 const u8 *s, size_t s_len); 1169 1170 /** 1171 * crypto_ec_key_group - Get IANA group identifier for an EC key 1172 * @key: EC key from crypto_ec_key_parse/set_pub/priv() or crypto_ec_key_gen() 1173 * Returns: IANA group identifier and -1 on failure 1174 */ 1175 int crypto_ec_key_group(struct crypto_ec_key *key); 1176 1177 /** 1178 * crypto_ec_key_cmp - Compare two EC public keys 1179 * @key1: Key 1 1180 * @key2: Key 2 1181 * Returns: 0 if public keys are identical, -1 otherwise 1182 */ 1183 int crypto_ec_key_cmp(struct crypto_ec_key *key1, struct crypto_ec_key *key2); 1184 1185 /** 1186 * crypto_ec_key_debug_print - Dump EC key to debug log 1187 * @key: EC key from crypto_ec_key_parse/set_pub/priv() or crypto_ec_key_gen() 1188 * @title: Name of the EC point in the trace 1189 */ 1190 void crypto_ec_key_debug_print(const struct crypto_ec_key *key, 1191 const char *title); 1192 1193 /** 1194 * struct crypto_csr - Certification Signing Request 1195 * 1196 * Internal data structure for CSR. The contents is specific to the used 1197 * crypto library. 1198 * For now it is assumed that only an EC public key can be used 1199 */ 1200 struct crypto_csr; 1201 1202 /** 1203 * enum crypto_csr_name - CSR name type 1204 */ 1205 enum crypto_csr_name { 1206 CSR_NAME_CN, 1207 CSR_NAME_SN, 1208 CSR_NAME_C, 1209 CSR_NAME_O, 1210 CSR_NAME_OU, 1211 }; 1212 1213 /** 1214 * enum crypto_csr_attr - CSR attribute 1215 */ 1216 enum crypto_csr_attr { 1217 CSR_ATTR_CHALLENGE_PASSWORD, 1218 }; 1219 1220 /** 1221 * crypto_csr_init - Initialize empty CSR 1222 * Returns: Pointer to CSR data or %NULL on failure 1223 */ 1224 struct crypto_csr * crypto_csr_init(void); 1225 1226 /** 1227 * crypto_csr_verify - Initialize CSR from CertificationRequest 1228 * @req: DER encoding of ASN.1 CertificationRequest 1229 * 1230 * Returns: Pointer to CSR data or %NULL on failure or if signature is invalid 1231 */ 1232 struct crypto_csr * crypto_csr_verify(const struct wpabuf *req); 1233 1234 /** 1235 * crypto_csr_deinit - Free CSR structure 1236 * @csr: CSR structure from @crypto_csr_init() or crypto_csr_verify() 1237 */ 1238 void crypto_csr_deinit(struct crypto_csr *csr); 1239 1240 /** 1241 * crypto_csr_set_ec_public_key - Set public key in CSR 1242 * @csr: CSR structure from @crypto_csr_init() 1243 * @key: EC public key to set as public key in the CSR 1244 * Returns: 0 on success, -1 on failure 1245 */ 1246 int crypto_csr_set_ec_public_key(struct crypto_csr *csr, 1247 struct crypto_ec_key *key); 1248 1249 /** 1250 * crypto_csr_set_name - Set name entry in CSR SubjectName 1251 * @csr: CSR structure from @crypto_csr_init() 1252 * @type: Name type to add into the CSR SubjectName 1253 * @name: UTF-8 string to write in the CSR SubjectName 1254 * Returns: 0 on success, -1 on failure 1255 */ 1256 int crypto_csr_set_name(struct crypto_csr *csr, enum crypto_csr_name type, 1257 const char *name); 1258 1259 /** 1260 * crypto_csr_set_attribute - Set attribute in CSR 1261 * @csr: CSR structure from @crypto_csr_init() 1262 * @attr: Attribute identifier 1263 * @attr_type: ASN.1 type of @value buffer 1264 * @value: Attribute value 1265 * @len: length of @value buffer 1266 * Returns: 0 on success, -1 on failure 1267 */ 1268 int crypto_csr_set_attribute(struct crypto_csr *csr, enum crypto_csr_attr attr, 1269 int attr_type, const u8 *value, size_t len); 1270 1271 /** 1272 * crypto_csr_get_attribute - Get attribute from CSR 1273 * @csr: CSR structure from @crypto_csr_verify() 1274 * @attr: Updated with atribute identifier 1275 * @len: Updated with length of returned buffer 1276 * @type: ASN.1 type of the attribute buffer 1277 * Returns: Type, length, and pointer on attribute value or %NULL on failure 1278 */ 1279 const u8 * crypto_csr_get_attribute(struct crypto_csr *csr, 1280 enum crypto_csr_attr attr, 1281 size_t *len, int *type); 1282 1283 /** 1284 * crypto_csr_sign - Sign CSR and return ASN.1 CertificationRequest 1285 * @csr: CSR structure from @crypto_csr_init() 1286 * @key: Private key to sign the CSR (for now ony EC key are supported) 1287 * @algo: Hash algorithm to use for the signature 1288 * Returns: DER encoding of ASN.1 CertificationRequest for the CSR or %NULL on 1289 * failure 1290 */ 1291 struct wpabuf * crypto_csr_sign(struct crypto_csr *csr, 1292 struct crypto_ec_key *key, 1293 enum crypto_hash_alg algo); 1294 1295 struct crypto_rsa_key; 1296 1297 /** 1298 * crypto_rsa_key_read - Read an RSA key 1299 * @file: File from which to read (PEM encoded, can be X.509v3 certificate) 1300 * @private_key: Whether to read the private key instead of public key 1301 * Returns: RSA key or %NULL on failure 1302 */ 1303 struct crypto_rsa_key * crypto_rsa_key_read(const char *file, bool private_key); 1304 1305 /** 1306 * crypto_rsa_oaep_sha256_encrypt - RSA-OAEP-SHA-256 encryption 1307 * @key: RSA key from crypto_rsa_key_read() 1308 * @in: Plaintext input data 1309 * Returns: Encrypted output data or %NULL on failure 1310 */ 1311 struct wpabuf * crypto_rsa_oaep_sha256_encrypt(struct crypto_rsa_key *key, 1312 const struct wpabuf *in); 1313 1314 /** 1315 * crypto_rsa_oaep_sha256_decrypt - RSA-OAEP-SHA-256 decryption 1316 * @key: RSA key from crypto_rsa_key_read() 1317 * @in: Encrypted input data 1318 * Returns: Decrypted output data or %NULL on failure 1319 */ 1320 struct wpabuf * crypto_rsa_oaep_sha256_decrypt(struct crypto_rsa_key *key, 1321 const struct wpabuf *in); 1322 1323 /** 1324 * crypto_rsa_key_free - Free an RSA key 1325 * @key: RSA key from crypto_rsa_key_read() 1326 */ 1327 void crypto_rsa_key_free(struct crypto_rsa_key *key); 1328 1329 enum hpke_mode { 1330 HPKE_MODE_BASE = 0x00, 1331 HPKE_MODE_PSK = 0x01, 1332 HPKE_MODE_AUTH = 0x02, 1333 HPKE_MODE_AUTH_PSK = 0x03, 1334 }; 1335 1336 enum hpke_kem_id { 1337 HPKE_DHKEM_P256_HKDF_SHA256 = 0x0010, 1338 HPKE_DHKEM_P384_HKDF_SHA384 = 0x0011, 1339 HPKE_DHKEM_P521_HKDF_SHA512 = 0x0012, 1340 HPKE_DHKEM_X5519_HKDF_SHA256 = 0x0020, 1341 HPKE_DHKEM_X448_HKDF_SHA512 = 0x0021, 1342 }; 1343 1344 enum hpke_kdf_id { 1345 HPKE_KDF_HKDF_SHA256 = 0x0001, 1346 HPKE_KDF_HKDF_SHA384 = 0x0002, 1347 HPKE_KDF_HKDF_SHA512 = 0x0003, 1348 }; 1349 1350 enum hpke_aead_id { 1351 HPKE_AEAD_AES_128_GCM = 0x0001, 1352 HPKE_AEAD_AES_256_GCM = 0x0002, 1353 HPKE_AEAD_CHACHA20POLY1305 = 0x0003, 1354 }; 1355 1356 /** 1357 * hpke_base_seal - HPKE base mode single-shot encrypt 1358 * Returns: enc | ct; or %NULL on failure 1359 */ 1360 struct wpabuf * hpke_base_seal(enum hpke_kem_id kem_id, 1361 enum hpke_kdf_id kdf_id, 1362 enum hpke_aead_id aead_id, 1363 struct crypto_ec_key *peer_pub, 1364 const u8 *info, size_t info_len, 1365 const u8 *aad, size_t aad_len, 1366 const u8 *pt, size_t pt_len); 1367 1368 /** 1369 * hpke_base_open - HPKE base mode single-shot decrypt 1370 * @enc_ct: enc | ct 1371 * Returns: pt; or %NULL on failure 1372 */ 1373 struct wpabuf * hpke_base_open(enum hpke_kem_id kem_id, 1374 enum hpke_kdf_id kdf_id, 1375 enum hpke_aead_id aead_id, 1376 struct crypto_ec_key *own_priv, 1377 const u8 *info, size_t info_len, 1378 const u8 *aad, size_t aad_len, 1379 const u8 *enc_ct, size_t enc_ct_len); 1380 1381 /** 1382 * crypto_unload - Unload crypto resources 1383 * 1384 * This function is called just before the process exits to allow dynamic 1385 * resource allocations to be freed. 1386 */ 1387 void crypto_unload(void); 1388 1389 #endif /* CRYPTO_H */ 1390