xref: /freebsd/contrib/wpa/src/crypto/crypto.h (revision cdc58367265a2bd6e8f913db2bdc591699ee229f)
1 /*
2  * WPA Supplicant / wrapper functions for crypto libraries
3  * Copyright (c) 2004-2009, Jouni Malinen <j@w1.fi>
4  *
5  * This software may be distributed under the terms of the BSD license.
6  * See README for more details.
7  *
8  * This file defines the cryptographic functions that need to be implemented
9  * for wpa_supplicant and hostapd. When TLS is not used, internal
10  * implementation of MD5, SHA1, and AES is used and no external libraries are
11  * required. When TLS is enabled (e.g., by enabling EAP-TLS or EAP-PEAP), the
12  * crypto library used by the TLS implementation is expected to be used for
13  * non-TLS needs, too, in order to save space by not implementing these
14  * functions twice.
15  *
16  * Wrapper code for using each crypto library is in its own file (crypto*.c)
17  * and one of these files is build and linked in to provide the functions
18  * defined here.
19  */
20 
21 #ifndef CRYPTO_H
22 #define CRYPTO_H
23 
24 /**
25  * md4_vector - MD4 hash for data vector
26  * @num_elem: Number of elements in the data vector
27  * @addr: Pointers to the data areas
28  * @len: Lengths of the data blocks
29  * @mac: Buffer for the hash
30  * Returns: 0 on success, -1 on failure
31  */
32 int md4_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac);
33 
34 /**
35  * md5_vector - MD5 hash for data vector
36  * @num_elem: Number of elements in the data vector
37  * @addr: Pointers to the data areas
38  * @len: Lengths of the data blocks
39  * @mac: Buffer for the hash
40  * Returns: 0 on success, -1 on failure
41  */
42 int md5_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac);
43 
44 
45 /**
46  * sha1_vector - SHA-1 hash for data vector
47  * @num_elem: Number of elements in the data vector
48  * @addr: Pointers to the data areas
49  * @len: Lengths of the data blocks
50  * @mac: Buffer for the hash
51  * Returns: 0 on success, -1 on failure
52  */
53 int sha1_vector(size_t num_elem, const u8 *addr[], const size_t *len,
54 		u8 *mac);
55 
56 /**
57  * fips186_2-prf - NIST FIPS Publication 186-2 change notice 1 PRF
58  * @seed: Seed/key for the PRF
59  * @seed_len: Seed length in bytes
60  * @x: Buffer for PRF output
61  * @xlen: Output length in bytes
62  * Returns: 0 on success, -1 on failure
63  *
64  * This function implements random number generation specified in NIST FIPS
65  * Publication 186-2 for EAP-SIM. This PRF uses a function that is similar to
66  * SHA-1, but has different message padding.
67  */
68 int __must_check fips186_2_prf(const u8 *seed, size_t seed_len, u8 *x,
69 			       size_t xlen);
70 
71 /**
72  * sha256_vector - SHA256 hash for data vector
73  * @num_elem: Number of elements in the data vector
74  * @addr: Pointers to the data areas
75  * @len: Lengths of the data blocks
76  * @mac: Buffer for the hash
77  * Returns: 0 on success, -1 on failure
78  */
79 int sha256_vector(size_t num_elem, const u8 *addr[], const size_t *len,
80 		  u8 *mac);
81 
82 /**
83  * des_encrypt - Encrypt one block with DES
84  * @clear: 8 octets (in)
85  * @key: 7 octets (in) (no parity bits included)
86  * @cypher: 8 octets (out)
87  */
88 void des_encrypt(const u8 *clear, const u8 *key, u8 *cypher);
89 
90 /**
91  * aes_encrypt_init - Initialize AES for encryption
92  * @key: Encryption key
93  * @len: Key length in bytes (usually 16, i.e., 128 bits)
94  * Returns: Pointer to context data or %NULL on failure
95  */
96 void * aes_encrypt_init(const u8 *key, size_t len);
97 
98 /**
99  * aes_encrypt - Encrypt one AES block
100  * @ctx: Context pointer from aes_encrypt_init()
101  * @plain: Plaintext data to be encrypted (16 bytes)
102  * @crypt: Buffer for the encrypted data (16 bytes)
103  */
104 void aes_encrypt(void *ctx, const u8 *plain, u8 *crypt);
105 
106 /**
107  * aes_encrypt_deinit - Deinitialize AES encryption
108  * @ctx: Context pointer from aes_encrypt_init()
109  */
110 void aes_encrypt_deinit(void *ctx);
111 
112 /**
113  * aes_decrypt_init - Initialize AES for decryption
114  * @key: Decryption key
115  * @len: Key length in bytes (usually 16, i.e., 128 bits)
116  * Returns: Pointer to context data or %NULL on failure
117  */
118 void * aes_decrypt_init(const u8 *key, size_t len);
119 
120 /**
121  * aes_decrypt - Decrypt one AES block
122  * @ctx: Context pointer from aes_encrypt_init()
123  * @crypt: Encrypted data (16 bytes)
124  * @plain: Buffer for the decrypted data (16 bytes)
125  */
126 void aes_decrypt(void *ctx, const u8 *crypt, u8 *plain);
127 
128 /**
129  * aes_decrypt_deinit - Deinitialize AES decryption
130  * @ctx: Context pointer from aes_encrypt_init()
131  */
132 void aes_decrypt_deinit(void *ctx);
133 
134 
135 enum crypto_hash_alg {
136 	CRYPTO_HASH_ALG_MD5, CRYPTO_HASH_ALG_SHA1,
137 	CRYPTO_HASH_ALG_HMAC_MD5, CRYPTO_HASH_ALG_HMAC_SHA1,
138 	CRYPTO_HASH_ALG_SHA256, CRYPTO_HASH_ALG_HMAC_SHA256
139 };
140 
141 struct crypto_hash;
142 
143 /**
144  * crypto_hash_init - Initialize hash/HMAC function
145  * @alg: Hash algorithm
146  * @key: Key for keyed hash (e.g., HMAC) or %NULL if not needed
147  * @key_len: Length of the key in bytes
148  * Returns: Pointer to hash context to use with other hash functions or %NULL
149  * on failure
150  *
151  * This function is only used with internal TLSv1 implementation
152  * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need
153  * to implement this.
154  */
155 struct crypto_hash * crypto_hash_init(enum crypto_hash_alg alg, const u8 *key,
156 				      size_t key_len);
157 
158 /**
159  * crypto_hash_update - Add data to hash calculation
160  * @ctx: Context pointer from crypto_hash_init()
161  * @data: Data buffer to add
162  * @len: Length of the buffer
163  *
164  * This function is only used with internal TLSv1 implementation
165  * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need
166  * to implement this.
167  */
168 void crypto_hash_update(struct crypto_hash *ctx, const u8 *data, size_t len);
169 
170 /**
171  * crypto_hash_finish - Complete hash calculation
172  * @ctx: Context pointer from crypto_hash_init()
173  * @hash: Buffer for hash value or %NULL if caller is just freeing the hash
174  * context
175  * @len: Pointer to length of the buffer or %NULL if caller is just freeing the
176  * hash context; on return, this is set to the actual length of the hash value
177  * Returns: 0 on success, -1 if buffer is too small (len set to needed length),
178  * or -2 on other failures (including failed crypto_hash_update() operations)
179  *
180  * This function calculates the hash value and frees the context buffer that
181  * was used for hash calculation.
182  *
183  * This function is only used with internal TLSv1 implementation
184  * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need
185  * to implement this.
186  */
187 int crypto_hash_finish(struct crypto_hash *ctx, u8 *hash, size_t *len);
188 
189 
190 enum crypto_cipher_alg {
191 	CRYPTO_CIPHER_NULL = 0, CRYPTO_CIPHER_ALG_AES, CRYPTO_CIPHER_ALG_3DES,
192 	CRYPTO_CIPHER_ALG_DES, CRYPTO_CIPHER_ALG_RC2, CRYPTO_CIPHER_ALG_RC4
193 };
194 
195 struct crypto_cipher;
196 
197 /**
198  * crypto_cipher_init - Initialize block/stream cipher function
199  * @alg: Cipher algorithm
200  * @iv: Initialization vector for block ciphers or %NULL for stream ciphers
201  * @key: Cipher key
202  * @key_len: Length of key in bytes
203  * Returns: Pointer to cipher context to use with other cipher functions or
204  * %NULL on failure
205  *
206  * This function is only used with internal TLSv1 implementation
207  * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need
208  * to implement this.
209  */
210 struct crypto_cipher * crypto_cipher_init(enum crypto_cipher_alg alg,
211 					  const u8 *iv, const u8 *key,
212 					  size_t key_len);
213 
214 /**
215  * crypto_cipher_encrypt - Cipher encrypt
216  * @ctx: Context pointer from crypto_cipher_init()
217  * @plain: Plaintext to cipher
218  * @crypt: Resulting ciphertext
219  * @len: Length of the plaintext
220  * Returns: 0 on success, -1 on failure
221  *
222  * This function is only used with internal TLSv1 implementation
223  * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need
224  * to implement this.
225  */
226 int __must_check crypto_cipher_encrypt(struct crypto_cipher *ctx,
227 				       const u8 *plain, u8 *crypt, size_t len);
228 
229 /**
230  * crypto_cipher_decrypt - Cipher decrypt
231  * @ctx: Context pointer from crypto_cipher_init()
232  * @crypt: Ciphertext to decrypt
233  * @plain: Resulting plaintext
234  * @len: Length of the cipher text
235  * Returns: 0 on success, -1 on failure
236  *
237  * This function is only used with internal TLSv1 implementation
238  * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need
239  * to implement this.
240  */
241 int __must_check crypto_cipher_decrypt(struct crypto_cipher *ctx,
242 				       const u8 *crypt, u8 *plain, size_t len);
243 
244 /**
245  * crypto_cipher_decrypt - Free cipher context
246  * @ctx: Context pointer from crypto_cipher_init()
247  *
248  * This function is only used with internal TLSv1 implementation
249  * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need
250  * to implement this.
251  */
252 void crypto_cipher_deinit(struct crypto_cipher *ctx);
253 
254 
255 struct crypto_public_key;
256 struct crypto_private_key;
257 
258 /**
259  * crypto_public_key_import - Import an RSA public key
260  * @key: Key buffer (DER encoded RSA public key)
261  * @len: Key buffer length in bytes
262  * Returns: Pointer to the public key or %NULL on failure
263  *
264  * This function can just return %NULL if the crypto library supports X.509
265  * parsing. In that case, crypto_public_key_from_cert() is used to import the
266  * public key from a certificate.
267  *
268  * This function is only used with internal TLSv1 implementation
269  * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need
270  * to implement this.
271  */
272 struct crypto_public_key * crypto_public_key_import(const u8 *key, size_t len);
273 
274 /**
275  * crypto_private_key_import - Import an RSA private key
276  * @key: Key buffer (DER encoded RSA private key)
277  * @len: Key buffer length in bytes
278  * @passwd: Key encryption password or %NULL if key is not encrypted
279  * Returns: Pointer to the private key or %NULL on failure
280  *
281  * This function is only used with internal TLSv1 implementation
282  * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need
283  * to implement this.
284  */
285 struct crypto_private_key * crypto_private_key_import(const u8 *key,
286 						      size_t len,
287 						      const char *passwd);
288 
289 /**
290  * crypto_public_key_from_cert - Import an RSA public key from a certificate
291  * @buf: DER encoded X.509 certificate
292  * @len: Certificate buffer length in bytes
293  * Returns: Pointer to public key or %NULL on failure
294  *
295  * This function can just return %NULL if the crypto library does not support
296  * X.509 parsing. In that case, internal code will be used to parse the
297  * certificate and public key is imported using crypto_public_key_import().
298  *
299  * This function is only used with internal TLSv1 implementation
300  * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need
301  * to implement this.
302  */
303 struct crypto_public_key * crypto_public_key_from_cert(const u8 *buf,
304 						       size_t len);
305 
306 /**
307  * crypto_public_key_encrypt_pkcs1_v15 - Public key encryption (PKCS #1 v1.5)
308  * @key: Public key
309  * @in: Plaintext buffer
310  * @inlen: Length of plaintext buffer in bytes
311  * @out: Output buffer for encrypted data
312  * @outlen: Length of output buffer in bytes; set to used length on success
313  * Returns: 0 on success, -1 on failure
314  *
315  * This function is only used with internal TLSv1 implementation
316  * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need
317  * to implement this.
318  */
319 int __must_check crypto_public_key_encrypt_pkcs1_v15(
320 	struct crypto_public_key *key, const u8 *in, size_t inlen,
321 	u8 *out, size_t *outlen);
322 
323 /**
324  * crypto_private_key_decrypt_pkcs1_v15 - Private key decryption (PKCS #1 v1.5)
325  * @key: Private key
326  * @in: Encrypted buffer
327  * @inlen: Length of encrypted buffer in bytes
328  * @out: Output buffer for encrypted data
329  * @outlen: Length of output buffer in bytes; set to used length on success
330  * Returns: 0 on success, -1 on failure
331  *
332  * This function is only used with internal TLSv1 implementation
333  * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need
334  * to implement this.
335  */
336 int __must_check crypto_private_key_decrypt_pkcs1_v15(
337 	struct crypto_private_key *key, const u8 *in, size_t inlen,
338 	u8 *out, size_t *outlen);
339 
340 /**
341  * crypto_private_key_sign_pkcs1 - Sign with private key (PKCS #1)
342  * @key: Private key from crypto_private_key_import()
343  * @in: Plaintext buffer
344  * @inlen: Length of plaintext buffer in bytes
345  * @out: Output buffer for encrypted (signed) data
346  * @outlen: Length of output buffer in bytes; set to used length on success
347  * Returns: 0 on success, -1 on failure
348  *
349  * This function is only used with internal TLSv1 implementation
350  * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need
351  * to implement this.
352  */
353 int __must_check crypto_private_key_sign_pkcs1(struct crypto_private_key *key,
354 					       const u8 *in, size_t inlen,
355 					       u8 *out, size_t *outlen);
356 
357 /**
358  * crypto_public_key_free - Free public key
359  * @key: Public key
360  *
361  * This function is only used with internal TLSv1 implementation
362  * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need
363  * to implement this.
364  */
365 void crypto_public_key_free(struct crypto_public_key *key);
366 
367 /**
368  * crypto_private_key_free - Free private key
369  * @key: Private key from crypto_private_key_import()
370  *
371  * This function is only used with internal TLSv1 implementation
372  * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need
373  * to implement this.
374  */
375 void crypto_private_key_free(struct crypto_private_key *key);
376 
377 /**
378  * crypto_public_key_decrypt_pkcs1 - Decrypt PKCS #1 signature
379  * @key: Public key
380  * @crypt: Encrypted signature data (using the private key)
381  * @crypt_len: Encrypted signature data length
382  * @plain: Buffer for plaintext (at least crypt_len bytes)
383  * @plain_len: Plaintext length (max buffer size on input, real len on output);
384  * Returns: 0 on success, -1 on failure
385  */
386 int __must_check crypto_public_key_decrypt_pkcs1(
387 	struct crypto_public_key *key, const u8 *crypt, size_t crypt_len,
388 	u8 *plain, size_t *plain_len);
389 
390 /**
391  * crypto_global_init - Initialize crypto wrapper
392  *
393  * This function is only used with internal TLSv1 implementation
394  * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need
395  * to implement this.
396  */
397 int __must_check crypto_global_init(void);
398 
399 /**
400  * crypto_global_deinit - Deinitialize crypto wrapper
401  *
402  * This function is only used with internal TLSv1 implementation
403  * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need
404  * to implement this.
405  */
406 void crypto_global_deinit(void);
407 
408 /**
409  * crypto_mod_exp - Modular exponentiation of large integers
410  * @base: Base integer (big endian byte array)
411  * @base_len: Length of base integer in bytes
412  * @power: Power integer (big endian byte array)
413  * @power_len: Length of power integer in bytes
414  * @modulus: Modulus integer (big endian byte array)
415  * @modulus_len: Length of modulus integer in bytes
416  * @result: Buffer for the result
417  * @result_len: Result length (max buffer size on input, real len on output)
418  * Returns: 0 on success, -1 on failure
419  *
420  * This function calculates result = base ^ power mod modulus. modules_len is
421  * used as the maximum size of modulus buffer. It is set to the used size on
422  * success.
423  *
424  * This function is only used with internal TLSv1 implementation
425  * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need
426  * to implement this.
427  */
428 int __must_check crypto_mod_exp(const u8 *base, size_t base_len,
429 				const u8 *power, size_t power_len,
430 				const u8 *modulus, size_t modulus_len,
431 				u8 *result, size_t *result_len);
432 
433 /**
434  * rc4_skip - XOR RC4 stream to given data with skip-stream-start
435  * @key: RC4 key
436  * @keylen: RC4 key length
437  * @skip: number of bytes to skip from the beginning of the RC4 stream
438  * @data: data to be XOR'ed with RC4 stream
439  * @data_len: buf length
440  * Returns: 0 on success, -1 on failure
441  *
442  * Generate RC4 pseudo random stream for the given key, skip beginning of the
443  * stream, and XOR the end result with the data buffer to perform RC4
444  * encryption/decryption.
445  */
446 int rc4_skip(const u8 *key, size_t keylen, size_t skip,
447 	     u8 *data, size_t data_len);
448 
449 /**
450  * crypto_get_random - Generate cryptographically strong pseudy-random bytes
451  * @buf: Buffer for data
452  * @len: Number of bytes to generate
453  * Returns: 0 on success, -1 on failure
454  *
455  * If the PRNG does not have enough entropy to ensure unpredictable byte
456  * sequence, this functions must return -1.
457  */
458 int crypto_get_random(void *buf, size_t len);
459 
460 #endif /* CRYPTO_H */
461