xref: /titanic_41/usr/src/cmd/cmd-inet/usr.lib/wpad/wpa_enc.c (revision d24234c24aeaca4ca56ee3ac2794507968f274c4) 
1 /*
2  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
3  * Use is subject to license terms.
4  */
5 
6 /*
7  * Copyright (c) 2003-2004, Jouni Malinen <jkmaline@cc.hut.fi>
8  * Sun elects to license this software under the BSD license.
9  * See README for more details.
10  */
11 
12 #include <stdio.h>
13 #include <stdlib.h>
14 #include <string.h>
15 #include <strings.h>
16 #include <sys/types.h>
17 
18 #include <openssl/aes.h>
19 #include <openssl/hmac.h>
20 #include <openssl/rc4.h>
21 
22 #include "wpa_enc.h"
23 
24 /*
25  * @kek: key encryption key (KEK)
26  * @n: length of the wrapped key in 64-bit units; e.g., 2 = 128-bit = 16 bytes
27  * @plain: plaintext key to be wrapped, n * 64 bit
28  * @cipher: wrapped key, (n + 1) * 64 bit
29  */
30 void
31 aes_wrap(uint8_t *kek, int n, uint8_t *plain, uint8_t *cipher)
32 {
33 	uint8_t *a, *r, b[16];
34 	int i, j;
35 	AES_KEY key;
36 
37 	a = cipher;
38 	r = cipher + 8;
39 
40 	/* 1) Initialize variables. */
41 	(void) memset(a, 0xa6, 8);
42 	(void) memcpy(r, plain, 8 * n);
43 
44 	(void) AES_set_encrypt_key(kek, 128, &key);
45 
46 	/*
47 	 * 2) Calculate intermediate values.
48 	 * For j = 0 to 5
49 	 * 	For i=1 to n
50 	 * 		B = AES(K, A | R[i])
51 	 * 		A = MSB(64, B) ^ t where t = (n*j)+i
52 	 * 		R[i] = LSB(64, B)
53 	 */
54 	for (j = 0; j <= 5; j++) {
55 		r = cipher + 8;
56 		for (i = 1; i <= n; i++) {
57 			(void) memcpy(b, a, 8);
58 			(void) memcpy(b + 8, r, 8);
59 			AES_encrypt(b, b, &key);
60 			(void) memcpy(a, b, 8);
61 			a[7] ^= n * j + i;
62 			(void) memcpy(r, b + 8, 8);
63 			r += 8;
64 		}
65 	}
66 
67 	/*
68 	 * 3) Output the results.
69 	 *
70 	 * These are already in @cipher due to the location of temporary
71 	 * variables.
72 	 */
73 }
74 
75 /*
76  * @kek: key encryption key (KEK)
77  * @n: length of the wrapped key in 64-bit units; e.g., 2 = 128-bit = 16 bytes
78  * @cipher: wrapped key to be unwrapped, (n + 1) * 64 bit
79  * @plain: plaintext key, n * 64 bit
80  */
81 int
82 aes_unwrap(uint8_t *kek, int n, uint8_t *cipher, uint8_t *plain)
83 {
84 	uint8_t a[8], *r, b[16];
85 	int i, j;
86 	AES_KEY key;
87 
88 	/* 1) Initialize variables. */
89 	(void) memcpy(a, cipher, 8);
90 	r = plain;
91 	(void) memcpy(r, cipher + 8, 8 * n);
92 
93 	(void) AES_set_decrypt_key(kek, 128, &key);
94 
95 	/*
96 	 * 2) Compute intermediate values.
97 	 * For j = 5 to 0
98 	 * 	For i = n to 1
99 	 * 		B = AES-1(K, (A ^ t) | R[i]) where t = n*j+i
100 	 * 		A = MSB(64, B)
101 	 * 		R[i] = LSB(64, B)
102 	 */
103 	for (j = 5; j >= 0; j--) {
104 		r = plain + (n - 1) * 8;
105 		for (i = n; i >= 1; i--) {
106 			(void) memcpy(b, a, 8);
107 			b[7] ^= n * j + i;
108 
109 			(void) memcpy(b + 8, r, 8);
110 			AES_decrypt(b, b, &key);
111 			(void) memcpy(a, b, 8);
112 			(void) memcpy(r, b + 8, 8);
113 			r -= 8;
114 		}
115 	}
116 
117 	/*
118 	 * 3) Output results.
119 	 *
120 	 * These are already in @plain due to the location of temporary
121 	 * variables. Just verify that the IV matches with the expected value.
122 	 */
123 	for (i = 0; i < 8; i++) {
124 		if (a[i] != 0xa6) {
125 			return (-1);
126 		}
127 	}
128 
129 	return (0);
130 }
131 
132 /* RFC 2104 */
133 void
134 hmac_sha1(unsigned char *key, unsigned int key_len,
135     unsigned char *data, unsigned int data_len, unsigned char *mac)
136 {
137 	unsigned int mac_len = 0;
138 	(void) HMAC(EVP_sha1(), key, key_len, data, data_len, mac, &mac_len);
139 }
140 
141 
142 void
143 hmac_sha1_vector(unsigned char *key, unsigned int key_len, size_t num_elem,
144     unsigned char *addr[], unsigned int *len, unsigned char *mac)
145 {
146 	unsigned char *buf, *ptr;
147 	int i, buf_len;
148 
149 	buf_len = 0;
150 	for (i = 0; i < num_elem; i ++)
151 		buf_len += len[i];
152 
153 	buf = malloc(buf_len);
154 	ptr = buf;
155 
156 	for (i = 0; i < num_elem; i ++) {
157 		(void) memcpy(ptr, addr[i], len[i]);
158 		ptr += len[i];
159 	}
160 
161 	hmac_sha1(key, key_len, buf, buf_len, mac);
162 
163 	free(buf);
164 }
165 
166 
167 void
168 sha1_prf(unsigned char *key, unsigned int key_len,
169     char *label, unsigned char *data, unsigned int data_len,
170     unsigned char *buf, size_t buf_len)
171 {
172 	uint8_t zero = 0, counter = 0;
173 	size_t pos, plen;
174 	uint8_t hash[SHA1_MAC_LEN];
175 	size_t label_len = strlen(label);
176 
177 	unsigned char *addr[4];
178 	unsigned int len[4];
179 
180 	addr[0] = (uint8_t *)label;
181 	len[0] = label_len;
182 	addr[1] = &zero;
183 	len[1] = 1;
184 	addr[2] = data;
185 	len[2] = data_len;
186 	addr[3] = &counter;
187 	len[3] = 1;
188 
189 	pos = 0;
190 	while (pos < buf_len) {
191 		plen = buf_len - pos;
192 		if (plen >= SHA1_MAC_LEN) {
193 			hmac_sha1_vector(key, key_len, 4, addr, len, &buf[pos]);
194 			pos += SHA1_MAC_LEN;
195 		} else {
196 			hmac_sha1_vector(key, key_len, 4, addr, len, hash);
197 			(void) memcpy(&buf[pos], hash, plen);
198 			break;
199 		}
200 		counter++;
201 	}
202 }
203 
204 void
205 pbkdf2_sha1(char *passphrase, char *ssid, size_t ssid_len, int iterations,
206     unsigned char *buf, size_t buflen)
207 {
208 	(void) PKCS5_PBKDF2_HMAC_SHA1(passphrase, -1, (unsigned char *)ssid,
209 	    ssid_len, iterations, buflen, buf);
210 }
211 
212 void
213 rc4_skip(uint8_t *key, size_t keylen, size_t skip,
214     uint8_t *data, size_t data_len)
215 {
216 	uint8_t *buf;
217 	size_t buf_len;
218 
219 	buf_len = skip + data_len;
220 	buf = malloc(buf_len);
221 
222 	bzero(buf, buf_len);
223 	bcopy(data, buf + skip, data_len);
224 
225 	rc4(buf, buf_len, key, keylen);
226 
227 	bcopy(buf + skip, data, data_len);
228 	free(buf);
229 }
230 
231 void
232 rc4(uint8_t *buf, size_t len, uint8_t *key, size_t key_len)
233 {
234 	RC4_KEY k;
235 
236 	RC4_set_key(&k, key_len, key);
237 	RC4(&k, len, buf, buf);
238 }
239 
240 void
241 hmac_md5_vector(uint8_t *key, size_t key_len, size_t num_elem,
242     uint8_t *addr[], size_t *len, uint8_t *mac)
243 {
244 	unsigned char *buf, *ptr;
245 	int i, buf_len;
246 
247 	buf_len = 0;
248 	for (i = 0; i < num_elem; i ++)
249 		buf_len += len[i];
250 
251 	buf = malloc(buf_len);
252 	ptr = buf;
253 
254 	for (i = 0; i < num_elem; i ++) {
255 		(void) memcpy(ptr, addr[i], len[i]);
256 		ptr += len[i];
257 	}
258 
259 	hmac_md5(key, key_len, buf, buf_len, mac);
260 	free(buf);
261 }
262 
263 /* RFC 2104 */
264 void
265 hmac_md5(uint8_t *key, size_t key_len, uint8_t *data,
266     size_t data_len, uint8_t *mac)
267 {
268 	unsigned int mac_len = 0;
269 	(void) HMAC(EVP_md5(), key, key_len, data, data_len, mac, &mac_len);
270 }
271