endif()
idf_component_register(SRCS "src/coexist.c"
- "src/fast_crypto_ops.c"
+ "src/crypto_ops.c"
"src/lib_printf.c"
"src/mesh_event.c"
"src/phy_init.c"
#include "crypto/dh_group5.h"
#include "esp_wifi_crypto_types.h"
/*
- * The parameters is used to set the cyrpto callback function for station connect when in security mode,
- * every callback function can register as fast_xxx or normal one, i.e, fast_aes_wrap or aes_wrap, the
- * difference between them is the normal API is calculate by software, the fast one use the hardware
- * crypto in it, can be faster than the normal one, so the callback function register in default is which
- * we recommend, so as the API in WPS default and WPA2 default.
+ * This structure is used to set the cyrpto callback function for station to connect when in security mode.
+ * These functions either call MbedTLS API's if USE_MBEDTLS_CRYPTO flag is set through Kconfig, or native
+ * API's otherwise. We recommend setting the flag since MbedTLS API's utilize hardware acceleration while
+ * native API's are use software implementations.
*/
const wpa_crypto_funcs_t g_wifi_default_wpa_crypto_funcs = {
.size = sizeof(wpa_crypto_funcs_t),
.version = ESP_WIFI_CRYPTO_VERSION,
- .aes_wrap = (esp_aes_wrap_t)fast_aes_wrap,
- .aes_unwrap = (esp_aes_unwrap_t)fast_aes_unwrap,
- .hmac_sha256_vector = (esp_hmac_sha256_vector_t)fast_hmac_sha256_vector,
- .sha256_prf = (esp_sha256_prf_t)fast_sha256_prf,
+ .aes_wrap = (esp_aes_wrap_t)aes_wrap,
+ .aes_unwrap = (esp_aes_unwrap_t)aes_unwrap,
+ .hmac_sha256_vector = (esp_hmac_sha256_vector_t)hmac_sha256_vector,
+ .sha256_prf = (esp_sha256_prf_t)sha256_prf,
.hmac_md5 = (esp_hmac_md5_t)hmac_md5,
.hamc_md5_vector = (esp_hmac_md5_vector_t)hmac_md5_vector,
.hmac_sha1 = (esp_hmac_sha1_t)hmac_sha1,
};
const mesh_crypto_funcs_t g_wifi_default_mesh_crypto_funcs = {
- .aes_128_encrypt = (esp_aes_128_encrypt_t)fast_aes_128_cbc_encrypt,
- .aes_128_decrypt = (esp_aes_128_decrypt_t)fast_aes_128_cbc_decrypt,
+ .aes_128_encrypt = (esp_aes_128_encrypt_t)aes_128_cbc_encrypt,
+ .aes_128_decrypt = (esp_aes_128_decrypt_t)aes_128_cbc_decrypt,
};
"src/crypto/sha1.c"
"src/crypto/sha256-internal.c"
"src/crypto/sha256.c"
- "src/fast_crypto/fast_aes-cbc.c"
- "src/fast_crypto/fast_aes-unwrap.c"
- "src/fast_crypto/fast_aes-wrap.c"
- "src/fast_crypto/fast_crypto_internal-cipher.c"
- "src/fast_crypto/fast_crypto_internal-modexp.c"
- "src/fast_crypto/fast_crypto_internal.c"
- "src/fast_crypto/fast_sha256-internal.c"
- "src/fast_crypto/fast_sha256.c"
"src/eap_peer/chap.c"
"src/eap_peer/eap.c"
"src/eap_peer/eap_common.c"
help
Select this option to support EAP-PEAP.
+ config WPA_MBEDTLS_CRYPTO
+ bool "Use MbedTLS crypto API's"
+ default y
+ help
+ Select this option to use MbedTLS crypto API's which utilize hardware acceleration.
+
endmenu
COMPONENT_ADD_INCLUDEDIRS := include port/include include/esp_supplicant
COMPONENT_PRIV_INCLUDEDIRS := src
-COMPONENT_SRCDIRS := port src/ap src/common src/crypto src/eap_peer src/fast_crypto src/rsn_supp src/tls src/utils src/esp_supplicant src/wps
+COMPONENT_SRCDIRS := port src/ap src/common src/crypto src/eap_peer src/rsn_supp src/tls src/utils src/esp_supplicant src/wps
CFLAGS += -DESP_SUPPLICANT -DIEEE8021X_EAPOL -DEAP_PEER_METHOD -DEAP_MSCHAPv2 -DUSE_WPA2_TASK -DCONFIG_WPS2 -DCONFIG_WPS_PIN -DUSE_WPS_TASK -DESPRESSIF_USE -DESP32_WORKAROUND -DCONFIG_ECC -D__ets__ -Wno-strict-aliasing
size_t data_len);
int __must_check aes_128_cbc_decrypt(const u8 *key, const u8 *iv, u8 *data,
size_t data_len);
-int __must_check fast_aes_wrap(const uint8_t *kek, int n, const uint8_t *plain, uint8_t *cipher);
-int __must_check fast_aes_unwrap(const uint8_t *kek, int n, const uint8_t *cipher, uint8_t *plain);
-int __must_check fast_aes_128_cbc_encrypt(const uint8_t *key, const uint8_t *iv, uint8_t *data,
- size_t data_len);
-int __must_check fast_aes_128_cbc_decrypt(const uint8_t *key, const uint8_t *iv, uint8_t *data,
- size_t data_len);
#endif /* AES_WRAP_H */
int sha256_vector(size_t num_elem, const u8 *addr[], const size_t *len,
u8 *mac);
-/**
- * fast_sha256_vector - fast SHA256 hash for data vector
- * @num_elem: Number of elements in the data vector
- * @addr: Pointers to the data areas
- * @len: Lengths of the data blocks
- * @mac: Buffer for the hash
- * Returns: 0 on success, -1 on failure
- */
-int fast_sha256_vector(size_t num_elem, const uint8_t *addr[], const size_t *len,
- uint8_t *mac);
-
/**
* des_encrypt - Encrypt one block with DES
* @clear: 8 octets (in)
struct crypto_hash * crypto_hash_init(enum crypto_hash_alg alg, const u8 *key,
size_t key_len);
-/**
- * fast_crypto_hash_init - Initialize hash/HMAC function
- * @alg: Hash algorithm
- * @key: Key for keyed hash (e.g., HMAC) or %NULL if not needed
- * @key_len: Length of the key in bytes
- * Returns: Pointer to hash context to use with other hash functions or %NULL
- * on failure
- *
- * This function is only used with internal TLSv1 implementation
- * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need
- * to implement this.
- */
-struct crypto_hash * fast_crypto_hash_init(enum crypto_hash_alg alg, const uint8_t *key,
- size_t key_len);
-
/**
* crypto_hash_update - Add data to hash calculation
* @ctx: Context pointer from crypto_hash_init()
*/
void crypto_hash_update(struct crypto_hash *ctx, const u8 *data, size_t len);
-/**
- * fast_crypto_hash_update - Add data to hash calculation
- * @ctx: Context pointer from crypto_hash_init()
- * @data: Data buffer to add
- * @len: Length of the buffer
- *
- * This function is only used with internal TLSv1 implementation
- * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need
- * to implement this.
- */
-void fast_crypto_hash_update(struct crypto_hash *ctx, const uint8_t *data, size_t len);
-
/**
* crypto_hash_finish - Complete hash calculation
* @ctx: Context pointer from crypto_hash_init()
*/
int crypto_hash_finish(struct crypto_hash *ctx, u8 *hash, size_t *len);
-/**
- * fast_crypto_hash_finish - Complete hash calculation
- * @ctx: Context pointer from crypto_hash_init()
- * @hash: Buffer for hash value or %NULL if caller is just freeing the hash
- * context
- * @len: Pointer to length of the buffer or %NULL if caller is just freeing the
- * hash context; on return, this is set to the actual length of the hash value
- * Returns: 0 on success, -1 if buffer is too small (len set to needed length),
- * or -2 on other failures (including failed crypto_hash_update() operations)
- *
- * This function calculates the hash value and frees the context buffer that
- * was used for hash calculation.
- *
- * This function is only used with internal TLSv1 implementation
- * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need
- * to implement this.
- */
-int fast_crypto_hash_finish(struct crypto_hash *ctx, uint8_t *hash, size_t *len);
-
-
enum crypto_cipher_alg {
CRYPTO_CIPHER_NULL = 0, CRYPTO_CIPHER_ALG_AES, CRYPTO_CIPHER_ALG_3DES,
CRYPTO_CIPHER_ALG_DES, CRYPTO_CIPHER_ALG_RC2, CRYPTO_CIPHER_ALG_RC4
const u8 *iv, const u8 *key,
size_t key_len);
-/**
- * fast_crypto_cipher_init - Initialize block/stream cipher function
- * @alg: Cipher algorithm
- * @iv: Initialization vector for block ciphers or %NULL for stream ciphers
- * @key: Cipher key
- * @key_len: Length of key in bytes
- * Returns: Pointer to cipher context to use with other cipher functions or
- * %NULL on failure
- *
- * This function is only used with internal TLSv1 implementation
- * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need
- * to implement this.
- */
-struct crypto_cipher * fast_crypto_cipher_init(enum crypto_cipher_alg alg,
- const uint8_t *iv, const uint8_t *key,
- size_t key_len);
/**
* crypto_cipher_encrypt - Cipher encrypt
* @ctx: Context pointer from crypto_cipher_init()
int __must_check crypto_cipher_encrypt(struct crypto_cipher *ctx,
const u8 *plain, u8 *crypt, size_t len);
-/**
- * fast_crypto_cipher_encrypt - Cipher encrypt
- * @ctx: Context pointer from crypto_cipher_init()
- * @plain: Plaintext to cipher
- * @crypt: Resulting ciphertext
- * @len: Length of the plaintext
- * Returns: 0 on success, -1 on failure
- *
- * This function is only used with internal TLSv1 implementation
- * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need
- * to implement this.
- */
-int __must_check fast_crypto_cipher_encrypt(struct crypto_cipher *ctx,
- const uint8_t *plain, uint8_t *crypt, size_t len);
-
/**
* crypto_cipher_decrypt - Cipher decrypt
* @ctx: Context pointer from crypto_cipher_init()
int __must_check crypto_cipher_decrypt(struct crypto_cipher *ctx,
const u8 *crypt, u8 *plain, size_t len);
-/**
- * fast_crypto_cipher_decrypt - Cipher decrypt
- * @ctx: Context pointer from crypto_cipher_init()
- * @crypt: Ciphertext to decrypt
- * @plain: Resulting plaintext
- * @len: Length of the cipher text
- * Returns: 0 on success, -1 on failure
- *
- * This function is only used with internal TLSv1 implementation
- * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need
- * to implement this.
- */
-int __must_check fast_crypto_cipher_decrypt(struct crypto_cipher *ctx,
- const uint8_t *crypt, uint8_t *plain, size_t len);
-
/**
* crypto_cipher_decrypt - Free cipher context
* @ctx: Context pointer from crypto_cipher_init()
*/
void crypto_cipher_deinit(struct crypto_cipher *ctx);
-/**
- * fast_crypto_cipher_decrypt - Free cipher context
- * @ctx: Context pointer from crypto_cipher_init()
- *
- * This function is only used with internal TLSv1 implementation
- * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need
- * to implement this.
- */
-void fast_crypto_cipher_deinit(struct crypto_cipher *ctx);
-
struct crypto_public_key;
struct crypto_private_key;
const u8 *modulus, size_t modulus_len,
u8 *result, size_t *result_len);
-/**
- * fast_crypto_mod_exp - Modular exponentiation of large integers
- * @base: Base integer (big endian byte array)
- * @base_len: Length of base integer in bytes
- * @power: Power integer (big endian byte array)
- * @power_len: Length of power integer in bytes
- * @modulus: Modulus integer (big endian byte array)
- * @modulus_len: Length of modulus integer in bytes
- * @result: Buffer for the result
- * @result_len: Result length (max buffer size on input, real len on output)
- * Returns: 0 on success, -1 on failure
- *
- * This function calculates result = base ^ power mod modulus. modules_len is
- * used as the maximum size of modulus buffer. It is set to the used size on
- * success.
- *
- * This function is only used with internal TLSv1 implementation
- * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need
- * to implement this.
- */
-int __must_check fast_crypto_mod_exp(const uint8_t *base, size_t base_len,
- const uint8_t *power, size_t power_len,
- const uint8_t *modulus, size_t modulus_len,
- uint8_t *result, size_t *result_len);
-
/**
* rc4_skip - XOR RC4 stream to given data with skip-stream-start
* @key: RC4 key
void sha256_prf(const u8 *key, size_t key_len, const char *label,
const u8 *data, size_t data_len, u8 *buf, size_t buf_len);
-void fast_hmac_sha256_vector(const uint8_t *key, size_t key_len, size_t num_elem,
- const uint8_t *addr[], const size_t *len, uint8_t *mac);
-void fast_hmac_sha256(const uint8_t *key, size_t key_len, const uint8_t *data,
- size_t data_len, uint8_t *mac);
-void fast_sha256_prf(const uint8_t *key, size_t key_len, const char *label,
- const uint8_t *data, size_t data_len, uint8_t *buf, size_t buf_len);
#endif /* SHA256_H */
#define EAP_PEAP 1
#endif
+#if CONFIG_WPA_MBEDTLS_CRYPTO
+#define USE_MBEDTLS_CRYPTO 1
+#endif
+
#endif /* _SUPPLICANT_OPT_H */
ret = -1;
#ifdef CONFIG_IEEE80211W
- fast_sha256_prf(gmk, WPA_GMK_LEN, label, data, sizeof(data), gtk, gtk_len);
+ sha256_prf(gmk, WPA_GMK_LEN, label, data, sizeof(data), gtk, gtk_len);
#else /* CONFIG_IEEE80211W */
if (sha1_prf(gmk, WPA_GMK_LEN, label, data, sizeof(data), gtk, gtk_len) < 0)
ret = -1;
buf, key_data_len);
if (version == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES ||
version == WPA_KEY_INFO_TYPE_AES_128_CMAC) {
- if (fast_aes_wrap(sm->PTK.kek, (key_data_len - 8) / 8, buf,
+ if (aes_wrap(sm->PTK.kek, (key_data_len - 8) / 8, buf,
(u8 *) (key + 1))) {
os_free(hdr);
os_free(buf);
#ifdef CONFIG_IEEE80211W
if (use_sha256) {
- fast_sha256_prf(pmk, pmk_len, label, data, sizeof(data),
+ sha256_prf(pmk, pmk_len, label, data, sizeof(data),
ptk, ptk_len);
}
else
#ifdef CONFIG_IEEE80211W
if (use_sha256) {
- fast_hmac_sha256_vector(pmk, pmk_len, 3, addr, len, hash);
+ hmac_sha256_vector(pmk, pmk_len, 3, addr, len, hash);
}
else
#endif /* CONFIG_IEEE80211W */
*
* See README and COPYING for more details.
*/
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Hardware crypto support Copyright 2017-2019 Espressif Systems (Shanghai) PTE LTD
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
#include "utils/includes.h"
#include "crypto/aes.h"
#include "crypto/aes_wrap.h"
+#ifdef USE_MBEDTLS_CRYPTO
+#include "mbedtls/aes.h"
+
+/**
+ * aes_128_cbc_encrypt - AES-128 CBC encryption
+ * @key: Encryption key
+ * @iv: Encryption IV for CBC mode (16 bytes)
+ * @data: Data to encrypt in-place
+ * @data_len: Length of data in bytes (must be divisible by 16)
+ * Returns: 0 on success, -1 on failure
+ */
+int
+aes_128_cbc_encrypt(const u8 *key, const u8 *iv, u8 *data, size_t data_len)
+{
+ int ret = 0;
+ mbedtls_aes_context ctx;
+ u8 cbc[AES_BLOCK_SIZE];
+
+ mbedtls_aes_init(&ctx);
+
+ ret = mbedtls_aes_setkey_enc(&ctx, key, 128);
+ if(ret < 0) {
+ mbedtls_aes_free(&ctx);
+ return ret;
+ }
+
+ os_memcpy(cbc, iv, AES_BLOCK_SIZE);
+ ret = mbedtls_aes_crypt_cbc(&ctx, MBEDTLS_AES_ENCRYPT, data_len, cbc, data, data);
+ mbedtls_aes_free(&ctx);
+
+ return ret;
+}
+
+
+/**
+ * aes_128_cbc_decrypt - AES-128 CBC decryption
+ * @key: Decryption key
+ * @iv: Decryption IV for CBC mode (16 bytes)
+ * @data: Data to decrypt in-place
+ * @data_len: Length of data in bytes (must be divisible by 16)
+ * Returns: 0 on success, -1 on failure
+ */
+int
+aes_128_cbc_decrypt(const u8 *key, const u8 *iv, u8 *data, size_t data_len)
+{
+ int ret = 0;
+ mbedtls_aes_context ctx;
+ u8 cbc[AES_BLOCK_SIZE];
+
+ mbedtls_aes_init(&ctx);
+
+ ret = mbedtls_aes_setkey_dec(&ctx, key, 128);
+ if(ret < 0) {
+ mbedtls_aes_free(&ctx);
+ return ret;
+ }
+
+ os_memcpy(cbc, iv, AES_BLOCK_SIZE);
+ ret = mbedtls_aes_crypt_cbc(&ctx, MBEDTLS_AES_DECRYPT, data_len, cbc, data, data);
+ mbedtls_aes_free(&ctx);
+
+ return ret;
+
+}
+#else /* USE_MBEDTLS_CRYPTO */
+
/**
* aes_128_cbc_encrypt - AES-128 CBC encryption
* @key: Encryption key
* @data_len: Length of data in bytes (must be divisible by 16)
* Returns: 0 on success, -1 on failure
*/
-int
+int
aes_128_cbc_encrypt(const u8 *key, const u8 *iv, u8 *data, size_t data_len)
{
void *ctx;
* @data_len: Length of data in bytes (must be divisible by 16)
* Returns: 0 on success, -1 on failure
*/
-int
+int
aes_128_cbc_decrypt(const u8 *key, const u8 *iv, u8 *data, size_t data_len)
{
void *ctx;
aes_decrypt_deinit(ctx);
return 0;
}
+#endif /* USE_MBEDTLS_CRYPTO */
*
* See README and COPYING for more details.
*/
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Hardware crypto support Copyright 2017-2019 Espressif Systems (Shanghai) PTE LTD
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
#include "utils/includes.h"
#include "utils/common.h"
+#ifdef USE_MBEDTLS_CRYPTO
+#include "mbedtls/aes.h"
+#else /* USE_MBEDTLS_CRYPTO */
#include "crypto/aes.h"
#include "crypto/aes_wrap.h"
+#endif /* USE_MBEDTLS_CRYPTO */
/**
* aes_unwrap - Unwrap key with AES Key Wrap Algorithm (128-bit KEK) (RFC3394)
{
u8 a[8], *r, b[16];
int i, j;
+#ifdef USE_MBEDTLS_CRYPTO
+ int32_t ret = 0;
+ mbedtls_aes_context ctx;
+#else /* USE_MBEDTLS_CRYPTO */
void *ctx;
+#endif /* USE_MBEDTLS_CRYPTO */
/* 1) Initialize variables. */
os_memcpy(a, cipher, 8);
r = plain;
os_memcpy(r, cipher + 8, 8 * n);
+#ifdef USE_MBEDTLS_CRYPTO
+ mbedtls_aes_init(&ctx);
+ ret = mbedtls_aes_setkey_dec(&ctx, kek, 128);
+ if (ret < 0) {
+ mbedtls_aes_free(&ctx);
+ return ret;
+ }
+#else /* USE_MBEDTLS_CRYPTO */
ctx = aes_decrypt_init(kek, 16);
if (ctx == NULL)
return -1;
+#endif /* USE_MBEDTLS_CRYPTO */
/* 2) Compute intermediate values.
* For j = 5 to 0
b[7] ^= n * j + i;
os_memcpy(b + 8, r, 8);
+#ifdef USE_MBEDTLS_CRYPTO
+ ret = mbedtls_internal_aes_decrypt(&ctx, b, b);
+#else /* USE_MBEDTLS_CRYPTO */
aes_decrypt(ctx, b, b);
+#endif /* USE_MBEDTLS_CRYPTO */
os_memcpy(a, b, 8);
os_memcpy(r, b + 8, 8);
r -= 8;
}
}
+#ifdef USE_MBEDTLS_CRYPTO
+ mbedtls_aes_free(&ctx);
+#else /* USE_MBEDTLS_CRYPTO */
aes_decrypt_deinit(ctx);
+#endif /* USE_MBEDTLS_CRYPTO */
/* 3) Output results.
*
* This software may be distributed under the terms of the BSD license.
* See README for more details.
*/
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Hardware crypto support Copyright 2017-2019 Espressif Systems (Shanghai) PTE LTD
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
#include "utils/includes.h"
#include "utils/common.h"
#include "crypto/aes.h"
#include "crypto/aes_wrap.h"
+#ifdef USE_MBEDTLS_CRYPTO
+#include "mbedtls/aes.h"
+#endif /* USE_MBEDTLS_CRYPTO */
/**
* aes_wrap - Wrap keys with AES Key Wrap Algorithm (128-bit KEK) (RFC3394)
{
u8 *a, *r, b[16];
int i, j;
+#ifdef USE_MBEDTLS_CRYPTO
+ int32_t ret = 0;
+ mbedtls_aes_context ctx;
+#else /* USE_MBEDTLS_CRYPTO */
void *ctx;
+#endif /* USE_MBEDTLS_CRYPTO */
a = cipher;
r = cipher + 8;
os_memset(a, 0xa6, 8);
os_memcpy(r, plain, 8 * n);
+#ifdef USE_MBEDTLS_CRYPTO
+ mbedtls_aes_init(&ctx);
+ ret = mbedtls_aes_setkey_enc(&ctx, kek, 128);
+ if (ret < 0) {
+ mbedtls_aes_free(&ctx);
+ return ret;
+ }
+#else /* USE_MBEDTLS_CRYPTO */
ctx = aes_encrypt_init(kek, 16);
if (ctx == NULL)
return -1;
+#endif /* USE_MBEDTLS_CRYPTO */
/* 2) Calculate intermediate values.
* For j = 0 to 5
for (i = 1; i <= n; i++) {
os_memcpy(b, a, 8);
os_memcpy(b + 8, r, 8);
+#ifdef USE_MBEDTLS_CRYPTO
+ ret = mbedtls_internal_aes_encrypt(&ctx, b, b);
+ if (ret != 0)
+ break;
+#else /* USE_MBEDTLS_CRYPTO */
aes_encrypt(ctx, b, b);
+#endif /* USE_MBEDTLS_CRYPTO */
os_memcpy(a, b, 8);
a[7] ^= n * j + i;
os_memcpy(r, b + 8, 8);
r += 8;
}
}
+#ifdef USE_MBEDTLS_CRYPTO
+ mbedtls_aes_free(&ctx);
+#else /* USE_MBEDTLS_CRYPTO */
aes_encrypt_deinit(ctx);
+#endif /* USE_MBEDTLS_CRYPTO */
/* 3) Output the results.
*
* This software may be distributed under the terms of the BSD license.
* See README for more details.
*/
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Hardware crypto support Copyright 2017-2019 Espressif Systems (Shanghai) PTE LTD
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
#include "utils/common.h"
+#include "utils/includes.h"
#include "crypto/crypto.h"
#include "crypto/aes.h"
#if defined(CONFIG_DES) || defined(CONFIG_DES3)
#include "crypto/des_i.h"
#endif
+#ifdef USE_MBEDTLS_CRYPTO
+#include "mbedtls/aes.h"
+#endif /* USE_MBEDTLS_CRYPTO */
struct crypto_cipher {
enum crypto_cipher_alg alg;
} rc4;
struct {
u8 cbc[32];
+#ifdef USE_MBEDTLS_CRYPTO
+ mbedtls_aes_context ctx_enc;
+ mbedtls_aes_context ctx_dec;
+#else /* USE_MBEDTLS_CRYPTO */
void *ctx_enc;
void *ctx_dec;
+#endif /* USE_MBEDTLS_CRYPTO */
} aes;
#ifdef CONFIG_DES3
struct {
os_memcpy(ctx->u.rc4.key, key, key_len);
break;
case CRYPTO_CIPHER_ALG_AES:
+#ifdef USE_MBEDTLS_CRYPTO
+ mbedtls_aes_init(&(ctx->u.aes.ctx_enc));
+ mbedtls_aes_setkey_enc(&(ctx->u.aes.ctx_enc), key, key_len * 8);
+ mbedtls_aes_init(&(ctx->u.aes.ctx_dec));
+ mbedtls_aes_setkey_dec(&(ctx->u.aes.ctx_dec), key, key_len * 8);
+#else /* USE_MBEDTLS_CRYPTO */
ctx->u.aes.ctx_enc = aes_encrypt_init(key, key_len);
if (ctx->u.aes.ctx_enc == NULL) {
os_free(ctx);
os_free(ctx);
return NULL;
}
+#endif /* USE_MBEDTLS_CRYPTO */
os_memcpy(ctx->u.aes.cbc, iv, AES_BLOCK_SIZE);
break;
#ifdef CONFIG_DES3
for (i = 0; i < blocks; i++) {
for (j = 0; j < AES_BLOCK_SIZE; j++)
ctx->u.aes.cbc[j] ^= plain[j];
+#ifdef USE_MBEDTLS_CRYPTO
+ if (mbedtls_internal_aes_encrypt(&(ctx->u.aes.ctx_enc),
+ ctx->u.aes.cbc, ctx->u.aes.cbc) != 0)
+ return -1;
+#else /* USE_MBEDTLS_CRYPTO */
aes_encrypt(ctx->u.aes.ctx_enc, ctx->u.aes.cbc,
ctx->u.aes.cbc);
+#endif /* USE_MBEDTLS_CRYPTO */
os_memcpy(crypt, ctx->u.aes.cbc, AES_BLOCK_SIZE);
plain += AES_BLOCK_SIZE;
crypt += AES_BLOCK_SIZE;
blocks = len / AES_BLOCK_SIZE;
for (i = 0; i < blocks; i++) {
os_memcpy(tmp, crypt, AES_BLOCK_SIZE);
+#ifdef USE_MBEDTLS_CRYPTO
+ if (mbedtls_internal_aes_decrypt(&(ctx->u.aes.ctx_dec),
+ crypt, plain) != 0)
+ return -1;
+#else /* USE_MBEDTLS_CRYPTO */
aes_decrypt(ctx->u.aes.ctx_dec, crypt, plain);
+#endif /* USE_MBEDTLS_CRYPTO */
for (j = 0; j < AES_BLOCK_SIZE; j++)
plain[j] ^= ctx->u.aes.cbc[j];
os_memcpy(ctx->u.aes.cbc, tmp, AES_BLOCK_SIZE);
{
switch (ctx->alg) {
case CRYPTO_CIPHER_ALG_AES:
+#ifdef USE_MBEDTLS_CRYPTO
+ mbedtls_aes_free(&(ctx->u.aes.ctx_enc));
+ mbedtls_aes_free(&(ctx->u.aes.ctx_dec));
+#else /* USE_MBEDTLS_CRYPTO */
aes_encrypt_deinit(ctx->u.aes.ctx_enc);
aes_decrypt_deinit(ctx->u.aes.ctx_dec);
+#endif /* USE_MBEDTLS_CRYPTO */
break;
#ifdef CONFIG_DES3
case CRYPTO_CIPHER_ALG_3DES:
*
* See README and COPYING for more details.
*/
+/*
+ * Hardware crypto support Copyright 2017-2019 Espressif Systems (Shanghai) PTE LTD
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
#include "utils/includes.h"
#include "utils/common.h"
+#ifdef USE_MBEDTLS_CRYPTO
+#include "mbedtls/bignum.h"
+#else /* USE_MBEDTLS_CRYPTO */
#include "bignum.h"
+#endif /* USE_MBEDTLS_CRYPTO */
#include "crypto/crypto.h"
+#ifdef USE_MBEDTLS_CRYPTO
+int
+crypto_mod_exp(const uint8_t *base, size_t base_len,
+ const uint8_t *power, size_t power_len,
+ const uint8_t *modulus, size_t modulus_len,
+ uint8_t *result, size_t *result_len)
+{
+ mbedtls_mpi bn_base, bn_exp, bn_modulus, bn_result, bn_rinv;
+ int ret = 0;
+ mbedtls_mpi_init(&bn_base);
+ mbedtls_mpi_init(&bn_exp);
+ mbedtls_mpi_init(&bn_modulus);
+ mbedtls_mpi_init(&bn_result);
+ mbedtls_mpi_init(&bn_rinv);
+
+ mbedtls_mpi_read_binary(&bn_base, base, base_len);
+ mbedtls_mpi_read_binary(&bn_exp, power, power_len);
+ mbedtls_mpi_read_binary(&bn_modulus, modulus, modulus_len);
+
+ ret = mbedtls_mpi_exp_mod(&bn_result, &bn_base, &bn_exp, &bn_modulus, &bn_rinv);
+ if (ret < 0) {
+ mbedtls_mpi_free(&bn_base);
+ mbedtls_mpi_free(&bn_exp);
+ mbedtls_mpi_free(&bn_modulus);
+ mbedtls_mpi_free(&bn_result);
+ mbedtls_mpi_free(&bn_rinv);
+ return ret;
+ }
+
+ ret = mbedtls_mpi_write_binary(&bn_result, result, *result_len);
+ mbedtls_mpi_free(&bn_base);
+ mbedtls_mpi_free(&bn_exp);
+ mbedtls_mpi_free(&bn_modulus);
+ mbedtls_mpi_free(&bn_result);
+ mbedtls_mpi_free(&bn_rinv);
+
+ return ret;
+}
+#else /* USE_MBEDTLS_CRYPTO */
int
crypto_mod_exp(const u8 *base, size_t base_len,
const u8 *power, size_t power_len,
bignum_deinit(bn_result);
return ret;
}
+#endif /* USE_MBEDTLS_CRYPTO */
* This software may be distributed under the terms of the BSD license.
* See README for more details.
*/
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Hardware crypto support Copyright 2017-2019 Espressif Systems (Shanghai) PTE LTD
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
#include "utils/includes.h"
#include "utils/common.h"
#include "crypto/crypto.h"
#include "crypto/sha1_i.h"
#include "crypto/md5_i.h"
+#ifdef USE_MBEDTLS_CRYPTO
+#include "mbedtls/sha256.h"
+#endif
struct crypto_hash {
enum crypto_hash_alg alg;
struct MD5Context md5;
struct SHA1Context sha1;
#ifdef CONFIG_SHA256
+#ifdef USE_MBEDTLS_CRYPTO
+ mbedtls_sha256_context sha256;
+#else /* USE_MBEDTLS_CRYPTO */
struct sha256_state sha256;
+#endif /* USE_MBEDTLS_CRYPTO */
#endif /* CONFIG_SHA256 */
} u;
u8 key[64];
break;
#ifdef CONFIG_SHA256
case CRYPTO_HASH_ALG_SHA256:
+#ifdef USE_MBEDTLS_CRYPTO
+ mbedtls_sha256_init(&ctx->u.sha256);
+ mbedtls_sha256_starts(&ctx->u.sha256, 0);
+#else /* USE_MBEDTLS_CRYPTO */
sha256_init(&ctx->u.sha256);
+#endif /* USE_MBEDTLS_CRYPTO */
break;
#endif /* CONFIG_SHA256 */
case CRYPTO_HASH_ALG_HMAC_MD5:
#ifdef CONFIG_SHA256
case CRYPTO_HASH_ALG_HMAC_SHA256:
if (key_len > sizeof(k_pad)) {
+#ifdef USE_MBEDTLS_CRYPTO
+ mbedtls_sha256_init(&ctx->u.sha256);
+ mbedtls_sha256_starts(&ctx->u.sha256, 0);
+ mbedtls_sha256_update(&ctx->u.sha256, key, key_len);
+ mbedtls_sha256_finish(&ctx->u.sha256, tk);
+ mbedtls_sha256_free(&ctx->u.sha256);
+#else /* USE_MBEDTLS_CRYPTO */
sha256_init(&ctx->u.sha256);
sha256_process(&ctx->u.sha256, key, key_len);
sha256_done(&ctx->u.sha256, tk);
+#endif /* USE_MBEDTLS_CRYPTO */
key = tk;
key_len = 32;
}
os_memset(k_pad + key_len, 0, sizeof(k_pad) - key_len);
for (i = 0; i < sizeof(k_pad); i++)
k_pad[i] ^= 0x36;
+#ifdef USE_MBEDTLS_CRYPTO
+ mbedtls_sha256_init(&ctx->u.sha256);
+ mbedtls_sha256_starts(&ctx->u.sha256, 0);
+ mbedtls_sha256_update(&ctx->u.sha256, k_pad, sizeof(k_pad));
+#else /* USE_MBEDTLS_CRYPTO */
sha256_init(&ctx->u.sha256);
sha256_process(&ctx->u.sha256, k_pad, sizeof(k_pad));
+#endif /* USE_MBEDTLS_CRYPTO */
break;
#endif /* CONFIG_SHA256 */
default:
#ifdef CONFIG_SHA256
case CRYPTO_HASH_ALG_SHA256:
case CRYPTO_HASH_ALG_HMAC_SHA256:
+#ifdef USE_MBEDTLS_CRYPTO
+ mbedtls_sha256_update(&ctx->u.sha256, data, len);
+#else /* USE_MBEDTLS_CRYPTO */
sha256_process(&ctx->u.sha256, data, len);
+#endif /* USE_MBEDTLS_CRYPTO */
break;
#endif /* CONFIG_SHA256 */
default:
return -1;
}
*len = 32;
+#ifdef USE_MBEDTLS_CRYPTO
+ mbedtls_sha256_finish(&ctx->u.sha256, mac);
+ mbedtls_sha256_free(&ctx->u.sha256);
+#else /* USE_MBEDTLS_CRYPTO */
sha256_done(&ctx->u.sha256, mac);
+#endif /* USE_MBEDTLS_CRYPTO */
break;
#endif /* CONFIG_SHA256 */
case CRYPTO_HASH_ALG_HMAC_MD5:
}
*len = 32;
+#ifdef USE_MBEDTLS_CRYPTO
+ mbedtls_sha256_finish(&ctx->u.sha256, mac);
+ mbedtls_sha256_free(&ctx->u.sha256);
+#else /* USE_MBEDTLS_CRYPTO */
sha256_done(&ctx->u.sha256, mac);
+#endif /* USE_MBEDTLS_CRYPTO */
os_memcpy(k_pad, ctx->key, ctx->key_len);
os_memset(k_pad + ctx->key_len, 0,
sizeof(k_pad) - ctx->key_len);
for (i = 0; i < sizeof(k_pad); i++)
k_pad[i] ^= 0x5c;
+#ifdef USE_MBEDTLS_CRYPTO
+ mbedtls_sha256_init(&ctx->u.sha256);
+ mbedtls_sha256_starts(&ctx->u.sha256, 0);
+ mbedtls_sha256_update(&ctx->u.sha256, k_pad, sizeof(k_pad));
+ mbedtls_sha256_update(&ctx->u.sha256, mac, 32);
+ mbedtls_sha256_finish(&ctx->u.sha256, mac);
+ mbedtls_sha256_free(&ctx->u.sha256);
+#else /* USE_MBEDTLS_CRYPTO */
sha256_init(&ctx->u.sha256);
sha256_process(&ctx->u.sha256, k_pad, sizeof(k_pad));
sha256_process(&ctx->u.sha256, mac, 32);
sha256_done(&ctx->u.sha256, mac);
+#endif /* USE_MBEDTLS_CRYPTO */
break;
#endif /* CONFIG_SHA256 */
default:
if (pv == NULL)
return NULL;
- if (fast_crypto_mod_exp(dh->generator, dh->generator_len,
+ if (crypto_mod_exp(dh->generator, dh->generator_len,
wpabuf_head(*priv), wpabuf_len(*priv),
dh->prime, dh->prime_len, wpabuf_mhead(pv),
&pv_len)) {
if (shared == NULL)
return NULL;
- if (fast_crypto_mod_exp(wpabuf_head(peer_public), wpabuf_len(peer_public),
+ if (crypto_mod_exp(wpabuf_head(peer_public), wpabuf_len(peer_public),
wpabuf_head(own_private), wpabuf_len(own_private),
dh->prime, dh->prime_len,
wpabuf_mhead(shared), &shared_len)) {
*
* See README and COPYING for more details.
*/
+/*
+ * Hardware crypto support Copyright 2017-2019 Espressif Systems (Shanghai) PTE LTD
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
#include "utils/includes.h"
#include "utils/common.h"
+#ifdef USE_MBEDTLS_CRYPTO
+#include "mbedtls/sha256.h"
+#else /* USE_MBEDTLS_CRYPTO */
#include "crypto/sha256.h"
#include "crypto/crypto.h"
+#endif /* USE_MBEDTLS_CRYPTO */
+
+#ifdef USE_MBEDTLS_CRYPTO
+/**
+ * sha256_vector - SHA256 hash for data vector
+ * @num_elem: Number of elements in the data vector
+ * @addr: Pointers to the data areas
+ * @len: Lengths of the data blocks
+ * @mac: Buffer for the hash
+ * Returns: 0 on success, -1 of failure
+ */
+int
+sha256_vector(size_t num_elem, const u8 *addr[], const size_t *len,
+ u8 *mac)
+{
+ int ret = 0;
+ mbedtls_sha256_context ctx;
+
+ mbedtls_sha256_init(&ctx);
+
+ if (mbedtls_sha256_starts_ret(&ctx, 0) != 0) {
+ ret = -1;
+ goto out;
+ }
+
+ for(size_t index = 0; index < num_elem; index++) {
+ if (mbedtls_sha256_update_ret(&ctx, addr[index], len[index]) != 0) {
+ ret = -1;
+ goto out;
+ }
+ }
+
+ if (mbedtls_sha256_finish_ret(&ctx, mac) != 0) {
+ ret = -1;
+ goto out;
+ }
+
+out:
+ mbedtls_sha256_free(&ctx);
+
+ return ret;
+}
+#else /* USE_MBEDTLS_CRYPTO */
#define SHA256_BLOCK_SIZE 64
return 0;
}
+#endif /* USE_MBEDTLS_CRYPTO */
/* ===== end - public domain SHA256 implementation ===== */
*
* See README and COPYING for more details.
*/
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Hardware crypto support Copyright 2017-2019 Espressif Systems (Shanghai) PTE LTD
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
#include "utils/includes.h"
+++ /dev/null
-// Hardware crypto support Copyright 2017 Espressif Systems (Shanghai) PTE LTD
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-
-
-#include "utils/includes.h"
-#include "utils/common.h"
-#include "crypto/aes.h"
-#include "crypto/aes_wrap.h"
-#include "mbedtls/aes.h"
-
-/**
- * fast_aes_128_cbc_encrypt - AES-128 CBC encryption
- * @key: Encryption key
- * @iv: Encryption IV for CBC mode (16 bytes)
- * @data: Data to encrypt in-place
- * @data_len: Length of data in bytes (must be divisible by 16)
- * Returns: 0 on success, -1 on failure
- */
-int
-fast_aes_128_cbc_encrypt(const uint8_t *key, const uint8_t *iv, uint8_t *data, size_t data_len)
-{
- int ret = 0;
- mbedtls_aes_context ctx;
- uint8_t cbc[AES_BLOCK_SIZE];
-
- mbedtls_aes_init(&ctx);
-
- ret = mbedtls_aes_setkey_enc(&ctx, key, 128);
-
- if(ret < 0) {
- mbedtls_aes_free(&ctx);
- return ret;
- }
-
- os_memcpy(cbc, iv, AES_BLOCK_SIZE);
-
- ret = mbedtls_aes_crypt_cbc(&ctx, MBEDTLS_AES_ENCRYPT, data_len, cbc, data, data);
-
- mbedtls_aes_free(&ctx);
-
- return ret;
-}
-
-
-/**
- * fast_aes_128_cbc_decrypt - AES-128 CBC decryption
- * @key: Decryption key
- * @iv: Decryption IV for CBC mode (16 bytes)
- * @data: Data to decrypt in-place
- * @data_len: Length of data in bytes (must be divisible by 16)
- * Returns: 0 on success, -1 on failure
- */
-int
-fast_aes_128_cbc_decrypt(const uint8_t *key, const uint8_t *iv, uint8_t *data, size_t data_len)
-{
- int ret = 0;
- mbedtls_aes_context ctx;
- uint8_t cbc[AES_BLOCK_SIZE];
-
- mbedtls_aes_init(&ctx);
-
- ret = mbedtls_aes_setkey_dec(&ctx, key, 128);
-
- if(ret < 0) {
- mbedtls_aes_free(&ctx);
- return ret;
- }
-
- os_memcpy(cbc, iv, AES_BLOCK_SIZE);
-
- ret = mbedtls_aes_crypt_cbc(&ctx, MBEDTLS_AES_DECRYPT, data_len, cbc, data, data);
-
- mbedtls_aes_free(&ctx);
-
- return ret;
-
-}
+++ /dev/null
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Hardware crypto support Copyright 2017 Espressif Systems (Shanghai) PTE LTD
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-#include "utils/includes.h"
-#include "utils/common.h"
-#include "mbedtls/aes.h"
-
-/**
- * fast_aes_unwrap - Unwrap key with AES Key Wrap Algorithm (128-bit KEK) (RFC3394)
- * @kek: Key encryption key (KEK)
- * @n: Length of the plaintext key in 64-bit units; e.g., 2 = 128-bit = 16
- * bytes
- * @cipher: Wrapped key to be unwrapped, (n + 1) * 64 bits
- * @plain: Plaintext key, n * 64 bits
- * Returns: 0 on success, -1 on failure (e.g., integrity verification failed)
- */
-int
-fast_aes_unwrap(const uint8_t *kek, int n, const uint8_t *cipher, uint8_t *plain)
-{
- uint8_t a[8], *r, b[16];
- int32_t i, j;
- int32_t ret = 0;
- mbedtls_aes_context ctx;
-
- /* 1) Initialize variables. */
- os_memcpy(a, cipher, 8);
- r = plain;
- os_memcpy(r, cipher + 8, 8 * n);
-
- mbedtls_aes_init(&ctx);
- ret = mbedtls_aes_setkey_dec(&ctx, kek, 128);
- if (ret < 0) {
- mbedtls_aes_free(&ctx);
- return ret;
- }
-
- /* 2) Compute intermediate values.
- * For j = 5 to 0
- * For i = n to 1
- * B = AES-1(K, (A ^ t) | R[i]) where t = n*j+i
- * A = MSB(64, B)
- * R[i] = LSB(64, B)
- */
- for (j = 5; j >= 0; j--) {
- r = plain + (n - 1) * 8;
- for (i = n; i >= 1; i--) {
- os_memcpy(b, a, 8);
- b[7] ^= n * j + i;
- os_memcpy(b + 8, r, 8);
- ret = mbedtls_internal_aes_decrypt(&ctx, b, b);
- if (ret != 0) {
- break;
- }
- os_memcpy(a, b, 8);
- os_memcpy(r, b + 8, 8);
- r -= 8;
- }
- }
- mbedtls_aes_free(&ctx);
-
- /* 3) Output results.
- *
- * These are already in @plain due to the location of temporary
- * variables. Just verify that the IV matches with the expected value.
- */
- for (i = 0; i < 8; i++) {
- if (a[i] != 0xa6) {
- return -1;
- }
- }
-
- return ret;
-}
+++ /dev/null
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Hardware crypto support Copyright 2017 Espressif Systems (Shanghai) PTE LTD
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-#include "utils/includes.h"
-
-#include "utils/common.h"
-#include "crypto/aes.h"
-#include "crypto/aes_wrap.h"
-#include "mbedtls/aes.h"
-
-/**
- * fast_aes_wrap - Wrap keys with AES Key Wrap Algorithm (128-bit KEK) (RFC3394)
- * @kek: 16-octet Key encryption key (KEK)
- * @n: Length of the plaintext key in 64-bit units; e.g., 2 = 128-bit = 16
- * bytes
- * @plain: Plaintext key to be wrapped, n * 64 bits
- * @cipher: Wrapped key, (n + 1) * 64 bits
- * Returns: 0 on success, -1 on failure
- */
-int fast_aes_wrap(const uint8_t *kek, int n, const uint8_t *plain, uint8_t *cipher)
-{
- uint8_t *a, *r, b[16];
- int32_t i, j;
- int32_t ret = 0;
- mbedtls_aes_context ctx;
-
- a = cipher;
- r = cipher + 8;
-
- /* 1) Initialize variables. */
- os_memset(a, 0xa6, 8);
- os_memcpy(r, plain, 8 * n);
-
- mbedtls_aes_init(&ctx);
- ret = mbedtls_aes_setkey_enc(&ctx, kek, 128);
- if (ret < 0) {
- mbedtls_aes_free(&ctx);
- return ret;
- }
-
- /* 2) Calculate intermediate values.
- * For j = 0 to 5
- * For i=1 to n
- * B = AES(K, A | R[i])
- * A = MSB(64, B) ^ t where t = (n*j)+i
- * R[i] = LSB(64, B)
- */
- for (j = 0; j <= 5; j++) {
- r = cipher + 8;
- for (i = 1; i <= n; i++) {
- os_memcpy(b, a, 8);
- os_memcpy(b + 8, r, 8);
- ret = mbedtls_internal_aes_encrypt(&ctx, b, b);
- if (ret != 0) {
- break;
- }
- os_memcpy(a, b, 8);
- a[7] ^= n * j + i;
- os_memcpy(r, b + 8, 8);
- r += 8;
- }
- }
- mbedtls_aes_free(&ctx);
-
- /* 3) Output the results.
- *
- * These are already in @cipher due to the location of temporary
- * variables.
- */
-
- return ret;
-}
+++ /dev/null
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Hardware crypto support Copyright 2017 Espressif Systems (Shanghai) PTE LTD
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-//#include "utils/includes.h"
-
-//#include "utils/common.h"
-#include "utils/common.h"
-#include "crypto/crypto.h"
-#include "crypto/aes.h"
-#if defined(CONFIG_DES) || defined(CONFIG_DES3)
-#include "crypto/des_i.h"
-#endif
-#include "mbedtls/aes.h"
-
-struct fast_crypto_cipher {
- enum crypto_cipher_alg alg;
- union {
- struct {
- size_t used_bytes;
- uint8_t key[16];
- size_t keylen;
- } rc4;
- struct {
- uint8_t cbc[32];
- mbedtls_aes_context ctx_enc;
- mbedtls_aes_context ctx_dec;
- } aes;
-#ifdef CONFIG_DES3
- struct {
- struct des3_key_s key;
- uint8_t cbc[8];
- } des3;
-#endif
-#ifdef CONFIG_DES
- struct {
- uint32_t ek[32];
- uint32_t dk[32];
- uint32_t cbc[8];
- } des;
-#endif
- } u;
-};
-
-
-struct crypto_cipher * fast_crypto_cipher_init(enum crypto_cipher_alg alg,
- const uint8_t *iv, const uint8_t *key,
- size_t key_len)
-{
- struct fast_crypto_cipher *ctx;
-
- ctx = (struct fast_crypto_cipher *)os_zalloc(sizeof(*ctx));
- if (ctx == NULL) {
- return NULL;
- }
-
- ctx->alg = alg;
-
- switch (alg) {
- case CRYPTO_CIPHER_ALG_RC4:
- if (key_len > sizeof(ctx->u.rc4.key)) {
- os_free(ctx);
- return NULL;
- }
- ctx->u.rc4.keylen = key_len;
- os_memcpy(ctx->u.rc4.key, key, key_len);
- break;
- case CRYPTO_CIPHER_ALG_AES:
- mbedtls_aes_init(&(ctx->u.aes.ctx_enc));
- mbedtls_aes_setkey_enc(&(ctx->u.aes.ctx_enc), key, key_len * 8);
- mbedtls_aes_init(&(ctx->u.aes.ctx_dec));
- mbedtls_aes_setkey_dec(&(ctx->u.aes.ctx_dec), key, key_len * 8);
- os_memcpy(ctx->u.aes.cbc, iv, AES_BLOCK_SIZE);
- break;
-#ifdef CONFIG_DES3
- case CRYPTO_CIPHER_ALG_3DES:
- if (key_len != 24) {
- os_free(ctx);
- return NULL;
- }
- des3_key_setup(key, &ctx->u.des3.key);
- os_memcpy(ctx->u.des3.cbc, iv, 8);
- break;
-#endif
-#ifdef CONFIG_DES
- case CRYPTO_CIPHER_ALG_DES:
- if (key_len != 8) {
- os_free(ctx);
- return NULL;
- }
- des_key_setup(key, ctx->u.des.ek, ctx->u.des.dk);
- os_memcpy(ctx->u.des.cbc, iv, 8);
- break;
-#endif
- default:
- os_free(ctx);
- return NULL;
- }
-
- return (struct crypto_cipher *)ctx;
-}
-
-
-int fast_crypto_cipher_encrypt(struct crypto_cipher *ctx, const uint8_t *plain,
- uint8_t *crypt, size_t len)
-{
- size_t i, j, blocks;
- struct fast_crypto_cipher *fast_ctx;
-
- fast_ctx = (struct fast_crypto_cipher *)ctx;
-
- switch (fast_ctx->alg) {
- case CRYPTO_CIPHER_ALG_RC4:
- if (plain != crypt) {
- os_memcpy(crypt, plain, len);
- }
- rc4_skip(fast_ctx->u.rc4.key, fast_ctx->u.rc4.keylen,
- fast_ctx->u.rc4.used_bytes, crypt, len);
- fast_ctx->u.rc4.used_bytes += len;
- break;
- case CRYPTO_CIPHER_ALG_AES:
- if (len % AES_BLOCK_SIZE) {
- return -1;
- }
- blocks = len / AES_BLOCK_SIZE;
- for (i = 0; i < blocks; i++) {
- for (j = 0; j < AES_BLOCK_SIZE; j++)
- fast_ctx->u.aes.cbc[j] ^= plain[j];
- if (mbedtls_internal_aes_encrypt(&(fast_ctx->u.aes.ctx_enc), fast_ctx->u.aes.cbc, fast_ctx->u.aes.cbc) != 0) {
- return -1;
- }
- os_memcpy(crypt, fast_ctx->u.aes.cbc, AES_BLOCK_SIZE);
- plain += AES_BLOCK_SIZE;
- crypt += AES_BLOCK_SIZE;
- }
- break;
-#ifdef CONFIG_DES3
- case CRYPTO_CIPHER_ALG_3DES:
- if (len % 8) {
- return -1;
- }
- blocks = len / 8;
- for (i = 0; i < blocks; i++) {
- for (j = 0; j < 8; j++)
- fast_ctx->u.des3.cbc[j] ^= plain[j];
- des3_encrypt(fast_ctx->u.des3.cbc, &fast_ctx->u.des3.key,
- fast_ctx->u.des3.cbc);
- os_memcpy(crypt, fast_ctx->u.des3.cbc, 8);
- plain += 8;
- crypt += 8;
- }
- break;
-#endif
-#ifdef CONFIG_DES
- case CRYPTO_CIPHER_ALG_DES:
- if (len % 8) {
- return -1;
- }
- blocks = len / 8;
- for (i = 0; i < blocks; i++) {
- for (j = 0; j < 8; j++)
- fast_ctx->u.des3.cbc[j] ^= plain[j];
- des_block_encrypt(fast_ctx->u.des.cbc, fast_ctx->u.des.ek,
- fast_ctx->u.des.cbc);
- os_memcpy(crypt, fast_ctx->u.des.cbc, 8);
- plain += 8;
- crypt += 8;
- }
- break;
-#endif
- default:
- return -1;
- }
-
- return 0;
-}
-
-
-int fast_crypto_cipher_decrypt(struct crypto_cipher *ctx, const uint8_t *crypt,
- uint8_t *plain, size_t len)
-{
- size_t i, j, blocks;
- uint8_t tmp[32];
- struct fast_crypto_cipher *fast_ctx;
-
- fast_ctx = (struct fast_crypto_cipher *)ctx;
-
- switch (fast_ctx->alg) {
- case CRYPTO_CIPHER_ALG_RC4:
- if (plain != crypt) {
- os_memcpy(plain, crypt, len);
- }
- rc4_skip(fast_ctx->u.rc4.key, fast_ctx->u.rc4.keylen,
- fast_ctx->u.rc4.used_bytes, plain, len);
- fast_ctx->u.rc4.used_bytes += len;
- break;
- case CRYPTO_CIPHER_ALG_AES:
- if (len % AES_BLOCK_SIZE) {
- return -1;
- }
- blocks = len / AES_BLOCK_SIZE;
- for (i = 0; i < blocks; i++) {
- os_memcpy(tmp, crypt, AES_BLOCK_SIZE);
- if (mbedtls_internal_aes_decrypt(&(fast_ctx->u.aes.ctx_dec), crypt, plain) != 0) {
- return -1;
- }
- for (j = 0; j < AES_BLOCK_SIZE; j++)
- plain[j] ^= fast_ctx->u.aes.cbc[j];
- os_memcpy(fast_ctx->u.aes.cbc, tmp, AES_BLOCK_SIZE);
- plain += AES_BLOCK_SIZE;
- crypt += AES_BLOCK_SIZE;
- }
- break;
-#ifdef CONFIG_DES3
- case CRYPTO_CIPHER_ALG_3DES:
- if (len % 8) {
- return -1;
- }
- blocks = len / 8;
- for (i = 0; i < blocks; i++) {
- os_memcpy(tmp, crypt, 8);
- des3_decrypt(crypt, &fast_ctx->u.des3.key, plain);
- for (j = 0; j < 8; j++) {
- plain[j] ^= fast_ctx->u.des3.cbc[j];
- }
- os_memcpy(fast_ctx->u.des3.cbc, tmp, 8);
- plain += 8;
- crypt += 8;
- }
- break;
-#endif
-#ifdef CONFIG_DES
- case CRYPTO_CIPHER_ALG_DES:
- if (len % 8) {
- return -1;
- }
- blocks = len / 8;
- for (i = 0; i < blocks; i++) {
- os_memcpy(tmp, crypt, 8);
- des_block_decrypt(crypt, fast_ctx->u.des.dk, plain);
- for (j = 0; j < 8; j++) {
- plain[j] ^= fast_ctx->u.des.cbc[j];
- }
- os_memcpy(fast_ctx->u.des.cbc, tmp, 8);
- plain += 8;
- crypt += 8;
- }
- break;
-#endif
- default:
- return -1;
-}
-
-return 0;
-}
-
-
-void fast_crypto_cipher_deinit(struct crypto_cipher *ctx)
-{
- struct fast_crypto_cipher *fast_ctx;
-
- fast_ctx = (struct fast_crypto_cipher *)ctx;
-
- switch (fast_ctx->alg) {
- case CRYPTO_CIPHER_ALG_AES:
- mbedtls_aes_free(&(fast_ctx->u.aes.ctx_enc));
- mbedtls_aes_free(&(fast_ctx->u.aes.ctx_dec));
- break;
-#ifdef CONFIG_DES3
- case CRYPTO_CIPHER_ALG_3DES:
- break;
-#endif
- default:
- break;
- }
- os_free(ctx);
-}
+++ /dev/null
-// Hardware crypto support Copyright 2017 Espressif Systems (Shanghai) PTE LTD
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-#include "utils/includes.h"
-
-#include "utils/common.h"
-#include "crypto/crypto.h"
-#include "mbedtls/bignum.h"
-
-int
-fast_crypto_mod_exp(const uint8_t *base, size_t base_len,
- const uint8_t *power, size_t power_len,
- const uint8_t *modulus, size_t modulus_len,
- uint8_t *result, size_t *result_len)
-{
- mbedtls_mpi bn_base, bn_exp, bn_modulus, bn_result, bn_rinv;
- int32_t ret = 0;
- mbedtls_mpi_init(&bn_base);
- mbedtls_mpi_init(&bn_exp);
- mbedtls_mpi_init(&bn_modulus);
- mbedtls_mpi_init(&bn_result);
- mbedtls_mpi_init(&bn_rinv);
-
- mbedtls_mpi_read_binary(&bn_base, base, base_len);
- mbedtls_mpi_read_binary(&bn_exp, power, power_len);
- mbedtls_mpi_read_binary(&bn_modulus, modulus, modulus_len);
-
- ret = mbedtls_mpi_exp_mod(&bn_result, &bn_base, &bn_exp, &bn_modulus, &bn_rinv);
- if (ret < 0) {
- mbedtls_mpi_free(&bn_base);
- mbedtls_mpi_free(&bn_exp);
- mbedtls_mpi_free(&bn_modulus);
- mbedtls_mpi_free(&bn_result);
- mbedtls_mpi_free(&bn_rinv);
- return ret;
- }
-
- ret = mbedtls_mpi_write_binary(&bn_result, result, *result_len);
-
-
- mbedtls_mpi_free(&bn_base);
- mbedtls_mpi_free(&bn_exp);
- mbedtls_mpi_free(&bn_modulus);
- mbedtls_mpi_free(&bn_result);
- mbedtls_mpi_free(&bn_rinv);
-
- return ret;
-}
+++ /dev/null
-/*
- * Crypto wrapper for internal crypto implementation
- * Copyright (c) 2006-2011, Jouni Malinen <j@w1.fi>
- *
- * Hardware crypto support Copyright 2017 Espressif Systems (Shanghai) PTE LTD
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "utils/includes.h"
-#include "utils/common.h"
-#include "crypto/crypto.h"
-#include "crypto/sha1_i.h"
-#include "crypto/md5_i.h"
-#include "mbedtls/sha256.h"
-
-
-struct fast_crypto_hash {
- enum crypto_hash_alg alg;
- union {
- struct MD5Context md5;
- struct SHA1Context sha1;
-#ifdef CONFIG_SHA256
- mbedtls_sha256_context sha256;
-#endif /* CONFIG_SHA256 */
- } u;
- u8 key[64];
- size_t key_len;
-};
-
-struct crypto_hash * fast_crypto_hash_init(enum crypto_hash_alg alg, const u8 *key,
- size_t key_len)
-{
- struct fast_crypto_hash *ctx;
- u8 k_pad[64];
- u8 tk[32];
- size_t i;
-
- ctx = (struct fast_crypto_hash *)os_zalloc(sizeof(*ctx));
- if (ctx == NULL)
- return NULL;
-
- ctx->alg = alg;
-
- switch (alg) {
- case CRYPTO_HASH_ALG_MD5:
- MD5Init(&ctx->u.md5);
- break;
- case CRYPTO_HASH_ALG_SHA1:
- SHA1Init(&ctx->u.sha1);
- break;
-#ifdef CONFIG_SHA256
- case CRYPTO_HASH_ALG_SHA256:
- mbedtls_sha256_init(&ctx->u.sha256);
- mbedtls_sha256_starts(&ctx->u.sha256, 0);
- break;
-#endif /* CONFIG_SHA256 */
- case CRYPTO_HASH_ALG_HMAC_MD5:
- if (key_len > sizeof(k_pad)) {
- MD5Init(&ctx->u.md5);
- MD5Update(&ctx->u.md5, key, key_len);
- MD5Final(tk, &ctx->u.md5);
- key = tk;
- key_len = 16;
- }
- os_memcpy(ctx->key, key, key_len);
- ctx->key_len = key_len;
-
- os_memcpy(k_pad, key, key_len);
- if (key_len < sizeof(k_pad))
- os_memset(k_pad + key_len, 0, sizeof(k_pad) - key_len);
- for (i = 0; i < sizeof(k_pad); i++)
- k_pad[i] ^= 0x36;
- MD5Init(&ctx->u.md5);
- MD5Update(&ctx->u.md5, k_pad, sizeof(k_pad));
- break;
- case CRYPTO_HASH_ALG_HMAC_SHA1:
- if (key_len > sizeof(k_pad)) {
- SHA1Init(&ctx->u.sha1);
- SHA1Update(&ctx->u.sha1, key, key_len);
- SHA1Final(tk, &ctx->u.sha1);
- key = tk;
- key_len = 20;
- }
- os_memcpy(ctx->key, key, key_len);
- ctx->key_len = key_len;
-
- os_memcpy(k_pad, key, key_len);
- if (key_len < sizeof(k_pad))
- os_memset(k_pad + key_len, 0, sizeof(k_pad) - key_len);
- for (i = 0; i < sizeof(k_pad); i++)
- k_pad[i] ^= 0x36;
- SHA1Init(&ctx->u.sha1);
- SHA1Update(&ctx->u.sha1, k_pad, sizeof(k_pad));
- break;
-#ifdef CONFIG_SHA256
- case CRYPTO_HASH_ALG_HMAC_SHA256:
- if (key_len > sizeof(k_pad)) {
- mbedtls_sha256_init(&ctx->u.sha256);
- mbedtls_sha256_starts(&ctx->u.sha256, 0);
- mbedtls_sha256_update(&ctx->u.sha256, key, key_len);
- mbedtls_sha256_finish(&ctx->u.sha256, tk);
- mbedtls_sha256_free(&ctx->u.sha256);
- key = tk;
- key_len = 32;
- }
- os_memcpy(ctx->key, key, key_len);
- ctx->key_len = key_len;
-
- os_memcpy(k_pad, key, key_len);
- if (key_len < sizeof(k_pad))
- os_memset(k_pad + key_len, 0, sizeof(k_pad) - key_len);
- for (i = 0; i < sizeof(k_pad); i++)
- k_pad[i] ^= 0x36;
- mbedtls_sha256_init(&ctx->u.sha256);
- mbedtls_sha256_starts(&ctx->u.sha256, 0);
- mbedtls_sha256_update(&ctx->u.sha256, k_pad, sizeof(k_pad));
- break;
-#endif /* CONFIG_SHA256 */
- default:
- os_free(ctx);
- return NULL;
- }
-
- return (struct crypto_hash *)ctx;
-}
-
-
-void fast_crypto_hash_update(struct crypto_hash *ctx, const u8 *data, size_t len)
-{
-
- struct fast_crypto_hash *fast_ctx;
- fast_ctx = (struct fast_crypto_hash *)ctx;
-
- if (fast_ctx == NULL)
- return;
-
- switch (fast_ctx->alg) {
- case CRYPTO_HASH_ALG_MD5:
- case CRYPTO_HASH_ALG_HMAC_MD5:
- MD5Update(&fast_ctx->u.md5, data, len);
- break;
- case CRYPTO_HASH_ALG_SHA1:
- case CRYPTO_HASH_ALG_HMAC_SHA1:
- SHA1Update(&fast_ctx->u.sha1, data, len);
- break;
-#ifdef CONFIG_SHA256
- case CRYPTO_HASH_ALG_SHA256:
- case CRYPTO_HASH_ALG_HMAC_SHA256:
- mbedtls_sha256_update(&fast_ctx->u.sha256, data, len);
- break;
-#endif /* CONFIG_SHA256 */
- default:
- break;
- }
-}
-
-
-int fast_crypto_hash_finish(struct crypto_hash *ctx, u8 *mac, size_t *len)
-{
- u8 k_pad[64];
- size_t i;
- struct fast_crypto_hash *fast_ctx;
-
- if (ctx == NULL)
- return -2;
-
- fast_ctx = (struct fast_crypto_hash *)ctx;
-
- if (mac == NULL || len == NULL) {
- os_free(fast_ctx);
- return 0;
- }
-
- switch (fast_ctx->alg) {
- case CRYPTO_HASH_ALG_MD5:
- if (*len < 16) {
- *len = 16;
- os_free(fast_ctx);
- return -1;
- }
- *len = 16;
- MD5Final(mac, &fast_ctx->u.md5);
- break;
- case CRYPTO_HASH_ALG_SHA1:
- if (*len < 20) {
- *len = 20;
- os_free(fast_ctx);
- return -1;
- }
- *len = 20;
- SHA1Final(mac, &fast_ctx->u.sha1);
- break;
-#ifdef CONFIG_SHA256
- case CRYPTO_HASH_ALG_SHA256:
- if (*len < 32) {
- *len = 32;
- os_free(fast_ctx);
- return -1;
- }
- *len = 32;
- mbedtls_sha256_finish(&fast_ctx->u.sha256, mac);
- mbedtls_sha256_free(&fast_ctx->u.sha256);
- break;
-#endif /* CONFIG_SHA256 */
- case CRYPTO_HASH_ALG_HMAC_MD5:
- if (*len < 16) {
- *len = 16;
- os_free(fast_ctx);
- return -1;
- }
- *len = 16;
-
- MD5Final(mac, &fast_ctx->u.md5);
-
- os_memcpy(k_pad, fast_ctx->key, fast_ctx->key_len);
- os_memset(k_pad + fast_ctx->key_len, 0,
- sizeof(k_pad) - fast_ctx->key_len);
- for (i = 0; i < sizeof(k_pad); i++)
- k_pad[i] ^= 0x5c;
- MD5Init(&fast_ctx->u.md5);
- MD5Update(&fast_ctx->u.md5, k_pad, sizeof(k_pad));
- MD5Update(&fast_ctx->u.md5, mac, 16);
- MD5Final(mac, &fast_ctx->u.md5);
- break;
- case CRYPTO_HASH_ALG_HMAC_SHA1:
- if (*len < 20) {
- *len = 20;
- os_free(ctx);
- return -1;
- }
- *len = 20;
-
- SHA1Final(mac, &fast_ctx->u.sha1);
- os_memcpy(k_pad, fast_ctx->key, fast_ctx->key_len);
- os_memset(k_pad + fast_ctx->key_len, 0,
- sizeof(k_pad) - fast_ctx->key_len);
- for (i = 0; i < sizeof(k_pad); i++)
- k_pad[i] ^= 0x5c;
- SHA1Init(&fast_ctx->u.sha1);
- SHA1Update(&fast_ctx->u.sha1, k_pad, sizeof(k_pad));
- SHA1Update(&fast_ctx->u.sha1, mac, 20);
- SHA1Final(mac, &fast_ctx->u.sha1);
- break;
-#ifdef CONFIG_SHA256
- case CRYPTO_HASH_ALG_HMAC_SHA256:
- if (*len < 32) {
- *len = 32;
- os_free(fast_ctx);
- return -1;
- }
- *len = 32;
- mbedtls_sha256_finish(&fast_ctx->u.sha256, mac);
- mbedtls_sha256_free(&fast_ctx->u.sha256);
-
- os_memcpy(k_pad, fast_ctx->key, fast_ctx->key_len);
- os_memset(k_pad + fast_ctx->key_len, 0,
- sizeof(k_pad) - fast_ctx->key_len);
- for (i = 0; i < sizeof(k_pad); i++)
- k_pad[i] ^= 0x5c;
- mbedtls_sha256_init(&fast_ctx->u.sha256);
- mbedtls_sha256_starts(&fast_ctx->u.sha256, 0);
- mbedtls_sha256_update(&fast_ctx->u.sha256, k_pad, sizeof(k_pad));
- mbedtls_sha256_update(&fast_ctx->u.sha256, mac, 32);
- mbedtls_sha256_finish(&fast_ctx->u.sha256, mac);
- mbedtls_sha256_free(&fast_ctx->u.sha256);
- break;
-#endif /* CONFIG_SHA256 */
- default:
- os_free(fast_ctx);
- return -1;
- }
-
- os_free(fast_ctx);
-
- return 0;
-}
+++ /dev/null
-// Hardware crypto support Copyright 2017 Espressif Systems (Shanghai) PTE LTD
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-#include "utils/includes.h"
-#include "utils/common.h"
-#include "mbedtls/sha256.h"
-
-/**
- * fast_sha256_vector - SHA256 hash for data vector
- * @num_elem: Number of elements in the data vector
- * @addr: Pointers to the data areas
- * @len: Lengths of the data blocks
- * @mac: Buffer for the hash
- * Returns: 0 on success, -1 of failure
- */
-int
-fast_sha256_vector(size_t num_elem, const uint8_t *addr[], const size_t *len,
- uint8_t *mac)
-{
- int ret = 0;
- mbedtls_sha256_context ctx;
-
- mbedtls_sha256_init(&ctx);
-
- if (mbedtls_sha256_starts_ret(&ctx, 0) != 0) {
- ret = -1;
- goto out;
- }
-
- for(size_t index = 0; index < num_elem; index++) {
- if (mbedtls_sha256_update_ret(&ctx, addr[index], len[index]) != 0) {
- ret = -1;
- goto out;
- }
- }
-
- if (mbedtls_sha256_finish_ret(&ctx, mac) != 0) {
- ret = -1;
- goto out;
- }
-
-out:
- mbedtls_sha256_free(&ctx);
-
- return ret;
-}
-
+++ /dev/null
-/*
- * SHA-256 hash implementation and interface functions
- * Copyright (c) 2003-2007, Jouni Malinen <j@w1.fi>
- *
- * Hardware crypto support Copyright 2017 Espressif Systems (Shanghai) PTE LTD
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2 as
- * published by the Free Software Foundation.
- *
- * Alternatively, this software may be distributed under the terms of BSD
- * license.
- *
- * See README and COPYING for more details.
- */
-
-#include "utils/includes.h"
-
-#include "utils/common.h"
-#include "crypto/sha256.h"
-#include "crypto/crypto.h"
-
-
-/**
- * fast_hmac_sha256_vector - HMAC-SHA256 over data vector (RFC 2104)
- * @key: Key for HMAC operations
- * @key_len: Length of the key in bytes
- * @num_elem: Number of elements in the data vector
- * @addr: Pointers to the data areas
- * @len: Lengths of the data blocks
- * @mac: Buffer for the hash (32 bytes)
- */
-void
-fast_hmac_sha256_vector(const uint8_t *key, size_t key_len, size_t num_elem,
- const uint8_t *addr[], const size_t *len, uint8_t *mac)
-{
- uint8_t k_pad[64]; /* padding - key XORd with ipad/opad */
- uint8_t tk[32];
- const uint8_t *_addr[6];
- size_t _len[6], i;
-
- if (num_elem > 5) {
- /*
- * Fixed limit on the number of fragments to avoid having to
- * allocate memory (which could fail).
- */
- return;
- }
-
- /* if key is longer than 64 bytes reset it to key = SHA256(key) */
- if (key_len > 64) {
- fast_sha256_vector(1, &key, &key_len, tk);
- key = tk;
- key_len = 32;
- }
-
- /* the HMAC_SHA256 transform looks like:
- *
- * SHA256(K XOR opad, SHA256(K XOR ipad, text))
- *
- * where K is an n byte key
- * ipad is the byte 0x36 repeated 64 times
- * opad is the byte 0x5c repeated 64 times
- * and text is the data being protected
- */
-
- /* start out by storing key in ipad */
- os_memset(k_pad, 0, sizeof(k_pad));
- os_memcpy(k_pad, key, key_len);
- /* XOR key with ipad values */
- for (i = 0; i < 64; i++) {
- k_pad[i] ^= 0x36;
- }
-
- /* perform inner SHA256 */
- _addr[0] = k_pad;
- _len[0] = 64;
- for (i = 0; i < num_elem; i++) {
- _addr[i + 1] = addr[i];
- _len[i + 1] = len[i];
- }
- fast_sha256_vector(1 + num_elem, _addr, _len, mac);
-
- os_memset(k_pad, 0, sizeof(k_pad));
- os_memcpy(k_pad, key, key_len);
- /* XOR key with opad values */
- for (i = 0; i < 64; i++) {
- k_pad[i] ^= 0x5c;
- }
-
- /* perform outer SHA256 */
- _addr[0] = k_pad;
- _len[0] = 64;
- _addr[1] = mac;
- _len[1] = SHA256_MAC_LEN;
- fast_sha256_vector(2, _addr, _len, mac);
-}
-
-
-/**
- * fast_hmac_sha256 - HMAC-SHA256 over data buffer (RFC 2104)
- * @key: Key for HMAC operations
- * @key_len: Length of the key in bytes
- * @data: Pointers to the data area
- * @data_len: Length of the data area
- * @mac: Buffer for the hash (20 bytes)
- */
-void
-fast_hmac_sha256(const uint8_t *key, size_t key_len, const uint8_t *data,
- size_t data_len, uint8_t *mac)
-{
- fast_hmac_sha256_vector(key, key_len, 1, &data, &data_len, mac);
-}
-
-
-/**
- * fast_sha256_prf - SHA256-based Pseudo-Random Function (IEEE 802.11r, 8.5.1.5.2)
- * @key: Key for PRF
- * @key_len: Length of the key in bytes
- * @label: A unique label for each purpose of the PRF
- * @data: Extra data to bind into the key
- * @data_len: Length of the data
- * @buf: Buffer for the generated pseudo-random key
- * @buf_len: Number of bytes of key to generate
- *
- * This function is used to derive new, cryptographically separate keys from a
- * given key.
- */
-void
-fast_sha256_prf(const uint8_t *key, size_t key_len, const char *label,
- const uint8_t *data, size_t data_len, uint8_t *buf, size_t buf_len)
-{
- uint16_t counter = 1;
- size_t pos, plen;
- uint8_t hash[SHA256_MAC_LEN];
- const uint8_t *addr[4];
- size_t len[4];
- uint8_t counter_le[2], length_le[2];
-
- addr[0] = counter_le;
- len[0] = 2;
- addr[1] = (uint8_t *) label;
- len[1] = os_strlen(label);
- addr[2] = data;
- len[2] = data_len;
- addr[3] = length_le;
- len[3] = sizeof(length_le);
-
- WPA_PUT_LE16(length_le, buf_len * 8);
- pos = 0;
- while (pos < buf_len) {
- plen = buf_len - pos;
- WPA_PUT_LE16(counter_le, counter);
- if (plen >= SHA256_MAC_LEN) {
- fast_hmac_sha256_vector(key, key_len, 4, addr, len,
- &buf[pos]);
- pos += SHA256_MAC_LEN;
- } else {
- fast_hmac_sha256_vector(key, key_len, 4, addr, len, hash);
- os_memcpy(&buf[pos], hash, plen);
- break;
- }
- counter++;
- }
-}
#endif
return -1;
}
- if (fast_aes_unwrap(sm->ptk.kek, maxkeylen / 8,
+ if (aes_unwrap(sm->ptk.kek, maxkeylen / 8,
(const u8 *) (key + 1), gd->gtk)) {
#ifdef DEBUG_PRINT
wpa_printf(MSG_DEBUG, "WPA: AES unwrap "
return -1;
}
*/
- if (fast_aes_unwrap(sm->ptk.kek, keydatalen / 8,
+ if (aes_unwrap(sm->ptk.kek, keydatalen / 8,
(u8 *) (key + 1), buf)) {
#ifdef DEBUG_PRINT
wpa_printf(MSG_DEBUG, "WPA: AES unwrap failed - "
wpa_hexdump_key(MSG_DEBUG, "PKCS #5: DES key", hash, 8);
wpa_hexdump_key(MSG_DEBUG, "PKCS #5: DES IV", hash + 8, 8);
- return fast_crypto_cipher_init(CRYPTO_CIPHER_ALG_DES, hash + 8, hash, 8);
+ return crypto_cipher_init(CRYPTO_CIPHER_ALG_DES, hash + 8, hash, 8);
}
if (enc_data_len < 16 || enc_data_len % 8) {
wpa_printf(MSG_INFO, "PKCS #5: invalid length of ciphertext "
"%d", (int) enc_data_len);
- fast_crypto_cipher_deinit(ctx);
+ crypto_cipher_deinit(ctx);
return NULL;
}
eb = os_malloc(enc_data_len);
if (eb == NULL) {
- fast_crypto_cipher_deinit(ctx);
+ crypto_cipher_deinit(ctx);
return NULL;
}
- if ((int)fast_crypto_cipher_decrypt(ctx, enc_data, eb, enc_data_len) < 0) {
+ if ((int)crypto_cipher_decrypt(ctx, enc_data, eb, enc_data_len) < 0) {
wpa_printf(MSG_DEBUG, "PKCS #5: Failed to decrypt EB");
- fast_crypto_cipher_deinit(ctx);
+ crypto_cipher_deinit(ctx);
os_free(eb);
return NULL;
}
- fast_crypto_cipher_deinit(ctx);
+ crypto_cipher_deinit(ctx);
pad = eb[enc_data_len - 1];
if (pad > 8) {
if (conn->rl.tls_version >= TLS_VERSION_1_2) {
hlen = SHA256_MAC_LEN;
if (conn->verify.sha256_server == NULL ||
- fast_crypto_hash_finish(conn->verify.sha256_server, hash, &hlen) < 0) {
+ crypto_hash_finish(conn->verify.sha256_server, hash, &hlen) < 0) {
tls_alert(conn, TLS_ALERT_LEVEL_FATAL, TLS_ALERT_INTERNAL_ERROR);
conn->verify.sha256_server = NULL;
return -1;
if (conn->rl.tls_version == TLS_VERSION_1_2) {
hlen = SHA256_MAC_LEN;
if (conn->verify.sha256_cert == NULL ||
- fast_crypto_hash_finish(conn->verify.sha256_cert, hpos, &hlen) <
+ crypto_hash_finish(conn->verify.sha256_cert, hpos, &hlen) <
0) {
conn->verify.sha256_cert = NULL;
tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
if (conn->rl.tls_version >= TLS_VERSION_1_2) {
hlen = SHA256_MAC_LEN;
if (conn->verify.sha256_client == NULL ||
- fast_crypto_hash_finish(conn->verify.sha256_client, hash, &hlen)
+ crypto_hash_finish(conn->verify.sha256_client, hash, &hlen)
< 0) {
tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
TLS_ALERT_INTERNAL_ERROR);
return -1;
}
#ifdef CONFIG_TLSV12
- verify->sha256_client = fast_crypto_hash_init(CRYPTO_HASH_ALG_SHA256, NULL, 0);
- verify->sha256_server = fast_crypto_hash_init(CRYPTO_HASH_ALG_SHA256, NULL, 0);
- verify->sha256_cert = fast_crypto_hash_init(CRYPTO_HASH_ALG_SHA256, NULL, 0);
+ verify->sha256_client = crypto_hash_init(CRYPTO_HASH_ALG_SHA256, NULL, 0);
+ verify->sha256_server = crypto_hash_init(CRYPTO_HASH_ALG_SHA256, NULL, 0);
+ verify->sha256_cert = crypto_hash_init(CRYPTO_HASH_ALG_SHA256, NULL, 0);
if (verify->sha256_client == NULL ||
verify->sha256_server == NULL ||
}
#ifdef CONFIG_TLSV12
if (verify->sha256_client)
- fast_crypto_hash_update(verify->sha256_client, buf, len);
+ crypto_hash_update(verify->sha256_client, buf, len);
if (verify->sha256_server)
- fast_crypto_hash_update(verify->sha256_server, buf, len);
+ crypto_hash_update(verify->sha256_server, buf, len);
if (verify->sha256_cert)
- fast_crypto_hash_update(verify->sha256_cert, buf, len);
+ crypto_hash_update(verify->sha256_cert, buf, len);
#endif /* CONFIG_TLSV12 */
}
verify->sha1_server = NULL;
verify->sha1_cert = NULL;
#ifdef CONFIG_TLSV12
- fast_crypto_hash_finish(verify->sha256_client, NULL, NULL);
- fast_crypto_hash_finish(verify->sha256_server, NULL, NULL);
- fast_crypto_hash_finish(verify->sha256_cert, NULL, NULL);
+ crypto_hash_finish(verify->sha256_client, NULL, NULL);
+ crypto_hash_finish(verify->sha256_server, NULL, NULL);
+ crypto_hash_finish(verify->sha256_cert, NULL, NULL);
verify->sha256_client = NULL;
verify->sha256_server = NULL;
verify->sha256_cert = NULL;
os_memset(rl->write_seq_num, 0, TLS_SEQ_NUM_LEN);
if (rl->write_cbc) {
- fast_crypto_cipher_deinit(rl->write_cbc);
+ crypto_cipher_deinit(rl->write_cbc);
rl->write_cbc = NULL;
}
if (rl->cipher_alg != CRYPTO_CIPHER_NULL) {
- rl->write_cbc = fast_crypto_cipher_init(rl->cipher_alg,
+ rl->write_cbc = crypto_cipher_init(rl->cipher_alg,
rl->write_iv, rl->write_key,
rl->key_material_len);
os_memset(rl->read_seq_num, 0, TLS_SEQ_NUM_LEN);
if (rl->read_cbc) {
- fast_crypto_cipher_deinit(rl->read_cbc);
+ crypto_cipher_deinit(rl->read_cbc);
rl->read_cbc = NULL;
}
if (rl->cipher_alg != CRYPTO_CIPHER_NULL) {
- rl->read_cbc = fast_crypto_cipher_init(rl->cipher_alg,
+ rl->read_cbc = crypto_cipher_init(rl->cipher_alg,
rl->read_iv, rl->read_key,
rl->key_material_len);
if (rl->read_cbc == NULL) {
* TLSCompressed.version + TLSCompressed.length +
* TLSCompressed.fragment
*/
- hmac = fast_crypto_hash_init(rl->hash_alg, rl->write_mac_secret, rl->hash_size);
+ hmac = crypto_hash_init(rl->hash_alg, rl->write_mac_secret, rl->hash_size);
if (hmac == NULL) {
wpa_printf(MSG_DEBUG, "TLSv1: Record Layer - Failed "
"to initialize HMAC");
return -1;
}
- fast_crypto_hash_update(hmac, rl->write_seq_num, TLS_SEQ_NUM_LEN);
+ crypto_hash_update(hmac, rl->write_seq_num, TLS_SEQ_NUM_LEN);
/* type + version + length + fragment */
- fast_crypto_hash_update(hmac, ct_start, TLS_RECORD_HEADER_LEN);
- fast_crypto_hash_update(hmac, payload, payload_len);
+ crypto_hash_update(hmac, ct_start, TLS_RECORD_HEADER_LEN);
+ crypto_hash_update(hmac, payload, payload_len);
clen = buf + buf_size - pos;
if (clen < rl->hash_size) {
wpa_printf(MSG_DEBUG, "TLSv1: Record Layer - Not "
"enough room for MAC");
- fast_crypto_hash_finish(hmac, NULL, NULL);
+ crypto_hash_finish(hmac, NULL, NULL);
return -1;
}
- if ((int)fast_crypto_hash_finish(hmac, pos, &clen) < 0) {
+ if ((int)crypto_hash_finish(hmac, pos, &clen) < 0) {
wpa_printf(MSG_DEBUG, "TLSv1: Record Layer - Failed to calculate HMAC");
return -1;
}
pos += pad + 1;
}
- if ((int)fast_crypto_cipher_encrypt(rl->write_cbc, cpayload,
+ if ((int)crypto_cipher_encrypt(rl->write_cbc, cpayload,
cpayload, pos - cpayload) < 0)
return -1;
}
if (rl->read_cipher_suite != TLS_NULL_WITH_NULL_NULL) {
size_t plen;
- if ((int)fast_crypto_cipher_decrypt(rl->read_cbc, in_data,
+ if ((int)crypto_cipher_decrypt(rl->read_cbc, in_data,
out_data, in_len) < 0) {
*alert = TLS_ALERT_DECRYPTION_FAILED;
return -1;
plen -= rl->hash_size;
- hmac = fast_crypto_hash_init(rl->hash_alg, rl->read_mac_secret, rl->hash_size);
+ hmac = crypto_hash_init(rl->hash_alg, rl->read_mac_secret, rl->hash_size);
if (hmac == NULL) {
wpa_printf(MSG_DEBUG, "TLSv1: Record Layer - Failed "
return -1;
}
- fast_crypto_hash_update(hmac, rl->read_seq_num, TLS_SEQ_NUM_LEN);
+ crypto_hash_update(hmac, rl->read_seq_num, TLS_SEQ_NUM_LEN);
/* type + version + length + fragment */
- fast_crypto_hash_update(hmac, in_data - TLS_RECORD_HEADER_LEN, 3);
+ crypto_hash_update(hmac, in_data - TLS_RECORD_HEADER_LEN, 3);
WPA_PUT_BE16(len, plen);
- fast_crypto_hash_update(hmac, len, 2);
- fast_crypto_hash_update(hmac, out_data, plen);
+ crypto_hash_update(hmac, len, 2);
+ crypto_hash_update(hmac, out_data, plen);
hlen = sizeof(hash);
- if ((int)fast_crypto_hash_finish(hmac, hash, &hlen) < 0) {
+ if ((int)crypto_hash_finish(hmac, hash, &hlen) < 0) {
wpa_printf(MSG_DEBUG, "TLSv1: Record Layer - Failed to calculate HMAC");
*alert = TLS_ALERT_INTERNAL_ERROR;
return -1;
hlen = SHA256_MAC_LEN;
if (conn->verify.sha256_cert == NULL ||
- fast_crypto_hash_finish(conn->verify.sha256_cert, hpos, &hlen) <
+ crypto_hash_finish(conn->verify.sha256_cert, hpos, &hlen) <
0) {
conn->verify.sha256_cert = NULL;
tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
if (conn->rl.tls_version >= TLS_VERSION_1_2) {
hlen = SHA256_MAC_LEN;
if (conn->verify.sha256_server == NULL ||
- fast_crypto_hash_finish(conn->verify.sha256_server, hash, &hlen)
+ crypto_hash_finish(conn->verify.sha256_server, hash, &hlen)
< 0) {
conn->verify.sha256_server = NULL;
tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
hash, hash_len);
break;
case 11: /* sha256WithRSAEncryption */
- fast_sha256_vector(1, &cert->tbs_cert_start, &cert->tbs_cert_len,
+ sha256_vector(1, &cert->tbs_cert_start, &cert->tbs_cert_len,
hash);
hash_len = 32;
wpa_hexdump(MSG_MSGDUMP, "X509: Certificate hash (SHA256)",
len[0] = wpabuf_len(wps->last_msg);
addr[1] = wpabuf_head(msg);
len[1] = wpabuf_len(msg);
- fast_hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 2, addr, len, hash);
+ hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 2, addr, len, hash);
wpa_printf(MSG_DEBUG, "WPS: * Authenticator");
wpabuf_put_be16(msg, ATTR_AUTHENTICATOR);
wpabuf_put_be16(msg, WPS_AUTHENTICATOR_LEN);
u8 hash[SHA256_MAC_LEN];
wpa_printf(MSG_DEBUG, "WPS: * Key Wrap Authenticator");
- fast_hmac_sha256(wps->authkey, WPS_AUTHKEY_LEN, wpabuf_head(msg),
+ hmac_sha256(wps->authkey, WPS_AUTHKEY_LEN, wpabuf_head(msg),
wpabuf_len(msg), hash);
wpabuf_put_be16(msg, ATTR_KEY_WRAP_AUTH);
wpabuf_put_be16(msg, WPS_KWA_LEN);
data = wpabuf_put(msg, 0);
wpabuf_put_buf(msg, plain);
wpa_printf(MSG_DEBUG, "WPS: * AES 128 Encrypted Settings");
- if (fast_aes_128_cbc_encrypt(wps->keywrapkey, iv, data, wpabuf_len(plain)))
+ if (aes_128_cbc_encrypt(wps->keywrapkey, iv, data, wpabuf_len(plain)))
return -1;
return 0;
}
addr[0] = wpabuf_head(pubkey);
hash_len = wpabuf_len(pubkey);
- fast_sha256_vector(1, addr, &hash_len, pubkey_hash);
+ sha256_vector(1, addr, &hash_len, pubkey_hash);
wpabuf_put_be16(msg, ATTR_OOB_DEVICE_PASSWORD);
wpabuf_put_be16(msg, WPS_OOB_PUBKEY_HASH_LEN + 2 + dev_pw_len);
wpabuf_put_data(msg, pubkey_hash, WPS_OOB_PUBKEY_HASH_LEN);
wpabuf_free(data);
return ie;
-}
\ No newline at end of file
+}
len[0] = wpabuf_len(wps->last_msg);
addr[1] = wpabuf_head(msg);
len[1] = wpabuf_len(msg) - 4 - WPS_AUTHENTICATOR_LEN;
- fast_hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 2, addr, len, hash);
+ hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 2, addr, len, hash);
if (os_memcmp(hash, authenticator, WPS_AUTHENTICATOR_LEN) != 0) {
wpa_printf(MSG_DEBUG, "WPS: Incorrect Authenticator");
return -1;
return -1;
}
- fast_hmac_sha256(wps->authkey, WPS_AUTHKEY_LEN, head, len, hash);
+ hmac_sha256(wps->authkey, WPS_AUTHKEY_LEN, head, len, hash);
if (os_memcmp(hash, key_wrap_auth, WPS_KWA_LEN) != 0) {
wpa_printf(MSG_DEBUG, "WPS: Invalid KWA");
return -1;
for (i = 1; i <= iter; i++) {
WPA_PUT_BE32(i_buf, i);
- fast_hmac_sha256_vector(key, SHA256_MAC_LEN, 4, addr, len, hash);
+ hmac_sha256_vector(key, SHA256_MAC_LEN, 4, addr, len, hash);
if (i < iter) {
os_memcpy(opos, hash, SHA256_MAC_LEN);
opos += SHA256_MAC_LEN;
addr[0] = wpabuf_head(dh_shared);
len[0] = wpabuf_len(dh_shared);
- fast_sha256_vector(1, addr, len, dhkey);
+ sha256_vector(1, addr, len, dhkey);
wpa_hexdump_key(MSG_DEBUG, "WPS: DHKey", dhkey, sizeof(dhkey));
wpabuf_free(dh_shared);
len[1] = ETH_ALEN;
addr[2] = wps->nonce_r;
len[2] = WPS_NONCE_LEN;
- fast_hmac_sha256_vector(dhkey, sizeof(dhkey), 3, addr, len, kdk);
+ hmac_sha256_vector(dhkey, sizeof(dhkey), 3, addr, len, kdk);
wpa_hexdump_key(MSG_DEBUG, "WPS: KDK", kdk, sizeof(kdk));
wps_kdf(kdk, NULL, 0, "Wi-Fi Easy and Secure Key Derivation",
{
u8 hash[SHA256_MAC_LEN];
- fast_hmac_sha256(wps->authkey, WPS_AUTHKEY_LEN, dev_passwd,
+ hmac_sha256(wps->authkey, WPS_AUTHKEY_LEN, dev_passwd,
(dev_passwd_len + 1) / 2, hash);
os_memcpy(wps->psk1, hash, WPS_PSK_LEN);
- fast_hmac_sha256(wps->authkey, WPS_AUTHKEY_LEN,
+ hmac_sha256(wps->authkey, WPS_AUTHKEY_LEN,
dev_passwd + (dev_passwd_len + 1) / 2,
dev_passwd_len / 2, hash);
os_memcpy(wps->psk2, hash, WPS_PSK_LEN);
wpa_hexdump(MSG_MSGDUMP, "WPS: Encrypted Settings", encr, encr_len);
wpabuf_put_data(decrypted, encr + block_size, encr_len - block_size);
wpa_printf(MSG_DEBUG, "WPS: AES Decrypt setting");
- if (fast_aes_128_cbc_decrypt(wps->keywrapkey, encr, wpabuf_mhead(decrypted),
+ if (aes_128_cbc_decrypt(wps->keywrapkey, encr, wpabuf_mhead(decrypted),
wpabuf_len(decrypted))) {
wpabuf_free(decrypted);
return NULL;
len[2] = wpabuf_len(wps->dh_pubkey_e);
addr[3] = wpabuf_head(wps->dh_pubkey_r);
len[3] = wpabuf_len(wps->dh_pubkey_r);
- fast_hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 4, addr, len, hash);
+ hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 4, addr, len, hash);
wpa_hexdump(MSG_DEBUG, "WPS: E-Hash1", hash, SHA256_MAC_LEN);
wpa_printf(MSG_DEBUG, "WPS: * E-Hash2");
/* E-Hash2 = HMAC_AuthKey(E-S2 || PSK2 || PK_E || PK_R) */
addr[0] = wps->snonce + WPS_SECRET_NONCE_LEN;
addr[1] = wps->psk2;
- fast_hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 4, addr, len, hash);
+ hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 4, addr, len, hash);
wpa_hexdump(MSG_DEBUG, "WPS: E-Hash2", hash, SHA256_MAC_LEN);
return 0;
addr[3] = wpabuf_head(wps->dh_pubkey_r);
len[3] = wpabuf_len(wps->dh_pubkey_r);
- fast_hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 4, addr, len, hash);
+ hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 4, addr, len, hash);
if (os_memcmp(wps->peer_hash1, hash, WPS_HASH_LEN) != 0) {
wpa_printf(MSG_DEBUG, "WPS: R-Hash1 derived from R-S1 does "
"not match with the pre-committed value");
addr[3] = wpabuf_head(wps->dh_pubkey_r);
len[3] = wpabuf_len(wps->dh_pubkey_r);
- fast_hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 4, addr, len, hash);
+ hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 4, addr, len, hash);
if (os_memcmp(wps->peer_hash2, hash, WPS_HASH_LEN) != 0) {
wpa_printf(MSG_DEBUG, "WPS: R-Hash2 derived from R-S2 does "
len[2] = wpabuf_len(wps->dh_pubkey_e);
addr[3] = wpabuf_head(wps->dh_pubkey_r);
len[3] = wpabuf_len(wps->dh_pubkey_r);
- fast_hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 4, addr, len, hash);
+ hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 4, addr, len, hash);
wpa_hexdump(MSG_DEBUG, "WPS: R-Hash1", hash, SHA256_MAC_LEN);
wpa_printf(MSG_DEBUG, "WPS: * R-Hash2");
/* R-Hash2 = HMAC_AuthKey(R-S2 || PSK2 || PK_E || PK_R) */
addr[0] = wps->snonce + WPS_SECRET_NONCE_LEN;
addr[1] = wps->psk2;
- fast_hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 4, addr, len, hash);
+ hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 4, addr, len, hash);
wpa_hexdump(MSG_DEBUG, "WPS: R-Hash2", hash, SHA256_MAC_LEN);
return 0;
len[2] = wpabuf_len(wps->dh_pubkey_e);
addr[3] = wpabuf_head(wps->dh_pubkey_r);
len[3] = wpabuf_len(wps->dh_pubkey_r);
- fast_hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 4, addr, len, hash);
+ hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 4, addr, len, hash);
if (os_memcmp(wps->peer_hash1, hash, WPS_HASH_LEN) != 0) {
wpa_printf(MSG_DEBUG, "WPS: E-Hash1 derived from E-S1 does "
"not match with the pre-committed value");
addr[3] = wpabuf_head(wps->dh_pubkey_r);
len[3] = wpabuf_len(wps->dh_pubkey_r);
- fast_hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 4, addr, len, hash);
+ hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 4, addr, len, hash);
if (os_memcmp(wps->peer_hash2, hash, WPS_HASH_LEN) != 0) {
wpa_printf(MSG_DEBUG, "WPS: E-Hash2 derived from E-S2 does "
"not match with the pre-committed value");
wps->nfc_pw_token = token;
addr[0] = attr->public_key;
- fast_sha256_vector(1, addr, &attr->public_key_len, hash);
+ sha256_vector(1, addr, &attr->public_key_len, hash);
if (os_memcmp(hash, wps->nfc_pw_token->pubkey_hash,
WPS_OOB_PUBKEY_HASH_LEN) != 0) {
wpa_printf(MSG_ERROR, "WPS: Public Key hash "
projects / esp-idf / commitdiff