jeltz/hostap
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Crypto build cleanup: remove CONFIG_NO_AES_*

Browse source 
Instead of using a defines and conditional building of AES parts,
move the conditional functionality into separate files.
This commit is contained in:
Johannes Berg 2009-08-13 11:40:28 +03:00 committed by Jouni Malinen
parent 6b5c4c3359
commit 4c9e03e0b2
17 changed files with 726 additions and 554 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
eap_example/Makefile
View file

@ -34,7 +34,13 @@ OBJS_both += ../src/utils/wpabuf.o
OBJS_both += ../src/crypto/rc4.o
OBJS_both += ../src/crypto/md4-internal.o
OBJS_both += ../src/crypto/sha1.o
OBJS_both += ../src/crypto/aes_wrap.o
OBJS_both += ../src/crypto/aes-cbc.o
OBJS_both += ../src/crypto/aes-ctr.o
OBJS_both += ../src/crypto/aes-eax.o
OBJS_both += ../src/crypto/aes-encblock.o
OBJS_both += ../src/crypto/aes-omac1.o
OBJS_both += ../src/crypto/aes-unwrap.o
OBJS_both += ../src/crypto/aes-wrap.o
OBJS_both += ../src/crypto/ms_funcs.o
ifeq ($(CONFIG_TLS), internal)

26
hostapd/Makefile
View file

@ -91,7 +91,7 @@ endif
OBJS += ../src/crypto/md5.o
OBJS += ../src/crypto/rc4.o
AESOBJS = ../src/crypto/aes_wrap.o
AESOBJS = # none so far
CFLAGS += -DCONFIG_CTRL_IFACE -DCONFIG_CTRL_IFACE_UNIX
@ -609,15 +609,17 @@ ifdef CONFIG_NO_STDOUT_DEBUG
CFLAGS += -DCONFIG_NO_STDOUT_DEBUG
endif
ifdef CONFIG_NO_AES_EXTRAS
CFLAGS += -DCONFIG_NO_AES_UNWRAP
CFLAGS += -DCONFIG_NO_AES_CTR -DCONFIG_NO_AES_OMAC1
CFLAGS += -DCONFIG_NO_AES_EAX -DCONFIG_NO_AES_CBC
CFLAGS += -DCONFIG_NO_AES_ENCRYPT_BLOCK
else
AESOBJS += ../src/crypto/aes-wrap.o
ifndef CONFIG_NO_AES_EXTRAS
ifdef CONFIG_INTERNAL_AES
AESOBJS += ../src/crypto/aes-internal-dec.o
endif
AESOBJS += ../src/crypto/aes-cbc.o
AESOBJS += ../src/crypto/aes-ctr.o
AESOBJS += ../src/crypto/aes-eax.o
AESOBJS += ../src/crypto/aes-encblock.o
AESOBJS += ../src/crypto/aes-omac1.o
AESOBJS += ../src/crypto/aes-unwrap.o
endif
OBJS += $(SHA1OBJS)
@ -699,7 +701,15 @@ clean-docs:
rm -rf doc/latex doc/html
rm -f doc/hostapd.{eps,png} hostapd-devel.pdf
TEST_SRC_MILENAGE = ../src/hlr_auc_gw/milenage.c ../src/crypto/aes_wrap.c ../src/crypto/aes-internal.c ../src/crypto/aes-internal-dec.c \
TEST_SRC_MILENAGE = ../src/hlr_auc_gw/milenage.c ../src/crypto/aes-internal.c ../src/crypto/aes-internal-dec.c \
../src/crypto/aes-cbc.c \
../src/crypto/aes-ctr.c \
../src/crypto/aes-eax.c \
../src/crypto/aes-encblock.c \
../src/crypto/aes-internal-enc.c \
../src/crypto/aes-omac1.c \
../src/crypto/aes-unwrap.c \
../src/crypto/aes-wrap.c \
../src/utils/common.c ../src/utils/wpa_debug.o ../src/utils/os_$(CONFIG_OS).c
test-milenage: $(TEST_SRC_MILENAGE)
$(CC) -o test-milenage -Wall -Werror $(TEST_SRC_MILENAGE) \

85
src/crypto/aes-cbc.c Normal file
View file

@ -0,0 +1,85 @@
/*
* AES-128 CBC
*
* Copyright (c) 2003-2007, Jouni Malinen <j@w1.fi>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation.
*
* Alternatively, this software may be distributed under the terms of BSD
* license.
*
* See README and COPYING for more details.
*/
#include "includes.h"
#include "common.h"
#include "aes_i.h"
/**
* aes_128_cbc_encrypt - AES-128 CBC encryption
* @key: Encryption key
* @iv: Encryption IV for CBC mode (16 bytes)
* @data: Data to encrypt in-place
* @data_len: Length of data in bytes (must be divisible by 16)
* Returns: 0 on success, -1 on failure
*/
int aes_128_cbc_encrypt(const u8 *key, const u8 *iv, u8 *data, size_t data_len)
{
void *ctx;
u8 cbc[BLOCK_SIZE];
u8 *pos = data;
int i, j, blocks;
ctx = aes_encrypt_init(key, 16);
if (ctx == NULL)
return -1;
os_memcpy(cbc, iv, BLOCK_SIZE);
blocks = data_len / BLOCK_SIZE;
for (i = 0; i < blocks; i++) {
for (j = 0; j < BLOCK_SIZE; j++)
cbc[j] ^= pos[j];
aes_encrypt(ctx, cbc, cbc);
os_memcpy(pos, cbc, BLOCK_SIZE);
pos += BLOCK_SIZE;
}
aes_encrypt_deinit(ctx);
return 0;
}
/**
* aes_128_cbc_decrypt - AES-128 CBC decryption
* @key: Decryption key
* @iv: Decryption IV for CBC mode (16 bytes)
* @data: Data to decrypt in-place
* @data_len: Length of data in bytes (must be divisible by 16)
* Returns: 0 on success, -1 on failure
*/
int aes_128_cbc_decrypt(const u8 *key, const u8 *iv, u8 *data, size_t data_len)
{
void *ctx;
u8 cbc[BLOCK_SIZE], tmp[BLOCK_SIZE];
u8 *pos = data;
int i, j, blocks;
ctx = aes_decrypt_init(key, 16);
if (ctx == NULL)
return -1;
os_memcpy(cbc, iv, BLOCK_SIZE);
blocks = data_len / BLOCK_SIZE;
for (i = 0; i < blocks; i++) {
os_memcpy(tmp, pos, BLOCK_SIZE);
aes_decrypt(ctx, pos, pos);
for (j = 0; j < BLOCK_SIZE; j++)
pos[j] ^= cbc[j];
os_memcpy(cbc, tmp, BLOCK_SIZE);
pos += BLOCK_SIZE;
}
aes_decrypt_deinit(ctx);
return 0;
}

60
src/crypto/aes-ctr.c Normal file
View file

@ -0,0 +1,60 @@
/*
* AES-128 CTR
*
* Copyright (c) 2003-2007, Jouni Malinen <j@w1.fi>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation.
*
* Alternatively, this software may be distributed under the terms of BSD
* license.
*
* See README and COPYING for more details.
*/
#include "includes.h"
#include "common.h"
#include "aes_i.h"
/**
* aes_128_ctr_encrypt - AES-128 CTR mode encryption
* @key: Key for encryption (16 bytes)
* @nonce: Nonce for counter mode (16 bytes)
* @data: Data to encrypt in-place
* @data_len: Length of data in bytes
* Returns: 0 on success, -1 on failure
*/
int aes_128_ctr_encrypt(const u8 *key, const u8 *nonce,
u8 *data, size_t data_len)
{
void *ctx;
size_t j, len, left = data_len;
int i;
u8 *pos = data;
u8 counter[BLOCK_SIZE], buf[BLOCK_SIZE];
ctx = aes_encrypt_init(key, 16);
if (ctx == NULL)
return -1;
os_memcpy(counter, nonce, BLOCK_SIZE);
while (left > 0) {
aes_encrypt(ctx, counter, buf);
len = (left < BLOCK_SIZE) ? left : BLOCK_SIZE;
for (j = 0; j < len; j++)
pos[j] ^= buf[j];
pos += len;
left -= len;
for (i = BLOCK_SIZE - 1; i >= 0; i--) {
counter[i]++;
if (counter[i])
break;
}
}
aes_encrypt_deinit(ctx);
return 0;
}

149
src/crypto/aes-eax.c Normal file
View file

@ -0,0 +1,149 @@
/*
* AES-128 EAX
*
* Copyright (c) 2003-2007, Jouni Malinen <j@w1.fi>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation.
*
* Alternatively, this software may be distributed under the terms of BSD
* license.
*
* See README and COPYING for more details.
*/
#include "includes.h"
#include "common.h"
#include "aes_i.h"
#include "aes_wrap.h"
/**
* aes_128_eax_encrypt - AES-128 EAX mode encryption
* @key: Key for encryption (16 bytes)
* @nonce: Nonce for counter mode
* @nonce_len: Nonce length in bytes
* @hdr: Header data to be authenticity protected
* @hdr_len: Length of the header data bytes
* @data: Data to encrypt in-place
* @data_len: Length of data in bytes
* @tag: 16-byte tag value
* Returns: 0 on success, -1 on failure
*/
int aes_128_eax_encrypt(const u8 *key, const u8 *nonce, size_t nonce_len,
const u8 *hdr, size_t hdr_len,
u8 *data, size_t data_len, u8 *tag)
{
u8 *buf;
size_t buf_len;
u8 nonce_mac[BLOCK_SIZE], hdr_mac[BLOCK_SIZE], data_mac[BLOCK_SIZE];
int i, ret = -1;
if (nonce_len > data_len)
buf_len = nonce_len;
else
buf_len = data_len;
if (hdr_len > buf_len)
buf_len = hdr_len;
buf_len += 16;
buf = os_malloc(buf_len);
if (buf == NULL)
return -1;
os_memset(buf, 0, 15);
buf[15] = 0;
os_memcpy(buf + 16, nonce, nonce_len);
if (omac1_aes_128(key, buf, 16 + nonce_len, nonce_mac))
goto fail;
buf[15] = 1;
os_memcpy(buf + 16, hdr, hdr_len);
if (omac1_aes_128(key, buf, 16 + hdr_len, hdr_mac))
goto fail;
if (aes_128_ctr_encrypt(key, nonce_mac, data, data_len))
goto fail;
buf[15] = 2;
os_memcpy(buf + 16, data, data_len);
if (omac1_aes_128(key, buf, 16 + data_len, data_mac))
goto fail;
for (i = 0; i < BLOCK_SIZE; i++)
tag[i] = nonce_mac[i] ^ data_mac[i] ^ hdr_mac[i];
ret = 0;
fail:
os_free(buf);
return ret;
}
/**
* aes_128_eax_decrypt - AES-128 EAX mode decryption
* @key: Key for decryption (16 bytes)
* @nonce: Nonce for counter mode
* @nonce_len: Nonce length in bytes
* @hdr: Header data to be authenticity protected
* @hdr_len: Length of the header data bytes
* @data: Data to encrypt in-place
* @data_len: Length of data in bytes
* @tag: 16-byte tag value
* Returns: 0 on success, -1 on failure, -2 if tag does not match
*/
int aes_128_eax_decrypt(const u8 *key, const u8 *nonce, size_t nonce_len,
const u8 *hdr, size_t hdr_len,
u8 *data, size_t data_len, const u8 *tag)
{
u8 *buf;
size_t buf_len;
u8 nonce_mac[BLOCK_SIZE], hdr_mac[BLOCK_SIZE], data_mac[BLOCK_SIZE];
int i;
if (nonce_len > data_len)
buf_len = nonce_len;
else
buf_len = data_len;
if (hdr_len > buf_len)
buf_len = hdr_len;
buf_len += 16;
buf = os_malloc(buf_len);
if (buf == NULL)
return -1;
os_memset(buf, 0, 15);
buf[15] = 0;
os_memcpy(buf + 16, nonce, nonce_len);
if (omac1_aes_128(key, buf, 16 + nonce_len, nonce_mac)) {
os_free(buf);
return -1;
}
buf[15] = 1;
os_memcpy(buf + 16, hdr, hdr_len);
if (omac1_aes_128(key, buf, 16 + hdr_len, hdr_mac)) {
os_free(buf);
return -1;
}
buf[15] = 2;
os_memcpy(buf + 16, data, data_len);
if (omac1_aes_128(key, buf, 16 + data_len, data_mac)) {
os_free(buf);
return -1;
}
os_free(buf);
for (i = 0; i < BLOCK_SIZE; i++) {
if (tag[i] != (nonce_mac[i] ^ data_mac[i] ^ hdr_mac[i]))
return -2;
}
return aes_128_ctr_encrypt(key, nonce_mac, data, data_len);
}

37
src/crypto/aes-encblock.c Normal file
View file

@ -0,0 +1,37 @@
/*
* AES encrypt_block
*
* Copyright (c) 2003-2007, Jouni Malinen <j@w1.fi>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation.
*
* Alternatively, this software may be distributed under the terms of BSD
* license.
*
* See README and COPYING for more details.
*/
#include "includes.h"
#include "common.h"
#include "aes_i.h"
/**
* aes_128_encrypt_block - Perform one AES 128-bit block operation
* @key: Key for AES
* @in: Input data (16 bytes)
* @out: Output of the AES block operation (16 bytes)
* Returns: 0 on success, -1 on failure
*/
int aes_128_encrypt_block(const u8 *key, const u8 *in, u8 *out)
{
void *ctx;
ctx = aes_encrypt_init(key, 16);
if (ctx == NULL)
return -1;
aes_encrypt(ctx, in, out);
aes_encrypt_deinit(ctx);
return 0;
}

123
src/crypto/aes-omac1.c Normal file
View file

@ -0,0 +1,123 @@
/*
* One-key CBC MAC (OMAC1) hash with AES-128
*
* Copyright (c) 2003-2007, Jouni Malinen <j@w1.fi>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation.
*
* Alternatively, this software may be distributed under the terms of BSD
* license.
*
* See README and COPYING for more details.
*/
#include "includes.h"
#include "common.h"
#include "aes_i.h"
static void gf_mulx(u8 *pad)
{
int i, carry;
carry = pad[0] & 0x80;
for (i = 0; i < BLOCK_SIZE - 1; i++)
pad[i] = (pad[i] << 1) | (pad[i + 1] >> 7);
pad[BLOCK_SIZE - 1] <<= 1;
if (carry)
pad[BLOCK_SIZE - 1] ^= 0x87;
}
/**
* omac1_aes_128_vector - One-Key CBC MAC (OMAC1) hash with AES-128
* @key: 128-bit key for the hash operation
* @num_elem: Number of elements in the data vector
* @addr: Pointers to the data areas
* @len: Lengths of the data blocks
* @mac: Buffer for MAC (128 bits, i.e., 16 bytes)
* Returns: 0 on success, -1 on failure
*
* This is a mode for using block cipher (AES in this case) for authentication.
* OMAC1 was standardized with the name CMAC by NIST in a Special Publication
* (SP) 800-38B.
*/
int omac1_aes_128_vector(const u8 *key, size_t num_elem,
const u8 *addr[], const size_t *len, u8 *mac)
{
void *ctx;
u8 cbc[BLOCK_SIZE], pad[BLOCK_SIZE];
const u8 *pos, *end;
size_t i, e, left, total_len;
ctx = aes_encrypt_init(key, 16);
if (ctx == NULL)
return -1;
os_memset(cbc, 0, BLOCK_SIZE);
total_len = 0;
for (e = 0; e < num_elem; e++)
total_len += len[e];
left = total_len;
e = 0;
pos = addr[0];
end = pos + len[0];
while (left >= BLOCK_SIZE) {
for (i = 0; i < BLOCK_SIZE; i++) {
cbc[i] ^= *pos++;
if (pos >= end) {
e++;
pos = addr[e];
end = pos + len[e];
}
}
if (left > BLOCK_SIZE)
aes_encrypt(ctx, cbc, cbc);
left -= BLOCK_SIZE;
}
os_memset(pad, 0, BLOCK_SIZE);
aes_encrypt(ctx, pad, pad);
gf_mulx(pad);
if (left || total_len == 0) {
for (i = 0; i < left; i++) {
cbc[i] ^= *pos++;
if (pos >= end) {
e++;
pos = addr[e];
end = pos + len[e];
}
}
cbc[left] ^= 0x80;
gf_mulx(pad);
}
for (i = 0; i < BLOCK_SIZE; i++)
pad[i] ^= cbc[i];
aes_encrypt(ctx, pad, mac);
aes_encrypt_deinit(ctx);
return 0;
}
/**
* omac1_aes_128 - One-Key CBC MAC (OMAC1) hash with AES-128 (aka AES-CMAC)
* @key: 128-bit key for the hash operation
* @data: Data buffer for which a MAC is determined
* @data_len: Length of data buffer in bytes
* @mac: Buffer for MAC (128 bits, i.e., 16 bytes)
* Returns: 0 on success, -1 on failure
*
* This is a mode for using block cipher (AES in this case) for authentication.
* OMAC1 was standardized with the name CMAC by NIST in a Special Publication
* (SP) 800-38B.
*/
int omac1_aes_128(const u8 *key, const u8 *data, size_t data_len, u8 *mac)
{
return omac1_aes_128_vector(key, 1, &data, &data_len, mac);
}

78
src/crypto/aes-unwrap.c Normal file
View file

@ -0,0 +1,78 @@
/*
* AES key unwrap (128-bit KEK, RFC3394)
*
* Copyright (c) 2003-2007, Jouni Malinen <j@w1.fi>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation.
*
* Alternatively, this software may be distributed under the terms of BSD
* license.
*
* See README and COPYING for more details.
*/
#include "includes.h"
#include "common.h"
#include "aes_i.h"
/**
* aes_unwrap - Unwrap key with AES Key Wrap Algorithm (128-bit KEK) (RFC3394)
* @kek: Key encryption key (KEK)
* @n: Length of the plaintext key in 64-bit units; e.g., 2 = 128-bit = 16
* bytes
* @cipher: Wrapped key to be unwrapped, (n + 1) * 64 bits
* @plain: Plaintext key, n * 64 bits
* Returns: 0 on success, -1 on failure (e.g., integrity verification failed)
*/
int aes_unwrap(const u8 *kek, int n, const u8 *cipher, u8 *plain)
{
u8 a[8], *r, b[16];
int i, j;
void *ctx;
/* 1) Initialize variables. */
os_memcpy(a, cipher, 8);
r = plain;
os_memcpy(r, cipher + 8, 8 * n);
ctx = aes_decrypt_init(kek, 16);
if (ctx == NULL)
return -1;
/* 2) Compute intermediate values.
* For j = 5 to 0
* For i = n to 1
* B = AES-1(K, (A ^ t) | R[i]) where t = n*j+i
* A = MSB(64, B)
* R[i] = LSB(64, B)
*/
for (j = 5; j >= 0; j--) {
r = plain + (n - 1) * 8;
for (i = n; i >= 1; i--) {
os_memcpy(b, a, 8);
b[7] ^= n * j + i;
os_memcpy(b + 8, r, 8);
aes_decrypt(ctx, b, b);
os_memcpy(a, b, 8);
os_memcpy(r, b + 8, 8);
r -= 8;
}
}
aes_decrypt_deinit(ctx);
/* 3) Output results.
*
* These are already in @plain due to the location of temporary
* variables. Just verify that the IV matches with the expected value.
*/
for (i = 0; i < 8; i++) {
if (a[i] != 0xa6)
return -1;
}
return 0;
}

75
src/crypto/aes-wrap.c Normal file
View file

@ -0,0 +1,75 @@
/*
* AES Key Wrap Algorithm (128-bit KEK) (RFC3394)
*
* Copyright (c) 2003-2007, Jouni Malinen <j@w1.fi>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation.
*
* Alternatively, this software may be distributed under the terms of BSD
* license.
*
* See README and COPYING for more details.
*/
#include "includes.h"
#include "common.h"
#include "aes_i.h"
/**
* aes_wrap - Wrap keys with AES Key Wrap Algorithm (128-bit KEK) (RFC3394)
* @kek: 16-octet Key encryption key (KEK)
* @n: Length of the plaintext key in 64-bit units; e.g., 2 = 128-bit = 16
* bytes
* @plain: Plaintext key to be wrapped, n * 64 bits
* @cipher: Wrapped key, (n + 1) * 64 bits
* Returns: 0 on success, -1 on failure
*/
int aes_wrap(const u8 *kek, int n, const u8 *plain, u8 *cipher)
{
u8 *a, *r, b[16];
int i, j;
void *ctx;
a = cipher;
r = cipher + 8;
/* 1) Initialize variables. */
os_memset(a, 0xa6, 8);
os_memcpy(r, plain, 8 * n);
ctx = aes_encrypt_init(kek, 16);
if (ctx == NULL)
return -1;
/* 2) Calculate intermediate values.
* For j = 0 to 5
* For i=1 to n
* B = AES(K, A | R[i])
* A = MSB(64, B) ^ t where t = (n*j)+i
* R[i] = LSB(64, B)
*/
for (j = 0; j <= 5; j++) {
r = cipher + 8;
for (i = 1; i <= n; i++) {
os_memcpy(b, a, 8);
os_memcpy(b + 8, r, 8);
aes_encrypt(ctx, b, b);
os_memcpy(a, b, 8);
a[7] ^= n * j + i;
os_memcpy(r, b + 8, 8);
r += 8;
}
}
aes_encrypt_deinit(ctx);
/* 3) Output the results.
*
* These are already in @cipher due to the location of temporary
* variables.
*/
return 0;
}

2
src/crypto/aes_i.h
View file

@ -17,6 +17,8 @@
#include "aes.h"
#define BLOCK_SIZE 16
/* #define FULL_UNROLL */
#define AES_SMALL_TABLES

533
src/crypto/aes_wrap.c
View file

@ -1,533 +0,0 @@
/*
* AES-based functions
*
* - AES Key Wrap Algorithm (128-bit KEK) (RFC3394)
* - One-Key CBC MAC (OMAC1, i.e., CMAC) hash with AES-128
* - AES-128 CTR mode encryption
* - AES-128 EAX mode encryption/decryption
* - AES-128 CBC
*
* Copyright (c) 2003-2007, Jouni Malinen <j@w1.fi>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation.
*
* Alternatively, this software may be distributed under the terms of BSD
* license.
*
* See README and COPYING for more details.
*/
#include "includes.h"
#include "common.h"
#include "aes_wrap.h"
#include "crypto.h"
#ifndef CONFIG_NO_AES_WRAP
/**
* aes_wrap - Wrap keys with AES Key Wrap Algorithm (128-bit KEK) (RFC3394)
* @kek: 16-octet Key encryption key (KEK)
* @n: Length of the plaintext key in 64-bit units; e.g., 2 = 128-bit = 16
* bytes
* @plain: Plaintext key to be wrapped, n * 64 bits
* @cipher: Wrapped key, (n + 1) * 64 bits
* Returns: 0 on success, -1 on failure
*/
int aes_wrap(const u8 *kek, int n, const u8 *plain, u8 *cipher)
{
u8 *a, *r, b[16];
int i, j;
void *ctx;
a = cipher;
r = cipher + 8;
/* 1) Initialize variables. */
os_memset(a, 0xa6, 8);
os_memcpy(r, plain, 8 * n);
ctx = aes_encrypt_init(kek, 16);
if (ctx == NULL)
return -1;
/* 2) Calculate intermediate values.
* For j = 0 to 5
* For i=1 to n
* B = AES(K, A | R[i])
* A = MSB(64, B) ^ t where t = (n*j)+i
* R[i] = LSB(64, B)
*/
for (j = 0; j <= 5; j++) {
r = cipher + 8;
for (i = 1; i <= n; i++) {
os_memcpy(b, a, 8);
os_memcpy(b + 8, r, 8);
aes_encrypt(ctx, b, b);
os_memcpy(a, b, 8);
a[7] ^= n * j + i;
os_memcpy(r, b + 8, 8);
r += 8;
}
}
aes_encrypt_deinit(ctx);
/* 3) Output the results.
*
* These are already in @cipher due to the location of temporary
* variables.
*/
return 0;
}
#endif /* CONFIG_NO_AES_WRAP */
#ifndef CONFIG_NO_AES_UNWRAP
/**
* aes_unwrap - Unwrap key with AES Key Wrap Algorithm (128-bit KEK) (RFC3394)
* @kek: Key encryption key (KEK)
* @n: Length of the plaintext key in 64-bit units; e.g., 2 = 128-bit = 16
* bytes
* @cipher: Wrapped key to be unwrapped, (n + 1) * 64 bits
* @plain: Plaintext key, n * 64 bits
* Returns: 0 on success, -1 on failure (e.g., integrity verification failed)
*/
int aes_unwrap(const u8 *kek, int n, const u8 *cipher, u8 *plain)
{
u8 a[8], *r, b[16];
int i, j;
void *ctx;
/* 1) Initialize variables. */
os_memcpy(a, cipher, 8);
r = plain;
os_memcpy(r, cipher + 8, 8 * n);
ctx = aes_decrypt_init(kek, 16);
if (ctx == NULL)
return -1;
/* 2) Compute intermediate values.
* For j = 5 to 0
* For i = n to 1
* B = AES-1(K, (A ^ t) | R[i]) where t = n*j+i
* A = MSB(64, B)
* R[i] = LSB(64, B)
*/
for (j = 5; j >= 0; j--) {
r = plain + (n - 1) * 8;
for (i = n; i >= 1; i--) {
os_memcpy(b, a, 8);
b[7] ^= n * j + i;
os_memcpy(b + 8, r, 8);
aes_decrypt(ctx, b, b);
os_memcpy(a, b, 8);
os_memcpy(r, b + 8, 8);
r -= 8;
}
}
aes_decrypt_deinit(ctx);
/* 3) Output results.
*
* These are already in @plain due to the location of temporary
* variables. Just verify that the IV matches with the expected value.
*/
for (i = 0; i < 8; i++) {
if (a[i] != 0xa6)
return -1;
}
return 0;
}
#endif /* CONFIG_NO_AES_UNWRAP */
#define BLOCK_SIZE 16
#ifndef CONFIG_NO_AES_OMAC1
static void gf_mulx(u8 *pad)
{
int i, carry;
carry = pad[0] & 0x80;
for (i = 0; i < BLOCK_SIZE - 1; i++)
pad[i] = (pad[i] << 1) | (pad[i + 1] >> 7);
pad[BLOCK_SIZE - 1] <<= 1;
if (carry)
pad[BLOCK_SIZE - 1] ^= 0x87;
}
/**
* omac1_aes_128_vector - One-Key CBC MAC (OMAC1) hash with AES-128
* @key: 128-bit key for the hash operation
* @num_elem: Number of elements in the data vector
* @addr: Pointers to the data areas
* @len: Lengths of the data blocks
* @mac: Buffer for MAC (128 bits, i.e., 16 bytes)
* Returns: 0 on success, -1 on failure
*
* This is a mode for using block cipher (AES in this case) for authentication.
* OMAC1 was standardized with the name CMAC by NIST in a Special Publication
* (SP) 800-38B.
*/
int omac1_aes_128_vector(const u8 *key, size_t num_elem,
const u8 *addr[], const size_t *len, u8 *mac)
{
void *ctx;
u8 cbc[BLOCK_SIZE], pad[BLOCK_SIZE];
const u8 *pos, *end;
size_t i, e, left, total_len;
ctx = aes_encrypt_init(key, 16);
if (ctx == NULL)
return -1;
os_memset(cbc, 0, BLOCK_SIZE);
total_len = 0;
for (e = 0; e < num_elem; e++)
total_len += len[e];
left = total_len;
e = 0;
pos = addr[0];
end = pos + len[0];
while (left >= BLOCK_SIZE) {
for (i = 0; i < BLOCK_SIZE; i++) {
cbc[i] ^= *pos++;
if (pos >= end) {
e++;
pos = addr[e];
end = pos + len[e];
}
}
if (left > BLOCK_SIZE)
aes_encrypt(ctx, cbc, cbc);
left -= BLOCK_SIZE;
}
os_memset(pad, 0, BLOCK_SIZE);
aes_encrypt(ctx, pad, pad);
gf_mulx(pad);
if (left || total_len == 0) {
for (i = 0; i < left; i++) {
cbc[i] ^= *pos++;
if (pos >= end) {
e++;
pos = addr[e];
end = pos + len[e];
}
}
cbc[left] ^= 0x80;
gf_mulx(pad);
}
for (i = 0; i < BLOCK_SIZE; i++)
pad[i] ^= cbc[i];
aes_encrypt(ctx, pad, mac);
aes_encrypt_deinit(ctx);
return 0;
}
/**
* omac1_aes_128 - One-Key CBC MAC (OMAC1) hash with AES-128 (aka AES-CMAC)
* @key: 128-bit key for the hash operation
* @data: Data buffer for which a MAC is determined
* @data_len: Length of data buffer in bytes
* @mac: Buffer for MAC (128 bits, i.e., 16 bytes)
* Returns: 0 on success, -1 on failure
*
* This is a mode for using block cipher (AES in this case) for authentication.
* OMAC1 was standardized with the name CMAC by NIST in a Special Publication
* (SP) 800-38B.
*/
int omac1_aes_128(const u8 *key, const u8 *data, size_t data_len, u8 *mac)
{
return omac1_aes_128_vector(key, 1, &data, &data_len, mac);
}
#endif /* CONFIG_NO_AES_OMAC1 */
#ifndef CONFIG_NO_AES_ENCRYPT_BLOCK
/**
* aes_128_encrypt_block - Perform one AES 128-bit block operation
* @key: Key for AES
* @in: Input data (16 bytes)
* @out: Output of the AES block operation (16 bytes)
* Returns: 0 on success, -1 on failure
*/
int aes_128_encrypt_block(const u8 *key, const u8 *in, u8 *out)
{
void *ctx;
ctx = aes_encrypt_init(key, 16);
if (ctx == NULL)
return -1;
aes_encrypt(ctx, in, out);
aes_encrypt_deinit(ctx);
return 0;
}
#endif /* CONFIG_NO_AES_ENCRYPT_BLOCK */
#ifndef CONFIG_NO_AES_CTR
/**
* aes_128_ctr_encrypt - AES-128 CTR mode encryption
* @key: Key for encryption (16 bytes)
* @nonce: Nonce for counter mode (16 bytes)
* @data: Data to encrypt in-place
* @data_len: Length of data in bytes
* Returns: 0 on success, -1 on failure
*/
int aes_128_ctr_encrypt(const u8 *key, const u8 *nonce,
u8 *data, size_t data_len)
{
void *ctx;
size_t j, len, left = data_len;
int i;
u8 *pos = data;
u8 counter[BLOCK_SIZE], buf[BLOCK_SIZE];
ctx = aes_encrypt_init(key, 16);
if (ctx == NULL)
return -1;
os_memcpy(counter, nonce, BLOCK_SIZE);
while (left > 0) {
aes_encrypt(ctx, counter, buf);
len = (left < BLOCK_SIZE) ? left : BLOCK_SIZE;
for (j = 0; j < len; j++)
pos[j] ^= buf[j];
pos += len;
left -= len;
for (i = BLOCK_SIZE - 1; i >= 0; i--) {
counter[i]++;
if (counter[i])
break;
}
}
aes_encrypt_deinit(ctx);
return 0;
}
#endif /* CONFIG_NO_AES_CTR */
#ifndef CONFIG_NO_AES_EAX
/**
* aes_128_eax_encrypt - AES-128 EAX mode encryption
* @key: Key for encryption (16 bytes)
* @nonce: Nonce for counter mode
* @nonce_len: Nonce length in bytes
* @hdr: Header data to be authenticity protected
* @hdr_len: Length of the header data bytes
* @data: Data to encrypt in-place
* @data_len: Length of data in bytes
* @tag: 16-byte tag value
* Returns: 0 on success, -1 on failure
*/
int aes_128_eax_encrypt(const u8 *key, const u8 *nonce, size_t nonce_len,
const u8 *hdr, size_t hdr_len,
u8 *data, size_t data_len, u8 *tag)
{
u8 *buf;
size_t buf_len;
u8 nonce_mac[BLOCK_SIZE], hdr_mac[BLOCK_SIZE], data_mac[BLOCK_SIZE];
int i, ret = -1;
if (nonce_len > data_len)
buf_len = nonce_len;
else
buf_len = data_len;
if (hdr_len > buf_len)
buf_len = hdr_len;
buf_len += 16;
buf = os_malloc(buf_len);
if (buf == NULL)
return -1;
os_memset(buf, 0, 15);
buf[15] = 0;
os_memcpy(buf + 16, nonce, nonce_len);
if (omac1_aes_128(key, buf, 16 + nonce_len, nonce_mac))
goto fail;
buf[15] = 1;
os_memcpy(buf + 16, hdr, hdr_len);
if (omac1_aes_128(key, buf, 16 + hdr_len, hdr_mac))
goto fail;
if (aes_128_ctr_encrypt(key, nonce_mac, data, data_len))
goto fail;
buf[15] = 2;
os_memcpy(buf + 16, data, data_len);
if (omac1_aes_128(key, buf, 16 + data_len, data_mac))
goto fail;
for (i = 0; i < BLOCK_SIZE; i++)
tag[i] = nonce_mac[i] ^ data_mac[i] ^ hdr_mac[i];
ret = 0;
fail:
os_free(buf);
return ret;
}
/**
* aes_128_eax_decrypt - AES-128 EAX mode decryption
* @key: Key for decryption (16 bytes)
* @nonce: Nonce for counter mode
* @nonce_len: Nonce length in bytes
* @hdr: Header data to be authenticity protected
* @hdr_len: Length of the header data bytes
* @data: Data to encrypt in-place
* @data_len: Length of data in bytes
* @tag: 16-byte tag value
* Returns: 0 on success, -1 on failure, -2 if tag does not match
*/
int aes_128_eax_decrypt(const u8 *key, const u8 *nonce, size_t nonce_len,
const u8 *hdr, size_t hdr_len,
u8 *data, size_t data_len, const u8 *tag)
{
u8 *buf;
size_t buf_len;
u8 nonce_mac[BLOCK_SIZE], hdr_mac[BLOCK_SIZE], data_mac[BLOCK_SIZE];
int i;
if (nonce_len > data_len)
buf_len = nonce_len;
else
buf_len = data_len;
if (hdr_len > buf_len)
buf_len = hdr_len;
buf_len += 16;
buf = os_malloc(buf_len);
if (buf == NULL)
return -1;
os_memset(buf, 0, 15);
buf[15] = 0;
os_memcpy(buf + 16, nonce, nonce_len);
if (omac1_aes_128(key, buf, 16 + nonce_len, nonce_mac)) {
os_free(buf);
return -1;
}
buf[15] = 1;
os_memcpy(buf + 16, hdr, hdr_len);
if (omac1_aes_128(key, buf, 16 + hdr_len, hdr_mac)) {
os_free(buf);
return -1;
}
buf[15] = 2;
os_memcpy(buf + 16, data, data_len);
if (omac1_aes_128(key, buf, 16 + data_len, data_mac)) {
os_free(buf);
return -1;
}
os_free(buf);
for (i = 0; i < BLOCK_SIZE; i++) {
if (tag[i] != (nonce_mac[i] ^ data_mac[i] ^ hdr_mac[i]))
return -2;
}
return aes_128_ctr_encrypt(key, nonce_mac, data, data_len);
}
#endif /* CONFIG_NO_AES_EAX */
#ifndef CONFIG_NO_AES_CBC
/**
* aes_128_cbc_encrypt - AES-128 CBC encryption
* @key: Encryption key
* @iv: Encryption IV for CBC mode (16 bytes)
* @data: Data to encrypt in-place
* @data_len: Length of data in bytes (must be divisible by 16)
* Returns: 0 on success, -1 on failure
*/
int aes_128_cbc_encrypt(const u8 *key, const u8 *iv, u8 *data, size_t data_len)
{
void *ctx;
u8 cbc[BLOCK_SIZE];
u8 *pos = data;
int i, j, blocks;
ctx = aes_encrypt_init(key, 16);
if (ctx == NULL)
return -1;
os_memcpy(cbc, iv, BLOCK_SIZE);
blocks = data_len / BLOCK_SIZE;
for (i = 0; i < blocks; i++) {
for (j = 0; j < BLOCK_SIZE; j++)
cbc[j] ^= pos[j];
aes_encrypt(ctx, cbc, cbc);
os_memcpy(pos, cbc, BLOCK_SIZE);
pos += BLOCK_SIZE;
}
aes_encrypt_deinit(ctx);
return 0;
}
/**
* aes_128_cbc_decrypt - AES-128 CBC decryption
* @key: Decryption key
* @iv: Decryption IV for CBC mode (16 bytes)
* @data: Data to decrypt in-place
* @data_len: Length of data in bytes (must be divisible by 16)
* Returns: 0 on success, -1 on failure
*/
int aes_128_cbc_decrypt(const u8 *key, const u8 *iv, u8 *data, size_t data_len)
{
void *ctx;
u8 cbc[BLOCK_SIZE], tmp[BLOCK_SIZE];
u8 *pos = data;
int i, j, blocks;
ctx = aes_decrypt_init(key, 16);
if (ctx == NULL)
return -1;
os_memcpy(cbc, iv, BLOCK_SIZE);
blocks = data_len / BLOCK_SIZE;
for (i = 0; i < blocks; i++) {
os_memcpy(tmp, pos, BLOCK_SIZE);
aes_decrypt(ctx, pos, pos);
for (j = 0; j < BLOCK_SIZE; j++)
pos[j] ^= cbc[j];
os_memcpy(cbc, tmp, BLOCK_SIZE);
pos += BLOCK_SIZE;
}
aes_decrypt_deinit(ctx);
return 0;
}
#endif /* CONFIG_NO_AES_CBC */

16
wpa_supplicant/Makefile
View file

@ -43,7 +43,7 @@ install: all
SHA1OBJS = ../src/crypto/sha1.o
DESOBJS = # none needed when not internal
AESOBJS = ../src/crypto/aes_wrap.o
AESOBJS = # none so far (see below)
SHA256OBJS = # none by default
MD4OBJS = # none by default
MD5OBJS = ../src/crypto/md5.o
@ -1070,15 +1070,17 @@ ifndef CONFIG_NO_WPA_PASSPHRASE
SHA1OBJS += ../src/crypto/sha1-pbkdf2.o
endif
ifdef CONFIG_NO_AES_EXTRAS
CFLAGS += -DCONFIG_NO_AES_WRAP
CFLAGS += -DCONFIG_NO_AES_CTR -DCONFIG_NO_AES_OMAC1
CFLAGS += -DCONFIG_NO_AES_EAX -DCONFIG_NO_AES_CBC
CFLAGS += -DCONFIG_NO_AES_ENCRYPT_BLOCK
else
AESOBJS += ../src/crypto/aes-unwrap.o
ifndef CONFIG_NO_AES_EXTRAS
ifdef CONFIG_INTERNAL_AES
AESOBJS += ../src/crypto/aes-internal-enc.o
endif
AESOBJS += ../src/crypto/aes-cbc.o
AESOBJS += ../src/crypto/aes-ctr.o
AESOBJS += ../src/crypto/aes-eax.o
AESOBJS += ../src/crypto/aes-encblock.o
AESOBJS += ../src/crypto/aes-omac1.o
AESOBJS += ../src/crypto/aes-wrap.o
endif
ifdef NEED_AES

8
wpa_supplicant/nmake.mak
View file

@ -66,7 +66,13 @@ OBJS = \
$(OBJDIR)\sha1.obj \
$(OBJDIR)\md5.obj \
$(OBJDIR)\rc4.obj \
$(OBJDIR)\aes_wrap.obj \
$(OBJDIR)\aes-cbc.obj \
$(OBJDIR)\aes-ctr.obj \
$(OBJDIR)\aes-eax.obj \
$(OBJDIR)\aes-encblock.obj \
$(OBJDIR)\aes-omac1.obj \
$(OBJDIR)\aes-unwrap.obj \
$(OBJDIR)\aes-wrap.obj \
$(OBJDIR)\common.obj \
$(OBJDIR)\wpa_debug.obj \
$(OBJDIR)\wpabuf.obj \

2
wpa_supplicant/symbian/wpa_supplicant.mmp
View file

@ -21,7 +21,7 @@ SOURCE wpa_common.c
SOURCEPATH ..\..\src\utils
SOURCE os_none.c common.c wpa_debug.c eloop_none.c base64.c
SOURCEPATH ..\..\src\crypto
SOURCE sha1.c md5.c rc4.c des.c aes_wrap.c aes.c ms_funcs.c
SOURCE sha1.c md5.c rc4.c des.c aes-cbc.c aes-ctr.c aes-eax.c aes-encblock.c aes-omac1.c aes-unwrap.c aes-wrap.c aes.c ms_funcs.c
SOURCE tls_internal.c crypto_internal.c
SOURCEPATH ..\..\src\tls
SOURCE asn1.c bignum.c rsa.c x509v3.c tlsv1_client.c tlsv1_common.c

26
wpa_supplicant/vs2005/eapol_test/eapol_test.vcproj
View file

@ -183,7 +183,31 @@
UniqueIdentifier="{4FC737F1-C7A5-4376-A066-2A32D752A2FF}"
>
<File
RelativePath="..\..\..\src\crypto\aes_wrap.c"
RelativePath="..\..\..\src\crypto\aes-cbc.c"
>
</File>
<File
RelativePath="..\..\..\src\crypto\aes-ctr.c"
>
</File>
<File
RelativePath="..\..\..\src\crypto\aes-eax.c"
>
</File>
<File
RelativePath="..\..\..\src\crypto\aes-encblock.c"
>
</File>
<File
RelativePath="..\..\..\src\crypto\aes-omac1.c"
>
</File>
<File
RelativePath="..\..\..\src\crypto\aes-unwrap.c"
>
</File>
<File
RelativePath="..\..\..\src\crypto\aes-wrap.c"
>
</File>
<File

26
wpa_supplicant/vs2005/wpa_supplicant/wpa_supplicant.vcproj
View file

@ -183,7 +183,31 @@
UniqueIdentifier="{4FC737F1-C7A5-4376-A066-2A32D752A2FF}"
>
<File
RelativePath="..\..\..\src\crypto\aes_wrap.c"
RelativePath="..\..\..\src\crypto\aes-cbc.c"
>
</File>
<File
RelativePath="..\..\..\src\crypto\aes-ctr.c"
>
</File>
<File
RelativePath="..\..\..\src\crypto\aes-eax.c"
>
</File>
<File
RelativePath="..\..\..\src\crypto\aes-encblock.c"
>
</File>
<File
RelativePath="..\..\..\src\crypto\aes-omac1.c"
>
</File>
<File
RelativePath="..\..\..\src\crypto\aes-unwrap.c"
>
</File>
<File
RelativePath="..\..\..\src\crypto\aes-wrap.c"
>
</File>
<File

26
wpa_supplicant/vs2005/wpasvc/wpasvc.vcproj
View file

@ -183,7 +183,31 @@
UniqueIdentifier="{4FC737F1-C7A5-4376-A066-2A32D752A2FF}"
>
<File
RelativePath="..\..\..\src\crypto\aes_wrap.c"
RelativePath="..\..\..\src\crypto\aes-cbc.c"
>
</File>
<File
RelativePath="..\..\..\src\crypto\aes-ctr.c"
>
</File>
<File
RelativePath="..\..\..\src\crypto\aes-eax.c"
>
</File>
<File
RelativePath="..\..\..\src\crypto\aes-encblock.c"
>
</File>
<File
RelativePath="..\..\..\src\crypto\aes-omac1.c"
>
</File>
<File
RelativePath="..\..\..\src\crypto\aes-unwrap.c"
>
</File>
<File
RelativePath="..\..\..\src\crypto\aes-wrap.c"
>
</File>
<File