jeltz/hostap
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

OpenSSL: Implement AES-128 CBC using EVP API

Browse source 
This replaces the internal CBC mode implementation in
aes_128_cbc_encrypt() and aes_128_cbc_decrypt() with the OpenSSL
implementation for CONFIG_TLS=openssl builds.

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2015-03-29 20:30:58 +03:00
parent 22ba05c09e
commit 65a7b21f5e
5 changed files with 58 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
hostapd/Android.mk
View file

@ -688,8 +688,10 @@ endif
endif endif
ifdef NEED_AES_CBC ifdef NEED_AES_CBC
NEED_AES_DEC=y NEED_AES_DEC=y
ifneq ($(CONFIG_TLS), openssl)
AESOBJS += src/crypto/aes-cbc.c AESOBJS += src/crypto/aes-cbc.c
endif endif
endif
ifdef NEED_AES_DEC ifdef NEED_AES_DEC
ifdef CONFIG_INTERNAL_AES ifdef CONFIG_INTERNAL_AES
AESOBJS += src/crypto/aes-internal-dec.c AESOBJS += src/crypto/aes-internal-dec.c

2
hostapd/Makefile
View file

@ -683,8 +683,10 @@ endif
endif endif
ifdef NEED_AES_CBC ifdef NEED_AES_CBC
NEED_AES_DEC=y NEED_AES_DEC=y
ifneq ($(CONFIG_TLS), openssl)
AESOBJS += ../src/crypto/aes-cbc.o AESOBJS += ../src/crypto/aes-cbc.o
endif endif
endif
ifdef NEED_AES_DEC ifdef NEED_AES_DEC
ifdef CONFIG_INTERNAL_AES ifdef CONFIG_INTERNAL_AES
AESOBJS += ../src/crypto/aes-internal-dec.o AESOBJS += ../src/crypto/aes-internal-dec.o

50
src/crypto/crypto_openssl.c
View file

@ -324,6 +324,56 @@ int aes_unwrap(const u8 *kek, size_t kek_len, int n, const u8 *cipher,
} }
int aes_128_cbc_encrypt(const u8 *key, const u8 *iv, u8 *data, size_t data_len)
{
EVP_CIPHER_CTX ctx;
int clen, len;
u8 buf[16];
EVP_CIPHER_CTX_init(&ctx);
if (EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key, iv) != 1)
return -1;
EVP_CIPHER_CTX_set_padding(&ctx, 0);
clen = data_len;
if (EVP_EncryptUpdate(&ctx, data, &clen, data, data_len) != 1 ||
clen != (int) data_len)
return -1;
len = sizeof(buf);
if (EVP_EncryptFinal_ex(&ctx, buf, &len) != 1 || len != 0)
return -1;
EVP_CIPHER_CTX_cleanup(&ctx);
return 0;
}
int aes_128_cbc_decrypt(const u8 *key, const u8 *iv, u8 *data, size_t data_len)
{
EVP_CIPHER_CTX ctx;
int plen, len;
u8 buf[16];
EVP_CIPHER_CTX_init(&ctx);
if (EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key, iv) != 1)
return -1;
EVP_CIPHER_CTX_set_padding(&ctx, 0);
plen = data_len;
if (EVP_DecryptUpdate(&ctx, data, &plen, data, data_len) != 1 ||
plen != (int) data_len)
return -1;
len = sizeof(buf);
if (EVP_DecryptFinal_ex(&ctx, buf, &len) != 1 || len != 0)
return -1;
EVP_CIPHER_CTX_cleanup(&ctx);
return 0;
}
int crypto_mod_exp(const u8 *base, size_t base_len, int crypto_mod_exp(const u8 *base, size_t base_len,
const u8 *power, size_t power_len, const u8 *power, size_t power_len,
const u8 *modulus, size_t modulus_len, const u8 *modulus, size_t modulus_len,

2
wpa_supplicant/Android.mk
View file

@ -1145,8 +1145,10 @@ endif
endif endif
ifdef NEED_AES_CBC ifdef NEED_AES_CBC
NEED_AES_ENC=y NEED_AES_ENC=y
ifneq ($(CONFIG_TLS), openssl)
AESOBJS += src/crypto/aes-cbc.c AESOBJS += src/crypto/aes-cbc.c
endif endif
endif
ifdef NEED_AES_ENC ifdef NEED_AES_ENC
ifdef CONFIG_INTERNAL_AES ifdef CONFIG_INTERNAL_AES
AESOBJS += src/crypto/aes-internal-enc.c AESOBJS += src/crypto/aes-internal-enc.c

2
wpa_supplicant/Makefile
View file

@ -1162,8 +1162,10 @@ endif
endif endif
ifdef NEED_AES_CBC ifdef NEED_AES_CBC
NEED_AES_ENC=y NEED_AES_ENC=y
ifneq ($(CONFIG_TLS), openssl)
AESOBJS += ../src/crypto/aes-cbc.o AESOBJS += ../src/crypto/aes-cbc.o
endif endif
endif
ifdef NEED_AES_ENC ifdef NEED_AES_ENC
ifdef CONFIG_INTERNAL_AES ifdef CONFIG_INTERNAL_AES
AESOBJS += ../src/crypto/aes-internal-enc.o AESOBJS += ../src/crypto/aes-internal-enc.o