aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2017-02-26 23:10:02 (GMT)
committerJouni Malinen <j@w1.fi>2017-02-28 09:24:15 (GMT)
commit206516e8c2bdd12651438a0c5c355e4bce343611 (patch)
tree7d5d5d46e298a403d81c06344c4a6d79fcd39bac /src
parentb41d3e0a7578c52207b7a09fbbbbb29563614873 (diff)
downloadhostap-206516e8c2bdd12651438a0c5c355e4bce343611.zip
hostap-206516e8c2bdd12651438a0c5c355e4bce343611.tar.gz
hostap-206516e8c2bdd12651438a0c5c355e4bce343611.tar.bz2
af_alg: Crypto wrappers for Linux kernel crypto (AF_ALG)
CONFIG_TLS=linux can now be used to select the crypto implementation that uses the user space socket interface (AF_ALG) for the Linux kernel crypto implementation. This commit includes some of the cipher, hash, and HMAC functions. The functions that are not available through AF_ALG (e.g., the actual TLS implementation) use the internal implementation (CONFIG_TLS=internal). Signed-off-by: Jouni Malinen <j@w1.fi>
Diffstat (limited to 'src')
-rw-r--r--src/crypto/crypto_linux.c1006
1 files changed, 1006 insertions, 0 deletions
diff --git a/src/crypto/crypto_linux.c b/src/crypto/crypto_linux.c
new file mode 100644
index 0000000..8099193
--- /dev/null
+++ b/src/crypto/crypto_linux.c
@@ -0,0 +1,1006 @@
+/*
+ * Crypto wrapper for Linux kernel AF_ALG
+ * Copyright (c) 2017, Jouni Malinen <j@w1.fi>
+ *
+ * This software may be distributed under the terms of the BSD license.
+ * See README for more details.
+ */
+
+#include "includes.h"
+#include <linux/if_alg.h>
+
+#include "common.h"
+#include "crypto.h"
+#include "md5.h"
+#include "sha1.h"
+#include "sha256.h"
+#include "sha384.h"
+#include "aes.h"
+
+
+#ifndef SOL_ALG
+#define SOL_ALG 279
+#endif /* SOL_ALG */
+
+
+static int linux_af_alg_socket(const char *type, const char *name)
+{
+ struct sockaddr_alg sa;
+ int s;
+
+ if (TEST_FAIL())
+ return -1;
+
+ s = socket(AF_ALG, SOCK_SEQPACKET, 0);
+ if (s < 0) {
+ wpa_printf(MSG_ERROR, "%s: Failed to open AF_ALG socket: %s",
+ __func__, strerror(errno));
+ return -1;
+ }
+
+ os_memset(&sa, 0, sizeof(sa));
+ sa.salg_family = AF_ALG;
+ os_strlcpy((char *) sa.salg_type, type, sizeof(sa.salg_type));
+ os_strlcpy((char *) sa.salg_name, name, sizeof(sa.salg_type));
+ if (bind(s, (struct sockaddr *) &sa, sizeof(sa)) < 0) {
+ wpa_printf(MSG_ERROR,
+ "%s: Failed to bind AF_ALG socket(%s,%s): %s",
+ __func__, type, name, strerror(errno));
+ close(s);
+ return -1;
+ }
+
+ return s;
+}
+
+
+static int linux_af_alg_hash_vector(const char *alg, const u8 *key,
+ size_t key_len, size_t num_elem,
+ const u8 *addr[], const size_t *len,
+ u8 *mac, size_t mac_len)
+{
+ int s, t;
+ size_t i;
+ ssize_t res;
+ int ret = -1;
+
+ s = linux_af_alg_socket("hash", alg);
+ if (s < 0)
+ return -1;
+
+ if (key && setsockopt(s, SOL_ALG, ALG_SET_KEY, key, key_len) < 0) {
+ wpa_printf(MSG_ERROR, "%s: setsockopt(ALG_SET_KEY) failed: %s",
+ __func__, strerror(errno));
+ close(s);
+ return -1;
+ }
+
+ t = accept(s, NULL, NULL);
+ if (t < 0) {
+ wpa_printf(MSG_ERROR, "%s: accept on AF_ALG socket failed: %s",
+ __func__, strerror(errno));
+ close(s);
+ return -1;
+ }
+
+ for (i = 0; i < num_elem; i++) {
+ res = send(t, addr[i], len[i], i + 1 < num_elem ? MSG_MORE : 0);
+ if (res < 0) {
+ wpa_printf(MSG_ERROR,
+ "%s: send on AF_ALG socket failed: %s",
+ __func__, strerror(errno));
+ goto fail;
+ }
+ if ((size_t) res < len[i]) {
+ wpa_printf(MSG_ERROR,
+ "%s: send on AF_ALG socket did not accept full buffer (%d/%d)",
+ __func__, (int) res, (int) len[i]);
+ goto fail;
+ }
+ }
+
+ res = recv(t, mac, mac_len, 0);
+ if (res < 0) {
+ wpa_printf(MSG_ERROR,
+ "%s: recv on AF_ALG socket failed: %s",
+ __func__, strerror(errno));
+ goto fail;
+ }
+ if ((size_t) res < mac_len) {
+ wpa_printf(MSG_ERROR,
+ "%s: recv on AF_ALG socket did not return full buffer (%d/%d)",
+ __func__, (int) res, (int) mac_len);
+ goto fail;
+ }
+
+ ret = 0;
+fail:
+ close(t);
+ close(s);
+
+ return ret;
+}
+
+
+int md4_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac)
+{
+ return linux_af_alg_hash_vector("md4", NULL, 0, num_elem, addr, len,
+ mac, 16);
+}
+
+
+int md5_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac)
+{
+ return linux_af_alg_hash_vector("md5", NULL, 0, num_elem, addr, len,
+ mac, MD5_MAC_LEN);
+}
+
+
+int sha1_vector(size_t num_elem, const u8 *addr[], const size_t *len,
+ u8 *mac)
+{
+ return linux_af_alg_hash_vector("sha1", NULL, 0, num_elem, addr, len,
+ mac, SHA1_MAC_LEN);
+}
+
+
+int sha256_vector(size_t num_elem, const u8 *addr[], const size_t *len,
+ u8 *mac)
+{
+ return linux_af_alg_hash_vector("sha256", NULL, 0, num_elem, addr, len,
+ mac, SHA256_MAC_LEN);
+}
+
+
+int sha384_vector(size_t num_elem, const u8 *addr[], const size_t *len,
+ u8 *mac)
+{
+ return linux_af_alg_hash_vector("sha384", NULL, 0, num_elem, addr, len,
+ mac, SHA384_MAC_LEN);
+}
+
+
+int sha512_vector(size_t num_elem, const u8 *addr[], const size_t *len,
+ u8 *mac)
+{
+ return linux_af_alg_hash_vector("sha512", NULL, 0, num_elem, addr, len,
+ mac, 64);
+}
+
+
+int hmac_md5_vector(const u8 *key, size_t key_len, size_t num_elem,
+ const u8 *addr[], const size_t *len, u8 *mac)
+{
+ return linux_af_alg_hash_vector("hmac(md5)", key, key_len, num_elem,
+ addr, len, mac, 16);
+}
+
+
+int hmac_md5(const u8 *key, size_t key_len, const u8 *data, size_t data_len,
+ u8 *mac)
+{
+ return hmac_md5_vector(key, key_len, 1, &data, &data_len, mac);
+}
+
+
+int hmac_sha1_vector(const u8 *key, size_t key_len, size_t num_elem,
+ const u8 *addr[], const size_t *len, u8 *mac)
+{
+ return linux_af_alg_hash_vector("hmac(sha1)", key, key_len, num_elem,
+ addr, len, mac, SHA1_MAC_LEN);
+}
+
+
+int hmac_sha1(const u8 *key, size_t key_len, const u8 *data, size_t data_len,
+ u8 *mac)
+{
+ return hmac_sha1_vector(key, key_len, 1, &data, &data_len, mac);
+}
+
+
+int hmac_sha256_vector(const u8 *key, size_t key_len, size_t num_elem,
+ const u8 *addr[], const size_t *len, u8 *mac)
+{
+ return linux_af_alg_hash_vector("hmac(sha256)", key, key_len, num_elem,
+ addr, len, mac, SHA256_MAC_LEN);
+}
+
+
+int hmac_sha256(const u8 *key, size_t key_len, const u8 *data,
+ size_t data_len, u8 *mac)
+{
+ return hmac_sha256_vector(key, key_len, 1, &data, &data_len, mac);
+}
+
+
+int hmac_sha384_vector(const u8 *key, size_t key_len, size_t num_elem,
+ const u8 *addr[], const size_t *len, u8 *mac)
+{
+ return linux_af_alg_hash_vector("hmac(sha384)", key, key_len, num_elem,
+ addr, len, mac, SHA384_MAC_LEN);
+}
+
+
+int hmac_sha384(const u8 *key, size_t key_len, const u8 *data,
+ size_t data_len, u8 *mac)
+{
+ return hmac_sha384_vector(key, key_len, 1, &data, &data_len, mac);
+}
+
+
+struct crypto_hash {
+ int s;
+ int t;
+ size_t mac_len;
+ int failed;
+};
+
+
+struct crypto_hash * crypto_hash_init(enum crypto_hash_alg alg, const u8 *key,
+ size_t key_len)
+{
+ struct crypto_hash *ctx;
+ const char *name;
+
+ ctx = os_zalloc(sizeof(*ctx));
+ if (!ctx)
+ return NULL;
+
+ switch (alg) {
+ case CRYPTO_HASH_ALG_MD5:
+ name = "md5";
+ ctx->mac_len = MD5_MAC_LEN;
+ break;
+ case CRYPTO_HASH_ALG_SHA1:
+ name = "sha1";
+ ctx->mac_len = SHA1_MAC_LEN;
+ break;
+ case CRYPTO_HASH_ALG_HMAC_MD5:
+ name = "hmac(md5)";
+ ctx->mac_len = MD5_MAC_LEN;
+ break;
+ case CRYPTO_HASH_ALG_HMAC_SHA1:
+ name = "hmac(sha1)";
+ ctx->mac_len = SHA1_MAC_LEN;
+ break;
+ case CRYPTO_HASH_ALG_SHA256:
+ name = "sha256";
+ ctx->mac_len = SHA256_MAC_LEN;
+ break;
+ case CRYPTO_HASH_ALG_HMAC_SHA256:
+ name = "hmac(sha256)";
+ ctx->mac_len = SHA256_MAC_LEN;
+ break;
+ case CRYPTO_HASH_ALG_SHA384:
+ name = "sha384";
+ ctx->mac_len = SHA384_MAC_LEN;
+ break;
+ case CRYPTO_HASH_ALG_SHA512:
+ name = "sha512";
+ ctx->mac_len = 64;
+ break;
+ default:
+ os_free(ctx);
+ return NULL;
+ }
+
+ ctx->s = linux_af_alg_socket("hash", name);
+ if (ctx->s < 0) {
+ os_free(ctx);
+ return NULL;
+ }
+
+ if (key && key_len &&
+ setsockopt(ctx->s, SOL_ALG, ALG_SET_KEY, key, key_len) < 0) {
+ wpa_printf(MSG_ERROR, "%s: setsockopt(ALG_SET_KEY) failed: %s",
+ __func__, strerror(errno));
+ close(ctx->s);
+ os_free(ctx);
+ return NULL;
+ }
+
+ ctx->t = accept(ctx->s, NULL, NULL);
+ if (ctx->t < 0) {
+ wpa_printf(MSG_ERROR, "%s: accept on AF_ALG socket failed: %s",
+ __func__, strerror(errno));
+ close(ctx->s);
+ os_free(ctx);
+ return NULL;
+ }
+
+ return ctx;
+}
+
+
+void crypto_hash_update(struct crypto_hash *ctx, const u8 *data, size_t len)
+{
+ ssize_t res;
+
+ if (!ctx)
+ return;
+
+ res = send(ctx->t, data, len, MSG_MORE);
+ if (res < 0) {
+ wpa_printf(MSG_ERROR,
+ "%s: send on AF_ALG socket failed: %s",
+ __func__, strerror(errno));
+ ctx->failed = 1;
+ return;
+ }
+ if ((size_t) res < len) {
+ wpa_printf(MSG_ERROR,
+ "%s: send on AF_ALG socket did not accept full buffer (%d/%d)",
+ __func__, (int) res, (int) len);
+ ctx->failed = 1;
+ return;
+ }
+}
+
+
+static void crypto_hash_deinit(struct crypto_hash *ctx)
+{
+ close(ctx->s);
+ close(ctx->t);
+ os_free(ctx);
+}
+
+
+int crypto_hash_finish(struct crypto_hash *ctx, u8 *mac, size_t *len)
+{
+ ssize_t res;
+
+ if (!ctx)
+ return -2;
+
+ if (!mac || !len) {
+ crypto_hash_deinit(ctx);
+ return 0;
+ }
+
+ if (ctx->failed) {
+ crypto_hash_deinit(ctx);
+ return -2;
+ }
+
+ if (*len < ctx->mac_len) {
+ crypto_hash_deinit(ctx);
+ *len = ctx->mac_len;
+ return -1;
+ }
+ *len = ctx->mac_len;
+
+ res = recv(ctx->t, mac, ctx->mac_len, 0);
+ if (res < 0) {
+ wpa_printf(MSG_ERROR,
+ "%s: recv on AF_ALG socket failed: %s",
+ __func__, strerror(errno));
+ crypto_hash_deinit(ctx);
+ return -2;
+ }
+ if ((size_t) res < ctx->mac_len) {
+ wpa_printf(MSG_ERROR,
+ "%s: recv on AF_ALG socket did not return full buffer (%d/%d)",
+ __func__, (int) res, (int) ctx->mac_len);
+ crypto_hash_deinit(ctx);
+ return -2;
+ }
+
+ crypto_hash_deinit(ctx);
+ return 0;
+}
+
+
+struct linux_af_alg_skcipher {
+ int s;
+ int t;
+};
+
+
+static void linux_af_alg_skcipher_deinit(struct linux_af_alg_skcipher *skcipher)
+{
+ if (!skcipher)
+ return;
+ if (skcipher->s >= 0)
+ close(skcipher->s);
+ if (skcipher->t >= 0)
+ close(skcipher->t);
+ os_free(skcipher);
+}
+
+
+static struct linux_af_alg_skcipher *
+linux_af_alg_skcipher(const char *alg, const u8 *key, size_t key_len)
+{
+ struct linux_af_alg_skcipher *skcipher;
+
+ skcipher = os_zalloc(sizeof(*skcipher));
+ if (!skcipher)
+ goto fail;
+ skcipher->t = -1;
+
+ skcipher->s = linux_af_alg_socket("skcipher", alg);
+ if (skcipher->s < 0)
+ goto fail;
+
+ if (setsockopt(skcipher->s, SOL_ALG, ALG_SET_KEY, key, key_len) < 0) {
+ wpa_printf(MSG_ERROR, "%s: setsockopt(ALG_SET_KEY) failed: %s",
+ __func__, strerror(errno));
+ goto fail;
+ }
+
+ skcipher->t = accept(skcipher->s, NULL, NULL);
+ if (skcipher->t < 0) {
+ wpa_printf(MSG_ERROR, "%s: accept on AF_ALG socket failed: %s",
+ __func__, strerror(errno));
+ goto fail;
+ }
+
+ return skcipher;
+fail:
+ linux_af_alg_skcipher_deinit(skcipher);
+ return NULL;
+}
+
+
+static int linux_af_alg_skcipher_oper(struct linux_af_alg_skcipher *skcipher,
+ int enc, const u8 *in, u8 *out)
+{
+ char buf[CMSG_SPACE(sizeof(u32))];
+ struct iovec io[1];
+ struct msghdr msg;
+ struct cmsghdr *hdr;
+ ssize_t ret;
+ u32 *op;
+
+ io[0].iov_base = (void *) in;
+ io[0].iov_len = AES_BLOCK_SIZE;
+ os_memset(&msg, 0, sizeof(msg));
+ os_memset(buf, 0, sizeof(buf));
+ msg.msg_control = buf;
+ msg.msg_controllen = CMSG_SPACE(sizeof(u32));
+ msg.msg_iov = io;
+ msg.msg_iovlen = 1;
+ hdr = CMSG_FIRSTHDR(&msg);
+ hdr->cmsg_level = SOL_ALG;
+ hdr->cmsg_type = ALG_SET_OP;
+ hdr->cmsg_len = CMSG_LEN(sizeof(u32));
+ op = (u32 *) CMSG_DATA(hdr);
+ *op = enc ? ALG_OP_ENCRYPT : ALG_OP_DECRYPT;
+
+ ret = sendmsg(skcipher->t, &msg, 0);
+ if (ret < 0) {
+ wpa_printf(MSG_ERROR, "%s: sendmsg failed: %s",
+ __func__, strerror(errno));
+ return -1;
+ }
+
+ ret = read(skcipher->t, out, AES_BLOCK_SIZE);
+ if (ret < 0) {
+ wpa_printf(MSG_ERROR, "%s: read failed: %s",
+ __func__, strerror(errno));
+ return -1;
+ }
+ if (ret < AES_BLOCK_SIZE) {
+ wpa_printf(MSG_ERROR,
+ "%s: read did not return full data (%d/%d)",
+ __func__, (int) ret, AES_BLOCK_SIZE);
+ return -1;
+ }
+
+ return 0;
+}
+
+
+void * aes_encrypt_init(const u8 *key, size_t len)
+{
+ return linux_af_alg_skcipher("ecb(aes)", key, len);
+}
+
+
+int aes_encrypt(void *ctx, const u8 *plain, u8 *crypt)
+{
+ struct linux_af_alg_skcipher *skcipher = ctx;
+
+ return linux_af_alg_skcipher_oper(skcipher, 1, plain, crypt);
+}
+
+
+void aes_encrypt_deinit(void *ctx)
+{
+ linux_af_alg_skcipher_deinit(ctx);
+}
+
+
+void * aes_decrypt_init(const u8 *key, size_t len)
+{
+ return linux_af_alg_skcipher("ecb(aes)", key, len);
+}
+
+
+int aes_decrypt(void *ctx, const u8 *crypt, u8 *plain)
+{
+ struct linux_af_alg_skcipher *skcipher = ctx;
+
+ return linux_af_alg_skcipher_oper(skcipher, 0, crypt, plain);
+}
+
+
+void aes_decrypt_deinit(void *ctx)
+{
+ linux_af_alg_skcipher_deinit(ctx);
+}
+
+
+int rc4_skip(const u8 *key, size_t keylen, size_t skip,
+ u8 *data, size_t data_len)
+{
+ struct linux_af_alg_skcipher *skcipher;
+ u8 *skip_buf;
+ char buf[CMSG_SPACE(sizeof(u32))];
+ struct iovec io[2];
+ struct msghdr msg;
+ struct cmsghdr *hdr;
+ ssize_t ret;
+ u32 *op;
+
+ skip_buf = os_zalloc(skip + 1);
+ if (!skip_buf)
+ return -1;
+ skcipher = linux_af_alg_skcipher("ecb(arc4)", key, keylen);
+ if (!skcipher) {
+ os_free(skip_buf);
+ return -1;
+ }
+
+ io[0].iov_base = skip_buf;
+ io[0].iov_len = skip;
+ io[1].iov_base = data;
+ io[1].iov_len = data_len;
+ os_memset(&msg, 0, sizeof(msg));
+ os_memset(buf, 0, sizeof(buf));
+ msg.msg_control = buf;
+ msg.msg_controllen = CMSG_SPACE(sizeof(u32));
+ msg.msg_iov = io;
+ msg.msg_iovlen = 2;
+ hdr = CMSG_FIRSTHDR(&msg);
+ hdr->cmsg_level = SOL_ALG;
+ hdr->cmsg_type = ALG_SET_OP;
+ hdr->cmsg_len = CMSG_LEN(sizeof(u32));
+ op = (u32 *) CMSG_DATA(hdr);
+ *op = ALG_OP_ENCRYPT;
+
+ ret = sendmsg(skcipher->t, &msg, 0);
+ if (ret < 0) {
+ wpa_printf(MSG_ERROR, "%s: sendmsg failed: %s",
+ __func__, strerror(errno));
+ os_free(skip_buf);
+ linux_af_alg_skcipher_deinit(skcipher);
+ return -1;
+ }
+ os_free(skip_buf);
+
+ msg.msg_control = NULL;
+ msg.msg_controllen = 0;
+ ret = recvmsg(skcipher->t, &msg, 0);
+ if (ret < 0) {
+ wpa_printf(MSG_ERROR, "%s: recvmsg failed: %s",
+ __func__, strerror(errno));
+ linux_af_alg_skcipher_deinit(skcipher);
+ return -1;
+ }
+ linux_af_alg_skcipher_deinit(skcipher);
+
+ if ((size_t) ret < skip + data_len) {
+ wpa_printf(MSG_ERROR,
+ "%s: recvmsg did not return full data (%d/%d)",
+ __func__, (int) ret, (int) (skip + data_len));
+ return -1;
+ }
+
+ return 0;
+}
+
+
+int des_encrypt(const u8 *clear, const u8 *key, u8 *cypher)
+{
+ u8 pkey[8], next, tmp;
+ int i;
+ struct linux_af_alg_skcipher *skcipher;
+ char buf[CMSG_SPACE(sizeof(u32))];
+ struct iovec io[1];
+ struct msghdr msg;
+ struct cmsghdr *hdr;
+ ssize_t ret;
+ u32 *op;
+ int res = -1;
+
+ /* Add parity bits to the key */
+ next = 0;
+ for (i = 0; i < 7; i++) {
+ tmp = key[i];
+ pkey[i] = (tmp >> i) | next | 1;
+ next = tmp << (7 - i);
+ }
+ pkey[i] = next | 1;
+
+ skcipher = linux_af_alg_skcipher("ecb(des)", pkey, sizeof(pkey));
+ if (!skcipher)
+ goto fail;
+
+ io[0].iov_base = (void *) clear;
+ io[0].iov_len = 8;
+ os_memset(&msg, 0, sizeof(msg));
+ os_memset(buf, 0, sizeof(buf));
+ msg.msg_control = buf;
+ msg.msg_controllen = CMSG_SPACE(sizeof(u32));
+ msg.msg_iov = io;
+ msg.msg_iovlen = 1;
+ hdr = CMSG_FIRSTHDR(&msg);
+ hdr->cmsg_level = SOL_ALG;
+ hdr->cmsg_type = ALG_SET_OP;
+ hdr->cmsg_len = CMSG_LEN(sizeof(u32));
+ op = (u32 *) CMSG_DATA(hdr);
+ *op = ALG_OP_ENCRYPT;
+
+ ret = sendmsg(skcipher->t, &msg, 0);
+ if (ret < 0) {
+ wpa_printf(MSG_ERROR, "%s: sendmsg failed: %s",
+ __func__, strerror(errno));
+ goto fail;
+ }
+
+ ret = read(skcipher->t, cypher, 8);
+ if (ret < 0) {
+ wpa_printf(MSG_ERROR, "%s: read failed: %s",
+ __func__, strerror(errno));
+ goto fail;
+ }
+ if (ret < 8) {
+ wpa_printf(MSG_ERROR,
+ "%s: read did not return full data (%d/8)",
+ __func__, (int) ret);
+ goto fail;
+ }
+
+ res = 0;
+fail:
+ linux_af_alg_skcipher_deinit(skcipher);
+ return res;
+}
+
+
+static int aes_128_cbc_oper(const u8 *key, int enc, const u8 *iv,
+ u8 *data, size_t data_len)
+{
+ struct linux_af_alg_skcipher *skcipher;
+ char buf[100];
+ struct iovec io[1];
+ struct msghdr msg;
+ struct cmsghdr *hdr;
+ ssize_t ret;
+ u32 *op;
+ struct af_alg_iv *alg_iv;
+ size_t iv_len = AES_BLOCK_SIZE;
+
+ skcipher = linux_af_alg_skcipher("cbc(aes)", key, 16);
+ if (!skcipher)
+ return -1;
+
+ io[0].iov_base = (void *) data;
+ io[0].iov_len = data_len;
+ os_memset(&msg, 0, sizeof(msg));
+ os_memset(buf, 0, sizeof(buf));
+ msg.msg_control = buf;
+ msg.msg_controllen = CMSG_SPACE(sizeof(u32)) +
+ CMSG_SPACE(sizeof(*alg_iv) + iv_len);
+ msg.msg_iov = io;
+ msg.msg_iovlen = 1;
+
+ hdr = CMSG_FIRSTHDR(&msg);
+ hdr->cmsg_level = SOL_ALG;
+ hdr->cmsg_type = ALG_SET_OP;
+ hdr->cmsg_len = CMSG_LEN(sizeof(u32));
+ op = (u32 *) CMSG_DATA(hdr);
+ *op = enc ? ALG_OP_ENCRYPT : ALG_OP_DECRYPT;
+
+ hdr = CMSG_NXTHDR(&msg, hdr);
+ hdr->cmsg_level = SOL_ALG;
+ hdr->cmsg_type = ALG_SET_IV;
+ hdr->cmsg_len = CMSG_SPACE(sizeof(*alg_iv) + iv_len);
+ alg_iv = (struct af_alg_iv *) CMSG_DATA(hdr);
+ alg_iv->ivlen = iv_len;
+ os_memcpy(alg_iv->iv, iv, iv_len);
+
+ ret = sendmsg(skcipher->t, &msg, 0);
+ if (ret < 0) {
+ wpa_printf(MSG_ERROR, "%s: sendmsg failed: %s",
+ __func__, strerror(errno));
+ linux_af_alg_skcipher_deinit(skcipher);
+ return -1;
+ }
+
+ ret = recvmsg(skcipher->t, &msg, 0);
+ if (ret < 0) {
+ wpa_printf(MSG_ERROR, "%s: recvmsg failed: %s",
+ __func__, strerror(errno));
+ linux_af_alg_skcipher_deinit(skcipher);
+ return -1;
+ }
+ if ((size_t) ret < data_len) {
+ wpa_printf(MSG_ERROR,
+ "%s: recvmsg not return full data (%d/%d)",
+ __func__, (int) ret, (int) data_len);
+ linux_af_alg_skcipher_deinit(skcipher);
+ return -1;
+ }
+
+ linux_af_alg_skcipher_deinit(skcipher);
+ return 0;
+}
+
+
+int aes_128_cbc_encrypt(const u8 *key, const u8 *iv, u8 *data, size_t data_len)
+{
+ return aes_128_cbc_oper(key, 1, iv, data, data_len);
+}
+
+
+int aes_128_cbc_decrypt(const u8 *key, const u8 *iv, u8 *data, size_t data_len)
+{
+ return aes_128_cbc_oper(key, 0, iv, data, data_len);
+}
+
+
+int omac1_aes_vector(const u8 *key, size_t key_len, size_t num_elem,
+ const u8 *addr[], const size_t *len, u8 *mac)
+{
+ return linux_af_alg_hash_vector("cmac(aes)", key, key_len, num_elem,
+ addr, len, mac, AES_BLOCK_SIZE);
+}
+
+
+int omac1_aes_128_vector(const u8 *key, size_t num_elem,
+ const u8 *addr[], const size_t *len, u8 *mac)
+{
+ return omac1_aes_vector(key, 16, num_elem, addr, len, mac);
+}
+
+
+int omac1_aes_128(const u8 *key, const u8 *data, size_t data_len, u8 *mac)
+{
+ return omac1_aes_128_vector(key, 1, &data, &data_len, mac);
+}
+
+
+int omac1_aes_256(const u8 *key, const u8 *data, size_t data_len, u8 *mac)
+{
+ return omac1_aes_vector(key, 32, 1, &data, &data_len, mac);
+}
+
+
+int aes_unwrap(const u8 *kek, size_t kek_len, int n, const u8 *cipher,
+ u8 *plain)
+{
+ struct linux_af_alg_skcipher *skcipher;
+ char buf[100];
+ struct iovec io[1];
+ struct msghdr msg;
+ struct cmsghdr *hdr;
+ ssize_t ret;
+ u32 *op;
+ struct af_alg_iv *alg_iv;
+ size_t iv_len = 8;
+
+ skcipher = linux_af_alg_skcipher("kw(aes)", kek, kek_len);
+ if (!skcipher)
+ return -1;
+
+ io[0].iov_base = (void *) (cipher + iv_len);
+ io[0].iov_len = n * 8;
+ os_memset(&msg, 0, sizeof(msg));
+ os_memset(buf, 0, sizeof(buf));
+ msg.msg_control = buf;
+ msg.msg_controllen = CMSG_SPACE(sizeof(u32)) +
+ CMSG_SPACE(sizeof(*alg_iv) + iv_len);
+ msg.msg_iov = io;
+ msg.msg_iovlen = 1;
+
+ hdr = CMSG_FIRSTHDR(&msg);
+ hdr->cmsg_level = SOL_ALG;
+ hdr->cmsg_type = ALG_SET_OP;
+ hdr->cmsg_len = CMSG_LEN(sizeof(u32));
+ op = (u32 *) CMSG_DATA(hdr);
+ *op = ALG_OP_DECRYPT;
+
+ hdr = CMSG_NXTHDR(&msg, hdr);
+ hdr->cmsg_level = SOL_ALG;
+ hdr->cmsg_type = ALG_SET_IV;
+ hdr->cmsg_len = CMSG_SPACE(sizeof(*alg_iv) + iv_len);
+ alg_iv = (struct af_alg_iv *) CMSG_DATA(hdr);
+ alg_iv->ivlen = iv_len;
+ os_memcpy(alg_iv->iv, cipher, iv_len);
+
+ ret = sendmsg(skcipher->t, &msg, 0);
+ if (ret < 0) {
+ wpa_printf(MSG_ERROR, "%s: sendmsg failed: %s",
+ __func__, strerror(errno));
+ return -1;
+ }
+
+ ret = read(skcipher->t, plain, n * 8);
+ if (ret < 0) {
+ wpa_printf(MSG_ERROR, "%s: read failed: %s",
+ __func__, strerror(errno));
+ linux_af_alg_skcipher_deinit(skcipher);
+ return -1;
+ }
+ if (ret < n * 8) {
+ wpa_printf(MSG_ERROR,
+ "%s: read not return full data (%d/%d)",
+ __func__, (int) ret, n * 8);
+ linux_af_alg_skcipher_deinit(skcipher);
+ return -1;
+ }
+
+ linux_af_alg_skcipher_deinit(skcipher);
+ return 0;
+}
+
+
+struct crypto_cipher {
+ struct linux_af_alg_skcipher *skcipher;
+};
+
+
+struct crypto_cipher * crypto_cipher_init(enum crypto_cipher_alg alg,
+ const u8 *iv, const u8 *key,
+ size_t key_len)
+{
+ struct crypto_cipher *ctx;
+ const char *name;
+ struct af_alg_iv *alg_iv;
+ size_t iv_len = 0;
+ char buf[100];
+ struct msghdr msg;
+ struct cmsghdr *hdr;
+ ssize_t ret;
+
+ ctx = os_zalloc(sizeof(*ctx));
+ if (!ctx)
+ return NULL;
+
+ switch (alg) {
+ case CRYPTO_CIPHER_ALG_RC4:
+ name = "ecb(arc4)";
+ break;
+ case CRYPTO_CIPHER_ALG_AES:
+ name = "cbc(aes)";
+ iv_len = AES_BLOCK_SIZE;
+ break;
+ case CRYPTO_CIPHER_ALG_3DES:
+ name = "cbc(des3_ede)";
+ iv_len = 8;
+ break;
+ case CRYPTO_CIPHER_ALG_DES:
+ name = "cbc(des)";
+ iv_len = 8;
+ break;
+ default:
+ os_free(ctx);
+ return NULL;
+ }
+
+ ctx->skcipher = linux_af_alg_skcipher(name, key, key_len);
+ if (!ctx->skcipher) {
+ os_free(ctx);
+ return NULL;
+ }
+
+ if (iv && iv_len) {
+ os_memset(&msg, 0, sizeof(msg));
+ os_memset(buf, 0, sizeof(buf));
+ msg.msg_control = buf;
+ msg.msg_controllen = CMSG_SPACE(sizeof(*alg_iv) + iv_len);
+ hdr = CMSG_FIRSTHDR(&msg);
+ hdr->cmsg_level = SOL_ALG;
+ hdr->cmsg_type = ALG_SET_IV;
+ hdr->cmsg_len = CMSG_SPACE(sizeof(*alg_iv) + iv_len);
+ alg_iv = (struct af_alg_iv *) CMSG_DATA(hdr);
+ alg_iv->ivlen = iv_len;
+ os_memcpy(alg_iv->iv, iv, iv_len);
+
+ ret = sendmsg(ctx->skcipher->t, &msg, 0);
+ if (ret < 0) {
+ wpa_printf(MSG_ERROR, "%s: sendmsg failed: %s",
+ __func__, strerror(errno));
+ linux_af_alg_skcipher_deinit(ctx->skcipher);
+ os_free(ctx);
+ return NULL;
+ }
+ }
+
+ return ctx;
+}
+
+
+static int crypto_cipher_oper(struct crypto_cipher *ctx, u32 type, const u8 *in,
+ u8 *out, size_t len)
+{
+ char buf[CMSG_SPACE(sizeof(u32))];
+ struct iovec io[1];
+ struct msghdr msg;
+ struct cmsghdr *hdr;
+ ssize_t ret;
+ u32 *op;
+
+ io[0].iov_base = (void *) in;
+ io[0].iov_len = len;
+ os_memset(&msg, 0, sizeof(msg));
+ os_memset(buf, 0, sizeof(buf));
+ msg.msg_control = buf;
+ msg.msg_controllen = CMSG_SPACE(sizeof(u32));
+ msg.msg_iov = io;
+ msg.msg_iovlen = 1;
+ hdr = CMSG_FIRSTHDR(&msg);
+ hdr->cmsg_level = SOL_ALG;
+ hdr->cmsg_type = ALG_SET_OP;
+ hdr->cmsg_len = CMSG_LEN(sizeof(u32));
+ op = (u32 *) CMSG_DATA(hdr);
+ *op = type;
+
+ ret = sendmsg(ctx->skcipher->t, &msg, 0);
+ if (ret < 0) {
+ wpa_printf(MSG_ERROR, "%s: sendmsg failed: %s",
+ __func__, strerror(errno));
+ return -1;
+ }
+
+ ret = read(ctx->skcipher->t, out, len);
+ if (ret < 0) {
+ wpa_printf(MSG_ERROR, "%s: read failed: %s",
+ __func__, strerror(errno));
+ return -1;
+ }
+ if (ret < (ssize_t) len) {
+ wpa_printf(MSG_ERROR,
+ "%s: read did not return full data (%d/%d)",
+ __func__, (int) ret, (int) len);
+ return -1;
+ }
+
+ return 0;
+}
+
+
+int crypto_cipher_encrypt(struct crypto_cipher *ctx, const u8 *plain,
+ u8 *crypt, size_t len)
+{
+ return crypto_cipher_oper(ctx, ALG_OP_ENCRYPT, plain, crypt, len);
+}
+
+
+int crypto_cipher_decrypt(struct crypto_cipher *ctx, const u8 *crypt,
+ u8 *plain, size_t len)
+{
+ return crypto_cipher_oper(ctx, ALG_OP_DECRYPT, crypt, plain, len);
+}
+
+
+void crypto_cipher_deinit(struct crypto_cipher *ctx)
+{
+ if (ctx) {
+ linux_af_alg_skcipher_deinit(ctx->skcipher);
+ os_free(ctx);
+ }
+}
+
+
+int crypto_global_init(void)
+{
+ return 0;
+}
+
+
+void crypto_global_deinit(void)
+{
+}