crypto.h File Reference

Wrapper functions for crypto libraries. More...

Go to the source code of this file.

Enumerations
enum	crypto_hash_alg {   CRYPTO_HASH_ALG_MD5, CRYPTO_HASH_ALG_SHA1, CRYPTO_HASH_ALG_HMAC_MD5, CRYPTO_HASH_ALG_HMAC_SHA1,   CRYPTO_HASH_ALG_SHA256, CRYPTO_HASH_ALG_HMAC_SHA256 }
enum	crypto_cipher_alg {   CRYPTO_CIPHER_NULL = 0, CRYPTO_CIPHER_ALG_AES, CRYPTO_CIPHER_ALG_3DES, CRYPTO_CIPHER_ALG_DES,   CRYPTO_CIPHER_ALG_RC2, CRYPTO_CIPHER_ALG_RC4 }

Functions
int	md4_vector (size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac)
	MD4 hash for data vector. More...
int	md5_vector (size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac)
	MD5 hash for data vector. More...
int	sha1_vector (size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac)
	SHA-1 hash for data vector. More...
int __must_check	fips186_2_prf (const u8 *seed, size_t seed_len, u8 *x, size_t xlen)
	NIST FIPS Publication 186-2 change notice 1 PRF. More...
int	sha256_vector (size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac)
	SHA256 hash for data vector. More...
void	des_encrypt (const u8 *clear, const u8 *key, u8 *cypher)
	Encrypt one block with DES. More...
void *	aes_encrypt_init (const u8 *key, size_t len)
	Initialize AES for encryption. More...
void	aes_encrypt (void *ctx, const u8 *plain, u8 *crypt)
	Encrypt one AES block. More...
void	aes_encrypt_deinit (void *ctx)
	Deinitialize AES encryption. More...
void *	aes_decrypt_init (const u8 *key, size_t len)
	Initialize AES for decryption. More...
void	aes_decrypt (void *ctx, const u8 *crypt, u8 *plain)
	Decrypt one AES block. More...
void	aes_decrypt_deinit (void *ctx)
	Deinitialize AES decryption. More...
struct crypto_hash *	crypto_hash_init (enum crypto_hash_alg alg, const u8 *key, size_t key_len)
	Initialize hash/HMAC function. More...
void	crypto_hash_update (struct crypto_hash *ctx, const u8 *data, size_t len)
	Add data to hash calculation. More...
int	crypto_hash_finish (struct crypto_hash *ctx, u8 *hash, size_t *len)
	Complete hash calculation. More...
struct crypto_cipher *	crypto_cipher_init (enum crypto_cipher_alg alg, const u8 *iv, const u8 *key, size_t key_len)
	Initialize block/stream cipher function. More...
int __must_check	crypto_cipher_encrypt (struct crypto_cipher *ctx, const u8 *plain, u8 *crypt, size_t len)
	Cipher encrypt. More...
int __must_check	crypto_cipher_decrypt (struct crypto_cipher *ctx, const u8 *crypt, u8 *plain, size_t len)
	Cipher decrypt. More...
void	crypto_cipher_deinit (struct crypto_cipher *ctx)
	Free cipher context. More...
struct crypto_public_key *	crypto_public_key_import (const u8 *key, size_t len)
	Import an RSA public key. More...
struct crypto_public_key *	crypto_public_key_import_parts (const u8 *n, size_t n_len, const u8 *e, size_t e_len)
struct crypto_private_key *	crypto_private_key_import (const u8 *key, size_t len, const char *passwd)
	Import an RSA private key. More...
struct crypto_public_key *	crypto_public_key_from_cert (const u8 *buf, size_t len)
	Import an RSA public key from a certificate. More...
int __must_check	crypto_public_key_encrypt_pkcs1_v15 (struct crypto_public_key *key, const u8 *in, size_t inlen, u8 *out, size_t *outlen)
	Public key encryption (PKCS #1 v1.5) More...
int __must_check	crypto_private_key_decrypt_pkcs1_v15 (struct crypto_private_key *key, const u8 *in, size_t inlen, u8 *out, size_t *outlen)
	Private key decryption (PKCS #1 v1.5) More...
int __must_check	crypto_private_key_sign_pkcs1 (struct crypto_private_key *key, const u8 *in, size_t inlen, u8 *out, size_t *outlen)
	Sign with private key (PKCS #1) More...
void	crypto_public_key_free (struct crypto_public_key *key)
	Free public key. More...
void	crypto_private_key_free (struct crypto_private_key *key)
	Free private key. More...
int __must_check	crypto_public_key_decrypt_pkcs1 (struct crypto_public_key *key, const u8 *crypt, size_t crypt_len, u8 *plain, size_t *plain_len)
	Decrypt PKCS #1 signature. More...
int __must_check	crypto_global_init (void)
	Initialize crypto wrapper. More...
void	crypto_global_deinit (void)
	Deinitialize crypto wrapper. More...
int __must_check	crypto_mod_exp (const u8 *base, size_t base_len, const u8 *power, size_t power_len, const u8 *modulus, size_t modulus_len, u8 *result, size_t *result_len)
	Modular exponentiation of large integers. More...
int	rc4_skip (const u8 *key, size_t keylen, size_t skip, u8 *data, size_t data_len)
	XOR RC4 stream to given data with skip-stream-start. More...
int	crypto_get_random (void *buf, size_t len)
	Generate cryptographically strong pseudy-random bytes. More...
struct crypto_bignum *	crypto_bignum_init (void)
	Allocate memory for bignum. More...
struct crypto_bignum *	crypto_bignum_init_set (const u8 *buf, size_t len)
	Allocate memory for bignum and set the value. More...
void	crypto_bignum_deinit (struct crypto_bignum *n, int clear)
	Free bignum. More...
int	crypto_bignum_to_bin (const struct crypto_bignum *a, u8 *buf, size_t buflen, size_t padlen)
	Set binary buffer to unsigned bignum. More...
int	crypto_bignum_add (const struct crypto_bignum *a, const struct crypto_bignum *b, struct crypto_bignum *c)
	c = a + b More...
int	crypto_bignum_mod (const struct crypto_bignum *a, const struct crypto_bignum *b, struct crypto_bignum *c)
	c = a % b More...
int	crypto_bignum_exptmod (const struct crypto_bignum *a, const struct crypto_bignum *b, const struct crypto_bignum *c, struct crypto_bignum *d)
	Modular exponentiation: d = a^b (mod c) More...
int	crypto_bignum_inverse (const struct crypto_bignum *a, const struct crypto_bignum *b, struct crypto_bignum *c)
	Inverse a bignum so that a * c = 1 (mod b) More...
int	crypto_bignum_sub (const struct crypto_bignum *a, const struct crypto_bignum *b, struct crypto_bignum *c)
	c = a - b More...
int	crypto_bignum_div (const struct crypto_bignum *a, const struct crypto_bignum *b, struct crypto_bignum *c)
	c = a / b More...
int	crypto_bignum_mulmod (const struct crypto_bignum *a, const struct crypto_bignum *b, const struct crypto_bignum *c, struct crypto_bignum *d)
	d = a * b (mod c) More...
int	crypto_bignum_cmp (const struct crypto_bignum *a, const struct crypto_bignum *b)
	Compare two bignums. More...
int	crypto_bignum_bits (const struct crypto_bignum *a)
	Get size of a bignum in bits. More...
int	crypto_bignum_is_zero (const struct crypto_bignum *a)
	Is the given bignum zero. More...
int	crypto_bignum_is_one (const struct crypto_bignum *a)
	Is the given bignum one. More...
int	crypto_bignum_legendre (const struct crypto_bignum *a, const struct crypto_bignum *p)
	Compute the Legendre symbol (a/p) More...
struct crypto_ec *	crypto_ec_init (int group)
	Initialize elliptic curve context. More...
void	crypto_ec_deinit (struct crypto_ec *e)
	Deinitialize elliptic curve context. More...
size_t	crypto_ec_prime_len (struct crypto_ec *e)
	Get length of the prime in octets. More...
size_t	crypto_ec_prime_len_bits (struct crypto_ec *e)
	Get length of the prime in bits. More...
const struct crypto_bignum *	crypto_ec_get_prime (struct crypto_ec *e)
	Get prime defining an EC group. More...
const struct crypto_bignum *	crypto_ec_get_order (struct crypto_ec *e)
	Get order of an EC group. More...
struct crypto_ec_point *	crypto_ec_point_init (struct crypto_ec *e)
	Initialize data for an EC point. More...
void	crypto_ec_point_deinit (struct crypto_ec_point *p, int clear)
	Deinitialize EC point data. More...
int	crypto_ec_point_to_bin (struct crypto_ec *e, const struct crypto_ec_point *point, u8 *x, u8 *y)
	Write EC point value as binary data. More...
struct crypto_ec_point *	crypto_ec_point_from_bin (struct crypto_ec *e, const u8 *val)
	Create EC point from binary data. More...
int	crypto_ec_point_add (struct crypto_ec *e, const struct crypto_ec_point *a, const struct crypto_ec_point *b, struct crypto_ec_point *c)
	c = a + b More...
int	crypto_ec_point_mul (struct crypto_ec *e, const struct crypto_ec_point *p, const struct crypto_bignum *b, struct crypto_ec_point *res)
	res = b * p More...
int	crypto_ec_point_invert (struct crypto_ec *e, struct crypto_ec_point *p)
	Compute inverse of an EC point. More...
int	crypto_ec_point_solve_y_coord (struct crypto_ec *e, struct crypto_ec_point *p, const struct crypto_bignum *x, int y_bit)
	Solve y coordinate for an x coordinate. More...
struct crypto_bignum *	crypto_ec_point_compute_y_sqr (struct crypto_ec *e, const struct crypto_bignum *x)
	Compute y^2 = x^3 + ax + b. More...
int	crypto_ec_point_is_at_infinity (struct crypto_ec *e, const struct crypto_ec_point *p)
	Check whether EC point is neutral element. More...
int	crypto_ec_point_is_on_curve (struct crypto_ec *e, const struct crypto_ec_point *p)
	Check whether EC point is on curve. More...
int	crypto_ec_point_cmp (const struct crypto_ec *e, const struct crypto_ec_point *a, const struct crypto_ec_point *b)
	Compare two EC points. More...

Detailed Description

Wrapper functions for crypto libraries.

This file defines the cryptographic functions that need to be implemented for wpa_supplicant and hostapd. When TLS is not used, internal implementation of MD5, SHA1, and AES is used and no external libraries are required. When TLS is enabled (e.g., by enabling EAP-TLS or EAP-PEAP), the crypto library used by the TLS implementation is expected to be used for non-TLS needs, too, in order to save space by not implementing these functions twice.

Wrapper code for using each crypto library is in its own file (crypto*.c) and one of these files is build and linked in to provide the functions defined here.

Function Documentation

void aes_decrypt	(	void *	ctx,
		const u8 *	crypt,
		u8 *	plain
	)

Decrypt one AES block.

Parameters

ctx	Context pointer from aes_encrypt_init()
crypt	Encrypted data (16 bytes)
plain	Buffer for the decrypted data (16 bytes)

void aes_decrypt_deinit

(

void *

ctx

)

Deinitialize AES decryption.

Parameters

ctx	Context pointer from aes_encrypt_init()

void* aes_decrypt_init	(	const u8 *	key,
		size_t	len
	)

Initialize AES for decryption.

Parameters

key	Decryption key
len	Key length in bytes (usually 16, i.e., 128 bits)

Returns

Pointer to context data or NULL on failure

void aes_encrypt	(	void *	ctx,
		const u8 *	plain,
		u8 *	crypt
	)

Encrypt one AES block.

Parameters

ctx	Context pointer from aes_encrypt_init()
plain	Plaintext data to be encrypted (16 bytes)
crypt	Buffer for the encrypted data (16 bytes)

void aes_encrypt_deinit

(

void *

ctx

)

Deinitialize AES encryption.

Parameters

ctx	Context pointer from aes_encrypt_init()

void* aes_encrypt_init	(	const u8 *	key,
		size_t	len
	)

Initialize AES for encryption.

Parameters

key	Encryption key
len	Key length in bytes (usually 16, i.e., 128 bits)

Returns

Pointer to context data or NULL on failure

int crypto_bignum_add	(	const struct crypto_bignum *	a,
		const struct crypto_bignum *	b,
		struct crypto_bignum *	c
	)

c = a + b

Parameters

a	Bignum
b	Bignum
c	Bignum; used to store the result of a + b

Returns

0 on success, -1 on failure

int crypto_bignum_bits

(

const struct crypto_bignum *

a

)

Get size of a bignum in bits.

Parameters

a

Bignum

Returns

Number of bits in the bignum

int crypto_bignum_cmp	(	const struct crypto_bignum *	a,
		const struct crypto_bignum *	b
	)

Compare two bignums.

Parameters

a	Bignum
b	Bignum

Returns

-1 if a < b, 0 if a == b, or 1 if a > b

void crypto_bignum_deinit	(	struct crypto_bignum *	n,
		int	clear
	)

Free bignum.

Parameters

n	Bignum from crypto_bignum_init() or crypto_bignum_init_set()
clear	Whether to clear the value from memory

int crypto_bignum_div	(	const struct crypto_bignum *	a,
		const struct crypto_bignum *	b,
		struct crypto_bignum *	c
	)

c = a / b

Parameters

a	Bignum
b	Bignum
c	Bignum; used to store the result of a / b

Returns

0 on success, -1 on failure

int crypto_bignum_exptmod	(	const struct crypto_bignum *	a,
		const struct crypto_bignum *	b,
		const struct crypto_bignum *	c,
		struct crypto_bignum *	d
	)

Modular exponentiation: d = a^b (mod c)

Parameters

a	Bignum; base
b	Bignum; exponent
c	Bignum; modulus
d	Bignum; used to store the result of a^b (mod c)

Returns

0 on success, -1 on failure

struct crypto_bignum* crypto_bignum_init

(

void

)

Allocate memory for bignum.

Returns

Pointer to allocated bignum or NULL on failure

struct crypto_bignum* crypto_bignum_init_set	(	const u8 *	buf,
		size_t	len
	)

Allocate memory for bignum and set the value.

Parameters

buf	Buffer with unsigned binary value
len	Length of buf in octets

Returns

Pointer to allocated bignum or NULL on failure

int crypto_bignum_inverse	(	const struct crypto_bignum *	a,
		const struct crypto_bignum *	b,
		struct crypto_bignum *	c
	)

Inverse a bignum so that a * c = 1 (mod b)

Parameters

a	Bignum
b	Bignum
c	Bignum; used to store the result

Returns

0 on success, -1 on failure

int crypto_bignum_is_one

(

const struct crypto_bignum *

a

)

Is the given bignum one.

Parameters

a

Bignum

Returns

1 if a is one or 0 if not

int crypto_bignum_is_zero

(

const struct crypto_bignum *

a

)

Is the given bignum zero.

Parameters

a

Bignum

Returns

1 if a is zero or 0 if not

int crypto_bignum_legendre	(	const struct crypto_bignum *	a,
		const struct crypto_bignum *	p
	)

Compute the Legendre symbol (a/p)

Parameters

a	Bignum
p	Bignum

Returns

Legendre symbol -1,0,1 on success; -2 on calculation failure

int crypto_bignum_mod	(	const struct crypto_bignum *	a,
		const struct crypto_bignum *	b,
		struct crypto_bignum *	c
	)

c = a % b

Parameters

a	Bignum
b	Bignum
c	Bignum; used to store the result of a % b

Returns

0 on success, -1 on failure

int crypto_bignum_mulmod	(	const struct crypto_bignum *	a,
		const struct crypto_bignum *	b,
		const struct crypto_bignum *	c,
		struct crypto_bignum *	d
	)

d = a * b (mod c)

Parameters

a	Bignum
b	Bignum
c	Bignum
d	Bignum; used to store the result of (a * b) % c

Returns

0 on success, -1 on failure

int crypto_bignum_sub	(	const struct crypto_bignum *	a,
		const struct crypto_bignum *	b,
		struct crypto_bignum *	c
	)

c = a - b

Parameters

a	Bignum
b	Bignum
c	Bignum; used to store the result of a - b

Returns

0 on success, -1 on failure

int crypto_bignum_to_bin	(	const struct crypto_bignum *	a,
		u8 *	buf,
		size_t	buflen,
		size_t	padlen
	)

Set binary buffer to unsigned bignum.

Parameters

a	Bignum
buf	Buffer for the binary number
len	Length of buf in octets
padlen	Length in octets to pad the result to or 0 to indicate no padding

Returns

Number of octets written on success, -1 on failure

int __must_check crypto_cipher_decrypt	(	struct crypto_cipher *	ctx,
		const u8 *	crypt,
		u8 *	plain,
		size_t	len
	)

Cipher decrypt.

Parameters

ctx	Context pointer from crypto_cipher_init()
crypt	Ciphertext to decrypt
plain	Resulting plaintext
len	Length of the cipher text

Returns

0 on success, -1 on failure

This function is only used with internal TLSv1 implementation (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need to implement this.

void crypto_cipher_deinit

(

struct crypto_cipher *

ctx

)

Free cipher context.

Parameters

ctx	Context pointer from crypto_cipher_init()

This function is only used with internal TLSv1 implementation (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need to implement this.

int __must_check crypto_cipher_encrypt	(	struct crypto_cipher *	ctx,
		const u8 *	plain,
		u8 *	crypt,
		size_t	len
	)

Cipher encrypt.

Parameters

ctx	Context pointer from crypto_cipher_init()
plain	Plaintext to cipher
crypt	Resulting ciphertext
len	Length of the plaintext

Returns

0 on success, -1 on failure

This function is only used with internal TLSv1 implementation (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need to implement this.

struct crypto_cipher* crypto_cipher_init	(	enum crypto_cipher_alg	alg,
		const u8 *	iv,
		const u8 *	key,
		size_t	key_len
	)

Initialize block/stream cipher function.

Parameters

alg	Cipher algorithm
iv	Initialization vector for block ciphers or NULL for stream ciphers
key	Cipher key
key_len	Length of key in bytes

Returns

Pointer to cipher context to use with other cipher functions or NULL on failure

This function is only used with internal TLSv1 implementation (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need to implement this.

void crypto_ec_deinit

(

struct crypto_ec *

e

)

Deinitialize elliptic curve context.

Parameters

e	EC context from crypto_ec_init()

const struct crypto_bignum* crypto_ec_get_order

(

struct crypto_ec *

e

)

Get order of an EC group.

Parameters

e	EC context from crypto_ec_init()

Returns

Order (bignum) of the group

const struct crypto_bignum* crypto_ec_get_prime

(

struct crypto_ec *

e

)

Get prime defining an EC group.

Parameters

e	EC context from crypto_ec_init()

Returns

Prime (bignum) defining the group

struct crypto_ec* crypto_ec_init

(

int

group

)

Initialize elliptic curve context.

Parameters

group

Identifying number for the ECC group (IANA "Group Description" attribute registrty for RFC 2409)

Returns

Pointer to EC context or NULL on failure

int crypto_ec_point_add	(	struct crypto_ec *	e,
		const struct crypto_ec_point *	a,
		const struct crypto_ec_point *	b,
		struct crypto_ec_point *	c
	)

c = a + b

Parameters

e	EC context from crypto_ec_init()
a	Bignum
b	Bignum
c	Bignum; used to store the result of a + b

Returns

0 on success, -1 on failure

int crypto_ec_point_cmp	(	const struct crypto_ec *	e,
		const struct crypto_ec_point *	a,
		const struct crypto_ec_point *	b
	)

Compare two EC points.

Parameters

e	EC context from crypto_ec_init()
a	EC point
b	EC point

Returns

0 on equal, non-zero otherwise

struct crypto_bignum* crypto_ec_point_compute_y_sqr	(	struct crypto_ec *	e,
		const struct crypto_bignum *	x
	)

Compute y^2 = x^3 + ax + b.

Parameters

e	EC context from crypto_ec_init()
x	x coordinate

Returns

y^2 on success, NULL failure

void crypto_ec_point_deinit	(	struct crypto_ec_point *	p,
		int	clear
	)

Deinitialize EC point data.

Parameters

p	EC point data from crypto_ec_point_init()
clear	Whether to clear the EC point value from memory

struct crypto_ec_point* crypto_ec_point_from_bin	(	struct crypto_ec *	e,
		const u8 *	val
	)

Create EC point from binary data.

Parameters

e	EC context from crypto_ec_init()
val	Binary data to read the EC point from

Returns

Pointer to EC point data or NULL on failure

This function readers x and y coordinates of the EC point from the provided buffer assuming the values are in big endian byte order with fields padded to the length of the prime defining the group.

struct crypto_ec_point* crypto_ec_point_init

(

struct crypto_ec *

e

)

Initialize data for an EC point.

Parameters

e	EC context from crypto_ec_init()

Returns

Pointer to EC point data or NULL on failure

int crypto_ec_point_invert	(	struct crypto_ec *	e,
		struct crypto_ec_point *	p
	)

Compute inverse of an EC point.

Parameters

e	EC context from crypto_ec_init()
p	EC point to invert (and result of the operation)

Returns

0 on success, -1 on failure

int crypto_ec_point_is_at_infinity	(	struct crypto_ec *	e,
		const struct crypto_ec_point *	p
	)

Check whether EC point is neutral element.

Parameters

e	EC context from crypto_ec_init()
p	EC point

Returns

1 if the specified EC point is the neutral element of the group or 0 if not

int crypto_ec_point_is_on_curve	(	struct crypto_ec *	e,
		const struct crypto_ec_point *	p
	)

Check whether EC point is on curve.

Parameters

e	EC context from crypto_ec_init()
p	EC point

Returns

1 if the specified EC point is on the curve or 0 if not

int crypto_ec_point_mul	(	struct crypto_ec *	e,
		const struct crypto_ec_point *	p,
		const struct crypto_bignum *	b,
		struct crypto_ec_point *	res
	)

res = b * p

Parameters

e	EC context from crypto_ec_init()
p	EC point
b	Bignum
res	EC point; used to store the result of b * p

Returns

0 on success, -1 on failure

int crypto_ec_point_solve_y_coord	(	struct crypto_ec *	e,
		struct crypto_ec_point *	p,
		const struct crypto_bignum *	x,
		int	y_bit
	)

Solve y coordinate for an x coordinate.

Parameters

e	EC context from crypto_ec_init()
p	EC point to use for the returning the result
x	x coordinate
y_bit	y-bit (0 or 1) for selecting the y value to use

Returns

0 on success, -1 on failure

int crypto_ec_point_to_bin	(	struct crypto_ec *	e,
		const struct crypto_ec_point *	point,
		u8 *	x,
		u8 *	y
	)

Write EC point value as binary data.

Parameters

e	EC context from crypto_ec_init()
p	EC point data from crypto_ec_point_init()
x	Buffer for writing the binary data for x coordinate or NULL if not used
y	Buffer for writing the binary data for y coordinate or NULL if not used

Returns

0 on success, -1 on failure

This function can be used to write an EC point as binary data in a format that has the x and y coordinates in big endian byte order fields padded to the length of the prime defining the group.

size_t crypto_ec_prime_len

(

struct crypto_ec *

e

)

Get length of the prime in octets.

Parameters

e	EC context from crypto_ec_init()

Returns

Length of the prime defining the group

size_t crypto_ec_prime_len_bits

(

struct crypto_ec *

e

)

Get length of the prime in bits.

Parameters

e	EC context from crypto_ec_init()

Returns

Length of the prime defining the group in bits

int crypto_get_random	(	void *	buf,
		size_t	len
	)

Generate cryptographically strong pseudy-random bytes.

Parameters

buf	Buffer for data
len	Number of bytes to generate

Returns

0 on success, -1 on failure

If the PRNG does not have enough entropy to ensure unpredictable byte sequence, this functions must return -1.

void crypto_global_deinit

(

void

)

Deinitialize crypto wrapper.

This function is only used with internal TLSv1 implementation (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need to implement this.

int __must_check crypto_global_init

(

void

)

Initialize crypto wrapper.

This function is only used with internal TLSv1 implementation (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need to implement this.

int crypto_hash_finish	(	struct crypto_hash *	ctx,
		u8 *	hash,
		size_t *	len
	)

Complete hash calculation.

Parameters

ctx	Context pointer from crypto_hash_init()
hash	Buffer for hash value or NULL if caller is just freeing the hash context
len	Pointer to length of the buffer or NULL if caller is just freeing the hash context; on return, this is set to the actual length of the hash value

Returns

0 on success, -1 if buffer is too small (len set to needed length), or -2 on other failures (including failed crypto_hash_update() operations)

This function calculates the hash value and frees the context buffer that was used for hash calculation.

This function is only used with internal TLSv1 implementation (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need to implement this.

struct crypto_hash* crypto_hash_init	(	enum crypto_hash_alg	alg,
		const u8 *	key,
		size_t	key_len
	)

Initialize hash/HMAC function.

Parameters

alg	Hash algorithm
key	Key for keyed hash (e.g., HMAC) or NULL if not needed
key_len	Length of the key in bytes

Returns

Pointer to hash context to use with other hash functions or NULL on failure

This function is only used with internal TLSv1 implementation (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need to implement this.

void crypto_hash_update	(	struct crypto_hash *	ctx,
		const u8 *	data,
		size_t	len
	)

Add data to hash calculation.

Parameters

ctx	Context pointer from crypto_hash_init()
data	Data buffer to add
len	Length of the buffer

This function is only used with internal TLSv1 implementation (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need to implement this.

int __must_check crypto_mod_exp	(	const u8 *	base,
		size_t	base_len,
		const u8 *	power,
		size_t	power_len,
		const u8 *	modulus,
		size_t	modulus_len,
		u8 *	result,
		size_t *	result_len
	)

Modular exponentiation of large integers.

Parameters

base	Base integer (big endian byte array)
base_len	Length of base integer in bytes
power	Power integer (big endian byte array)
power_len	Length of power integer in bytes
modulus	Modulus integer (big endian byte array)
modulus_len	Length of modulus integer in bytes
result	Buffer for the result
result_len	Result length (max buffer size on input, real len on output)

Returns

0 on success, -1 on failure

This function calculates result = base ^ power mod modulus. modules_len is used as the maximum size of modulus buffer. It is set to the used size on success.

This function is only used with internal TLSv1 implementation (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need to implement this.

int __must_check crypto_private_key_decrypt_pkcs1_v15	(	struct crypto_private_key *	key,
		const u8 *	in,
		size_t	inlen,
		u8 *	out,
		size_t *	outlen
	)

Private key decryption (PKCS #1 v1.5)

Parameters

key	Private key
in	Encrypted buffer
inlen	Length of encrypted buffer in bytes
out	Output buffer for encrypted data
outlen	Length of output buffer in bytes; set to used length on success

Returns

0 on success, -1 on failure

This function is only used with internal TLSv1 implementation (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need to implement this.

void crypto_private_key_free

(

struct crypto_private_key *

key

)

Free private key.

Parameters

key	Private key from crypto_private_key_import()

This function is only used with internal TLSv1 implementation (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need to implement this.

struct crypto_private_key* crypto_private_key_import	(	const u8 *	key,
		size_t	len,
		const char *	passwd
	)

Import an RSA private key.

Parameters

key	Key buffer (DER encoded RSA private key)
len	Key buffer length in bytes
passwd	Key encryption password or NULL if key is not encrypted

Returns

Pointer to the private key or NULL on failure

This function is only used with internal TLSv1 implementation (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need to implement this.

int __must_check crypto_private_key_sign_pkcs1	(	struct crypto_private_key *	key,
		const u8 *	in,
		size_t	inlen,
		u8 *	out,
		size_t *	outlen
	)

Sign with private key (PKCS #1)

Parameters

key	Private key from crypto_private_key_import()
in	Plaintext buffer
inlen	Length of plaintext buffer in bytes
out	Output buffer for encrypted (signed) data
outlen	Length of output buffer in bytes; set to used length on success

Returns

0 on success, -1 on failure

This function is only used with internal TLSv1 implementation (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need to implement this.

int __must_check crypto_public_key_decrypt_pkcs1	(	struct crypto_public_key *	key,
		const u8 *	crypt,
		size_t	crypt_len,
		u8 *	plain,
		size_t *	plain_len
	)

Decrypt PKCS #1 signature.

Parameters

key	Public key
crypt	Encrypted signature data (using the private key)
crypt_len	Encrypted signature data length
plain	Buffer for plaintext (at least crypt_len bytes)
plain_len	Plaintext length (max buffer size on input, real len on output);

Returns

0 on success, -1 on failure

int __must_check crypto_public_key_encrypt_pkcs1_v15	(	struct crypto_public_key *	key,
		const u8 *	in,
		size_t	inlen,
		u8 *	out,
		size_t *	outlen
	)

Public key encryption (PKCS #1 v1.5)

Parameters

key	Public key
in	Plaintext buffer
inlen	Length of plaintext buffer in bytes
out	Output buffer for encrypted data
outlen	Length of output buffer in bytes; set to used length on success

Returns

0 on success, -1 on failure

This function is only used with internal TLSv1 implementation (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need to implement this.

void crypto_public_key_free

(

struct crypto_public_key *

key

)

Free public key.

Parameters

key	Public key

This function is only used with internal TLSv1 implementation (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need to implement this.

struct crypto_public_key* crypto_public_key_from_cert	(	const u8 *	buf,
		size_t	len
	)

Import an RSA public key from a certificate.

Parameters

buf	DER encoded X.509 certificate
len	Certificate buffer length in bytes

Returns

Pointer to public key or NULL on failure

This function can just return NULL if the crypto library does not support X.509 parsing. In that case, internal code will be used to parse the certificate and public key is imported using crypto_public_key_import().

This function is only used with internal TLSv1 implementation (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need to implement this.

struct crypto_public_key* crypto_public_key_import	(	const u8 *	key,
		size_t	len
	)

Import an RSA public key.

Parameters

key	Key buffer (DER encoded RSA public key)
len	Key buffer length in bytes

Returns

Pointer to the public key or NULL on failure

This function can just return NULL if the crypto library supports X.509 parsing. In that case, crypto_public_key_from_cert() is used to import the public key from a certificate.

This function is only used with internal TLSv1 implementation (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need to implement this.

void des_encrypt	(	const u8 *	clear,
		const u8 *	key,
		u8 *	cypher
	)

Encrypt one block with DES.

Parameters

clear	8 octets (in)
key	7 octets (in) (no parity bits included)
cypher	8 octets (out)

int __must_check fips186_2_prf	(	const u8 *	seed,
		size_t	seed_len,
		u8 *	x,
		size_t	xlen
	)

NIST FIPS Publication 186-2 change notice 1 PRF.

Parameters

seed	Seed/key for the PRF
seed_len	Seed length in bytes
x	Buffer for PRF output
xlen	Output length in bytes

Returns

0 on success, -1 on failure

This function implements random number generation specified in NIST FIPS Publication 186-2 for EAP-SIM. This PRF uses a function that is similar to SHA-1, but has different message padding.

int md4_vector	(	size_t	num_elem,
		const u8 *	addr[],
		const size_t *	len,
		u8 *	mac
	)

MD4 hash for data vector.

Parameters

num_elem	Number of elements in the data vector
addr	Pointers to the data areas
len	Lengths of the data blocks
mac	Buffer for the hash

Returns

0 on success, -1 on failure

int md5_vector	(	size_t	num_elem,
		const u8 *	addr[],
		const size_t *	len,
		u8 *	mac
	)

MD5 hash for data vector.

Parameters

num_elem	Number of elements in the data vector
addr	Pointers to the data areas
len	Lengths of the data blocks
mac	Buffer for the hash

Returns

0 on success, -1 on failure

Parameters

num_elem	Number of elements in the data vector
addr	Pointers to the data areas
len	Lengths of the data blocks
mac	Buffer for the hash

Returns

0 on success, -1 of failure

int rc4_skip	(	const u8 *	key,
		size_t	keylen,
		size_t	skip,
		u8 *	data,
		size_t	data_len
	)

XOR RC4 stream to given data with skip-stream-start.

Parameters

key	RC4 key
keylen	RC4 key length
skip	number of bytes to skip from the beginning of the RC4 stream
data	data to be XOR'ed with RC4 stream
data_len	buf length

Returns

0 on success, -1 on failure

Generate RC4 pseudo random stream for the given key, skip beginning of the stream, and XOR the end result with the data buffer to perform RC4 encryption/decryption.

int sha1_vector	(	size_t	num_elem,
		const u8 *	addr[],
		const size_t *	len,
		u8 *	mac
	)

SHA-1 hash for data vector.

Parameters

num_elem	Number of elements in the data vector
addr	Pointers to the data areas
len	Lengths of the data blocks
mac	Buffer for the hash

Returns

0 on success, -1 on failure

int sha256_vector	(	size_t	num_elem,
		const u8 *	addr[],
		const size_t *	len,
		u8 *	mac
	)

SHA256 hash for data vector.

Parameters

num_elem	Number of elements in the data vector
addr	Pointers to the data areas
len	Lengths of the data blocks
mac	Buffer for the hash

Returns

0 on success, -1 on failure

Parameters

num_elem	Number of elements in the data vector
addr	Pointers to the data areas
len	Lengths of the data blocks
mac	Buffer for the hash

Returns

0 on success, -1 of failure