wpa_supplicant / hostapd  2.5
 All Data Structures Files Functions Variables Typedefs Enumerations Enumerator Macros Pages
Enumerations | Functions
crypto.h File Reference

Wrapper functions for crypto libraries. More...

Go to the source code of this file.

Enumerations

enum  crypto_hash_alg {
  CRYPTO_HASH_ALG_MD5, CRYPTO_HASH_ALG_SHA1, CRYPTO_HASH_ALG_HMAC_MD5, CRYPTO_HASH_ALG_HMAC_SHA1,
  CRYPTO_HASH_ALG_SHA256, CRYPTO_HASH_ALG_HMAC_SHA256
}
 
enum  crypto_cipher_alg {
  CRYPTO_CIPHER_NULL = 0, CRYPTO_CIPHER_ALG_AES, CRYPTO_CIPHER_ALG_3DES, CRYPTO_CIPHER_ALG_DES,
  CRYPTO_CIPHER_ALG_RC2, CRYPTO_CIPHER_ALG_RC4
}
 

Functions

int md4_vector (size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac)
 MD4 hash for data vector. More...
 
int md5_vector (size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac)
 MD5 hash for data vector. More...
 
int sha1_vector (size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac)
 SHA-1 hash for data vector. More...
 
int __must_check fips186_2_prf (const u8 *seed, size_t seed_len, u8 *x, size_t xlen)
 NIST FIPS Publication 186-2 change notice 1 PRF. More...
 
int sha256_vector (size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac)
 SHA256 hash for data vector. More...
 
void des_encrypt (const u8 *clear, const u8 *key, u8 *cypher)
 Encrypt one block with DES. More...
 
void * aes_encrypt_init (const u8 *key, size_t len)
 Initialize AES for encryption. More...
 
void aes_encrypt (void *ctx, const u8 *plain, u8 *crypt)
 Encrypt one AES block. More...
 
void aes_encrypt_deinit (void *ctx)
 Deinitialize AES encryption. More...
 
void * aes_decrypt_init (const u8 *key, size_t len)
 Initialize AES for decryption. More...
 
void aes_decrypt (void *ctx, const u8 *crypt, u8 *plain)
 Decrypt one AES block. More...
 
void aes_decrypt_deinit (void *ctx)
 Deinitialize AES decryption. More...
 
struct crypto_hashcrypto_hash_init (enum crypto_hash_alg alg, const u8 *key, size_t key_len)
 Initialize hash/HMAC function. More...
 
void crypto_hash_update (struct crypto_hash *ctx, const u8 *data, size_t len)
 Add data to hash calculation. More...
 
int crypto_hash_finish (struct crypto_hash *ctx, u8 *hash, size_t *len)
 Complete hash calculation. More...
 
struct crypto_ciphercrypto_cipher_init (enum crypto_cipher_alg alg, const u8 *iv, const u8 *key, size_t key_len)
 Initialize block/stream cipher function. More...
 
int __must_check crypto_cipher_encrypt (struct crypto_cipher *ctx, const u8 *plain, u8 *crypt, size_t len)
 Cipher encrypt. More...
 
int __must_check crypto_cipher_decrypt (struct crypto_cipher *ctx, const u8 *crypt, u8 *plain, size_t len)
 Cipher decrypt. More...
 
void crypto_cipher_deinit (struct crypto_cipher *ctx)
 Free cipher context. More...
 
struct crypto_public_keycrypto_public_key_import (const u8 *key, size_t len)
 Import an RSA public key. More...
 
struct crypto_public_keycrypto_public_key_import_parts (const u8 *n, size_t n_len, const u8 *e, size_t e_len)
 
struct crypto_private_keycrypto_private_key_import (const u8 *key, size_t len, const char *passwd)
 Import an RSA private key. More...
 
struct crypto_public_keycrypto_public_key_from_cert (const u8 *buf, size_t len)
 Import an RSA public key from a certificate. More...
 
int __must_check crypto_public_key_encrypt_pkcs1_v15 (struct crypto_public_key *key, const u8 *in, size_t inlen, u8 *out, size_t *outlen)
 Public key encryption (PKCS #1 v1.5) More...
 
int __must_check crypto_private_key_decrypt_pkcs1_v15 (struct crypto_private_key *key, const u8 *in, size_t inlen, u8 *out, size_t *outlen)
 Private key decryption (PKCS #1 v1.5) More...
 
int __must_check crypto_private_key_sign_pkcs1 (struct crypto_private_key *key, const u8 *in, size_t inlen, u8 *out, size_t *outlen)
 Sign with private key (PKCS #1) More...
 
void crypto_public_key_free (struct crypto_public_key *key)
 Free public key. More...
 
void crypto_private_key_free (struct crypto_private_key *key)
 Free private key. More...
 
int __must_check crypto_public_key_decrypt_pkcs1 (struct crypto_public_key *key, const u8 *crypt, size_t crypt_len, u8 *plain, size_t *plain_len)
 Decrypt PKCS #1 signature. More...
 
int __must_check crypto_global_init (void)
 Initialize crypto wrapper. More...
 
void crypto_global_deinit (void)
 Deinitialize crypto wrapper. More...
 
int __must_check crypto_mod_exp (const u8 *base, size_t base_len, const u8 *power, size_t power_len, const u8 *modulus, size_t modulus_len, u8 *result, size_t *result_len)
 Modular exponentiation of large integers. More...
 
int rc4_skip (const u8 *key, size_t keylen, size_t skip, u8 *data, size_t data_len)
 XOR RC4 stream to given data with skip-stream-start. More...
 
int crypto_get_random (void *buf, size_t len)
 Generate cryptographically strong pseudy-random bytes. More...
 
struct crypto_bignum * crypto_bignum_init (void)
 Allocate memory for bignum. More...
 
struct crypto_bignum * crypto_bignum_init_set (const u8 *buf, size_t len)
 Allocate memory for bignum and set the value. More...
 
void crypto_bignum_deinit (struct crypto_bignum *n, int clear)
 Free bignum. More...
 
int crypto_bignum_to_bin (const struct crypto_bignum *a, u8 *buf, size_t buflen, size_t padlen)
 Set binary buffer to unsigned bignum. More...
 
int crypto_bignum_add (const struct crypto_bignum *a, const struct crypto_bignum *b, struct crypto_bignum *c)
 c = a + b More...
 
int crypto_bignum_mod (const struct crypto_bignum *a, const struct crypto_bignum *b, struct crypto_bignum *c)
 c = a % b More...
 
int crypto_bignum_exptmod (const struct crypto_bignum *a, const struct crypto_bignum *b, const struct crypto_bignum *c, struct crypto_bignum *d)
 Modular exponentiation: d = a^b (mod c) More...
 
int crypto_bignum_inverse (const struct crypto_bignum *a, const struct crypto_bignum *b, struct crypto_bignum *c)
 Inverse a bignum so that a * c = 1 (mod b) More...
 
int crypto_bignum_sub (const struct crypto_bignum *a, const struct crypto_bignum *b, struct crypto_bignum *c)
 c = a - b More...
 
int crypto_bignum_div (const struct crypto_bignum *a, const struct crypto_bignum *b, struct crypto_bignum *c)
 c = a / b More...
 
int crypto_bignum_mulmod (const struct crypto_bignum *a, const struct crypto_bignum *b, const struct crypto_bignum *c, struct crypto_bignum *d)
 d = a * b (mod c) More...
 
int crypto_bignum_cmp (const struct crypto_bignum *a, const struct crypto_bignum *b)
 Compare two bignums. More...
 
int crypto_bignum_bits (const struct crypto_bignum *a)
 Get size of a bignum in bits. More...
 
int crypto_bignum_is_zero (const struct crypto_bignum *a)
 Is the given bignum zero. More...
 
int crypto_bignum_is_one (const struct crypto_bignum *a)
 Is the given bignum one. More...
 
int crypto_bignum_legendre (const struct crypto_bignum *a, const struct crypto_bignum *p)
 Compute the Legendre symbol (a/p) More...
 
struct crypto_ec * crypto_ec_init (int group)
 Initialize elliptic curve context. More...
 
void crypto_ec_deinit (struct crypto_ec *e)
 Deinitialize elliptic curve context. More...
 
size_t crypto_ec_prime_len (struct crypto_ec *e)
 Get length of the prime in octets. More...
 
size_t crypto_ec_prime_len_bits (struct crypto_ec *e)
 Get length of the prime in bits. More...
 
const struct crypto_bignum * crypto_ec_get_prime (struct crypto_ec *e)
 Get prime defining an EC group. More...
 
const struct crypto_bignum * crypto_ec_get_order (struct crypto_ec *e)
 Get order of an EC group. More...
 
struct crypto_ec_point * crypto_ec_point_init (struct crypto_ec *e)
 Initialize data for an EC point. More...
 
void crypto_ec_point_deinit (struct crypto_ec_point *p, int clear)
 Deinitialize EC point data. More...
 
int crypto_ec_point_to_bin (struct crypto_ec *e, const struct crypto_ec_point *point, u8 *x, u8 *y)
 Write EC point value as binary data. More...
 
struct crypto_ec_point * crypto_ec_point_from_bin (struct crypto_ec *e, const u8 *val)
 Create EC point from binary data. More...
 
int crypto_ec_point_add (struct crypto_ec *e, const struct crypto_ec_point *a, const struct crypto_ec_point *b, struct crypto_ec_point *c)
 c = a + b More...
 
int crypto_ec_point_mul (struct crypto_ec *e, const struct crypto_ec_point *p, const struct crypto_bignum *b, struct crypto_ec_point *res)
 res = b * p More...
 
int crypto_ec_point_invert (struct crypto_ec *e, struct crypto_ec_point *p)
 Compute inverse of an EC point. More...
 
int crypto_ec_point_solve_y_coord (struct crypto_ec *e, struct crypto_ec_point *p, const struct crypto_bignum *x, int y_bit)
 Solve y coordinate for an x coordinate. More...
 
struct crypto_bignum * crypto_ec_point_compute_y_sqr (struct crypto_ec *e, const struct crypto_bignum *x)
 Compute y^2 = x^3 + ax + b. More...
 
int crypto_ec_point_is_at_infinity (struct crypto_ec *e, const struct crypto_ec_point *p)
 Check whether EC point is neutral element. More...
 
int crypto_ec_point_is_on_curve (struct crypto_ec *e, const struct crypto_ec_point *p)
 Check whether EC point is on curve. More...
 
int crypto_ec_point_cmp (const struct crypto_ec *e, const struct crypto_ec_point *a, const struct crypto_ec_point *b)
 Compare two EC points. More...
 

Detailed Description

Wrapper functions for crypto libraries.

This file defines the cryptographic functions that need to be implemented for wpa_supplicant and hostapd. When TLS is not used, internal implementation of MD5, SHA1, and AES is used and no external libraries are required. When TLS is enabled (e.g., by enabling EAP-TLS or EAP-PEAP), the crypto library used by the TLS implementation is expected to be used for non-TLS needs, too, in order to save space by not implementing these functions twice.

Wrapper code for using each crypto library is in its own file (crypto*.c) and one of these files is build and linked in to provide the functions defined here.

Function Documentation

void aes_decrypt ( void *  ctx,
const u8 *  crypt,
u8 *  plain 
)

Decrypt one AES block.

Parameters
ctxContext pointer from aes_encrypt_init()
cryptEncrypted data (16 bytes)
plainBuffer for the decrypted data (16 bytes)
void aes_decrypt_deinit ( void *  ctx)

Deinitialize AES decryption.

Parameters
ctxContext pointer from aes_encrypt_init()
void* aes_decrypt_init ( const u8 *  key,
size_t  len 
)

Initialize AES for decryption.

Parameters
keyDecryption key
lenKey length in bytes (usually 16, i.e., 128 bits)
Returns
Pointer to context data or NULL on failure
void aes_encrypt ( void *  ctx,
const u8 *  plain,
u8 *  crypt 
)

Encrypt one AES block.

Parameters
ctxContext pointer from aes_encrypt_init()
plainPlaintext data to be encrypted (16 bytes)
cryptBuffer for the encrypted data (16 bytes)
void aes_encrypt_deinit ( void *  ctx)

Deinitialize AES encryption.

Parameters
ctxContext pointer from aes_encrypt_init()
void* aes_encrypt_init ( const u8 *  key,
size_t  len 
)

Initialize AES for encryption.

Parameters
keyEncryption key
lenKey length in bytes (usually 16, i.e., 128 bits)
Returns
Pointer to context data or NULL on failure
int crypto_bignum_add ( const struct crypto_bignum *  a,
const struct crypto_bignum *  b,
struct crypto_bignum *  c 
)

c = a + b

Parameters
aBignum
bBignum
cBignum; used to store the result of a + b
Returns
0 on success, -1 on failure
int crypto_bignum_bits ( const struct crypto_bignum *  a)

Get size of a bignum in bits.

Parameters
aBignum
Returns
Number of bits in the bignum
int crypto_bignum_cmp ( const struct crypto_bignum *  a,
const struct crypto_bignum *  b 
)

Compare two bignums.

Parameters
aBignum
bBignum
Returns
-1 if a < b, 0 if a == b, or 1 if a > b
void crypto_bignum_deinit ( struct crypto_bignum *  n,
int  clear 
)

Free bignum.

Parameters
nBignum from crypto_bignum_init() or crypto_bignum_init_set()
clearWhether to clear the value from memory
int crypto_bignum_div ( const struct crypto_bignum *  a,
const struct crypto_bignum *  b,
struct crypto_bignum *  c 
)

c = a / b

Parameters
aBignum
bBignum
cBignum; used to store the result of a / b
Returns
0 on success, -1 on failure
int crypto_bignum_exptmod ( const struct crypto_bignum *  a,
const struct crypto_bignum *  b,
const struct crypto_bignum *  c,
struct crypto_bignum *  d 
)

Modular exponentiation: d = a^b (mod c)

Parameters
aBignum; base
bBignum; exponent
cBignum; modulus
dBignum; used to store the result of a^b (mod c)
Returns
0 on success, -1 on failure
struct crypto_bignum* crypto_bignum_init ( void  )

Allocate memory for bignum.

Returns
Pointer to allocated bignum or NULL on failure
struct crypto_bignum* crypto_bignum_init_set ( const u8 *  buf,
size_t  len 
)

Allocate memory for bignum and set the value.

Parameters
bufBuffer with unsigned binary value
lenLength of buf in octets
Returns
Pointer to allocated bignum or NULL on failure
int crypto_bignum_inverse ( const struct crypto_bignum *  a,
const struct crypto_bignum *  b,
struct crypto_bignum *  c 
)

Inverse a bignum so that a * c = 1 (mod b)

Parameters
aBignum
bBignum
cBignum; used to store the result
Returns
0 on success, -1 on failure
int crypto_bignum_is_one ( const struct crypto_bignum *  a)

Is the given bignum one.

Parameters
aBignum
Returns
1 if a is one or 0 if not
int crypto_bignum_is_zero ( const struct crypto_bignum *  a)

Is the given bignum zero.

Parameters
aBignum
Returns
1 if a is zero or 0 if not
int crypto_bignum_legendre ( const struct crypto_bignum *  a,
const struct crypto_bignum *  p 
)

Compute the Legendre symbol (a/p)

Parameters
aBignum
pBignum
Returns
Legendre symbol -1,0,1 on success; -2 on calculation failure
int crypto_bignum_mod ( const struct crypto_bignum *  a,
const struct crypto_bignum *  b,
struct crypto_bignum *  c 
)

c = a % b

Parameters
aBignum
bBignum
cBignum; used to store the result of a % b
Returns
0 on success, -1 on failure
int crypto_bignum_mulmod ( const struct crypto_bignum *  a,
const struct crypto_bignum *  b,
const struct crypto_bignum *  c,
struct crypto_bignum *  d 
)

d = a * b (mod c)

Parameters
aBignum
bBignum
cBignum
dBignum; used to store the result of (a * b) % c
Returns
0 on success, -1 on failure
int crypto_bignum_sub ( const struct crypto_bignum *  a,
const struct crypto_bignum *  b,
struct crypto_bignum *  c 
)

c = a - b

Parameters
aBignum
bBignum
cBignum; used to store the result of a - b
Returns
0 on success, -1 on failure
int crypto_bignum_to_bin ( const struct crypto_bignum *  a,
u8 *  buf,
size_t  buflen,
size_t  padlen 
)

Set binary buffer to unsigned bignum.

Parameters
aBignum
bufBuffer for the binary number
lenLength of buf in octets
padlenLength in octets to pad the result to or 0 to indicate no padding
Returns
Number of octets written on success, -1 on failure
int __must_check crypto_cipher_decrypt ( struct crypto_cipher ctx,
const u8 *  crypt,
u8 *  plain,
size_t  len 
)

Cipher decrypt.

Parameters
ctxContext pointer from crypto_cipher_init()
cryptCiphertext to decrypt
plainResulting plaintext
lenLength of the cipher text
Returns
0 on success, -1 on failure

This function is only used with internal TLSv1 implementation (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need to implement this.

void crypto_cipher_deinit ( struct crypto_cipher ctx)

Free cipher context.

Parameters
ctxContext pointer from crypto_cipher_init()

This function is only used with internal TLSv1 implementation (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need to implement this.

int __must_check crypto_cipher_encrypt ( struct crypto_cipher ctx,
const u8 *  plain,
u8 *  crypt,
size_t  len 
)

Cipher encrypt.

Parameters
ctxContext pointer from crypto_cipher_init()
plainPlaintext to cipher
cryptResulting ciphertext
lenLength of the plaintext
Returns
0 on success, -1 on failure

This function is only used with internal TLSv1 implementation (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need to implement this.

struct crypto_cipher* crypto_cipher_init ( enum crypto_cipher_alg  alg,
const u8 *  iv,
const u8 *  key,
size_t  key_len 
)

Initialize block/stream cipher function.

Parameters
algCipher algorithm
ivInitialization vector for block ciphers or NULL for stream ciphers
keyCipher key
key_lenLength of key in bytes
Returns
Pointer to cipher context to use with other cipher functions or NULL on failure

This function is only used with internal TLSv1 implementation (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need to implement this.

void crypto_ec_deinit ( struct crypto_ec *  e)

Deinitialize elliptic curve context.

Parameters
eEC context from crypto_ec_init()
const struct crypto_bignum* crypto_ec_get_order ( struct crypto_ec *  e)

Get order of an EC group.

Parameters
eEC context from crypto_ec_init()
Returns
Order (bignum) of the group
const struct crypto_bignum* crypto_ec_get_prime ( struct crypto_ec *  e)

Get prime defining an EC group.

Parameters
eEC context from crypto_ec_init()
Returns
Prime (bignum) defining the group
struct crypto_ec* crypto_ec_init ( int  group)

Initialize elliptic curve context.

Parameters
groupIdentifying number for the ECC group (IANA "Group Description" attribute registrty for RFC 2409)
Returns
Pointer to EC context or NULL on failure
int crypto_ec_point_add ( struct crypto_ec *  e,
const struct crypto_ec_point *  a,
const struct crypto_ec_point *  b,
struct crypto_ec_point *  c 
)

c = a + b

Parameters
eEC context from crypto_ec_init()
aBignum
bBignum
cBignum; used to store the result of a + b
Returns
0 on success, -1 on failure
int crypto_ec_point_cmp ( const struct crypto_ec *  e,
const struct crypto_ec_point *  a,
const struct crypto_ec_point *  b 
)

Compare two EC points.

Parameters
eEC context from crypto_ec_init()
aEC point
bEC point
Returns
0 on equal, non-zero otherwise
struct crypto_bignum* crypto_ec_point_compute_y_sqr ( struct crypto_ec *  e,
const struct crypto_bignum *  x 
)

Compute y^2 = x^3 + ax + b.

Parameters
eEC context from crypto_ec_init()
xx coordinate
Returns
y^2 on success, NULL failure
void crypto_ec_point_deinit ( struct crypto_ec_point *  p,
int  clear 
)

Deinitialize EC point data.

Parameters
pEC point data from crypto_ec_point_init()
clearWhether to clear the EC point value from memory
struct crypto_ec_point* crypto_ec_point_from_bin ( struct crypto_ec *  e,
const u8 *  val 
)

Create EC point from binary data.

Parameters
eEC context from crypto_ec_init()
valBinary data to read the EC point from
Returns
Pointer to EC point data or NULL on failure

This function readers x and y coordinates of the EC point from the provided buffer assuming the values are in big endian byte order with fields padded to the length of the prime defining the group.

struct crypto_ec_point* crypto_ec_point_init ( struct crypto_ec *  e)

Initialize data for an EC point.

Parameters
eEC context from crypto_ec_init()
Returns
Pointer to EC point data or NULL on failure
int crypto_ec_point_invert ( struct crypto_ec *  e,
struct crypto_ec_point *  p 
)

Compute inverse of an EC point.

Parameters
eEC context from crypto_ec_init()
pEC point to invert (and result of the operation)
Returns
0 on success, -1 on failure
int crypto_ec_point_is_at_infinity ( struct crypto_ec *  e,
const struct crypto_ec_point *  p 
)

Check whether EC point is neutral element.

Parameters
eEC context from crypto_ec_init()
pEC point
Returns
1 if the specified EC point is the neutral element of the group or 0 if not
int crypto_ec_point_is_on_curve ( struct crypto_ec *  e,
const struct crypto_ec_point *  p 
)

Check whether EC point is on curve.

Parameters
eEC context from crypto_ec_init()
pEC point
Returns
1 if the specified EC point is on the curve or 0 if not
int crypto_ec_point_mul ( struct crypto_ec *  e,
const struct crypto_ec_point *  p,
const struct crypto_bignum *  b,
struct crypto_ec_point *  res 
)

res = b * p

Parameters
eEC context from crypto_ec_init()
pEC point
bBignum
resEC point; used to store the result of b * p
Returns
0 on success, -1 on failure
int crypto_ec_point_solve_y_coord ( struct crypto_ec *  e,
struct crypto_ec_point *  p,
const struct crypto_bignum *  x,
int  y_bit 
)

Solve y coordinate for an x coordinate.

Parameters
eEC context from crypto_ec_init()
pEC point to use for the returning the result
xx coordinate
y_bity-bit (0 or 1) for selecting the y value to use
Returns
0 on success, -1 on failure
int crypto_ec_point_to_bin ( struct crypto_ec *  e,
const struct crypto_ec_point *  point,
u8 *  x,
u8 *  y 
)

Write EC point value as binary data.

Parameters
eEC context from crypto_ec_init()
pEC point data from crypto_ec_point_init()
xBuffer for writing the binary data for x coordinate or NULL if not used
yBuffer for writing the binary data for y coordinate or NULL if not used
Returns
0 on success, -1 on failure

This function can be used to write an EC point as binary data in a format that has the x and y coordinates in big endian byte order fields padded to the length of the prime defining the group.

size_t crypto_ec_prime_len ( struct crypto_ec *  e)

Get length of the prime in octets.

Parameters
eEC context from crypto_ec_init()
Returns
Length of the prime defining the group
size_t crypto_ec_prime_len_bits ( struct crypto_ec *  e)

Get length of the prime in bits.

Parameters
eEC context from crypto_ec_init()
Returns
Length of the prime defining the group in bits
int crypto_get_random ( void *  buf,
size_t  len 
)

Generate cryptographically strong pseudy-random bytes.

Parameters
bufBuffer for data
lenNumber of bytes to generate
Returns
0 on success, -1 on failure

If the PRNG does not have enough entropy to ensure unpredictable byte sequence, this functions must return -1.

void crypto_global_deinit ( void  )

Deinitialize crypto wrapper.

This function is only used with internal TLSv1 implementation (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need to implement this.

int __must_check crypto_global_init ( void  )

Initialize crypto wrapper.

This function is only used with internal TLSv1 implementation (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need to implement this.

int crypto_hash_finish ( struct crypto_hash ctx,
u8 *  hash,
size_t *  len 
)

Complete hash calculation.

Parameters
ctxContext pointer from crypto_hash_init()
hashBuffer for hash value or NULL if caller is just freeing the hash context
lenPointer to length of the buffer or NULL if caller is just freeing the hash context; on return, this is set to the actual length of the hash value
Returns
0 on success, -1 if buffer is too small (len set to needed length), or -2 on other failures (including failed crypto_hash_update() operations)

This function calculates the hash value and frees the context buffer that was used for hash calculation.

This function is only used with internal TLSv1 implementation (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need to implement this.

struct crypto_hash* crypto_hash_init ( enum crypto_hash_alg  alg,
const u8 *  key,
size_t  key_len 
)

Initialize hash/HMAC function.

Parameters
algHash algorithm
keyKey for keyed hash (e.g., HMAC) or NULL if not needed
key_lenLength of the key in bytes
Returns
Pointer to hash context to use with other hash functions or NULL on failure

This function is only used with internal TLSv1 implementation (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need to implement this.

void crypto_hash_update ( struct crypto_hash ctx,
const u8 *  data,
size_t  len 
)

Add data to hash calculation.

Parameters
ctxContext pointer from crypto_hash_init()
dataData buffer to add
lenLength of the buffer

This function is only used with internal TLSv1 implementation (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need to implement this.

int __must_check crypto_mod_exp ( const u8 *  base,
size_t  base_len,
const u8 *  power,
size_t  power_len,
const u8 *  modulus,
size_t  modulus_len,
u8 *  result,
size_t *  result_len 
)

Modular exponentiation of large integers.

Parameters
baseBase integer (big endian byte array)
base_lenLength of base integer in bytes
powerPower integer (big endian byte array)
power_lenLength of power integer in bytes
modulusModulus integer (big endian byte array)
modulus_lenLength of modulus integer in bytes
resultBuffer for the result
result_lenResult length (max buffer size on input, real len on output)
Returns
0 on success, -1 on failure

This function calculates result = base ^ power mod modulus. modules_len is used as the maximum size of modulus buffer. It is set to the used size on success.

This function is only used with internal TLSv1 implementation (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need to implement this.

int __must_check crypto_private_key_decrypt_pkcs1_v15 ( struct crypto_private_key key,
const u8 *  in,
size_t  inlen,
u8 *  out,
size_t *  outlen 
)

Private key decryption (PKCS #1 v1.5)

Parameters
keyPrivate key
inEncrypted buffer
inlenLength of encrypted buffer in bytes
outOutput buffer for encrypted data
outlenLength of output buffer in bytes; set to used length on success
Returns
0 on success, -1 on failure

This function is only used with internal TLSv1 implementation (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need to implement this.

void crypto_private_key_free ( struct crypto_private_key key)

Free private key.

Parameters
keyPrivate key from crypto_private_key_import()

This function is only used with internal TLSv1 implementation (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need to implement this.

struct crypto_private_key* crypto_private_key_import ( const u8 *  key,
size_t  len,
const char *  passwd 
)

Import an RSA private key.

Parameters
keyKey buffer (DER encoded RSA private key)
lenKey buffer length in bytes
passwdKey encryption password or NULL if key is not encrypted
Returns
Pointer to the private key or NULL on failure

This function is only used with internal TLSv1 implementation (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need to implement this.

int __must_check crypto_private_key_sign_pkcs1 ( struct crypto_private_key key,
const u8 *  in,
size_t  inlen,
u8 *  out,
size_t *  outlen 
)

Sign with private key (PKCS #1)

Parameters
keyPrivate key from crypto_private_key_import()
inPlaintext buffer
inlenLength of plaintext buffer in bytes
outOutput buffer for encrypted (signed) data
outlenLength of output buffer in bytes; set to used length on success
Returns
0 on success, -1 on failure

This function is only used with internal TLSv1 implementation (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need to implement this.

int __must_check crypto_public_key_decrypt_pkcs1 ( struct crypto_public_key key,
const u8 *  crypt,
size_t  crypt_len,
u8 *  plain,
size_t *  plain_len 
)

Decrypt PKCS #1 signature.

Parameters
keyPublic key
cryptEncrypted signature data (using the private key)
crypt_lenEncrypted signature data length
plainBuffer for plaintext (at least crypt_len bytes)
plain_lenPlaintext length (max buffer size on input, real len on output);
Returns
0 on success, -1 on failure
int __must_check crypto_public_key_encrypt_pkcs1_v15 ( struct crypto_public_key key,
const u8 *  in,
size_t  inlen,
u8 *  out,
size_t *  outlen 
)

Public key encryption (PKCS #1 v1.5)

Parameters
keyPublic key
inPlaintext buffer
inlenLength of plaintext buffer in bytes
outOutput buffer for encrypted data
outlenLength of output buffer in bytes; set to used length on success
Returns
0 on success, -1 on failure

This function is only used with internal TLSv1 implementation (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need to implement this.

void crypto_public_key_free ( struct crypto_public_key key)

Free public key.

Parameters
keyPublic key

This function is only used with internal TLSv1 implementation (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need to implement this.

struct crypto_public_key* crypto_public_key_from_cert ( const u8 *  buf,
size_t  len 
)

Import an RSA public key from a certificate.

Parameters
bufDER encoded X.509 certificate
lenCertificate buffer length in bytes
Returns
Pointer to public key or NULL on failure

This function can just return NULL if the crypto library does not support X.509 parsing. In that case, internal code will be used to parse the certificate and public key is imported using crypto_public_key_import().

This function is only used with internal TLSv1 implementation (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need to implement this.

struct crypto_public_key* crypto_public_key_import ( const u8 *  key,
size_t  len 
)

Import an RSA public key.

Parameters
keyKey buffer (DER encoded RSA public key)
lenKey buffer length in bytes
Returns
Pointer to the public key or NULL on failure

This function can just return NULL if the crypto library supports X.509 parsing. In that case, crypto_public_key_from_cert() is used to import the public key from a certificate.

This function is only used with internal TLSv1 implementation (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need to implement this.

void des_encrypt ( const u8 *  clear,
const u8 *  key,
u8 *  cypher 
)

Encrypt one block with DES.

Parameters
clear8 octets (in)
key7 octets (in) (no parity bits included)
cypher8 octets (out)
int __must_check fips186_2_prf ( const u8 *  seed,
size_t  seed_len,
u8 *  x,
size_t  xlen 
)

NIST FIPS Publication 186-2 change notice 1 PRF.

Parameters
seedSeed/key for the PRF
seed_lenSeed length in bytes
xBuffer for PRF output
xlenOutput length in bytes
Returns
0 on success, -1 on failure

This function implements random number generation specified in NIST FIPS Publication 186-2 for EAP-SIM. This PRF uses a function that is similar to SHA-1, but has different message padding.

int md4_vector ( size_t  num_elem,
const u8 *  addr[],
const size_t *  len,
u8 *  mac 
)

MD4 hash for data vector.

Parameters
num_elemNumber of elements in the data vector
addrPointers to the data areas
lenLengths of the data blocks
macBuffer for the hash
Returns
0 on success, -1 on failure
int md5_vector ( size_t  num_elem,
const u8 *  addr[],
const size_t *  len,
u8 *  mac 
)

MD5 hash for data vector.

Parameters
num_elemNumber of elements in the data vector
addrPointers to the data areas
lenLengths of the data blocks
macBuffer for the hash
Returns
0 on success, -1 on failure
Parameters
num_elemNumber of elements in the data vector
addrPointers to the data areas
lenLengths of the data blocks
macBuffer for the hash
Returns
0 on success, -1 of failure
int rc4_skip ( const u8 *  key,
size_t  keylen,
size_t  skip,
u8 *  data,
size_t  data_len 
)

XOR RC4 stream to given data with skip-stream-start.

Parameters
keyRC4 key
keylenRC4 key length
skipnumber of bytes to skip from the beginning of the RC4 stream
datadata to be XOR'ed with RC4 stream
data_lenbuf length
Returns
0 on success, -1 on failure

Generate RC4 pseudo random stream for the given key, skip beginning of the stream, and XOR the end result with the data buffer to perform RC4 encryption/decryption.

int sha1_vector ( size_t  num_elem,
const u8 *  addr[],
const size_t *  len,
u8 *  mac 
)

SHA-1 hash for data vector.

Parameters
num_elemNumber of elements in the data vector
addrPointers to the data areas
lenLengths of the data blocks
macBuffer for the hash
Returns
0 on success, -1 on failure
int sha256_vector ( size_t  num_elem,
const u8 *  addr[],
const size_t *  len,
u8 *  mac 
)

SHA256 hash for data vector.

Parameters
num_elemNumber of elements in the data vector
addrPointers to the data areas
lenLengths of the data blocks
macBuffer for the hash
Returns
0 on success, -1 on failure
Parameters
num_elemNumber of elements in the data vector
addrPointers to the data areas
lenLengths of the data blocks
macBuffer for the hash
Returns
0 on success, -1 of failure