logo

oasis

Own branch of Oasis Linux (upstream: <https://git.sr.ht/~mcf/oasis/>) git clone https://anongit.hacktivis.me/git/oasis.git

0004-Add-support-for-some-BearSSL-crypto-primitives.patch (4890B)


  1. From f20f3e1c7f498bbc2a83a749ed38a795d54a5c25 Mon Sep 17 00:00:00 2001
  2. From: Michael Forney <mforney@mforney.org>
  3. Date: Fri, 15 Nov 2019 20:19:37 -0800
  4. Subject: [PATCH] Add support for some BearSSL crypto primitives
  5. ---
  6. src/crypto/crypto_bearssl.c | 171 ++++++++++++++++++++++++++++++++++++
  7. 1 file changed, 171 insertions(+)
  8. create mode 100644 src/crypto/crypto_bearssl.c
  9. diff --git a/src/crypto/crypto_bearssl.c b/src/crypto/crypto_bearssl.c
  10. new file mode 100644
  11. index 000000000..4f1b64e24
  12. --- /dev/null
  13. +++ b/src/crypto/crypto_bearssl.c
  14. @@ -0,0 +1,171 @@
  15. +/*
  16. + * Wrapper functions for BearSSL crypto
  17. + * Copyright (c) 2019, Michael Forney <mforney@mforney.org>
  18. + *
  19. + * This software may be distributed under the terms of the BSD license.
  20. + * See README for more details.
  21. + */
  22. +
  23. +#include "includes.h"
  24. +#include <bearssl.h>
  25. +
  26. +#include "common.h"
  27. +#include "md5.h"
  28. +#include "crypto.h"
  29. +
  30. +static int digest_vector(size_t num_elem, const u8 *addr[], const size_t *len,
  31. + u8 *out, const br_hash_class *hash)
  32. +{
  33. + br_hash_compat_context ctx;
  34. + size_t i;
  35. +
  36. + hash->init(&ctx.vtable);
  37. + for (i = 0; i < num_elem; ++i)
  38. + hash->update(&ctx.vtable, addr[i], len[i]);
  39. + hash->out(&ctx.vtable, out);
  40. +
  41. + return 0;
  42. +}
  43. +
  44. +int sha1_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *out)
  45. +{
  46. + return digest_vector(num_elem, addr, len, out, &br_sha1_vtable);
  47. +}
  48. +
  49. +int sha256_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *out)
  50. +{
  51. + return digest_vector(num_elem, addr, len, out, &br_sha256_vtable);
  52. +}
  53. +
  54. +static int hmac_vector(const u8 *key, size_t key_len, size_t num_elem,
  55. + const u8 *addr[], const size_t *len, u8 *mac,
  56. + const br_hash_class *type)
  57. +{
  58. + br_hmac_key_context kc;
  59. + br_hmac_context ctx;
  60. + size_t i;
  61. +
  62. + br_hmac_key_init(&kc, type, key, key_len);
  63. + br_hmac_init(&ctx, &kc, 0);
  64. + for (i = 0; i < num_elem; ++i)
  65. + br_hmac_update(&ctx, addr[i], len[i]);
  66. + br_hmac_out(&ctx, mac);
  67. +
  68. + return 0;
  69. +}
  70. +
  71. +int hmac_sha256_vector(const u8 *key, size_t key_len, size_t num_elem,
  72. + const u8 *addr[], const size_t *len, u8 *mac)
  73. +{
  74. + return hmac_vector(key, key_len, num_elem, addr, len, mac, &br_sha256_vtable);
  75. +}
  76. +
  77. +int hmac_sha256(const u8 *key, size_t key_len, const u8 *data,
  78. + size_t data_len, u8 *mac)
  79. +{
  80. + return hmac_sha256_vector(key, key_len, 1, &data, &data_len, mac);
  81. +}
  82. +
  83. +int hmac_sha1_vector(const u8 *key, size_t key_len, size_t num_elem,
  84. + const u8 *addr[], const size_t *len, u8 *mac)
  85. +{
  86. + return hmac_vector(key, key_len, num_elem, addr, len, mac, &br_sha1_vtable);
  87. +}
  88. +
  89. +int hmac_sha1(const u8 *key, size_t key_len, const u8 *data, size_t data_len,
  90. + u8 *mac)
  91. +{
  92. + return hmac_sha1_vector(key, key_len, 1, &data, &data_len, mac);
  93. +}
  94. +
  95. +int hmac_md5(const u8 *key, size_t key_len, const u8 *data, size_t data_len,
  96. + u8 *mac)
  97. +{
  98. + return hmac_vector(key, key_len, 1, &data, &data_len, mac, &br_md5_vtable);
  99. +}
  100. +
  101. +void *aes_encrypt_init(const u8 *key, size_t len)
  102. +{
  103. + br_aes_ct64_cbcenc_keys *ctx;
  104. +
  105. + if (len != 16 && len != 24 && len != 32)
  106. + return NULL;
  107. + ctx = os_malloc(sizeof *ctx);
  108. + if (ctx == NULL)
  109. + return NULL;
  110. + br_aes_ct64_cbcenc_init(ctx, key, len);
  111. + return ctx;
  112. +}
  113. +
  114. +int aes_encrypt(void *ctx, const u8 *plain, u8 *crypt)
  115. +{
  116. + unsigned char iv[br_aes_ct64_BLOCK_SIZE];
  117. +
  118. + memset(iv, 0, sizeof iv);
  119. + memcpy(crypt, plain, br_aes_ct64_BLOCK_SIZE);
  120. + br_aes_ct64_cbcenc_run(ctx, iv, crypt, br_aes_ct64_BLOCK_SIZE);
  121. + return 0;
  122. +}
  123. +
  124. +void aes_encrypt_deinit(void *ctx)
  125. +{
  126. + os_free(ctx);
  127. +}
  128. +
  129. +void *aes_decrypt_init(const u8 *key, size_t len)
  130. +{
  131. + br_aes_ct64_cbcdec_keys *ctx;
  132. +
  133. + if (len != 16 && len != 24 && len != 32)
  134. + return NULL;
  135. + ctx = os_malloc(sizeof *ctx);
  136. + if (ctx == NULL)
  137. + return NULL;
  138. + br_aes_ct64_cbcdec_init(ctx, key, len);
  139. + return ctx;
  140. +}
  141. +
  142. +int aes_decrypt(void *ctx, const u8 *plain, u8 *crypt)
  143. +{
  144. + unsigned char iv[br_aes_ct64_BLOCK_SIZE];
  145. +
  146. + memset(iv, 0, sizeof iv);
  147. + memcpy(crypt, plain, br_aes_ct64_BLOCK_SIZE);
  148. + br_aes_ct64_cbcdec_run(ctx, iv, crypt, br_aes_ct64_BLOCK_SIZE);
  149. + return 0;
  150. +}
  151. +
  152. +void aes_decrypt_deinit(void *ctx)
  153. +{
  154. + os_free(ctx);
  155. +}
  156. +
  157. +int aes_128_cbc_encrypt(const u8 *key, const u8 *iv, u8 *data, size_t data_len)
  158. +{
  159. + br_aes_ct64_cbcenc_keys ctx;
  160. + u8 ivbuf[br_aes_ct64_BLOCK_SIZE];
  161. +
  162. + if (data_len & 0xF)
  163. + return -1;
  164. + memcpy(ivbuf, iv, sizeof ivbuf);
  165. + br_aes_ct64_cbcenc_init(&ctx, key, 16);
  166. + br_aes_ct64_cbcenc_run(&ctx, ivbuf, data, data_len);
  167. + return 0;
  168. +}
  169. +
  170. +int aes_128_cbc_decrypt(const u8 *key, const u8 *iv, u8 *data, size_t data_len)
  171. +{
  172. + br_aes_ct64_cbcdec_keys ctx;
  173. + u8 ivbuf[br_aes_ct64_BLOCK_SIZE];
  174. +
  175. + if (data_len & 0xF)
  176. + return -1;
  177. + memcpy(ivbuf, iv, sizeof ivbuf);
  178. + br_aes_ct64_cbcdec_init(&ctx, key, 16);
  179. + br_aes_ct64_cbcdec_run(&ctx, ivbuf, data, data_len);
  180. + return 0;
  181. +}
  182. +
  183. +void crypto_unload(void)
  184. +{
  185. +}
  186. --
  187. 2.45.2