0004-Add-support-for-some-BearSSL-crypto-primitives.patch (4890B)
- From f20f3e1c7f498bbc2a83a749ed38a795d54a5c25 Mon Sep 17 00:00:00 2001
- From: Michael Forney <mforney@mforney.org>
- Date: Fri, 15 Nov 2019 20:19:37 -0800
- Subject: [PATCH] Add support for some BearSSL crypto primitives
- ---
- src/crypto/crypto_bearssl.c | 171 ++++++++++++++++++++++++++++++++++++
- 1 file changed, 171 insertions(+)
- create mode 100644 src/crypto/crypto_bearssl.c
- diff --git a/src/crypto/crypto_bearssl.c b/src/crypto/crypto_bearssl.c
- new file mode 100644
- index 000000000..4f1b64e24
- --- /dev/null
- +++ b/src/crypto/crypto_bearssl.c
- @@ -0,0 +1,171 @@
- +/*
- + * Wrapper functions for BearSSL crypto
- + * Copyright (c) 2019, Michael Forney <mforney@mforney.org>
- + *
- + * This software may be distributed under the terms of the BSD license.
- + * See README for more details.
- + */
- +
- +#include "includes.h"
- +#include <bearssl.h>
- +
- +#include "common.h"
- +#include "md5.h"
- +#include "crypto.h"
- +
- +static int digest_vector(size_t num_elem, const u8 *addr[], const size_t *len,
- + u8 *out, const br_hash_class *hash)
- +{
- + br_hash_compat_context ctx;
- + size_t i;
- +
- + hash->init(&ctx.vtable);
- + for (i = 0; i < num_elem; ++i)
- + hash->update(&ctx.vtable, addr[i], len[i]);
- + hash->out(&ctx.vtable, out);
- +
- + return 0;
- +}
- +
- +int sha1_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *out)
- +{
- + return digest_vector(num_elem, addr, len, out, &br_sha1_vtable);
- +}
- +
- +int sha256_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *out)
- +{
- + return digest_vector(num_elem, addr, len, out, &br_sha256_vtable);
- +}
- +
- +static int hmac_vector(const u8 *key, size_t key_len, size_t num_elem,
- + const u8 *addr[], const size_t *len, u8 *mac,
- + const br_hash_class *type)
- +{
- + br_hmac_key_context kc;
- + br_hmac_context ctx;
- + size_t i;
- +
- + br_hmac_key_init(&kc, type, key, key_len);
- + br_hmac_init(&ctx, &kc, 0);
- + for (i = 0; i < num_elem; ++i)
- + br_hmac_update(&ctx, addr[i], len[i]);
- + br_hmac_out(&ctx, mac);
- +
- + return 0;
- +}
- +
- +int hmac_sha256_vector(const u8 *key, size_t key_len, size_t num_elem,
- + const u8 *addr[], const size_t *len, u8 *mac)
- +{
- + return hmac_vector(key, key_len, num_elem, addr, len, mac, &br_sha256_vtable);
- +}
- +
- +int hmac_sha256(const u8 *key, size_t key_len, const u8 *data,
- + size_t data_len, u8 *mac)
- +{
- + return hmac_sha256_vector(key, key_len, 1, &data, &data_len, mac);
- +}
- +
- +int hmac_sha1_vector(const u8 *key, size_t key_len, size_t num_elem,
- + const u8 *addr[], const size_t *len, u8 *mac)
- +{
- + return hmac_vector(key, key_len, num_elem, addr, len, mac, &br_sha1_vtable);
- +}
- +
- +int hmac_sha1(const u8 *key, size_t key_len, const u8 *data, size_t data_len,
- + u8 *mac)
- +{
- + return hmac_sha1_vector(key, key_len, 1, &data, &data_len, mac);
- +}
- +
- +int hmac_md5(const u8 *key, size_t key_len, const u8 *data, size_t data_len,
- + u8 *mac)
- +{
- + return hmac_vector(key, key_len, 1, &data, &data_len, mac, &br_md5_vtable);
- +}
- +
- +void *aes_encrypt_init(const u8 *key, size_t len)
- +{
- + br_aes_ct64_cbcenc_keys *ctx;
- +
- + if (len != 16 && len != 24 && len != 32)
- + return NULL;
- + ctx = os_malloc(sizeof *ctx);
- + if (ctx == NULL)
- + return NULL;
- + br_aes_ct64_cbcenc_init(ctx, key, len);
- + return ctx;
- +}
- +
- +int aes_encrypt(void *ctx, const u8 *plain, u8 *crypt)
- +{
- + unsigned char iv[br_aes_ct64_BLOCK_SIZE];
- +
- + memset(iv, 0, sizeof iv);
- + memcpy(crypt, plain, br_aes_ct64_BLOCK_SIZE);
- + br_aes_ct64_cbcenc_run(ctx, iv, crypt, br_aes_ct64_BLOCK_SIZE);
- + return 0;
- +}
- +
- +void aes_encrypt_deinit(void *ctx)
- +{
- + os_free(ctx);
- +}
- +
- +void *aes_decrypt_init(const u8 *key, size_t len)
- +{
- + br_aes_ct64_cbcdec_keys *ctx;
- +
- + if (len != 16 && len != 24 && len != 32)
- + return NULL;
- + ctx = os_malloc(sizeof *ctx);
- + if (ctx == NULL)
- + return NULL;
- + br_aes_ct64_cbcdec_init(ctx, key, len);
- + return ctx;
- +}
- +
- +int aes_decrypt(void *ctx, const u8 *plain, u8 *crypt)
- +{
- + unsigned char iv[br_aes_ct64_BLOCK_SIZE];
- +
- + memset(iv, 0, sizeof iv);
- + memcpy(crypt, plain, br_aes_ct64_BLOCK_SIZE);
- + br_aes_ct64_cbcdec_run(ctx, iv, crypt, br_aes_ct64_BLOCK_SIZE);
- + return 0;
- +}
- +
- +void aes_decrypt_deinit(void *ctx)
- +{
- + os_free(ctx);
- +}
- +
- +int aes_128_cbc_encrypt(const u8 *key, const u8 *iv, u8 *data, size_t data_len)
- +{
- + br_aes_ct64_cbcenc_keys ctx;
- + u8 ivbuf[br_aes_ct64_BLOCK_SIZE];
- +
- + if (data_len & 0xF)
- + return -1;
- + memcpy(ivbuf, iv, sizeof ivbuf);
- + br_aes_ct64_cbcenc_init(&ctx, key, 16);
- + br_aes_ct64_cbcenc_run(&ctx, ivbuf, data, data_len);
- + return 0;
- +}
- +
- +int aes_128_cbc_decrypt(const u8 *key, const u8 *iv, u8 *data, size_t data_len)
- +{
- + br_aes_ct64_cbcdec_keys ctx;
- + u8 ivbuf[br_aes_ct64_BLOCK_SIZE];
- +
- + if (data_len & 0xF)
- + return -1;
- + memcpy(ivbuf, iv, sizeof ivbuf);
- + br_aes_ct64_cbcdec_init(&ctx, key, 16);
- + br_aes_ct64_cbcdec_run(&ctx, ivbuf, data, data_len);
- + return 0;
- +}
- +
- +void crypto_unload(void)
- +{
- +}
- --
- 2.45.2