From f20f3e1c7f498bbc2a83a749ed38a795d54a5c25 Mon Sep 17 00:00:00 2001 From: Michael Forney Date: Fri, 15 Nov 2019 20:19:37 -0800 Subject: [PATCH] Add support for some BearSSL crypto primitives --- src/crypto/crypto_bearssl.c | 171 ++++++++++++++++++++++++++++++++++++ 1 file changed, 171 insertions(+) create mode 100644 src/crypto/crypto_bearssl.c diff --git a/src/crypto/crypto_bearssl.c b/src/crypto/crypto_bearssl.c new file mode 100644 index 000000000..4f1b64e24 --- /dev/null +++ b/src/crypto/crypto_bearssl.c @@ -0,0 +1,171 @@ +/* + * Wrapper functions for BearSSL crypto + * Copyright (c) 2019, Michael Forney + * + * This software may be distributed under the terms of the BSD license. + * See README for more details. + */ + +#include "includes.h" +#include + +#include "common.h" +#include "md5.h" +#include "crypto.h" + +static int digest_vector(size_t num_elem, const u8 *addr[], const size_t *len, + u8 *out, const br_hash_class *hash) +{ + br_hash_compat_context ctx; + size_t i; + + hash->init(&ctx.vtable); + for (i = 0; i < num_elem; ++i) + hash->update(&ctx.vtable, addr[i], len[i]); + hash->out(&ctx.vtable, out); + + return 0; +} + +int sha1_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *out) +{ + return digest_vector(num_elem, addr, len, out, &br_sha1_vtable); +} + +int sha256_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *out) +{ + return digest_vector(num_elem, addr, len, out, &br_sha256_vtable); +} + +static int hmac_vector(const u8 *key, size_t key_len, size_t num_elem, + const u8 *addr[], const size_t *len, u8 *mac, + const br_hash_class *type) +{ + br_hmac_key_context kc; + br_hmac_context ctx; + size_t i; + + br_hmac_key_init(&kc, type, key, key_len); + br_hmac_init(&ctx, &kc, 0); + for (i = 0; i < num_elem; ++i) + br_hmac_update(&ctx, addr[i], len[i]); + br_hmac_out(&ctx, mac); + + return 0; +} + +int hmac_sha256_vector(const u8 *key, size_t key_len, size_t num_elem, + const u8 *addr[], const size_t *len, u8 *mac) +{ + return hmac_vector(key, key_len, num_elem, addr, len, mac, &br_sha256_vtable); +} + +int hmac_sha256(const u8 *key, size_t key_len, const u8 *data, + size_t data_len, u8 *mac) +{ + return hmac_sha256_vector(key, key_len, 1, &data, &data_len, mac); +} + +int hmac_sha1_vector(const u8 *key, size_t key_len, size_t num_elem, + const u8 *addr[], const size_t *len, u8 *mac) +{ + return hmac_vector(key, key_len, num_elem, addr, len, mac, &br_sha1_vtable); +} + +int hmac_sha1(const u8 *key, size_t key_len, const u8 *data, size_t data_len, + u8 *mac) +{ + return hmac_sha1_vector(key, key_len, 1, &data, &data_len, mac); +} + +int hmac_md5(const u8 *key, size_t key_len, const u8 *data, size_t data_len, + u8 *mac) +{ + return hmac_vector(key, key_len, 1, &data, &data_len, mac, &br_md5_vtable); +} + +void *aes_encrypt_init(const u8 *key, size_t len) +{ + br_aes_ct64_cbcenc_keys *ctx; + + if (len != 16 && len != 24 && len != 32) + return NULL; + ctx = os_malloc(sizeof *ctx); + if (ctx == NULL) + return NULL; + br_aes_ct64_cbcenc_init(ctx, key, len); + return ctx; +} + +int aes_encrypt(void *ctx, const u8 *plain, u8 *crypt) +{ + unsigned char iv[br_aes_ct64_BLOCK_SIZE]; + + memset(iv, 0, sizeof iv); + memcpy(crypt, plain, br_aes_ct64_BLOCK_SIZE); + br_aes_ct64_cbcenc_run(ctx, iv, crypt, br_aes_ct64_BLOCK_SIZE); + return 0; +} + +void aes_encrypt_deinit(void *ctx) +{ + os_free(ctx); +} + +void *aes_decrypt_init(const u8 *key, size_t len) +{ + br_aes_ct64_cbcdec_keys *ctx; + + if (len != 16 && len != 24 && len != 32) + return NULL; + ctx = os_malloc(sizeof *ctx); + if (ctx == NULL) + return NULL; + br_aes_ct64_cbcdec_init(ctx, key, len); + return ctx; +} + +int aes_decrypt(void *ctx, const u8 *plain, u8 *crypt) +{ + unsigned char iv[br_aes_ct64_BLOCK_SIZE]; + + memset(iv, 0, sizeof iv); + memcpy(crypt, plain, br_aes_ct64_BLOCK_SIZE); + br_aes_ct64_cbcdec_run(ctx, iv, crypt, br_aes_ct64_BLOCK_SIZE); + return 0; +} + +void aes_decrypt_deinit(void *ctx) +{ + os_free(ctx); +} + +int aes_128_cbc_encrypt(const u8 *key, const u8 *iv, u8 *data, size_t data_len) +{ + br_aes_ct64_cbcenc_keys ctx; + u8 ivbuf[br_aes_ct64_BLOCK_SIZE]; + + if (data_len & 0xF) + return -1; + memcpy(ivbuf, iv, sizeof ivbuf); + br_aes_ct64_cbcenc_init(&ctx, key, 16); + br_aes_ct64_cbcenc_run(&ctx, ivbuf, data, data_len); + return 0; +} + +int aes_128_cbc_decrypt(const u8 *key, const u8 *iv, u8 *data, size_t data_len) +{ + br_aes_ct64_cbcdec_keys ctx; + u8 ivbuf[br_aes_ct64_BLOCK_SIZE]; + + if (data_len & 0xF) + return -1; + memcpy(ivbuf, iv, sizeof ivbuf); + br_aes_ct64_cbcdec_init(&ctx, key, 16); + br_aes_ct64_cbcdec_run(&ctx, ivbuf, data, data_len); + return 0; +} + +void crypto_unload(void) +{ +} -- 2.45.2