3
0
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git synced 2025-01-25 15:04:10 +01:00
iwd/src/crypto.h
Tim Kourt 1b483c3963 crypto: Add support for PRF+ SHA1
The PRF+ algorithm is based Internet Key Exchange (IKEv2) Protocol:
	https://www.ietf.org/rfc/rfc4306.txt
2019-12-09 01:47:11 -06:00

145 lines
5.5 KiB
C

/*
*
* Wireless daemon for Linux
*
* Copyright (C) 2013-2019 Intel Corporation. All rights reserved.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*
*/
#include <stddef.h>
#include <stdbool.h>
enum crypto_cipher {
CRYPTO_CIPHER_WEP40 = 0x000fac01,
CRYPTO_CIPHER_WEP104 = 0x000fac05,
CRYPTO_CIPHER_TKIP = 0x000fac02,
CRYPTO_CIPHER_CCMP = 0x000fac04,
CRYPTO_CIPHER_BIP = 0x000fac06,
};
enum crypto_akm {
CRYPTO_AKM_8021X = 0x000fac01,
CRYPTO_AKM_PSK = 0x000fac02,
CRYPTO_AKM_FT_OVER_8021X = 0x000fac03,
CRYPTO_AKM_FT_USING_PSK = 0x000fac04,
CRYPTO_AKM_8021X_SHA256 = 0x000fac05,
CRYPTO_AKM_PSK_SHA256 = 0x000fac06,
CRYPTO_AKM_TDLS = 0x000fac07,
CRYPTO_AKM_SAE_SHA256 = 0x000fac08,
CRYPTO_AKM_FT_OVER_SAE_SHA256 = 0x000fac09,
CRYPTO_AKM_AP_PEER_KEY_SHA256 = 0x000fac0a,
CRYPTO_AKM_8021X_SUITE_B_SHA256 = 0x000fac0b,
CRYPTO_AKM_8021X_SUITE_B_SHA384 = 0x000fac0c,
CRYPTO_AKM_FT_OVER_8021X_SHA384 = 0x000fac0d,
CRYPTO_AKM_FILS_SHA256 = 0x000fac0e,
CRYPTO_AKM_FILS_SHA384 = 0x000fac0f,
CRYPTO_AKM_FT_OVER_FILS_SHA256 = 0x000fac10,
CRYPTO_AKM_FT_OVER_FILS_SHA384 = 0x000fac11,
CRYPTO_AKM_OWE = 0x000fac12,
CRYPTO_AKM_OSEN = 0x506f9a01,
};
/* Min & Max reported by crypto_cipher_key_len when ignoring WEP */
#define CRYPTO_MIN_GTK_LEN 16
#define CRYPTO_MAX_GTK_LEN 32
#define CRYPTO_MIN_IGTK_LEN 16
#define CRYPTO_MAX_IGTK_LEN 32
extern const unsigned char crypto_dh5_prime[];
extern size_t crypto_dh5_prime_size;
extern const unsigned char crypto_dh5_generator[];
extern size_t crypto_dh5_generator_size;
bool hmac_md5(const void *key, size_t key_len,
const void *data, size_t data_len, void *output, size_t size);
bool hmac_sha1(const void *key, size_t key_len,
const void *data, size_t data_len, void *output, size_t size);
bool hmac_sha256(const void *key, size_t key_len,
const void *data, size_t data_len, void *output, size_t size);
bool hmac_sha384(const void *key, size_t key_len,
const void *data, size_t data_len, void *output, size_t size);
bool cmac_aes(const void *key, size_t key_len,
const void *data, size_t data_len, void *output, size_t size);
bool aes_unwrap(const uint8_t *kek, size_t kek_len, const uint8_t *in, size_t len,
uint8_t *out);
bool aes_wrap(const uint8_t *kek, const uint8_t *in, size_t len, uint8_t *out);
bool arc4_skip(const uint8_t *key, size_t key_len, size_t skip,
const uint8_t *in, size_t len, uint8_t *out);
bool aes_siv_encrypt(const uint8_t *key, size_t key_len, const uint8_t *in,
size_t in_len, struct iovec *ad, size_t num_ad,
uint8_t *out);
bool aes_siv_decrypt(const uint8_t *key, size_t key_len, const uint8_t *in,
size_t in_len, struct iovec *ad, size_t num_ad,
uint8_t *out);
int crypto_cipher_key_len(enum crypto_cipher cipher);
int crypto_cipher_tk_bits(enum crypto_cipher cipher);
bool crypto_passphrase_is_valid(const char *passphrase);
int crypto_psk_from_passphrase(const char *passphrase,
const unsigned char *ssid, size_t ssid_len,
unsigned char *out_psk);
bool kdf_sha256(const void *key, size_t key_len,
const void *prefix, size_t prefix_len,
const void *data, size_t data_len, void *output, size_t size);
bool kdf_sha384(const void *key, size_t key_len,
const void *prefix, size_t prefix_len,
const void *data, size_t data_len, void *output, size_t size);
bool prf_sha1(const void *key, size_t key_len,
const void *prefix, size_t prefix_len,
const void *data, size_t data_len, void *output, size_t size);
bool prf_plus_sha1(const void *key, size_t key_len,
const void *prefix, size_t prefix_len,
const void *data, size_t data_len, void *output, size_t size);
bool hkdf_extract(enum l_checksum_type type, const uint8_t *key, size_t key_len,
uint8_t num_args, uint8_t *out, ...);
bool hkdf_expand(enum l_checksum_type type, const uint8_t *key, size_t key_len,
const char *info, size_t info_len, void *out,
size_t out_len);
bool crypto_derive_pairwise_ptk(const uint8_t *pmk, size_t pmk_len,
const uint8_t *addr1, const uint8_t *addr2,
const uint8_t *nonce1, const uint8_t *nonce2,
uint8_t *out_ptk, size_t ptk_len,
enum l_checksum_type type);
bool crypto_derive_pmk_r0(const uint8_t *xxkey, size_t xxkey_len,
const uint8_t *ssid, size_t ssid_len,
uint16_t mdid,
const uint8_t *r0khid, size_t r0kh_len,
const uint8_t *s0khid, bool sha384,
uint8_t *out_pmk_r0, uint8_t *out_pmk_r0_name);
bool crypto_derive_pmk_r1(const uint8_t *pmk_r0,
const uint8_t *r1khid, const uint8_t *s1khid,
const uint8_t *pmk_r0_name, bool sha384,
uint8_t *out_pmk_r1,
uint8_t *out_pmk_r1_name);
bool crypto_derive_ft_ptk(const uint8_t *pmk_r1, const uint8_t *pmk_r1_name,
const uint8_t *addr1, const uint8_t *addr2,
const uint8_t *nonce1, const uint8_t *nonce2,
bool sha384, uint8_t *out_ptk, size_t ptk_len,
uint8_t *out_ptk_name);
bool crypto_derive_pmkid(const uint8_t *pmk,
const uint8_t *addr1, const uint8_t *addr2,
uint8_t *out_pmkid, bool use_sha256);