Commit graph

49 commits

Author SHA1 Message Date
Jouni Malinen
9b14aed908 crypto: Remove unused crypto_ec_point_solve_y_coord()
This wrapper function is not used anymore, so remove it.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-01-11 20:15:36 +02:00
Cedric Izoard
e9f8f81a82 DPP: Use ECDH from crypto.h
Use crypto.h API to implement ECDH in DPP. This needs a new
initialization function in crypto.h to initialize an ECDH with a given
EC key.

Using crypto_ecdh_set_peerkey() to generate the ECDH secret in an
intermediate and dynamically allocated buffer removed the need for the
DPP-specific workaround for inconsistent length returned by
EVP_PKEY_derive() since that crypto_ecdh_set_peerkey() implementation
already had functionality for covering the changing secret_len value
from commit d001fe31ab ("OpenSSL: Handle EVP_PKEY_derive() secret_len
changes for ECDH").

Signed-off-by: Cedric Izoard <cedric.izoard@ceva-dsp.com>
2021-11-03 13:52:52 +02:00
Cedric Izoard
d51939f2c4 DPP: Move CSR routines to use crypto.h
Add basic CSR API in crypto.h.

Signed-off-by: Cedric Izoard <cedric.izoard@ceva-dsp.com>
2021-10-28 00:39:56 +03:00
Cedric Izoard
d56352b551 DPP: Move dpp_pkcs7_certs() into crypto_pkcs7_get_certificates()
Move implementation of dpp_pkcs7_certs() into OpenSSL specific files.

Signed-off-by: Cedric Izoard <cedric.izoard@ceva-dsp.com>
2021-10-28 00:05:42 +03:00
Cedric Izoard
b89176fa6f DPP: Move debug print of EC key to crypto.h
Move the crypto lib specific print of an EC key in dpp_debug_print_key()
to crypto.h.

Signed-off-by: Cedric Izoard <cedric.izoard@ceva-dsp.com>
2021-10-27 23:50:23 +03:00
Cedric Izoard
c88b7fcaef DPP: Add crypto_ec_key_cmp() in crypto.h and use it
This gets rid of one more direct OpenSSL call in the DPP implementation.

Signed-off-by: Cedric Izoard <cedric.izoard@ceva-dsp.com>
2021-10-27 23:33:54 +03:00
Cedric Izoard
f5334f9b5b DPP: Use crypto API for reconfig part
Rewrite functions related to reconfig feature using EC point/bignum
primitives defined in crypto.h API.

Signed-off-by: Cedric Izoard <cedric.izoard@ceva-dsp.com>
2021-10-27 23:24:20 +03:00
Cedric Izoard
eac41656ee DPP: Update connector signing to use crypto.h
Add two new functions in crypto.h that "wrap" around already defined
signing function with (r,s) interface instead of DER Ecdsa-Sig-Value.

Using those functions implies to compute the hash to sign manually
before.

Signed-off-by: Cedric Izoard <cedric.izoard@ceva-dsp.com>
2021-10-27 00:08:36 +03:00
Cedric Izoard
0d1d74107b DPP: Update PKEX part to use crypto.h API
Rewrite EC point/bignum computation done in PKEX protocol using EC
point/bignum primitives already defined in crypto.h and couple of small
new helper functions.

Signed-off-by: Cedric Izoard <cedric.izoard@ceva-dsp.com>
2021-10-26 23:20:57 +03:00
Cedric Izoard
9c1632908d DPP: Move dpp_set_pubkey_point_group() to crypto.h
Move code of dpp_set_pubkey_point_group() into crypto.h API. This
function initializes an EC public key using coordinates of the EC point
in binary format.

Signed-off-by: Cedric Izoard <cedric.izoard@ceva-dsp.com>
2021-10-26 19:50:54 +03:00
Cedric Izoard
c6f2103cac DPP: Replace dpp_get_pubkey_point() with crypto_ec_key_get_pubkey_point()
Move code of dpp_get_pubkey_point() to a crypto library specific
function crypto_ec_key_get_pubkey_point().

Signed-off-by: Cedric Izoard <cedric.izoard@ceva-dsp.com>
2021-10-26 18:06:32 +03:00
Cedric Izoard
2d5772e691 DPP: Factorize conversion to ASN.1 ECPrivateKey
Add crypto_ec_key_get_ecprivate_key() function in crypto.h and use it
when possible in DPP code.

This function converts a struct crypto_ec_key into a DER encoded ASN.1
ECPrivateKey.

Signed-off-by: Cedric Izoard <cedric.izoard@ceva-dsp.com>
2021-10-26 17:08:39 +03:00
Cedric Izoard
86cde01cbd DPP: Move dpp_gen_keypair() to crypto
Move code in dpp_gen_keypair() to function crypto_ec_key_gen() in
crypto.h.

Signed-off-by: Cedric Izoard <cedric.izoard@ceva-dsp.com>
2021-10-26 16:50:42 +03:00
Cedric Izoard
15275c53d8 Complete documentation in crypto.h
Add missing documentation for crypto_ecdh and crypt_ec_key functions.

Signed-off-by: Cedric Izoard <cedric.izoard@ceva-dsp.com>
2021-10-26 13:17:31 +03:00
Jouni Malinen
aed01b82d3 OpenSSL: Additional EC functionality for SAE-PK
These will be needed for implementing SAE-PK ECDSA signing and signature
verification operations.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-06-02 17:56:45 +03:00
Jouni Malinen
df49c53f4a Fix a typo in a comment
Signed-off-by: Jouni Malinen <j@w1.fi>
2020-05-16 22:12:46 +03:00
Ilan Peer
94773d40fa crypto: Add a function to get the ECDH prime length
crypto_ecdh_prime_len() can now be used to fetch the length (in octets)
of the prime used in ECDH.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2020-02-29 23:26:26 +02:00
Jouni Malinen
de580bf6c4 crypto: Remove unused crypto_bignum_sqrtmod()
This wrapper function is not used anymore, so drop it instead of trying
to figure out good way of implementing it in constant time with various
crypto libraries.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-10-25 19:29:53 +03:00
Jouni Malinen
2a1c84f4e5 crypto: Add more bignum/EC helper functions
These are needed for implementing SAE hash-to-element.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-10-14 19:38:41 +03:00
Jouni Malinen
e0e15fc236 Remove unused crypto_bignum_bits()
This wrapper function is not needed anymore.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-26 17:43:45 +03:00
Jouni Malinen
cb5db189ed Remove the unused crypto_ec_cofactor() function
All users of this wrapper function were removed, so the wrapper can be
removed as well.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-04-13 18:28:05 +03:00
Jouni Malinen
b11fa98bcb Add explicit checks for peer's DH public key
Pass the group order (if known/specified) to crypto_dh_derive_secret()
(and also to OpenSSL DH_generate_key() in case of Group 5) and verify
that the public key received from the peer meets 1 < pubkey < p and
pubkey^q == 1 mod p conditions.

While all these use cases were using only ephemeral DH keys, it is
better to use more explicit checks while deriving the shared secret to
avoid unexpected behavior.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-05 17:05:03 +02:00
Sean Parkinson
23ff5d73df Enhance crypto abstract API
Add more crypto_*() wrappers to enable use of other crypto libraries
than OpenSSL.

Signed-off-by: Sean Parkinson <sean@wolfssl.com>
2017-12-24 17:35:38 +02:00
Sean Parkinson
441e8bfbb4 Fix copy-paste errors in function comments
Use correct function names for the documentation.

Signed-off-by: Sean Parkinson <sean@wolfssl.com>
2017-12-24 17:03:07 +02:00
Jouni Malinen
ae1ec1aaf2 OpenSSL: Add wrapper functions for ECDH
These allow ECDH to be used with compressed public key encoding (only
x-coordinate). This is needed for FILS PFS and OWE.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-03-11 22:08:48 +02:00
Jouni Malinen
5f0e165e80 crypto: Add return value to DES and AES encrypt/decrypt
These operations may fail with some crypto wrappers, so allow the
functions to report their results to the caller.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-02-28 11:23:54 +02:00
Jouni Malinen
c0acec3934 crypto: Add CRYPTO_HASH_ALG_SHA384 and CRYPTO_HASH_ALG_SHA512
This extends the crypto_hash_*() API to support SHA384 and SHA512 when
built with CONFIG_TLS=internal.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-11-29 18:21:08 +02:00
Pali Rohár
6bb6a9ce29 Add SHA384 and SHA512 implementations from LibTomCrypt library
These will be used with the internal TLS implementation to extend hash
algorithm support for new certificates and TLS v1.2.

Signed-off-by: Pali Rohár <pali.rohar@gmail.com>
2015-11-29 18:19:32 +02:00
Jouni Malinen
16841ab246 crypto: Add functions for computing the Legendre symbol and EC y^2
These are needed to implement side-channel protection for SAE PWE
derivation for ECC.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-26 22:41:51 +03:00
Jouni Malinen
4e7e68890a Add crypto_ec_point_cmp()
This is needed to allow SAE to check whether ECC elements are identical.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-23 22:29:23 +03:00
Jouni Malinen
ab6d047405 Add function for building RSA public key from n and e parameters
This is similar to the existing functionality that parsed ASN.1-encoded
RSA public key by generating a similar public key instance from already
parsed n and e parameters.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-19 23:27:30 +03:00
Jouni Malinen
a9b08adacf Remove unused crypto_bignum_rshift()
Commit bf4f5d6570 removed the only user of
this function.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-02-15 11:31:20 +02:00
Jouni Malinen
75870c933f SAE: Replace comparison to one with crypto_bignum wrapper
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:54 +02:00
Jouni Malinen
b0f6124c1c SAE: Store commit scalars as bignum instead of octet string
This avoids unnecessary bignum initialization steps during the SAE
exchange.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:54 +02:00
Jouni Malinen
b1677c393b SAE: Use more generic random bignum generation
Move the bignum comparison part into the bignum library to allow a
single implementation of rand generation for both ECC and FCC based
groups.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:54 +02:00
Jouni Malinen
305fe835d4 Add more crypto_bignum_*() wrappers
These operations will be needed for SAE FCC group operations.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:54 +02:00
Jouni Malinen
cd9c2714e7 SAE: Add support for ECC group 21 (521-bit random ECP group)
In addition to the trivial change in adding the new group ientifier,
this required changes to KDF and random number generation to support
cases where the length of the prime in bits is not a multiple of eight.
The binary presentation of the value needs to be shifted so that the
unused most significant bits are the zero padding rather than the extra
bits in the end of the array.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:53 +02:00
Jouni Malinen
a55f2eef71 SAE: Use EC group context to get the group prime
Do not use the hardcoded group19_prime buffer for this to allow group
negotiation.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:53 +02:00
Jouni Malinen
ce46ec8df0 SAE: Store the group order in EC context data
This makes the SAE implementation a bit simpler by not having to build
the bignum for group order during execution.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:53 +02:00
Jouni Malinen
619c70a0b2 crypto: Add wrappers for OpenSSL BIGNUM and EC_POINT
These new crypto wrappers can be used to implement bignum and EC
operations using various crypto libraries.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:52 +02:00
Jouni Malinen
44ec48ebfd FIPS: Remove md5-non-fips.c
Commit c9e08af24f removed the only user of
the special case MD5 use that would be allowed in FIPS mode in
tls_prf_sha1_md5(). Commit 271dbf1594
removed the file from the build, but left the implementation into the
repository. To clean things up even further, remove this functionality
completely since it is not expected to be needed for FIPS mode anymore.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-19 16:53:15 +03:00
Jouni Malinen
982bafedaf FIPS: Mix in OpenSSL RAND_bytes() into random_get_bytes()
Make sure that the OpenSSL DRBG gets used when generating
random numbers in FIPS mode.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-16 21:49:41 +03:00
Jouni Malinen
0f3d578efc Remove the GPL notification from files contributed by Jouni Malinen
Remove the GPL notification text from the files that were
initially contributed by myself.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-02-11 19:39:36 +02:00
Jouni Malinen
dcff088df7 Add SHA256-hash functions to generic crypto_hash_* functions
Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-27 21:10:06 +02:00
Jouni Malinen
3f4ed97a70 Add support for PKCS #5 encrypted PKCS #8 keys with internal crypto
Private keys can now be used in either unencrypted or encrypted
PKCS #8 encoding. Only the pbeWithMD5AndDES-CBC algorithm (PKCS #5)
is currently supported.
2009-10-17 12:06:36 +03:00
Jouni Malinen
ac73690c06 Move RC4 into crypto.h as a replaceable crypto function
This allows crypto library wrappers to override the internal RC4
implementation in the same way as can already be done for other crypto
algorithms.
2009-08-16 20:13:14 +03:00
Jouni Malinen
ff916b9df7 Allow non-FIPS MD5 to be used with TLS PRF even in FIPS mode
This is allowed per FIPS1402IG.pdf since the TLS PRF depends fully on
both MD5 and SHA-1.
2009-08-16 18:56:48 +03:00
Jouni Malinen
0a5d68aba5 Make hash functions return error value
Some crypto libraries can return in these functions (e.g., if a specific
hash function is disabled), so we better provide the caller a chance to
check whether the call failed. The return values are not yet used
anywhere, but they will be needed for future changes.
2009-08-16 14:06:00 +03:00
Jouni Malinen
6fc6879bd5 Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release 2008-02-27 17:34:43 -08:00