/*
* Crypto wrapper for Linux kernel AF_ALG
* Copyright (c) 2017, Jouni Malinen <j@w1.fi>
*
* This software may be distributed under the terms of the BSD license.
* See README for more details.
*/
#include "includes.h"
#include <linux/if_alg.h>
#include "common.h"
#include "crypto.h"
#include "md5.h"
#include "sha1.h"
#include "sha256.h"
#include "sha384.h"
#include "aes.h"
#ifndef SOL_ALG
#define SOL_ALG 279
#endif /* SOL_ALG */
static int linux_af_alg_socket(const char *type, const char *name)
{
struct sockaddr_alg sa;
int s;
if (TEST_FAIL())
return -1;
s = socket(AF_ALG, SOCK_SEQPACKET, 0);
if (s < 0) {
wpa_printf(MSG_ERROR, "%s: Failed to open AF_ALG socket: %s",
__func__, strerror(errno));
return -1;
}
os_memset(&sa, 0, sizeof(sa));
sa.salg_family = AF_ALG;
os_strlcpy((char *) sa.salg_type, type, sizeof(sa.salg_type));
os_strlcpy((char *) sa.salg_name, name, sizeof(sa.salg_type));
if (bind(s, (struct sockaddr *) &sa, sizeof(sa)) < 0) {
wpa_printf(MSG_ERROR,
"%s: Failed to bind AF_ALG socket(%s,%s): %s",
__func__, type, name, strerror(errno));
close(s);
return -1;
}
return s;
}
static int linux_af_alg_hash_vector(const char *alg, const u8 *key,
size_t key_len, size_t num_elem,
const u8 *addr[], const size_t *len,
u8 *mac, size_t mac_len)
{
int s, t;
size_t i;
ssize_t res;
int ret = -1;
s = linux_af_alg_socket("hash", alg);
if (s < 0)
return -1;
if (key && setsockopt(s, SOL_ALG, ALG_SET_KEY, key, key_len) < 0) {
wpa_printf(MSG_ERROR, "%s: setsockopt(ALG_SET_KEY) failed: %s",
__func__, strerror(errno));
close(s);
return -1;
}
t = accept(s, NULL, NULL);
if (t < 0) {
wpa_printf(MSG_ERROR, "%s: accept on AF_ALG socket failed: %s",
__func__, strerror(errno));
close(s);
return -1;
}
for (i = 0; i < num_elem; i++) {
res = send(t, addr[i], len[i], i + 1 < num_elem ? MSG_MORE : 0);
if (res < 0) {
wpa_printf(MSG_ERROR,
"%s: send on AF_ALG socket failed: %s",
__func__, strerror(errno));
goto fail;
}
if ((size_t) res < len[i]) {
wpa_printf(MSG_ERROR,
"%s: send on AF_ALG socket did not accept full buffer (%d/%d)",
__func__, (int) res, (int) len[i]);
goto fail;
}
}
res = recv(t, mac, mac_len, 0);
if (res < 0) {
wpa_printf(MSG_ERROR,
"%s: recv on AF_ALG socket failed: %s",
__func__, strerror(errno));
goto fail;
}
if ((size_t) res < mac_len) {
wpa_printf(MSG_ERROR,
"%s: recv on AF_ALG socket did not return full buffer (%d/%d)",
__func__, (int) res, (int) mac_len);
goto fail;
}
ret = 0;
fail:
close(t);
close(s);
return ret;
}
int md4_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac)
{
return linux_af_alg_hash_vector("md4", NULL, 0, num_elem, addr, len,
mac, 16);
}
int md5_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac)
{
return linux_af_alg_hash_vector("md5", NULL, 0, num_elem, addr, len,
mac, MD5_MAC_LEN);
}
int sha1_vector(size_t num_elem, const u8 *addr[], const size_t *len,
u8 *mac)
{
return linux_af_alg_hash_vector("sha1", NULL, 0, num_elem, addr, len,
mac, SHA1_MAC_LEN);
}
int sha256_vector(size_t num_elem, const u8 *addr[], const size_t *len,
u8 *mac)
{
return linux_af_alg_hash_vector("sha256", NULL, 0, num_elem, addr, len,
mac, SHA256_MAC_LEN);
}
int sha384_vector(size_t num_elem, const u8 *addr[], const size_t *len,
u8 *mac)
{
return linux_af_alg_hash_vector("sha384", NULL, 0, num_elem, addr, len,
mac, SHA384_MAC_LEN);
}
int sha512_vector(size_t num_elem, const u8 *addr[], const size_t *len,
u8 *mac)
{
return linux_af_alg_hash_vector("sha512", NULL, 0, num_elem, addr, len,
mac, 64);
}
int hmac_md5_vector(const u8 *key, size_t key_len, size_t num_elem,
const u8 *addr[], const size_t *len, u8 *mac)
{
return linux_af_alg_hash_vector("hmac(md5)", key, key_len, num_elem,
addr, len, mac, 16);
}
int hmac_md5(const u8 *key, size_t key_len, const u8 *data, size_t data_len,
u8 *mac)
{
return hmac_md5_vector(key, key_len, 1, &data, &data_len, mac);
}
int hmac_sha1_vector(const u8 *key, size_t key_len, size_t num_elem,
const u8 *addr[], const size_t *len, u8 *mac)
{
return linux_af_alg_hash_vector("hmac(sha1)", key, key_len, num_elem,
addr, len, mac, SHA1_MAC_LEN);
}
int hmac_sha1(const u8 *key, size_t key_len, const u8 *data, size_t data_len,
u8 *mac)
{
return hmac_sha1_vector(key, key_len, 1, &data, &data_len, mac);
}
int hmac_sha256_vector(const u8 *key, size_t key_len, size_t num_elem,
const u8 *addr[], const size_t *len, u8 *mac)
{
return linux_af_alg_hash_vector("hmac(sha256)", key, key_len, num_elem,
addr, len, mac, SHA256_MAC_LEN);
}
int hmac_sha256(const u8 *key, size_t key_len, const u8 *data,
size_t data_len, u8 *mac)
{
return hmac_sha256_vector(key, key_len, 1, &data, &data_len, mac);
}
int hmac_sha384_vector(const u8 *key, size_t key_len, size_t num_elem,
const u8 *addr[], const size_t *len, u8 *mac)
{
return linux_af_alg_hash_vector("hmac(sha384)", key, key_len, num_elem,
addr, len, mac, SHA384_MAC_LEN);
}
int hmac_sha384(const u8 *key, size_t key_len, const u8 *data,
size_t data_len, u8 *mac)
{
return hmac_sha384_vector(key, key_len, 1, &data, &data_len, mac);
}
struct crypto_hash {
int s;
int t;
size_t mac_len;
int failed;
};
struct crypto_hash * crypto_hash_init(enum crypto_hash_alg alg, const u8 *key,
size_t key_len)
{
struct crypto_hash *ctx;
const char *name;
ctx = os_zalloc(sizeof(*ctx));
if (!ctx)
return NULL;
switch (alg) {
case CRYPTO_HASH_ALG_MD5:
name = "md5";
ctx->mac_len = MD5_MAC_LEN;
break;
case CRYPTO_HASH_ALG_SHA1:
name = "sha1";
ctx->mac_len = SHA1_MAC_LEN;
break;
case CRYPTO_HASH_ALG_HMAC_MD5:
name = "hmac(md5)";
ctx->mac_len = MD5_MAC_LEN;
break;
case CRYPTO_HASH_ALG_HMAC_SHA1:
name = "hmac(sha1)";
ctx->mac_len = SHA1_MAC_LEN;
break;
case CRYPTO_HASH_ALG_SHA256:
name = "sha256";
ctx->mac_len = SHA256_MAC_LEN;
break;
case CRYPTO_HASH_ALG_HMAC_SHA256:
name = "hmac(sha256)";
ctx->mac_len = SHA256_MAC_LEN;
break;
case CRYPTO_HASH_ALG_SHA384:
name = "sha384";
ctx->mac_len = SHA384_MAC_LEN;
break;
case CRYPTO_HASH_ALG_SHA512:
name = "sha512";
ctx->mac_len = 64;
break;
default:
os_free(ctx);
return NULL;
}
ctx->s = linux_af_alg_socket("hash", name);
if (ctx->s < 0) {
os_free(ctx);
return NULL;
}
if (key && key_len &&
setsockopt(ctx->s, SOL_ALG, ALG_SET_KEY, key, key_len) < 0) {
wpa_printf(MSG_ERROR, "%s: setsockopt(ALG_SET_KEY) failed: %s",
__func__, strerror(errno));
close(ctx->s);
os_free(ctx);
return NULL;
}
ctx->t = accept(ctx->s, NULL, NULL);
if (ctx->t < 0) {
wpa_printf(MSG_ERROR, "%s: accept on AF_ALG socket failed: %s",
__func__, strerror(errno));
close(ctx->s);
os_free(ctx);
return NULL;
}
return ctx;
}
void crypto_hash_update(struct crypto_hash *ctx, const u8 *data, size_t len)
{
ssize_t res;
if (!ctx)
return;
res = send(ctx->t, data, len, MSG_MORE);
if (res < 0) {
wpa_printf(MSG_ERROR,
"%s: send on AF_ALG socket failed: %s",
__func__, strerror(errno));
ctx->failed = 1;
return;
}
if ((size_t) res < len) {
wpa_printf(MSG_ERROR,
"%s: send on AF_ALG socket did not accept full buffer (%d/%d)",
__func__, (int) res, (int) len);
ctx->failed = 1;
return;
}
}
static void crypto_hash_deinit(struct crypto_hash *ctx)
{
close(ctx->s);
close(ctx->t);
os_free(ctx);
}
int crypto_hash_finish(struct crypto_hash *ctx, u8 *mac, size_t *len)
{
ssize_t res;
if (!ctx)
return -2;
if (!mac || !len) {
crypto_hash_deinit(ctx);
return 0;
}
if (ctx->failed) {
crypto_hash_deinit(ctx);
return -2;
}
if (*len < ctx->mac_len) {
crypto_hash_deinit(ctx);
*len = ctx->mac_len;
return -1;
}
*len = ctx->mac_len;
res = recv(ctx->t, mac, ctx->mac_len, 0);
if (res < 0) {
wpa_printf(MSG_ERROR,
"%s: recv on AF_ALG socket failed: %s",
__func__, strerror(errno));
crypto_hash_deinit(ctx);
return -2;
}
if ((size_t) res < ctx->mac_len) {
wpa_printf(MSG_ERROR,
"%s: recv on AF_ALG socket did not return full buffer (%d/%d)",
__func__, (int) res, (int) ctx->mac_len);
crypto_hash_deinit(ctx);
return -2;
}
crypto_hash_deinit(ctx);
if (TEST_FAIL())
return -1;
return 0;
}
struct linux_af_alg_skcipher {
int s;
int t;
};
static void linux_af_alg_skcipher_deinit(struct linux_af_alg_skcipher *skcipher)
{
if (!skcipher)
return;
if (skcipher->s >= 0)
close(skcipher->s);
if (skcipher->t >= 0)
close(skcipher->t);
os_free(skcipher);
}
static struct linux_af_alg_skcipher *
linux_af_alg_skcipher(const char *alg, const u8 *key, size_t key_len)
{
struct linux_af_alg_skcipher *skcipher;
skcipher = os_zalloc(sizeof(*skcipher));
if (!skcipher)
goto fail;
skcipher->t = -1;
skcipher->s = linux_af_alg_socket("skcipher", alg);
if (skcipher->s < 0)
goto fail;
if (setsockopt(skcipher->s, SOL_ALG, ALG_SET_KEY, key, key_len) < 0) {
wpa_printf(MSG_ERROR, "%s: setsockopt(ALG_SET_KEY) failed: %s",
__func__, strerror(errno));
goto fail;
}
skcipher->t = accept(skcipher->s, NULL, NULL);
if (skcipher->t < 0) {
wpa_printf(MSG_ERROR, "%s: accept on AF_ALG socket failed: %s",
__func__, strerror(errno));
goto fail;
}
return skcipher;
fail:
linux_af_alg_skcipher_deinit(skcipher);
return NULL;
}
static int linux_af_alg_skcipher_oper(struct linux_af_alg_skcipher *skcipher,
int enc, const u8 *in, u8 *out)
{
char buf[CMSG_SPACE(sizeof(u32))];
struct iovec io[1];
struct msghdr msg;
struct cmsghdr *hdr;
ssize_t ret;
u32 *op;
io[0].iov_base = (void *) in;
io[0].iov_len = AES_BLOCK_SIZE;
os_memset(&msg, 0, sizeof(msg));
os_memset(buf, 0, sizeof(buf));
msg.msg_control = buf;
msg.msg_controllen = CMSG_SPACE(sizeof(u32));
msg.msg_iov = io;
msg.msg_iovlen = 1;
hdr = CMSG_FIRSTHDR(&msg);
hdr->cmsg_level = SOL_ALG;
hdr->cmsg_type = ALG_SET_OP;
hdr->cmsg_len = CMSG_LEN(sizeof(u32));
op = (u32 *) CMSG_DATA(hdr);
*op = enc ? ALG_OP_ENCRYPT : ALG_OP_DECRYPT;
ret = sendmsg(skcipher->t, &msg, 0);
if (ret < 0) {
wpa_printf(MSG_ERROR, "%s: sendmsg failed: %s",
__func__, strerror(errno));
return -1;
}
ret = read(skcipher->t, out, AES_BLOCK_SIZE);
if (ret < 0) {
wpa_printf(MSG_ERROR, "%s: read failed: %s",
__func__, strerror(errno));
return -1;
}
if (ret < AES_BLOCK_SIZE) {
wpa_printf(MSG_ERROR,
"%s: read did not return full data (%d/%d)",
__func__, (int) ret, AES_BLOCK_SIZE);
return -1;
}
return 0;
}
void * aes_encrypt_init(const u8 *key, size_t len)
{
return linux_af_alg_skcipher("ecb(aes)", key, len);
}
int aes_encrypt(void *ctx, const u8 *plain, u8 *crypt)
{
struct linux_af_alg_skcipher *skcipher = ctx;
return linux_af_alg_skcipher_oper(skcipher, 1, plain, crypt);
}
void aes_encrypt_deinit(void *ctx)
{
linux_af_alg_skcipher_deinit(ctx);
}
void * aes_decrypt_init(const u8 *key, size_t len)
{
return linux_af_alg_skcipher("ecb(aes)", key, len);
}
int aes_decrypt(void *ctx, const u8 *crypt, u8 *plain)
{
struct linux_af_alg_skcipher *skcipher = ctx;
return linux_af_alg_skcipher_oper(skcipher, 0, crypt, plain);
}
void aes_decrypt_deinit(void *ctx)
{
linux_af_alg_skcipher_deinit(ctx);
}
int rc4_skip(const u8 *key, size_t keylen, size_t skip,
u8 *data, size_t data_len)
{
struct linux_af_alg_skcipher *skcipher;
u8 *skip_buf;
char buf[CMSG_SPACE(sizeof(u32))];
struct iovec io[2];
struct msghdr msg;
struct cmsghdr *hdr;
ssize_t ret;
u32 *op;
skip_buf = os_zalloc(skip + 1);
if (!skip_buf)
return -1;
skcipher = linux_af_alg_skcipher("ecb(arc4)", key, keylen);
if (!skcipher) {
os_free(skip_buf);
return -1;
}
io[0].iov_base = skip_buf;
io[0].iov_len = skip;
io[1].iov_base = data;
io[1].iov_len = data_len;
os_memset(&msg, 0, sizeof(msg));
os_memset(buf, 0, sizeof(buf));
msg.msg_control = buf;
msg.msg_controllen = CMSG_SPACE(sizeof(u32));
msg.msg_iov = io;
msg.msg_iovlen = 2;
hdr = CMSG_FIRSTHDR(&msg);
hdr->cmsg_level = SOL_ALG;
hdr->cmsg_type = ALG_SET_OP;
hdr->cmsg_len = CMSG_LEN(sizeof(u32));
op = (u32 *) CMSG_DATA(hdr);
*op = ALG_OP_ENCRYPT;
ret = sendmsg(skcipher->t, &msg, 0);
if (ret < 0) {
wpa_printf(MSG_ERROR, "%s: sendmsg failed: %s",
__func__, strerror(errno));
os_free(skip_buf);
linux_af_alg_skcipher_deinit(skcipher);
return -1;
}
os_free(skip_buf);
msg.msg_control = NULL;
msg.msg_controllen = 0;
ret = recvmsg(skcipher->t, &msg, 0);
if (ret < 0) {
wpa_printf(MSG_ERROR, "%s: recvmsg failed: %s",
__func__, strerror(errno));
linux_af_alg_skcipher_deinit(skcipher);
return -1;
}
linux_af_alg_skcipher_deinit(skcipher);
if ((size_t) ret < skip + data_len) {
wpa_printf(MSG_ERROR,
"%s: recvmsg did not return full data (%d/%d)",
__func__, (int) ret, (int) (skip + data_len));
return -1;
}
return 0;
}
int des_encrypt(const u8 *clear, const u8 *key, u8 *cypher)
{
u8 pkey[8], next, tmp;
int i;
struct linux_af_alg_skcipher *skcipher;
char buf[CMSG_SPACE(sizeof(u32))];
struct iovec io[1];
struct msghdr msg;
struct cmsghdr *hdr;
ssize_t ret;
u32 *op;
int res = -1;
/* Add parity bits to the key */
next = 0;
for (i = 0; i < 7; i++) {
tmp = key[i];
pkey[i] = (tmp >> i) | next | 1;
next = tmp << (7 - i);
}
pkey[i] = next | 1;
skcipher = linux_af_alg_skcipher("ecb(des)", pkey, sizeof(pkey));
if (!skcipher)
goto fail;
io[0].iov_base = (void *) clear;
io[0].iov_len = 8;
os_memset(&msg, 0, sizeof(msg));
os_memset(buf, 0, sizeof(buf));
msg.msg_control = buf;
msg.msg_controllen = CMSG_SPACE(sizeof(u32));
msg.msg_iov = io;
msg.msg_iovlen = 1;
hdr = CMSG_FIRSTHDR(&msg);
hdr->cmsg_level = SOL_ALG;
hdr->cmsg_type = ALG_SET_OP;
hdr->cmsg_len = CMSG_LEN(sizeof(u32));
op = (u32 *) CMSG_DATA(hdr);
*op = ALG_OP_ENCRYPT;
ret = sendmsg(skcipher->t, &msg, 0);
if (ret < 0) {
wpa_printf(MSG_ERROR, "%s: sendmsg failed: %s",
__func__, strerror(errno));
goto fail;
}
ret = read(skcipher->t, cypher, 8);
if (ret < 0) {
wpa_printf(MSG_ERROR, "%s: read failed: %s",
__func__, strerror(errno));
goto fail;
}
if (ret < 8) {
wpa_printf(MSG_ERROR,
"%s: read did not return full data (%d/8)",
__func__, (int) ret);
goto fail;
}
res = 0;
fail:
linux_af_alg_skcipher_deinit(skcipher);
return res;
}
static int aes_128_cbc_oper(const u8 *key, int enc, const u8 *iv,
u8 *data, size_t data_len)
{
struct linux_af_alg_skcipher *skcipher;
char buf[100];
struct iovec io[1];
struct msghdr msg;
struct cmsghdr *hdr;
ssize_t ret;
u32 *op;
struct af_alg_iv *alg_iv;
size_t iv_len = AES_BLOCK_SIZE;
skcipher = linux_af_alg_skcipher("cbc(aes)", key, 16);
if (!skcipher)
return -1;
io[0].iov_base = (void *) data;
io[0].iov_len = data_len;
os_memset(&msg, 0, sizeof(msg));
os_memset(buf, 0, sizeof(buf));
msg.msg_control = buf;
msg.msg_controllen = CMSG_SPACE(sizeof(u32)) +
CMSG_SPACE(sizeof(*alg_iv) + iv_len);
msg.msg_iov = io;
msg.msg_iovlen = 1;
hdr = CMSG_FIRSTHDR(&msg);
hdr->cmsg_level = SOL_ALG;
hdr->cmsg_type = ALG_SET_OP;
hdr->cmsg_len = CMSG_LEN(sizeof(u32));
op = (u32 *) CMSG_DATA(hdr);
*op = enc ? ALG_OP_ENCRYPT : ALG_OP_DECRYPT;
hdr = CMSG_NXTHDR(&msg, hdr);
hdr->cmsg_level = SOL_ALG;
hdr->cmsg_type = ALG_SET_IV;
hdr->cmsg_len = CMSG_SPACE(sizeof(*alg_iv) + iv_len);
alg_iv = (struct af_alg_iv *) CMSG_DATA(hdr);
alg_iv->ivlen = iv_len;
os_memcpy(alg_iv->iv, iv, iv_len);
ret = sendmsg(skcipher->t, &msg, 0);
if (ret < 0) {
wpa_printf(MSG_ERROR, "%s: sendmsg failed: %s",
__func__, strerror(errno));
linux_af_alg_skcipher_deinit(skcipher);
return -1;
}
ret = recvmsg(skcipher->t, &msg, 0);
if (ret < 0) {
wpa_printf(MSG_ERROR, "%s: recvmsg failed: %s",
__func__, strerror(errno));
linux_af_alg_skcipher_deinit(skcipher);
return -1;
}
if ((size_t) ret < data_len) {
wpa_printf(MSG_ERROR,
"%s: recvmsg not return full data (%d/%d)",
__func__, (int) ret, (int) data_len);
linux_af_alg_skcipher_deinit(skcipher);
return -1;
}
linux_af_alg_skcipher_deinit(skcipher);
return 0;
}
int aes_128_cbc_encrypt(const u8 *key, const u8 *iv, u8 *data, size_t data_len)
{
return aes_128_cbc_oper(key, 1, iv, data, data_len);
}
int aes_128_cbc_decrypt(const u8 *key, const u8 *iv, u8 *data, size_t data_len)
{
return aes_128_cbc_oper(key, 0, iv, data, data_len);
}
int omac1_aes_vector(const u8 *key, size_t key_len, size_t num_elem,
const u8 *addr[], const size_t *len, u8 *mac)
{
return linux_af_alg_hash_vector("cmac(aes)", key, key_len, num_elem,
addr, len, mac, AES_BLOCK_SIZE);
}
int omac1_aes_128_vector(const u8 *key, size_t num_elem,
const u8 *addr[], const size_t *len, u8 *mac)
{
return omac1_aes_vector(key, 16, num_elem, addr, len, mac);
}
int omac1_aes_128(const u8 *key, const u8 *data, size_t data_len, u8 *mac)
{
return omac1_aes_128_vector(key, 1, &data, &data_len, mac);
}
int omac1_aes_256(const u8 *key, const u8 *data, size_t data_len, u8 *mac)
{
return omac1_aes_vector(key, 32, 1, &data, &data_len, mac);
}
int aes_unwrap(const u8 *kek, size_t kek_len, int n, const u8 *cipher,
u8 *plain)
{
struct linux_af_alg_skcipher *skcipher;
char buf[100];
struct iovec io[1];
struct msghdr msg;
struct cmsghdr *hdr;
ssize_t ret;
u32 *op;
struct af_alg_iv *alg_iv;
size_t iv_len = 8;
skcipher = linux_af_alg_skcipher("kw(aes)", kek, kek_len);
if (!skcipher)
return -1;
io[0].iov_base = (void *) (cipher + iv_len);
io[0].iov_len = n * 8;
os_memset(&msg, 0, sizeof(msg));
os_memset(buf, 0, sizeof(buf));
msg.msg_control = buf;
msg.msg_controllen = CMSG_SPACE(sizeof(u32)) +
CMSG_SPACE(sizeof(*alg_iv) + iv_len);
msg.msg_iov = io;
msg.msg_iovlen = 1;
hdr = CMSG_FIRSTHDR(&msg);
hdr->cmsg_level = SOL_ALG;
hdr->cmsg_type = ALG_SET_OP;
hdr->cmsg_len = CMSG_LEN(sizeof(u32));
op = (u32 *) CMSG_DATA(hdr);
*op = ALG_OP_DECRYPT;
hdr = CMSG_NXTHDR(&msg, hdr);
hdr->cmsg_level = SOL_ALG;
hdr->cmsg_type = ALG_SET_IV;
hdr->cmsg_len = CMSG_SPACE(sizeof(*alg_iv) + iv_len);
alg_iv = (struct af_alg_iv *) CMSG_DATA(hdr);
alg_iv->ivlen = iv_len;
os_memcpy(alg_iv->iv, cipher, iv_len);
ret = sendmsg(skcipher->t, &msg, 0);
if (ret < 0) {
wpa_printf(MSG_ERROR, "%s: sendmsg failed: %s",
__func__, strerror(errno));
return -1;
}
ret = read(skcipher->t, plain, n * 8);
if (ret < 0) {
wpa_printf(MSG_ERROR, "%s: read failed: %s",
__func__, strerror(errno));
linux_af_alg_skcipher_deinit(skcipher);
return -1;
}
if (ret < n * 8) {
wpa_printf(MSG_ERROR,
"%s: read not return full data (%d/%d)",
__func__, (int) ret, n * 8);
linux_af_alg_skcipher_deinit(skcipher);
return -1;
}
linux_af_alg_skcipher_deinit(skcipher);
return 0;
}
struct crypto_cipher {
struct linux_af_alg_skcipher *skcipher;
};
struct crypto_cipher * crypto_cipher_init(enum crypto_cipher_alg alg,
const u8 *iv, const u8 *key,
size_t key_len)
{
struct crypto_cipher *ctx;
const char *name;
struct af_alg_iv *alg_iv;
size_t iv_len = 0;
char buf[100];
struct msghdr msg;
struct cmsghdr *hdr;
ssize_t ret;
ctx = os_zalloc(sizeof(*ctx));
if (!ctx)
return NULL;
switch (alg) {
case CRYPTO_CIPHER_ALG_RC4:
name = "ecb(arc4)";
break;
case CRYPTO_CIPHER_ALG_AES:
name = "cbc(aes)";
iv_len = AES_BLOCK_SIZE;
break;
case CRYPTO_CIPHER_ALG_3DES:
name = "cbc(des3_ede)";
iv_len = 8;
break;
case CRYPTO_CIPHER_ALG_DES:
name = "cbc(des)";
iv_len = 8;
break;
default:
os_free(ctx);
return NULL;
}
ctx->skcipher = linux_af_alg_skcipher(name, key, key_len);
if (!ctx->skcipher) {
os_free(ctx);
return NULL;
}
if (iv && iv_len) {
os_memset(&msg, 0, sizeof(msg));
os_memset(buf, 0, sizeof(buf));
msg.msg_control = buf;
msg.msg_controllen = CMSG_SPACE(sizeof(*alg_iv) + iv_len);
hdr = CMSG_FIRSTHDR(&msg);
hdr->cmsg_level = SOL_ALG;
hdr->cmsg_type = ALG_SET_IV;
hdr->cmsg_len = CMSG_SPACE(sizeof(*alg_iv) + iv_len);
alg_iv = (struct af_alg_iv *) CMSG_DATA(hdr);
alg_iv->ivlen = iv_len;
os_memcpy(alg_iv->iv, iv, iv_len);
ret = sendmsg(ctx->skcipher->t, &msg, 0);
if (ret < 0) {
wpa_printf(MSG_ERROR, "%s: sendmsg failed: %s",
__func__, strerror(errno));
linux_af_alg_skcipher_deinit(ctx->skcipher);
os_free(ctx);
return NULL;
}
}
return ctx;
}
static int crypto_cipher_oper(struct crypto_cipher *ctx, u32 type, const u8 *in,
u8 *out, size_t len)
{
char buf[CMSG_SPACE(sizeof(u32))];
struct iovec io[1];
struct msghdr msg;
struct cmsghdr *hdr;
ssize_t ret;
u32 *op;
io[0].iov_base = (void *) in;
io[0].iov_len = len;
os_memset(&msg, 0, sizeof(msg));
os_memset(buf, 0, sizeof(buf));
msg.msg_control = buf;
msg.msg_controllen = CMSG_SPACE(sizeof(u32));
msg.msg_iov = io;
msg.msg_iovlen = 1;
hdr = CMSG_FIRSTHDR(&msg);
hdr->cmsg_level = SOL_ALG;
hdr->cmsg_type = ALG_SET_OP;
hdr->cmsg_len = CMSG_LEN(sizeof(u32));
op = (u32 *) CMSG_DATA(hdr);
*op = type;
ret = sendmsg(ctx->skcipher->t, &msg, 0);
if (ret < 0) {
wpa_printf(MSG_ERROR, "%s: sendmsg failed: %s",
__func__, strerror(errno));
return -1;
}
ret = read(ctx->skcipher->t, out, len);
if (ret < 0) {
wpa_printf(MSG_ERROR, "%s: read failed: %s",
__func__, strerror(errno));
return -1;
}
if (ret < (ssize_t) len) {
wpa_printf(MSG_ERROR,
"%s: read did not return full data (%d/%d)",
__func__, (int) ret, (int) len);
return -1;
}
return 0;
}
int crypto_cipher_encrypt(struct crypto_cipher *ctx, const u8 *plain,
u8 *crypt, size_t len)
{
return crypto_cipher_oper(ctx, ALG_OP_ENCRYPT, plain, crypt, len);
}
int crypto_cipher_decrypt(struct crypto_cipher *ctx, const u8 *crypt,
u8 *plain, size_t len)
{
return crypto_cipher_oper(ctx, ALG_OP_DECRYPT, crypt, plain, len);
}
void crypto_cipher_deinit(struct crypto_cipher *ctx)
{
if (ctx) {
linux_af_alg_skcipher_deinit(ctx->skcipher);
os_free(ctx);
}
}
int crypto_global_init(void)
{
return 0;
}
void crypto_global_deinit(void)
{
}