struct crypto_cipher * crypto_cipher_init(enum crypto_cipher_alg alg, const u8 *iv, const u8 *key, size_t key_len) { struct crypto_cipher *ctx; ctx = os_zalloc(sizeof(*ctx)); if (ctx == NULL) return NULL; ctx->alg = alg; switch (alg) { case CRYPTO_CIPHER_ALG_RC4: if (key_len > sizeof(ctx->u.rc4.key)) { os_free(ctx); return NULL; } ctx->u.rc4.keylen = key_len; os_memcpy(ctx->u.rc4.key, key, key_len); break; case CRYPTO_CIPHER_ALG_AES: ctx->u.aes.ctx_enc = aes_encrypt_init(key, key_len); if (ctx->u.aes.ctx_enc == NULL) { os_free(ctx); return NULL; } ctx->u.aes.ctx_dec = aes_decrypt_init(key, key_len); if (ctx->u.aes.ctx_dec == NULL) { aes_encrypt_deinit(ctx->u.aes.ctx_enc); os_free(ctx); return NULL; } os_memcpy(ctx->u.aes.cbc, iv, AES_BLOCK_SIZE); break; case CRYPTO_CIPHER_ALG_3DES: if (key_len != 24) { os_free(ctx); return NULL; } des3_key_setup(key, &ctx->u.des3.key); os_memcpy(ctx->u.des3.cbc, iv, 8); break; case CRYPTO_CIPHER_ALG_DES: if (key_len != 8) { os_free(ctx); return NULL; } des_key_setup(key, ctx->u.des.ek, ctx->u.des.dk); os_memcpy(ctx->u.des.cbc, iv, 8); break; default: os_free(ctx); return NULL; } return ctx; }
int ikev2_encr_encrypt(int alg, const u8 *key, size_t key_len, const u8 *iv, const u8 *plain, u8 *crypt, size_t len) { struct crypto_cipher *cipher; int encr_alg; #ifdef CCNS_PL if (alg == ENCR_3DES) { struct des3_key_s des3key; size_t i, blocks; u8 *pos; /* ECB mode is used incorrectly for 3DES!? */ if (key_len != 24) { wpa_printf(MSG_INFO, "IKEV2: Invalid encr key length"); return -1; } des3_key_setup(key, &des3key); blocks = len / 8; pos = crypt; for (i = 0; i < blocks; i++) { des3_encrypt(pos, &des3key, pos); pos += 8; } } else { #endif /* CCNS_PL */ switch (alg) { case ENCR_3DES: encr_alg = CRYPTO_CIPHER_ALG_3DES; break; case ENCR_AES_CBC: encr_alg = CRYPTO_CIPHER_ALG_AES; break; default: wpa_printf(MSG_DEBUG, "IKEV2: Unsupported encr alg %d", alg); return -1; } cipher = crypto_cipher_init(encr_alg, iv, key, key_len); if (cipher == NULL) { wpa_printf(MSG_INFO, "IKEV2: Failed to initialize cipher"); return -1; } if (crypto_cipher_encrypt(cipher, plain, crypt, len) < 0) { wpa_printf(MSG_INFO, "IKEV2: Encryption failed"); crypto_cipher_deinit(cipher); return -1; } crypto_cipher_deinit(cipher); #ifdef CCNS_PL } #endif /* CCNS_PL */ return 0; }
struct crypto_cipher * fast_crypto_cipher_init(enum crypto_cipher_alg alg, const uint8_t *iv, const uint8_t *key, size_t key_len) { struct fast_crypto_cipher *ctx; ctx = (struct fast_crypto_cipher *)os_zalloc(sizeof(*ctx)); if (ctx == NULL) { return NULL; } ctx->alg = alg; switch (alg) { case CRYPTO_CIPHER_ALG_RC4: if (key_len > sizeof(ctx->u.rc4.key)) { os_free(ctx); return NULL; } ctx->u.rc4.keylen = key_len; os_memcpy(ctx->u.rc4.key, key, key_len); break; case CRYPTO_CIPHER_ALG_AES: mbedtls_aes_init(&(ctx->u.aes.ctx_enc)); mbedtls_aes_setkey_enc(&(ctx->u.aes.ctx_enc), key, 256); mbedtls_aes_init(&(ctx->u.aes.ctx_dec)); mbedtls_aes_setkey_dec(&(ctx->u.aes.ctx_dec), key, 256); os_memcpy(ctx->u.aes.cbc, iv, AES_BLOCK_SIZE); break; #ifdef CONFIG_DES3 case CRYPTO_CIPHER_ALG_3DES: if (key_len != 24) { os_free(ctx); return NULL; } des3_key_setup(key, &ctx->u.des3.key); os_memcpy(ctx->u.des3.cbc, iv, 8); break; #endif #ifdef CONFIG_DES case CRYPTO_CIPHER_ALG_DES: if (key_len != 8) { os_free(ctx); return NULL; } des_key_setup(key, ctx->u.des.ek, ctx->u.des.dk); os_memcpy(ctx->u.des.cbc, iv, 8); break; #endif default: os_free(ctx); return NULL; } return (struct crypto_cipher *)ctx; }
} int tripledes_encrypt(cipher_context_t *context, uint8_t *plain, uint8_t *crypt) { int res; struct des3_key_s *key = malloc(sizeof(des3_key_s)); uint32_t work[2]; if (!key) { printf("%-40s: [ERROR] Could NOT malloc space for the des3_key_s \ struct.\r\n", __FUNCTION__); return -1; } memset(key, 0, sizeof(des3_key_s)); res = des3_key_setup(context->context, key); if (res < 0) { printf("%-40s: [ERROR] des3_key_setup failed with Code %i\r\n", __FUNCTION__, res); free(key); return -2; } work[0] = WPA_GET_BE32(plain); work[1] = WPA_GET_BE32(plain + 4); desfunc(work, key->ek[0]); desfunc(work, key->ek[1]); desfunc(work, key->ek[2]); WPA_PUT_BE32(crypt, work[0]); WPA_PUT_BE32(crypt + 4, work[1]);