From 28a7af35dd12aa6ab3b195cc62610124e39ff306 Mon Sep 17 00:00:00 2001 From: Gunar Schorcht Date: Sat, 1 Mar 2025 17:24:40 +0100 Subject: [PATCH 02/28] wpa_supplicant: add prefix wpa_ to crypto functions Prefix `wpa_` added to crypto functions of `wpa_suppplicant` to avoid name conflicts with RIOT modules `crypto` and `hashes`. --- .../src/crypto/crypto_mbedtls.c | 28 ++++++------ .../wpa_supplicant/src/ap/comeback_token.c | 6 +-- components/wpa_supplicant/src/ap/wpa_auth.c | 6 +-- components/wpa_supplicant/src/common/dpp.c | 14 +++--- .../wpa_supplicant/src/common/dpp_crypto.c | 44 +++++++++---------- components/wpa_supplicant/src/common/sae.c | 14 +++--- components/wpa_supplicant/src/common/sae_pk.c | 6 +-- .../wpa_supplicant/src/common/wpa_common.c | 40 ++++++++--------- .../wpa_supplicant/src/crypto/aes-cbc.c | 12 ++--- .../wpa_supplicant/src/crypto/aes-ccm.c | 26 +++++------ .../wpa_supplicant/src/crypto/aes-ctr.c | 6 +-- .../wpa_supplicant/src/crypto/aes-gcm.c | 12 ++--- .../src/crypto/aes-internal-dec.c | 8 ++-- .../src/crypto/aes-internal-enc.c | 8 ++-- .../wpa_supplicant/src/crypto/aes-internal.c | 2 +- .../wpa_supplicant/src/crypto/aes-omac1.c | 10 ++--- .../wpa_supplicant/src/crypto/aes-unwrap.c | 6 +-- .../wpa_supplicant/src/crypto/aes-wrap.c | 6 +-- components/wpa_supplicant/src/crypto/aes.h | 12 ++--- components/wpa_supplicant/src/crypto/aes_i.h | 2 +- components/wpa_supplicant/src/crypto/crypto.h | 40 ++++++++--------- .../src/crypto/crypto_internal-cipher.c | 14 +++--- .../src/crypto/crypto_internal.c | 38 ++++++++-------- .../wpa_supplicant/src/crypto/crypto_ops.c | 4 +- .../wpa_supplicant/src/crypto/ms_funcs.c | 10 ++--- .../wpa_supplicant/src/crypto/sha1-internal.c | 2 +- .../wpa_supplicant/src/crypto/sha1-pbkdf2.c | 4 +- .../wpa_supplicant/src/crypto/sha1-prf.c | 6 +-- .../wpa_supplicant/src/crypto/sha1-tlsprf.c | 6 +-- .../wpa_supplicant/src/crypto/sha1-tprf.c | 4 +- components/wpa_supplicant/src/crypto/sha1.c | 12 ++--- components/wpa_supplicant/src/crypto/sha1.h | 8 ++-- .../src/crypto/sha256-internal.c | 24 +++++----- .../wpa_supplicant/src/crypto/sha256-kdf.c | 6 +-- .../wpa_supplicant/src/crypto/sha256-prf.c | 10 ++--- .../wpa_supplicant/src/crypto/sha256-tlsprf.c | 6 +-- components/wpa_supplicant/src/crypto/sha256.c | 12 ++--- components/wpa_supplicant/src/crypto/sha256.h | 10 ++--- .../wpa_supplicant/src/crypto/sha256_i.h | 6 +-- .../src/crypto/sha384-internal.c | 18 ++++---- .../wpa_supplicant/src/crypto/sha384-prf.c | 10 ++--- .../wpa_supplicant/src/crypto/sha384-tlsprf.c | 6 +-- components/wpa_supplicant/src/crypto/sha384.h | 10 ++--- .../wpa_supplicant/src/crypto/sha384_i.h | 6 +-- .../src/crypto/sha512-internal.c | 24 +++++----- .../wpa_supplicant/src/crypto/sha512_i.h | 6 +-- .../wpa_supplicant/src/eap_peer/eap_fast.c | 6 +-- .../src/eap_peer/eap_fast_common.c | 6 +-- .../wpa_supplicant/src/eap_peer/eap_peap.c | 4 +- .../src/eap_peer/eap_peap_common.c | 2 +- .../src/eap_server/eap_server.c | 16 +++---- components/wpa_supplicant/src/rsn_supp/wpa.c | 6 +-- components/wpa_supplicant/src/tls/pkcs5.c | 4 +- .../src/tls/tlsv1_client_ocsp.c | 10 ++--- .../src/tls/tlsv1_client_read.c | 4 +- .../wpa_supplicant/src/tls/tlsv1_cred.c | 8 ++-- components/wpa_supplicant/src/tls/x509v3.c | 8 ++-- components/wpa_supplicant/src/utils/base64.c | 12 ++--- components/wpa_supplicant/src/utils/base64.h | 14 +++--- components/wpa_supplicant/src/utils/json.c | 4 +- .../wpa_supplicant/src/wps/wps_attr_build.c | 6 +-- .../wpa_supplicant/src/wps/wps_attr_process.c | 4 +- .../wpa_supplicant/src/wps/wps_common.c | 10 ++--- .../wpa_supplicant/src/wps/wps_enrollee.c | 10 ++--- .../wpa_supplicant/src/wps/wps_registrar.c | 12 ++--- 65 files changed, 358 insertions(+), 358 deletions(-) diff --git a/components/wpa_supplicant/esp_supplicant/src/crypto/crypto_mbedtls.c b/components/wpa_supplicant/esp_supplicant/src/crypto/crypto_mbedtls.c index b2679a04ea..61d320d396 100644 --- a/components/wpa_supplicant/esp_supplicant/src/crypto/crypto_mbedtls.c +++ b/components/wpa_supplicant/esp_supplicant/src/crypto/crypto_mbedtls.c @@ -84,25 +84,25 @@ cleanup: } -int sha256_vector(size_t num_elem, const u8 *addr[], const size_t *len, +int wpa_sha256_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac) { return digest_vector(MBEDTLS_MD_SHA256, num_elem, addr, len, mac); } -int sha384_vector(size_t num_elem, const u8 *addr[], const size_t *len, +int wpa_sha384_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac) { return digest_vector(MBEDTLS_MD_SHA384, num_elem, addr, len, mac); } -int sha512_vector(size_t num_elem, const u8 *addr[], const size_t *len, +int wpa_sha512_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac) { return digest_vector(MBEDTLS_MD_SHA512, num_elem, addr, len, mac); } -int sha1_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac) +int wpa_sha1_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac) { return digest_vector(MBEDTLS_MD_SHA1, num_elem, addr, len, mac); } @@ -323,30 +323,30 @@ static int hmac_vector(mbedtls_md_type_t md_type, return ret; } -int hmac_sha384_vector(const u8 *key, size_t key_len, size_t num_elem, +int wpa_hmac_sha384_vector(const u8 *key, size_t key_len, size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac) { return hmac_vector(MBEDTLS_MD_SHA384, key, key_len, num_elem, addr, len, mac); } -int hmac_sha384(const u8 *key, size_t key_len, const u8 *data, +int wpa_hmac_sha384(const u8 *key, size_t key_len, const u8 *data, size_t data_len, u8 *mac) { - return hmac_sha384_vector(key, key_len, 1, &data, &data_len, mac); + return wpa_hmac_sha384_vector(key, key_len, 1, &data, &data_len, mac); } -int hmac_sha256_vector(const u8 *key, size_t key_len, size_t num_elem, +int wpa_hmac_sha256_vector(const u8 *key, size_t key_len, size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac) { return hmac_vector(MBEDTLS_MD_SHA256, key, key_len, num_elem, addr, len, mac); } -int hmac_sha256(const u8 *key, size_t key_len, const u8 *data, +int wpa_hmac_sha256(const u8 *key, size_t key_len, const u8 *data, size_t data_len, u8 *mac) { - return hmac_sha256_vector(key, key_len, 1, &data, &data_len, mac); + return wpa_hmac_sha256_vector(key, key_len, 1, &data, &data_len, mac); } int hmac_md5_vector(const u8 *key, size_t key_len, size_t num_elem, @@ -362,17 +362,17 @@ int hmac_md5(const u8 *key, size_t key_len, const u8 *data, size_t data_len, return hmac_md5_vector(key, key_len, 1, &data, &data_len, mac); } -int hmac_sha1_vector(const u8 *key, size_t key_len, size_t num_elem, +int wpa_hmac_sha1_vector(const u8 *key, size_t key_len, size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac) { return hmac_vector(MBEDTLS_MD_SHA1, key, key_len, num_elem, addr, len, mac); } -int hmac_sha1(const u8 *key, size_t key_len, const u8 *data, size_t data_len, +int wpa_hmac_sha1(const u8 *key, size_t key_len, const u8 *data, size_t data_len, u8 *mac) { - return hmac_sha1_vector(key, key_len, 1, &data, &data_len, mac); + return wpa_hmac_sha1_vector(key, key_len, 1, &data, &data_len, mac); } static void *aes_crypt_init(int mode, const u8 *key, size_t len) @@ -416,7 +416,7 @@ void *aes_encrypt_init(const u8 *key, size_t len) return aes_crypt_init(MBEDTLS_AES_ENCRYPT, key, len); } -int aes_encrypt(void *ctx, const u8 *plain, u8 *crypt) +int wpa_aes_encrypt(void *ctx, const u8 *plain, u8 *crypt) { return aes_crypt(ctx, MBEDTLS_AES_ENCRYPT, plain, crypt); } diff --git a/components/wpa_supplicant/src/ap/comeback_token.c b/components/wpa_supplicant/src/ap/comeback_token.c index f6693e8a51..22e826749a 100644 --- a/components/wpa_supplicant/src/ap/comeback_token.c +++ b/components/wpa_supplicant/src/ap/comeback_token.c @@ -21,7 +21,7 @@ int comeback_token_hash(const u8 *comeback_key, const u8 *addr, u8 *idx) { u8 hash[SHA256_MAC_LEN]; - if (hmac_sha256(comeback_key, COMEBACK_KEY_SIZE, + if (wpa_hmac_sha256(comeback_key, COMEBACK_KEY_SIZE, addr, ETH_ALEN, hash) < 0) return -1; *idx = hash[0]; @@ -56,7 +56,7 @@ int check_comeback_token(const u8 *comeback_key, len[0] = ETH_ALEN; addrs[1] = token; len[1] = 2; - if (hmac_sha256_vector(comeback_key, COMEBACK_KEY_SIZE, + if (wpa_hmac_sha256_vector(comeback_key, COMEBACK_KEY_SIZE, 2, addrs, len, mac) < 0 || os_memcmp_const(token + 2, &mac[2], SHA256_MAC_LEN - 2) != 0) { return -1; @@ -129,7 +129,7 @@ auth_build_token_req(struct os_reltime *last_comeback_key_update, len[0] = ETH_ALEN; addrs[1] = idx; len[1] = sizeof(idx); - if (hmac_sha256_vector(comeback_key, COMEBACK_KEY_SIZE, + if (wpa_hmac_sha256_vector(comeback_key, COMEBACK_KEY_SIZE, 2, addrs, len, token) < 0) { wpabuf_free(buf); return NULL; diff --git a/components/wpa_supplicant/src/ap/wpa_auth.c b/components/wpa_supplicant/src/ap/wpa_auth.c index 58748a85ff..dedd74f41b 100644 --- a/components/wpa_supplicant/src/ap/wpa_auth.c +++ b/components/wpa_supplicant/src/ap/wpa_auth.c @@ -301,7 +301,7 @@ static int wpa_group_init_gmk_and_counter(struct wpa_authenticator *wpa_auth, if (os_get_random(rkey, sizeof(rkey)) < 0) return -1; - if (sha1_prf(rkey, sizeof(rkey), "Init Counter", buf, sizeof(buf), + if (wpa_sha1_prf(rkey, sizeof(rkey), "Init Counter", buf, sizeof(buf), group->Counter, WPA_NONCE_LEN) < 0) return -1; wpa_hexdump_key(MSG_DEBUG, "Key Counter", @@ -993,9 +993,9 @@ static int wpa_gmk_to_gtk(const u8 *gmk, const char *label, const u8 *addr, ret = -1; #ifdef CONFIG_IEEE80211W - sha256_prf(gmk, WPA_GMK_LEN, label, data, sizeof(data), gtk, gtk_len); + wpa_sha256_prf(gmk, WPA_GMK_LEN, label, data, sizeof(data), gtk, gtk_len); #else /* CONFIG_IEEE80211W */ - if (sha1_prf(gmk, WPA_GMK_LEN, label, data, sizeof(data), gtk, gtk_len) < 0) + if (wpa_sha1_prf(gmk, WPA_GMK_LEN, label, data, sizeof(data), gtk, gtk_len) < 0) ret = -1; #endif /* CONFIG_IEEE80211W */ diff --git a/components/wpa_supplicant/src/common/dpp.c b/components/wpa_supplicant/src/common/dpp.c index 7fa67d10fa..b979870a54 100644 --- a/components/wpa_supplicant/src/common/dpp.c +++ b/components/wpa_supplicant/src/common/dpp.c @@ -3246,7 +3246,7 @@ int dpp_get_config_obj_hash(char *signed1, size_t signed1_len, len[1] = 1; addr[2] = (unsigned char *)signed2; len[2] = signed2_len; - ret = sha256_vector(3, addr, len, hash); + ret = wpa_sha256_vector(3, addr, len, hash); return ret; } @@ -3358,11 +3358,11 @@ skip_groups: json_value_sep(jws_prot_hdr); json_add_string(jws_prot_hdr, "alg", curve->jws_alg); json_end_object(jws_prot_hdr); - signed1 = base64_url_encode(wpabuf_head(jws_prot_hdr), + signed1 = wpa_base64_url_encode(wpabuf_head(jws_prot_hdr), wpabuf_len(jws_prot_hdr), &signed1_len); wpabuf_free(jws_prot_hdr); - signed2 = base64_url_encode(wpabuf_head(dppcon), wpabuf_len(dppcon), + signed2 = wpa_base64_url_encode(wpabuf_head(dppcon), wpabuf_len(dppcon), &signed2_len); if (!signed1 || !signed2) goto fail; @@ -3389,7 +3389,7 @@ skip_groups: signature_len = 2 * curve->prime_len; wpa_hexdump(MSG_DEBUG, "DPP: signedConnector ECDSA signature (raw r,s)", signature, signature_len); - signed3 = base64_url_encode(signature, signature_len, &signed3_len); + signed3 = wpa_base64_url_encode(signature, signature_len, &signed3_len); if (!signed3) goto fail; @@ -4609,13 +4609,13 @@ dpp_keygen_configurator(const char *curve, u8 *privkey, /* kid = SHA256(ANSI X9.63 uncompressed C-sign-key) */ addr[0] = wpabuf_head(csign_pub); len[0] = wpabuf_len(csign_pub); - if (sha256_vector(1, addr, len, kid_hash) < 0) { + if (wpa_sha256_vector(1, addr, len, kid_hash) < 0) { wpa_printf(MSG_DEBUG, "DPP: Failed to derive kid for C-sign-key"); goto fail; } - conf->kid = base64_url_encode(kid_hash, sizeof(kid_hash), NULL); + conf->kid = wpa_base64_url_encode(kid_hash, sizeof(kid_hash), NULL); if (!conf->kid) goto fail; out: @@ -4771,7 +4771,7 @@ struct json_token * dpp_parse_own_connector(const char *own_connector) wpa_printf(MSG_DEBUG, "DPP: Own connector is missing second dot (.)"); return NULL; } - own_conn = base64_url_decode(pos, end - pos, &own_conn_len); + own_conn = wpa_base64_url_decode(pos, end - pos, &own_conn_len); if (!own_conn) { wpa_printf(MSG_DEBUG, "DPP: Failed to base64url decode own signedConnectior JWS Payload"); diff --git a/components/wpa_supplicant/src/common/dpp_crypto.c b/components/wpa_supplicant/src/common/dpp_crypto.c index b95584e8e1..67eb811936 100644 --- a/components/wpa_supplicant/src/common/dpp_crypto.c +++ b/components/wpa_supplicant/src/common/dpp_crypto.c @@ -90,12 +90,12 @@ int dpp_hash_vector(const struct dpp_curve_params *curve, u8 *mac) { if (curve->hash_len == 32) - return sha256_vector(num_elem, addr, len, mac); + return wpa_sha256_vector(num_elem, addr, len, mac); #ifndef ESP_SUPPLICANT if (curve->hash_len == 48) - return sha384_vector(num_elem, addr, len, mac); + return wpa_sha384_vector(num_elem, addr, len, mac); if (curve->hash_len == 64) - return sha512_vector(num_elem, addr, len, mac); + return wpa_sha512_vector(num_elem, addr, len, mac); #endif return -1; } @@ -105,16 +105,16 @@ int dpp_hkdf_expand(size_t hash_len, const u8 *secret, size_t secret_len, const char *label, u8 *out, size_t outlen) { if (hash_len == 32) - return hmac_sha256_kdf(secret, secret_len, NULL, + return wpa_hmac_sha256_kdf(secret, secret_len, NULL, (const u8 *) label, os_strlen(label), out, outlen); #ifndef ESP_SUPPLICANT if (hash_len == 48) - return hmac_sha384_kdf(secret, secret_len, NULL, + return wpa_hmac_sha384_kdf(secret, secret_len, NULL, (const u8 *) label, os_strlen(label), out, outlen); if (hash_len == 64) - return hmac_sha512_kdf(secret, secret_len, NULL, + return wpa_hmac_sha512_kdf(secret, secret_len, NULL, (const u8 *) label, os_strlen(label), out, outlen); #endif @@ -127,14 +127,14 @@ int dpp_hmac_vector(size_t hash_len, const u8 *key, size_t key_len, u8 *mac) { if (hash_len == 32) - return hmac_sha256_vector(key, key_len, num_elem, addr, len, + return wpa_hmac_sha256_vector(key, key_len, num_elem, addr, len, mac); #ifndef ESP_SUPPLICANT if (hash_len == 48) - return hmac_sha384_vector(key, key_len, num_elem, addr, len, + return wpa_hmac_sha384_vector(key, key_len, num_elem, addr, len, mac); if (hash_len == 64) - return hmac_sha512_vector(key, key_len, num_elem, addr, len, + return wpa_hmac_sha512_vector(key, key_len, num_elem, addr, len, mac); #endif return -1; @@ -145,12 +145,12 @@ int dpp_hmac(size_t hash_len, const u8 *key, size_t key_len, const u8 *data, size_t data_len, u8 *mac) { if (hash_len == 32) - return hmac_sha256(key, key_len, data, data_len, mac); + return wpa_hmac_sha256(key, key_len, data, data_len, mac); #ifndef ESP_SUPPLICANT if (hash_len == 48) - return hmac_sha384(key, key_len, data, data_len, mac); + return wpa_hmac_sha384(key, key_len, data, data_len, mac); if (hash_len == 64) - return hmac_sha512(key, key_len, data, data_len, mac); + return wpa_hmac_sha512(key, key_len, data, data_len, mac); #endif return -1; } @@ -226,7 +226,7 @@ int dpp_bi_pubkey_hash(struct dpp_bootstrap_info *bi, addr[0] = data; len[0] = data_len; - if (sha256_vector(1, addr, len, bi->pubkey_hash) < 0) + if (wpa_sha256_vector(1, addr, len, bi->pubkey_hash) < 0) return -1; wpa_hexdump(MSG_DEBUG, "DPP: Public key hash", bi->pubkey_hash, SHA256_MAC_LEN); @@ -235,7 +235,7 @@ int dpp_bi_pubkey_hash(struct dpp_bootstrap_info *bi, len[0] = 5; addr[1] = data; len[1] = data_len; - if (sha256_vector(2, addr, len, bi->pubkey_hash_chirp) < 0) + if (wpa_sha256_vector(2, addr, len, bi->pubkey_hash_chirp) < 0) return -1; wpa_hexdump(MSG_DEBUG, "DPP: Public key hash (chirp)", bi->pubkey_hash_chirp, SHA256_MAC_LEN); @@ -614,7 +614,7 @@ int dpp_check_pubkey_match(struct crypto_ec_key *pub, struct wpabuf *r_hash) len[0] = wpabuf_len(uncomp); wpa_hexdump(MSG_DEBUG, "DPP: Uncompressed public key", addr[0], len[0]); - res = sha256_vector(1, addr, len, hash); + res = wpa_sha256_vector(1, addr, len, hash); wpabuf_free(uncomp); if (res < 0) return -1; @@ -655,7 +655,7 @@ dpp_process_signed_connector(struct dpp_signed_connector_info *info, ret = DPP_STATUS_INVALID_CONNECTOR; goto fail; } - prot_hdr = base64_url_decode(pos, end - pos, &prot_hdr_len); + prot_hdr = wpa_base64_url_decode(pos, end - pos, &prot_hdr_len); if (!prot_hdr) { wpa_printf(MSG_DEBUG, "DPP: Failed to base64url decode signedConnector JWS Protected Header"); @@ -687,7 +687,7 @@ dpp_process_signed_connector(struct dpp_signed_connector_info *info, goto fail; } signed_end = end - 1; - info->payload = base64_url_decode(pos, end - pos, &info->payload_len); + info->payload = wpa_base64_url_decode(pos, end - pos, &info->payload_len); if (!info->payload) { wpa_printf(MSG_DEBUG, "DPP: Failed to base64url decode signedConnector JWS Payload"); @@ -698,7 +698,7 @@ dpp_process_signed_connector(struct dpp_signed_connector_info *info, "DPP: signedConnector - JWS Payload", (u8 *)info->payload, info->payload_len); pos = end + 1; - signature = base64_url_decode(pos, os_strlen(pos), &signature_len); + signature = wpa_base64_url_decode(pos, os_strlen(pos), &signature_len); if (!signature) { wpa_printf(MSG_DEBUG, "DPP: Failed to base64url decode signedConnector signature"); @@ -729,7 +729,7 @@ dpp_process_signed_connector(struct dpp_signed_connector_info *info, } if (hash_func == CRYPTO_HASH_ALG_SHA256) { - if ((sha256_vector(1, (const u8 **) &signed_start, &signed_len, hash)) != 0) { + if ((wpa_sha256_vector(1, (const u8 **) &signed_start, &signed_len, hash)) != 0) { goto fail; } } else { @@ -1115,7 +1115,7 @@ int dpp_derive_pmkid(const struct dpp_curve_params *curve, } wpa_hexdump(MSG_DEBUG, "DPP: PMKID hash payload 1", addr[0], len[0]); wpa_hexdump(MSG_DEBUG, "DPP: PMKID hash payload 2", addr[1], len[1]); - res = sha256_vector(2, addr, len, hash); + res = wpa_sha256_vector(2, addr, len, hash); if (res < 0) goto fail; wpa_hexdump(MSG_DEBUG, "DPP: PMKID hash output", hash, SHA256_MAC_LEN); @@ -1157,7 +1157,7 @@ char * dpp_corrupt_connector_signature(const char *connector) wpa_printf(MSG_DEBUG, "DPP: Original base64url encoded signature: %s", pos); - signature = base64_url_decode(pos, os_strlen(pos), &signature_len); + signature = wpa_base64_url_decode(pos, os_strlen(pos), &signature_len); if (!signature || signature_len == 0) goto fail; wpa_hexdump(MSG_DEBUG, "DPP: Original Connector signature", @@ -1165,7 +1165,7 @@ char * dpp_corrupt_connector_signature(const char *connector) signature[signature_len - 1] ^= 0x01; wpa_hexdump(MSG_DEBUG, "DPP: Corrupted Connector signature", signature, signature_len); - signed3 = base64_url_encode(signature, signature_len, &signed3_len); + signed3 = wpa_base64_url_encode(signature, signature_len, &signed3_len); if (!signed3) goto fail; os_memcpy(pos, signed3, signed3_len); diff --git a/components/wpa_supplicant/src/common/sae.c b/components/wpa_supplicant/src/common/sae.c index 363aa0c4fe..afb2db7b0d 100644 --- a/components/wpa_supplicant/src/common/sae.c +++ b/components/wpa_supplicant/src/common/sae.c @@ -146,7 +146,7 @@ static int sae_test_pwd_seed_ecc(struct sae_data *sae, const u8 *pwd_seed, /* pwd-value = KDF-z(pwd-seed, "SAE Hunting and Pecking", p) */ bits = crypto_ec_prime_len_bits(sae->tmp->ec); - if (sha256_prf_bits(pwd_seed, SHA256_MAC_LEN, "SAE Hunting and Pecking", + if (wpa_sha256_prf_bits(pwd_seed, SHA256_MAC_LEN, "SAE Hunting and Pecking", prime, sae->tmp->prime_len, pwd_value, bits) < 0) return ESP_FAIL; if (bits % 8) @@ -196,7 +196,7 @@ static int sae_test_pwd_seed_ffc(struct sae_data *sae, const u8 *pwd_seed, wpa_hexdump_key(MSG_DEBUG, "SAE: pwd-seed", pwd_seed, SHA256_MAC_LEN); /* pwd-value = KDF-z(pwd-seed, "SAE Hunting and Pecking", p) */ - if (sha256_prf_bits(pwd_seed, SHA256_MAC_LEN, "SAE Hunting and Pecking", + if (wpa_sha256_prf_bits(pwd_seed, SHA256_MAC_LEN, "SAE Hunting and Pecking", sae->tmp->dh->prime, sae->tmp->prime_len, pwd_value, bits) < 0) return ESP_FAIL; @@ -350,7 +350,7 @@ static int sae_derive_pwe_ecc(struct sae_data *sae, const u8 *addr1, wpa_printf(MSG_MSGDUMP, "SAE: counter = %03u", counter); const_time_select_bin(found, stub_password, password, password_len, tmp_password); - if (hmac_sha256_vector(addrs, sizeof(addrs), 2, + if (wpa_hmac_sha256_vector(addrs, sizeof(addrs), 2, addr, len, pwd_seed) < 0) break; @@ -489,7 +489,7 @@ static int sae_derive_pwe_ffc(struct sae_data *sae, const u8 *addr1, } wpa_printf(MSG_DEBUG, "SAE: counter = %02u", counter); - if (hmac_sha256_vector(addrs, sizeof(addrs), 2, + if (wpa_hmac_sha256_vector(addrs, sizeof(addrs), 2, addr, len, pwd_seed) < 0) break; res = sae_test_pwd_seed_ffc(sae, pwd_seed, pwe); @@ -527,7 +527,7 @@ static int hkdf_extract(size_t hash_len, const u8 *salt, size_t salt_len, u8 *prk) { if (hash_len == 32) - return hmac_sha256_vector(salt, salt_len, num_elem, addr, len, + return wpa_hmac_sha256_vector(salt, salt_len, num_elem, addr, len, prk); return -1; } @@ -539,7 +539,7 @@ static int hkdf_expand(size_t hash_len, const u8 *prk, size_t prk_len, size_t info_len = os_strlen(info); if (hash_len == 32) - return hmac_sha256_kdf(prk, prk_len, NULL, + return wpa_hmac_sha256_kdf(prk, prk_len, NULL, (const u8 *) info, info_len, okm, okm_len); return -1; @@ -1455,7 +1455,7 @@ static int sae_kdf_hash(size_t hash_len, const u8 *k, const char *label, u8 *out, size_t out_len) { if (hash_len == 32) - return sha256_prf(k, hash_len, label, + return wpa_sha256_prf(k, hash_len, label, context, context_len, out, out_len); return -1; } diff --git a/components/wpa_supplicant/src/common/sae_pk.c b/components/wpa_supplicant/src/common/sae_pk.c index 472ef03d2c..1baba9ff6c 100644 --- a/components/wpa_supplicant/src/common/sae_pk.c +++ b/components/wpa_supplicant/src/common/sae_pk.c @@ -462,16 +462,16 @@ static size_t sae_group_2_hash_len(int group) int sae_hash(size_t hash_len, const u8 *data, size_t len, u8 *hash) { if (hash_len == 32) { - return sha256_vector(1, &data, &len, hash); + return wpa_sha256_vector(1, &data, &len, hash); } #ifdef CONFIG_SHA384 if (hash_len == 48) { - return sha384_vector(1, &data, &len, hash); + return wpa_sha384_vector(1, &data, &len, hash); } #endif /* CONFIG_SHA384 */ #ifdef CONFIG_SHA512 if (hash_len == 64) { - return sha512_vector(1, &data, &len, hash); + return wpa_sha512_vector(1, &data, &len, hash); } #endif /* CONFIG_SHA512 */ return -1; diff --git a/components/wpa_supplicant/src/common/wpa_common.c b/components/wpa_supplicant/src/common/wpa_common.c index faa0be573c..a8181a1e12 100644 --- a/components/wpa_supplicant/src/common/wpa_common.c +++ b/components/wpa_supplicant/src/common/wpa_common.c @@ -705,7 +705,7 @@ void wpa_derive_pmk_r0(const u8 *xxkey, size_t xxkey_len, os_memcpy(pos, s0kh_id, ETH_ALEN); pos += ETH_ALEN; - sha256_prf(xxkey, xxkey_len, "FT-R0", buf, pos - buf, + wpa_sha256_prf(xxkey, xxkey_len, "FT-R0", buf, pos - buf, r0_key_data, sizeof(r0_key_data)); os_memcpy(pmk_r0, r0_key_data, PMK_LEN); @@ -717,7 +717,7 @@ void wpa_derive_pmk_r0(const u8 *xxkey, size_t xxkey_len, addr[1] = r0_key_data + PMK_LEN; len[1] = 16; - sha256_vector(2, addr, len, hash); + wpa_sha256_vector(2, addr, len, hash); os_memcpy(pmk_r0_name, hash, WPA_PMK_NAME_LEN); } @@ -747,7 +747,7 @@ void wpa_derive_pmk_r1_name(const u8 *pmk_r0_name, const u8 *r1kh_id, addr[3] = s1kh_id; len[3] = ETH_ALEN; - sha256_vector(4, addr, len, hash); + wpa_sha256_vector(4, addr, len, hash); os_memcpy(pmk_r1_name, hash, WPA_PMK_NAME_LEN); } @@ -771,7 +771,7 @@ void wpa_derive_pmk_r1(const u8 *pmk_r0, const u8 *pmk_r0_name, os_memcpy(pos, s1kh_id, ETH_ALEN); pos += ETH_ALEN; - sha256_prf(pmk_r0, PMK_LEN, "FT-R1", buf, pos - buf, pmk_r1, PMK_LEN); + wpa_sha256_prf(pmk_r0, PMK_LEN, "FT-R1", buf, pos - buf, pmk_r1, PMK_LEN); wpa_derive_pmk_r1_name(pmk_r0_name, r1kh_id, s1kh_id, pmk_r1_name); } @@ -813,7 +813,7 @@ int wpa_pmk_r1_to_ptk(const u8 *pmk_r1, const u8 *snonce, const u8 *anonce, ptk->tk_len = wpa_cipher_key_len(cipher); ptk_len = ptk->kck_len + ptk->kek_len + ptk->tk_len; - sha256_prf(pmk_r1, PMK_LEN, "FT-PTK", buf, pos - buf, tmp, ptk_len); + wpa_sha256_prf(pmk_r1, PMK_LEN, "FT-PTK", buf, pos - buf, tmp, ptk_len); /* * PTKName = Truncate-128(SHA-256(PMKR1Name || "FT-PTKN" || SNonce || @@ -832,7 +832,7 @@ int wpa_pmk_r1_to_ptk(const u8 *pmk_r1, const u8 *snonce, const u8 *anonce, addr[5] = sta_addr; len[5] = ETH_ALEN; - sha256_vector(6, addr, len, hash); + wpa_sha256_vector(6, addr, len, hash); os_memcpy(ptk_name, hash, WPA_PMK_NAME_LEN); os_memcpy(ptk->kck, tmp, ptk->kck_len); @@ -916,7 +916,7 @@ int wpa_eapol_key_mic(const u8 *key, size_t key_len, int akmp, int ver, case WPA_KEY_INFO_TYPE_HMAC_MD5_RC4: return hmac_md5(key, key_len, buf, len, mic); case WPA_KEY_INFO_TYPE_HMAC_SHA1_AES: - if (hmac_sha1(key, key_len, buf, len, hash)) + if (wpa_hmac_sha1(key, key_len, buf, len, hash)) return -1; os_memcpy(mic, hash, MD5_MAC_LEN); break; @@ -933,7 +933,7 @@ int wpa_eapol_key_mic(const u8 *key, size_t key_len, int akmp, int ver, "WPA: EAPOL-Key MIC using HMAC-SHA%u (AKM-defined - SAE-EXT-KEY)", (unsigned int) key_len * 8 * 2); if (key_len == 128 / 8) { - if (hmac_sha256(key, key_len, buf, len, hash)) + if (wpa_hmac_sha256(key, key_len, buf, len, hash)) return -1; } else { wpa_printf(MSG_INFO, @@ -946,14 +946,14 @@ int wpa_eapol_key_mic(const u8 *key, size_t key_len, int akmp, int ver, #endif /* CONFIG_WPA3_SAE */ #ifdef CONFIG_SUITEB case WPA_KEY_MGMT_IEEE8021X_SUITE_B: - if (hmac_sha256(key, key_len, buf, len, hash)) + if (wpa_hmac_sha256(key, key_len, buf, len, hash)) return -1; os_memcpy(mic, hash, MD5_MAC_LEN); break; #endif /* CONFIG_SUITEB */ #ifdef CONFIG_SUITEB192 case WPA_KEY_MGMT_IEEE8021X_SUITE_B_192: - if (hmac_sha384(key, key_len, buf, len, hash)) + if (wpa_hmac_sha384(key, key_len, buf, len, hash)) return -1; os_memcpy(mic, hash, 24); break; @@ -964,7 +964,7 @@ int wpa_eapol_key_mic(const u8 *key, size_t key_len, int akmp, int ver, "WPA: EAPOL-Key MIC using HMAC-SHA%u (AKM-defined - OWE)", (unsigned int) key_len * 8 * 2); if (key_len == 128 / 8) { - if (hmac_sha256(key, key_len, buf, len, hash)) + if (wpa_hmac_sha256(key, key_len, buf, len, hash)) return -1; } else { wpa_printf(MSG_INFO,"OWE: Unsupported KCK length: %u", @@ -981,7 +981,7 @@ int wpa_eapol_key_mic(const u8 *key, size_t key_len, int akmp, int ver, "WPA: EAPOL-Key MIC using HMAC-SHA%u (AKM-defined - DPP)", (unsigned int) key_len * 8 * 2); if (key_len == 128 / 8) { - if (hmac_sha256(key, key_len, buf, len, hash)) + if (wpa_hmac_sha256(key, key_len, buf, len, hash)) return -1; } else { wpa_printf(MSG_INFO, @@ -1099,7 +1099,7 @@ int rsn_pmkid_suite_b(const u8 *kck, size_t kck_len, const u8 *aa, addr[1] = aa; addr[2] = spa; - if (hmac_sha256_vector(kck, kck_len, 3, addr, len, hash) < 0) + if (wpa_hmac_sha256_vector(kck, kck_len, 3, addr, len, hash) < 0) return -1; os_memcpy(pmkid, hash, PMKID_LEN); return 0; @@ -1131,7 +1131,7 @@ int rsn_pmkid_suite_b_192(const u8 *kck, size_t kck_len, const u8 *aa, addr[1] = aa; addr[2] = spa; - if (hmac_sha384_vector(kck, kck_len, 3, addr, len, hash) < 0) + if (wpa_hmac_sha384_vector(kck, kck_len, 3, addr, len, hash) < 0) return -1; os_memcpy(pmkid, hash, PMKID_LEN); return 0; @@ -1230,20 +1230,20 @@ int wpa_pmk_to_ptk(const u8 *pmk, size_t pmk_len, const char *label, #if defined(CONFIG_SUITEB192) if (wpa_key_mgmt_sha384(akmp)) { wpa_printf(MSG_DEBUG, "WPA: PTK derivation using PRF(SHA384)"); - if (sha384_prf(pmk, pmk_len, label, data, data_len, + if (wpa_sha384_prf(pmk, pmk_len, label, data, data_len, tmp, ptk_len) < 0) return -1; } else #endif if (wpa_key_mgmt_sha256(akmp)) { - sha256_prf(pmk, pmk_len, label, data, data_len, + wpa_sha256_prf(pmk, pmk_len, label, data, data_len, tmp, ptk_len); #ifdef CONFIG_WPA3_SAE } else if (wpa_key_mgmt_sae_ext_key(akmp)) { if (pmk_len == 32) { wpa_printf(MSG_DEBUG, "SAE: PTK derivation using PRF(SHA256)"); - if (sha256_prf(pmk, pmk_len, label, data, data_len, + if (wpa_sha256_prf(pmk, pmk_len, label, data, data_len, tmp, ptk_len) < 0) return -1; } else { @@ -1253,7 +1253,7 @@ int wpa_pmk_to_ptk(const u8 *pmk, size_t pmk_len, const char *label, } #endif /* CONFIG_WPA3_SAE */ } else { - sha1_prf(pmk, pmk_len, label, data, data_len, tmp, ptk_len); + wpa_sha1_prf(pmk, pmk_len, label, data, data_len, tmp, ptk_len); } wpa_printf(MSG_DEBUG, "WPA: PTK derivation - A1=" MACSTR " A2=" MACSTR"\n", MAC2STR(addr1), MAC2STR(addr2)); @@ -1301,12 +1301,12 @@ void rsn_pmkid(const u8 *pmk, size_t pmk_len, const u8 *aa, const u8 *spa, #ifdef CONFIG_IEEE80211W if (wpa_key_mgmt_sha256(akmp)) { wpa_printf(MSG_DEBUG, "RSN: Derive PMKID using HMAC-SHA-256"); - hmac_sha256_vector(pmk, pmk_len, 3, addr, len, hash); + wpa_hmac_sha256_vector(pmk, pmk_len, 3, addr, len, hash); } else #endif /* CONFIG_IEEE80211W */ { wpa_printf(MSG_DEBUG, "RSN: Derive PMKID using HMAC-SHA-1"); - hmac_sha1_vector(pmk, pmk_len, 3, addr, len, hash); + wpa_hmac_sha1_vector(pmk, pmk_len, 3, addr, len, hash); } os_memcpy(pmkid, hash, PMKID_LEN); } diff --git a/components/wpa_supplicant/src/crypto/aes-cbc.c b/components/wpa_supplicant/src/crypto/aes-cbc.c index 0835f2cfb7..c5ce6f2bf7 100644 --- a/components/wpa_supplicant/src/crypto/aes-cbc.c +++ b/components/wpa_supplicant/src/crypto/aes-cbc.c @@ -31,7 +31,7 @@ int aes_128_cbc_encrypt(const u8 *key, const u8 *iv, u8 *data, size_t data_len) if (TEST_FAIL()) return -1; - ctx = aes_encrypt_init(key, 16); + ctx = wpa_aes_encrypt_init(key, 16); if (ctx == NULL) return -1; os_memcpy(cbc, iv, AES_BLOCK_SIZE); @@ -40,11 +40,11 @@ int aes_128_cbc_encrypt(const u8 *key, const u8 *iv, u8 *data, size_t data_len) for (i = 0; i < blocks; i++) { for (j = 0; j < AES_BLOCK_SIZE; j++) cbc[j] ^= pos[j]; - aes_encrypt(ctx, cbc, cbc); + wpa_aes_encrypt(ctx, cbc, cbc); os_memcpy(pos, cbc, AES_BLOCK_SIZE); pos += AES_BLOCK_SIZE; } - aes_encrypt_deinit(ctx); + wpa_aes_encrypt_deinit(ctx); return 0; } @@ -67,7 +67,7 @@ int aes_128_cbc_decrypt(const u8 *key, const u8 *iv, u8 *data, size_t data_len) if (TEST_FAIL()) return -1; - ctx = aes_decrypt_init(key, 16); + ctx = wpa_aes_decrypt_init(key, 16); if (ctx == NULL) return -1; os_memcpy(cbc, iv, AES_BLOCK_SIZE); @@ -75,12 +75,12 @@ int aes_128_cbc_decrypt(const u8 *key, const u8 *iv, u8 *data, size_t data_len) blocks = data_len / AES_BLOCK_SIZE; for (i = 0; i < blocks; i++) { os_memcpy(tmp, pos, AES_BLOCK_SIZE); - aes_decrypt(ctx, pos, pos); + wpa_aes_decrypt(ctx, pos, pos); for (j = 0; j < AES_BLOCK_SIZE; j++) pos[j] ^= cbc[j]; os_memcpy(cbc, tmp, AES_BLOCK_SIZE); pos += AES_BLOCK_SIZE; } - aes_decrypt_deinit(ctx); + wpa_aes_decrypt_deinit(ctx); return 0; } diff --git a/components/wpa_supplicant/src/crypto/aes-ccm.c b/components/wpa_supplicant/src/crypto/aes-ccm.c index e5bb94ca08..bd0ba71ba3 100644 --- a/components/wpa_supplicant/src/crypto/aes-ccm.c +++ b/components/wpa_supplicant/src/crypto/aes-ccm.c @@ -42,7 +42,7 @@ static void aes_ccm_auth_start(void *aes, size_t M, size_t L, const u8 *nonce, WPA_PUT_BE16(&b[AES_BLOCK_SIZE - L], plain_len); wpa_hexdump_key(MSG_DEBUG, "CCM B_0", b, AES_BLOCK_SIZE); - aes_encrypt(aes, b, x); /* X_1 = E(K, B_0) */ + wpa_aes_encrypt(aes, b, x); /* X_1 = E(K, B_0) */ if (!aad_len) return; @@ -52,12 +52,12 @@ static void aes_ccm_auth_start(void *aes, size_t M, size_t L, const u8 *nonce, os_memset(aad_buf + 2 + aad_len, 0, sizeof(aad_buf) - 2 - aad_len); xor_aes_block(aad_buf, x); - aes_encrypt(aes, aad_buf, x); /* X_2 = E(K, X_1 XOR B_1) */ + wpa_aes_encrypt(aes, aad_buf, x); /* X_2 = E(K, X_1 XOR B_1) */ if (aad_len > AES_BLOCK_SIZE - 2) { xor_aes_block(&aad_buf[AES_BLOCK_SIZE], x); /* X_3 = E(K, X_2 XOR B_2) */ - aes_encrypt(aes, &aad_buf[AES_BLOCK_SIZE], x); + wpa_aes_encrypt(aes, &aad_buf[AES_BLOCK_SIZE], x); } } @@ -71,13 +71,13 @@ static void aes_ccm_auth(void *aes, const u8 *data, size_t len, u8 *x) /* X_i+1 = E(K, X_i XOR B_i) */ xor_aes_block(x, data); data += AES_BLOCK_SIZE; - aes_encrypt(aes, x, x); + wpa_aes_encrypt(aes, x, x); } if (last) { /* XOR zero-padded last block */ for (i = 0; i < last; i++) x[i] ^= *data++; - aes_encrypt(aes, x, x); + wpa_aes_encrypt(aes, x, x); } } @@ -100,14 +100,14 @@ static void aes_ccm_encr(void *aes, size_t L, const u8 *in, size_t len, u8 *out, for (i = 1; i <= len / AES_BLOCK_SIZE; i++) { WPA_PUT_BE16(&a[AES_BLOCK_SIZE - 2], i); /* S_i = E(K, A_i) */ - aes_encrypt(aes, a, out); + wpa_aes_encrypt(aes, a, out); xor_aes_block(out, in); out += AES_BLOCK_SIZE; in += AES_BLOCK_SIZE; } if (last) { WPA_PUT_BE16(&a[AES_BLOCK_SIZE - 2], i); - aes_encrypt(aes, a, out); + wpa_aes_encrypt(aes, a, out); /* XOR zero-padded last block */ for (i = 0; i < last; i++) *out++ ^= *in++; @@ -123,7 +123,7 @@ static void aes_ccm_encr_auth(void *aes, size_t M, u8 *x, u8 *a, u8 *auth) wpa_hexdump_key(MSG_DEBUG, "CCM T", x, M); /* U = T XOR S_0; S_0 = E(K, A_0) */ WPA_PUT_BE16(&a[AES_BLOCK_SIZE - 2], 0); - aes_encrypt(aes, a, tmp); + wpa_aes_encrypt(aes, a, tmp); for (i = 0; i < M; i++) auth[i] = x[i] ^ tmp[i]; wpa_hexdump_key(MSG_DEBUG, "CCM U", auth, M); @@ -138,7 +138,7 @@ static void aes_ccm_decr_auth(void *aes, size_t M, u8 *a, const u8 *auth, u8 *t) wpa_hexdump_key(MSG_DEBUG, "CCM U", auth, M); /* U = T XOR S_0; S_0 = E(K, A_0) */ WPA_PUT_BE16(&a[AES_BLOCK_SIZE - 2], 0); - aes_encrypt(aes, a, tmp); + wpa_aes_encrypt(aes, a, tmp); for (i = 0; i < M; i++) t[i] = auth[i] ^ tmp[i]; wpa_hexdump_key(MSG_DEBUG, "CCM T", t, M); @@ -157,7 +157,7 @@ int aes_ccm_ae(const u8 *key, size_t key_len, const u8 *nonce, if (aad_len > 30 || M > AES_BLOCK_SIZE) return -1; - aes = aes_encrypt_init(key, key_len); + aes = wpa_aes_encrypt_init(key, key_len); if (aes == NULL) return -1; @@ -169,7 +169,7 @@ int aes_ccm_ae(const u8 *key, size_t key_len, const u8 *nonce, aes_ccm_encr(aes, L, plain, plain_len, crypt, a); aes_ccm_encr_auth(aes, M, x, a, auth); - aes_encrypt_deinit(aes); + wpa_aes_encrypt_deinit(aes); return 0; } @@ -188,7 +188,7 @@ int aes_ccm_ad(const u8 *key, size_t key_len, const u8 *nonce, if (aad_len > 30 || M > AES_BLOCK_SIZE) return -1; - aes = aes_encrypt_init(key, key_len); + aes = wpa_aes_encrypt_init(key, key_len); if (aes == NULL) return -1; @@ -202,7 +202,7 @@ int aes_ccm_ad(const u8 *key, size_t key_len, const u8 *nonce, aes_ccm_auth_start(aes, M, L, nonce, aad, aad_len, crypt_len, x); aes_ccm_auth(aes, plain, crypt_len, x); - aes_encrypt_deinit(aes); + wpa_aes_encrypt_deinit(aes); if (os_memcmp_const(x, t, M) != 0) { wpa_printf(MSG_DEBUG, "CCM: Auth mismatch"); diff --git a/components/wpa_supplicant/src/crypto/aes-ctr.c b/components/wpa_supplicant/src/crypto/aes-ctr.c index 8ce05b894d..88d64e5841 100644 --- a/components/wpa_supplicant/src/crypto/aes-ctr.c +++ b/components/wpa_supplicant/src/crypto/aes-ctr.c @@ -31,13 +31,13 @@ int aes_ctr_encrypt(const u8 *key, size_t key_len, const u8 *nonce, u8 *pos = data; u8 counter[AES_BLOCK_SIZE], buf[AES_BLOCK_SIZE]; - ctx = aes_encrypt_init(key, key_len); + ctx = wpa_aes_encrypt_init(key, key_len); if (ctx == NULL) return -1; os_memcpy(counter, nonce, AES_BLOCK_SIZE); while (left > 0) { - aes_encrypt(ctx, counter, buf); + wpa_aes_encrypt(ctx, counter, buf); len = (left < AES_BLOCK_SIZE) ? left : AES_BLOCK_SIZE; for (j = 0; j < len; j++) @@ -51,7 +51,7 @@ int aes_ctr_encrypt(const u8 *key, size_t key_len, const u8 *nonce, break; } } - aes_encrypt_deinit(ctx); + wpa_aes_encrypt_deinit(ctx); return 0; } diff --git a/components/wpa_supplicant/src/crypto/aes-gcm.c b/components/wpa_supplicant/src/crypto/aes-gcm.c index 84294d2d10..6420c67edf 100644 --- a/components/wpa_supplicant/src/crypto/aes-gcm.c +++ b/components/wpa_supplicant/src/crypto/aes-gcm.c @@ -155,7 +155,7 @@ static void aes_gctr(void *aes, const u8 *icb, const u8 *x, size_t xlen, u8 *y) os_memcpy(cb, icb, AES_BLOCK_SIZE); /* Full blocks */ for (i = 0; i < n; i++) { - aes_encrypt(aes, cb, ypos); + wpa_aes_encrypt(aes, cb, ypos); xor_block(ypos, xpos); xpos += AES_BLOCK_SIZE; ypos += AES_BLOCK_SIZE; @@ -165,7 +165,7 @@ static void aes_gctr(void *aes, const u8 *icb, const u8 *x, size_t xlen, u8 *y) last = x + xlen - xpos; if (last) { /* Last, partial block */ - aes_encrypt(aes, cb, tmp); + wpa_aes_encrypt(aes, cb, tmp); for (i = 0; i < last; i++) *ypos++ = *xpos++ ^ tmp[i]; } @@ -176,13 +176,13 @@ static void * aes_gcm_init_hash_subkey(const u8 *key, size_t key_len, u8 *H) { void *aes; - aes = aes_encrypt_init(key, key_len); + aes = wpa_aes_encrypt_init(key, key_len); if (aes == NULL) return NULL; /* Generate hash subkey H = AES_K(0^128) */ os_memset(H, 0, AES_BLOCK_SIZE); - aes_encrypt(aes, H, H); + wpa_aes_encrypt(aes, H, H); wpa_hexdump_key(MSG_EXCESSIVE, "Hash subkey H for GHASH", H, AES_BLOCK_SIZE); return aes; @@ -276,7 +276,7 @@ int aes_gcm_ae(const u8 *key, size_t key_len, const u8 *iv, size_t iv_len, /* Return (C, T) */ - aes_encrypt_deinit(aes); + wpa_aes_encrypt_deinit(aes); return 0; } @@ -308,7 +308,7 @@ int aes_gcm_ad(const u8 *key, size_t key_len, const u8 *iv, size_t iv_len, /* T' = MSB_t(GCTR_K(J_0, S)) */ aes_gctr(aes, J0, S, sizeof(S), T); - aes_encrypt_deinit(aes); + wpa_aes_encrypt_deinit(aes); if (os_memcmp_const(tag, T, 16) != 0) { wpa_printf(MSG_EXCESSIVE, "GCM: Tag mismatch"); diff --git a/components/wpa_supplicant/src/crypto/aes-internal-dec.c b/components/wpa_supplicant/src/crypto/aes-internal-dec.c index 7482295949..5c5171123e 100644 --- a/components/wpa_supplicant/src/crypto/aes-internal-dec.c +++ b/components/wpa_supplicant/src/crypto/aes-internal-dec.c @@ -31,7 +31,7 @@ static int rijndaelKeySetupDec(u32 rk[], const u8 cipherKey[], int keyBits) u32 temp; /* expand the cipher key: */ - Nr = rijndaelKeySetupEnc(rk, cipherKey, keyBits); + Nr = wpa_rijndaelKeySetupEnc(rk, cipherKey, keyBits); if (Nr < 0) return Nr; /* invert the order of the round keys: */ @@ -56,7 +56,7 @@ static int rijndaelKeySetupDec(u32 rk[], const u8 cipherKey[], int keyBits) return Nr; } -void * aes_decrypt_init(const u8 *key, size_t len) +void * wpa_aes_decrypt_init(const u8 *key, size_t len) { u32 *rk; int res; @@ -148,7 +148,7 @@ d##3 = TD0(s##3) ^ TD1(s##2) ^ TD2(s##1) ^ TD3(s##0) ^ rk[4 * i + 3] } -int aes_decrypt(void *ctx, const u8 *crypt, u8 *plain) +int wpa_aes_decrypt(void *ctx, const u8 *crypt, u8 *plain) { u32 *rk = ctx; rijndaelDecrypt(ctx, rk[AES_PRIV_NR_POS], crypt, plain); @@ -156,7 +156,7 @@ int aes_decrypt(void *ctx, const u8 *crypt, u8 *plain) } -void aes_decrypt_deinit(void *ctx) +void wpa_aes_decrypt_deinit(void *ctx) { os_memset(ctx, 0, AES_PRIV_SIZE); os_free(ctx); diff --git a/components/wpa_supplicant/src/crypto/aes-internal-enc.c b/components/wpa_supplicant/src/crypto/aes-internal-enc.c index baeffcaf63..2e00ba9a6e 100644 --- a/components/wpa_supplicant/src/crypto/aes-internal-enc.c +++ b/components/wpa_supplicant/src/crypto/aes-internal-enc.c @@ -95,7 +95,7 @@ d##3 = TE0(s##3) ^ TE1(s##0) ^ TE2(s##1) ^ TE3(s##2) ^ rk[4 * i + 3] } -void * aes_encrypt_init(const u8 *key, size_t len) +void * wpa_aes_encrypt_init(const u8 *key, size_t len) { u32 *rk; int res; @@ -106,7 +106,7 @@ void * aes_encrypt_init(const u8 *key, size_t len) rk = os_malloc(AES_PRIV_SIZE); if (rk == NULL) return NULL; - res = rijndaelKeySetupEnc(rk, key, len * 8); + res = wpa_rijndaelKeySetupEnc(rk, key, len * 8); if (res < 0) { os_free(rk); return NULL; @@ -116,7 +116,7 @@ void * aes_encrypt_init(const u8 *key, size_t len) } -int aes_encrypt(void *ctx, const u8 *plain, u8 *crypt) +int wpa_aes_encrypt(void *ctx, const u8 *plain, u8 *crypt) { u32 *rk = ctx; rijndaelEncrypt(ctx, rk[AES_PRIV_NR_POS], plain, crypt); @@ -124,7 +124,7 @@ int aes_encrypt(void *ctx, const u8 *plain, u8 *crypt) } -void aes_encrypt_deinit(void *ctx) +void wpa_aes_encrypt_deinit(void *ctx) { os_memset(ctx, 0, AES_PRIV_SIZE); os_free(ctx); diff --git a/components/wpa_supplicant/src/crypto/aes-internal.c b/components/wpa_supplicant/src/crypto/aes-internal.c index bd4535d209..6b646027c8 100644 --- a/components/wpa_supplicant/src/crypto/aes-internal.c +++ b/components/wpa_supplicant/src/crypto/aes-internal.c @@ -776,7 +776,7 @@ const u8 rcons[] = { * * @return the number of rounds for the given cipher key size. */ -int rijndaelKeySetupEnc(u32 rk[], const u8 cipherKey[], int keyBits) +int wpa_rijndaelKeySetupEnc(u32 rk[], const u8 cipherKey[], int keyBits) { int i; u32 temp; diff --git a/components/wpa_supplicant/src/crypto/aes-omac1.c b/components/wpa_supplicant/src/crypto/aes-omac1.c index 8642516340..bfc118afca 100644 --- a/components/wpa_supplicant/src/crypto/aes-omac1.c +++ b/components/wpa_supplicant/src/crypto/aes-omac1.c @@ -51,7 +51,7 @@ int omac1_aes_vector(const u8 *key, size_t key_len, size_t num_elem, if (TEST_FAIL()) return -1; - ctx = aes_encrypt_init(key, key_len); + ctx = wpa_aes_encrypt_init(key, key_len); if (ctx == NULL) return -1; os_memset(cbc, 0, AES_BLOCK_SIZE); @@ -82,12 +82,12 @@ int omac1_aes_vector(const u8 *key, size_t key_len, size_t num_elem, } } if (left > AES_BLOCK_SIZE) - aes_encrypt(ctx, cbc, cbc); + wpa_aes_encrypt(ctx, cbc, cbc); left -= AES_BLOCK_SIZE; } os_memset(pad, 0, AES_BLOCK_SIZE); - aes_encrypt(ctx, pad, pad); + wpa_aes_encrypt(ctx, pad, pad); gf_mulx(pad); if (left || total_len == 0) { @@ -111,8 +111,8 @@ int omac1_aes_vector(const u8 *key, size_t key_len, size_t num_elem, for (i = 0; i < AES_BLOCK_SIZE; i++) pad[i] ^= cbc[i]; - aes_encrypt(ctx, pad, mac); - aes_encrypt_deinit(ctx); + wpa_aes_encrypt(ctx, pad, mac); + wpa_aes_encrypt_deinit(ctx); return 0; } diff --git a/components/wpa_supplicant/src/crypto/aes-unwrap.c b/components/wpa_supplicant/src/crypto/aes-unwrap.c index ec793d9dbf..704f62cb0a 100644 --- a/components/wpa_supplicant/src/crypto/aes-unwrap.c +++ b/components/wpa_supplicant/src/crypto/aes-unwrap.c @@ -36,7 +36,7 @@ int aes_unwrap(const u8 *kek, size_t kek_len, int n, const u8 *cipher, r = plain; os_memcpy(r, cipher + 8, 8 * n); - ctx = aes_decrypt_init(kek, kek_len); + ctx = wpa_aes_decrypt_init(kek, kek_len); if (ctx == NULL) return -1; @@ -58,13 +58,13 @@ int aes_unwrap(const u8 *kek, size_t kek_len, int n, const u8 *cipher, b[4] ^= t >> 24; os_memcpy(b + 8, r, 8); - aes_decrypt(ctx, b, b); + wpa_aes_decrypt(ctx, b, b); os_memcpy(a, b, 8); os_memcpy(r, b + 8, 8); r -= 8; } } - aes_decrypt_deinit(ctx); + wpa_aes_decrypt_deinit(ctx); /* 3) Output results. * diff --git a/components/wpa_supplicant/src/crypto/aes-wrap.c b/components/wpa_supplicant/src/crypto/aes-wrap.c index 7ed34e803e..fec086c815 100644 --- a/components/wpa_supplicant/src/crypto/aes-wrap.c +++ b/components/wpa_supplicant/src/crypto/aes-wrap.c @@ -37,7 +37,7 @@ int aes_wrap(const u8 *kek, size_t kek_len, int n, const u8 *plain, u8 *cipher) os_memset(a, 0xa6, 8); os_memcpy(r, plain, 8 * n); - ctx = aes_encrypt_init(kek, kek_len); + ctx = wpa_aes_encrypt_init(kek, kek_len); if (ctx == NULL) return -1; @@ -53,7 +53,7 @@ int aes_wrap(const u8 *kek, size_t kek_len, int n, const u8 *plain, u8 *cipher) for (i = 1; i <= n; i++) { os_memcpy(b, a, 8); os_memcpy(b + 8, r, 8); - aes_encrypt(ctx, b, b); + wpa_aes_encrypt(ctx, b, b); os_memcpy(a, b, 8); t = n * j + i; a[7] ^= t; @@ -64,7 +64,7 @@ int aes_wrap(const u8 *kek, size_t kek_len, int n, const u8 *plain, u8 *cipher) r += 8; } } - aes_encrypt_deinit(ctx); + wpa_aes_encrypt_deinit(ctx); /* 3) Output the results. * diff --git a/components/wpa_supplicant/src/crypto/aes.h b/components/wpa_supplicant/src/crypto/aes.h index 8ab3de2ee8..3352e345dd 100644 --- a/components/wpa_supplicant/src/crypto/aes.h +++ b/components/wpa_supplicant/src/crypto/aes.h @@ -11,11 +11,11 @@ #define AES_BLOCK_SIZE 16 -void * aes_encrypt_init(const u8 *key, size_t len); -int aes_encrypt(void *ctx, const u8 *plain, u8 *crypt); -void aes_encrypt_deinit(void *ctx); -void * aes_decrypt_init(const u8 *key, size_t len); -int aes_decrypt(void *ctx, const u8 *crypt, u8 *plain); -void aes_decrypt_deinit(void *ctx); +void * wpa_aes_encrypt_init(const u8 *key, size_t len); +int wpa_aes_encrypt(void *ctx, const u8 *plain, u8 *crypt); +void wpa_aes_encrypt_deinit(void *ctx); +void * wpa_aes_decrypt_init(const u8 *key, size_t len); +int wpa_aes_decrypt(void *ctx, const u8 *crypt, u8 *plain); +void wpa_aes_decrypt_deinit(void *ctx); #endif /* AES_H */ diff --git a/components/wpa_supplicant/src/crypto/aes_i.h b/components/wpa_supplicant/src/crypto/aes_i.h index b20ec92203..52f4c82cc0 100644 --- a/components/wpa_supplicant/src/crypto/aes_i.h +++ b/components/wpa_supplicant/src/crypto/aes_i.h @@ -120,6 +120,6 @@ static inline u32 rotr(u32 val, int bits) #define AES_PRIV_SIZE (4 * 4 * 15 + 4) #define AES_PRIV_NR_POS (4 * 15) -int rijndaelKeySetupEnc(u32 rk[], const u8 cipherKey[], int keyBits); +int wpa_rijndaelKeySetupEnc(u32 rk[], const u8 cipherKey[], int keyBits); #endif /* AES_I_H */ diff --git a/components/wpa_supplicant/src/crypto/crypto.h b/components/wpa_supplicant/src/crypto/crypto.h index 183cbf590f..780478e828 100644 --- a/components/wpa_supplicant/src/crypto/crypto.h +++ b/components/wpa_supplicant/src/crypto/crypto.h @@ -51,7 +51,7 @@ int md5_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac); * @mac: Buffer for the hash * Returns: 0 on success, -1 on failure */ -int sha1_vector(size_t num_elem, const u8 *addr[], const size_t *len, +int wpa_sha1_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac); /** @@ -77,7 +77,7 @@ int __must_check fips186_2_prf(const u8 *seed, size_t seed_len, u8 *x, * @mac: Buffer for the hash * Returns: 0 on success, -1 on failure */ -int sha256_vector(size_t num_elem, const u8 *addr[], const size_t *len, +int wpa_sha256_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac); /** @@ -88,7 +88,7 @@ int sha256_vector(size_t num_elem, const u8 *addr[], const size_t *len, * @mac: Buffer for the hash * Returns: 0 on success, -1 on failure */ -int sha384_vector(size_t num_elem, const u8 *addr[], const size_t *len, +int wpa_sha384_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac); /** @@ -99,7 +99,7 @@ int sha384_vector(size_t num_elem, const u8 *addr[], const size_t *len, * @mac: Buffer for the hash * Returns: 0 on success, -1 on failure */ -int sha512_vector(size_t num_elem, const u8 *addr[], const size_t *len, +int wpa_sha512_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac); /** @@ -112,50 +112,50 @@ int sha512_vector(size_t num_elem, const u8 *addr[], const size_t *len, int des_encrypt(const u8 *clear, const u8 *key, u8 *cypher); /** - * aes_encrypt_init - Initialize AES for encryption + * wpa_aes_encrypt_init - Initialize AES for encryption * @key: Encryption key * @len: Key length in bytes (usually 16, i.e., 128 bits) * Returns: Pointer to context data or %NULL on failure */ -void * aes_encrypt_init(const u8 *key, size_t len); +void * wpa_aes_encrypt_init(const u8 *key, size_t len); /** - * aes_encrypt - Encrypt one AES block - * @ctx: Context pointer from aes_encrypt_init() + * wpa_aes_encrypt - Encrypt one AES block + * @ctx: Context pointer from wpa_aes_encrypt_init() * @plain: Plaintext data to be encrypted (16 bytes) * @crypt: Buffer for the encrypted data (16 bytes) * Returns: 0 on success, -1 on failure */ -int aes_encrypt(void *ctx, const u8 *plain, u8 *crypt); +int wpa_aes_encrypt(void *ctx, const u8 *plain, u8 *crypt); /** - * aes_encrypt_deinit - Deinitialize AES encryption - * @ctx: Context pointer from aes_encrypt_init() + * wpa_aes_encrypt_deinit - Deinitialize AES encryption + * @ctx: Context pointer from wpa_aes_encrypt_init() */ -void aes_encrypt_deinit(void *ctx); +void wpa_aes_encrypt_deinit(void *ctx); /** - * aes_decrypt_init - Initialize AES for decryption + * wpa_aes_decrypt_init - Initialize AES for decryption * @key: Decryption key * @len: Key length in bytes (usually 16, i.e., 128 bits) * Returns: Pointer to context data or %NULL on failure */ -void * aes_decrypt_init(const u8 *key, size_t len); +void * wpa_aes_decrypt_init(const u8 *key, size_t len); /** - * aes_decrypt - Decrypt one AES block - * @ctx: Context pointer from aes_encrypt_init() + * wpa_aes_decrypt - Decrypt one AES block + * @ctx: Context pointer from wpa_aes_encrypt_init() * @crypt: Encrypted data (16 bytes) * @plain: Buffer for the decrypted data (16 bytes) * Returns: 0 on success, -1 on failure */ -int aes_decrypt(void *ctx, const u8 *crypt, u8 *plain); +int wpa_aes_decrypt(void *ctx, const u8 *crypt, u8 *plain); /** - * aes_decrypt_deinit - Deinitialize AES decryption - * @ctx: Context pointer from aes_encrypt_init() + * wpa_aes_decrypt_deinit - Deinitialize AES decryption + * @ctx: Context pointer from wpa_aes_encrypt_init() */ -void aes_decrypt_deinit(void *ctx); +void wpa_aes_decrypt_deinit(void *ctx); enum crypto_hash_alg { diff --git a/components/wpa_supplicant/src/crypto/crypto_internal-cipher.c b/components/wpa_supplicant/src/crypto/crypto_internal-cipher.c index ad0930a5a9..e3f5794cf7 100644 --- a/components/wpa_supplicant/src/crypto/crypto_internal-cipher.c +++ b/components/wpa_supplicant/src/crypto/crypto_internal-cipher.c @@ -62,14 +62,14 @@ struct crypto_cipher * crypto_cipher_init(enum crypto_cipher_alg alg, os_memcpy(ctx->u.rc4.key, key, key_len); break; case CRYPTO_CIPHER_ALG_AES: - ctx->u.aes.ctx_enc = aes_encrypt_init(key, key_len); + ctx->u.aes.ctx_enc = wpa_aes_encrypt_init(key, key_len); if (ctx->u.aes.ctx_enc == NULL) { os_free(ctx); return NULL; } - ctx->u.aes.ctx_dec = aes_decrypt_init(key, key_len); + ctx->u.aes.ctx_dec = wpa_aes_decrypt_init(key, key_len); if (ctx->u.aes.ctx_dec == NULL) { - aes_encrypt_deinit(ctx->u.aes.ctx_enc); + wpa_aes_encrypt_deinit(ctx->u.aes.ctx_enc); os_free(ctx); return NULL; } @@ -120,7 +120,7 @@ int crypto_cipher_encrypt(struct crypto_cipher *ctx, const u8 *plain, for (i = 0; i < blocks; i++) { for (j = 0; j < AES_BLOCK_SIZE; j++) ctx->u.aes.cbc[j] ^= plain[j]; - aes_encrypt(ctx->u.aes.ctx_enc, ctx->u.aes.cbc, + wpa_aes_encrypt(ctx->u.aes.ctx_enc, ctx->u.aes.cbc, ctx->u.aes.cbc); os_memcpy(crypt, ctx->u.aes.cbc, AES_BLOCK_SIZE); plain += AES_BLOCK_SIZE; @@ -183,7 +183,7 @@ int crypto_cipher_decrypt(struct crypto_cipher *ctx, const u8 *crypt, blocks = len / AES_BLOCK_SIZE; for (i = 0; i < blocks; i++) { os_memcpy(tmp, crypt, AES_BLOCK_SIZE); - aes_decrypt(ctx->u.aes.ctx_dec, crypt, plain); + wpa_aes_decrypt(ctx->u.aes.ctx_dec, crypt, plain); for (j = 0; j < AES_BLOCK_SIZE; j++) plain[j] ^= ctx->u.aes.cbc[j]; os_memcpy(ctx->u.aes.cbc, tmp, AES_BLOCK_SIZE); @@ -231,8 +231,8 @@ void crypto_cipher_deinit(struct crypto_cipher *ctx) { switch (ctx->alg) { case CRYPTO_CIPHER_ALG_AES: - aes_encrypt_deinit(ctx->u.aes.ctx_enc); - aes_decrypt_deinit(ctx->u.aes.ctx_dec); + wpa_aes_encrypt_deinit(ctx->u.aes.ctx_enc); + wpa_aes_decrypt_deinit(ctx->u.aes.ctx_dec); break; case CRYPTO_CIPHER_ALG_3DES: break; diff --git a/components/wpa_supplicant/src/crypto/crypto_internal.c b/components/wpa_supplicant/src/crypto/crypto_internal.c index aad40af16e..ed74dd2a4f 100644 --- a/components/wpa_supplicant/src/crypto/crypto_internal.c +++ b/components/wpa_supplicant/src/crypto/crypto_internal.c @@ -59,17 +59,17 @@ struct crypto_hash * crypto_hash_init(enum crypto_hash_alg alg, const u8 *key, break; #ifdef CONFIG_SHA256 case CRYPTO_HASH_ALG_SHA256: - sha256_init(&ctx->u.sha256); + wpa_sha256_init(&ctx->u.sha256); break; #endif /* CONFIG_SHA256 */ #ifdef CONFIG_INTERNAL_SHA384 case CRYPTO_HASH_ALG_SHA384: - sha384_init(&ctx->u.sha384); + wpa_sha384_init(&ctx->u.sha384); break; #endif /* CONFIG_INTERNAL_SHA384 */ #ifdef CONFIG_INTERNAL_SHA512 case CRYPTO_HASH_ALG_SHA512: - sha512_init(&ctx->u.sha512); + wpa_sha512_init(&ctx->u.sha512); break; #endif /* CONFIG_INTERNAL_SHA512 */ case CRYPTO_HASH_ALG_HMAC_MD5: @@ -113,9 +113,9 @@ struct crypto_hash * crypto_hash_init(enum crypto_hash_alg alg, const u8 *key, #ifdef CONFIG_SHA256 case CRYPTO_HASH_ALG_HMAC_SHA256: if (key_len > sizeof(k_pad)) { - sha256_init(&ctx->u.sha256); - sha256_process(&ctx->u.sha256, key, key_len); - sha256_done(&ctx->u.sha256, tk); + wpa_sha256_init(&ctx->u.sha256); + wpa_sha256_process(&ctx->u.sha256, key, key_len); + wpa_sha256_done(&ctx->u.sha256, tk); key = tk; key_len = 32; } @@ -127,8 +127,8 @@ struct crypto_hash * crypto_hash_init(enum crypto_hash_alg alg, const u8 *key, os_memset(k_pad + key_len, 0, sizeof(k_pad) - key_len); for (i = 0; i < sizeof(k_pad); i++) k_pad[i] ^= 0x36; - sha256_init(&ctx->u.sha256); - sha256_process(&ctx->u.sha256, k_pad, sizeof(k_pad)); + wpa_sha256_init(&ctx->u.sha256); + wpa_sha256_process(&ctx->u.sha256, k_pad, sizeof(k_pad)); break; #endif /* CONFIG_SHA256 */ default: @@ -157,17 +157,17 @@ void crypto_hash_update(struct crypto_hash *ctx, const u8 *data, size_t len) #ifdef CONFIG_SHA256 case CRYPTO_HASH_ALG_SHA256: case CRYPTO_HASH_ALG_HMAC_SHA256: - sha256_process(&ctx->u.sha256, data, len); + wpa_sha256_process(&ctx->u.sha256, data, len); break; #endif /* CONFIG_SHA256 */ #ifdef CONFIG_INTERNAL_SHA384 case CRYPTO_HASH_ALG_SHA384: - sha384_process(&ctx->u.sha384, data, len); + wpa_sha384_process(&ctx->u.sha384, data, len); break; #endif /* CONFIG_INTERNAL_SHA384 */ #ifdef CONFIG_INTERNAL_SHA512 case CRYPTO_HASH_ALG_SHA512: - sha512_process(&ctx->u.sha512, data, len); + wpa_sha512_process(&ctx->u.sha512, data, len); break; #endif /* CONFIG_INTERNAL_SHA512 */ default: @@ -216,7 +216,7 @@ int crypto_hash_finish(struct crypto_hash *ctx, u8 *mac, size_t *len) return -1; } *len = 32; - sha256_done(&ctx->u.sha256, mac); + wpa_sha256_done(&ctx->u.sha256, mac); break; #endif /* CONFIG_SHA256 */ #ifdef CONFIG_INTERNAL_SHA384 @@ -227,7 +227,7 @@ int crypto_hash_finish(struct crypto_hash *ctx, u8 *mac, size_t *len) return -1; } *len = 48; - sha384_done(&ctx->u.sha384, mac); + wpa_sha384_done(&ctx->u.sha384, mac); break; #endif /* CONFIG_INTERNAL_SHA384 */ #ifdef CONFIG_INTERNAL_SHA512 @@ -238,7 +238,7 @@ int crypto_hash_finish(struct crypto_hash *ctx, u8 *mac, size_t *len) return -1; } *len = 64; - sha512_done(&ctx->u.sha512, mac); + wpa_sha512_done(&ctx->u.sha512, mac); break; #endif /* CONFIG_INTERNAL_SHA512 */ case CRYPTO_HASH_ALG_HMAC_MD5: @@ -290,17 +290,17 @@ int crypto_hash_finish(struct crypto_hash *ctx, u8 *mac, size_t *len) } *len = 32; - sha256_done(&ctx->u.sha256, mac); + wpa_sha256_done(&ctx->u.sha256, mac); os_memcpy(k_pad, ctx->key, ctx->key_len); os_memset(k_pad + ctx->key_len, 0, sizeof(k_pad) - ctx->key_len); for (i = 0; i < sizeof(k_pad); i++) k_pad[i] ^= 0x5c; - sha256_init(&ctx->u.sha256); - sha256_process(&ctx->u.sha256, k_pad, sizeof(k_pad)); - sha256_process(&ctx->u.sha256, mac, 32); - sha256_done(&ctx->u.sha256, mac); + wpa_sha256_init(&ctx->u.sha256); + wpa_sha256_process(&ctx->u.sha256, k_pad, sizeof(k_pad)); + wpa_sha256_process(&ctx->u.sha256, mac, 32); + wpa_sha256_done(&ctx->u.sha256, mac); break; #endif /* CONFIG_SHA256 */ default: diff --git a/components/wpa_supplicant/src/crypto/crypto_ops.c b/components/wpa_supplicant/src/crypto/crypto_ops.c index 0346d17f5c..88af2421dd 100644 --- a/components/wpa_supplicant/src/crypto/crypto_ops.c +++ b/components/wpa_supplicant/src/crypto/crypto_ops.c @@ -36,7 +36,7 @@ static int esp_aes_gmac(const u8 *key, size_t key_len, const u8 *iv, size_t iv_l const wpa_crypto_funcs_t g_wifi_default_wpa_crypto_funcs = { .size = sizeof(wpa_crypto_funcs_t), .version = ESP_WIFI_CRYPTO_VERSION, - .hmac_sha256_vector = (esp_hmac_sha256_vector_t)hmac_sha256_vector, + .hmac_sha256_vector = (esp_hmac_sha256_vector_t)wpa_hmac_sha256_vector, .pbkdf2_sha1 = (esp_pbkdf2_sha1_t)pbkdf2_sha1, .aes_128_encrypt = (esp_aes_128_encrypt_t)aes_128_cbc_encrypt, .aes_128_decrypt = (esp_aes_128_decrypt_t)aes_128_cbc_decrypt, @@ -44,7 +44,7 @@ const wpa_crypto_funcs_t g_wifi_default_wpa_crypto_funcs = { .ccmp_decrypt = (esp_ccmp_decrypt_t)ccmp_decrypt, .ccmp_encrypt = (esp_ccmp_encrypt_t)ccmp_encrypt, .aes_gmac = (esp_aes_gmac_t)esp_aes_gmac, - .sha256_vector = (esp_sha256_vector_t)sha256_vector, + .sha256_vector = (esp_sha256_vector_t)wpa_sha256_vector, }; const mesh_crypto_funcs_t g_wifi_default_mesh_crypto_funcs = { diff --git a/components/wpa_supplicant/src/crypto/ms_funcs.c b/components/wpa_supplicant/src/crypto/ms_funcs.c index aff7d33f4e..a2e1ce799a 100644 --- a/components/wpa_supplicant/src/crypto/ms_funcs.c +++ b/components/wpa_supplicant/src/crypto/ms_funcs.c @@ -92,7 +92,7 @@ int challenge_hash(const u8 *peer_challenge, const u8 *auth_challenge, addr[2] = username; len[2] = username_len; - if (sha1_vector(3, addr, len, hash)) + if (wpa_sha1_vector(3, addr, len, hash)) return -1; os_memcpy(challenge, hash, 8); return 0; @@ -259,11 +259,11 @@ int generate_authenticator_response_pwhash( addr2[2] = magic2; if (hash_nt_password_hash(password_hash, password_hash_hash) || - sha1_vector(3, addr1, len1, response) || + wpa_sha1_vector(3, addr1, len1, response) || challenge_hash(peer_challenge, auth_challenge, username, username_len, challenge)) return -1; - return sha1_vector(3, addr2, len2, response); + return wpa_sha1_vector(3, addr2, len2, response); } @@ -338,7 +338,7 @@ int get_master_key(const u8 *password_hash_hash, const u8 *nt_response, addr[1] = nt_response; addr[2] = magic1; - if (sha1_vector(3, addr, len, hash)) + if (wpa_sha1_vector(3, addr, len, hash)) return -1; os_memcpy(master_key, hash, 16); return 0; @@ -406,7 +406,7 @@ int get_asymetric_start_key(const u8 *master_key, u8 *session_key, } addr[3] = shs_pad2; - if (sha1_vector(4, addr, len, digest)) + if (wpa_sha1_vector(4, addr, len, digest)) return -1; if (session_key_len > SHA1_MAC_LEN) diff --git a/components/wpa_supplicant/src/crypto/sha1-internal.c b/components/wpa_supplicant/src/crypto/sha1-internal.c index ffa04df017..f792cad221 100644 --- a/components/wpa_supplicant/src/crypto/sha1-internal.c +++ b/components/wpa_supplicant/src/crypto/sha1-internal.c @@ -28,7 +28,7 @@ void SHA1Transform(u32 state[5], const unsigned char buffer[64]); * @mac: Buffer for the hash * Returns: 0 on success, -1 of failure */ -int sha1_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac) +int wpa_sha1_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac) { SHA1_CTX ctx; size_t i; diff --git a/components/wpa_supplicant/src/crypto/sha1-pbkdf2.c b/components/wpa_supplicant/src/crypto/sha1-pbkdf2.c index 8effe2fe06..d3e86f0d5f 100644 --- a/components/wpa_supplicant/src/crypto/sha1-pbkdf2.c +++ b/components/wpa_supplicant/src/crypto/sha1-pbkdf2.c @@ -37,13 +37,13 @@ static int pbkdf2_sha1_f(const char *passphrase, const u8 *ssid, count_buf[1] = (count >> 16) & 0xff; count_buf[2] = (count >> 8) & 0xff; count_buf[3] = count & 0xff; - if (hmac_sha1_vector((u8 *) passphrase, passphrase_len, 2, addr, len, + if (wpa_hmac_sha1_vector((u8 *) passphrase, passphrase_len, 2, addr, len, tmp)) return -1; os_memcpy(digest, tmp, SHA1_MAC_LEN); for (i = 1; i < iterations; i++) { - if (hmac_sha1((u8 *) passphrase, passphrase_len, tmp, + if (wpa_hmac_sha1((u8 *) passphrase, passphrase_len, tmp, SHA1_MAC_LEN, tmp2)) return -1; os_memcpy(tmp, tmp2, SHA1_MAC_LEN); diff --git a/components/wpa_supplicant/src/crypto/sha1-prf.c b/components/wpa_supplicant/src/crypto/sha1-prf.c index 13851494fb..3b44d9a26e 100644 --- a/components/wpa_supplicant/src/crypto/sha1-prf.c +++ b/components/wpa_supplicant/src/crypto/sha1-prf.c @@ -27,7 +27,7 @@ * This function is used to derive new, cryptographically separate keys from a * given key (e.g., PMK in IEEE 802.11i). */ -int sha1_prf(const u8 *key, size_t key_len, const char *label, +int wpa_sha1_prf(const u8 *key, size_t key_len, const char *label, const u8 *data, size_t data_len, u8 *buf, size_t buf_len) { u8 counter = 0; @@ -48,12 +48,12 @@ int sha1_prf(const u8 *key, size_t key_len, const char *label, while (pos < buf_len) { plen = buf_len - pos; if (plen >= SHA1_MAC_LEN) { - if (hmac_sha1_vector(key, key_len, 3, addr, len, + if (wpa_hmac_sha1_vector(key, key_len, 3, addr, len, &buf[pos])) return -1; pos += SHA1_MAC_LEN; } else { - if (hmac_sha1_vector(key, key_len, 3, addr, len, + if (wpa_hmac_sha1_vector(key, key_len, 3, addr, len, hash)) return -1; os_memcpy(&buf[pos], hash, plen); diff --git a/components/wpa_supplicant/src/crypto/sha1-tlsprf.c b/components/wpa_supplicant/src/crypto/sha1-tlsprf.c index 5e8d15920c..c5a04b2b2a 100644 --- a/components/wpa_supplicant/src/crypto/sha1-tlsprf.c +++ b/components/wpa_supplicant/src/crypto/sha1-tlsprf.c @@ -69,7 +69,7 @@ int tls_prf_sha1_md5(const u8 *secret, size_t secret_len, const char *label, } hmac_md5_vector(S1, L_S1, 2, &MD5_addr[1], &MD5_len[1], A_MD5); - hmac_sha1_vector(S2, L_S2, 2, &SHA1_addr[1], &SHA1_len[1], A_SHA1); + wpa_hmac_sha1_vector(S2, L_S2, 2, &SHA1_addr[1], &SHA1_len[1], A_SHA1); MD5_pos = MD5_MAC_LEN; SHA1_pos = SHA1_MAC_LEN; @@ -80,10 +80,10 @@ int tls_prf_sha1_md5(const u8 *secret, size_t secret_len, const char *label, hmac_md5(S1, L_S1, A_MD5, MD5_MAC_LEN, A_MD5); } if (SHA1_pos == SHA1_MAC_LEN) { - hmac_sha1_vector(S2, L_S2, 3, SHA1_addr, SHA1_len, + wpa_hmac_sha1_vector(S2, L_S2, 3, SHA1_addr, SHA1_len, P_SHA1); SHA1_pos = 0; - hmac_sha1(S2, L_S2, A_SHA1, SHA1_MAC_LEN, A_SHA1); + wpa_hmac_sha1(S2, L_S2, A_SHA1, SHA1_MAC_LEN, A_SHA1); } out[i] = P_MD5[MD5_pos] ^ P_SHA1[SHA1_pos]; diff --git a/components/wpa_supplicant/src/crypto/sha1-tprf.c b/components/wpa_supplicant/src/crypto/sha1-tprf.c index c3acf19750..d0518e1eaa 100644 --- a/components/wpa_supplicant/src/crypto/sha1-tprf.c +++ b/components/wpa_supplicant/src/crypto/sha1-tprf.c @@ -26,7 +26,7 @@ * This function is used to derive new, cryptographically separate keys from a * given key for EAP-FAST. T-PRF is defined in RFC 4851, Section 5.5. */ -int sha1_t_prf(const u8 *key, size_t key_len, const char *label, +int wpa_sha1_t_prf(const u8 *key, size_t key_len, const char *label, const u8 *seed, size_t seed_len, u8 *buf, size_t buf_len) { unsigned char counter = 0; @@ -54,7 +54,7 @@ int sha1_t_prf(const u8 *key, size_t key_len, const char *label, while (pos < buf_len) { counter++; plen = buf_len - pos; - if (hmac_sha1_vector(key, key_len, 5, addr, len, hash)) + if (wpa_hmac_sha1_vector(key, key_len, 5, addr, len, hash)) return -1; if (plen >= SHA1_MAC_LEN) { os_memcpy(&buf[pos], hash, SHA1_MAC_LEN); diff --git a/components/wpa_supplicant/src/crypto/sha1.c b/components/wpa_supplicant/src/crypto/sha1.c index 76d7a68f26..127aa9cc1c 100644 --- a/components/wpa_supplicant/src/crypto/sha1.c +++ b/components/wpa_supplicant/src/crypto/sha1.c @@ -23,7 +23,7 @@ * @mac: Buffer for the hash (20 bytes) * Returns: 0 on success, -1 on failure */ -int hmac_sha1_vector(const u8 *key, size_t key_len, size_t num_elem, +int wpa_hmac_sha1_vector(const u8 *key, size_t key_len, size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac) { unsigned char k_pad[64]; /* padding - key XORd with ipad/opad */ @@ -42,7 +42,7 @@ int hmac_sha1_vector(const u8 *key, size_t key_len, size_t num_elem, /* if key is longer than 64 bytes reset it to key = SHA1(key) */ if (key_len > 64) { - if (sha1_vector(1, &key, &key_len, tk)) + if (wpa_sha1_vector(1, &key, &key_len, tk)) return -1; key = tk; key_len = 20; @@ -71,7 +71,7 @@ int hmac_sha1_vector(const u8 *key, size_t key_len, size_t num_elem, _addr[i + 1] = addr[i]; _len[i + 1] = len[i]; } - if (sha1_vector(1 + num_elem, _addr, _len, mac)) + if (wpa_sha1_vector(1 + num_elem, _addr, _len, mac)) return -1; os_memset(k_pad, 0, sizeof(k_pad)); @@ -85,7 +85,7 @@ int hmac_sha1_vector(const u8 *key, size_t key_len, size_t num_elem, _len[0] = 64; _addr[1] = mac; _len[1] = SHA1_MAC_LEN; - ret = sha1_vector(2, _addr, _len, mac); + ret = wpa_sha1_vector(2, _addr, _len, mac); forced_memzero(k_pad, sizeof(k_pad)); forced_memzero(tk, sizeof(tk)); return ret; @@ -101,8 +101,8 @@ int hmac_sha1_vector(const u8 *key, size_t key_len, size_t num_elem, * @mac: Buffer for the hash (20 bytes) * Returns: 0 on success, -1 of failure */ -int hmac_sha1(const u8 *key, size_t key_len, const u8 *data, size_t data_len, +int wpa_hmac_sha1(const u8 *key, size_t key_len, const u8 *data, size_t data_len, u8 *mac) { - return hmac_sha1_vector(key, key_len, 1, &data, &data_len, mac); + return wpa_hmac_sha1_vector(key, key_len, 1, &data, &data_len, mac); } diff --git a/components/wpa_supplicant/src/crypto/sha1.h b/components/wpa_supplicant/src/crypto/sha1.h index 933cd81b95..cdf39f840a 100644 --- a/components/wpa_supplicant/src/crypto/sha1.h +++ b/components/wpa_supplicant/src/crypto/sha1.h @@ -11,13 +11,13 @@ #define SHA1_MAC_LEN 20 -int hmac_sha1_vector(const u8 *key, size_t key_len, size_t num_elem, +int wpa_hmac_sha1_vector(const u8 *key, size_t key_len, size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac); -int hmac_sha1(const u8 *key, size_t key_len, const u8 *data, size_t data_len, +int wpa_hmac_sha1(const u8 *key, size_t key_len, const u8 *data, size_t data_len, u8 *mac); -int sha1_prf(const u8 *key, size_t key_len, const char *label, +int wpa_sha1_prf(const u8 *key, size_t key_len, const char *label, const u8 *data, size_t data_len, u8 *buf, size_t buf_len); -int sha1_t_prf(const u8 *key, size_t key_len, const char *label, +int wpa_sha1_t_prf(const u8 *key, size_t key_len, const char *label, const u8 *seed, size_t seed_len, u8 *buf, size_t buf_len); int __must_check tls_prf_sha1_md5(const u8 *secret, size_t secret_len, const char *label, const u8 *seed, diff --git a/components/wpa_supplicant/src/crypto/sha256-internal.c b/components/wpa_supplicant/src/crypto/sha256-internal.c index ff1e2ba168..bc9370d0a7 100644 --- a/components/wpa_supplicant/src/crypto/sha256-internal.c +++ b/components/wpa_supplicant/src/crypto/sha256-internal.c @@ -22,7 +22,7 @@ * @mac: Buffer for the hash * Returns: 0 on success, -1 of failure */ -int sha256_vector(size_t num_elem, const u8 *addr[], const size_t *len, +int wpa_sha256_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac) { struct sha256_state ctx; @@ -31,11 +31,11 @@ int sha256_vector(size_t num_elem, const u8 *addr[], const size_t *len, if (TEST_FAIL()) return -1; - sha256_init(&ctx); + wpa_sha256_init(&ctx); for (i = 0; i < num_elem; i++) - if (sha256_process(&ctx, addr[i], len[i])) + if (wpa_sha256_process(&ctx, addr[i], len[i])) return -1; - if (sha256_done(&ctx, mac)) + if (wpa_sha256_done(&ctx, mac)) return -1; return 0; } @@ -81,7 +81,7 @@ static const unsigned long K[64] = { #endif /* compress 512-bits */ -static int sha256_compress(struct sha256_state *md, unsigned char *buf) +static int wpa_sha256_compress(struct sha256_state *md, unsigned char *buf) { u32 S[8], W[64], t0, t1; u32 t; @@ -124,7 +124,7 @@ static int sha256_compress(struct sha256_state *md, unsigned char *buf) /* Initialize the hash state */ -void sha256_init(struct sha256_state *md) +void wpa_sha256_init(struct sha256_state *md) { md->curlen = 0; md->length = 0; @@ -145,7 +145,7 @@ void sha256_init(struct sha256_state *md) @param inlen The length of the data (octets) @return CRYPT_OK if successful */ -int sha256_process(struct sha256_state *md, const unsigned char *in, +int wpa_sha256_process(struct sha256_state *md, const unsigned char *in, unsigned long inlen) { unsigned long n; @@ -155,7 +155,7 @@ int sha256_process(struct sha256_state *md, const unsigned char *in, while (inlen > 0) { if (md->curlen == 0 && inlen >= SHA256_BLOCK_SIZE) { - if (sha256_compress(md, (unsigned char *) in) < 0) + if (wpa_sha256_compress(md, (unsigned char *) in) < 0) return -1; md->length += SHA256_BLOCK_SIZE * 8; in += SHA256_BLOCK_SIZE; @@ -167,7 +167,7 @@ int sha256_process(struct sha256_state *md, const unsigned char *in, in += n; inlen -= n; if (md->curlen == SHA256_BLOCK_SIZE) { - if (sha256_compress(md, md->buf) < 0) + if (wpa_sha256_compress(md, md->buf) < 0) return -1; md->length += 8 * SHA256_BLOCK_SIZE; md->curlen = 0; @@ -185,7 +185,7 @@ int sha256_process(struct sha256_state *md, const unsigned char *in, @param out [out] The destination of the hash (32 bytes) @return CRYPT_OK if successful */ -int sha256_done(struct sha256_state *md, unsigned char *out) +int wpa_sha256_done(struct sha256_state *md, unsigned char *out) { int i; @@ -206,7 +206,7 @@ int sha256_done(struct sha256_state *md, unsigned char *out) while (md->curlen < SHA256_BLOCK_SIZE) { md->buf[md->curlen++] = (unsigned char) 0; } - sha256_compress(md, md->buf); + wpa_sha256_compress(md, md->buf); md->curlen = 0; } @@ -217,7 +217,7 @@ int sha256_done(struct sha256_state *md, unsigned char *out) /* store length */ WPA_PUT_BE64(md->buf + 56, md->length); - sha256_compress(md, md->buf); + wpa_sha256_compress(md, md->buf); /* copy output */ for (i = 0; i < 8; i++) diff --git a/components/wpa_supplicant/src/crypto/sha256-kdf.c b/components/wpa_supplicant/src/crypto/sha256-kdf.c index 5a6b744552..271981157c 100644 --- a/components/wpa_supplicant/src/crypto/sha256-kdf.c +++ b/components/wpa_supplicant/src/crypto/sha256-kdf.c @@ -29,7 +29,7 @@ * with label = NULL and seed = info, this matches HKDF-Expand() defined in * RFC 5869, Chapter 2.3. */ -int hmac_sha256_kdf(const u8 *secret, size_t secret_len, +int wpa_hmac_sha256_kdf(const u8 *secret, size_t secret_len, const char *label, const u8 *seed, size_t seed_len, u8 *out, size_t outlen) { @@ -53,7 +53,7 @@ int hmac_sha256_kdf(const u8 *secret, size_t secret_len, addr[3] = &iter; len[3] = 1; - if (hmac_sha256_vector(secret, secret_len, 3, &addr[1], &len[1], T) < 0) + if (wpa_hmac_sha256_vector(secret, secret_len, 3, &addr[1], &len[1], T) < 0) return -1; pos = 0; @@ -74,7 +74,7 @@ int hmac_sha256_kdf(const u8 *secret, size_t secret_len, } iter++; - if (hmac_sha256_vector(secret, secret_len, 4, addr, len, T) < 0) + if (wpa_hmac_sha256_vector(secret, secret_len, 4, addr, len, T) < 0) { os_memset(out, 0, outlen); forced_memzero(T, SHA256_MAC_LEN); diff --git a/components/wpa_supplicant/src/crypto/sha256-prf.c b/components/wpa_supplicant/src/crypto/sha256-prf.c index d665a9983c..99371a92a0 100644 --- a/components/wpa_supplicant/src/crypto/sha256-prf.c +++ b/components/wpa_supplicant/src/crypto/sha256-prf.c @@ -27,10 +27,10 @@ * This function is used to derive new, cryptographically separate keys from a * given key. */ -int sha256_prf(const u8 *key, size_t key_len, const char *label, +int wpa_sha256_prf(const u8 *key, size_t key_len, const char *label, const u8 *data, size_t data_len, u8 *buf, size_t buf_len) { - return sha256_prf_bits(key, key_len, label, data, data_len, buf, + return wpa_sha256_prf_bits(key, key_len, label, data, data_len, buf, buf_len * 8); } @@ -51,7 +51,7 @@ int sha256_prf(const u8 *key, size_t key_len, const char *label, * significant 1-7 bits of the last octet in the output are not part of the * requested output. */ -int sha256_prf_bits(const u8 *key, size_t key_len, const char *label, +int wpa_sha256_prf_bits(const u8 *key, size_t key_len, const char *label, const u8 *data, size_t data_len, u8 *buf, size_t buf_len_bits) { @@ -78,12 +78,12 @@ int sha256_prf_bits(const u8 *key, size_t key_len, const char *label, plen = buf_len - pos; WPA_PUT_LE16(counter_le, counter); if (plen >= SHA256_MAC_LEN) { - if (hmac_sha256_vector(key, key_len, 4, addr, len, + if (wpa_hmac_sha256_vector(key, key_len, 4, addr, len, &buf[pos]) < 0) return -1; pos += SHA256_MAC_LEN; } else { - if (hmac_sha256_vector(key, key_len, 4, addr, len, + if (wpa_hmac_sha256_vector(key, key_len, 4, addr, len, hash) < 0) return -1; os_memcpy(&buf[pos], hash, plen); diff --git a/components/wpa_supplicant/src/crypto/sha256-tlsprf.c b/components/wpa_supplicant/src/crypto/sha256-tlsprf.c index 9045cd36b4..0848667c41 100644 --- a/components/wpa_supplicant/src/crypto/sha256-tlsprf.c +++ b/components/wpa_supplicant/src/crypto/sha256-tlsprf.c @@ -50,14 +50,14 @@ int tls_prf_sha256(const u8 *secret, size_t secret_len, const char *label, * PRF(secret, label, seed) = P_SHA256(secret, label + seed) */ - if (hmac_sha256_vector(secret, secret_len, 2, &addr[1], &len[1], A) < 0) + if (wpa_hmac_sha256_vector(secret, secret_len, 2, &addr[1], &len[1], A) < 0) return -1; pos = 0; while (pos < outlen) { - if (hmac_sha256_vector(secret, secret_len, 3, addr, len, P) < + if (wpa_hmac_sha256_vector(secret, secret_len, 3, addr, len, P) < 0 || - hmac_sha256(secret, secret_len, A, SHA256_MAC_LEN, A) < 0) + wpa_hmac_sha256(secret, secret_len, A, SHA256_MAC_LEN, A) < 0) return -1; clen = outlen - pos; diff --git a/components/wpa_supplicant/src/crypto/sha256.c b/components/wpa_supplicant/src/crypto/sha256.c index 17af964ad0..72f88b0501 100644 --- a/components/wpa_supplicant/src/crypto/sha256.c +++ b/components/wpa_supplicant/src/crypto/sha256.c @@ -23,7 +23,7 @@ * @mac: Buffer for the hash (32 bytes) * Returns: 0 on success, -1 on failure */ -int hmac_sha256_vector(const u8 *key, size_t key_len, size_t num_elem, +int wpa_hmac_sha256_vector(const u8 *key, size_t key_len, size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac) { unsigned char k_pad[64]; /* padding - key XORd with ipad/opad */ @@ -41,7 +41,7 @@ int hmac_sha256_vector(const u8 *key, size_t key_len, size_t num_elem, /* if key is longer than 64 bytes reset it to key = SHA256(key) */ if (key_len > 64) { - if (sha256_vector(1, &key, &key_len, tk) < 0) + if (wpa_sha256_vector(1, &key, &key_len, tk) < 0) return -1; key = tk; key_len = 32; @@ -70,7 +70,7 @@ int hmac_sha256_vector(const u8 *key, size_t key_len, size_t num_elem, _addr[i + 1] = addr[i]; _len[i + 1] = len[i]; } - if (sha256_vector(1 + num_elem, _addr, _len, mac) < 0) + if (wpa_sha256_vector(1 + num_elem, _addr, _len, mac) < 0) return -1; os_memset(k_pad, 0, sizeof(k_pad)); @@ -84,7 +84,7 @@ int hmac_sha256_vector(const u8 *key, size_t key_len, size_t num_elem, _len[0] = 64; _addr[1] = mac; _len[1] = SHA256_MAC_LEN; - return sha256_vector(2, _addr, _len, mac); + return wpa_sha256_vector(2, _addr, _len, mac); } @@ -97,8 +97,8 @@ int hmac_sha256_vector(const u8 *key, size_t key_len, size_t num_elem, * @mac: Buffer for the hash (32 bytes) * Returns: 0 on success, -1 on failure */ -int hmac_sha256(const u8 *key, size_t key_len, const u8 *data, +int wpa_hmac_sha256(const u8 *key, size_t key_len, const u8 *data, size_t data_len, u8 *mac) { - return hmac_sha256_vector(key, key_len, 1, &data, &data_len, mac); + return wpa_hmac_sha256_vector(key, key_len, 1, &data, &data_len, mac); } diff --git a/components/wpa_supplicant/src/crypto/sha256.h b/components/wpa_supplicant/src/crypto/sha256.h index 8054bbe5c5..4f9b652aac 100644 --- a/components/wpa_supplicant/src/crypto/sha256.h +++ b/components/wpa_supplicant/src/crypto/sha256.h @@ -11,19 +11,19 @@ #define SHA256_MAC_LEN 32 -int hmac_sha256_vector(const u8 *key, size_t key_len, size_t num_elem, +int wpa_hmac_sha256_vector(const u8 *key, size_t key_len, size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac); -int hmac_sha256(const u8 *key, size_t key_len, const u8 *data, +int wpa_hmac_sha256(const u8 *key, size_t key_len, const u8 *data, size_t data_len, u8 *mac); -int sha256_prf(const u8 *key, size_t key_len, const char *label, +int wpa_sha256_prf(const u8 *key, size_t key_len, const char *label, const u8 *data, size_t data_len, u8 *buf, size_t buf_len); -int sha256_prf_bits(const u8 *key, size_t key_len, const char *label, +int wpa_sha256_prf_bits(const u8 *key, size_t key_len, const char *label, const u8 *data, size_t data_len, u8 *buf, size_t buf_len_bits); int tls_prf_sha256(const u8 *secret, size_t secret_len, const char *label, const u8 *seed, size_t seed_len, u8 *out, size_t outlen); -int hmac_sha256_kdf(const u8 *secret, size_t secret_len, +int wpa_hmac_sha256_kdf(const u8 *secret, size_t secret_len, const char *label, const u8 *seed, size_t seed_len, u8 *out, size_t outlen); diff --git a/components/wpa_supplicant/src/crypto/sha256_i.h b/components/wpa_supplicant/src/crypto/sha256_i.h index a502d2ba5d..84b1ccce1a 100644 --- a/components/wpa_supplicant/src/crypto/sha256_i.h +++ b/components/wpa_supplicant/src/crypto/sha256_i.h @@ -17,9 +17,9 @@ struct sha256_state { u8 buf[SHA256_BLOCK_SIZE]; }; -void sha256_init(struct sha256_state *md); -int sha256_process(struct sha256_state *md, const unsigned char *in, +void wpa_sha256_init(struct sha256_state *md); +int wpa_sha256_process(struct sha256_state *md, const unsigned char *in, unsigned long inlen); -int sha256_done(struct sha256_state *md, unsigned char *out); +int wpa_sha256_done(struct sha256_state *md, unsigned char *out); #endif /* SHA256_I_H */ diff --git a/components/wpa_supplicant/src/crypto/sha384-internal.c b/components/wpa_supplicant/src/crypto/sha384-internal.c index 646f72979c..8577897d41 100644 --- a/components/wpa_supplicant/src/crypto/sha384-internal.c +++ b/components/wpa_supplicant/src/crypto/sha384-internal.c @@ -21,17 +21,17 @@ * @mac: Buffer for the hash * Returns: 0 on success, -1 of failure */ -int sha384_vector(size_t num_elem, const u8 *addr[], const size_t *len, +int wpa_sha384_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac) { struct sha384_state ctx; size_t i; - sha384_init(&ctx); + wpa_sha384_init(&ctx); for (i = 0; i < num_elem; i++) - if (sha384_process(&ctx, addr[i], len[i])) + if (wpa_sha384_process(&ctx, addr[i], len[i])) return -1; - if (sha384_done(&ctx, mac)) + if (wpa_sha384_done(&ctx, mac)) return -1; return 0; } @@ -49,7 +49,7 @@ int sha384_vector(size_t num_elem, const u8 *addr[], const size_t *len, @param md The hash state you wish to initialize @return CRYPT_OK if successful */ -void sha384_init(struct sha384_state *md) +void wpa_sha384_init(struct sha384_state *md) { md->curlen = 0; md->length = 0; @@ -63,10 +63,10 @@ void sha384_init(struct sha384_state *md) md->state[7] = CONST64(0x47b5481dbefa4fa4); } -int sha384_process(struct sha384_state *md, const unsigned char *in, +int wpa_sha384_process(struct sha384_state *md, const unsigned char *in, unsigned long inlen) { - return sha512_process(md, in, inlen); + return wpa_sha512_process(md, in, inlen); } /** @@ -75,14 +75,14 @@ int sha384_process(struct sha384_state *md, const unsigned char *in, @param out [out] The destination of the hash (48 bytes) @return CRYPT_OK if successful */ -int sha384_done(struct sha384_state *md, unsigned char *out) +int wpa_sha384_done(struct sha384_state *md, unsigned char *out) { unsigned char buf[64]; if (md->curlen >= sizeof(md->buf)) return -1; - if (sha512_done(md, buf) != 0) + if (wpa_sha512_done(md, buf) != 0) return -1; os_memcpy(out, buf, 48); diff --git a/components/wpa_supplicant/src/crypto/sha384-prf.c b/components/wpa_supplicant/src/crypto/sha384-prf.c index 420e78c380..4f1b6d555a 100644 --- a/components/wpa_supplicant/src/crypto/sha384-prf.c +++ b/components/wpa_supplicant/src/crypto/sha384-prf.c @@ -27,10 +27,10 @@ * This function is used to derive new, cryptographically separate keys from a * given key. */ -int sha384_prf(const u8 *key, size_t key_len, const char *label, +int wpa_sha384_prf(const u8 *key, size_t key_len, const char *label, const u8 *data, size_t data_len, u8 *buf, size_t buf_len) { - return sha384_prf_bits(key, key_len, label, data, data_len, buf, + return wpa_sha384_prf_bits(key, key_len, label, data, data_len, buf, buf_len * 8); } @@ -51,7 +51,7 @@ int sha384_prf(const u8 *key, size_t key_len, const char *label, * significant 1-7 bits of the last octet in the output are not part of the * requested output. */ -int sha384_prf_bits(const u8 *key, size_t key_len, const char *label, +int wpa_sha384_prf_bits(const u8 *key, size_t key_len, const char *label, const u8 *data, size_t data_len, u8 *buf, size_t buf_len_bits) { @@ -78,12 +78,12 @@ int sha384_prf_bits(const u8 *key, size_t key_len, const char *label, plen = buf_len - pos; WPA_PUT_LE16(counter_le, counter); if (plen >= SHA384_MAC_LEN) { - if (hmac_sha384_vector(key, key_len, 4, addr, len, + if (wpa_hmac_sha384_vector(key, key_len, 4, addr, len, &buf[pos]) < 0) return -1; pos += SHA384_MAC_LEN; } else { - if (hmac_sha384_vector(key, key_len, 4, addr, len, + if (wpa_hmac_sha384_vector(key, key_len, 4, addr, len, hash) < 0) return -1; os_memcpy(&buf[pos], hash, plen); diff --git a/components/wpa_supplicant/src/crypto/sha384-tlsprf.c b/components/wpa_supplicant/src/crypto/sha384-tlsprf.c index 9ff96ac2c7..a45d529c63 100644 --- a/components/wpa_supplicant/src/crypto/sha384-tlsprf.c +++ b/components/wpa_supplicant/src/crypto/sha384-tlsprf.c @@ -50,14 +50,14 @@ int tls_prf_sha384(const u8 *secret, size_t secret_len, const char *label, * PRF(secret, label, seed) = P_SHA384(secret, label + seed) */ - if (hmac_sha384_vector(secret, secret_len, 2, &addr[1], &len[1], A) < 0) + if (wpa_hmac_sha384_vector(secret, secret_len, 2, &addr[1], &len[1], A) < 0) return -1; pos = 0; while (pos < outlen) { - if (hmac_sha384_vector(secret, secret_len, 3, addr, len, P) < + if (wpa_hmac_sha384_vector(secret, secret_len, 3, addr, len, P) < 0 || - hmac_sha384(secret, secret_len, A, SHA384_MAC_LEN, A) < 0) + wpa_hmac_sha384(secret, secret_len, A, SHA384_MAC_LEN, A) < 0) return -1; clen = outlen - pos; diff --git a/components/wpa_supplicant/src/crypto/sha384.h b/components/wpa_supplicant/src/crypto/sha384.h index 1a2c1edffb..1259540534 100644 --- a/components/wpa_supplicant/src/crypto/sha384.h +++ b/components/wpa_supplicant/src/crypto/sha384.h @@ -12,19 +12,19 @@ #define SHA384_MAC_LEN 48 #define SHA512_MAC_LEN 64 -int hmac_sha384_vector(const u8 *key, size_t key_len, size_t num_elem, +int wpa_hmac_sha384_vector(const u8 *key, size_t key_len, size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac); -int hmac_sha384(const u8 *key, size_t key_len, const u8 *data, +int wpa_hmac_sha384(const u8 *key, size_t key_len, const u8 *data, size_t data_len, u8 *mac); -int sha384_prf(const u8 *key, size_t key_len, const char *label, +int wpa_sha384_prf(const u8 *key, size_t key_len, const char *label, const u8 *data, size_t data_len, u8 *buf, size_t buf_len); -int sha384_prf_bits(const u8 *key, size_t key_len, const char *label, +int wpa_sha384_prf_bits(const u8 *key, size_t key_len, const char *label, const u8 *data, size_t data_len, u8 *buf, size_t buf_len_bits); int tls_prf_sha384(const u8 *secret, size_t secret_len, const char *label, const u8 *seed, size_t seed_len, u8 *out, size_t outlen); -int hmac_sha384_kdf(const u8 *secret, size_t secret_len, +int wpa_hmac_sha384_kdf(const u8 *secret, size_t secret_len, const char *label, const u8 *seed, size_t seed_len, u8 *out, size_t outlen); diff --git a/components/wpa_supplicant/src/crypto/sha384_i.h b/components/wpa_supplicant/src/crypto/sha384_i.h index a00253ff2c..a56c9656dc 100644 --- a/components/wpa_supplicant/src/crypto/sha384_i.h +++ b/components/wpa_supplicant/src/crypto/sha384_i.h @@ -15,9 +15,9 @@ #define sha384_state sha512_state -void sha384_init(struct sha384_state *md); -int sha384_process(struct sha384_state *md, const unsigned char *in, +void wpa_sha384_init(struct sha384_state *md); +int wpa_sha384_process(struct sha384_state *md, const unsigned char *in, unsigned long inlen); -int sha384_done(struct sha384_state *md, unsigned char *out); +int wpa_sha384_done(struct sha384_state *md, unsigned char *out); #endif /* SHA384_I_H */ diff --git a/components/wpa_supplicant/src/crypto/sha512-internal.c b/components/wpa_supplicant/src/crypto/sha512-internal.c index c0263941c1..b8fb97ddfe 100644 --- a/components/wpa_supplicant/src/crypto/sha512-internal.c +++ b/components/wpa_supplicant/src/crypto/sha512-internal.c @@ -21,17 +21,17 @@ * @mac: Buffer for the hash * Returns: 0 on success, -1 of failure */ -int sha512_vector(size_t num_elem, const u8 *addr[], const size_t *len, +int wpa_sha512_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac) { struct sha512_state ctx; size_t i; - sha512_init(&ctx); + wpa_sha512_init(&ctx); for (i = 0; i < num_elem; i++) - if (sha512_process(&ctx, addr[i], len[i])) + if (wpa_sha512_process(&ctx, addr[i], len[i])) return -1; - if (sha512_done(&ctx, mac)) + if (wpa_sha512_done(&ctx, mac)) return -1; return 0; } @@ -107,7 +107,7 @@ static const u64 K[80] = { CONST64(0xFFFFFFFFFFFFFFFF)) /* compress 1024-bits */ -static int sha512_compress(struct sha512_state *md, unsigned char *buf) +static int wpa_sha512_compress(struct sha512_state *md, unsigned char *buf) { u64 S[8], t0, t1; u64 *W; @@ -161,7 +161,7 @@ static int sha512_compress(struct sha512_state *md, unsigned char *buf) @param md The hash state you wish to initialize @return CRYPT_OK if successful */ -void sha512_init(struct sha512_state *md) +void wpa_sha512_init(struct sha512_state *md) { md->curlen = 0; md->length = 0; @@ -183,7 +183,7 @@ void sha512_init(struct sha512_state *md) @param inlen The length of the data (octets) @return CRYPT_OK if successful */ -int sha512_process(struct sha512_state *md, const unsigned char *in, +int wpa_sha512_process(struct sha512_state *md, const unsigned char *in, unsigned long inlen) { unsigned long n; @@ -193,7 +193,7 @@ int sha512_process(struct sha512_state *md, const unsigned char *in, while (inlen > 0) { if (md->curlen == 0 && inlen >= SHA512_BLOCK_SIZE) { - if (sha512_compress(md, (unsigned char *) in) < 0) + if (wpa_sha512_compress(md, (unsigned char *) in) < 0) return -1; md->length += SHA512_BLOCK_SIZE * 8; in += SHA512_BLOCK_SIZE; @@ -205,7 +205,7 @@ int sha512_process(struct sha512_state *md, const unsigned char *in, in += n; inlen -= n; if (md->curlen == SHA512_BLOCK_SIZE) { - if (sha512_compress(md, md->buf) < 0) + if (wpa_sha512_compress(md, md->buf) < 0) return -1; md->length += 8 * SHA512_BLOCK_SIZE; md->curlen = 0; @@ -223,7 +223,7 @@ int sha512_process(struct sha512_state *md, const unsigned char *in, @param out [out] The destination of the hash (64 bytes) @return CRYPT_OK if successful */ -int sha512_done(struct sha512_state *md, unsigned char *out) +int wpa_sha512_done(struct sha512_state *md, unsigned char *out) { int i; @@ -244,7 +244,7 @@ int sha512_done(struct sha512_state *md, unsigned char *out) while (md->curlen < 128) { md->buf[md->curlen++] = (unsigned char) 0; } - sha512_compress(md, md->buf); + wpa_sha512_compress(md, md->buf); md->curlen = 0; } @@ -258,7 +258,7 @@ int sha512_done(struct sha512_state *md, unsigned char *out) /* store length */ WPA_PUT_BE64(md->buf + 120, md->length); - sha512_compress(md, md->buf); + wpa_sha512_compress(md, md->buf); /* copy output */ for (i = 0; i < 8; i++) diff --git a/components/wpa_supplicant/src/crypto/sha512_i.h b/components/wpa_supplicant/src/crypto/sha512_i.h index 108958911e..1100b8eae8 100644 --- a/components/wpa_supplicant/src/crypto/sha512_i.h +++ b/components/wpa_supplicant/src/crypto/sha512_i.h @@ -17,9 +17,9 @@ struct sha512_state { u8 buf[SHA512_BLOCK_SIZE]; }; -void sha512_init(struct sha512_state *md); -int sha512_process(struct sha512_state *md, const unsigned char *in, +void wpa_sha512_init(struct sha512_state *md); +int wpa_sha512_process(struct sha512_state *md, const unsigned char *in, unsigned long inlen); -int sha512_done(struct sha512_state *md, unsigned char *out); +int wpa_sha512_done(struct sha512_state *md, unsigned char *out); #endif /* SHA512_I_H */ diff --git a/components/wpa_supplicant/src/eap_peer/eap_fast.c b/components/wpa_supplicant/src/eap_peer/eap_fast.c index 2031c53933..833c487d7e 100644 --- a/components/wpa_supplicant/src/eap_peer/eap_fast.c +++ b/components/wpa_supplicant/src/eap_peer/eap_fast.c @@ -630,7 +630,7 @@ static void eap_fast_write_crypto_binding( rbind->subtype = EAP_TLV_CRYPTO_BINDING_SUBTYPE_RESPONSE; os_memcpy(rbind->nonce, _bind->nonce, sizeof(_bind->nonce)); inc_byte_array(rbind->nonce, sizeof(rbind->nonce)); - hmac_sha1(cmk, EAP_FAST_CMK_LEN, (u8 *) rbind, sizeof(*rbind), + wpa_hmac_sha1(cmk, EAP_FAST_CMK_LEN, (u8 *) rbind, sizeof(*rbind), rbind->compound_mac); wpa_printf(MSG_DEBUG, "EAP-FAST: Reply Crypto-Binding TLV: Version %d " @@ -709,7 +709,7 @@ static int eap_fast_get_cmk(struct eap_sm *sm, struct eap_fast_data *data, if (eap_fast_get_phase2_key(sm, data, isk, sizeof(isk)) < 0) return -1; wpa_hexdump_key(MSG_MSGDUMP, "EAP-FAST: ISK[j]", isk, sizeof(isk)); - if (sha1_t_prf(data->simck, EAP_FAST_SIMCK_LEN, + if (wpa_sha1_t_prf(data->simck, EAP_FAST_SIMCK_LEN, "Inner Methods Compound Keys", isk, sizeof(isk), imck, sizeof(imck)) < 0) return -1; @@ -771,7 +771,7 @@ static struct wpabuf * eap_fast_process_crypto_binding( os_memset(_bind->compound_mac, 0, sizeof(cmac)); wpa_hexdump(MSG_MSGDUMP, "EAP-FAST: Crypto-Binding TLV for Compound " "MAC calculation", (u8 *) _bind, bind_len); - hmac_sha1(cmk, EAP_FAST_CMK_LEN, (u8 *) _bind, bind_len, + wpa_hmac_sha1(cmk, EAP_FAST_CMK_LEN, (u8 *) _bind, bind_len, _bind->compound_mac); res = os_memcmp_const(cmac, _bind->compound_mac, sizeof(cmac)); wpa_hexdump(MSG_DEBUG, "EAP-FAST: Received Compound MAC", diff --git a/components/wpa_supplicant/src/eap_peer/eap_fast_common.c b/components/wpa_supplicant/src/eap_peer/eap_fast_common.c index bb64ca750b..675f16dac5 100644 --- a/components/wpa_supplicant/src/eap_peer/eap_fast_common.c +++ b/components/wpa_supplicant/src/eap_peer/eap_fast_common.c @@ -84,7 +84,7 @@ void eap_fast_derive_master_secret(const u8 *pac_key, const u8 *server_random, */ os_memcpy(seed, server_random, TLS_RANDOM_LEN); os_memcpy(seed + TLS_RANDOM_LEN, client_random, TLS_RANDOM_LEN); - sha1_t_prf(pac_key, EAP_FAST_PAC_KEY_LEN, + wpa_sha1_t_prf(pac_key, EAP_FAST_PAC_KEY_LEN, "PAC to master secret label hash", seed, sizeof(seed), master_secret, TLS_MASTER_SECRET_LEN); @@ -117,7 +117,7 @@ int eap_fast_derive_eap_msk(const u8 *simck, u8 *msk) * MSK = T-PRF(S-IMCK[j], "Session Key Generating Function", 64) */ - if (sha1_t_prf(simck, EAP_FAST_SIMCK_LEN, + if (wpa_sha1_t_prf(simck, EAP_FAST_SIMCK_LEN, "Session Key Generating Function", (u8 *) "", 0, msk, EAP_FAST_KEY_LEN) < 0) return -1; @@ -135,7 +135,7 @@ int eap_fast_derive_eap_emsk(const u8 *simck, u8 *emsk) * "Extended Session Key Generating Function", 64) */ - if (sha1_t_prf(simck, EAP_FAST_SIMCK_LEN, + if (wpa_sha1_t_prf(simck, EAP_FAST_SIMCK_LEN, "Extended Session Key Generating Function", (u8 *) "", 0, emsk, EAP_EMSK_LEN) < 0) return -1; diff --git a/components/wpa_supplicant/src/eap_peer/eap_peap.c b/components/wpa_supplicant/src/eap_peer/eap_peap.c index 312536a880..1c7075e6c0 100644 --- a/components/wpa_supplicant/src/eap_peer/eap_peap.c +++ b/components/wpa_supplicant/src/eap_peer/eap_peap.c @@ -363,7 +363,7 @@ eap_tlv_add_cryptobinding(struct eap_sm *sm, addr[0], len[0]); wpa_hexdump(MSG_MSGDUMP, "EAP-PEAP: Compound_MAC data 2", addr[1], len[1]); - hmac_sha1_vector(data->cmk, 20, 2, addr, len, mac); + wpa_hmac_sha1_vector(data->cmk, 20, 2, addr, len, mac); wpa_hexdump(MSG_MSGDUMP, "EAP-PEAP: Compound_MAC", mac, SHA1_MAC_LEN); data->crypto_binding_used = 1; @@ -458,7 +458,7 @@ eap_tlv_validate_cryptobinding(struct eap_sm *sm, buf[60] = EAP_TYPE_PEAP; wpa_hexdump(MSG_DEBUG, "EAP-PEAP: Compound_MAC data", buf, sizeof(buf)); - hmac_sha1(data->cmk, 20, buf, sizeof(buf), mac); + wpa_hmac_sha1(data->cmk, 20, buf, sizeof(buf), mac); if (os_memcmp(mac, pos, SHA1_MAC_LEN) != 0) { wpa_printf(MSG_DEBUG, "EAP-PEAP: Invalid Compound_MAC in " diff --git a/components/wpa_supplicant/src/eap_peer/eap_peap_common.c b/components/wpa_supplicant/src/eap_peer/eap_peap_common.c index 2cafe71975..2d078ceb89 100644 --- a/components/wpa_supplicant/src/eap_peer/eap_peap_common.c +++ b/components/wpa_supplicant/src/eap_peer/eap_peap_common.c @@ -72,7 +72,7 @@ peap_prfplus(int version, const u8 *key, size_t key_len, while (pos < buf_len) { counter++; plen = buf_len - pos; - if (hmac_sha1_vector(key, key_len, 5, addr, len, hash) < 0) + if (wpa_hmac_sha1_vector(key, key_len, 5, addr, len, hash) < 0) return -1; if (plen >= SHA1_MAC_LEN) { os_memcpy(&buf[pos], hash, SHA1_MAC_LEN); diff --git a/components/wpa_supplicant/src/eap_server/eap_server.c b/components/wpa_supplicant/src/eap_server/eap_server.c index a0aaf8e652..a6ba3c3ee5 100644 --- a/components/wpa_supplicant/src/eap_server/eap_server.c +++ b/components/wpa_supplicant/src/eap_server/eap_server.c @@ -462,7 +462,7 @@ static void eap_server_erp_init(struct eap_sm *sm) wpa_hexdump_key(MSG_DEBUG, "EAP: EMSK", emsk, emsk_len); WPA_PUT_BE16(len, EAP_EMSK_NAME_LEN); - if (hmac_sha256_kdf(sm->eap_if.eapSessionId, sm->eap_if.eapSessionIdLen, + if (wpa_hmac_sha256_kdf(sm->eap_if.eapSessionId, sm->eap_if.eapSessionIdLen, "EMSK", len, sizeof(len), EMSKname, EAP_EMSK_NAME_LEN) < 0) { wpa_printf(MSG_DEBUG, "EAP: Could not derive EMSKname"); @@ -476,7 +476,7 @@ static void eap_server_erp_init(struct eap_sm *sm) os_memcpy(&erp->keyname_nai[pos + 1], domain, domain_len); WPA_PUT_BE16(len, emsk_len); - if (hmac_sha256_kdf(emsk, emsk_len, + if (wpa_hmac_sha256_kdf(emsk, emsk_len, "EAP Re-authentication Root Key@ietf.org", len, sizeof(len), erp->rRK, emsk_len) < 0) { wpa_printf(MSG_DEBUG, "EAP: Could not derive rRK for ERP"); @@ -487,7 +487,7 @@ static void eap_server_erp_init(struct eap_sm *sm) ctx[0] = EAP_ERP_CS_HMAC_SHA256_128; WPA_PUT_BE16(&ctx[1], erp->rRK_len); - if (hmac_sha256_kdf(erp->rRK, erp->rRK_len, + if (wpa_hmac_sha256_kdf(erp->rRK, erp->rRK_len, "Re-authentication Integrity Key@ietf.org", ctx, sizeof(ctx), erp->rIK, erp->rRK_len) < 0) { wpa_printf(MSG_DEBUG, "EAP: Could not derive rIK for ERP"); @@ -743,7 +743,7 @@ static void erp_send_finish_reauth(struct eap_sm *sm, if (erp) { wpabuf_put_u8(msg, erp->cryptosuite); - if (hmac_sha256(erp->rIK, erp->rIK_len, + if (wpa_hmac_sha256(erp->rIK, erp->rIK_len, wpabuf_head(msg), wpabuf_len(msg), hash) < 0) { wpabuf_free(msg); return; @@ -776,7 +776,7 @@ static void erp_send_finish_reauth(struct eap_sm *sm, WPA_PUT_BE16(seed, seq); WPA_PUT_BE16(&seed[2], erp->rRK_len); - if (hmac_sha256_kdf(erp->rRK, erp->rRK_len, + if (wpa_hmac_sha256_kdf(erp->rRK, erp->rRK_len, "Re-authentication Master Session Key@ietf.org", seed, sizeof(seed), sm->eap_if.eapKeyData, erp->rRK_len) < 0) { @@ -928,7 +928,7 @@ SM_STATE(EAP, INITIATE_RECEIVED) } if (hash_len) { - if (hmac_sha256(erp->rIK, erp->rIK_len, hdr, + if (wpa_hmac_sha256(erp->rIK, erp->rIK_len, hdr, end - hdr - hash_len, hash) < 0) goto fail; if (os_memcmp(end - hash_len, hash, hash_len) != 0) { @@ -941,7 +941,7 @@ SM_STATE(EAP, INITIATE_RECEIVED) /* Check if any supported CS results in matching tag */ if (!hash_len && max_len >= 1 + 32 && end[-33] == EAP_ERP_CS_HMAC_SHA256_256) { - if (hmac_sha256(erp->rIK, erp->rIK_len, hdr, + if (wpa_hmac_sha256(erp->rIK, erp->rIK_len, hdr, end - hdr - 32, hash) < 0) goto fail; if (os_memcmp(end - 32, hash, 32) == 0) { @@ -953,7 +953,7 @@ SM_STATE(EAP, INITIATE_RECEIVED) } if (!hash_len && end[-17] == EAP_ERP_CS_HMAC_SHA256_128) { - if (hmac_sha256(erp->rIK, erp->rIK_len, hdr, + if (wpa_hmac_sha256(erp->rIK, erp->rIK_len, hdr, end - hdr - 16, hash) < 0) goto fail; if (os_memcmp(end - 16, hash, 16) == 0) { diff --git a/components/wpa_supplicant/src/rsn_supp/wpa.c b/components/wpa_supplicant/src/rsn_supp/wpa.c index aef17fc9c0..0ead21a2c8 100644 --- a/components/wpa_supplicant/src/rsn_supp/wpa.c +++ b/components/wpa_supplicant/src/rsn_supp/wpa.c @@ -2945,7 +2945,7 @@ int owe_process_assoc_resp(const u8 *rsn_ie, size_t rsn_len, const uint8_t *dh_i addr[1] = dh_ie + 2; len[1] = dh_len - 2; - int res = sha256_vector(2, addr, len, pmkid); + int res = wpa_sha256_vector(2, addr, len, pmkid); if (res < 0 ) { goto fail; } @@ -2969,7 +2969,7 @@ int owe_process_assoc_resp(const u8 *rsn_ie, size_t rsn_len, const uint8_t *dh_i wpabuf_put_data(hkey, dh_ie + 2, dh_len - 2); /* A */ wpabuf_put_le16(hkey, sm->owe_group); /* group */ - res = hmac_sha256(wpabuf_head(hkey), wpabuf_len(hkey), wpabuf_head(sh_secret), wpabuf_len(sh_secret), prk); + res = wpa_hmac_sha256(wpabuf_head(hkey), wpabuf_len(hkey), wpabuf_head(sh_secret), wpabuf_len(sh_secret), prk); if (res < 0 ) { goto fail; } @@ -2982,7 +2982,7 @@ int owe_process_assoc_resp(const u8 *rsn_ie, size_t rsn_len, const uint8_t *dh_i wpa_hexdump_key(MSG_DEBUG, "OWE: prk", prk, hash_len); /* PMK = HKDF-expand(prk, "OWE Key Generation", n) */ - res = hmac_sha256_kdf(prk, hash_len, NULL, (const u8 *)info, + res = wpa_hmac_sha256_kdf(prk, hash_len, NULL, (const u8 *)info, os_strlen(info), pmk, hash_len); if (res < 0 ) { goto fail; diff --git a/components/wpa_supplicant/src/tls/pkcs5.c b/components/wpa_supplicant/src/tls/pkcs5.c index 7bef89b4fd..ccee6d78e6 100644 --- a/components/wpa_supplicant/src/tls/pkcs5.c +++ b/components/wpa_supplicant/src/tls/pkcs5.c @@ -444,13 +444,13 @@ static int pkcs12_key_gen(const u8 *pw, size_t pw_len, const u8 *salt, len[0] = v; addr[1] = I; len[1] = S_len + P_len; - if (sha1_vector(2, addr, len, hash) < 0) + if (wpa_sha1_vector(2, addr, len, hash) < 0) goto done; addr[0] = hash; len[0] = SHA1_MAC_LEN; for (i = 1; i < iter; i++) { - if (sha1_vector(1, addr, len, hash) < 0) + if (wpa_sha1_vector(1, addr, len, hash) < 0) goto done; } diff --git a/components/wpa_supplicant/src/tls/tlsv1_client_ocsp.c b/components/wpa_supplicant/src/tls/tlsv1_client_ocsp.c index 128f4b5b9e..c4d06c3de9 100644 --- a/components/wpa_supplicant/src/tls/tlsv1_client_ocsp.c +++ b/components/wpa_supplicant/src/tls/tlsv1_client_ocsp.c @@ -55,7 +55,7 @@ static int ocsp_responder_id_match(struct x509_certificate *signer, const u8 *addr[1] = { signer->public_key }; size_t len[1] = { signer->public_key_len }; - if (sha1_vector(1, addr, len, hash) < 0) + if (wpa_sha1_vector(1, addr, len, hash) < 0) return 0; return os_memcmp(hash, key_hash, SHA1_MAC_LEN) == 0; } @@ -72,28 +72,28 @@ static unsigned int ocsp_hash_data(struct asn1_oid *alg, const u8 *data, char buf[100]; if (x509_sha1_oid(alg)) { - if (sha1_vector(1, addr, len, hash) < 0) + if (wpa_sha1_vector(1, addr, len, hash) < 0) return 0; wpa_hexdump(MSG_MSGDUMP, "OCSP: Hash (SHA1)", hash, 20); return 20; } if (x509_sha256_oid(alg)) { - if (sha256_vector(1, addr, len, hash) < 0) + if (wpa_sha256_vector(1, addr, len, hash) < 0) return 0; wpa_hexdump(MSG_MSGDUMP, "OCSP: Hash (SHA256)", hash, 32); return 32; } if (x509_sha384_oid(alg)) { - if (sha384_vector(1, addr, len, hash) < 0) + if (wpa_sha384_vector(1, addr, len, hash) < 0) return 0; wpa_hexdump(MSG_MSGDUMP, "OCSP: Hash (SHA384)", hash, 48); return 48; } if (x509_sha512_oid(alg)) { - if (sha512_vector(1, addr, len, hash) < 0) + if (wpa_sha512_vector(1, addr, len, hash) < 0) return 0; wpa_hexdump(MSG_MSGDUMP, "OCSP: Hash (SHA512)", hash, 64); return 64; diff --git a/components/wpa_supplicant/src/tls/tlsv1_client_read.c b/components/wpa_supplicant/src/tls/tlsv1_client_read.c index 3394873655..e13a7fc8dc 100644 --- a/components/wpa_supplicant/src/tls/tlsv1_client_read.c +++ b/components/wpa_supplicant/src/tls/tlsv1_client_read.c @@ -304,7 +304,7 @@ static void tls_peer_cert_event(struct tlsv1_client *conn, int depth, size_t len[1]; addr[0] = wpabuf_head(cert_buf); len[0] = wpabuf_len(cert_buf); - if (sha256_vector(1, addr, len, hash) == 0) { + if (wpa_sha256_vector(1, addr, len, hash) == 0) { ev.peer_cert.hash = hash; ev.peer_cert.hash_len = sizeof(hash); } @@ -519,7 +519,7 @@ static int tls_process_certificate(struct tlsv1_client *conn, u8 ct, "TLSv1: Validate server certificate hash"); x509_name_string(&chain->subject, buf, sizeof(buf)); wpa_printf(MSG_DEBUG, "TLSv1: 0: %s", buf); - if (sha256_vector(1, &chain->cert_start, &chain->cert_len, + if (wpa_sha256_vector(1, &chain->cert_start, &chain->cert_len, hash) < 0 || os_memcmp(conn->cred->srv_cert_hash, hash, SHA256_MAC_LEN) != 0) { diff --git a/components/wpa_supplicant/src/tls/tlsv1_cred.c b/components/wpa_supplicant/src/tls/tlsv1_cred.c index 1310f4e10e..0cee09749d 100644 --- a/components/wpa_supplicant/src/tls/tlsv1_cred.c +++ b/components/wpa_supplicant/src/tls/tlsv1_cred.c @@ -130,7 +130,7 @@ static int tlsv1_add_cert(struct x509_certificate **chain, return -1; } - der = base64_decode((const char *) pos, end - pos, &der_len); + der = wpa_base64_decode((const char *) pos, end - pos, &der_len); if (der == NULL) { wpa_printf(MSG_INFO, "TLSv1: Could not decode PEM " "certificate"); @@ -293,7 +293,7 @@ static struct crypto_private_key * tlsv1_set_key_pem(const u8 *key, size_t len) } } - der = base64_decode((const char *) pos, end - pos, &der_len); + der = wpa_base64_decode((const char *) pos, end - pos, &der_len); if (!der) return NULL; pkey = crypto_private_key_import(der, der_len, NULL); @@ -321,7 +321,7 @@ static struct crypto_private_key * tlsv1_set_key_enc_pem(const u8 *key, if (!end) return NULL; - der = base64_decode((const char *) pos, end - pos, &der_len); + der = wpa_base64_decode((const char *) pos, end - pos, &der_len); if (!der) return NULL; pkey = crypto_private_key_import(der, der_len, passwd); @@ -1158,7 +1158,7 @@ static int tlsv1_set_dhparams_blob(struct tlsv1_credentials *cred, return -1; } - der = base64_decode((const char *) pos, end - pos, &der_len); + der = wpa_base64_decode((const char *) pos, end - pos, &der_len); if (der == NULL) { wpa_printf(MSG_INFO, "TLSv1: Could not decode PEM dhparams"); return -1; diff --git a/components/wpa_supplicant/src/tls/x509v3.c b/components/wpa_supplicant/src/tls/x509v3.c index 1bbd80ade8..4057e40b03 100644 --- a/components/wpa_supplicant/src/tls/x509v3.c +++ b/components/wpa_supplicant/src/tls/x509v3.c @@ -2047,25 +2047,25 @@ skip_digest_oid: hash, hash_len); break; case 5: /* sha-1WithRSAEncryption */ - sha1_vector(1, addr, len, hash); + wpa_sha1_vector(1, addr, len, hash); hash_len = 20; wpa_hexdump(MSG_MSGDUMP, "X509: Certificate hash (SHA1)", hash, hash_len); break; case 11: /* sha256WithRSAEncryption */ - sha256_vector(1, addr, len, hash); + wpa_sha256_vector(1, addr, len, hash); hash_len = 32; wpa_hexdump(MSG_MSGDUMP, "X509: Certificate hash (SHA256)", hash, hash_len); break; case 12: /* sha384WithRSAEncryption */ - sha384_vector(1, addr, len, hash); + wpa_sha384_vector(1, addr, len, hash); hash_len = 48; wpa_hexdump(MSG_MSGDUMP, "X509: Certificate hash (SHA384)", hash, hash_len); break; case 13: /* sha512WithRSAEncryption */ - sha512_vector(1, addr, len, hash); + wpa_sha512_vector(1, addr, len, hash); hash_len = 64; wpa_hexdump(MSG_MSGDUMP, "X509: Certificate hash (SHA512)", hash, hash_len); diff --git a/components/wpa_supplicant/src/utils/base64.c b/components/wpa_supplicant/src/utils/base64.c index a17d2d36dc..ac347ce00f 100644 --- a/components/wpa_supplicant/src/utils/base64.c +++ b/components/wpa_supplicant/src/utils/base64.c @@ -151,7 +151,7 @@ static unsigned char * base64_gen_decode(const char *src, size_t len, /** - * base64_encode - Base64 encode + * wpa_base64_encode - Base64 encode * @src: Data to be encoded * @len: Length of the data to be encoded * @out_len: Pointer to output length variable, or %NULL if not used @@ -162,20 +162,20 @@ static unsigned char * base64_gen_decode(const char *src, size_t len, * nul terminated to make it easier to use as a C string. The nul terminator is * not included in out_len. */ -char * base64_encode(const void *src, size_t len, size_t *out_len) +char * wpa_base64_encode(const void *src, size_t len, size_t *out_len) { return base64_gen_encode(src, len, out_len, base64_table, 1); } -char * base64_url_encode(const void *src, size_t len, size_t *out_len) +char * wpa_base64_url_encode(const void *src, size_t len, size_t *out_len) { return base64_gen_encode(src, len, out_len, base64_url_table, 0); } /** - * base64_decode - Base64 decode + * wpa_base64_decode - Base64 decode * @src: Data to be decoded * @len: Length of the data to be decoded * @out_len: Pointer to output length variable @@ -184,13 +184,13 @@ char * base64_url_encode(const void *src, size_t len, size_t *out_len) * * Caller is responsible for freeing the returned buffer. */ -unsigned char * base64_decode(const char *src, size_t len, size_t *out_len) +unsigned char * wpa_base64_decode(const char *src, size_t len, size_t *out_len) { return base64_gen_decode(src, len, out_len, base64_table); } -unsigned char * base64_url_decode(const char *src, size_t len, size_t *out_len) +unsigned char * wpa_base64_url_decode(const char *src, size_t len, size_t *out_len) { return base64_gen_decode(src, len, out_len, base64_url_table); } diff --git a/components/wpa_supplicant/src/utils/base64.h b/components/wpa_supplicant/src/utils/base64.h index 6216f44e55..be380ee1ca 100644 --- a/components/wpa_supplicant/src/utils/base64.h +++ b/components/wpa_supplicant/src/utils/base64.h @@ -6,12 +6,12 @@ * See README for more details. */ -#ifndef BASE64_H -#define BASE64_H +#ifndef WPA_BASE64_H +#define WPA_BASE64_H -char * base64_encode(const void *src, size_t len, size_t *out_len); -unsigned char * base64_decode(const char *src, size_t len, size_t *out_len); -char * base64_url_encode(const void *src, size_t len, size_t *out_len); -unsigned char * base64_url_decode(const char *src, size_t len, size_t *out_len); +char * wpa_base64_encode(const void *src, size_t len, size_t *out_len); +unsigned char * wpa_base64_decode(const char *src, size_t len, size_t *out_len); +char * wpa_base64_url_encode(const void *src, size_t len, size_t *out_len); +unsigned char * wpa_base64_url_decode(const char *src, size_t len, size_t *out_len); -#endif /* BASE64_H */ +#endif /* WPA_BASE64_H */ diff --git a/components/wpa_supplicant/src/utils/json.c b/components/wpa_supplicant/src/utils/json.c index 5a0edf2114..58093c6b8e 100644 --- a/components/wpa_supplicant/src/utils/json.c +++ b/components/wpa_supplicant/src/utils/json.c @@ -516,7 +516,7 @@ struct wpabuf * json_get_member_base64url(struct json_token *json, token = json_get_member(json, name); if (!token || token->type != JSON_STRING) return NULL; - buf = base64_url_decode(token->string, os_strlen(token->string), + buf = wpa_base64_url_decode(token->string, os_strlen(token->string), &buflen); if (!buf) return NULL; @@ -611,7 +611,7 @@ int json_add_base64url(struct wpabuf *json, const char *name, const void *val, { char *b64; - b64 = base64_url_encode(val, len, NULL); + b64 = wpa_base64_url_encode(val, len, NULL); if (!b64) return -1; json_add_string(json, name, b64); diff --git a/components/wpa_supplicant/src/wps/wps_attr_build.c b/components/wpa_supplicant/src/wps/wps_attr_build.c index c7d739a0c3..b4609ec647 100644 --- a/components/wpa_supplicant/src/wps/wps_attr_build.c +++ b/components/wpa_supplicant/src/wps/wps_attr_build.c @@ -181,7 +181,7 @@ int wps_build_authenticator(struct wps_data *wps, struct wpabuf *msg) len[0] = wpabuf_len(wps->last_msg); addr[1] = wpabuf_head(msg); len[1] = wpabuf_len(msg); - if (hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 2, addr, len, + if (wpa_hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 2, addr, len, hash) < 0) return -1; @@ -385,7 +385,7 @@ int wps_build_key_wrap_auth(struct wps_data *wps, struct wpabuf *msg) u8 hash[SHA256_MAC_LEN]; wpa_printf(MSG_DEBUG, "WPS: * Key Wrap Authenticator"); - if (hmac_sha256(wps->authkey, WPS_AUTHKEY_LEN, wpabuf_head(msg), + if (wpa_hmac_sha256(wps->authkey, WPS_AUTHKEY_LEN, wpabuf_head(msg), wpabuf_len(msg), hash) < 0) return -1; @@ -438,7 +438,7 @@ int wps_build_oob_dev_pw(struct wpabuf *msg, u16 dev_pw_id, dev_pw_id); addr[0] = wpabuf_head(pubkey); hash_len = wpabuf_len(pubkey); - if (sha256_vector(1, addr, &hash_len, pubkey_hash) < 0) + if (wpa_sha256_vector(1, addr, &hash_len, pubkey_hash) < 0) return -1; #ifdef CONFIG_WPS_TESTING if (wps_corrupt_pkhash) { diff --git a/components/wpa_supplicant/src/wps/wps_attr_process.c b/components/wpa_supplicant/src/wps/wps_attr_process.c index 44436a4862..9eca971ae9 100644 --- a/components/wpa_supplicant/src/wps/wps_attr_process.c +++ b/components/wpa_supplicant/src/wps/wps_attr_process.c @@ -40,7 +40,7 @@ int wps_process_authenticator(struct wps_data *wps, const u8 *authenticator, addr[1] = wpabuf_head(msg); len[1] = wpabuf_len(msg) - 4 - WPS_AUTHENTICATOR_LEN; - if (hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 2, addr, len, + if (wpa_hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 2, addr, len, hash) < 0 || os_memcmp_const(hash, authenticator, WPS_AUTHENTICATOR_LEN) != 0) { wpa_printf(MSG_DEBUG, "WPS: Incorrect Authenticator"); @@ -71,7 +71,7 @@ int wps_process_key_wrap_auth(struct wps_data *wps, struct wpabuf *msg, return -1; } - if (hmac_sha256(wps->authkey, WPS_AUTHKEY_LEN, head, len, hash) < 0 || + if (wpa_hmac_sha256(wps->authkey, WPS_AUTHKEY_LEN, head, len, hash) < 0 || os_memcmp_const(hash, key_wrap_auth, WPS_KWA_LEN) != 0) { wpa_printf(MSG_DEBUG, "WPS: Invalid KWA"); return -1; diff --git a/components/wpa_supplicant/src/wps/wps_common.c b/components/wpa_supplicant/src/wps/wps_common.c index 7d4288c7c6..89fe937d68 100644 --- a/components/wpa_supplicant/src/wps/wps_common.c +++ b/components/wpa_supplicant/src/wps/wps_common.c @@ -48,7 +48,7 @@ void wps_kdf(const u8 *key, const u8 *label_prefix, size_t label_prefix_len, for (i = 1; i <= iter; i++) { WPA_PUT_BE32(i_buf, i); - hmac_sha256_vector(key, SHA256_MAC_LEN, 4, addr, len, hash); + wpa_hmac_sha256_vector(key, SHA256_MAC_LEN, 4, addr, len, hash); if (i < iter) { os_memcpy(opos, hash, SHA256_MAC_LEN); opos += SHA256_MAC_LEN; @@ -104,7 +104,7 @@ int wps_derive_keys(struct wps_data *wps) /* DHKey = SHA-256(g^AB mod p) */ addr[0] = wpabuf_head(dh_shared); len[0] = wpabuf_len(dh_shared); - sha256_vector(1, addr, len, dhkey); + wpa_sha256_vector(1, addr, len, dhkey); wpa_hexdump_key(MSG_DEBUG, "WPS: DHKey", dhkey, sizeof(dhkey)); wpabuf_clear_free(dh_shared); @@ -115,7 +115,7 @@ int wps_derive_keys(struct wps_data *wps) len[1] = ETH_ALEN; addr[2] = wps->nonce_r; len[2] = WPS_NONCE_LEN; - hmac_sha256_vector(dhkey, sizeof(dhkey), 3, addr, len, kdk); + wpa_hmac_sha256_vector(dhkey, sizeof(dhkey), 3, addr, len, kdk); wpa_hexdump_key(MSG_DEBUG, "WPS: KDK", kdk, sizeof(kdk)); wps_kdf(kdk, NULL, 0, "Wi-Fi Easy and Secure Key Derivation", @@ -140,11 +140,11 @@ int wps_derive_psk(struct wps_data *wps, const u8 *dev_passwd, { u8 hash[SHA256_MAC_LEN]; - if (hmac_sha256(wps->authkey, WPS_AUTHKEY_LEN, dev_passwd, + if (wpa_hmac_sha256(wps->authkey, WPS_AUTHKEY_LEN, dev_passwd, (dev_passwd_len + 1) / 2, hash) < 0) return -1; os_memcpy(wps->psk1, hash, WPS_PSK_LEN); - if (hmac_sha256(wps->authkey, WPS_AUTHKEY_LEN, + if (wpa_hmac_sha256(wps->authkey, WPS_AUTHKEY_LEN, dev_passwd + (dev_passwd_len + 1) / 2, dev_passwd_len / 2, hash) < 0) return -1; diff --git a/components/wpa_supplicant/src/wps/wps_enrollee.c b/components/wpa_supplicant/src/wps/wps_enrollee.c index 2f8e1aacfd..973c939733 100644 --- a/components/wpa_supplicant/src/wps/wps_enrollee.c +++ b/components/wpa_supplicant/src/wps/wps_enrollee.c @@ -65,7 +65,7 @@ static int wps_build_e_hash(struct wps_data *wps, struct wpabuf *msg) len[2] = wpabuf_len(wps->dh_pubkey_e); addr[3] = wpabuf_head(wps->dh_pubkey_r); len[3] = wpabuf_len(wps->dh_pubkey_r); - hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 4, addr, len, hash); + wpa_hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 4, addr, len, hash); wpa_hexdump(MSG_DEBUG, "WPS: E-Hash1", hash, SHA256_MAC_LEN); wpa_printf(MSG_DEBUG, "WPS: * E-Hash2"); @@ -75,7 +75,7 @@ static int wps_build_e_hash(struct wps_data *wps, struct wpabuf *msg) /* E-Hash2 = HMAC_AuthKey(E-S2 || PSK2 || PK_E || PK_R) */ addr[0] = wps->snonce + WPS_SECRET_NONCE_LEN; addr[1] = wps->psk2; - hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 4, addr, len, hash); + wpa_hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 4, addr, len, hash); wpa_hexdump(MSG_DEBUG, "WPS: E-Hash2", hash, SHA256_MAC_LEN); return 0; @@ -576,7 +576,7 @@ static int wps_process_pubkey(struct wps_data *wps, const u8 *pk, if (wps->peer_pubkey_hash_set) { u8 hash[WPS_HASH_LEN]; - sha256_vector(1, &pk, &pk_len, hash); + wpa_sha256_vector(1, &pk, &pk_len, hash); if (os_memcmp_const(hash, wps->peer_pubkey_hash, WPS_OOB_PUBKEY_HASH_LEN) != 0) { wpa_printf(MSG_ERROR, "WPS: Public Key hash mismatch"); @@ -655,7 +655,7 @@ static int wps_process_r_snonce1(struct wps_data *wps, const u8 *r_snonce1) len[2] = wpabuf_len(wps->dh_pubkey_e); addr[3] = wpabuf_head(wps->dh_pubkey_r); len[3] = wpabuf_len(wps->dh_pubkey_r); - hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 4, addr, len, hash); + wpa_hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 4, addr, len, hash); if (os_memcmp_const(wps->peer_hash1, hash, WPS_HASH_LEN) != 0) { wpa_printf(MSG_DEBUG, "WPS: R-Hash1 derived from R-S1 does " @@ -695,7 +695,7 @@ static int wps_process_r_snonce2(struct wps_data *wps, const u8 *r_snonce2) len[2] = wpabuf_len(wps->dh_pubkey_e); addr[3] = wpabuf_head(wps->dh_pubkey_r); len[3] = wpabuf_len(wps->dh_pubkey_r); - hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 4, addr, len, hash); + wpa_hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 4, addr, len, hash); if (os_memcmp_const(wps->peer_hash2, hash, WPS_HASH_LEN) != 0) { wpa_printf(MSG_DEBUG, "WPS: R-Hash2 derived from R-S2 does " diff --git a/components/wpa_supplicant/src/wps/wps_registrar.c b/components/wpa_supplicant/src/wps/wps_registrar.c index a7edf79ff6..4424e9ba45 100644 --- a/components/wpa_supplicant/src/wps/wps_registrar.c +++ b/components/wpa_supplicant/src/wps/wps_registrar.c @@ -1499,7 +1499,7 @@ static int wps_build_r_hash(struct wps_data *wps, struct wpabuf *msg) len[2] = wpabuf_len(wps->dh_pubkey_e); addr[3] = wpabuf_head(wps->dh_pubkey_r); len[3] = wpabuf_len(wps->dh_pubkey_r); - hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 4, addr, len, hash); + wpa_hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 4, addr, len, hash); wpa_hexdump(MSG_DEBUG, "WPS: R-Hash1", hash, SHA256_MAC_LEN); wpa_printf(MSG_DEBUG, "WPS: * R-Hash2"); @@ -1509,7 +1509,7 @@ static int wps_build_r_hash(struct wps_data *wps, struct wpabuf *msg) /* R-Hash2 = HMAC_AuthKey(R-S2 || PSK2 || PK_E || PK_R) */ addr[0] = wps->snonce + WPS_SECRET_NONCE_LEN; addr[1] = wps->psk2; - hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 4, addr, len, hash); + wpa_hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 4, addr, len, hash); wpa_hexdump(MSG_DEBUG, "WPS: R-Hash2", hash, SHA256_MAC_LEN); return 0; @@ -1748,7 +1748,7 @@ int wps_build_cred(struct wps_data *wps, struct wpabuf *msg) return -1; } os_free(wps->new_psk); - wps->new_psk = (u8 *) base64_encode(r, sizeof(r), + wps->new_psk = (u8 *) wpa_base64_encode(r, sizeof(r), &wps->new_psk_len); if (wps->new_psk == NULL) return -1; @@ -2329,7 +2329,7 @@ static int wps_process_e_snonce1(struct wps_data *wps, const u8 *e_snonce1) len[2] = wpabuf_len(wps->dh_pubkey_e); addr[3] = wpabuf_head(wps->dh_pubkey_r); len[3] = wpabuf_len(wps->dh_pubkey_r); - hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 4, addr, len, hash); + wpa_hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 4, addr, len, hash); if (os_memcmp_const(wps->peer_hash1, hash, WPS_HASH_LEN) != 0) { wpa_printf(MSG_DEBUG, "WPS: E-Hash1 derived from E-S1 does " @@ -2369,7 +2369,7 @@ static int wps_process_e_snonce2(struct wps_data *wps, const u8 *e_snonce2) len[2] = wpabuf_len(wps->dh_pubkey_e); addr[3] = wpabuf_head(wps->dh_pubkey_r); len[3] = wpabuf_len(wps->dh_pubkey_r); - hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 4, addr, len, hash); + wpa_hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 4, addr, len, hash); if (os_memcmp_const(wps->peer_hash2, hash, WPS_HASH_LEN) != 0) { wpa_printf(MSG_DEBUG, "WPS: E-Hash2 derived from E-S2 does " @@ -2721,7 +2721,7 @@ static enum wps_process_res wps_process_m1(struct wps_data *wps, addr[0] = attr->public_key; len = attr->public_key_len; - sha256_vector(1, addr, &len, hash); + wpa_sha256_vector(1, addr, &len, hash); if (os_memcmp_const(hash, wps->nfc_pw_token->pubkey_hash, WPS_OOB_PUBKEY_HASH_LEN) != 0) { -- 2.34.1