projects / mech_eap.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 9b3e2ad)
Use internal FIPS 186-2 PRF if needed
authorJouni Malinen <jouni@qca.qualcomm.com>
Tue, 11 Mar 2014 14:33:05 +0000 (16:33 +0200)
committerJouni Malinen <j@w1.fi>
Tue, 11 Mar 2014 14:44:22 +0000 (16:44 +0200)
Previously, EAP-SIM/AKA/AKA' did not work with number of crypto
libraries (GnuTLS, CryptoAPI, NSS) since the required FIPS 186-2 PRF
function was not implemented. This resulted in somewhat confusing error
messages since the placeholder functions were silently returning an
error. Fix this by using the internal implementation of FIP 186-2 PRF
(including internal SHA-1 implementation) with crypto libraries that do
not implement this in case EAP-SIM/AKA/AKA' is included in the build.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
hostapd/Android.mk patch | blob | history
hostapd/Makefile patch | blob | history
src/crypto/Makefile patch | blob | history
src/crypto/fips_prf_cryptoapi.c [deleted file] patch | blob | history
src/crypto/fips_prf_gnutls.c [deleted file] patch | blob | history
src/crypto/fips_prf_nss.c [deleted file] patch | blob | history
src/crypto/sha1-internal.c patch | blob | history
wpa_supplicant/Android.mk patch | blob | history
wpa_supplicant/Makefile patch | blob | history

diff --git a/hostapd/Android.mk b/hostapd/Android.mk
index 888ee2b..b96345f 100644 (file)
--- a/hostapd/Android.mk
+++ b/hostapd/Android.mk
@@ -539,7 +539,8 @@ endif
 OBJS += src/crypto/crypto_gnutls.c
 HOBJS += src/crypto/crypto_gnutls.c
 ifdef NEED_FIPS186_2_PRF
-OBJS += src/crypto/fips_prf_gnutls.c
+OBJS += src/crypto/fips_prf_internal.c
+OBJS += src/crypto/sha1-internal.c
 endif
 LIBS += -lgcrypt
 LIBS_h += -lgcrypt
@@ -566,7 +567,8 @@ LIBS += -lssl3
 endif
 OBJS += src/crypto/crypto_nss.c
 ifdef NEED_FIPS186_2_PRF
-OBJS += src/crypto/fips_prf_nss.c
+OBJS += src/crypto/fips_prf_internal.c
+OBJS += src/crypto/sha1-internal.c
 endif
 LIBS += -lnss3
 LIBS_h += -lnss3
diff --git a/hostapd/Makefile b/hostapd/Makefile
index c541d43..1496888 100644 (file)
--- a/hostapd/Makefile
+++ b/hostapd/Makefile
@@ -522,7 +522,8 @@ endif
 OBJS += ../src/crypto/crypto_gnutls.o
 HOBJS += ../src/crypto/crypto_gnutls.o
 ifdef NEED_FIPS186_2_PRF
-OBJS += ../src/crypto/fips_prf_gnutls.o
+OBJS += ../src/crypto/fips_prf_internal.o
+SHA1OBJS += ../src/crypto/sha1-internal.o
 endif
 LIBS += -lgcrypt
 LIBS_h += -lgcrypt
@@ -549,7 +550,8 @@ LIBS += -lssl3
 endif
 OBJS += ../src/crypto/crypto_nss.o
 ifdef NEED_FIPS186_2_PRF
-OBJS += ../src/crypto/fips_prf_nss.o
+OBJS += ../src/crypto/fips_prf_internal.o
+SHA1OBJS += ../src/crypto/sha1-internal.o
 endif
 LIBS += -lnss3
 LIBS_h += -lnss3
diff --git a/src/crypto/Makefile b/src/crypto/Makefile
index fcf9586..2a92109 100644 (file)
--- a/src/crypto/Makefile
+++ b/src/crypto/Makefile
@@ -9,6 +9,7 @@ install:
 
 include ../lib.rules
 
+CFLAGS += -DCONFIG_CRYPTO_INTERNAL
 CFLAGS += -DCONFIG_TLS_INTERNAL_CLIENT
 CFLAGS += -DCONFIG_TLS_INTERNAL_SERVER
 #CFLAGS += -DALL_DH_GROUPS
diff --git a/src/crypto/fips_prf_cryptoapi.c b/src/crypto/fips_prf_cryptoapi.c
deleted file mode 100644 (file)
index dca93a3..0000000
--- a/src/crypto/fips_prf_cryptoapi.c
+++ /dev/null
@@ -1,19 +0,0 @@
-/*
- * FIPS 186-2 PRF for Microsoft CryptoAPI
- * Copyright (c) 2009, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "includes.h"
-
-#include "common.h"
-#include "crypto.h"
-
-
-int fips186_2_prf(const u8 *seed, size_t seed_len, u8 *x, size_t xlen)
-{
-       /* FIX: how to do this with CryptoAPI? */
-       return -1;
-}
diff --git a/src/crypto/fips_prf_gnutls.c b/src/crypto/fips_prf_gnutls.c
deleted file mode 100644 (file)
index 947e6f6..0000000
--- a/src/crypto/fips_prf_gnutls.c
+++ /dev/null
@@ -1,20 +0,0 @@
-/*
- * FIPS 186-2 PRF for libgcrypt
- * Copyright (c) 2004-2009, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "includes.h"
-#include <gcrypt.h>
-
-#include "common.h"
-#include "crypto.h"
-
-
-int fips186_2_prf(const u8 *seed, size_t seed_len, u8 *x, size_t xlen)
-{
-       /* FIX: how to do this with libgcrypt? */
-       return -1;
-}
diff --git a/src/crypto/fips_prf_nss.c b/src/crypto/fips_prf_nss.c
deleted file mode 100644 (file)
index 2c962f4..0000000
--- a/src/crypto/fips_prf_nss.c
+++ /dev/null
@@ -1,19 +0,0 @@
-/*
- * FIPS 186-2 PRF for NSS
- * Copyright (c) 2009, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "includes.h"
-#include <openssl/sha.h>
-
-#include "common.h"
-#include "crypto.h"
-
-
-int fips186_2_prf(const u8 *seed, size_t seed_len, u8 *x, size_t xlen)
-{
-       return -1;
-}
diff --git a/src/crypto/sha1-internal.c b/src/crypto/sha1-internal.c
index 10bf153..24bc3ff 100644 (file)
--- a/src/crypto/sha1-internal.c
+++ b/src/crypto/sha1-internal.c
@@ -19,6 +19,7 @@ typedef struct SHA1Context SHA1_CTX;
 void SHA1Transform(u32 state[5], const unsigned char buffer[64]);
 
 
+#ifdef CONFIG_CRYPTO_INTERNAL
 /**
  * sha1_vector - SHA-1 hash for data vector
  * @num_elem: Number of elements in the data vector
@@ -38,6 +39,7 @@ int sha1_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac)
        SHA1Final(mac, &ctx);
        return 0;
 }
+#endif /* CONFIG_CRYPTO_INTERNAL */
 
 
 /* ===== start - public domain SHA1 implementation ===== */
diff --git a/wpa_supplicant/Android.mk b/wpa_supplicant/Android.mk
index c745cb2..b8690f5 100644 (file)
--- a/wpa_supplicant/Android.mk
+++ b/wpa_supplicant/Android.mk
@@ -962,7 +962,8 @@ endif
 OBJS += src/crypto/crypto_gnutls.c
 OBJS_p += src/crypto/crypto_gnutls.c
 ifdef NEED_FIPS186_2_PRF
-OBJS += src/crypto/fips_prf_gnutls.c
+OBJS += src/crypto/fips_prf_internal.c
+OBJS += src/crypto/sha1-internal.c
 endif
 LIBS += -lgcrypt
 LIBS_p += -lgcrypt
@@ -978,7 +979,8 @@ endif
 OBJS += src/crypto/crypto_cryptoapi.c
 OBJS_p += src/crypto/crypto_cryptoapi.c
 ifdef NEED_FIPS186_2_PRF
-OBJS += src/crypto/fips_prf_cryptoapi.c
+OBJS += src/crypto/fips_prf_internal.c
+OBJS += src/crypto/sha1-internal.c
 endif
 CONFIG_INTERNAL_SHA256=y
 CONFIG_INTERNAL_RC4=y
@@ -993,7 +995,8 @@ endif
 OBJS += src/crypto/crypto_nss.c
 OBJS_p += src/crypto/crypto_nss.c
 ifdef NEED_FIPS186_2_PRF
-OBJS += src/crypto/fips_prf_nss.c
+OBJS += src/crypto/fips_prf_internal.c
+OBJS += src/crypto/sha1-internal.c
 endif
 LIBS += -lnss3
 LIBS_p += -lnss3
diff --git a/wpa_supplicant/Makefile b/wpa_supplicant/Makefile
index 2b8cb93..ce98068 100644 (file)
--- a/wpa_supplicant/Makefile
+++ b/wpa_supplicant/Makefile
@@ -967,7 +967,8 @@ endif
 OBJS += ../src/crypto/crypto_gnutls.o
 OBJS_p += ../src/crypto/crypto_gnutls.o
 ifdef NEED_FIPS186_2_PRF
-OBJS += ../src/crypto/fips_prf_gnutls.o
+OBJS += ../src/crypto/fips_prf_internal.o
+SHA1OBJS += ../src/crypto/sha1-internal.o
 endif
 LIBS += -lgcrypt
 LIBS_p += -lgcrypt
@@ -983,7 +984,8 @@ endif
 OBJS += ../src/crypto/crypto_cryptoapi.o
 OBJS_p += ../src/crypto/crypto_cryptoapi.o
 ifdef NEED_FIPS186_2_PRF
-OBJS += ../src/crypto/fips_prf_cryptoapi.o
+OBJS += ../src/crypto/fips_prf_internal.o
+SHA1OBJS += ../src/crypto/sha1-internal.o
 endif
 CONFIG_INTERNAL_SHA256=y
 CONFIG_INTERNAL_RC4=y
@@ -998,7 +1000,8 @@ endif
 OBJS += ../src/crypto/crypto_nss.o
 OBJS_p += ../src/crypto/crypto_nss.o
 ifdef NEED_FIPS186_2_PRF
-OBJS += ../src/crypto/fips_prf_nss.o
+OBJS += ../src/crypto/fips_prf_internal.o
+SHA1OBJS += ../src/crypto/sha1-internal.o
 endif
 LIBS += -lnss3
 LIBS_p += -lnss3
Moonshot GSS-API mechanism