Use internal FIPS 186-2 PRF if needed
Previously, EAP-SIM/AKA/AKA' did not work with number of crypto libraries (GnuTLS, CryptoAPI, NSS) since the required FIPS 186-2 PRF function was not implemented. This resulted in somewhat confusing error messages since the placeholder functions were silently returning an error. Fix this by using the internal implementation of FIP 186-2 PRF (including internal SHA-1 implementation) with crypto libraries that do not implement this in case EAP-SIM/AKA/AKA' is included in the build. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit is contained in:
		
							parent
							
								
									9b3e2ad3a7
								
							
						
					
					
						commit
						09eef142ea
					
				
					 9 changed files with 23 additions and 68 deletions
				
			
		|  | @ -539,7 +539,8 @@ endif | ||||||
| OBJS += src/crypto/crypto_gnutls.c | OBJS += src/crypto/crypto_gnutls.c | ||||||
| HOBJS += src/crypto/crypto_gnutls.c | HOBJS += src/crypto/crypto_gnutls.c | ||||||
| ifdef NEED_FIPS186_2_PRF | ifdef NEED_FIPS186_2_PRF | ||||||
| OBJS += src/crypto/fips_prf_gnutls.c | OBJS += src/crypto/fips_prf_internal.c | ||||||
|  | OBJS += src/crypto/sha1-internal.c | ||||||
| endif | endif | ||||||
| LIBS += -lgcrypt | LIBS += -lgcrypt | ||||||
| LIBS_h += -lgcrypt | LIBS_h += -lgcrypt | ||||||
|  | @ -566,7 +567,8 @@ LIBS += -lssl3 | ||||||
| endif | endif | ||||||
| OBJS += src/crypto/crypto_nss.c | OBJS += src/crypto/crypto_nss.c | ||||||
| ifdef NEED_FIPS186_2_PRF | ifdef NEED_FIPS186_2_PRF | ||||||
| OBJS += src/crypto/fips_prf_nss.c | OBJS += src/crypto/fips_prf_internal.c | ||||||
|  | OBJS += src/crypto/sha1-internal.c | ||||||
| endif | endif | ||||||
| LIBS += -lnss3 | LIBS += -lnss3 | ||||||
| LIBS_h += -lnss3 | LIBS_h += -lnss3 | ||||||
|  |  | ||||||
|  | @ -522,7 +522,8 @@ endif | ||||||
| OBJS += ../src/crypto/crypto_gnutls.o | OBJS += ../src/crypto/crypto_gnutls.o | ||||||
| HOBJS += ../src/crypto/crypto_gnutls.o | HOBJS += ../src/crypto/crypto_gnutls.o | ||||||
| ifdef NEED_FIPS186_2_PRF | ifdef NEED_FIPS186_2_PRF | ||||||
| OBJS += ../src/crypto/fips_prf_gnutls.o | OBJS += ../src/crypto/fips_prf_internal.o | ||||||
|  | SHA1OBJS += ../src/crypto/sha1-internal.o | ||||||
| endif | endif | ||||||
| LIBS += -lgcrypt | LIBS += -lgcrypt | ||||||
| LIBS_h += -lgcrypt | LIBS_h += -lgcrypt | ||||||
|  | @ -549,7 +550,8 @@ LIBS += -lssl3 | ||||||
| endif | endif | ||||||
| OBJS += ../src/crypto/crypto_nss.o | OBJS += ../src/crypto/crypto_nss.o | ||||||
| ifdef NEED_FIPS186_2_PRF | ifdef NEED_FIPS186_2_PRF | ||||||
| OBJS += ../src/crypto/fips_prf_nss.o | OBJS += ../src/crypto/fips_prf_internal.o | ||||||
|  | SHA1OBJS += ../src/crypto/sha1-internal.o | ||||||
| endif | endif | ||||||
| LIBS += -lnss3 | LIBS += -lnss3 | ||||||
| LIBS_h += -lnss3 | LIBS_h += -lnss3 | ||||||
|  |  | ||||||
|  | @ -9,6 +9,7 @@ install: | ||||||
| 
 | 
 | ||||||
| include ../lib.rules | include ../lib.rules | ||||||
| 
 | 
 | ||||||
|  | CFLAGS += -DCONFIG_CRYPTO_INTERNAL | ||||||
| CFLAGS += -DCONFIG_TLS_INTERNAL_CLIENT | CFLAGS += -DCONFIG_TLS_INTERNAL_CLIENT | ||||||
| CFLAGS += -DCONFIG_TLS_INTERNAL_SERVER | CFLAGS += -DCONFIG_TLS_INTERNAL_SERVER | ||||||
| #CFLAGS += -DALL_DH_GROUPS
 | #CFLAGS += -DALL_DH_GROUPS
 | ||||||
|  |  | ||||||
|  | @ -1,19 +0,0 @@ | ||||||
| /*
 |  | ||||||
|  * FIPS 186-2 PRF for Microsoft CryptoAPI |  | ||||||
|  * Copyright (c) 2009, Jouni Malinen <j@w1.fi> |  | ||||||
|  * |  | ||||||
|  * This software may be distributed under the terms of the BSD license. |  | ||||||
|  * See README for more details. |  | ||||||
|  */ |  | ||||||
| 
 |  | ||||||
| #include "includes.h" |  | ||||||
| 
 |  | ||||||
| #include "common.h" |  | ||||||
| #include "crypto.h" |  | ||||||
| 
 |  | ||||||
| 
 |  | ||||||
| int fips186_2_prf(const u8 *seed, size_t seed_len, u8 *x, size_t xlen) |  | ||||||
| { |  | ||||||
| 	/* FIX: how to do this with CryptoAPI? */ |  | ||||||
| 	return -1; |  | ||||||
| } |  | ||||||
|  | @ -1,20 +0,0 @@ | ||||||
| /*
 |  | ||||||
|  * FIPS 186-2 PRF for libgcrypt |  | ||||||
|  * Copyright (c) 2004-2009, Jouni Malinen <j@w1.fi> |  | ||||||
|  * |  | ||||||
|  * This software may be distributed under the terms of the BSD license. |  | ||||||
|  * See README for more details. |  | ||||||
|  */ |  | ||||||
| 
 |  | ||||||
| #include "includes.h" |  | ||||||
| #include <gcrypt.h> |  | ||||||
| 
 |  | ||||||
| #include "common.h" |  | ||||||
| #include "crypto.h" |  | ||||||
| 
 |  | ||||||
| 
 |  | ||||||
| int fips186_2_prf(const u8 *seed, size_t seed_len, u8 *x, size_t xlen) |  | ||||||
| { |  | ||||||
| 	/* FIX: how to do this with libgcrypt? */ |  | ||||||
| 	return -1; |  | ||||||
| } |  | ||||||
|  | @ -1,19 +0,0 @@ | ||||||
| /*
 |  | ||||||
|  * FIPS 186-2 PRF for NSS |  | ||||||
|  * Copyright (c) 2009, Jouni Malinen <j@w1.fi> |  | ||||||
|  * |  | ||||||
|  * This software may be distributed under the terms of the BSD license. |  | ||||||
|  * See README for more details. |  | ||||||
|  */ |  | ||||||
| 
 |  | ||||||
| #include "includes.h" |  | ||||||
| #include <openssl/sha.h> |  | ||||||
| 
 |  | ||||||
| #include "common.h" |  | ||||||
| #include "crypto.h" |  | ||||||
| 
 |  | ||||||
| 
 |  | ||||||
| int fips186_2_prf(const u8 *seed, size_t seed_len, u8 *x, size_t xlen) |  | ||||||
| { |  | ||||||
| 	return -1; |  | ||||||
| } |  | ||||||
|  | @ -19,6 +19,7 @@ typedef struct SHA1Context SHA1_CTX; | ||||||
| void SHA1Transform(u32 state[5], const unsigned char buffer[64]); | void SHA1Transform(u32 state[5], const unsigned char buffer[64]); | ||||||
| 
 | 
 | ||||||
| 
 | 
 | ||||||
|  | #ifdef CONFIG_CRYPTO_INTERNAL | ||||||
| /**
 | /**
 | ||||||
|  * sha1_vector - SHA-1 hash for data vector |  * sha1_vector - SHA-1 hash for data vector | ||||||
|  * @num_elem: Number of elements in the data vector |  * @num_elem: Number of elements in the data vector | ||||||
|  | @ -38,6 +39,7 @@ int sha1_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac) | ||||||
| 	SHA1Final(mac, &ctx); | 	SHA1Final(mac, &ctx); | ||||||
| 	return 0; | 	return 0; | ||||||
| } | } | ||||||
|  | #endif /* CONFIG_CRYPTO_INTERNAL */ | ||||||
| 
 | 
 | ||||||
| 
 | 
 | ||||||
| /* ===== start - public domain SHA1 implementation ===== */ | /* ===== start - public domain SHA1 implementation ===== */ | ||||||
|  |  | ||||||
|  | @ -962,7 +962,8 @@ endif | ||||||
| OBJS += src/crypto/crypto_gnutls.c | OBJS += src/crypto/crypto_gnutls.c | ||||||
| OBJS_p += src/crypto/crypto_gnutls.c | OBJS_p += src/crypto/crypto_gnutls.c | ||||||
| ifdef NEED_FIPS186_2_PRF | ifdef NEED_FIPS186_2_PRF | ||||||
| OBJS += src/crypto/fips_prf_gnutls.c | OBJS += src/crypto/fips_prf_internal.c | ||||||
|  | OBJS += src/crypto/sha1-internal.c | ||||||
| endif | endif | ||||||
| LIBS += -lgcrypt | LIBS += -lgcrypt | ||||||
| LIBS_p += -lgcrypt | LIBS_p += -lgcrypt | ||||||
|  | @ -978,7 +979,8 @@ endif | ||||||
| OBJS += src/crypto/crypto_cryptoapi.c | OBJS += src/crypto/crypto_cryptoapi.c | ||||||
| OBJS_p += src/crypto/crypto_cryptoapi.c | OBJS_p += src/crypto/crypto_cryptoapi.c | ||||||
| ifdef NEED_FIPS186_2_PRF | ifdef NEED_FIPS186_2_PRF | ||||||
| OBJS += src/crypto/fips_prf_cryptoapi.c | OBJS += src/crypto/fips_prf_internal.c | ||||||
|  | OBJS += src/crypto/sha1-internal.c | ||||||
| endif | endif | ||||||
| CONFIG_INTERNAL_SHA256=y | CONFIG_INTERNAL_SHA256=y | ||||||
| CONFIG_INTERNAL_RC4=y | CONFIG_INTERNAL_RC4=y | ||||||
|  | @ -993,7 +995,8 @@ endif | ||||||
| OBJS += src/crypto/crypto_nss.c | OBJS += src/crypto/crypto_nss.c | ||||||
| OBJS_p += src/crypto/crypto_nss.c | OBJS_p += src/crypto/crypto_nss.c | ||||||
| ifdef NEED_FIPS186_2_PRF | ifdef NEED_FIPS186_2_PRF | ||||||
| OBJS += src/crypto/fips_prf_nss.c | OBJS += src/crypto/fips_prf_internal.c | ||||||
|  | OBJS += src/crypto/sha1-internal.c | ||||||
| endif | endif | ||||||
| LIBS += -lnss3 | LIBS += -lnss3 | ||||||
| LIBS_p += -lnss3 | LIBS_p += -lnss3 | ||||||
|  |  | ||||||
|  | @ -967,7 +967,8 @@ endif | ||||||
| OBJS += ../src/crypto/crypto_gnutls.o | OBJS += ../src/crypto/crypto_gnutls.o | ||||||
| OBJS_p += ../src/crypto/crypto_gnutls.o | OBJS_p += ../src/crypto/crypto_gnutls.o | ||||||
| ifdef NEED_FIPS186_2_PRF | ifdef NEED_FIPS186_2_PRF | ||||||
| OBJS += ../src/crypto/fips_prf_gnutls.o | OBJS += ../src/crypto/fips_prf_internal.o | ||||||
|  | SHA1OBJS += ../src/crypto/sha1-internal.o | ||||||
| endif | endif | ||||||
| LIBS += -lgcrypt | LIBS += -lgcrypt | ||||||
| LIBS_p += -lgcrypt | LIBS_p += -lgcrypt | ||||||
|  | @ -983,7 +984,8 @@ endif | ||||||
| OBJS += ../src/crypto/crypto_cryptoapi.o | OBJS += ../src/crypto/crypto_cryptoapi.o | ||||||
| OBJS_p += ../src/crypto/crypto_cryptoapi.o | OBJS_p += ../src/crypto/crypto_cryptoapi.o | ||||||
| ifdef NEED_FIPS186_2_PRF | ifdef NEED_FIPS186_2_PRF | ||||||
| OBJS += ../src/crypto/fips_prf_cryptoapi.o | OBJS += ../src/crypto/fips_prf_internal.o | ||||||
|  | SHA1OBJS += ../src/crypto/sha1-internal.o | ||||||
| endif | endif | ||||||
| CONFIG_INTERNAL_SHA256=y | CONFIG_INTERNAL_SHA256=y | ||||||
| CONFIG_INTERNAL_RC4=y | CONFIG_INTERNAL_RC4=y | ||||||
|  | @ -998,7 +1000,8 @@ endif | ||||||
| OBJS += ../src/crypto/crypto_nss.o | OBJS += ../src/crypto/crypto_nss.o | ||||||
| OBJS_p += ../src/crypto/crypto_nss.o | OBJS_p += ../src/crypto/crypto_nss.o | ||||||
| ifdef NEED_FIPS186_2_PRF | ifdef NEED_FIPS186_2_PRF | ||||||
| OBJS += ../src/crypto/fips_prf_nss.o | OBJS += ../src/crypto/fips_prf_internal.o | ||||||
|  | SHA1OBJS += ../src/crypto/sha1-internal.o | ||||||
| endif | endif | ||||||
| LIBS += -lnss3 | LIBS += -lnss3 | ||||||
| LIBS_p += -lnss3 | LIBS_p += -lnss3 | ||||||
|  |  | ||||||
		Loading…
	
		Reference in a new issue
	
	 Jouni Malinen
						Jouni Malinen