FIPS: Use OpenSSL CMAC implementation instead of aes-omac1.c

Signed-hostap: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2012-08-16 22:19:53 +03:00
parent 982bafedaf
commit 0b5e98557e
3 changed files with 48 additions and 0 deletions

View file

@ -16,6 +16,9 @@
#include <openssl/dh.h> #include <openssl/dh.h>
#include <openssl/hmac.h> #include <openssl/hmac.h>
#include <openssl/rand.h> #include <openssl/rand.h>
#ifdef CONFIG_OPENSSL_CMAC
#include <openssl/cmac.h>
#endif /* CONFIG_OPENSSL_CMAC */
#include "common.h" #include "common.h"
#include "wpabuf.h" #include "wpabuf.h"
@ -747,3 +750,38 @@ int crypto_get_random(void *buf, size_t len)
return -1; return -1;
return 0; return 0;
} }
#ifdef CONFIG_OPENSSL_CMAC
int omac1_aes_128_vector(const u8 *key, size_t num_elem,
const u8 *addr[], const size_t *len, u8 *mac)
{
CMAC_CTX *ctx;
int ret = -1;
size_t outlen, i;
ctx = CMAC_CTX_new();
if (ctx == NULL)
return -1;
if (!CMAC_Init(ctx, key, 16, EVP_aes_128_cbc(), NULL))
goto fail;
for (i = 0; i < num_elem; i++) {
if (!CMAC_Update(ctx, addr[i], len[i]))
goto fail;
}
if (!CMAC_Final(ctx, mac, &outlen) || outlen != 16)
goto fail;
ret = 0;
fail:
CMAC_CTX_free(ctx);
return ret;
}
int omac1_aes_128(const u8 *key, const u8 *data, size_t data_len, u8 *mac)
{
return omac1_aes_128_vector(key, 1, &data, &data_len, mac);
}
#endif /* CONFIG_OPENSSL_CMAC */

View file

@ -70,6 +70,7 @@ endif
ifdef CONFIG_FIPS ifdef CONFIG_FIPS
CONFIG_NO_RANDOM_POOL= CONFIG_NO_RANDOM_POOL=
CONFIG_OPENSSL_CMAC=y
endif endif
OBJS = config.c OBJS = config.c
@ -1037,8 +1038,12 @@ AESOBJS += src/crypto/aes-encblock.c
endif endif
ifdef NEED_AES_OMAC1 ifdef NEED_AES_OMAC1
NEED_AES_ENC=y NEED_AES_ENC=y
ifdef CONFIG_OPENSSL_CMAC
CFLAGS += -DCONFIG_OPENSSL_CMAC
else
AESOBJS += src/crypto/aes-omac1.c AESOBJS += src/crypto/aes-omac1.c
endif endif
endif
ifdef NEED_AES_WRAP ifdef NEED_AES_WRAP
NEED_AES_ENC=y NEED_AES_ENC=y
AESOBJS += src/crypto/aes-wrap.c AESOBJS += src/crypto/aes-wrap.c

View file

@ -57,6 +57,7 @@ install: $(addprefix $(DESTDIR)$(BINDIR)/,$(BINALL))
ifdef CONFIG_FIPS ifdef CONFIG_FIPS
CONFIG_NO_RANDOM_POOL= CONFIG_NO_RANDOM_POOL=
CONFIG_OPENSSL_CMAC=y
endif endif
OBJS = config.o OBJS = config.o
@ -1065,8 +1066,12 @@ AESOBJS += ../src/crypto/aes-encblock.o
endif endif
ifdef NEED_AES_OMAC1 ifdef NEED_AES_OMAC1
NEED_AES_ENC=y NEED_AES_ENC=y
ifdef CONFIG_OPENSSL_CMAC
CFLAGS += -DCONFIG_OPENSSL_CMAC
else
AESOBJS += ../src/crypto/aes-omac1.o AESOBJS += ../src/crypto/aes-omac1.o
endif endif
endif
ifdef NEED_AES_WRAP ifdef NEED_AES_WRAP
NEED_AES_ENC=y NEED_AES_ENC=y
AESOBJS += ../src/crypto/aes-wrap.o AESOBJS += ../src/crypto/aes-wrap.o