diff --git a/hostapd/Makefile b/hostapd/Makefile index 04f9b87a8..6d5564cca 100644 --- a/hostapd/Makefile +++ b/hostapd/Makefile @@ -38,6 +38,8 @@ CFLAGS += -DCONFIG_NATIVE_WINDOWS LIBS += -lws2_32 endif +SHA1OBJS = ../src/crypto/sha1.o + OBJS = hostapd.o main.o ieee802_1x.o eapol_sm.o \ config.o ieee802_11_auth.o \ sta_info.o wpa.o \ @@ -88,7 +90,6 @@ endif OBJS += ../src/crypto/md5.o OBJS += ../src/crypto/rc4.o -OBJS += ../src/crypto/sha1.o AESOBJS = ../src/crypto/aes_wrap.o @@ -541,9 +542,9 @@ ifdef CONFIG_INTERNAL_AES AESOBJS += ../src/crypto/aes-internal.o endif ifdef CONFIG_INTERNAL_SHA1 -OBJS += ../src/crypto/sha1-internal.o +SHA1OBJS += ../src/crypto/sha1-internal.o ifdef NEED_FIPS186_2_PRF -OBJS += ../src/crypto/fips_prf_internal.o +SHA1OBJS += ../src/crypto/fips_prf_internal.o endif endif ifdef CONFIG_INTERNAL_MD5 @@ -567,8 +568,8 @@ ifdef NEED_DH_GROUPS OBJS += ../src/crypto/dh_groups.o endif -ifndef NEED_T_PRF -CFLAGS += -DCONFIG_NO_T_PRF +ifdef NEED_T_PRF +SHA1OBJS += ../src/crypto/sha1-tprf.o endif ifndef NEED_TLS_PRF @@ -616,6 +617,8 @@ CFLAGS += -DCONFIG_NO_AES_DECRYPT CFLAGS += -DCONFIG_NO_AES_ENCRYPT_BLOCK endif +OBJS += $(SHA1OBJS) + ALL=hostapd hostapd_cli all: verify_config $(ALL) @@ -650,10 +653,7 @@ OBJS_c = hostapd_cli.o ../src/common/wpa_ctrl.o ../src/utils/os_$(CONFIG_OS).o hostapd_cli: $(OBJS_c) $(CC) -o hostapd_cli $(OBJS_c) -NOBJS = nt_password_hash.o ../src/crypto/ms_funcs.o ../src/crypto/sha1.o ../src/crypto/rc4.o ../src/crypto/md5.o -ifdef CONFIG_INTERNAL_SHA1 -NOBJS += ../src/crypto/sha1-internal.o -endif +NOBJS = nt_password_hash.o ../src/crypto/ms_funcs.o $(SHA1OBJS) ../src/crypto/rc4.o ../src/crypto/md5.o ifdef CONFIG_INTERNAL_MD5 NOBJS += ../src/crypto/md5-internal.o endif diff --git a/src/crypto/sha1-tprf.c b/src/crypto/sha1-tprf.c new file mode 100644 index 000000000..cb05440a3 --- /dev/null +++ b/src/crypto/sha1-tprf.c @@ -0,0 +1,72 @@ +/* + * SHA1 T-PRF for EAP-FAST + * Copyright (c) 2003-2005, Jouni Malinen + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + */ + +#include "includes.h" + +#include "common.h" +#include "sha1.h" +#include "crypto.h" + +/** + * sha1_t_prf - EAP-FAST Pseudo-Random Function (T-PRF) + * @key: Key for PRF + * @key_len: Length of the key in bytes + * @label: A unique label for each purpose of the PRF + * @seed: Seed value to bind into the key + * @seed_len: Length of the seed + * @buf: Buffer for the generated pseudo-random key + * @buf_len: Number of bytes of key to generate + * + * This function is used to derive new, cryptographically separate keys from a + * given key for EAP-FAST. T-PRF is defined in RFC 4851, Section 5.5. + */ +void sha1_t_prf(const u8 *key, size_t key_len, const char *label, + const u8 *seed, size_t seed_len, u8 *buf, size_t buf_len) +{ + unsigned char counter = 0; + size_t pos, plen; + u8 hash[SHA1_MAC_LEN]; + size_t label_len = os_strlen(label); + u8 output_len[2]; + const unsigned char *addr[5]; + size_t len[5]; + + addr[0] = hash; + len[0] = 0; + addr[1] = (unsigned char *) label; + len[1] = label_len + 1; + addr[2] = seed; + len[2] = seed_len; + addr[3] = output_len; + len[3] = 2; + addr[4] = &counter; + len[4] = 1; + + output_len[0] = (buf_len >> 8) & 0xff; + output_len[1] = buf_len & 0xff; + pos = 0; + while (pos < buf_len) { + counter++; + plen = buf_len - pos; + hmac_sha1_vector(key, key_len, 5, addr, len, hash); + if (plen >= SHA1_MAC_LEN) { + os_memcpy(&buf[pos], hash, SHA1_MAC_LEN); + pos += SHA1_MAC_LEN; + } else { + os_memcpy(&buf[pos], hash, plen); + break; + } + len[0] = SHA1_MAC_LEN; + } +} diff --git a/src/crypto/sha1.c b/src/crypto/sha1.c index e05210fc3..27caf15ba 100644 --- a/src/crypto/sha1.c +++ b/src/crypto/sha1.c @@ -155,62 +155,6 @@ void sha1_prf(const u8 *key, size_t key_len, const char *label, } -#ifndef CONFIG_NO_T_PRF -/** - * sha1_t_prf - EAP-FAST Pseudo-Random Function (T-PRF) - * @key: Key for PRF - * @key_len: Length of the key in bytes - * @label: A unique label for each purpose of the PRF - * @seed: Seed value to bind into the key - * @seed_len: Length of the seed - * @buf: Buffer for the generated pseudo-random key - * @buf_len: Number of bytes of key to generate - * - * This function is used to derive new, cryptographically separate keys from a - * given key for EAP-FAST. T-PRF is defined in RFC 4851, Section 5.5. - */ -void sha1_t_prf(const u8 *key, size_t key_len, const char *label, - const u8 *seed, size_t seed_len, u8 *buf, size_t buf_len) -{ - unsigned char counter = 0; - size_t pos, plen; - u8 hash[SHA1_MAC_LEN]; - size_t label_len = os_strlen(label); - u8 output_len[2]; - const unsigned char *addr[5]; - size_t len[5]; - - addr[0] = hash; - len[0] = 0; - addr[1] = (unsigned char *) label; - len[1] = label_len + 1; - addr[2] = seed; - len[2] = seed_len; - addr[3] = output_len; - len[3] = 2; - addr[4] = &counter; - len[4] = 1; - - output_len[0] = (buf_len >> 8) & 0xff; - output_len[1] = buf_len & 0xff; - pos = 0; - while (pos < buf_len) { - counter++; - plen = buf_len - pos; - hmac_sha1_vector(key, key_len, 5, addr, len, hash); - if (plen >= SHA1_MAC_LEN) { - os_memcpy(&buf[pos], hash, SHA1_MAC_LEN); - pos += SHA1_MAC_LEN; - } else { - os_memcpy(&buf[pos], hash, plen); - break; - } - len[0] = SHA1_MAC_LEN; - } -} -#endif /* CONFIG_NO_T_PRF */ - - #ifndef CONFIG_NO_TLS_PRF /** * tls_prf - Pseudo-Random Function for TLS (TLS-PRF, RFC 2246) diff --git a/wpa_supplicant/Makefile b/wpa_supplicant/Makefile index 54a019030..4c2266fc2 100644 --- a/wpa_supplicant/Makefile +++ b/wpa_supplicant/Makefile @@ -1086,8 +1086,8 @@ ifdef NEED_DH_GROUPS OBJS += ../src/crypto/dh_groups.o endif -ifndef NEED_T_PRF -CFLAGS += -DCONFIG_NO_T_PRF +ifdef NEED_T_PRF +SHA1OBJS += ../src/crypto/sha1-tprf.o endif ifndef NEED_TLS_PRF