Crypto build cleanup: remove CONFIG_NO_T_PRF
Instead of using a define and conditional building of sha1.c parts, move the T-PRF implementation into a separate file.
This commit is contained in:
parent
05edfe2994
commit
6f693b5d0b
4 changed files with 83 additions and 67 deletions
|
@ -38,6 +38,8 @@ CFLAGS += -DCONFIG_NATIVE_WINDOWS
|
|||
LIBS += -lws2_32
|
||||
endif
|
||||
|
||||
SHA1OBJS = ../src/crypto/sha1.o
|
||||
|
||||
OBJS = hostapd.o main.o ieee802_1x.o eapol_sm.o \
|
||||
config.o ieee802_11_auth.o \
|
||||
sta_info.o wpa.o \
|
||||
|
@ -88,7 +90,6 @@ endif
|
|||
|
||||
OBJS += ../src/crypto/md5.o
|
||||
OBJS += ../src/crypto/rc4.o
|
||||
OBJS += ../src/crypto/sha1.o
|
||||
|
||||
AESOBJS = ../src/crypto/aes_wrap.o
|
||||
|
||||
|
@ -541,9 +542,9 @@ ifdef CONFIG_INTERNAL_AES
|
|||
AESOBJS += ../src/crypto/aes-internal.o
|
||||
endif
|
||||
ifdef CONFIG_INTERNAL_SHA1
|
||||
OBJS += ../src/crypto/sha1-internal.o
|
||||
SHA1OBJS += ../src/crypto/sha1-internal.o
|
||||
ifdef NEED_FIPS186_2_PRF
|
||||
OBJS += ../src/crypto/fips_prf_internal.o
|
||||
SHA1OBJS += ../src/crypto/fips_prf_internal.o
|
||||
endif
|
||||
endif
|
||||
ifdef CONFIG_INTERNAL_MD5
|
||||
|
@ -567,8 +568,8 @@ ifdef NEED_DH_GROUPS
|
|||
OBJS += ../src/crypto/dh_groups.o
|
||||
endif
|
||||
|
||||
ifndef NEED_T_PRF
|
||||
CFLAGS += -DCONFIG_NO_T_PRF
|
||||
ifdef NEED_T_PRF
|
||||
SHA1OBJS += ../src/crypto/sha1-tprf.o
|
||||
endif
|
||||
|
||||
ifndef NEED_TLS_PRF
|
||||
|
@ -616,6 +617,8 @@ CFLAGS += -DCONFIG_NO_AES_DECRYPT
|
|||
CFLAGS += -DCONFIG_NO_AES_ENCRYPT_BLOCK
|
||||
endif
|
||||
|
||||
OBJS += $(SHA1OBJS)
|
||||
|
||||
ALL=hostapd hostapd_cli
|
||||
|
||||
all: verify_config $(ALL)
|
||||
|
@ -650,10 +653,7 @@ OBJS_c = hostapd_cli.o ../src/common/wpa_ctrl.o ../src/utils/os_$(CONFIG_OS).o
|
|||
hostapd_cli: $(OBJS_c)
|
||||
$(CC) -o hostapd_cli $(OBJS_c)
|
||||
|
||||
NOBJS = nt_password_hash.o ../src/crypto/ms_funcs.o ../src/crypto/sha1.o ../src/crypto/rc4.o ../src/crypto/md5.o
|
||||
ifdef CONFIG_INTERNAL_SHA1
|
||||
NOBJS += ../src/crypto/sha1-internal.o
|
||||
endif
|
||||
NOBJS = nt_password_hash.o ../src/crypto/ms_funcs.o $(SHA1OBJS) ../src/crypto/rc4.o ../src/crypto/md5.o
|
||||
ifdef CONFIG_INTERNAL_MD5
|
||||
NOBJS += ../src/crypto/md5-internal.o
|
||||
endif
|
||||
|
|
72
src/crypto/sha1-tprf.c
Normal file
72
src/crypto/sha1-tprf.c
Normal file
|
@ -0,0 +1,72 @@
|
|||
/*
|
||||
* SHA1 T-PRF for EAP-FAST
|
||||
* Copyright (c) 2003-2005, Jouni Malinen <j@w1.fi>
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License version 2 as
|
||||
* published by the Free Software Foundation.
|
||||
*
|
||||
* Alternatively, this software may be distributed under the terms of BSD
|
||||
* license.
|
||||
*
|
||||
* See README and COPYING for more details.
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
|
||||
#include "common.h"
|
||||
#include "sha1.h"
|
||||
#include "crypto.h"
|
||||
|
||||
/**
|
||||
* sha1_t_prf - EAP-FAST Pseudo-Random Function (T-PRF)
|
||||
* @key: Key for PRF
|
||||
* @key_len: Length of the key in bytes
|
||||
* @label: A unique label for each purpose of the PRF
|
||||
* @seed: Seed value to bind into the key
|
||||
* @seed_len: Length of the seed
|
||||
* @buf: Buffer for the generated pseudo-random key
|
||||
* @buf_len: Number of bytes of key to generate
|
||||
*
|
||||
* This function is used to derive new, cryptographically separate keys from a
|
||||
* given key for EAP-FAST. T-PRF is defined in RFC 4851, Section 5.5.
|
||||
*/
|
||||
void sha1_t_prf(const u8 *key, size_t key_len, const char *label,
|
||||
const u8 *seed, size_t seed_len, u8 *buf, size_t buf_len)
|
||||
{
|
||||
unsigned char counter = 0;
|
||||
size_t pos, plen;
|
||||
u8 hash[SHA1_MAC_LEN];
|
||||
size_t label_len = os_strlen(label);
|
||||
u8 output_len[2];
|
||||
const unsigned char *addr[5];
|
||||
size_t len[5];
|
||||
|
||||
addr[0] = hash;
|
||||
len[0] = 0;
|
||||
addr[1] = (unsigned char *) label;
|
||||
len[1] = label_len + 1;
|
||||
addr[2] = seed;
|
||||
len[2] = seed_len;
|
||||
addr[3] = output_len;
|
||||
len[3] = 2;
|
||||
addr[4] = &counter;
|
||||
len[4] = 1;
|
||||
|
||||
output_len[0] = (buf_len >> 8) & 0xff;
|
||||
output_len[1] = buf_len & 0xff;
|
||||
pos = 0;
|
||||
while (pos < buf_len) {
|
||||
counter++;
|
||||
plen = buf_len - pos;
|
||||
hmac_sha1_vector(key, key_len, 5, addr, len, hash);
|
||||
if (plen >= SHA1_MAC_LEN) {
|
||||
os_memcpy(&buf[pos], hash, SHA1_MAC_LEN);
|
||||
pos += SHA1_MAC_LEN;
|
||||
} else {
|
||||
os_memcpy(&buf[pos], hash, plen);
|
||||
break;
|
||||
}
|
||||
len[0] = SHA1_MAC_LEN;
|
||||
}
|
||||
}
|
|
@ -155,62 +155,6 @@ void sha1_prf(const u8 *key, size_t key_len, const char *label,
|
|||
}
|
||||
|
||||
|
||||
#ifndef CONFIG_NO_T_PRF
|
||||
/**
|
||||
* sha1_t_prf - EAP-FAST Pseudo-Random Function (T-PRF)
|
||||
* @key: Key for PRF
|
||||
* @key_len: Length of the key in bytes
|
||||
* @label: A unique label for each purpose of the PRF
|
||||
* @seed: Seed value to bind into the key
|
||||
* @seed_len: Length of the seed
|
||||
* @buf: Buffer for the generated pseudo-random key
|
||||
* @buf_len: Number of bytes of key to generate
|
||||
*
|
||||
* This function is used to derive new, cryptographically separate keys from a
|
||||
* given key for EAP-FAST. T-PRF is defined in RFC 4851, Section 5.5.
|
||||
*/
|
||||
void sha1_t_prf(const u8 *key, size_t key_len, const char *label,
|
||||
const u8 *seed, size_t seed_len, u8 *buf, size_t buf_len)
|
||||
{
|
||||
unsigned char counter = 0;
|
||||
size_t pos, plen;
|
||||
u8 hash[SHA1_MAC_LEN];
|
||||
size_t label_len = os_strlen(label);
|
||||
u8 output_len[2];
|
||||
const unsigned char *addr[5];
|
||||
size_t len[5];
|
||||
|
||||
addr[0] = hash;
|
||||
len[0] = 0;
|
||||
addr[1] = (unsigned char *) label;
|
||||
len[1] = label_len + 1;
|
||||
addr[2] = seed;
|
||||
len[2] = seed_len;
|
||||
addr[3] = output_len;
|
||||
len[3] = 2;
|
||||
addr[4] = &counter;
|
||||
len[4] = 1;
|
||||
|
||||
output_len[0] = (buf_len >> 8) & 0xff;
|
||||
output_len[1] = buf_len & 0xff;
|
||||
pos = 0;
|
||||
while (pos < buf_len) {
|
||||
counter++;
|
||||
plen = buf_len - pos;
|
||||
hmac_sha1_vector(key, key_len, 5, addr, len, hash);
|
||||
if (plen >= SHA1_MAC_LEN) {
|
||||
os_memcpy(&buf[pos], hash, SHA1_MAC_LEN);
|
||||
pos += SHA1_MAC_LEN;
|
||||
} else {
|
||||
os_memcpy(&buf[pos], hash, plen);
|
||||
break;
|
||||
}
|
||||
len[0] = SHA1_MAC_LEN;
|
||||
}
|
||||
}
|
||||
#endif /* CONFIG_NO_T_PRF */
|
||||
|
||||
|
||||
#ifndef CONFIG_NO_TLS_PRF
|
||||
/**
|
||||
* tls_prf - Pseudo-Random Function for TLS (TLS-PRF, RFC 2246)
|
||||
|
|
|
@ -1086,8 +1086,8 @@ ifdef NEED_DH_GROUPS
|
|||
OBJS += ../src/crypto/dh_groups.o
|
||||
endif
|
||||
|
||||
ifndef NEED_T_PRF
|
||||
CFLAGS += -DCONFIG_NO_T_PRF
|
||||
ifdef NEED_T_PRF
|
||||
SHA1OBJS += ../src/crypto/sha1-tprf.o
|
||||
endif
|
||||
|
||||
ifndef NEED_TLS_PRF
|
||||
|
|
Loading…
Reference in a new issue