jeltz
/
hostap
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
17,172 Commits 3 Branches 0 Tags 25 MiB
Commit Graph

22 Commits

Author SHA1 Message Date
Jouni Malinen eb595b3e3a wolfssl: Fix crypto_bignum_rand() implementation 
The previous implementation used mp_rand_prime() to generate a random
value in range 0..m. That is insanely slow way of generating a random
value since mp_rand_prime() is for generating a random _prime_ which is
not what is needed here. Replace that implementation with generationg of
a random value in the requested range without doing any kind of prime
number checks or loops to reject values that are not primes.

This speeds up SAE and EAP-pwd routines by couple of orders of
magnitude..

Signed-off-by: Jouni Malinen <j@w1.fi>
 2020-05-16 21:02:17 +03:00
Ilan Peer 94773d40fa crypto: Add a function to get the ECDH prime length 
crypto_ecdh_prime_len() can now be used to fetch the length (in octets)
of the prime used in ECDH.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
 2020-02-29 23:26:26 +02:00
Jouni Malinen de580bf6c4 crypto: Remove unused crypto_bignum_sqrtmod() 
This wrapper function is not used anymore, so drop it instead of trying
to figure out good way of implementing it in constant time with various
crypto libraries.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
 2019-10-25 19:29:53 +03:00
Jouni Malinen 1766e608ba wolfSSL: Fix crypto_bignum_sub() 
The initial crypto wrapper implementation for wolfSSL seems to have
included a copy-paste error in crypto_bignum_sub() implementation that
was identical to crypto_bignum_add() while mp_sub() should have been
used instead of mp_add().

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
 2019-10-14 19:38:41 +03:00
Jouni Malinen 2a1c84f4e5 crypto: Add more bignum/EC helper functions 
These are needed for implementing SAE hash-to-element.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
 2019-10-14 19:38:41 +03:00
Jouni Malinen e0e15fc236 Remove unused crypto_bignum_bits() 
This wrapper function is not needed anymore.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
 2019-04-26 17:43:45 +03:00
Jouni Malinen cb5db189ed Remove the unused crypto_ec_cofactor() function 
All users of this wrapper function were removed, so the wrapper can be
removed as well.

Signed-off-by: Jouni Malinen <j@w1.fi>
 2019-04-13 18:28:05 +03:00
Jouni Malinen 6fe3ee722d tests: EAP-pwd local failure in crypto_bignum_rand() 
Signed-off-by: Jouni Malinen <j@w1.fi>
 2019-04-13 18:28:05 +03:00
Jouni Malinen 52b1cb5d73 tests: crypto_hash_finish() failure in eap_pwd_kdf() 
Signed-off-by: Jouni Malinen <j@w1.fi>
 2019-04-13 12:53:42 +03:00
Jouni Malinen b11fa98bcb Add explicit checks for peer's DH public key 
Pass the group order (if known/specified) to crypto_dh_derive_secret()
(and also to OpenSSL DH_generate_key() in case of Group 5) and verify
that the public key received from the peer meets 1 < pubkey < p and
pubkey^q == 1 mod p conditions.

While all these use cases were using only ephemeral DH keys, it is
better to use more explicit checks while deriving the shared secret to
avoid unexpected behavior.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
 2019-03-05 17:05:03 +02:00
Jouni Malinen 9973129646 wolfSSL: Fix crypto_bignum_rshift() wrapper 
The n argument to this function is number of bits, not bytes, to shift.
As such, need to use mp_rshb() instead of mp_rshd(). This fixes EAP-pwd
with P-521 curve.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
 2018-05-17 22:02:02 +03:00
Sean Parkinson 4b2e03c42a wolfSSL: DH initialization to call TEST_FAIL() for error tests 
Signed-off-by: Sean Parkinson <sean@wolfssl.com>
 2018-05-17 20:08:22 +03:00
Sean Parkinson 2b01270c8a wolfSSL: Fix ECDH set peer to use the index when importing point 
Signed-off-by: Sean Parkinson <sean@wolfssl.com>
 2018-05-17 20:08:15 +03:00
Sean Parkinson 7be462084e wolfSSL: Use defines from wolfssl/options.h 
Depend on proper wolfSSL configuration instead of trying to define these
build configuration values externally.

Signed-off-by: Sean Parkinson <sean@wolfssl.com>
 2018-05-02 13:32:51 +03:00
Sean Parkinson 385dd7189a wolfSSL: Use wolfSSL memory allocation in dh5_init() 
Signed-off-by: Sean Parkinson <sean@wolfssl.com>
 2018-05-02 13:32:51 +03:00
Sean Parkinson fc5e88e3ea wolfSSL: Changes for memory allocation failure testing 
Signed-off-by: Sean Parkinson <sean@wolfssl.com>
 2018-05-02 13:32:51 +03:00
Sean Parkinson 06657d3166 wolfSSL: Fix crypto_hash_init() memory clearing 
Explicitly clear the allocated memory to avoid uninitialized data in
struct crypto_hash.

Signed-off-by: Sean Parkinson <sean@wolfssl.com>
 2018-05-02 13:32:51 +03:00
Sean Parkinson d396057109 wolfSSL: Fix crypto_ec_point_y_sqr() 
Use the correct intermediate result from mp_sqrmod() in the following
mp_mulmod() call (t is not initialized here; it is used only after this
step).

Signed-off-by: Sean Parkinson <sean@wolfssl.com>
 2018-05-02 13:32:51 +03:00
Sean Parkinson e3501ac18f wolfSSL: Fix crypto_ec_point_solve_y_coord() 
Provide full uncompressed DER data length to wc_ecc_import_point_der()
even though a compressed form is used here. In addition, use
ECC_POINT_COMP_* defined values to make this more readable.

Signed-off-by: Sean Parkinson <sean@wolfssl.com>
 2018-05-02 13:32:51 +03:00
Sean Parkinson 187ad3a303 wolfSSL: Add crypto_ecdh_*() 
Implement the wrapper functions for ECDH operations.

Signed-off-by: Sean Parkinson <sean@wolfssl.com>
 2018-05-02 13:32:49 +03:00
Sean Parkinson 3d2f638d61 wolfSSL: Use new digest namespace 
Signed-off-by: Sean Parkinson <sean@wolfssl.com>
 2018-05-02 12:04:46 +03:00
Sean Parkinson fec03f9838 Add support for wolfSSL cryptographic library 
Allow hostapd/wpa_supplicant to be compiled with the wolfSSL
cryptography and TLS library.

Signed-off-by: Sean Parkinson <sean@wolfssl.com>
 2018-03-03 11:52:40 +02:00