| From c8dba4bd750269bcc80fed3d546e2077cb4cdf0e Mon Sep 17 00:00:00 2001 |
| From: Glenn Strauss <gstrauss@gluelogic.com> |
| Date: Tue, 19 Jul 2022 20:02:21 -0400 |
| Subject: [PATCH 2/7] mbedtls: fips186_2_prf() |
| |
| Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com> |
| --- |
| hostapd/Makefile | 4 --- |
| src/crypto/crypto_mbedtls.c | 60 +++++++++++++++++++++++++++++++++++++ |
| wpa_supplicant/Makefile | 4 --- |
| 3 files changed, 60 insertions(+), 8 deletions(-) |
| |
| --- a/hostapd/Makefile |
| +++ b/hostapd/Makefile |
| @@ -759,10 +759,6 @@ endif |
| OBJS += ../src/crypto/crypto_$(CONFIG_CRYPTO).o |
| HOBJS += ../src/crypto/crypto_$(CONFIG_CRYPTO).o |
| SOBJS += ../src/crypto/crypto_$(CONFIG_CRYPTO).o |
| -ifdef NEED_FIPS186_2_PRF |
| -OBJS += ../src/crypto/fips_prf_internal.o |
| -SHA1OBJS += ../src/crypto/sha1-internal.o |
| -endif |
| ifeq ($(CONFIG_CRYPTO), mbedtls) |
| ifdef CONFIG_DPP |
| LIBS += -lmbedx509 |
| --- a/src/crypto/crypto_mbedtls.c |
| +++ b/src/crypto/crypto_mbedtls.c |
| @@ -132,6 +132,12 @@ |
| #define CRYPTO_MBEDTLS_HMAC_KDF_SHA512 |
| #endif |
| |
| +#if defined(EAP_SIM) || defined(EAP_SIM_DYNAMIC) || defined(EAP_SERVER_SIM) \ |
| + || defined(EAP_AKA) || defined(EAP_AKA_DYNAMIC) || defined(EAP_SERVER_AKA) |
| +/* EAP_SIM=y EAP_AKA=y */ |
| +#define CRYPTO_MBEDTLS_FIPS186_2_PRF |
| +#endif |
| + |
| #if defined(EAP_FAST) || defined(EAP_FAST_DYNAMIC) || defined(EAP_SERVER_FAST) \ |
| || defined(EAP_TEAP) || defined(EAP_TEAP_DYNAMIC) || defined(EAP_SERVER_FAST) |
| #define CRYPTO_MBEDTLS_SHA1_T_PRF |
| @@ -813,6 +819,60 @@ int sha1_t_prf(const u8 *key, size_t key |
| |
| #endif /* CRYPTO_MBEDTLS_SHA1_T_PRF */ |
| |
| +#ifdef CRYPTO_MBEDTLS_FIPS186_2_PRF |
| + |
| +/* fips_prf_internal.c sha1-internal.c */ |
| + |
| +/* used only by src/eap_common/eap_sim_common.c:eap_sim_prf() |
| + * for eap_sim_derive_keys() and eap_sim_derive_keys_reauth() |
| + * where xlen is 160 */ |
| + |
| +int fips186_2_prf(const u8 *seed, size_t seed_len, u8 *x, size_t xlen) |
| +{ |
| + /* FIPS 186-2 + change notice 1 */ |
| + |
| + mbedtls_sha1_context ctx; |
| + u8 * const xkey = ctx.MBEDTLS_PRIVATE(buffer); |
| + u32 * const xstate = ctx.MBEDTLS_PRIVATE(state); |
| + const u32 xstate_init[] = |
| + { 0x67452301, 0xEFCDAB89, 0x98BADCFE, 0x10325476, 0xC3D2E1F0 }; |
| + |
| + mbedtls_sha1_init(&ctx); |
| + os_memcpy(xkey, seed, seed_len < 64 ? seed_len : 64); |
| + |
| + /* note: does not fill extra bytes if (xlen % 20) (SHA1_MAC_LEN) */ |
| + for (; xlen >= 20; xlen -= 20) { |
| + /* XSEED_j = 0 */ |
| + /* XVAL = (XKEY + XSEED_j) mod 2^b */ |
| + |
| + /* w_i = G(t, XVAL) */ |
| + os_memcpy(xstate, xstate_init, sizeof(xstate_init)); |
| + mbedtls_internal_sha1_process(&ctx, xkey); |
| + |
| + #if __BYTE_ORDER == __LITTLE_ENDIAN |
| + xstate[0] = host_to_be32(xstate[0]); |
| + xstate[1] = host_to_be32(xstate[1]); |
| + xstate[2] = host_to_be32(xstate[2]); |
| + xstate[3] = host_to_be32(xstate[3]); |
| + xstate[4] = host_to_be32(xstate[4]); |
| + #endif |
| + os_memcpy(x, xstate, 20); |
| + if (xlen == 20) /*(done; skip prep for next loop)*/ |
| + break; |
| + |
| + /* XKEY = (1 + XKEY + w_i) mod 2^b */ |
| + for (u32 carry = 1, k = 20; k-- > 0; carry >>= 8) |
| + xkey[k] = (carry += xkey[k] + x[k]) & 0xff; |
| + x += 20; |
| + /* x_j = w_0|w_1 (each pair of iterations through loop)*/ |
| + } |
| + |
| + mbedtls_sha1_free(&ctx); |
| + return 0; |
| +} |
| + |
| +#endif /* CRYPTO_MBEDTLS_FIPS186_2_PRF */ |
| + |
| #endif /* MBEDTLS_SHA1_C */ |
| |
| |
| --- a/wpa_supplicant/Makefile |
| +++ b/wpa_supplicant/Makefile |
| @@ -1174,10 +1174,6 @@ endif |
| OBJS += ../src/crypto/crypto_$(CONFIG_CRYPTO).o |
| OBJS_p += ../src/crypto/crypto_$(CONFIG_CRYPTO).o |
| OBJS_priv += ../src/crypto/crypto_$(CONFIG_CRYPTO).o |
| -ifdef NEED_FIPS186_2_PRF |
| -OBJS += ../src/crypto/fips_prf_internal.o |
| -SHA1OBJS += ../src/crypto/sha1-internal.o |
| -endif |
| ifeq ($(CONFIG_CRYPTO), mbedtls) |
| LIBS += -lmbedcrypto |
| LIBS_p += -lmbedcrypto |