Jouni, Also note that the OCSP is not supported yet. Thanks, Sean — Sean Parkinson sean@xxxxxxxxxxx wolfSSL Inc > On 29 Mar 2018, at 2:55 pm, Sean Parkinson <sean@xxxxxxxxxxx> wrote: > > Jouni, > > (Excuse the previous email. This one in plaintext.) > > I’ve looked into the failures and made changes as needed. > There were changes to wolfSSL as well. > > To reproduce the setup I tested: > - download wolfSSL latest from master (https://github.com/wolfssl/wolfssl) > - configure wolfSSL with option -enable-wpas > - build wolfSSL > - in wpa_supplicant change .config > - CONFIG_TLS=wolfssl > - disable CONFIG_DPP > > The proposed new patch is below. > > Thanks, > Sean > — > Sean Parkinson > sean@xxxxxxxxxxx > wolfSSL Inc > > > From 80ba12c7fecdd650d7528211e68e6fd7ededd736 Mon Sep 17 00:00:00 2001 > From: Sean Parkinson <sparki@xxxxxxxxxxx> > Date: Mon, 19 Mar 2018 13:19:08 +1000 > Subject: [PATCH] Fixes for wolfSSL integration. > > Use new digest namespace. > Changes for memory allocation failure testing. > Use same certificates as used for GnuTLS in tests. > Implement tls_connection_get_eap_fast_key using cryptographic primitives > as wolfSSL implements different spec. > Use a valid key exchange value in test. > Fix loading of client certificate to use 'chain' APIs. > > Signed-off-by: Sean Parkinson <sean@xxxxxxxxxxx> > --- > hostapd/Makefile | 2 + > src/crypto/crypto_wolfssl.c | 192 +++++++++++++++++++++++++++++++++--------- > src/crypto/fips_prf_wolfssl.c | 3 +- > src/crypto/tls_wolfssl.c | 109 ++++++++++++++---------- > tests/hwsim/test_ap_eap.py | 10 +-- > tests/hwsim/test_eap_proto.py | 2 +- > wpa_supplicant/Makefile | 1 + > 7 files changed, 228 insertions(+), 91 deletions(-) > > diff --git a/hostapd/Makefile b/hostapd/Makefile > index 98ce115..9f8c6cf 100644 > --- a/hostapd/Makefile > +++ b/hostapd/Makefile > @@ -899,9 +899,11 @@ AESOBJS += ../src/crypto/aes-encblock.o > endif > ifdef NEED_AES_OMAC1 > ifneq ($(CONFIG_TLS), linux) > +ifneq ($(CONFIG_TLS), wolfssl) > AESOBJS += ../src/crypto/aes-omac1.o > endif > endif > +endif > ifdef NEED_AES_UNWRAP > ifneq ($(CONFIG_TLS), openssl) > ifneq ($(CONFIG_TLS), linux) > diff --git a/src/crypto/crypto_wolfssl.c b/src/crypto/crypto_wolfssl.c > index 90163c4..7e68716 100644 > --- a/src/crypto/crypto_wolfssl.c > +++ b/src/crypto/crypto_wolfssl.c > @@ -11,18 +11,8 @@ > #include "common.h" > #include "crypto.h" > > -#define WOLFSSL_AES_DIRECT > -#define HAVE_AESGCM > -#define HAVE_AES_KEYWRAP > -#define WOLFSSL_SHA384 > -#define WOLFSSL_SHA512 > -#define WOLFSSL_CMAC > -#define HAVE_ECC > -#define USE_FAST_MATH > -#define WOLFSSL_KEY_GEN > - > -#include <wolfssl/options.h> > /* wolfSSL headers */ > +#include <wolfssl/options.h> > #include <wolfssl/wolfcrypt/md4.h> > #include <wolfssl/wolfcrypt/md5.h> > #include <wolfssl/wolfcrypt/sha.h> > @@ -62,7 +52,7 @@ int md4_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac) > > int md5_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac) > { > - Md5 md5; > + wc_Md5 md5; > size_t i; > > if (TEST_FAIL()) > @@ -83,7 +73,7 @@ int md5_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac) > > int sha1_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac) > { > - Sha sha; > + wc_Sha sha; > size_t i; > > if (TEST_FAIL()) > @@ -104,7 +94,7 @@ int sha1_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac) > int sha256_vector(size_t num_elem, const u8 *addr[], const size_t *len, > u8 *mac) > { > - Sha256 sha256; > + wc_Sha256 sha256; > size_t i; > > if (TEST_FAIL()) > @@ -126,7 +116,7 @@ int sha256_vector(size_t num_elem, const u8 *addr[], const size_t *len, > int sha384_vector(size_t num_elem, const u8 *addr[], const size_t *len, > u8 *mac) > { > - Sha384 sha384; > + wc_Sha384 sha384; > size_t i; > > if (TEST_FAIL()) > @@ -148,7 +138,7 @@ int sha384_vector(size_t num_elem, const u8 *addr[], const size_t *len, > int sha512_vector(size_t num_elem, const u8 *addr[], const size_t *len, > u8 *mac) > { > - Sha512 sha512; > + wc_Sha512 sha512; > size_t i; > > if (TEST_FAIL()) > @@ -186,6 +176,7 @@ static int wolfssl_hmac_vector(int type, const u8 *key, > return -1; > if (wc_HmacFinal(&hmac, mac) != 0) > return -1; > + > return 0; > } > > @@ -195,7 +186,7 @@ static int wolfssl_hmac_vector(int type, const u8 *key, > int hmac_md5_vector(const u8 *key, size_t key_len, size_t num_elem, > const u8 *addr[], const size_t *len, u8 *mac) > { > - return wolfssl_hmac_vector(MD5, key, key_len, num_elem, addr, len, mac, > + return wolfssl_hmac_vector(WC_MD5, key, key_len, num_elem, addr, len, mac, > 16); > } > > @@ -212,7 +203,7 @@ int hmac_md5(const u8 *key, size_t key_len, const u8 *data, size_t data_len, > int hmac_sha1_vector(const u8 *key, size_t key_len, size_t num_elem, > const u8 *addr[], const size_t *len, u8 *mac) > { > - return wolfssl_hmac_vector(SHA, key, key_len, num_elem, addr, len, mac, > + return wolfssl_hmac_vector(WC_SHA, key, key_len, num_elem, addr, len, mac, > 20); > } > > @@ -229,7 +220,7 @@ int hmac_sha1(const u8 *key, size_t key_len, const u8 *data, size_t data_len, > int hmac_sha256_vector(const u8 *key, size_t key_len, size_t num_elem, > const u8 *addr[], const size_t *len, u8 *mac) > { > - return wolfssl_hmac_vector(SHA256, key, key_len, num_elem, addr, len, > + return wolfssl_hmac_vector(WC_SHA256, key, key_len, num_elem, addr, len, > mac, 32); > } > > @@ -248,7 +239,7 @@ int hmac_sha256(const u8 *key, size_t key_len, const u8 *data, > int hmac_sha384_vector(const u8 *key, size_t key_len, size_t num_elem, > const u8 *addr[], const size_t *len, u8 *mac) > { > - return wolfssl_hmac_vector(SHA384, key, key_len, num_elem, addr, len, > + return wolfssl_hmac_vector(WC_SHA384, key, key_len, num_elem, addr, len, > mac, 48); > } > > @@ -267,7 +258,7 @@ int hmac_sha384(const u8 *key, size_t key_len, const u8 *data, > int hmac_sha512_vector(const u8 *key, size_t key_len, size_t num_elem, > const u8 *addr[], const size_t *len, u8 *mac) > { > - return wolfssl_hmac_vector(SHA512, key, key_len, num_elem, addr, len, > + return wolfssl_hmac_vector(WC_SHA512, key, key_len, num_elem, addr, len, > mac, 64); > } > > @@ -285,7 +276,7 @@ int pbkdf2_sha1(const char *passphrase, const u8 *ssid, size_t ssid_len, > int iterations, u8 *buf, size_t buflen) > { > if (wc_PBKDF2(buf, (const byte*)passphrase, os_strlen(passphrase), ssid, > - ssid_len, iterations, buflen, SHA) != 0) > + ssid_len, iterations, buflen, WC_SHA) != 0) > return -1; > return 0; > } > @@ -423,6 +414,9 @@ int aes_wrap(const u8 *kek, size_t kek_len, int n, const u8 *plain, u8 *cipher) > { > int ret; > > + if (TEST_FAIL()) > + return -1; > + > ret = wc_AesKeyWrap(kek, kek_len, plain, n * 8, cipher, (n + 1) * 8, > NULL); > return ret != (n + 1) * 8 ? -1 : 0; > @@ -434,6 +428,9 @@ int aes_unwrap(const u8 *kek, size_t kek_len, int n, const u8 *cipher, > { > int ret; > > + if (TEST_FAIL()) > + return -1; > + > ret = wc_AesKeyUnWrap(kek, kek_len, cipher, (n + 1) * 8, plain, n * 8, > NULL); > return ret != n * 8 ? -1 : 0; > @@ -654,13 +651,13 @@ void * dh5_init(struct wpabuf **priv, struct wpabuf **publ) > wpabuf_free(*publ); > *publ = NULL; > > - dh = os_malloc(sizeof(DhKey)); > + dh = XMALLOC(sizeof(DhKey), NULL, DYNAMIC_TYPE_TMP_BUFFER); > if (!dh) > return NULL; > wc_InitDhKey(dh); > > if (wc_InitRng(&rng) != 0) { > - os_free(dh); > + XFREE(dh, NULL, DYNAMIC_TYPE_TMP_BUFFER); > return NULL; > } > > @@ -692,7 +689,7 @@ done: > wpabuf_clear_free(privkey); > if (dh) { > wc_FreeDhKey(dh); > - os_free(dh); > + XFREE(dh, NULL, DYNAMIC_TYPE_TMP_BUFFER); > } > wc_FreeRng(&rng); > return ret; > @@ -706,12 +703,12 @@ void * dh5_init_fixed(const struct wpabuf *priv, const struct wpabuf *publ) > byte *secret; > word32 secret_sz; > > - dh = os_malloc(sizeof(DhKey)); > + dh = XMALLOC(sizeof(DhKey), NULL, DYNAMIC_TYPE_TMP_BUFFER); > if (!dh) > return NULL; > wc_InitDhKey(dh); > > - secret = os_malloc(RFC3526_LEN); > + secret = XMALLOC(RFC3526_LEN, NULL, DYNAMIC_TYPE_TMP_BUFFER); > if (!secret) > goto done; > > @@ -734,9 +731,9 @@ void * dh5_init_fixed(const struct wpabuf *priv, const struct wpabuf *publ) > done: > if (dh) { > wc_FreeDhKey(dh); > - os_free(dh); > + XFREE(dh, NULL, DYNAMIC_TYPE_TMP_BUFFER); > } > - os_free(secret); > + XFREE(secret, NULL, DYNAMIC_TYPE_TMP_BUFFER); > return ret; > } > > @@ -773,7 +770,7 @@ void dh5_free(void *ctx) > return; > > wc_FreeDhKey(ctx); > - os_free(ctx); > + XFREE(ctx, NULL, DYNAMIC_TYPE_TMP_BUFFER); > } > > #endif /* CONFIG_WPS_NFC */ > @@ -787,9 +784,6 @@ int crypto_dh_init(u8 generator, const u8 *prime, size_t prime_len, u8 *privkey, > DhKey *dh = NULL; > word32 priv_sz, pub_sz; > > - if (TEST_FAIL()) > - return -1; > - > dh = os_malloc(sizeof(DhKey)); > if (!dh) > return -1; > @@ -889,7 +883,7 @@ struct crypto_hash * crypto_hash_init(enum crypto_hash_alg alg, const u8 *key, > struct crypto_hash *hash; > int type; > > - hash = os_malloc(sizeof(*hash)); > + hash = os_zalloc(sizeof(*hash)); > if (!hash) > goto done; > > @@ -897,19 +891,19 @@ struct crypto_hash * crypto_hash_init(enum crypto_hash_alg alg, const u8 *key, > #ifndef NO_MD5 > case CRYPTO_HASH_ALG_HMAC_MD5: > hash->size = 16; > - type = MD5; > + type = WC_MD5; > break; > #endif /* NO_MD5 */ > #ifndef NO_SHA > case CRYPTO_HASH_ALG_HMAC_SHA1: > - type = SHA; > + type = WC_SHA; > hash->size = 20; > break; > #endif /* NO_SHA */ > #ifdef CONFIG_SHA256 > #ifndef NO_SHA256 > case CRYPTO_HASH_ALG_HMAC_SHA256: > - type = SHA256; > + type = WC_SHA256; > hash->size = 32; > break; > #endif /* NO_SHA256 */ > @@ -1597,7 +1591,7 @@ int crypto_ec_point_solve_y_coord(struct crypto_ec *e, > ret = crypto_bignum_to_bin(x, buf + 1, prime_len, prime_len); > if (ret <= 0) > return -1; > - ret = wc_ecc_import_point_der(buf, ret + 1, e->key.idx, > + ret = wc_ecc_import_point_der(buf, ret * 2 + 1, e->key.idx, > (ecc_point *) p); > if (ret != 0) > return -1; > @@ -1625,7 +1619,7 @@ crypto_ec_point_compute_y_sqr(struct crypto_ec *e, > goto done; > > if (mp_sqrmod((mp_int *) x, &e->prime, y2) != 0 || > - mp_mulmod((mp_int *) x, &t, &e->prime, y2) != 0 || > + mp_mulmod((mp_int *) x, y2, &e->prime, y2) != 0 || > mp_mulmod((mp_int *) x, &e->a, &e->prime, &t) != 0 || > mp_addmod(y2, &t, &e->prime, y2) != 0 || > mp_addmod(y2, &e->b, &e->prime, y2) != 0) > @@ -1667,4 +1661,124 @@ int crypto_ec_point_cmp(const struct crypto_ec *e, > return wc_ecc_cmp_point((ecc_point *) a, (ecc_point *) b); > } > > +struct crypto_ecdh { > + struct crypto_ec *ec; > +}; > + > +struct crypto_ecdh * crypto_ecdh_init(int group) > +{ > + struct crypto_ecdh *ecdh = NULL; > + WC_RNG rng; > + int ret; > + > + if (wc_InitRng(&rng) != 0) > + goto fail; > + > + ecdh = os_zalloc(sizeof(*ecdh)); > + if (!ecdh) > + goto fail; > + > + ecdh->ec = crypto_ec_init(group); > + if (!ecdh->ec) > + goto fail; > + > + ret = wc_ecc_make_key_ex(&rng, ecdh->ec->key.dp->size, &ecdh->ec->key, > + ecdh->ec->key.dp->id); > + if (ret < 0) > + goto fail; > + > +done: > + wc_FreeRng(&rng); > + > + return ecdh; > +fail: > + crypto_ecdh_deinit(ecdh); > + ecdh = NULL; > + goto done; > +} > + > +void crypto_ecdh_deinit(struct crypto_ecdh *ecdh) > +{ > + if (ecdh) { > + crypto_ec_deinit(ecdh->ec); > + os_free(ecdh); > + } > +} > + > +struct wpabuf * crypto_ecdh_get_pubkey(struct crypto_ecdh *ecdh, int inc_y) > +{ > + struct wpabuf *buf = NULL; > + int ret; > + int len = ecdh->ec->key.dp->size; > + > + buf = wpabuf_alloc(inc_y ? 2 * len : len); > + if (!buf) > + goto fail; > + > + ret = crypto_bignum_to_bin((struct crypto_bignum *) > + ecdh->ec->key.pubkey.x, wpabuf_put(buf, len), > + len, len); > + if (ret < 0) > + goto fail; > + if (inc_y) { > + ret = crypto_bignum_to_bin((struct crypto_bignum *) > + ecdh->ec->key.pubkey.y, > + wpabuf_put(buf, len), len, len); > + if (ret < 0) > + goto fail; > + } > + > +done: > + return buf; > +fail: > + wpabuf_free(buf); > + buf = NULL; > + goto done; > +} > + > +struct wpabuf * crypto_ecdh_set_peerkey(struct crypto_ecdh *ecdh, int inc_y, > + const u8 *key, size_t len) > +{ > + int ret; > + struct wpabuf *pubkey = NULL; > + struct wpabuf *secret = NULL; > + word32 key_len = ecdh->ec->key.dp->size; > + ecc_point *point = NULL; > + > + pubkey = wpabuf_alloc(key_len + 1); > + if (!pubkey) > + goto fail; > + wpabuf_put_u8(pubkey, inc_y ? 0x04 : 0x02); > + wpabuf_put_data(pubkey, key, key_len); > + > + point = wc_ecc_new_point(); > + if (!point) > + goto fail; > + > + ret = wc_ecc_import_point_der(wpabuf_put(pubkey, key_len + 1), key_len, > + ecdh->ec->key.dp->id, point); > + if (ret != MP_OKAY) > + goto fail; > + > + secret = wpabuf_alloc(key_len); > + if (!secret) > + goto fail; > + > + ret = wc_ecc_shared_secret_ex(&ecdh->ec->key, point, > + (byte*)wpabuf_put(secret, key_len), > + &key_len); > + if (ret != MP_OKAY) > + goto fail; > + > +done: > + wc_ecc_del_point(point); > + wpabuf_free(pubkey); > + return secret; > +fail: > + wpabuf_free(secret); > + secret = NULL; > + goto done; > +} > + > + > #endif /* CONFIG_ECC */ > diff --git a/src/crypto/fips_prf_wolfssl.c b/src/crypto/fips_prf_wolfssl.c > index 1709932..feb39db 100644 > --- a/src/crypto/fips_prf_wolfssl.c > +++ b/src/crypto/fips_prf_wolfssl.c > @@ -7,6 +7,7 @@ > */ > > #include "includes.h" > +#include <wolfssl/options.h> > #include <wolfssl/wolfcrypt/sha.h> > > #include "common.h" > @@ -15,7 +16,7 @@ > > static void sha1_transform(u32 *state, const u8 data[64]) > { > - Sha sha; > + wc_Sha sha; > > os_memset(&sha, 0, sizeof(sha)); > sha.digest[0] = state[0]; > diff --git a/src/crypto/tls_wolfssl.c b/src/crypto/tls_wolfssl.c > index b7c452e..82ced39 100644 > --- a/src/crypto/tls_wolfssl.c > +++ b/src/crypto/tls_wolfssl.c > @@ -10,24 +10,16 @@ > > #include "common.h" > #include "crypto.h" > +#include "sha1.h" > #include "tls.h" > > -#define OPENSSL_EXTRA > -#define HAVE_STUNNEL > -#define HAVE_SECRET_CALLBACK > -#define HAVE_SESSION_TICKET > -#define HAVE_OCSP > -#define HAVE_CERTIFICATE_STATUS_REQUEST > -#define HAVE_CERTIFICATE_STATUS_REQUEST_V2 > -#ifndef WOLFSSL_DER_LOAD > -#define WOLFSSL_DER_LOAD > -#endif > -#if 0 > -/* Enable if a debug build of wolfSSL is installed. */ > -#define DEBUG_WOLFSSL > -#endif > +/* sha256.h is a wolfSSL header file. */ > +extern void tls_prf_sha256(const u8 *secret, size_t secret_len, > + const char *label, const u8 *seed, size_t seed_len, > + u8 *out, size_t outlen); > > /* wolfSSL includes */ > +#include <wolfssl/options.h> > #include <wolfssl/ssl.h> > #include <wolfssl/error-ssl.h> > #include <wolfssl/wolfcrypt/asn.h> > @@ -470,9 +462,9 @@ static int tls_connection_client_cert(struct tls_connection *conn, > return 0; > > if (client_cert_blob) { > - if (wolfSSL_use_certificate_buffer(conn->ssl, client_cert_blob, > - blob_len, > - SSL_FILETYPE_ASN1) < 0) { > + if (wolfSSL_use_certificate_chain_buffer_format(conn->ssl, > + client_cert_blob, blob_len, > + SSL_FILETYPE_ASN1) < 0) { > wpa_printf(MSG_INFO, > "SSL: use client cert DER blob failed"); > return -1; > @@ -482,11 +474,11 @@ static int tls_connection_client_cert(struct tls_connection *conn, > } > > if (client_cert) { > - if (wolfSSL_use_certificate_file(conn->ssl, client_cert, > - SSL_FILETYPE_PEM) < 0) { > + if (wolfSSL_use_certificate_chain_file(conn->ssl, > + client_cert) < 0) { > wpa_printf(MSG_INFO, > "SSL: use client cert PEM file failed"); > - if (wolfSSL_use_certificate_file( > + if (wolfSSL_use_certificate_chain_file_format( > conn->ssl, client_cert, > SSL_FILETYPE_ASN1) < 0) { > wpa_printf(MSG_INFO, > @@ -577,10 +569,6 @@ static int tls_connection_private_key(void *tls_ctx, > } > > > -#define GEN_EMAIL 1 > -#define GEN_DNS ALT_NAMES_OID > -#define GEN_URI 6 > - > static int tls_match_alt_subject_component(WOLFSSL_X509 *cert, int type, > const char *value, size_t len) > { > @@ -590,7 +578,6 @@ static int tls_match_alt_subject_component(WOLFSSL_X509 *cert, int type, > int i; > > ext = wolfSSL_X509_get_ext_d2i(cert, ALT_NAMES_OID, NULL, NULL); > - > for (i = 0; ext && i < wolfSSL_sk_num(ext); i++) { > gen = wolfSSL_sk_value(ext, i); > if (gen->type != type) > @@ -893,19 +880,16 @@ static void wolfssl_tls_cert_event(struct tls_connection *conn, > if (num_alt_subject == TLS_MAX_ALT_SUBJECT) > break; > gen = wolfSSL_sk_value((void *) ext, i); > -#if 0 > if (gen->type != GEN_EMAIL && > gen->type != GEN_DNS && > gen->type != GEN_URI) > continue; > -#endif > > pos = os_malloc(10 + os_strlen((char *) gen->obj) + 1); > if (!pos) > break; > alt_subject[num_alt_subject++] = pos; > > -#if 0 > switch (gen->type) { > case GEN_EMAIL: > os_memcpy(pos, "EMAIL:", 6); > @@ -920,10 +904,6 @@ static void wolfssl_tls_cert_event(struct tls_connection *conn, > pos += 4; > break; > } > -#else > - os_memcpy(pos, "DNS:", 4); > - pos += 4; > -#endif > > os_memcpy(pos, gen->obj, os_strlen((char *)gen->obj)); > pos += os_strlen((char *)gen->obj); > @@ -1099,7 +1079,7 @@ static int tls_verify_cb(int preverify_ok, WOLFSSL_X509_STORE_CTX *x509_ctx) > TLS_FAIL_SERVER_CHAIN_PROBE); > } > > -#ifdef HAVE_OCSP_OPENSSL > +#ifdef HAVE_OCSP_WOLFSSL > if (depth == 0 && (conn->flags & TLS_CONN_REQUEST_OCSP) && > preverify_ok) { > enum ocsp_result res; > @@ -1123,7 +1103,7 @@ static int tls_verify_cb(int preverify_ok, WOLFSSL_X509_STORE_CTX *x509_ctx) > TLS_FAIL_UNSPECIFIED); > } > } > -#endif /* HAVE_OCSP */ > +#endif /* HAVE_OCSP_WOLFSSL */ > if (depth == 0 && preverify_ok && context->event_cb != NULL) > context->event_cb(context->cb_ctx, > TLS_CERT_CHAIN_SUCCESS, NULL); > @@ -1204,7 +1184,6 @@ static int tls_connection_ca_cert(void *tls_ctx, struct tls_connection *conn, > return -1; > } > wolfSSL_CTX_set_cert_store(ctx, cm); > - XFREE(cm, NULL, DYNAMIC_TYPE_X509_STORE); > > if (wolfSSL_CTX_load_verify_locations(ctx, ca_cert, ca_path) != > SSL_SUCCESS) { > @@ -1370,11 +1349,11 @@ static int tls_global_client_cert(void *ssl_ctx, const char *client_cert) > if (!client_cert) > return 0; > > - if (wolfSSL_CTX_use_certificate_file(ctx, client_cert, > - SSL_FILETYPE_ASN1) != > + if (wolfSSL_CTX_use_certificate_chain_file_format(ctx, client_cert, > + SSL_FILETYPE_ASN1) != > SSL_SUCCESS && > - wolfSSL_CTX_use_certificate_file(ctx, client_cert, > - SSL_FILETYPE_PEM) != SSL_SUCCESS) { > + wolfSSL_CTX_use_certificate_chain_file(ctx, client_cert) != > + SSL_SUCCESS) { > wpa_printf(MSG_INFO, "Failed to load client certificate"); > return -1; > } > @@ -1988,18 +1967,58 @@ int tls_connection_export_key(void *tls_ctx, struct tls_connection *conn, > } > > > +#define SEED_LEN (RAN_LEN + RAN_LEN) > + > int tls_connection_get_eap_fast_key(void *tls_ctx, struct tls_connection *conn, > u8 *out, size_t out_len) > { > - int ret; > + byte seed[SEED_LEN]; > + int ret = -1; > + WOLFSSL *ssl; > + byte *tmp_out = NULL; > + byte *_out; > + int skip = 0; > + byte *master_key; > + unsigned int master_key_len; > + byte *server_random; > + unsigned int server_len; > + byte *client_random; > + unsigned int client_len; > > if (!conn || !conn->ssl) > return -1; > + ssl = conn->ssl; > > - ret = wolfSSL_make_eap_keys(conn->ssl, out, out_len, "key expansion"); > - if (ret != 0) > + skip = 2 * (wolfSSL_GetKeySize(ssl) + wolfSSL_GetHmacSize(ssl) + > + wolfSSL_GetIVSize(ssl)); > + > + tmp_out = os_malloc(skip + out_len); > + if (!tmp_out) > return -1; > - return 0; > + _out = tmp_out; > + > + wolfSSL_get_keys(ssl, &master_key, &master_key_len, &server_random, > + &server_len, &client_random, &client_len); > + XMEMCPY(seed , server_random, RAN_LEN); > + XMEMCPY(seed + RAN_LEN, client_random, RAN_LEN); > + > + if (wolfSSL_GetVersion(ssl) == WOLFSSL_TLSV1_2) { > + tls_prf_sha256(master_key, master_key_len, > + "key expansion", seed, sizeof(seed), > + _out, skip + out_len); > + ret = 0; > + } else if (tls_prf_sha1_md5(master_key, master_key_len, > + "key expansion", seed, sizeof(seed), > + _out, skip + out_len) == 0) { > + ret = 0; > + } > + > + os_memset(master_key, 0, master_key_len); > + if (ret == 0) > + os_memcpy(out, _out + skip, out_len); > + bin_clear_free(tmp_out, skip); > + > + return ret; > } > > > @@ -2037,14 +2056,14 @@ static int tls_sess_sec_cb(WOLFSSL *s, void *secret, int *secret_len, void *arg) > sizeof(client_random)) == 0 || > wolfSSL_get_server_random(s, server_random, > sizeof(server_random)) == 0 || > - wolfSSL_get_SessionTicket(s, conn->session_ticket, &ticketLen) != 1) > + wolfSSL_get_SessionTicket(s, conn->session_ticket, &ticket_len) != 1) > return 1; > > if (ticket_len == 0) > return 0; > > ret = conn->session_ticket_cb(conn->session_ticket_cb_ctx, > - conn->session_ticket, ticketLen, > + conn->session_ticket, ticket_len, > client_random, server_random, secret); > if (ret <= 0) > return 1; > diff --git a/tests/hwsim/test_ap_eap.py b/tests/hwsim/test_ap_eap.py > index 88041ca..804cbca 100644 > --- a/tests/hwsim/test_ap_eap.py > +++ b/tests/hwsim/test_ap_eap.py > @@ -4115,7 +4115,7 @@ def test_ap_wpa2_eap_tls_intermediate_ca(dev, apdev, params): > params["private_key"] = "auth_serv/iCA-server/server.key" > hostapd.add_ap(apdev[0], params) > tls = dev[0].request("GET tls_library") > - if "GnuTLS" in tls: > + if "GnuTLS" in tls or "wolfSSL" in tls: > ca_cert = "auth_serv/iCA-user/ca-and-root.pem" > client_cert = "auth_serv/iCA-user/user_and_ica.pem" > else: > @@ -4223,7 +4223,7 @@ def run_ap_wpa2_eap_tls_intermediate_ca_ocsp(dev, apdev, params, md): > try: > hostapd.add_ap(apdev[0], params) > tls = dev[0].request("GET tls_library") > - if "GnuTLS" in tls: > + if "GnuTLS" in tls or "wolfSSL" in tls: > ca_cert = "auth_serv/iCA-user/ca-and-root.pem" > client_cert = "auth_serv/iCA-user/user_and_ica.pem" > else: > @@ -4258,7 +4258,7 @@ def run_ap_wpa2_eap_tls_intermediate_ca_ocsp_revoked(dev, apdev, params, md): > try: > hostapd.add_ap(apdev[0], params) > tls = dev[0].request("GET tls_library") > - if "GnuTLS" in tls: > + if "GnuTLS" in tls or "wolfSSL" in tls: > ca_cert = "auth_serv/iCA-user/ca-and-root.pem" > client_cert = "auth_serv/iCA-user/user_and_ica.pem" > else: > @@ -4308,7 +4308,7 @@ def test_ap_wpa2_eap_tls_intermediate_ca_ocsp_multi_missing_resp(dev, apdev, par > try: > hostapd.add_ap(apdev[0], params) > tls = dev[0].request("GET tls_library") > - if "GnuTLS" in tls: > + if "GnuTLS" in tls or "wolfSSL" in tls: > ca_cert = "auth_serv/iCA-user/ca-and-root.pem" > client_cert = "auth_serv/iCA-user/user_and_ica.pem" > else: > @@ -4375,7 +4375,7 @@ def test_ap_wpa2_eap_tls_intermediate_ca_ocsp_multi(dev, apdev, params): > > hostapd.add_ap(apdev[0], params) > tls = dev[0].request("GET tls_library") > - if "GnuTLS" in tls: > + if "GnuTLS" in tls or "wolfSSL" in tls: > ca_cert = "auth_serv/iCA-user/ca-and-root.pem" > client_cert = "auth_serv/iCA-user/user_and_ica.pem" > else: > diff --git a/tests/hwsim/test_eap_proto.py b/tests/hwsim/test_eap_proto.py > index d97a6f1..2ff6743 100644 > --- a/tests/hwsim/test_eap_proto.py > +++ b/tests/hwsim/test_eap_proto.py > @@ -5124,7 +5124,7 @@ def test_eap_proto_ikev2(dev, apdev): > > def build_ke(next=0): > ke = struct.pack(">BBHHH", next, 0, 4 + 4 + 192, 5, 0) > - ke += 192*'\x00' > + ke += 191*'\x00'+'\x02' > return ke > > idx += 1 > diff --git a/wpa_supplicant/Makefile b/wpa_supplicant/Makefile > index c761c22..eca20a9 100644 > --- a/wpa_supplicant/Makefile > +++ b/wpa_supplicant/Makefile > @@ -1067,6 +1067,7 @@ OBJS_p += ../src/crypto/crypto_wolfssl.o > ifdef NEED_FIPS186_2_PRF > OBJS += ../src/crypto/fips_prf_wolfssl.o > endif > +NEED_TLS_PRF_SHA256=y > LIBS += -lwolfssl -lm > LIBS_p += -lwolfssl -lm > endif > -- > 1.9.1 >> On 4 Mar 2018, at 5:19 am, Jouni Malinen <j@xxxxx> wrote: >> >> On Thu, Jan 18, 2018 at 12:26:39PM +1000, Sean Parkinson wrote: >>> I’ve prepared a new patch with the changes as asked for by Jouni. >>> >>> This patch was written to allow hostap to be compiled with the wolfSSL cryptography and TLS library. >> >> Thanks! I'm seeing number of errors in the hwsim test cases, but it >> looks like it is easiest to move ahead with this if I push in the >> cleaned up version that I've been testing with some fixes to avoid >> breaking non-wolfSSL builds. I'd welcome any incremental changes on top >> of the current hostap.git master branch snapshot to address things that >> I list below or maybe a recommendation on how to configure the wolfSSL >> build properly to avoid the issues. I ran my tests with wolfSSL 3.13.0 >> and ended up adding various configure options until the build went >> through cleanly. This ended up with following options: >> >> ./configure --prefix=/home/jm/wolfssl/3.13.0 --enable-des3 --enable-md4 --enable-harden --enable-pwdbased --enable-tlsv10 --enable-oldtls --enable-cmac --enable-aeskeywrap --enable-keygen --enable-crl --enable-ocsp --enable-ocspstapling --enable-ocspstapling2 --enable-pkcallbacks --enable-tls13 --enable-fortress --enable-wpas --enable-static=yes --enable-shared=no >> >> >> These are the notes from my hwsim test runs: >> >> SAE: >> - SAE: Could not solve y >> - SAE: Could not pick PWE >> --> check crypto_ec_point_solve_y_coord() implementation >> (wc_ecc_import_point_der() returns -1) >> sae >> sae_anti_clogging >> sae_anti_clogging_proto >> sae_bignum_failure >> sae_forced_anti_clogging >> sae_group_nego >> sae_groups >> sae_invalid_anti_clogging_token_req >> sae_key_lifetime_in_memory >> sae_mixed >> sae_mixed_mfp >> sae_no_random >> sae_oom_wpas >> sae_password >> sae_password_ecc >> sae_password_long >> sae_password_short >> sae_pmksa_caching >> sae_pmksa_caching_disabled >> sae_proto_confirm_replay >> sae_proto_ecc >> sae_pwe_failure >> ap_ft_sae >> ap_ft_sae_over_ds >> sigma_dut_ap_psk_sae >> sigma_dut_ap_sae >> sigma_dut_ap_sae_group >> sigma_dut_ap_sae_password >> sigma_dut_sae >> sigma_dut_sae_password >> wpas_mesh_password_mismatch >> mesh_forwarding_secure >> ap_mixed_security >> >> >> TLS interop(?) issue with OpenSSL server: >> - OpenSSL server: >> * SSL: SSL3 alert: write (local SSL3 detected an error):fatal:bad record mac >> * SSL: SSL_accept:error in SSLv3 read finished A >> * OpenSSL: openssl_handshake - SSL_connect error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac >> ap_hs20_remediation_sql >> eap_tls_no_session_resumption_radius >> authsrv_testing_options >> ap_wpa2_eap_tls_versions >> >> >> OpenSSL authentication server: >> - OpenSSL: openssl_handshake - SSL_connect error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher >> ap_wpa2_eap_ttls_dh_params >> ap_wpa2_eap_ttls_dh_params_blob >> ap_wpa2_eap_ttls_dh_params_dsa >> >> >> OpenSSL authentication server: >> - TLS: Certificate verification failed, error 20 (unable to get local issuer certificate) depth 0 for '/C=FI/O=w1.fi/CN=user.w1.fi' >> - SSL: SSL3 alert: write (local SSL3 detected an error):fatal:unknown CA >> - OpenSSL: openssl_handshake - SSL_connect error:14089086:SSL routines:ssl3_get_client_certificate:certificate verify failed >> ap_wpa2_eap_tls_intermediate_ca >> ap_wpa2_eap_tls_intermediate_ca_ocsp_sha1 >> ap_wpa2_eap_tls_intermediate_ca_ocsp >> ap_wpa2_eap_tls_intermediate_ca_ocsp_revoked >> ap_wpa2_eap_tls_intermediate_ca_ocsp_revoked_sha1 >> >> >> TLS: tls_verify_cb - preverify_ok=1 err=0 (unknown error number) ca_cert_verify=1 depth=0 buf='/C=FI/O=w1.fi/CN=server.w1.fi' >> TLS: altSubjectName match 'EMAIL:noone@xxxxxxxxxxx;DNS:server.w1.fi;URI:http://example.com/' not found >> wlan0: CTRL-EVENT-EAP-TLS-CERT-ERROR reason=6 depth=0 subject='/C=FI/O=w1.fi/CN=server.w1.fi' err='AltSubject mismatch' >> ap_wpa2_eap_ttls_pap_subject_match >> >> >> TLS: tls_verify_cb - preverify_ok=1 err=0 (unknown error number) ca_cert_verify=1 depth=0 buf='/C=FI/O=w1.fi/CN=server.w1.fi' >> TLS: altSubjectName match 'EMAIL:noone@xxxxxxxxxxx;URI:http://example.com/;DNS:server.w1.fi' not found >> wlan0: CTRL-EVENT-EAP-TLS-CERT-ERROR reason=6 depth=0 subject='/C=FI/O=w1.fi/CN=server.w1.fi' err='AltSubject mismatch' >> ap_wpa2_eap_ttls_chap_altsubject_match >> >> >> TLS: Certificate verification failed, error -407 (Invalid OCSP Status Error) depth 2 for '/C=FI/O=w1.fi/CN=server.w1.fi' >> ap_wpa2_eap_ttls_ocsp_revoked >> ap_wpa2_eap_ttls_ocsp_unknown >> ap_wpa2_eap_ttls_optional_ocsp_unknown >> >> >> Missing altsubject in D-Bus output?! >> dbus_connect_eap >> >> >> DH: crypto_dh_derive_secret failed >> eap_proto_ikev2 >> >> >> TLS: Certificate verification failed, error -238 (ASN CA path length larger than signer error) depth 2 for '/C=FI/O=w1.fi/CN=sha384.server.w1.fi' >> eap_tls_sha384 >> eap_tls_sha512 >> >> >> >> GET_FAIL/GET_ALLOC_FAIL failure did not trigger: >> radius_mppe_failure >> authsrv_oom >> >> >> -- >> Jouni Malinen PGP id EFC895FA >> >> _______________________________________________ >> Hostap mailing list >> Hostap@xxxxxxxxxxxxxxxxxxx >> http://lists.infradead.org/mailman/listinfo/hostap > > > _______________________________________________ > Hostap mailing list > Hostap@xxxxxxxxxxxxxxxxxxx > http://lists.infradead.org/mailman/listinfo/hostap _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap
