Proposed Patch: Support for wolfSSL

Message ID	35F71B52-8428-4A0E-B14C-20CFF8CBCA65@wolfssl.com
State	Accepted
Headers	show Return-Path: <hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org> From: Sean Parkinson <sean@wolfssl.com> Mime-Version: 1.0 (Mac OS X Mail 11.1 \(3445.4.7\)) Subject: Proposed Patch: Support for wolfSSL Message-Id: <35F71B52-8428-4A0E-B14C-20CFF8CBCA65@wolfssl.com> Date: Thu, 18 Jan 2018 12:26:39 +1000 To: hostap@lists.infradead.org summary: Content analysis details: (-1.9 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no trust [173.201.192.231 listed in list.dnswl.org] -0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3) [173.201.192.231 listed in wl.mailspike.net] -0.0 SPF_PASS SPF: sender matches SPF record -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] -0.0 RCVD_IN_MSPIKE_WL Mailspike good senders Precedence: list Cc: Jouni Malinen <j@w1.fi>, Todd A Ouska <todd@wolfssl.com> Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Sender: "Hostap" <hostap-bounces@lists.infradead.org> Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org
Series	Proposed Patch: Support for wolfSSL \| expand Proposed Patch: Support for wolfSSL

Jouni, Also note that the OCSP is not supported yet. Thanks, Sean — Sean Parkinson sean@wolfssl.com wolfSSL Inc > On 29 Mar 2018, at 2:55 pm, Sean Parkinson <sean@wolfssl.com> wrote: > > Jouni, > > (Excuse the previous email. This one in plaintext.) > > I’ve looked into the failures and made changes as needed. > There were changes to wolfSSL as well. > > To reproduce the setup I tested: > - download wolfSSL latest from master (https://github.com/wolfssl/wolfssl) > - configure wolfSSL with option -enable-wpas > - build wolfSSL > - in wpa_supplicant change .config > - CONFIG_TLS=wolfssl > - disable CONFIG_DPP > > The proposed new patch is below. > > Thanks, > Sean > — > Sean Parkinson > sean@wolfssl.com > wolfSSL Inc > > > From 80ba12c7fecdd650d7528211e68e6fd7ededd736 Mon Sep 17 00:00:00 2001 > From: Sean Parkinson <sparki@wolfssl.com> > Date: Mon, 19 Mar 2018 13:19:08 +1000 > Subject: [PATCH] Fixes for wolfSSL integration. > > Use new digest namespace. > Changes for memory allocation failure testing. > Use same certificates as used for GnuTLS in tests. > Implement tls_connection_get_eap_fast_key using cryptographic primitives > as wolfSSL implements different spec. > Use a valid key exchange value in test. > Fix loading of client certificate to use 'chain' APIs. > > Signed-off-by: Sean Parkinson <sean@wolfssl.com> > --- > hostapd/Makefile | 2 + > src/crypto/crypto_wolfssl.c | 192 +++++++++++++++++++++++++++++++++--------- > src/crypto/fips_prf_wolfssl.c | 3 +- > src/crypto/tls_wolfssl.c | 109 ++++++++++++++---------- > tests/hwsim/test_ap_eap.py | 10 +-- > tests/hwsim/test_eap_proto.py | 2 +- > wpa_supplicant/Makefile | 1 + > 7 files changed, 228 insertions(+), 91 deletions(-) > > diff --git a/hostapd/Makefile b/hostapd/Makefile > index 98ce115..9f8c6cf 100644 > --- a/hostapd/Makefile > +++ b/hostapd/Makefile > @@ -899,9 +899,11 @@ AESOBJS += ../src/crypto/aes-encblock.o > endif > ifdef NEED_AES_OMAC1 > ifneq ($(CONFIG_TLS), linux) > +ifneq ($(CONFIG_TLS), wolfssl) > AESOBJS += ../src/crypto/aes-omac1.o > endif > endif > +endif > ifdef NEED_AES_UNWRAP > ifneq ($(CONFIG_TLS), openssl) > ifneq ($(CONFIG_TLS), linux) > diff --git a/src/crypto/crypto_wolfssl.c b/src/crypto/crypto_wolfssl.c > index 90163c4..7e68716 100644 > --- a/src/crypto/crypto_wolfssl.c > +++ b/src/crypto/crypto_wolfssl.c > @@ -11,18 +11,8 @@ > #include "common.h" > #include "crypto.h" > > -#define WOLFSSL_AES_DIRECT > -#define HAVE_AESGCM > -#define HAVE_AES_KEYWRAP > -#define WOLFSSL_SHA384 > -#define WOLFSSL_SHA512 > -#define WOLFSSL_CMAC > -#define HAVE_ECC > -#define USE_FAST_MATH > -#define WOLFSSL_KEY_GEN > - > -#include <wolfssl/options.h> > /* wolfSSL headers */ > +#include <wolfssl/options.h> > #include <wolfssl/wolfcrypt/md4.h> > #include <wolfssl/wolfcrypt/md5.h> > #include <wolfssl/wolfcrypt/sha.h> > @@ -62,7 +52,7 @@ int md4_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac) > > int md5_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac) > { > - Md5 md5; > + wc_Md5 md5; > size_t i; > > if (TEST_FAIL()) > @@ -83,7 +73,7 @@ int md5_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac) > > int sha1_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac) > { > - Sha sha; > + wc_Sha sha; > size_t i; > > if (TEST_FAIL()) > @@ -104,7 +94,7 @@ int sha1_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac) > int sha256_vector(size_t num_elem, const u8 *addr[], const size_t *len, > u8 *mac) > { > - Sha256 sha256; > + wc_Sha256 sha256; > size_t i; > > if (TEST_FAIL()) > @@ -126,7 +116,7 @@ int sha256_vector(size_t num_elem, const u8 *addr[], const size_t *len, > int sha384_vector(size_t num_elem, const u8 *addr[], const size_t *len, > u8 *mac) > { > - Sha384 sha384; > + wc_Sha384 sha384; > size_t i; > > if (TEST_FAIL()) > @@ -148,7 +138,7 @@ int sha384_vector(size_t num_elem, const u8 *addr[], const size_t *len, > int sha512_vector(size_t num_elem, const u8 *addr[], const size_t *len, > u8 *mac) > { > - Sha512 sha512; > + wc_Sha512 sha512; > size_t i; > > if (TEST_FAIL()) > @@ -186,6 +176,7 @@ static int wolfssl_hmac_vector(int type, const u8 *key, > return -1; > if (wc_HmacFinal(&hmac, mac) != 0) > return -1; > + > return 0; > } > > @@ -195,7 +186,7 @@ static int wolfssl_hmac_vector(int type, const u8 *key, > int hmac_md5_vector(const u8 *key, size_t key_len, size_t num_elem, > const u8 *addr[], const size_t *len, u8 *mac) > { > - return wolfssl_hmac_vector(MD5, key, key_len, num_elem, addr, len, mac, > + return wolfssl_hmac_vector(WC_MD5, key, key_len, num_elem, addr, len, mac, > 16); > } > > @@ -212,7 +203,7 @@ int hmac_md5(const u8 *key, size_t key_len, const u8 *data, size_t data_len, > int hmac_sha1_vector(const u8 *key, size_t key_len, size_t num_elem, > const u8 *addr[], const size_t *len, u8 *mac) > { > - return wolfssl_hmac_vector(SHA, key, key_len, num_elem, addr, len, mac, > + return wolfssl_hmac_vector(WC_SHA, key, key_len, num_elem, addr, len, mac, > 20); > } > > @@ -229,7 +220,7 @@ int hmac_sha1(const u8 *key, size_t key_len, const u8 *data, size_t data_len, > int hmac_sha256_vector(const u8 *key, size_t key_len, size_t num_elem, > const u8 *addr[], const size_t *len, u8 *mac) > { > - return wolfssl_hmac_vector(SHA256, key, key_len, num_elem, addr, len, > + return wolfssl_hmac_vector(WC_SHA256, key, key_len, num_elem, addr, len, > mac, 32); > } > > @@ -248,7 +239,7 @@ int hmac_sha256(const u8 *key, size_t key_len, const u8 *data, > int hmac_sha384_vector(const u8 *key, size_t key_len, size_t num_elem, > const u8 *addr[], const size_t *len, u8 *mac) > { > - return wolfssl_hmac_vector(SHA384, key, key_len, num_elem, addr, len, > + return wolfssl_hmac_vector(WC_SHA384, key, key_len, num_elem, addr, len, > mac, 48); > } > > @@ -267,7 +258,7 @@ int hmac_sha384(const u8 *key, size_t key_len, const u8 *data, > int hmac_sha512_vector(const u8 *key, size_t key_len, size_t num_elem, > const u8 *addr[], const size_t *len, u8 *mac) > { > - return wolfssl_hmac_vector(SHA512, key, key_len, num_elem, addr, len, > + return wolfssl_hmac_vector(WC_SHA512, key, key_len, num_elem, addr, len, > mac, 64); > } > > @@ -285,7 +276,7 @@ int pbkdf2_sha1(const char *passphrase, const u8 *ssid, size_t ssid_len, > int iterations, u8 *buf, size_t buflen) > { > if (wc_PBKDF2(buf, (const byte*)passphrase, os_strlen(passphrase), ssid, > - ssid_len, iterations, buflen, SHA) != 0) > + ssid_len, iterations, buflen, WC_SHA) != 0) > return -1; > return 0; > } > @@ -423,6 +414,9 @@ int aes_wrap(const u8 *kek, size_t kek_len, int n, const u8 *plain, u8 *cipher) > { > int ret; > > + if (TEST_FAIL()) > + return -1; > + > ret = wc_AesKeyWrap(kek, kek_len, plain, n * 8, cipher, (n + 1) * 8, > NULL); > return ret != (n + 1) * 8 ? -1 : 0; > @@ -434,6 +428,9 @@ int aes_unwrap(const u8 *kek, size_t kek_len, int n, const u8 *cipher, > { > int ret; > > + if (TEST_FAIL()) > + return -1; > + > ret = wc_AesKeyUnWrap(kek, kek_len, cipher, (n + 1) * 8, plain, n * 8, > NULL); > return ret != n * 8 ? -1 : 0; > @@ -654,13 +651,13 @@ void * dh5_init(struct wpabuf **priv, struct wpabuf **publ) > wpabuf_free(*publ); > *publ = NULL; > > - dh = os_malloc(sizeof(DhKey)); > + dh = XMALLOC(sizeof(DhKey), NULL, DYNAMIC_TYPE_TMP_BUFFER); > if (!dh) > return NULL; > wc_InitDhKey(dh); > > if (wc_InitRng(&rng) != 0) { > - os_free(dh); > + XFREE(dh, NULL, DYNAMIC_TYPE_TMP_BUFFER); > return NULL; > } > > @@ -692,7 +689,7 @@ done: > wpabuf_clear_free(privkey); > if (dh) { > wc_FreeDhKey(dh); > - os_free(dh); > + XFREE(dh, NULL, DYNAMIC_TYPE_TMP_BUFFER); > } > wc_FreeRng(&rng); > return ret; > @@ -706,12 +703,12 @@ void * dh5_init_fixed(const struct wpabuf *priv, const struct wpabuf *publ) > byte *secret; > word32 secret_sz; > > - dh = os_malloc(sizeof(DhKey)); > + dh = XMALLOC(sizeof(DhKey), NULL, DYNAMIC_TYPE_TMP_BUFFER); > if (!dh) > return NULL; > wc_InitDhKey(dh); > > - secret = os_malloc(RFC3526_LEN); > + secret = XMALLOC(RFC3526_LEN, NULL, DYNAMIC_TYPE_TMP_BUFFER); > if (!secret) > goto done; > > @@ -734,9 +731,9 @@ void * dh5_init_fixed(const struct wpabuf *priv, const struct wpabuf *publ) > done: > if (dh) { > wc_FreeDhKey(dh); > - os_free(dh); > + XFREE(dh, NULL, DYNAMIC_TYPE_TMP_BUFFER); > } > - os_free(secret); > + XFREE(secret, NULL, DYNAMIC_TYPE_TMP_BUFFER); > return ret; > } > > @@ -773,7 +770,7 @@ void dh5_free(void *ctx) > return; > > wc_FreeDhKey(ctx); > - os_free(ctx); > + XFREE(ctx, NULL, DYNAMIC_TYPE_TMP_BUFFER); > } > > #endif /* CONFIG_WPS_NFC */ > @@ -787,9 +784,6 @@ int crypto_dh_init(u8 generator, const u8 *prime, size_t prime_len, u8 *privkey, > DhKey *dh = NULL; > word32 priv_sz, pub_sz; > > - if (TEST_FAIL()) > - return -1; > - > dh = os_malloc(sizeof(DhKey)); > if (!dh) > return -1; > @@ -889,7 +883,7 @@ struct crypto_hash * crypto_hash_init(enum crypto_hash_alg alg, const u8 *key, > struct crypto_hash *hash; > int type; > > - hash = os_malloc(sizeof(*hash)); > + hash = os_zalloc(sizeof(*hash)); > if (!hash) > goto done; > > @@ -897,19 +891,19 @@ struct crypto_hash * crypto_hash_init(enum crypto_hash_alg alg, const u8 *key, > #ifndef NO_MD5 > case CRYPTO_HASH_ALG_HMAC_MD5: > hash->size = 16; > - type = MD5; > + type = WC_MD5; > break; > #endif /* NO_MD5 */ > #ifndef NO_SHA > case CRYPTO_HASH_ALG_HMAC_SHA1: > - type = SHA; > + type = WC_SHA; > hash->size = 20; > break; > #endif /* NO_SHA */ > #ifdef CONFIG_SHA256 > #ifndef NO_SHA256 > case CRYPTO_HASH_ALG_HMAC_SHA256: > - type = SHA256; > + type = WC_SHA256; > hash->size = 32; > break; > #endif /* NO_SHA256 */ > @@ -1597,7 +1591,7 @@ int crypto_ec_point_solve_y_coord(struct crypto_ec *e, > ret = crypto_bignum_to_bin(x, buf + 1, prime_len, prime_len); > if (ret <= 0) > return -1; > - ret = wc_ecc_import_point_der(buf, ret + 1, e->key.idx, > + ret = wc_ecc_import_point_der(buf, ret * 2 + 1, e->key.idx, > (ecc_point *) p); > if (ret != 0) > return -1; > @@ -1625,7 +1619,7 @@ crypto_ec_point_compute_y_sqr(struct crypto_ec *e, > goto done; > > if (mp_sqrmod((mp_int *) x, &e->prime, y2) != 0 || > - mp_mulmod((mp_int *) x, &t, &e->prime, y2) != 0 || > + mp_mulmod((mp_int *) x, y2, &e->prime, y2) != 0 || > mp_mulmod((mp_int *) x, &e->a, &e->prime, &t) != 0 || > mp_addmod(y2, &t, &e->prime, y2) != 0 || > mp_addmod(y2, &e->b, &e->prime, y2) != 0) > @@ -1667,4 +1661,124 @@ int crypto_ec_point_cmp(const struct crypto_ec *e, > return wc_ecc_cmp_point((ecc_point *) a, (ecc_point *) b); > } > > +struct crypto_ecdh { > + struct crypto_ec *ec; > +}; > + > +struct crypto_ecdh * crypto_ecdh_init(int group) > +{ > + struct crypto_ecdh *ecdh = NULL; > + WC_RNG rng; > + int ret; > + > + if (wc_InitRng(&rng) != 0) > + goto fail; > + > + ecdh = os_zalloc(sizeof(*ecdh)); > + if (!ecdh) > + goto fail; > + > + ecdh->ec = crypto_ec_init(group); > + if (!ecdh->ec) > + goto fail; > + > + ret = wc_ecc_make_key_ex(&rng, ecdh->ec->key.dp->size, &ecdh->ec->key, > + ecdh->ec->key.dp->id); > + if (ret < 0) > + goto fail; > + > +done: > + wc_FreeRng(&rng); > + > + return ecdh; > +fail: > + crypto_ecdh_deinit(ecdh); > + ecdh = NULL; > + goto done; > +} > + > +void crypto_ecdh_deinit(struct crypto_ecdh *ecdh) > +{ > + if (ecdh) { > + crypto_ec_deinit(ecdh->ec); > + os_free(ecdh); > + } > +} > + > +struct wpabuf * crypto_ecdh_get_pubkey(struct crypto_ecdh *ecdh, int inc_y) > +{ > + struct wpabuf *buf = NULL; > + int ret; > + int len = ecdh->ec->key.dp->size; > + > + buf = wpabuf_alloc(inc_y ? 2 * len : len); > + if (!buf) > + goto fail; > + > + ret = crypto_bignum_to_bin((struct crypto_bignum *) > + ecdh->ec->key.pubkey.x, wpabuf_put(buf, len), > + len, len); > + if (ret < 0) > + goto fail; > + if (inc_y) { > + ret = crypto_bignum_to_bin((struct crypto_bignum *) > + ecdh->ec->key.pubkey.y, > + wpabuf_put(buf, len), len, len); > + if (ret < 0) > + goto fail; > + } > + > +done: > + return buf; > +fail: > + wpabuf_free(buf); > + buf = NULL; > + goto done; > +} > + > +struct wpabuf * crypto_ecdh_set_peerkey(struct crypto_ecdh *ecdh, int inc_y, > + const u8 *key, size_t len) > +{ > + int ret; > + struct wpabuf *pubkey = NULL; > + struct wpabuf *secret = NULL; > + word32 key_len = ecdh->ec->key.dp->size; > + ecc_point *point = NULL; > + > + pubkey = wpabuf_alloc(key_len + 1); > + if (!pubkey) > + goto fail; > + wpabuf_put_u8(pubkey, inc_y ? 0x04 : 0x02); > + wpabuf_put_data(pubkey, key, key_len); > + > + point = wc_ecc_new_point(); > + if (!point) > + goto fail; > + > + ret = wc_ecc_import_point_der(wpabuf_put(pubkey, key_len + 1), key_len, > + ecdh->ec->key.dp->id, point); > + if (ret != MP_OKAY) > + goto fail; > + > + secret = wpabuf_alloc(key_len); > + if (!secret) > + goto fail; > + > + ret = wc_ecc_shared_secret_ex(&ecdh->ec->key, point, > + (byte*)wpabuf_put(secret, key_len), > + &key_len); > + if (ret != MP_OKAY) > + goto fail; > + > +done: > + wc_ecc_del_point(point); > + wpabuf_free(pubkey); > + return secret; > +fail: > + wpabuf_free(secret); > + secret = NULL; > + goto done; > +} > + > + > #endif /* CONFIG_ECC */ > diff --git a/src/crypto/fips_prf_wolfssl.c b/src/crypto/fips_prf_wolfssl.c > index 1709932..feb39db 100644 > --- a/src/crypto/fips_prf_wolfssl.c > +++ b/src/crypto/fips_prf_wolfssl.c > @@ -7,6 +7,7 @@ > */ > > #include "includes.h" > +#include <wolfssl/options.h> > #include <wolfssl/wolfcrypt/sha.h> > > #include "common.h" > @@ -15,7 +16,7 @@ > > static void sha1_transform(u32 *state, const u8 data[64]) > { > - Sha sha; > + wc_Sha sha; > > os_memset(&sha, 0, sizeof(sha)); > sha.digest[0] = state[0]; > diff --git a/src/crypto/tls_wolfssl.c b/src/crypto/tls_wolfssl.c > index b7c452e..82ced39 100644 > --- a/src/crypto/tls_wolfssl.c > +++ b/src/crypto/tls_wolfssl.c > @@ -10,24 +10,16 @@ > > #include "common.h" > #include "crypto.h" > +#include "sha1.h" > #include "tls.h" > > -#define OPENSSL_EXTRA > -#define HAVE_STUNNEL > -#define HAVE_SECRET_CALLBACK > -#define HAVE_SESSION_TICKET > -#define HAVE_OCSP > -#define HAVE_CERTIFICATE_STATUS_REQUEST > -#define HAVE_CERTIFICATE_STATUS_REQUEST_V2 > -#ifndef WOLFSSL_DER_LOAD > -#define WOLFSSL_DER_LOAD > -#endif > -#if 0 > -/* Enable if a debug build of wolfSSL is installed. */ > -#define DEBUG_WOLFSSL > -#endif > +/* sha256.h is a wolfSSL header file. */ > +extern void tls_prf_sha256(const u8 *secret, size_t secret_len, > + const char *label, const u8 *seed, size_t seed_len, > + u8 *out, size_t outlen); > > /* wolfSSL includes */ > +#include <wolfssl/options.h> > #include <wolfssl/ssl.h> > #include <wolfssl/error-ssl.h> > #include <wolfssl/wolfcrypt/asn.h> > @@ -470,9 +462,9 @@ static int tls_connection_client_cert(struct tls_connection *conn, > return 0; > > if (client_cert_blob) { > - if (wolfSSL_use_certificate_buffer(conn->ssl, client_cert_blob, > - blob_len, > - SSL_FILETYPE_ASN1) < 0) { > + if (wolfSSL_use_certificate_chain_buffer_format(conn->ssl, > + client_cert_blob, blob_len, > + SSL_FILETYPE_ASN1) < 0) { > wpa_printf(MSG_INFO, > "SSL: use client cert DER blob failed"); > return -1; > @@ -482,11 +474,11 @@ static int tls_connection_client_cert(struct tls_connection *conn, > } > > if (client_cert) { > - if (wolfSSL_use_certificate_file(conn->ssl, client_cert, > - SSL_FILETYPE_PEM) < 0) { > + if (wolfSSL_use_certificate_chain_file(conn->ssl, > + client_cert) < 0) { > wpa_printf(MSG_INFO, > "SSL: use client cert PEM file failed"); > - if (wolfSSL_use_certificate_file( > + if (wolfSSL_use_certificate_chain_file_format( > conn->ssl, client_cert, > SSL_FILETYPE_ASN1) < 0) { > wpa_printf(MSG_INFO, > @@ -577,10 +569,6 @@ static int tls_connection_private_key(void *tls_ctx, > } > > > -#define GEN_EMAIL 1 > -#define GEN_DNS ALT_NAMES_OID > -#define GEN_URI 6 > - > static int tls_match_alt_subject_component(WOLFSSL_X509 *cert, int type, > const char *value, size_t len) > { > @@ -590,7 +578,6 @@ static int tls_match_alt_subject_component(WOLFSSL_X509 *cert, int type, > int i; > > ext = wolfSSL_X509_get_ext_d2i(cert, ALT_NAMES_OID, NULL, NULL); > - > for (i = 0; ext && i < wolfSSL_sk_num(ext); i++) { > gen = wolfSSL_sk_value(ext, i); > if (gen->type != type) > @@ -893,19 +880,16 @@ static void wolfssl_tls_cert_event(struct tls_connection *conn, > if (num_alt_subject == TLS_MAX_ALT_SUBJECT) > break; > gen = wolfSSL_sk_value((void *) ext, i); > -#if 0 > if (gen->type != GEN_EMAIL && > gen->type != GEN_DNS && > gen->type != GEN_URI) > continue; > -#endif > > pos = os_malloc(10 + os_strlen((char *) gen->obj) + 1); > if (!pos) > break; > alt_subject[num_alt_subject++] = pos; > > -#if 0 > switch (gen->type) { > case GEN_EMAIL: > os_memcpy(pos, "EMAIL:", 6); > @@ -920,10 +904,6 @@ static void wolfssl_tls_cert_event(struct tls_connection *conn, > pos += 4; > break; > } > -#else > - os_memcpy(pos, "DNS:", 4); > - pos += 4; > -#endif > > os_memcpy(pos, gen->obj, os_strlen((char *)gen->obj)); > pos += os_strlen((char *)gen->obj); > @@ -1099,7 +1079,7 @@ static int tls_verify_cb(int preverify_ok, WOLFSSL_X509_STORE_CTX *x509_ctx) > TLS_FAIL_SERVER_CHAIN_PROBE); > } > > -#ifdef HAVE_OCSP_OPENSSL > +#ifdef HAVE_OCSP_WOLFSSL > if (depth == 0 && (conn->flags & TLS_CONN_REQUEST_OCSP) && > preverify_ok) { > enum ocsp_result res; > @@ -1123,7 +1103,7 @@ static int tls_verify_cb(int preverify_ok, WOLFSSL_X509_STORE_CTX *x509_ctx) > TLS_FAIL_UNSPECIFIED); > } > } > -#endif /* HAVE_OCSP */ > +#endif /* HAVE_OCSP_WOLFSSL */ > if (depth == 0 && preverify_ok && context->event_cb != NULL) > context->event_cb(context->cb_ctx, > TLS_CERT_CHAIN_SUCCESS, NULL); > @@ -1204,7 +1184,6 @@ static int tls_connection_ca_cert(void *tls_ctx, struct tls_connection *conn, > return -1; > } > wolfSSL_CTX_set_cert_store(ctx, cm); > - XFREE(cm, NULL, DYNAMIC_TYPE_X509_STORE); > > if (wolfSSL_CTX_load_verify_locations(ctx, ca_cert, ca_path) != > SSL_SUCCESS) { > @@ -1370,11 +1349,11 @@ static int tls_global_client_cert(void *ssl_ctx, const char *client_cert) > if (!client_cert) > return 0; > > - if (wolfSSL_CTX_use_certificate_file(ctx, client_cert, > - SSL_FILETYPE_ASN1) != > + if (wolfSSL_CTX_use_certificate_chain_file_format(ctx, client_cert, > + SSL_FILETYPE_ASN1) != > SSL_SUCCESS && > - wolfSSL_CTX_use_certificate_file(ctx, client_cert, > - SSL_FILETYPE_PEM) != SSL_SUCCESS) { > + wolfSSL_CTX_use_certificate_chain_file(ctx, client_cert) != > + SSL_SUCCESS) { > wpa_printf(MSG_INFO, "Failed to load client certificate"); > return -1; > } > @@ -1988,18 +1967,58 @@ int tls_connection_export_key(void *tls_ctx, struct tls_connection *conn, > } > > > +#define SEED_LEN (RAN_LEN + RAN_LEN) > + > int tls_connection_get_eap_fast_key(void *tls_ctx, struct tls_connection *conn, > u8 *out, size_t out_len) > { > - int ret; > + byte seed[SEED_LEN]; > + int ret = -1; > + WOLFSSL *ssl; > + byte *tmp_out = NULL; > + byte *_out; > + int skip = 0; > + byte *master_key; > + unsigned int master_key_len; > + byte *server_random; > + unsigned int server_len; > + byte *client_random; > + unsigned int client_len; > > if (!conn || !conn->ssl) > return -1; > + ssl = conn->ssl; > > - ret = wolfSSL_make_eap_keys(conn->ssl, out, out_len, "key expansion"); > - if (ret != 0) > + skip = 2 * (wolfSSL_GetKeySize(ssl) + wolfSSL_GetHmacSize(ssl) + > + wolfSSL_GetIVSize(ssl)); > + > + tmp_out = os_malloc(skip + out_len); > + if (!tmp_out) > return -1; > - return 0; > + _out = tmp_out; > + > + wolfSSL_get_keys(ssl, &master_key, &master_key_len, &server_random, > + &server_len, &client_random, &client_len); > + XMEMCPY(seed , server_random, RAN_LEN); > + XMEMCPY(seed + RAN_LEN, client_random, RAN_LEN); > + > + if (wolfSSL_GetVersion(ssl) == WOLFSSL_TLSV1_2) { > + tls_prf_sha256(master_key, master_key_len, > + "key expansion", seed, sizeof(seed), > + _out, skip + out_len); > + ret = 0; > + } else if (tls_prf_sha1_md5(master_key, master_key_len, > + "key expansion", seed, sizeof(seed), > + _out, skip + out_len) == 0) { > + ret = 0; > + } > + > + os_memset(master_key, 0, master_key_len); > + if (ret == 0) > + os_memcpy(out, _out + skip, out_len); > + bin_clear_free(tmp_out, skip); > + > + return ret; > } > > > @@ -2037,14 +2056,14 @@ static int tls_sess_sec_cb(WOLFSSL *s, void *secret, int *secret_len, void *arg) > sizeof(client_random)) == 0 || > wolfSSL_get_server_random(s, server_random, > sizeof(server_random)) == 0 || > - wolfSSL_get_SessionTicket(s, conn->session_ticket, &ticketLen) != 1) > + wolfSSL_get_SessionTicket(s, conn->session_ticket, &ticket_len) != 1) > return 1; > > if (ticket_len == 0) > return 0; > > ret = conn->session_ticket_cb(conn->session_ticket_cb_ctx, > - conn->session_ticket, ticketLen, > + conn->session_ticket, ticket_len, > client_random, server_random, secret); > if (ret <= 0) > return 1; > diff --git a/tests/hwsim/test_ap_eap.py b/tests/hwsim/test_ap_eap.py > index 88041ca..804cbca 100644 > --- a/tests/hwsim/test_ap_eap.py > +++ b/tests/hwsim/test_ap_eap.py > @@ -4115,7 +4115,7 @@ def test_ap_wpa2_eap_tls_intermediate_ca(dev, apdev, params): > params["private_key"] = "auth_serv/iCA-server/server.key" > hostapd.add_ap(apdev[0], params) > tls = dev[0].request("GET tls_library") > - if "GnuTLS" in tls: > + if "GnuTLS" in tls or "wolfSSL" in tls: > ca_cert = "auth_serv/iCA-user/ca-and-root.pem" > client_cert = "auth_serv/iCA-user/user_and_ica.pem" > else: > @@ -4223,7 +4223,7 @@ def run_ap_wpa2_eap_tls_intermediate_ca_ocsp(dev, apdev, params, md): > try: > hostapd.add_ap(apdev[0], params) > tls = dev[0].request("GET tls_library") > - if "GnuTLS" in tls: > + if "GnuTLS" in tls or "wolfSSL" in tls: > ca_cert = "auth_serv/iCA-user/ca-and-root.pem" > client_cert = "auth_serv/iCA-user/user_and_ica.pem" > else: > @@ -4258,7 +4258,7 @@ def run_ap_wpa2_eap_tls_intermediate_ca_ocsp_revoked(dev, apdev, params, md): > try: > hostapd.add_ap(apdev[0], params) > tls = dev[0].request("GET tls_library") > - if "GnuTLS" in tls: > + if "GnuTLS" in tls or "wolfSSL" in tls: > ca_cert = "auth_serv/iCA-user/ca-and-root.pem" > client_cert = "auth_serv/iCA-user/user_and_ica.pem" > else: > @@ -4308,7 +4308,7 @@ def test_ap_wpa2_eap_tls_intermediate_ca_ocsp_multi_missing_resp(dev, apdev, par > try: > hostapd.add_ap(apdev[0], params) > tls = dev[0].request("GET tls_library") > - if "GnuTLS" in tls: > + if "GnuTLS" in tls or "wolfSSL" in tls: > ca_cert = "auth_serv/iCA-user/ca-and-root.pem" > client_cert = "auth_serv/iCA-user/user_and_ica.pem" > else: > @@ -4375,7 +4375,7 @@ def test_ap_wpa2_eap_tls_intermediate_ca_ocsp_multi(dev, apdev, params): > > hostapd.add_ap(apdev[0], params) > tls = dev[0].request("GET tls_library") > - if "GnuTLS" in tls: > + if "GnuTLS" in tls or "wolfSSL" in tls: > ca_cert = "auth_serv/iCA-user/ca-and-root.pem" > client_cert = "auth_serv/iCA-user/user_and_ica.pem" > else: > diff --git a/tests/hwsim/test_eap_proto.py b/tests/hwsim/test_eap_proto.py > index d97a6f1..2ff6743 100644 > --- a/tests/hwsim/test_eap_proto.py > +++ b/tests/hwsim/test_eap_proto.py > @@ -5124,7 +5124,7 @@ def test_eap_proto_ikev2(dev, apdev): > > def build_ke(next=0): > ke = struct.pack(">BBHHH", next, 0, 4 + 4 + 192, 5, 0) > - ke += 192*'\x00' > + ke += 191*'\x00'+'\x02' > return ke > > idx += 1 > diff --git a/wpa_supplicant/Makefile b/wpa_supplicant/Makefile > index c761c22..eca20a9 100644 > --- a/wpa_supplicant/Makefile > +++ b/wpa_supplicant/Makefile > @@ -1067,6 +1067,7 @@ OBJS_p += ../src/crypto/crypto_wolfssl.o > ifdef NEED_FIPS186_2_PRF > OBJS += ../src/crypto/fips_prf_wolfssl.o > endif > +NEED_TLS_PRF_SHA256=y > LIBS += -lwolfssl -lm > LIBS_p += -lwolfssl -lm > endif > -- > 1.9.1 >> On 4 Mar 2018, at 5:19 am, Jouni Malinen <j@w1.fi> wrote: >> >> On Thu, Jan 18, 2018 at 12:26:39PM +1000, Sean Parkinson wrote: >>> I’ve prepared a new patch with the changes as asked for by Jouni. >>> >>> This patch was written to allow hostap to be compiled with the wolfSSL cryptography and TLS library. >> >> Thanks! I'm seeing number of errors in the hwsim test cases, but it >> looks like it is easiest to move ahead with this if I push in the >> cleaned up version that I've been testing with some fixes to avoid >> breaking non-wolfSSL builds. I'd welcome any incremental changes on top >> of the current hostap.git master branch snapshot to address things that >> I list below or maybe a recommendation on how to configure the wolfSSL >> build properly to avoid the issues. I ran my tests with wolfSSL 3.13.0 >> and ended up adding various configure options until the build went >> through cleanly. This ended up with following options: >> >> ./configure --prefix=/home/jm/wolfssl/3.13.0 --enable-des3 --enable-md4 --enable-harden --enable-pwdbased --enable-tlsv10 --enable-oldtls --enable-cmac --enable-aeskeywrap --enable-keygen --enable-crl --enable-ocsp --enable-ocspstapling --enable-ocspstapling2 --enable-pkcallbacks --enable-tls13 --enable-fortress --enable-wpas --enable-static=yes --enable-shared=no >> >> >> These are the notes from my hwsim test runs: >> >> SAE: >> - SAE: Could not solve y >> - SAE: Could not pick PWE >> --> check crypto_ec_point_solve_y_coord() implementation >> (wc_ecc_import_point_der() returns -1) >> sae >> sae_anti_clogging >> sae_anti_clogging_proto >> sae_bignum_failure >> sae_forced_anti_clogging >> sae_group_nego >> sae_groups >> sae_invalid_anti_clogging_token_req >> sae_key_lifetime_in_memory >> sae_mixed >> sae_mixed_mfp >> sae_no_random >> sae_oom_wpas >> sae_password >> sae_password_ecc >> sae_password_long >> sae_password_short >> sae_pmksa_caching >> sae_pmksa_caching_disabled >> sae_proto_confirm_replay >> sae_proto_ecc >> sae_pwe_failure >> ap_ft_sae >> ap_ft_sae_over_ds >> sigma_dut_ap_psk_sae >> sigma_dut_ap_sae >> sigma_dut_ap_sae_group >> sigma_dut_ap_sae_password >> sigma_dut_sae >> sigma_dut_sae_password >> wpas_mesh_password_mismatch >> mesh_forwarding_secure >> ap_mixed_security >> >> >> TLS interop(?) issue with OpenSSL server: >> - OpenSSL server: >> * SSL: SSL3 alert: write (local SSL3 detected an error):fatal:bad record mac >> * SSL: SSL_accept:error in SSLv3 read finished A >> * OpenSSL: openssl_handshake - SSL_connect error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac >> ap_hs20_remediation_sql >> eap_tls_no_session_resumption_radius >> authsrv_testing_options >> ap_wpa2_eap_tls_versions >> >> >> OpenSSL authentication server: >> - OpenSSL: openssl_handshake - SSL_connect error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher >> ap_wpa2_eap_ttls_dh_params >> ap_wpa2_eap_ttls_dh_params_blob >> ap_wpa2_eap_ttls_dh_params_dsa >> >> >> OpenSSL authentication server: >> - TLS: Certificate verification failed, error 20 (unable to get local issuer certificate) depth 0 for '/C=FI/O=w1.fi/CN=user.w1.fi' >> - SSL: SSL3 alert: write (local SSL3 detected an error):fatal:unknown CA >> - OpenSSL: openssl_handshake - SSL_connect error:14089086:SSL routines:ssl3_get_client_certificate:certificate verify failed >> ap_wpa2_eap_tls_intermediate_ca >> ap_wpa2_eap_tls_intermediate_ca_ocsp_sha1 >> ap_wpa2_eap_tls_intermediate_ca_ocsp >> ap_wpa2_eap_tls_intermediate_ca_ocsp_revoked >> ap_wpa2_eap_tls_intermediate_ca_ocsp_revoked_sha1 >> >> >> TLS: tls_verify_cb - preverify_ok=1 err=0 (unknown error number) ca_cert_verify=1 depth=0 buf='/C=FI/O=w1.fi/CN=server.w1.fi' >> TLS: altSubjectName match 'EMAIL:noone@example.com;DNS:server.w1.fi;URI:http://example.com/' not found >> wlan0: CTRL-EVENT-EAP-TLS-CERT-ERROR reason=6 depth=0 subject='/C=FI/O=w1.fi/CN=server.w1.fi' err='AltSubject mismatch' >> ap_wpa2_eap_ttls_pap_subject_match >> >> >> TLS: tls_verify_cb - preverify_ok=1 err=0 (unknown error number) ca_cert_verify=1 depth=0 buf='/C=FI/O=w1.fi/CN=server.w1.fi' >> TLS: altSubjectName match 'EMAIL:noone@example.com;URI:http://example.com/;DNS:server.w1.fi' not found >> wlan0: CTRL-EVENT-EAP-TLS-CERT-ERROR reason=6 depth=0 subject='/C=FI/O=w1.fi/CN=server.w1.fi' err='AltSubject mismatch' >> ap_wpa2_eap_ttls_chap_altsubject_match >> >> >> TLS: Certificate verification failed, error -407 (Invalid OCSP Status Error) depth 2 for '/C=FI/O=w1.fi/CN=server.w1.fi' >> ap_wpa2_eap_ttls_ocsp_revoked >> ap_wpa2_eap_ttls_ocsp_unknown >> ap_wpa2_eap_ttls_optional_ocsp_unknown >> >> >> Missing altsubject in D-Bus output?! >> dbus_connect_eap >> >> >> DH: crypto_dh_derive_secret failed >> eap_proto_ikev2 >> >> >> TLS: Certificate verification failed, error -238 (ASN CA path length larger than signer error) depth 2 for '/C=FI/O=w1.fi/CN=sha384.server.w1.fi' >> eap_tls_sha384 >> eap_tls_sha512 >> >> >> >> GET_FAIL/GET_ALLOC_FAIL failure did not trigger: >> radius_mppe_failure >> authsrv_oom >> >> >> -- >> Jouni Malinen PGP id EFC895FA >> >> _______________________________________________ >> Hostap mailing list >> Hostap@lists.infradead.org >> http://lists.infradead.org/mailman/listinfo/hostap > > > _______________________________________________ > Hostap mailing list > Hostap@lists.infradead.org > http://lists.infradead.org/mailman/listinfo/hostap

diff --git a/hostapd/Makefile b/hostapd/Makefile index 418ab95..4a8299d 100644 --- a/hostapd/Makefile +++ b/hostapd/Makefile @@ -651,6 +651,27 @@ CFLAGS += -DCONFIG_TLSV12 NEED_SHA256=y endif +ifeq ($(CONFIG_TLS), wolfssl) +CFLAGS += -DCRYPTO_ABSTRACT_API +ifdef TLS_FUNCS +OBJS += ../src/crypto/tls_wolfssl.o +LIBS += -lwolfssl -lm +endif +OBJS += ../src/crypto/crypto_wolfssl.o +HOBJS += ../src/crypto/crypto_wolfssl.o +ifdef NEED_FIPS186_2_PRF +OBJS += ../src/crypto/fips_prf_wolfssl.o +endif +NEED_SHA256=y +NEED_TLS_PRF_SHA256=y +LIBS += -lwolfssl -lm +LIBS_h += -lwolfssl -lm +ifdef CONFIG_TLS_ADD_DL +LIBS += -ldl +LIBS_h += -ldl +endif +endif + ifeq ($(CONFIG_TLS), openssl) ifdef TLS_FUNCS OBJS += ../src/crypto/tls_openssl.o @@ -855,8 +876,10 @@ AESOBJS += ../src/crypto/aes-internal.o ../src/crypto/aes-internal-enc.o endif ifneq ($(CONFIG_TLS), openssl) +ifneq ($(CONFIG_TLS), wolfssl) AESOBJS += ../src/crypto/aes-wrap.o endif +endif ifdef NEED_AES_EAX AESOBJS += ../src/crypto/aes-eax.o NEED_AES_CTR=y @@ -881,19 +904,23 @@ endif ifdef NEED_AES_UNWRAP ifneq ($(CONFIG_TLS), openssl) ifneq ($(CONFIG_TLS), linux) +ifneq ($(CONFIG_TLS), wolfssl) NEED_AES_DEC=y AESOBJS += ../src/crypto/aes-unwrap.o endif endif endif +endif ifdef NEED_AES_CBC NEED_AES_DEC=y ifneq ($(CONFIG_TLS), openssl) ifneq ($(CONFIG_TLS), linux) +ifneq ($(CONFIG_TLS), wolfssl) AESOBJS += ../src/crypto/aes-cbc.o endif endif endif +endif ifdef NEED_AES_DEC ifdef CONFIG_INTERNAL_AES AESOBJS += ../src/crypto/aes-internal-dec.o @@ -907,10 +934,12 @@ ifdef NEED_SHA1 ifneq ($(CONFIG_TLS), openssl) ifneq ($(CONFIG_TLS), linux) ifneq ($(CONFIG_TLS), gnutls) +ifneq ($(CONFIG_TLS), wolfssl) SHA1OBJS += ../src/crypto/sha1.o endif endif endif +endif SHA1OBJS += ../src/crypto/sha1-prf.o ifdef CONFIG_INTERNAL_SHA1 SHA1OBJS += ../src/crypto/sha1-internal.o @@ -919,8 +948,10 @@ SHA1OBJS += ../src/crypto/fips_prf_internal.o endif endif ifneq ($(CONFIG_TLS), openssl) +ifneq ($(CONFIG_TLS), wolfssl) SHA1OBJS += ../src/crypto/sha1-pbkdf2.o endif +endif ifdef NEED_T_PRF SHA1OBJS += ../src/crypto/sha1-tprf.o endif @@ -936,10 +967,12 @@ endif ifneq ($(CONFIG_TLS), openssl) ifneq ($(CONFIG_TLS), linux) ifneq ($(CONFIG_TLS), gnutls) +ifneq ($(CONFIG_TLS), wolfssl) OBJS += ../src/crypto/md5.o endif endif endif +endif ifdef NEED_MD5 ifdef CONFIG_INTERNAL_MD5 @@ -955,6 +988,7 @@ endif endif ifdef NEED_DES +CFLAGS += -DCONFIG_DES ifdef CONFIG_INTERNAL_DES OBJS += ../src/crypto/des-internal.o endif @@ -977,10 +1011,12 @@ CFLAGS += -DCONFIG_SHA256 ifneq ($(CONFIG_TLS), openssl) ifneq ($(CONFIG_TLS), linux) ifneq ($(CONFIG_TLS), gnutls) +ifneq ($(CONFIG_TLS), wolfssl) OBJS += ../src/crypto/sha256.o endif endif endif +endif OBJS += ../src/crypto/sha256-prf.o ifdef CONFIG_INTERNAL_SHA256 OBJS += ../src/crypto/sha256-internal.o @@ -1003,10 +1039,12 @@ CFLAGS += -DCONFIG_SHA384 ifneq ($(CONFIG_TLS), openssl) ifneq ($(CONFIG_TLS), linux) ifneq ($(CONFIG_TLS), gnutls) +ifneq ($(CONFIG_TLS), wolfssl) OBJS += ../src/crypto/sha384.o endif endif endif +endif OBJS += ../src/crypto/sha384-prf.o endif ifdef NEED_SHA512 @@ -1056,10 +1094,12 @@ HOBJS += ../src/utils/eloop.o HOBJS += $(SHA1OBJS) ifneq ($(CONFIG_TLS), openssl) ifneq ($(CONFIG_TLS), linux) +ifneq ($(CONFIG_TLS), wolfssl) HOBJS += ../src/crypto/md5.o endif endif endif +endif ifdef CONFIG_RADIUS_SERVER CFLAGS += -DRADIUS_SERVER @@ -1250,7 +1290,13 @@ endif ifdef CONFIG_INTERNAL_MD5 NOBJS += ../src/crypto/md5-internal.o endif -NOBJS += ../src/crypto/crypto_openssl.o ../src/utils/os_$(CONFIG_OS).o +ifneq ($(CONFIG_TLS), openssl) +NOBJS += ../src/crypto/crypto_openssl.o +endif +ifneq ($(CONFIG_TLS), wolfssl) +NOBJS += ../src/crypto/crypto_wolfssl.o +endif +NOBJS += ../src/utils/os_$(CONFIG_OS).o NOBJS += ../src/utils/wpa_debug.o NOBJS += ../src/utils/wpabuf.o ifdef CONFIG_WPA_TRACE diff --git a/src/crypto/crypto_wolfssl.c b/src/crypto/crypto_wolfssl.c new file mode 100644 index 0000000..ccff47e --- /dev/null +++ b/src/crypto/crypto_wolfssl.c @@ -0,0 +1,1607 @@ +/* + * WPA Supplicant / wrapper functions for libwolfssl + * Copyright (c) 2004-2017, Jouni Malinen <j@w1.fi> + * + * This software may be distributed under the terms of the BSD license. + * See README for more details. + */ + +#include "includes.h" + +#include "common.h" +#include "crypto.h" + +#define WOLFSSL_AES_DIRECT +#define HAVE_AESGCM +#define HAVE_AES_KEYWRAP +#define WOLFSSL_SHA384 +#define WOLFSSL_SHA512 +#define WOLFSSL_CMAC +#define HAVE_ECC +#define USE_FAST_MATH +#define WOLFSSL_KEY_GEN + +#include <wolfssl/options.h> +/* wolfSSL headers */ +#include <wolfssl/wolfcrypt/md4.h> +#include <wolfssl/wolfcrypt/md5.h> +#include <wolfssl/wolfcrypt/sha.h> +#include <wolfssl/wolfcrypt/sha256.h> +#include <wolfssl/wolfcrypt/sha512.h> +#include <wolfssl/wolfcrypt/hmac.h> +#include <wolfssl/wolfcrypt/pwdbased.h> +#include <wolfssl/wolfcrypt/arc4.h> +#include <wolfssl/wolfcrypt/des3.h> +#include <wolfssl/wolfcrypt/aes.h> +#include <wolfssl/wolfcrypt/dh.h> +#include <wolfssl/wolfcrypt/cmac.h> +#include <wolfssl/wolfcrypt/ecc.h> +#include <wolfssl/openssl/bn.h> + +#ifndef CONFIG_FIPS +int md4_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac) +{ + Md4 md4; + size_t i; + + if (TEST_FAIL()) + return -1; + + wc_InitMd4(&md4); + + for (i = 0; i < num_elem; i++) + wc_Md4Update(&md4, addr[i], len[i]); + + wc_Md4Final(&md4, mac); + + return 0; +} + +int md5_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac) +{ + Md5 md5; + size_t i; + + if (TEST_FAIL()) + return -1; + + wc_InitMd5(&md5); + + for (i = 0; i < num_elem; i++) + wc_Md5Update(&md5, addr[i], len[i]); + + wc_Md5Final(&md5, mac); + + return 0; +} +#endif + +int sha1_vector(size_t num_elem, const u8 *addr[], const size_t *len, + u8 *mac) +{ + Sha sha; + size_t i; + + if (TEST_FAIL()) + return -1; + + wc_InitSha(&sha); + + for (i = 0; i < num_elem; i++) + wc_ShaUpdate(&sha, addr[i], len[i]); + + wc_ShaFinal(&sha, mac); + + return 0; +} + +#ifndef NO_SHA256_WRAPPER +int sha256_vector(size_t num_elem, const u8 *addr[], const size_t *len, + u8 *mac) +{ + Sha256 sha256; + size_t i; + + if (TEST_FAIL()) + return -1; + + wc_InitSha256(&sha256); + + for (i = 0; i < num_elem; i++) + wc_Sha256Update(&sha256, addr[i], len[i]); + + wc_Sha256Final(&sha256, mac); + + return 0; +} +#endif /* NO_SHA256_WRAPPER */ + +#ifdef CONFIG_SHA384 +int sha384_vector(size_t num_elem, const u8 *addr[], const size_t *len, + u8 *mac) +{ + Sha384 sha384; + size_t i; + + if (TEST_FAIL()) + return -1; + + wc_InitSha384(&sha384); + + for (i = 0; i < num_elem; i++) + wc_Sha384Update(&sha384, addr[i], len[i]); + + wc_Sha384Final(&sha384, mac); + + return 0; +} +#endif /* CONFIG_SHA384 */ + +static int wolfssl_hmac_vector(int type, const u8 *key, + size_t key_len, size_t num_elem, + const u8 *addr[], const size_t *len, u8 *mac, + unsigned int mdlen) +{ + Hmac hmac; + int i; + + (void)mdlen; + + if (TEST_FAIL()) + return -1; + + if (wc_HmacSetKey(&hmac, type, key, (word32)key_len) != 0) + return -1; + for (i = 0; i < num_elem; i++) + if (wc_HmacUpdate(&hmac, addr[i], len[i]) != 0) + return -1; + if (wc_HmacFinal(&hmac, mac) != 0) + return -1; + return 0; +} + +#ifndef CONFIG_FIPS +int hmac_md5_vector(const u8 *key, size_t key_len, size_t num_elem, + const u8 *addr[], const size_t *len, u8 *mac) +{ + return wolfssl_hmac_vector(MD5, key, key_len, num_elem, addr, len, mac, 16); +} + + +int hmac_md5(const u8 *key, size_t key_len, const u8 *data, size_t data_len, + u8 *mac) +{ + return hmac_md5_vector(key, key_len, 1, &data, &data_len, mac); +} +#endif + +int hmac_sha1_vector(const u8 *key, size_t key_len, size_t num_elem, + const u8 *addr[], const size_t *len, u8 *mac) +{ + return wolfssl_hmac_vector(SHA, key, key_len, num_elem, addr, + len, mac, 20); +} + + +int hmac_sha1(const u8 *key, size_t key_len, const u8 *data, size_t data_len, + u8 *mac) +{ + return hmac_sha1_vector(key, key_len, 1, &data, &data_len, mac); +} + +#ifdef CONFIG_SHA256 + +int hmac_sha256_vector(const u8 *key, size_t key_len, size_t num_elem, + const u8 *addr[], const size_t *len, u8 *mac) +{ + return wolfssl_hmac_vector(SHA256, key, key_len, num_elem, addr, len, mac, + 32); +} + + +int hmac_sha256(const u8 *key, size_t key_len, const u8 *data, + size_t data_len, u8 *mac) +{ + return hmac_sha256_vector(key, key_len, 1, &data, &data_len, mac); +} + +#endif /* CONFIG_SHA256 */ + + +#ifdef CONFIG_SHA384 + +int hmac_sha384_vector(const u8 *key, size_t key_len, size_t num_elem, + const u8 *addr[], const size_t *len, u8 *mac) +{ + return wolfssl_hmac_vector(SHA384, key, key_len, num_elem, addr, len, mac, + 48); +} + + +int hmac_sha384(const u8 *key, size_t key_len, const u8 *data, + size_t data_len, u8 *mac) +{ + return hmac_sha384_vector(key, key_len, 1, &data, &data_len, mac); +} + +#endif /* CONFIG_SHA384 */ + +int pbkdf2_sha1(const char *passphrase, const u8 *ssid, size_t ssid_len, + int iterations, u8 *buf, size_t buflen) +{ + if (wc_PBKDF2(buf, (const byte*)passphrase, os_strlen(passphrase), ssid, + ssid_len, iterations, buflen, SHA) != 0) + return -1; + return 0; +} + + +#ifdef CONFIG_DES +int des_encrypt(const u8 *clear, const u8 *key, u8 *cypher) +{ + Des des; + u8 pkey[8], next, tmp; + int i; + + /* Add parity bits to the key */ + next = 0; + for (i = 0; i < 7; i++) { + tmp = key[i]; + pkey[i] = (tmp >> i) | next | 1; + next = tmp << (7 - i); + } + pkey[i] = next | 1; + + wc_Des_SetKey(&des, pkey, NULL, DES_ENCRYPTION); + wc_Des_EcbEncrypt(&des, cypher, clear, DES_BLOCK_SIZE); + + return 0; +} +#endif + +void * aes_encrypt_init(const u8 *key, size_t len) +{ + Aes* aes; + + if (TEST_FAIL()) + return NULL; + + aes = os_malloc(sizeof(Aes)); + if (aes == NULL) + return NULL; + + if (wc_AesSetKey(aes, key, len, NULL, AES_ENCRYPTION) < 0) { + os_free(aes); + return NULL; + } + + return aes; +} + +int aes_encrypt(void *ctx, const u8 *plain, u8 *crypt) +{ + wc_AesEncryptDirect((Aes*)ctx, crypt, plain); + return 0; +} + + +void aes_encrypt_deinit(void *ctx) +{ + if (ctx != NULL) + os_free(ctx); +} + + +void* aes_decrypt_init(const u8 *key, size_t len) +{ + Aes* aes; + + if (TEST_FAIL()) + return NULL; + + aes = os_malloc(sizeof(Aes)); + if (aes == NULL) + return NULL; + + if (wc_AesSetKey(aes, key, len, NULL, AES_DECRYPTION) < 0) { + os_free(aes); + return NULL; + } + + return aes; +} + + +int aes_decrypt(void *ctx, const u8 *crypt, u8 *plain) +{ + wc_AesDecryptDirect((Aes*)ctx, plain, crypt); + return 0; +} + + +void aes_decrypt_deinit(void *ctx) +{ + if (ctx != NULL) + os_free(ctx); +} + +int aes_128_cbc_encrypt(const u8 *key, const u8 *iv, u8 *data, size_t data_len) +{ + Aes aes; + int ret; + + if (TEST_FAIL()) + return -1; + + ret = wc_AesSetKey(&aes, key, 16, iv, AES_ENCRYPTION); + if (ret != 0) + return -1; + + ret = wc_AesCbcEncrypt(&aes, data, data, data_len); + if (ret != 0) + return -1; + return 0; +} + + +int aes_128_cbc_decrypt(const u8 *key, const u8 *iv, u8 *data, size_t data_len) +{ + Aes aes; + int ret; + + if (TEST_FAIL()) + return -1; + + ret = wc_AesSetKey(&aes, key, 16, iv, AES_DECRYPTION); + if (ret != 0) + return -1; + + ret = wc_AesCbcDecrypt(&aes, data, data, data_len); + if (ret != 0) + return -1; + return 0; +} + +#ifndef CONFIG_FIPS +#ifndef CONFIG_OPENSSL_INTERNAL_AES_WRAP + +int aes_wrap(const u8 *kek, size_t kek_len, int n, const u8 *plain, u8 *cipher) +{ + int ret = wc_AesKeyWrap(kek, kek_len, plain, n * 8, cipher, (n + 1) * 8, + NULL); + return ret != (n + 1) * 8 ? -1 : 0; +} + + +int aes_unwrap(const u8 *kek, size_t kek_len, int n, const u8 *cipher, + u8 *plain) +{ + int ret = wc_AesKeyUnWrap(kek, kek_len, cipher, (n + 1) * 8, plain, n * 8, + NULL); + return ret != n * 8 ? -1 : 0; +} + +#endif /* CONFIG_OPENSSL_INTERNAL_AES_WRAP */ +#endif /* CONFIG_FIPS */ + +#ifndef CONFIG_NO_RC4 +int rc4_skip(const u8 *key, size_t keylen, size_t skip, u8 *data, + size_t data_len) +{ +#ifndef NO_RC4 + Arc4 arc4; + unsigned char skip_buf[16]; + + wc_Arc4SetKey(&arc4, key, keylen); + + while (skip >= sizeof(skip_buf)) { + size_t len = skip; + if (len > sizeof(skip_buf)) + len = sizeof(skip_buf); + wc_Arc4Process(&arc4, skip_buf, skip_buf, len); + skip -= len; + } + + wc_Arc4Process(&arc4, data, data, data_len); + + return 0; +#else + return -1; +#endif +} +#endif /* CONFIG_NO_RC4 */ + +#if defined(EAP_IKEV2) || defined(EAP_IKEV2_DYNAMIC) \ + || defined(EAP_SERVER_IKEV2) +union wolfssl_cipher +{ + Aes aes; + Des3 des3; + Arc4 arc4; +}; + +struct crypto_cipher { + enum crypto_cipher_alg alg; + union wolfssl_cipher enc; + union wolfssl_cipher dec; +}; + +struct crypto_cipher* crypto_cipher_init(enum crypto_cipher_alg alg, + const u8 *iv, const u8 *key, + size_t key_len) +{ + struct crypto_cipher *ctx; + + ctx = os_zalloc(sizeof(*ctx)); + if (ctx == NULL) + return NULL; + + switch (alg) { +#ifndef CONFIG_NO_RC4 +#ifndef NO_RC4 + case CRYPTO_CIPHER_ALG_RC4: + wc_Arc4SetKey(&ctx->enc.arc4, key, key_len); + wc_Arc4SetKey(&ctx->dec.arc4, key, key_len); + break; +#endif /* NO_RC4 */ +#endif /* CONFIG_NO_RC4 */ +#ifndef NO_AES + case CRYPTO_CIPHER_ALG_AES: + switch (key_len) { + case 16: + case 24: + case 32: + break; + default: + os_free(ctx); + return NULL; + } + if (wc_AesSetKey(&ctx->enc.aes, key, key_len, iv, AES_ENCRYPTION) || + wc_AesSetKey(&ctx->dec.aes, key, key_len, iv, AES_DECRYPTION)) { + os_free(ctx); + return NULL; + } + break; +#endif /* NO_AES */ +#ifndef NO_DES3 + case CRYPTO_CIPHER_ALG_3DES: + if (key_len != DES3_KEYLEN || + wc_Des3_SetKey(&ctx->enc.des3, key, iv, DES_ENCRYPTION) || + wc_Des3_SetKey(&ctx->dec.des3, key, iv, DES_DECRYPTION)) { + os_free(ctx); + return NULL; + } + break; +#endif /* NO_DES3 */ + case CRYPTO_CIPHER_ALG_RC2: + case CRYPTO_CIPHER_ALG_DES: + default: + os_free(ctx); + return NULL; + } + + ctx->alg = alg; + + return ctx; +} + +int crypto_cipher_encrypt(struct crypto_cipher *ctx, const u8 *plain, + u8 *crypt, size_t len) +{ + switch (ctx->alg) { +#ifndef CONFIG_NO_RC4 +#ifndef NO_RC4 + case CRYPTO_CIPHER_ALG_RC4: + wc_Arc4Process(&ctx->enc.arc4, crypt, plain, len); + return 0; +#endif /* NO_RC4 */ +#endif /* CONFIG_NO_RC4 */ +#ifndef NO_AES + case CRYPTO_CIPHER_ALG_AES: + if (wc_AesCbcEncrypt(&ctx->enc.aes, crypt, plain, len) != 0) + return -1; + return 0; +#endif /* NO_AES */ +#ifndef NO_DES3 + case CRYPTO_CIPHER_ALG_3DES: + if (wc_Des3_CbcEncrypt(&ctx->enc.des3, crypt, plain, len) != 0) + return -1; + return 0; +#endif /* NO_DES3 */ + default: + return -1; + } + return -1; +} + + +int crypto_cipher_decrypt(struct crypto_cipher *ctx, const u8 *crypt, + u8 *plain, size_t len) +{ + switch (ctx->alg) { +#ifndef CONFIG_NO_RC4 +#ifndef NO_RC4 + case CRYPTO_CIPHER_ALG_RC4: + wc_Arc4Process(&ctx->dec.arc4, plain, crypt, len); + return 0; +#endif /* NO_RC4 */ +#endif /* CONFIG_NO_RC4 */ +#ifndef NO_AES + case CRYPTO_CIPHER_ALG_AES: + if (wc_AesCbcDecrypt(&ctx->dec.aes, plain, crypt, len) != 0) + return -1; + return 0; +#endif /* NO_AES */ +#ifndef NO_DES3 + case CRYPTO_CIPHER_ALG_3DES: + if (wc_Des3_CbcDecrypt(&ctx->dec.des3, plain, crypt, len) != 0) + return -1; + return 0; +#endif /* NO_DES3 */ + default: + return -1; + } + return -1; +} + + +void crypto_cipher_deinit(struct crypto_cipher *ctx) +{ + if (ctx != NULL) + os_free(ctx); +} +#endif + +#ifdef CONFIG_WPS_NFC +static const unsigned char RFC3526_PRIME_1536[] = { + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2, + 0x21,0x68,0xC2,0x34,0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1, + 0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,0x02,0x0B,0xBE,0xA6, + 0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD, + 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D, + 0xF2,0x5F,0x14,0x37,0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45, + 0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,0xF4,0x4C,0x42,0xE9, + 0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED, + 0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11, + 0x7C,0x4B,0x1F,0xE6,0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D, + 0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,0x98,0xDA,0x48,0x36, + 0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F, + 0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56, + 0x20,0x85,0x52,0xBB,0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D, + 0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,0xF1,0x74,0x6C,0x08, + 0xCA,0x23,0x73,0x27,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, +}; +static const unsigned char RFC3526_GENERATOR_1536[] = { + 0x02 +}; + +#define RFC3526_LEN sizeof(RFC3526_PRIME_1536) + +void * dh5_init(struct wpabuf **priv, struct wpabuf **publ) +{ + WC_RNG rng; + DhKey* ret = NULL; + DhKey* dh = NULL; + struct wpabuf* privkey = NULL; + struct wpabuf* pubkey = NULL; + word32 privSz, pubSz; + + *priv = NULL; + wpabuf_free(*publ); + *publ = NULL; + + dh = os_malloc(sizeof(DhKey)); + if (dh == NULL) + return NULL; + wc_InitDhKey(dh); + + if (wc_InitRng(&rng) != 0) { + os_free(dh); + return NULL; + } + + privkey = wpabuf_alloc(RFC3526_LEN); + pubkey = wpabuf_alloc(RFC3526_LEN); + if (privkey == NULL || pubkey == NULL) + goto done; + + if (wc_DhSetKey(dh, RFC3526_PRIME_1536, sizeof(RFC3526_PRIME_1536), + RFC3526_GENERATOR_1536, sizeof(RFC3526_GENERATOR_1536)) + != 0) + goto done; + + if (wc_DhGenerateKeyPair(dh, &rng, wpabuf_mhead(privkey), &privSz, + wpabuf_mhead(pubkey), &pubSz) != 0) + goto done; + + wpabuf_put(privkey, privSz); + wpabuf_put(pubkey, pubSz); + + ret = dh; + *priv = privkey; + *publ = pubkey; + dh = NULL; + privkey = NULL; + pubkey = NULL; +done: + wpabuf_clear_free(pubkey); + wpabuf_clear_free(privkey); + if (dh != NULL) { + wc_FreeDhKey(dh); + os_free(dh); + } + wc_FreeRng(&rng); + return ret; +} + +void * dh5_init_fixed(const struct wpabuf *priv, const struct wpabuf *publ) +{ + DhKey* ret = NULL; + DhKey* dh; + byte* secret; + word32 secretSz; + + dh = os_malloc(sizeof(DhKey)); + if (dh == NULL) + return NULL; + wc_InitDhKey(dh); + + secret = os_malloc(RFC3526_LEN); + if (secret == NULL) + goto done; + + if (wc_DhSetKey(dh, RFC3526_PRIME_1536, sizeof(RFC3526_PRIME_1536), + RFC3526_GENERATOR_1536, sizeof(RFC3526_GENERATOR_1536)) + != 0) + goto done; + + if (wc_DhAgree(dh, secret, &secretSz, wpabuf_head(priv), wpabuf_len(priv), + RFC3526_GENERATOR_1536, sizeof(RFC3526_GENERATOR_1536)) != 0) + goto done; + + if (secretSz != wpabuf_len(publ) || + os_memcmp(secret, wpabuf_head(publ), secretSz) != 0) + goto done; + + ret = dh; + dh = NULL; +done: + if (dh != NULL) { + wc_FreeDhKey(dh); + os_free(dh); + } + if (secret != NULL) + os_free(secret); + return ret; +} + +struct wpabuf * dh5_derive_shared(void *ctx, const struct wpabuf *peer_public, + const struct wpabuf *own_private) +{ + struct wpabuf* ret = NULL; + struct wpabuf* secret; + word32 secretSz; + + secret = wpabuf_alloc(RFC3526_LEN); + if (secret == NULL) + goto done; + + if (wc_DhAgree(ctx, wpabuf_mhead(secret), &secretSz, + wpabuf_head(own_private), wpabuf_len(own_private), + wpabuf_head(peer_public), wpabuf_len(peer_public)) != 0) + goto done; + + wpabuf_put(secret, secretSz); + + ret = secret; + secret = NULL; +done: + wpabuf_clear_free(secret); + return ret; +} + +void dh5_free(void *ctx) +{ + if (ctx == NULL) + return; + + wc_FreeDhKey(ctx); + os_free(ctx); +} +#endif + +int crypto_dh_init(u8 generator, const u8 *prime, size_t prime_len, u8 *privkey, + u8 *pubkey) +{ + int ret = -1; + WC_RNG rng; + DhKey* dh = NULL; + word32 privSz, pubSz; + + if (TEST_FAIL()) + return -1; + + dh = os_malloc(sizeof(DhKey)); + if (dh == NULL) + return -1; + wc_InitDhKey(dh); + + if (wc_InitRng(&rng) != 0) { + os_free(dh); + return -1; + } + + if (wc_DhSetKey(dh, prime, prime_len, &generator, 1) != 0) + goto done; + + if (wc_DhGenerateKeyPair(dh, &rng, privkey, &privSz, pubkey, &pubSz) != 0) + goto done; + + if (privSz < prime_len) { + size_t padSz = prime_len - privSz; + os_memmove(privkey + padSz, privkey, privSz); + os_memset(privkey, 0, padSz); + } + + if (pubSz < prime_len) { + size_t padSz = prime_len - pubSz; + os_memmove(pubkey + padSz, pubkey, pubSz); + os_memset(pubkey, 0, padSz); + } + ret = 0; +done: + wc_FreeDhKey(dh); + os_free(dh); + wc_FreeRng(&rng); + return ret; +} + +int crypto_dh_derive_secret(u8 generator, const u8 *prime, size_t prime_len, + const u8 *privkey, size_t privkey_len, + const u8 *pubkey, size_t pubkey_len, + u8 *secret, size_t *len) +{ + int ret = -1; + DhKey* dh; + word32 secretSz; + + dh = os_malloc(sizeof(DhKey)); + if (dh == NULL) + return -1; + wc_InitDhKey(dh); + + if (wc_DhSetKey(dh, prime, prime_len, &generator, 1) != 0) + goto done; + + if (wc_DhAgree(dh, secret, &secretSz, privkey, privkey_len, pubkey, + pubkey_len) != 0) + goto done; + + *len = secretSz; + ret = 0; +done: + wc_FreeDhKey(dh); + os_free(dh); + return ret; +} + +#ifdef CONFIG_FIPS +int crypto_get_random(void *buf, size_t len) +{ + int ret = 0; + WC_RNG rng; + + if (wc_InitRng(&rng) != 0) + return -1; + if (wc_RNG_GenerateBlock(&rng, buf, len) != 0) + ret = -1; + wc_FreeRng(&rng); + return ret; +} +#endif + +#if defined(EAP_PWD) || defined(EAP_SERVER_PWD) +struct crypto_hash { + Hmac hmac; + int size; +}; + +struct crypto_hash * crypto_hash_init(enum crypto_hash_alg alg, const u8 *key, + size_t key_len) +{ + struct crypto_hash* ret = NULL; + struct crypto_hash* hash; + int type; + + hash = os_malloc(sizeof(*hash)); + if (hash == NULL) + goto done; + + switch (alg) { +#ifndef NO_MD5 + case CRYPTO_HASH_ALG_HMAC_MD5: + hash->size = 16; + type = MD5; + break; +#endif +#ifndef NO_SHA + case CRYPTO_HASH_ALG_HMAC_SHA1: + type = SHA; + hash->size = 20; + break; +#endif +#ifdef CONFIG_SHA256 +#ifndef NO_SHA256 + case CRYPTO_HASH_ALG_HMAC_SHA256: + type = SHA256; + hash->size = 32; + break; +#endif +#endif + default: + goto done; + } + + if (wc_HmacSetKey(&hash->hmac, type, key, key_len) != 0) + goto done; + + ret = hash; + hash = NULL; +done: + if (hash != NULL) + os_free(hash); + return ret; +} +void crypto_hash_update(struct crypto_hash *ctx, const u8 *data, size_t len) +{ + if (ctx == NULL) + return; + wc_HmacUpdate(&ctx->hmac, data, len); +} + +int crypto_hash_finish(struct crypto_hash *ctx, u8 *mac, size_t *len) +{ + int ret = 0; + + if (ctx == NULL) + return -2; + + if (mac == NULL || len == NULL) + goto done; + + if (wc_HmacFinal(&ctx->hmac, mac) != 0) { + ret = -1; + goto done; + } + + *len = ctx->size; + ret = 0; +done: + if (ctx != NULL) + bin_clear_free(ctx, sizeof(*ctx)); + return ret; +} +#endif + +#ifdef CONFIG_WOLFSSL_CMAC +int omac1_aes_vector(const u8 *key, size_t key_len, size_t num_elem, + const u8 *addr[], const size_t *len, u8 *mac) +{ + Cmac cmac; + int i; + word32 sz; + + if (TEST_FAIL()) + return -1; + + if (wc_InitCmac(&cmac, key, key_len, WC_CMAC_AES, NULL) != 0) + return -1; + + for (i = 0; i < num_elem; i++) + if (wc_CmacUpdate(&cmac, addr[i], len[i]) != 0) + return -1; + + sz = AES_BLOCK_SIZE; + if (wc_CmacFinal(&cmac, mac, &sz) != 0 || sz != AES_BLOCK_SIZE) + return -1; + + return 0; +} + + +int omac1_aes_128_vector(const u8 *key, size_t num_elem, + const u8 *addr[], const size_t *len, u8 *mac) +{ + return omac1_aes_vector(key, 16, num_elem, addr, len, mac); +} + + +int omac1_aes_128(const u8 *key, const u8 *data, size_t data_len, u8 *mac) +{ + return omac1_aes_128_vector(key, 1, &data, &data_len, mac); +} + + +int omac1_aes_256(const u8 *key, const u8 *data, size_t data_len, u8 *mac) +{ + return omac1_aes_vector(key, 32, 1, &data, &data_len, mac); +} +#endif + + +struct crypto_bignum* crypto_bignum_init(void) +{ + mp_int* a; + + if (TEST_FAIL()) + return NULL; + + a = os_malloc(sizeof(*a)); + if (mp_init(a) != MP_OKAY) { + os_free(a); + a = NULL; + } + + return (struct crypto_bignum*)a; +} + + +struct crypto_bignum * crypto_bignum_init_set(const u8 *buf, size_t len) +{ + mp_int* a; + + if (TEST_FAIL()) + return NULL; + + a = (mp_int*)crypto_bignum_init(); + if (a == NULL) + return NULL; + + if (mp_read_unsigned_bin(a, buf, len) != MP_OKAY) { + os_free(a); + a = NULL; + } + + return (struct crypto_bignum*)a; +} + + +void crypto_bignum_deinit(struct crypto_bignum *n, int clear) +{ + if (n == NULL) + return; + + if (clear) + mp_forcezero((mp_int*)n); + mp_clear((mp_int*)n); + os_free((mp_int*)n); +} + + +int crypto_bignum_to_bin(const struct crypto_bignum *a, + u8 *buf, size_t buflen, size_t padlen) +{ + int num_bytes, offset; + + if (TEST_FAIL()) + return -1; + + if (padlen > buflen) + return -1; + + num_bytes = (mp_count_bits((mp_int*)a) + 7) / 8; + if ((size_t)num_bytes > buflen) + return -1; + if (padlen > (size_t)num_bytes) + offset = padlen - num_bytes; + else + offset = 0; + + os_memset(buf, 0, offset); + mp_to_unsigned_bin((mp_int*)a, buf + offset); + + return num_bytes + offset; +} + +int crypto_bignum_rand(struct crypto_bignum *r, const struct crypto_bignum *m) +{ + int ret = 0; + WC_RNG rng; + + if (wc_InitRng(&rng) != 0) + return -1; + if (mp_rand_prime((mp_int*)r, (mp_count_bits((mp_int*)m) + 7) / 8 * 2, &rng, + NULL) != 0) { + ret = -1; + } + if (ret == 0 && mp_mod((mp_int*)r, (mp_int*)m, (mp_int*)r) != 0) + ret = -1; + wc_FreeRng(&rng); + return ret; +} + +int crypto_bignum_add(const struct crypto_bignum *a, + const struct crypto_bignum *b, + struct crypto_bignum *r) +{ + return mp_add((mp_int*)a, (mp_int*)b, (mp_int*)r) == MP_OKAY ? 0 : -1; +} + + +int crypto_bignum_mod(const struct crypto_bignum *a, + const struct crypto_bignum *m, + struct crypto_bignum *r) +{ + return mp_mod((mp_int*)a, (mp_int*)m, (mp_int*)r) == MP_OKAY ? 0 : -1; +} + + +int crypto_bignum_exptmod(const struct crypto_bignum *b, + const struct crypto_bignum *e, + const struct crypto_bignum *m, + struct crypto_bignum *r) +{ + int res; + + if (TEST_FAIL()) + return -1; + + res = mp_exptmod((mp_int*)b, (mp_int*)e, (mp_int*)m, (mp_int*)r); + return res == MP_OKAY ? 0 : -1; +} + + +int crypto_bignum_inverse(const struct crypto_bignum *a, + const struct crypto_bignum *m, + struct crypto_bignum *r) +{ + if (TEST_FAIL()) + return -1; + return mp_invmod((mp_int*)a, (mp_int*)m, (mp_int*)r) == MP_OKAY ? 0 : -1; +} + + +int crypto_bignum_sub(const struct crypto_bignum *a, + const struct crypto_bignum *b, + struct crypto_bignum *r) +{ + if (TEST_FAIL()) + return -1; + return mp_add((mp_int*)a, (mp_int*)b, (mp_int*)r) == MP_OKAY ? 0 : -1; +} + + +int crypto_bignum_div(const struct crypto_bignum *a, + const struct crypto_bignum *b, + struct crypto_bignum *d) +{ + if (TEST_FAIL()) + return -1; + return mp_div((mp_int*)a, (mp_int*)b, (mp_int*)d, NULL) == MP_OKAY ? 0 : -1; +} + + +int crypto_bignum_mulmod(const struct crypto_bignum *a, + const struct crypto_bignum *b, + const struct crypto_bignum *m, + struct crypto_bignum *d) +{ + int res; + + if (TEST_FAIL()) + return -1; + + res = mp_mulmod((mp_int*)a, (mp_int*)b, (mp_int*)m, (mp_int*)d); + return res == MP_OKAY ? 0 : -1; +} + +int crypto_bignum_rshift(const struct crypto_bignum *a, int n, + struct crypto_bignum *r) +{ + if (mp_copy((mp_int*)a, (mp_int*)r) != MP_OKAY) + return -1; + mp_rshd((mp_int*)r, n); + return 0; +} + +int crypto_bignum_cmp(const struct crypto_bignum *a, + const struct crypto_bignum *b) +{ + return mp_cmp((mp_int*)a, (mp_int*)b); +} + + +int crypto_bignum_bits(const struct crypto_bignum *a) +{ + return mp_count_bits((mp_int*)a); +} + + +int crypto_bignum_is_zero(const struct crypto_bignum *a) +{ + return mp_iszero((mp_int*)a); +} + + +int crypto_bignum_is_one(const struct crypto_bignum *a) +{ + return mp_isone((mp_int*)a); +} + +int crypto_bignum_is_odd(const struct crypto_bignum *a) +{ + return mp_isodd((mp_int*)a); +} + + +int crypto_bignum_legendre(const struct crypto_bignum *a, + const struct crypto_bignum *p) +{ + mp_int t; + int ret; + int res = -2; + + if (TEST_FAIL()) + return -2; + + if (mp_init(&t) != MP_OKAY) { + return -2; + } + + /* t = (p-1) / 2 */ + ret = mp_sub_d((mp_int*)p, 1, &t); + if (ret == MP_OKAY) + mp_rshb(&t, 1); + if (ret == MP_OKAY) + ret = mp_exptmod((mp_int*)a, &t, (mp_int*)p, &t); + if (ret == MP_OKAY) { + if (mp_isone(&t)) + res = 1; + else if (mp_iszero(&t)) + res = 0; + else + res = -1; + } + + mp_clear(&t); + return res; +} + + +#ifdef CONFIG_ECC +extern int ecc_map(ecc_point*, mp_int*, mp_digit); +extern int ecc_projective_add_point(ecc_point* P, ecc_point* Q, ecc_point* R, + mp_int* a, mp_int* modulus, mp_digit mp); + +struct crypto_ec { + ecc_key key; + mp_int a; + mp_int prime; + mp_int order; + mp_digit montB; + mp_int b; +}; + +struct crypto_ec * crypto_ec_init(int group) +{ + int built = 0; + struct crypto_ec *e; + int curve_id; + + /* Map from IANA registry for IKE D-H groups to OpenSSL NID */ + switch (group) { + case 19: + curve_id = ECC_SECP256R1; + break; + case 20: + curve_id = ECC_SECP384R1; + break; + case 21: + curve_id = ECC_SECP521R1; + break; + case 25: + curve_id = ECC_SECP192R1; + break; + case 26: + curve_id = ECC_SECP224R1; + break; +#ifdef HAVE_ECC_BRAINPOOL + case 27: + curve_id = ECC_BRAINPOOLP224R1; + break; + case 28: + curve_id = ECC_BRAINPOOLP256R1; + break; + case 29: + curve_id = ECC_BRAINPOOLP384R1; + break; + case 30: + curve_id = ECC_BRAINPOOLP512R1; + break; +#endif /* HAVE_ECC_BRAINPOOL */ + default: + return NULL; + } + + e = os_zalloc(sizeof(*e)); + if (e == NULL) + return NULL; + + if (wc_ecc_init(&e->key) != 0) + goto done; + if (wc_ecc_set_curve(&e->key, 0, curve_id) != 0) + goto done; + + if (mp_init(&e->a) != MP_OKAY) + goto done; + if (mp_init(&e->prime) != MP_OKAY) + goto done; + if (mp_init(&e->order) != MP_OKAY) + goto done; + if (mp_init(&e->b) != MP_OKAY) + goto done; + + if (mp_read_radix(&e->a, e->key.dp->Af, 16) != MP_OKAY) + goto done; + if (mp_read_radix(&e->b, e->key.dp->Bf, 16) != MP_OKAY) + goto done; + if (mp_read_radix(&e->prime, e->key.dp->prime, 16) != MP_OKAY) + goto done; + if (mp_read_radix(&e->order, e->key.dp->order, 16) != MP_OKAY) + goto done; + + if (mp_montgomery_setup(&e->prime, &e->montB) != MP_OKAY) + goto done; + + built = 1; +done: + if (!built) { + crypto_ec_deinit(e); + e = NULL; + } + return e; +} + + +void crypto_ec_deinit(struct crypto_ec* e) +{ + if (e == NULL) + return; + + mp_clear(&e->b); + mp_clear(&e->order); + mp_clear(&e->prime); + mp_clear(&e->a); + wc_ecc_free(&e->key); + os_free(e); +} + +int crypto_ec_cofactor(struct crypto_ec* e, struct crypto_bignum* cofactor) +{ + if (e == NULL || cofactor == NULL) + return -1; + + mp_set((mp_int*)cofactor, e->key.dp->cofactor); + return 0; +} + +struct crypto_ec_point* crypto_ec_point_init(struct crypto_ec* e) +{ + if (TEST_FAIL()) + return NULL; + if (e == NULL) + return NULL; + return (struct crypto_ec_point*)wc_ecc_new_point(); +} + + +size_t crypto_ec_prime_len(struct crypto_ec *e) +{ + return (mp_count_bits(&e->prime) + 7) / 8; +} + + +size_t crypto_ec_prime_len_bits(struct crypto_ec *e) +{ + return mp_count_bits(&e->prime); +} + + +size_t crypto_ec_order_len(struct crypto_ec *e) +{ + return (mp_count_bits(&e->order) + 7) / 8; +} + + +const struct crypto_bignum * crypto_ec_get_prime(struct crypto_ec *e) +{ + return (const struct crypto_bignum *)&e->prime; +} + + +const struct crypto_bignum * crypto_ec_get_order(struct crypto_ec *e) +{ + return (const struct crypto_bignum *)&e->order; +} + + +void crypto_ec_point_deinit(struct crypto_ec_point *p, int clear) +{ + ecc_point* point = (ecc_point*)p; + + if (p == NULL) + return; + + if (clear) { + mp_forcezero(point->x); + mp_forcezero(point->y); + mp_forcezero(point->z); + } + wc_ecc_del_point(point); +} + +int crypto_ec_point_x(struct crypto_ec *e, const struct crypto_ec_point *p, + struct crypto_bignum *x) +{ + return mp_copy(((ecc_point*)p)->x, (mp_int*)x) == MP_OKAY ? 0 : -1; +} + +int crypto_ec_point_to_bin(struct crypto_ec *e, + const struct crypto_ec_point *point, u8 *x, u8 *y) +{ + ecc_point* p = (ecc_point*)point; + + if (TEST_FAIL()) + return -1; + + if (!mp_isone(p->z)) { + if (ecc_map(p, &e->prime, e->montB) != MP_OKAY) + return -1; + } + + if (x != NULL) { + if (crypto_bignum_to_bin((struct crypto_bignum *)p->x, x, + e->key.dp->size, e->key.dp->size) <= 0) { + return -1; + } + } + if (y != NULL) { + if (crypto_bignum_to_bin((struct crypto_bignum *)p->y, y, + e->key.dp->size, e->key.dp->size) <= 0) { + return -1; + } + } + + return 0; +} + + +struct crypto_ec_point* crypto_ec_point_from_bin(struct crypto_ec *e, + const u8 *val) +{ + ecc_point* point = NULL; + int loaded = 0; + + if (TEST_FAIL()) + return NULL; + + point = wc_ecc_new_point(); + if (point == NULL) + goto done; + + if (mp_read_unsigned_bin(point->x, val, e->key.dp->size) != MP_OKAY) + goto done; + val += e->key.dp->size; + if (mp_read_unsigned_bin(point->y, val, e->key.dp->size) != MP_OKAY) + goto done; + mp_set(point->z, 1); + + loaded = 1; +done: + if (!loaded) { + wc_ecc_del_point(point); + point = NULL; + } + return (struct crypto_ec_point*)point; +} + + +int crypto_ec_point_add(struct crypto_ec *e, const struct crypto_ec_point *a, + const struct crypto_ec_point *b, + struct crypto_ec_point *c) +{ + mp_int mu; + ecc_point *ta = NULL, *tb = NULL; + ecc_point *pa = (ecc_point*)a, *pb = (ecc_point*)b; + mp_int *modulus = &e->prime; + int ret; + + if (TEST_FAIL()) + return -1; + + if ((ret = mp_init(&mu)) != MP_OKAY) { + return -1; + } + if ((ret = mp_montgomery_calc_normalization(&mu, modulus)) != MP_OKAY) { + mp_clear(&mu); + return -1; + } + + if (!mp_isone(&mu)) { + ta = wc_ecc_new_point(); + if (ta == NULL) { + mp_clear(&mu); + return -1; + } + tb = wc_ecc_new_point(); + if (tb == NULL) { + wc_ecc_del_point(ta); + mp_clear(&mu); + return -1; + } + + if (mp_mulmod(pa->x, &mu, modulus, ta->x) != MP_OKAY) { + ret = -1; + goto end; + } + if (mp_mulmod(pa->y, &mu, modulus, ta->y) != MP_OKAY) { + ret = -1; + goto end; + } + if (mp_mulmod(pa->z, &mu, modulus, ta->z) != MP_OKAY) { + ret = -1; + goto end; + } + if (mp_mulmod(pb->x, &mu, modulus, tb->x) != MP_OKAY) { + ret = -1; + goto end; + } + if (mp_mulmod(pb->y, &mu, modulus, tb->y) != MP_OKAY) { + ret = -1; + goto end; + } + if (mp_mulmod(pb->z, &mu, modulus, tb->z) != MP_OKAY) { + ret = -1; + goto end; + } + pa = ta; + pb = tb; + } + + ret = ecc_projective_add_point(pa, pb, (ecc_point*)c, &e->a, &e->prime, + e->montB); + if (ret != 0) { + ret = -1; + goto end; + } + + if (ecc_map((ecc_point*)c, &e->prime, e->montB) != MP_OKAY) + ret = -1; + else + ret = 0; +end: + wc_ecc_del_point(tb); + wc_ecc_del_point(ta); + mp_clear(&mu); + return ret; +} + + +int crypto_ec_point_mul(struct crypto_ec *e, const struct crypto_ec_point *p, + const struct crypto_bignum *b, + struct crypto_ec_point *res) +{ + int ret; + + if (TEST_FAIL()) + return -1; + + ret = wc_ecc_mulmod((mp_int*)b, (ecc_point*)p, (ecc_point*)res, &e->a, + &e->prime, 1); + return ret == 0 ? 0 : -1; +} + + +int crypto_ec_point_invert(struct crypto_ec *e, struct crypto_ec_point *p) +{ + ecc_point* point = (ecc_point*)p; + + if (TEST_FAIL()) + return -1; + + if (mp_sub(&e->prime, point->y, point->y) != MP_OKAY) + return -1; + + return 0; +} + + +int crypto_ec_point_solve_y_coord(struct crypto_ec *e, + struct crypto_ec_point *p, + const struct crypto_bignum *x, int y_bit) +{ + byte buf[MAX_ECC_BYTES + 1]; + int ret; + int prime_len = crypto_ec_prime_len(e); + + if (TEST_FAIL()) + return -1; + + buf[0] = 0x2 + (byte)y_bit; + ret = crypto_bignum_to_bin(x, buf + 1, prime_len, prime_len); + if (ret <= 0) { + return -1; + } + ret = wc_ecc_import_point_der(buf, ret + 1, e->key.idx, (ecc_point*)p); + if (ret != 0) + return -1; + + return 0; +} + + +struct crypto_bignum * +crypto_ec_point_compute_y_sqr(struct crypto_ec *e, + const struct crypto_bignum *x) +{ + mp_int* y2 = NULL; + mp_int t; + int calced = 0; + + if (TEST_FAIL()) + return NULL; + + if (mp_init(&t) != MP_OKAY) + return NULL; + + y2 = (mp_int*)crypto_bignum_init(); + if (y2 == NULL) + goto done; + + if (mp_sqrmod((mp_int*)x, &e->prime, y2) != 0) + goto done; + if (mp_mulmod((mp_int*)x, &t, &e->prime, y2) != 0) + goto done; + if (mp_mulmod((mp_int*)x, &e->a, &e->prime, &t) != 0) + goto done; + if (mp_addmod(y2, &t, &e->prime, y2) != 0) + goto done; + if (mp_addmod(y2, &e->b, &e->prime, y2) != 0) + goto done; + + calced = 1; +done: + if (!calced) { + if (y2 != NULL) { + mp_clear(y2); + os_free(y2); + } + mp_clear(&t); + } + + return (struct crypto_bignum*)y2; +} + + +int crypto_ec_point_is_at_infinity(struct crypto_ec *e, + const struct crypto_ec_point *p) +{ + return wc_ecc_point_is_at_infinity((ecc_point*)p); +} + + +int crypto_ec_point_is_on_curve(struct crypto_ec *e, + const struct crypto_ec_point *p) +{ + return wc_ecc_is_point((ecc_point*)p, &e->a, &e->b, &e->prime) == MP_OKAY; +} + + +int crypto_ec_point_cmp(const struct crypto_ec *e, + const struct crypto_ec_point *a, + const struct crypto_ec_point *b) +{ + return wc_ecc_cmp_point((ecc_point*)a, (ecc_point*)b); +} + +#endif /* CONFIG_ECC */ diff --git a/src/crypto/fips_prf_wolfssl.c b/src/crypto/fips_prf_wolfssl.c new file mode 100644 index 0000000..becacec --- /dev/null +++ b/src/crypto/fips_prf_wolfssl.c @@ -0,0 +1,85 @@ +/* + * FIPS 186-2 PRF for libcrypto + * Copyright (c) 2004-2017, Jouni Malinen <j@w1.fi> + * + * This software may be distributed under the terms of the BSD license. + * See README for more details. + */ + +#include "includes.h" +#include <wolfssl/wolfcrypt/sha.h> + +#include "common.h" +#include "crypto.h" + + +static void sha1_transform(u32 *state, const u8 data[64]) +{ + Sha sha; + os_memset(&sha, 0, sizeof(sha)); + sha.digest[0] = state[0]; + sha.digest[1] = state[1]; + sha.digest[2] = state[2]; + sha.digest[3] = state[3]; + sha.digest[4] = state[4]; + wc_ShaUpdate(&sha, data, 64); + state[0] = sha.digest[0]; + state[1] = sha.digest[1]; + state[2] = sha.digest[2]; + state[3] = sha.digest[3]; + state[4] = sha.digest[4]; +} + + +int fips186_2_prf(const u8 *seed, size_t seed_len, u8 *x, size_t xlen) +{ + u8 xkey[64]; + u32 t[5], _t[5]; + int i, j, m, k; + u8 *xpos = x; + u32 carry; + + if (seed_len < sizeof(xkey)) + os_memset(xkey + seed_len, 0, sizeof(xkey) - seed_len); + else + seed_len = sizeof(xkey); + + /* FIPS 186-2 + change notice 1 */ + + os_memcpy(xkey, seed, seed_len); + t[0] = 0x67452301; + t[1] = 0xEFCDAB89; + t[2] = 0x98BADCFE; + t[3] = 0x10325476; + t[4] = 0xC3D2E1F0; + + m = xlen / 40; + for (j = 0; j < m; j++) { + /* XSEED_j = 0 */ + for (i = 0; i < 2; i++) { + /* XVAL = (XKEY + XSEED_j) mod 2^b */ + + /* w_i = G(t, XVAL) */ + os_memcpy(_t, t, 20); + sha1_transform(_t, xkey); + WPA_PUT_BE32(xpos, _t[0]); + WPA_PUT_BE32(xpos + 4, _t[1]); + WPA_PUT_BE32(xpos + 8, _t[2]); + WPA_PUT_BE32(xpos + 12, _t[3]); + WPA_PUT_BE32(xpos + 16, _t[4]); + + /* XKEY = (1 + XKEY + w_i) mod 2^b */ + carry = 1; + for (k = 19; k >= 0; k--) { + carry += xkey[k] + xpos[k]; + xkey[k] = carry & 0xff; + carry >>= 8; + } + + xpos += 20; + } + /* x_j = w_0|w_1 */ + } + + return 0; +} diff --git a/src/crypto/tls_wolfssl.c b/src/crypto/tls_wolfssl.c new file mode 100644 index 0000000..ecd5db2 --- /dev/null +++ b/src/crypto/tls_wolfssl.c @@ -0,0 +1,2057 @@ +/* + * SSL/TLS interface functions for wolfSSL TLS case + * Copyright (c) 2004-2017, Jouni Malinen <j@w1.fi> + * + * This software may be distributed under the terms of the BSD license. + * See README for more details. + */ + +#include "includes.h" + +#include "common.h" +#include "crypto.h" +#include "tls.h" + +#define OPENSSL_EXTRA +#define HAVE_STUNNEL +#define HAVE_SECRET_CALLBACK +#define HAVE_SESSION_TICKET +#define HAVE_OCSP +#define HAVE_CERTIFICATE_STATUS_REQUEST +#define HAVE_CERTIFICATE_STATUS_REQUEST_V2 +#ifndef WOLFSSL_DER_LOAD +#define WOLFSSL_DER_LOAD +#endif +#if 0 +/* Enable if a debug build of wolfSSL is installed. */ +#define DEBUG_WOLFSSL +#endif + +/* wolfSSL includes */ +#include <wolfssl/ssl.h> +#include <wolfssl/error-ssl.h> +#include <wolfssl/wolfcrypt/asn.h> + +#if defined(EAP_FAST) || defined(EAP_FAST_DYNAMIC) || defined(EAP_SERVER_FAST) +#define HAVE_AESGCM +#include <wolfssl/wolfcrypt/aes.h> +#endif + +#if !defined(CONFIG_FIPS) && \ + (defined(EAP_FAST) || defined(EAP_FAST_DYNAMIC) || \ + defined(EAP_SERVER_FAST)) +#define WOLFSSL_NEED_EAP_FAST_PRF +#endif + +#define SECRET_LEN 48 +#define RAN_LEN 32 +#define SESSION_TICKET_LEN 256 + +static int tlsRefCount = 0; + +static int tls_ex_idx_session = 0; + + +/* tls input data for wolfSSL Read Callback */ +struct tls_in_data { + const struct wpabuf* in_data; + size_t consumed; /* how many bytes have we used already */ +}; + + +/* tls output data for wolfSSL Write Callback */ +struct tls_out_data { + struct wpabuf* out_data; +}; + +struct tls_context { + void (*event_cb)(void *ctx, enum tls_event ev, + union tls_event_data *data); + void *cb_ctx; + int cert_in_cb; + char *ocsp_stapling_response; +}; + +static struct tls_context *tls_global = NULL; + +/* wolfssl tls_connection */ +struct tls_connection { + struct tls_context* context; + WOLFSSL* ssl; + int readAlerts; + int writeAlerts; + int failed; + struct tls_in_data input; + struct tls_out_data output; + char* subjectMatch; + char* altSubjectMatch; + char* suffixMatch; + char* domainMatch; + + u8 srv_cert_hash[32]; + + unsigned char client_random[RAN_LEN]; + unsigned char server_random[RAN_LEN]; + unsigned int flags; +#if defined(EAP_FAST) || defined(EAP_FAST_DYNAMIC) || defined(EAP_SERVER_FAST) + tls_session_ticket_cb session_ticket_cb; + void* session_ticket_cb_ctx; + byte session_ticket[SESSION_TICKET_LEN]; +#endif + unsigned int ca_cert_verify:1; + unsigned int cert_probe:1; + unsigned int server_cert_only:1; + unsigned int success_data:1; + + WOLFSSL_X509* peer_cert; + WOLFSSL_X509* peer_issuer; + WOLFSSL_X509* peer_issuer_issuer; + +}; + + +static struct tls_context * tls_context_new(const struct tls_config *conf) +{ + struct tls_context *context = os_zalloc(sizeof(*context)); + if (context == NULL) + return NULL; + if (conf) { + context->event_cb = conf->event_cb; + context->cb_ctx = conf->cb_ctx; + context->cert_in_cb = conf->cert_in_cb; + } + return context; +} + + +static void ResetInData(struct tls_in_data* in, const struct wpabuf* buf) +{ + /* old one not owned by us so don't free */ + in->in_data = buf; + in->consumed = 0; +} + + +static void ResetOutData(struct tls_out_data* out) +{ + /* old one not owned by us so don't free */ + out->out_data = wpabuf_alloc_copy("", 0); +} + + +/* wolfSSL I/O Receive CallBack */ +static int wolfsslReceiveCb(WOLFSSL *ssl, char* buf, int sz, void* ctx) +{ + size_t get = sz; + struct tls_in_data* data = (struct tls_in_data*)ctx; + + if (data == NULL) + return -1; + + if (get > (wpabuf_len(data->in_data) - data->consumed)) + get = wpabuf_len(data->in_data) - data->consumed; + + os_memcpy(buf, wpabuf_head(data->in_data) + data->consumed, get); + data->consumed += get; + + if (get == 0) + return -2; /* WANT_READ */ + + return (int)get; +} + + +/* wolfSSL I/O Send CallBack */ +static int wolfsslSendCb(WOLFSSL *ssl, char* buf, int sz, void* ctx) +{ + struct wpabuf* tmp; + struct tls_out_data* data = (struct tls_out_data*)ctx; + + if (data == NULL) + return -1; + + wpa_printf(MSG_DEBUG, "SSL: adding %d bytes", sz); + + tmp = wpabuf_alloc_copy(buf, sz); + data->out_data = wpabuf_concat(data->out_data, tmp); + + if (data->out_data == NULL) + return -1; + + return sz; +} + +static void remove_session_cb(WOLFSSL_CTX *ctx, WOLFSSL_SESSION *sess) +{ + struct wpabuf *buf; + + buf = wolfSSL_SESSION_get_ex_data(sess, tls_ex_idx_session); + if (!buf) + return; + wpa_printf(MSG_DEBUG, + "wolfSSL: Free application session data %p (sess %p)", + buf, sess); + wpabuf_free(buf); + + wolfSSL_SESSION_set_ex_data(sess, tls_ex_idx_session, NULL); +} + +void* tls_init(const struct tls_config *conf) +{ + WOLFSSL_CTX* sslCtx; + struct tls_context *context; + const char *ciphers; + +#ifdef DEBUG_WOLFSSL + wolfSSL_Debugging_ON(); +#endif + + context = tls_context_new(conf); + if (context == NULL) + return NULL; + + if (tlsRefCount == 0) { + tls_global = context; + + if (wolfSSL_Init() < 0) + return NULL; + /* wolfSSL_Debugging_ON(); */ + } + + tlsRefCount++; + + sslCtx = wolfSSL_CTX_new(wolfSSLv23_client_method()); /* start as client */ + if (sslCtx == NULL) { + tlsRefCount--; + if (context != tls_global) + os_free(context); + if (tlsRefCount == 0) { + os_free(tls_global); + tls_global = NULL; + } + } + wolfSSL_SetIORecv(sslCtx, wolfsslReceiveCb); + wolfSSL_SetIOSend(sslCtx, wolfsslSendCb); + wolfSSL_CTX_set_ex_data(sslCtx, 0, context); + + if (conf->tls_session_lifetime > 0) { + wolfSSL_CTX_set_quiet_shutdown(sslCtx, 1); + wolfSSL_CTX_set_session_cache_mode(sslCtx, SSL_SESS_CACHE_SERVER); + wolfSSL_CTX_set_timeout(sslCtx, conf->tls_session_lifetime); + wolfSSL_CTX_sess_set_remove_cb(sslCtx, remove_session_cb); + } else { + wolfSSL_CTX_set_session_cache_mode(sslCtx, SSL_SESS_CACHE_CLIENT); + } + + if (conf && conf->openssl_ciphers) + ciphers = conf->openssl_ciphers; + else + ciphers = "ALL"; + if (wolfSSL_CTX_set_cipher_list(sslCtx, ciphers) != 1) { + wpa_printf(MSG_ERROR, + "wolfSSL: Failed to set cipher string '%s'", + ciphers); + tls_deinit(sslCtx); + return NULL; + } + + return sslCtx; +} + + +void tls_deinit(void *ssl_ctx) +{ + struct tls_context *context = wolfSSL_CTX_get_ex_data(ssl_ctx, 0); + + if (context != tls_global) + os_free(context); + + wolfSSL_CTX_free((WOLFSSL_CTX*)ssl_ctx); + + tlsRefCount--; + if (tlsRefCount == 0) { + wolfSSL_Cleanup(); + os_free(tls_global); + tls_global = NULL; + } +} + + +int tls_get_errors(void *tls_ctx) +{ +#ifdef DEBUG_WOLFSSL +#if 0 + unsigned long err; + err = wolfSSL_ERR_peek_last_error_line(NULL, NULL); + if (err != 0) { + wpa_printf(MSG_INFO, "TLS - SSL error: %s", + wolfSSL_ERR_error_string(err, NULL)); + return 1; + } +#endif +#endif + return 0; +} + + +struct tls_connection* tls_connection_init(void *tls_ctx) +{ + WOLFSSL_CTX* sslCtx = (WOLFSSL_CTX*)tls_ctx; + struct tls_connection* conn; + + wpa_printf(MSG_DEBUG, "SSL: connection init"); + + conn = os_zalloc(sizeof(*conn)); + if (conn == NULL) + return NULL; + conn->ssl = wolfSSL_new(sslCtx); + if (conn->ssl == NULL) { + os_free(conn); + return NULL; + } + + wolfSSL_SetIOReadCtx(conn->ssl, &conn->input); + wolfSSL_SetIOWriteCtx(conn->ssl, &conn->output); + wolfSSL_set_ex_data(conn->ssl, 0, conn); + conn->context = wolfSSL_CTX_get_ex_data(sslCtx, 0); + + /* Need randoms post-hanshake for EAP-FAST, export key and deriving session + * ID in EAP method in EAP methodss. + */ + wolfSSL_KeepArrays(conn->ssl); + wolfSSL_KeepHandshakeResources(conn->ssl); + wolfSSL_UseClientSuites(conn->ssl); + + return conn; +} + + +void tls_connection_deinit(void *tls_ctx, struct tls_connection *conn) +{ + if (conn == NULL) + return; + + wpa_printf(MSG_DEBUG, "SSL: connection deinit"); + + /* parts */ + wolfSSL_free(conn->ssl); + os_free(conn->subjectMatch); + os_free(conn->altSubjectMatch); + os_free(conn->suffixMatch); + os_free(conn->domainMatch); + + /* self */ + os_free(conn); +} + + +int tls_connection_established(void *tls_ctx, struct tls_connection *conn) +{ + return conn ? wolfSSL_is_init_finished(conn->ssl) : 0; +} + + +int tls_connection_shutdown(void *tls_ctx, struct tls_connection *conn) +{ + WOLFSSL_SESSION* session; + + if (conn == NULL) + return -1; + + wpa_printf(MSG_DEBUG, "SSL: connection shutdown"); + + /* Set quiet as OpenSSL does */ + wolfSSL_set_quiet_shutdown(conn->ssl, 1); + wolfSSL_shutdown(conn->ssl); + + session = wolfSSL_get_session(conn->ssl); + if (wolfSSL_clear(conn->ssl) != 1) + return -1; + wolfSSL_set_session(conn->ssl, session); + + return 0; +} + + +static int tls_connection_set_subject_match(struct tls_connection *conn, + const char *subjectMatch, + const char *altSubjectMatch, + const char *suffixMatch, + const char *domainMatch) +{ + os_free(conn->subjectMatch); + conn->subjectMatch = NULL; + if (subjectMatch) { + conn->subjectMatch = os_strdup(subjectMatch); + if (conn->subjectMatch == NULL) + return -1; + } + + os_free(conn->altSubjectMatch); + conn->altSubjectMatch = NULL; + if (altSubjectMatch) { + conn->altSubjectMatch = os_strdup(altSubjectMatch); + if (conn->altSubjectMatch == NULL) + return -1; + } + + os_free(conn->suffixMatch); + conn->suffixMatch = NULL; + if (suffixMatch) { + conn->suffixMatch = os_strdup(suffixMatch); + if (conn->suffixMatch == NULL) + return -1; + } + + os_free(conn->domainMatch); + conn->domainMatch = NULL; + if (domainMatch) { + conn->domainMatch = os_strdup(domainMatch); + if (conn->domainMatch == NULL) + return -1; + } + + return 0; +} + + +static int tls_connection_dh(struct tls_connection* conn, const char* dh_file, + const u8* dh_blob, size_t blob_len) +{ + if (dh_file == NULL && dh_blob == NULL) + return 0; + + wolfSSL_set_accept_state(conn->ssl); + + if (dh_blob) { + if (wolfSSL_SetTmpDH_buffer(conn->ssl, dh_blob, blob_len, + SSL_FILETYPE_ASN1) < 0) { + wpa_printf(MSG_INFO, "SSL: use dh der blob failed"); + return -1; + } + wpa_printf(MSG_DEBUG, "SSL: use dh blob OK"); + return 0; + } + + if (dh_file) { + wpa_printf(MSG_INFO, "SSL: use dh pem file: %s", dh_file); + if (wolfSSL_SetTmpDH_file(conn->ssl, dh_file, SSL_FILETYPE_PEM) < 0) { + wpa_printf(MSG_INFO, "SSL: use dh pem file failed"); + if (wolfSSL_SetTmpDH_file(conn->ssl, dh_file, + SSL_FILETYPE_ASN1) < 0) { + wpa_printf(MSG_INFO, "SSL: use dh der file failed"); + return -1; + } + } + wpa_printf(MSG_DEBUG, "SSL: use dh file OK"); + return 0; + } + + return 0; +} + + +static int tls_connection_client_cert(struct tls_connection* conn, + const char* client_cert, + const u8* client_cert_blob, + size_t blob_len) +{ + if (client_cert == NULL && client_cert_blob == NULL) + return 0; + + if (client_cert_blob) { + if (wolfSSL_use_certificate_buffer(conn->ssl, client_cert_blob, blob_len, + SSL_FILETYPE_ASN1) < 0) { + wpa_printf(MSG_INFO, "SSL: use client cert der blob failed"); + return -1; + } + wpa_printf(MSG_DEBUG, "SSL: use client cert blob OK"); + return 0; + } + + if (client_cert) { + if (wolfSSL_use_certificate_file(conn->ssl, client_cert, + SSL_FILETYPE_PEM) < 0) { + wpa_printf(MSG_INFO, "SSL: use client cert pem file failed"); + if (wolfSSL_use_certificate_file(conn->ssl, client_cert, + SSL_FILETYPE_ASN1) < 0) { + wpa_printf(MSG_INFO, "SSL: use client cert der file failed"); + return -1; + } + } + wpa_printf(MSG_DEBUG, "SSL: use client cert file OK"); + return 0; + } + + return 0; +} + + +static int tls_passwd_cb(char *buf, int size, int rwflag, void *password) +{ + if (password == NULL) + return 0; + os_strlcpy(buf, (char *) password, size); + return os_strlen(buf); +} + + +static int tls_connection_private_key(void* tls_ctx, + struct tls_connection *conn, + const char* private_key, + const char* private_key_passwd, + const u8* private_key_blob, + size_t blob_len) +{ + WOLFSSL_CTX* ctx = (WOLFSSL_CTX*)tls_ctx; + char* passwd = NULL; + int ok = 0; + + if (private_key == NULL && private_key_blob == NULL) + return 0; + + if (private_key_passwd) { + passwd = os_strdup(private_key_passwd); + if (passwd == NULL) + return -1; + } + + wolfSSL_CTX_set_default_passwd_cb(ctx, tls_passwd_cb); + wolfSSL_CTX_set_default_passwd_cb_userdata(ctx, passwd); + + if (private_key_blob) { + if (wolfSSL_use_PrivateKey_buffer(conn->ssl, private_key_blob, blob_len, + SSL_FILETYPE_ASN1) < 0) { + wpa_printf(MSG_INFO, "SSL: use private der blob failed"); + } + else { + wpa_printf(MSG_DEBUG, "SSL: use private key blob OK"); + ok = 1; + } + } + + if (!ok && private_key) { + if (wolfSSL_use_PrivateKey_file(conn->ssl, private_key, + SSL_FILETYPE_PEM) < 0) { + wpa_printf(MSG_INFO, "SSL: use private key pem file failed"); + if (wolfSSL_use_PrivateKey_file(conn->ssl, private_key, + SSL_FILETYPE_ASN1) < 0) { + wpa_printf(MSG_INFO, "SSL: use private key der file failed"); + } + else + ok = 1; + } + else + ok = 1; + + if (ok) + wpa_printf(MSG_DEBUG, "SSL: use private key file OK"); + } + + wolfSSL_CTX_set_default_passwd_cb(ctx, NULL); + os_free(passwd); + + if (!ok) + return -1; + + return 0; +} + +#define GEN_EMAIL 1 +#define GEN_DNS ALT_NAMES_OID +#define GEN_URI 6 + +static int tls_match_altSubject_component(WOLFSSL_X509 *cert, int type, + const char *value, size_t len) +{ + WOLFSSL_ASN1_OBJECT *gen; + void *ext; + int found = 0; + int i; + + ext = wolfSSL_X509_get_ext_d2i(cert, ALT_NAMES_OID, NULL, NULL); + + for (i = 0; ext && i < wolfSSL_sk_num((void*)ext); i++) { + gen = wolfSSL_sk_value((void*)ext, i); + if (gen->type != type) + continue; + if (os_strlen((char *) gen->obj) == len && + os_memcmp(value, gen->obj, len) == 0) + found++; + } + + wolfSSL_sk_ASN1_OBJECT_free(ext); + + return found; +} + + +static int tls_match_altSubject(WOLFSSL_X509 *cert, const char *match) +{ + int type; + const char *pos, *end; + size_t len; + + pos = match; + do { + if (os_strncmp(pos, "EMAIL:", 6) == 0) { + type = GEN_EMAIL; + pos += 6; + } else if (os_strncmp(pos, "DNS:", 4) == 0) { + type = GEN_DNS; + pos += 4; + } else if (os_strncmp(pos, "URI:", 4) == 0) { + type = GEN_URI; + pos += 4; + } else { + wpa_printf(MSG_INFO, "TLS: Invalid altSubjectName " + "match '%s'", pos); + return 0; + } + end = os_strchr(pos, ';'); + while (end) { + if (os_strncmp(end + 1, "EMAIL:", 6) == 0 || + os_strncmp(end + 1, "DNS:", 4) == 0 || + os_strncmp(end + 1, "URI:", 4) == 0) + break; + end = os_strchr(end + 1, ';'); + } + if (end) + len = end - pos; + else + len = os_strlen(pos); + if (tls_match_altSubject_component(cert, type, pos, len) > 0) + return 1; + pos = end + 1; + } while (end); + return 0; +} + + +#ifndef CONFIG_NATIVE_WINDOWS +static int domain_suffix_match(const char *val, size_t len, const char *match, + int full) +{ + size_t i, match_len; + + /* Check for embedded nuls that could mess up suffix matching */ + for (i = 0; i < len; i++) { + if (val[i] == '\0') { + wpa_printf(MSG_DEBUG, "TLS: Embedded null in a string - reject"); + return 0; + } + } + + match_len = os_strlen(match); + if (match_len > len || (full && match_len != len)) + return 0; + + if (os_strncasecmp(val + len - match_len, match, + match_len) != 0) + return 0; /* no match */ + + if (match_len == len) + return 1; /* exact match */ + + if (val[len - match_len - 1] == '.') + return 1; /* full label match completes suffix match */ + + wpa_printf(MSG_DEBUG, "TLS: Reject due to incomplete label match"); + return 0; +} +#endif /* CONFIG_NATIVE_WINDOWS */ + + +static int tls_match_suffix(WOLFSSL_X509 *cert, const char *match, int full) +{ +#ifdef CONFIG_NATIVE_WINDOWS + /* wincrypt.h has conflicting X509_NAME definition */ + return -1; +#else /* CONFIG_NATIVE_WINDOWS */ + WOLFSSL_ASN1_OBJECT *gen; + void *ext; + int i; + int j; + int dns_name = 0; + WOLFSSL_X509_NAME *name; + + wpa_printf(MSG_DEBUG, "TLS: Match domain against %s%s", + full ? "": "suffix ", match); + + ext = wolfSSL_X509_get_ext_d2i(cert, ALT_NAMES_OID, NULL, NULL); + + for (j = 0; ext && j < wolfSSL_sk_num((void*)ext); j++) { + gen = wolfSSL_sk_value((void*)ext, j); + if (gen->type != ALT_NAMES_OID) + continue; + dns_name++; + wpa_hexdump_ascii(MSG_DEBUG, "TLS: Certificate dNSName", + gen->obj, os_strlen((char *)gen->obj)); + if (domain_suffix_match((const char*)gen->obj, + os_strlen((char *)gen->obj), match, + full) == 1) { + wpa_printf(MSG_DEBUG, "TLS: %s in dNSName found", + full ? "Match" : "Suffix match"); + wolfSSL_sk_ASN1_OBJECT_free(ext); + return 1; + } + } + wolfSSL_sk_ASN1_OBJECT_free(ext); + + if (dns_name) { + wpa_printf(MSG_DEBUG, "TLS: None of the dNSName(s) matched"); + return 0; + } + + name = wolfSSL_X509_get_subject_name(cert); + i = -1; + for (;;) { + WOLFSSL_X509_NAME_ENTRY *e; + WOLFSSL_ASN1_STRING *cn; + + i = wolfSSL_X509_NAME_get_index_by_NID(name, ASN_COMMON_NAME, + i); + if (i == -1) + break; + e = wolfSSL_X509_NAME_get_entry(name, i); + if (e == NULL) + continue; + cn = wolfSSL_X509_NAME_ENTRY_get_data(e); + if (cn == NULL) + continue; + wpa_hexdump_ascii(MSG_DEBUG, "TLS: Certificate commonName", + cn->data, cn->length); + if (domain_suffix_match(cn->data, cn->length, match, full) == 1) + { + wpa_printf(MSG_DEBUG, "TLS: %s in commonName found", + full ? "Match" : "Suffix match"); + return 1; + } + } + + wpa_printf(MSG_DEBUG, "TLS: No CommonName %smatch found", + full ? "": "suffix "); + return 0; +#endif /* CONFIG_NATIVE_WINDOWS */ +} + +static enum tls_fail_reason wolfssl_tls_fail_reason(int err) +{ + switch (err) { + case X509_V_ERR_CERT_REVOKED: + return TLS_FAIL_REVOKED; + case ASN_BEFORE_DATE_E: + case X509_V_ERR_CERT_NOT_YET_VALID: + case X509_V_ERR_CRL_NOT_YET_VALID: + return TLS_FAIL_NOT_YET_VALID; + case ASN_AFTER_DATE_E: + case X509_V_ERR_CERT_HAS_EXPIRED: + case X509_V_ERR_CRL_HAS_EXPIRED: + return TLS_FAIL_EXPIRED; + case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: + case X509_V_ERR_UNABLE_TO_GET_CRL: + case X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER: + case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: + case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: + case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: + case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: + case X509_V_ERR_CERT_CHAIN_TOO_LONG: + case X509_V_ERR_PATH_LENGTH_EXCEEDED: + case X509_V_ERR_INVALID_CA: + return TLS_FAIL_UNTRUSTED; + case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: + case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE: + case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY: + case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: + case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: + case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD: + case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD: + case X509_V_ERR_CERT_UNTRUSTED: + case X509_V_ERR_CERT_REJECTED: + return TLS_FAIL_BAD_CERTIFICATE; + default: + return TLS_FAIL_UNSPECIFIED; + } +} + +static const char* wolfssl_tls_err_string(int err, const char *err_str) +{ + switch (err) { + case ASN_BEFORE_DATE_E: + return "certificate is not yet valid"; + case ASN_AFTER_DATE_E: + return "certificate has expired"; + default: + return err_str; + } +} + +static struct wpabuf * get_x509_cert(WOLFSSL_X509 *cert) +{ + struct wpabuf *buf = NULL; + const u8 *data; + int cert_len; + + data = wolfSSL_X509_get_der(cert, &cert_len); + if (data != NULL) + buf = wpabuf_alloc_copy(data, cert_len); + + return buf; +} + +static void wolfssl_tls_fail_event(struct tls_connection *conn, + WOLFSSL_X509 *err_cert, int err, int depth, + const char *subject, const char *err_str, + enum tls_fail_reason reason) +{ + union tls_event_data ev; + struct wpabuf *cert = NULL; + struct tls_context *context = conn->context; + + if (context->event_cb == NULL) + return; + + cert = get_x509_cert(err_cert); + os_memset(&ev, 0, sizeof(ev)); + ev.cert_fail.reason = reason != TLS_FAIL_UNSPECIFIED ? + reason : wolfssl_tls_fail_reason(err); + ev.cert_fail.depth = depth; + ev.cert_fail.subject = subject; + ev.cert_fail.reason_txt = wolfssl_tls_err_string(err, err_str); + ev.cert_fail.cert = cert; + context->event_cb(context->cb_ctx, TLS_CERT_CHAIN_FAILURE, &ev); + wpabuf_free(cert); +} + + +static void wolfssl_tls_cert_event(struct tls_connection *conn, + WOLFSSL_X509 *err_cert, int depth, + const char *subject) +{ + struct wpabuf *cert = NULL; + union tls_event_data ev; + struct tls_context *context = conn->context; + char *altSubject[TLS_MAX_ALT_SUBJECT]; + int alt, num_altSubject = 0; + WOLFSSL_ASN1_OBJECT *gen; + void *ext; + int i; +#ifdef CONFIG_SHA256 + u8 hash[32]; +#endif /* CONFIG_SHA256 */ + + if (context->event_cb == NULL) + return; + + os_memset(&ev, 0, sizeof(ev)); + if (conn->cert_probe || (conn->flags & TLS_CONN_EXT_CERT_CHECK) || + context->cert_in_cb) { + cert = get_x509_cert(err_cert); + ev.peer_cert.cert = cert; + } +#ifdef CONFIG_SHA256 + if (cert) { + const u8 *addr[1]; + size_t len[1]; + addr[0] = wpabuf_head(cert); + len[0] = wpabuf_len(cert); + if (sha256_vector(1, addr, len, hash) == 0) { + ev.peer_cert.hash = hash; + ev.peer_cert.hash_len = sizeof(hash); + } + } +#endif /* CONFIG_SHA256 */ + ev.peer_cert.depth = depth; + ev.peer_cert.subject = subject; + + ext = wolfSSL_X509_get_ext_d2i(err_cert, ALT_NAMES_OID, NULL, NULL); + for (i = 0; ext && i < wolfSSL_sk_num((void*)ext); i++) { + char *pos; + + if (num_altSubject == TLS_MAX_ALT_SUBJECT) + break; + gen = wolfSSL_sk_value((void*)ext, i); +#if 0 + if (gen->type != GEN_EMAIL && + gen->type != GEN_DNS && + gen->type != GEN_URI) + continue; +#endif + + pos = os_malloc(10 + os_strlen((char *)gen->obj) + 1); + if (pos == NULL) + break; + altSubject[num_altSubject++] = pos; + +#if 0 + switch (gen->type) { + case GEN_EMAIL: + os_memcpy(pos, "EMAIL:", 6); + pos += 6; + break; + case GEN_DNS: + os_memcpy(pos, "DNS:", 4); + pos += 4; + break; + case GEN_URI: + os_memcpy(pos, "URI:", 4); + pos += 4; + break; + } +#else + os_memcpy(pos, "DNS:", 4); + pos += 4; +#endif + + os_memcpy(pos, gen->obj, os_strlen((char *)gen->obj)); + pos += os_strlen((char *)gen->obj); + *pos = '\0'; + } + wolfSSL_sk_ASN1_OBJECT_free(ext); + + for (alt = 0; alt < num_altSubject; alt++) + ev.peer_cert.altsubject[alt] = altSubject[alt]; + ev.peer_cert.num_altsubject = num_altSubject; + + context->event_cb(context->cb_ctx, TLS_PEER_CERTIFICATE, &ev); + wpabuf_free(cert); + for (alt = 0; alt < num_altSubject; alt++) + os_free(altSubject[alt]); +} + +static int tls_verify_cb(int preverify_ok, WOLFSSL_X509_STORE_CTX *x509_ctx) +{ + char buf[256]; + WOLFSSL_X509 *err_cert; + int err, depth; + WOLFSSL *ssl; + struct tls_connection *conn; + struct tls_context *context; + char *match, *altmatch, *suffix_match, *domain_match; + const char *err_str; + + err_cert = wolfSSL_X509_STORE_CTX_get_current_cert(x509_ctx); + if (err_cert == NULL) { + wpa_printf(MSG_DEBUG, "wolfSSL: No Cert\n"); + return 0; + } + + err = wolfSSL_X509_STORE_CTX_get_error(x509_ctx); + depth = wolfSSL_X509_STORE_CTX_get_error_depth(x509_ctx); + ssl = wolfSSL_X509_STORE_CTX_get_ex_data(x509_ctx, + wolfSSL_get_ex_data_X509_STORE_CTX_idx()); + wolfSSL_X509_NAME_oneline(wolfSSL_X509_get_subject_name(err_cert), buf, + sizeof(buf)); + + conn = wolfSSL_get_ex_data(ssl, 0); + if (conn == NULL) { + wpa_printf(MSG_DEBUG, "wolfSSL: No ex_data\n"); + return 0; + } + + if (depth == 0) + conn->peer_cert = err_cert; + else if (depth == 1) + conn->peer_issuer = err_cert; + else if (depth == 2) + conn->peer_issuer_issuer = err_cert; + + context = conn->context; + match = conn->subjectMatch; + altmatch = conn->altSubjectMatch; + suffix_match = conn->suffixMatch; + domain_match = conn->domainMatch; + + if (!preverify_ok && !conn->ca_cert_verify) + preverify_ok = 1; + if (!preverify_ok && depth > 0 && conn->server_cert_only) + preverify_ok = 1; + if (!preverify_ok && (conn->flags & TLS_CONN_DISABLE_TIME_CHECKS) && + (err == X509_V_ERR_CERT_HAS_EXPIRED || + err == ASN_AFTER_DATE_E || err == ASN_BEFORE_DATE_E || + err == X509_V_ERR_CERT_NOT_YET_VALID)) { + wpa_printf(MSG_DEBUG, "wolfSSL: Ignore certificate validity " + "time mismatch"); + preverify_ok = 1; + } + + err_str = wolfSSL_X509_verify_cert_error_string(err); + +#ifdef CONFIG_SHA256 + /* + * Do not require preverify_ok so we can explicity allow otherwise + * invalid pinned server certificates. + */ + if (depth == 0 && conn->server_cert_only) { + struct wpabuf *cert; + cert = get_x509_cert(err_cert); + if (!cert) { + wpa_printf(MSG_DEBUG, "wolfSSL: Could not fetch " + "server certificate data"); + preverify_ok = 0; + } else { + u8 hash[32]; + const u8 *addr[1]; + size_t len[1]; + addr[0] = wpabuf_head(cert); + len[0] = wpabuf_len(cert); + if (sha256_vector(1, addr, len, hash) < 0 || + os_memcmp(conn->srv_cert_hash, hash, 32) != 0) { + err_str = "Server certificate mismatch"; + err = X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN; + preverify_ok = 0; + } else if (!preverify_ok) { + /* + * Certificate matches pinned certificate, allow + * regardless of other problems. + */ + wpa_printf(MSG_DEBUG, + "wolfSSL: Ignore validation issues for a pinned server certificate"); + preverify_ok = 1; + } + wpabuf_free(cert); + } + } +#endif /* CONFIG_SHA256 */ + + if (!preverify_ok) { + wpa_printf(MSG_WARNING, "TLS: Certificate verification failed," + " error %d (%s) depth %d for '%s'", err, err_str, + depth, buf); + wolfssl_tls_fail_event(conn, err_cert, err, depth, buf, + err_str, TLS_FAIL_UNSPECIFIED); + return preverify_ok; + } + + wpa_printf(MSG_DEBUG, "TLS: tls_verify_cb - preverify_ok=%d " + "err=%d (%s) ca_cert_verify=%d depth=%d buf='%s'", + preverify_ok, err, err_str, + conn->ca_cert_verify, depth, buf); + if (depth == 0 && match && os_strstr(buf, match) == NULL) { + wpa_printf(MSG_WARNING, "TLS: Subject '%s' did not " + "match with '%s'", buf, match); + preverify_ok = 0; + wolfssl_tls_fail_event(conn, err_cert, err, depth, buf, + "Subject mismatch", + TLS_FAIL_SUBJECT_MISMATCH); + } else if (depth == 0 && altmatch && + !tls_match_altSubject(err_cert, altmatch)) { + wpa_printf(MSG_WARNING, "TLS: altSubjectName match " + "'%s' not found", altmatch); + preverify_ok = 0; + wolfssl_tls_fail_event(conn, err_cert, err, depth, buf, + "AltSubject mismatch", + TLS_FAIL_ALTSUBJECT_MISMATCH); + } else if (depth == 0 && suffix_match && + !tls_match_suffix(err_cert, suffix_match, 0)) { + wpa_printf(MSG_WARNING, "TLS: Domain suffix match '%s' not found", + suffix_match); + preverify_ok = 0; + wolfssl_tls_fail_event(conn, err_cert, err, depth, buf, + "Domain suffix mismatch", + TLS_FAIL_DOMAIN_SUFFIX_MISMATCH); + } else if (depth == 0 && domain_match && + !tls_match_suffix(err_cert, domain_match, 1)) { + wpa_printf(MSG_WARNING, "TLS: Domain match '%s' not found", + domain_match); + preverify_ok = 0; + wolfssl_tls_fail_event(conn, err_cert, err, depth, buf, + "Domain mismatch", + TLS_FAIL_DOMAIN_MISMATCH); + } else + wolfssl_tls_cert_event(conn, err_cert, depth, buf); + + if (conn->cert_probe && preverify_ok && depth == 0) { + wpa_printf(MSG_DEBUG, "wolfSSL: Reject server certificate " + "on probe-only run"); + preverify_ok = 0; + wolfssl_tls_fail_event(conn, err_cert, err, depth, buf, + "Server certificate chain probe", + TLS_FAIL_SERVER_CHAIN_PROBE); + } + +#ifdef HAVE_OCSP_OPENSSL + if (depth == 0 && (conn->flags & TLS_CONN_REQUEST_OCSP) && + preverify_ok) { + enum ocsp_result res; + + res = check_ocsp_resp(conn->ssl_ctx, conn->ssl, err_cert, + conn->peer_issuer, + conn->peer_issuer_issuer); + if (res == OCSP_REVOKED) { + preverify_ok = 0; + wolfssl_tls_fail_event(conn, err_cert, err, depth, buf, + "certificate revoked", + TLS_FAIL_REVOKED); + if (err == X509_V_OK) + X509_STORE_CTX_set_error( + x509_ctx, X509_V_ERR_CERT_REVOKED); + } else if (res != OCSP_GOOD && + (conn->flags & TLS_CONN_REQUIRE_OCSP)) { + preverify_ok = 0; + wolfssl_tls_fail_event(conn, err_cert, err, depth, buf, + "bad certificate status response", + TLS_FAIL_UNSPECIFIED); + } + } +#endif /* HAVE_OCSP */ + if (depth == 0 && preverify_ok && context->event_cb != NULL) + context->event_cb(context->cb_ctx, + TLS_CERT_CHAIN_SUCCESS, NULL); + + return preverify_ok; +} + +static int tls_connection_ca_cert(void* tls_ctx, struct tls_connection *conn, + const char* ca_cert, + const u8* ca_cert_blob, size_t blob_len, + const char *ca_path) +{ + WOLFSSL_CTX* ctx = (WOLFSSL_CTX*)tls_ctx; + + wolfSSL_set_verify(conn->ssl, SSL_VERIFY_PEER, tls_verify_cb); + conn->ca_cert_verify = 1; + + if (ca_cert && os_strncmp(ca_cert, "probe://", 8) == 0) { + wpa_printf(MSG_DEBUG, "wolfSSL: Probe for server certificate chain"); + conn->cert_probe = 1; + conn->ca_cert_verify = 0; + return 0; + } + + if (ca_cert && os_strncmp(ca_cert, "hash://", 7) == 0) { +#ifdef CONFIG_SHA256 + const char *pos = ca_cert + 7; + if (os_strncmp(pos, "server/sha256/", 14) != 0) { + wpa_printf(MSG_DEBUG, "wolfSSL: Unsupported ca_cert " + "hash value '%s'", ca_cert); + return -1; + } + pos += 14; + if (os_strlen(pos) != 32 * 2) { + wpa_printf(MSG_DEBUG, "wolfSSL: Unexpected SHA256 " + "hash length in ca_cert '%s'", ca_cert); + return -1; + } + if (hexstr2bin(pos, conn->srv_cert_hash, 32) < 0) { + wpa_printf(MSG_DEBUG, "wolfSSL: Invalid SHA256 hash " + "value in ca_cert '%s'", ca_cert); + return -1; + } + conn->server_cert_only = 1; + wpa_printf(MSG_DEBUG, "wolfSSL: Checking only server " + "certificate match"); + return 0; +#else /* CONFIG_SHA256 */ + wpa_printf(MSG_INFO, "No SHA256 included in the build - " + "cannot validate server certificate hash"); + return -1; +#endif /* CONFIG_SHA256 */ + } + + if (ca_cert_blob) { + if (wolfSSL_CTX_load_verify_buffer(ctx, ca_cert_blob, blob_len, + SSL_FILETYPE_ASN1) != SSL_SUCCESS) { + wpa_printf(MSG_INFO, "SSL: failed to load ca blob"); + return -1; + } + wpa_printf(MSG_DEBUG, "SSL: use ca cert blob OK"); + return 0; + + } + + if (ca_cert || ca_path) { + WOLFSSL_X509_STORE *cm = wolfSSL_X509_STORE_new(); + if (cm == NULL) { + wpa_printf(MSG_INFO, "SSL: failed to create certificate store"); + return -1; + } + wolfSSL_CTX_set_cert_store(ctx, cm); + XFREE(cm, NULL, DYNAMIC_TYPE_X509_STORE); + + if (wolfSSL_CTX_load_verify_locations(ctx, ca_cert, ca_path) + != SSL_SUCCESS) { + wpa_printf(MSG_INFO, "SSL: failed to load ca_cert as pem"); + + if (ca_cert) { + if (wolfSSL_CTX_der_load_verify_locations(ctx, ca_cert, + SSL_FILETYPE_ASN1) != SSL_SUCCESS) { + wpa_printf(MSG_INFO, "SSL: failed to load ca_cert as der"); + return -1; + } + } + else + return -1; + } + return 0; + } + + conn->ca_cert_verify = 0; + return 0; +} + +static void tls_set_conn_flags(WOLFSSL *ssl, unsigned int flags) +{ +#ifdef HAVE_SESSION_TICKET +#if 0 + if (!(flags & TLS_CONN_DISABLE_SESSION_TICKET)) + wolfSSL_UseSessionTicket(ssl); +#endif +#endif /* HAVE_SESSION_TICKET */ + + if (flags & TLS_CONN_DISABLE_TLSv1_0) + wolfSSL_set_options(ssl, SSL_OP_NO_TLSv1); + if (flags & TLS_CONN_DISABLE_TLSv1_1) + wolfSSL_set_options(ssl, SSL_OP_NO_TLSv1_1); + if (flags & TLS_CONN_DISABLE_TLSv1_2) + wolfSSL_set_options(ssl, SSL_OP_NO_TLSv1_2); +} + +int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn, + const struct tls_connection_params *params) +{ + wpa_printf(MSG_DEBUG, "SSL: set params"); + + if (tls_connection_set_subject_match(conn, params->subject_match, + params->altsubject_match, + params->suffix_match, + params->domain_match) < 0) { + wpa_printf(MSG_INFO, "Error setting subject match"); + return -1; + } + + if (tls_connection_ca_cert(tls_ctx, conn, params->ca_cert, + params->ca_cert_blob, params->ca_cert_blob_len, + params->ca_path) < 0) { + wpa_printf(MSG_INFO, "Error setting ca cert"); + return -1; + } + + if (tls_connection_client_cert(conn, params->client_cert, + params->client_cert_blob, + params->client_cert_blob_len) < 0) { + wpa_printf(MSG_INFO, "Error setting client cert"); + return -1; + } + + if (tls_connection_private_key(tls_ctx, conn, params->private_key, + params->private_key_passwd, + params->private_key_blob, + params->private_key_blob_len) < 0) { + wpa_printf(MSG_INFO, "Error setting private key"); + return -1; + } + + if (tls_connection_dh(conn, params->dh_file, params->dh_blob, + params->dh_blob_len) < 0) { + wpa_printf(MSG_INFO, "Error setting dh"); + return -1; + } + + if (params->openssl_ciphers && wolfSSL_set_cipher_list(conn->ssl, + params->openssl_ciphers) != 1) { + wpa_printf(MSG_INFO, "wolfSSL: Failed to set cipher string '%s'", + params->openssl_ciphers); + return -1; + } + + tls_set_conn_flags(conn->ssl, params->flags); + +#ifdef HAVE_CERTIFICATE_STATUS_REQUEST + if (params->flags & TLS_CONN_REQUEST_OCSP) { + if (wolfSSL_UseOCSPStapling(conn->ssl, WOLFSSL_CSR_OCSP, + WOLFSSL_CSR_OCSP_USE_NONCE) != SSL_SUCCESS) + return -1; + wolfSSL_CTX_EnableOCSP(tls_ctx, 0); + } +#endif +#ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2 + if (params->flags & TLS_CONN_REQUEST_OCSP) { + if (wolfSSL_UseOCSPStaplingV2(conn->ssl, WOLFSSL_CSR2_OCSP_MULTI, 0) + != SSL_SUCCESS) { + return -1; + } + wolfSSL_CTX_EnableOCSP(tls_ctx, 0); + } +#endif +#if !defined(HAVE_CERTIFICATE_STATUS_REQUEST) && \ + !defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) +#ifdef HAVE_OCSP + if (params->flags & TLS_CONN_REQUEST_OCSP) { + wolfSSL_CTX_EnableOCSP(ctx, 0); + } +#else /* HAVE_OCSP */ + if (params->flags & TLS_CONN_REQUIRE_OCSP) { + wpa_printf(MSG_INFO, + "wolfSSL: No OCSP support included - reject configuration"); + return -1; + } + if (params->flags & TLS_CONN_REQUEST_OCSP) { + wpa_printf(MSG_DEBUG, + "wolfSSL: No OCSP support included - allow optional OCSP " + "case to continue"); + } +#endif /* HAVE_OCSP */ +#endif /* !HAVE_CERTIFICATE_STATUS_REQUEST && + * !HAVE_CERTIFICATE_STATUS_REQUEST_V2 */ + + conn->flags = params->flags; + + return 0; +} + + +static int tls_global_ca_cert(void* ssl_ctx, const char* ca_cert) +{ + WOLFSSL_CTX* ctx = (WOLFSSL_CTX*)ssl_ctx; + + if (ca_cert) { + if (wolfSSL_CTX_load_verify_locations(ctx, ca_cert, NULL) != 1) { + wpa_printf(MSG_WARNING, "Failed to load root certificates"); + return -1; + } + + wpa_printf(MSG_DEBUG, "TLS: Trusted root certificate(s) loaded"); + } + + return 0; +} + + +static int tls_global_client_cert(void* ssl_ctx, const char* client_cert) +{ + WOLFSSL_CTX* ctx = (WOLFSSL_CTX*)ssl_ctx; + + if (client_cert == NULL) + return 0; + + if (wolfSSL_CTX_use_certificate_file(ctx, client_cert, + SSL_FILETYPE_ASN1) != SSL_SUCCESS && + wolfSSL_CTX_use_certificate_file(ctx, client_cert, + SSL_FILETYPE_PEM) != SSL_SUCCESS) { + wpa_printf(MSG_INFO, "Failed to load client certificate"); + return -1; + } + wpa_printf(MSG_DEBUG, "SSL: Loaded global client certificate: %s", client_cert); + + return 0; +} + + +static int tls_global_private_key(void* ssl_ctx, const char* private_key, + const char* private_key_passwd) +{ + WOLFSSL_CTX* ctx = (WOLFSSL_CTX*)ssl_ctx; + char* passwd = NULL; + int ret = 0; + + if (private_key == NULL) + return 0; + + if (private_key_passwd) { + passwd = os_strdup(private_key_passwd); + if (passwd == NULL) + return -1; + } + + wolfSSL_CTX_set_default_passwd_cb(ctx, tls_passwd_cb); + wolfSSL_CTX_set_default_passwd_cb_userdata(ctx, passwd); + + if (wolfSSL_CTX_use_PrivateKey_file(ctx, private_key, + SSL_FILETYPE_ASN1) != 1 && + wolfSSL_CTX_use_PrivateKey_file(ctx, private_key, + SSL_FILETYPE_PEM) != 1 ) { + wpa_printf(MSG_INFO, "Failed to load private key"); + ret = -1; + } + wpa_printf(MSG_DEBUG, "SSL: Loaded global private key"); + + os_free(passwd); + wolfSSL_CTX_set_default_passwd_cb(ctx, NULL); + + return ret; +} + + +static int tls_global_dh(void* ssl_ctx, const char* dh_file, + const u8* dh_blob, size_t blob_len) +{ + WOLFSSL_CTX* ctx = (WOLFSSL_CTX*)ssl_ctx; + + if (dh_file == NULL && dh_blob == NULL) + return 0; + + if (dh_blob) { + if (wolfSSL_CTX_SetTmpDH_buffer(ctx, dh_blob, blob_len, + SSL_FILETYPE_ASN1) < 0) { + wpa_printf(MSG_INFO, "SSL: global use dh der blob failed"); + return -1; + } + wpa_printf(MSG_DEBUG, "SSL: global use dh blob OK"); + return 0; + } + + if (dh_file) { + if (wolfSSL_CTX_SetTmpDH_file(ctx, dh_file, SSL_FILETYPE_PEM) < 0) { + wpa_printf(MSG_INFO, "SSL: global use dh pem file failed"); + if (wolfSSL_CTX_SetTmpDH_file(ctx, dh_file, + SSL_FILETYPE_ASN1) < 0) { + wpa_printf(MSG_INFO, "SSL: global use dh der file failed"); + return -1; + } + } + wpa_printf(MSG_DEBUG, "SSL: global use dh file OK"); + return 0; + } + + return 0; +} + +#ifdef HAVE_OCSP +int ocsp_status_cb(void* unused, const char* url, int urlSz, + unsigned char* request, int requestSz, + unsigned char** response) +{ + size_t len; + + (void)unused; + + if (url == NULL) { + wpa_printf(MSG_DEBUG, "wolfSSL: OCSP status callback - no response " + "configured"); + *response = NULL; + return 0; + } + + *response = (unsigned char*)os_readfile(url, &len); + if (*response == NULL) { + wpa_printf(MSG_DEBUG, "wolfSSL: OCSP status callback - could not read " + "response file"); + return -1; + } + wpa_printf(MSG_DEBUG, "wolfSSL: OCSP status callback - send cached " + "response"); + return len; +} + +void ocsp_resp_free_cb(void* ocsp_stapling_response, unsigned char* response) +{ + os_free(response); +} +#endif + +int tls_global_set_params(void* tls_ctx, + const struct tls_connection_params* params) +{ + wpa_printf(MSG_DEBUG, "SSL: global set params"); + + if (tls_global_ca_cert(tls_ctx, params->ca_cert) < 0) { + wpa_printf(MSG_INFO, "SSL: Failed to load ca cert file '%s'", + params->ca_cert); + return -1; + } + + if (tls_global_client_cert(tls_ctx, params->client_cert) < 0) { + wpa_printf(MSG_INFO, "SSL: Failed to load client cert file '%s'", + params->client_cert); + return -1; + } + + if (tls_global_private_key(tls_ctx, params->private_key, + params->private_key_passwd) < 0) { + wpa_printf(MSG_INFO, "SSL: Failed to load private key file '%s'", + params->private_key); + return -1; + } + + if (tls_global_dh(tls_ctx, params->dh_file, params->dh_blob, + params->dh_blob_len) < 0) { + wpa_printf(MSG_INFO, "SSL: Failed to load DH file '%s'", + params->dh_file); + return -1; + } + + if (params->openssl_ciphers && wolfSSL_CTX_set_cipher_list(tls_ctx, + params->openssl_ciphers) != 1) { + wpa_printf(MSG_INFO, "wolfSSL: Failed to set cipher string '%s'", + params->openssl_ciphers); + return -1; + } + +#ifdef HAVE_SESSION_TICKET + /* Session ticket is off by default - can't disable once on. */ + if (!(params->flags & TLS_CONN_DISABLE_SESSION_TICKET)) + wolfSSL_CTX_UseSessionTicket(tls_ctx); +#endif + +#ifdef HAVE_OCSP + if (params->ocsp_stapling_response) { + wolfSSL_CTX_SetOCSP_OverrideURL(tls_ctx, + params->ocsp_stapling_response); + wolfSSL_CTX_SetOCSP_Cb(tls_ctx, ocsp_status_cb, ocsp_resp_free_cb, + NULL); + } +#endif + + return 0; +} + + +int tls_global_set_verify(void *tls_ctx, int check_crl) +{ + wpa_printf(MSG_DEBUG, "SSL: global set verify: %d", check_crl); + + if (check_crl) { + /* Hack to Enable CRLs. */ + wolfSSL_CTX_LoadCRLBuffer((WOLFSSL_CTX*)tls_ctx, NULL, 0, + SSL_FILETYPE_PEM); + } + return 0; +} + + +int tls_connection_set_verify(void *ssl_ctx, struct tls_connection *conn, + int verify_peer, unsigned int flags, + const u8 *session_ctx, size_t session_ctx_len) +{ + if (conn == NULL) + return -1; + + wpa_printf(MSG_DEBUG, "SSL: set verify: %d", verify_peer); + + if (verify_peer) { + conn->ca_cert_verify = 1; + wolfSSL_set_verify(conn->ssl, SSL_VERIFY_PEER | + SSL_VERIFY_FAIL_IF_NO_PEER_CERT, + tls_verify_cb); + } + else { + conn->ca_cert_verify = 0; + wolfSSL_set_verify(conn->ssl, SSL_VERIFY_NONE, NULL); + } + + wolfSSL_set_accept_state(conn->ssl); + + /* do we need to fake a session like OpenSSL does here ? */ + + return 0; +} + + +static struct wpabuf* wolfssl_handshake(struct tls_connection *conn, + const struct wpabuf *in_data, + int server) +{ + int res; + + ResetOutData(&conn->output); + + /* Initiate TLS handshake or continue the existing handshake */ + if (server) { + wolfSSL_set_accept_state(conn->ssl); + res = wolfSSL_accept(conn->ssl); + wpa_printf(MSG_DEBUG, "SSL: wolfSSL_accept: %d", res); + } + else { + wolfSSL_set_connect_state(conn->ssl); + res = wolfSSL_connect(conn->ssl); + wpa_printf(MSG_DEBUG, "SSL: wolfSSL_connect: %d", res); + } + if (res != 1) { + int err = wolfSSL_get_error(conn->ssl, res); + if (err == SSL_ERROR_WANT_READ) + wpa_printf(MSG_DEBUG, "SSL: wolfSSL_connect - want more data"); + else if (err == SSL_ERROR_WANT_WRITE) + wpa_printf(MSG_DEBUG, "SSL: wolfSSL_connect - want to write"); + else { + char msg[80]; + wpa_printf(MSG_DEBUG, "SSL: wolfSSL_connect - failed %s", + wolfSSL_ERR_error_string(err, msg)); + conn->failed++; + } + } + + return conn->output.out_data; +} + + +static struct wpabuf* wolfssl_get_appl_data(struct tls_connection *conn, + size_t max_len) +{ + int res; + struct wpabuf* appl_data = wpabuf_alloc(max_len + 100); + + if (appl_data == NULL) + return NULL; + + res = wolfSSL_read(conn->ssl, wpabuf_mhead(appl_data), + wpabuf_size(appl_data)); + if (res < 0) { + int err = wolfSSL_get_error(conn->ssl, res); + if (err == SSL_ERROR_WANT_READ || + err == SSL_ERROR_WANT_WRITE) { + wpa_printf(MSG_DEBUG, "SSL: No Application Data included"); + } else { + char msg[80]; + wpa_printf(MSG_DEBUG, "Failed to read possible Application Data %s", + wolfSSL_ERR_error_string(err, msg)); + } + + wpabuf_free(appl_data); + return NULL; + } + + wpabuf_put(appl_data, res); + wpa_hexdump_buf_key(MSG_MSGDUMP, "SSL: Application Data in Finished " + "message", appl_data); + return appl_data; +} + + + + +static struct wpabuf* wolfssl_connection_handshake(struct tls_connection* conn, + const struct wpabuf* in_data, struct wpabuf** appl_data, int server) +{ + struct wpabuf* out_data; + + ResetInData(&conn->input, in_data); + + if (appl_data) + *appl_data = NULL; + + out_data = wolfssl_handshake(conn, in_data, server); + if (out_data == NULL) + return NULL; + + if (wolfSSL_is_init_finished(conn->ssl)) { + wpa_printf(MSG_DEBUG, "wolfSSL: Handshake finished - resumed=%d", + tls_connection_resumed(NULL, conn)); + if (appl_data && in_data) + *appl_data = wolfssl_get_appl_data(conn, wpabuf_len(in_data)); + } + + return out_data; +} + + +struct wpabuf * tls_connection_handshake(void *tls_ctx, + struct tls_connection *conn, + const struct wpabuf *in_data, + struct wpabuf **appl_data) +{ + return wolfssl_connection_handshake(conn, in_data, appl_data, 0); +} + + +struct wpabuf * tls_connection_server_handshake(void *tls_ctx, + struct tls_connection *conn, + const struct wpabuf *in_data, + struct wpabuf **appl_data) +{ + return wolfssl_connection_handshake(conn, in_data, appl_data, 1); +} + + +struct wpabuf * tls_connection_encrypt(void *tls_ctx, + struct tls_connection *conn, + const struct wpabuf *in_data) +{ + int res; + + if (conn == NULL) + return NULL; + + wpa_printf(MSG_DEBUG, "SSL: encrypt: %ld bytes", wpabuf_len(in_data)); + + ResetOutData(&conn->output); + + res = wolfSSL_write(conn->ssl, wpabuf_head(in_data), wpabuf_len(in_data)); + if (res < 0) { + int err = wolfSSL_get_error(conn->ssl, res); + char msg[80]; + wpa_printf(MSG_INFO, "Encryption failed - SSL_write: %s", + wolfSSL_ERR_error_string(err, msg)); + return NULL; + } + + return conn->output.out_data; +} + + +struct wpabuf * tls_connection_decrypt(void *tls_ctx, + struct tls_connection *conn, + const struct wpabuf *in_data) +{ + int res; + struct wpabuf *buf; + + if (conn == NULL) + return NULL; + + wpa_printf(MSG_DEBUG, "SSL: decrypt"); + + ResetInData(&conn->input, in_data); + + /* Read decrypted data for further processing */ + /* + * Even though we try to disable TLS compression, it is possible that + * this cannot be done with all TLS libraries. Add extra buffer space + * to handle the possibility of the decrypted data being longer than + * input data. + */ + buf = wpabuf_alloc((wpabuf_len(in_data) + 500) * 3); + if (buf == NULL) + return NULL; + res = wolfSSL_read(conn->ssl, wpabuf_mhead(buf), wpabuf_size(buf)); + if (res < 0) { + wpa_printf(MSG_INFO, "Decryption failed - SSL_read"); + wpabuf_free(buf); + return NULL; + } + wpabuf_put(buf, res); + + wpa_printf(MSG_DEBUG, "SSL: decrypt: %ld bytes", wpabuf_len(buf)); + + return buf; +} + + +int tls_connection_resumed(void *tls_ctx, struct tls_connection *conn) +{ + return conn ? wolfSSL_session_reused(conn->ssl) : 0; +} + + +int tls_connection_set_cipher_list(void *tls_ctx, struct tls_connection *conn, + u8 *ciphers) +{ + char buf[128], *pos, *end; + u8 *c; + int ret; + + if (conn == NULL || conn->ssl == NULL || ciphers == NULL) + return -1; + + buf[0] = '\0'; + pos = buf; + end = pos + sizeof(buf); + + c = ciphers; + while (*c != TLS_CIPHER_NONE) { + const char *suite; + + switch (*c) { + case TLS_CIPHER_RC4_SHA: + suite = "RC4-SHA"; + break; + case TLS_CIPHER_AES128_SHA: + suite = "AES128-SHA"; + break; + case TLS_CIPHER_RSA_DHE_AES128_SHA: + suite = "DHE-RSA-AES128-SHA"; + break; + case TLS_CIPHER_ANON_DH_AES128_SHA: + suite = "ADH-AES128-SHA"; + break; + case TLS_CIPHER_RSA_DHE_AES256_SHA: + suite = "DHE-RSA-AES256-SHA"; + break; + case TLS_CIPHER_AES256_SHA: + suite = "AES256-SHA"; + break; + default: + wpa_printf(MSG_DEBUG, "TLS: Unsupported " + "cipher selection: %d", *c); + return -1; + } + ret = os_snprintf(pos, end - pos, ":%s", suite); + if (ret < 0 || ret >= end - pos) + break; + pos += ret; + + c++; + } + + wpa_printf(MSG_DEBUG, "wolfSSL: cipher suites: %s", buf + 1); + + if (wolfSSL_set_cipher_list(conn->ssl, buf + 1) != 1) { + wpa_printf(MSG_DEBUG, "Cipher suite configuration failed"); + return -1; + } + + return 0; +} + + +int tls_get_cipher(void *tls_ctx, struct tls_connection *conn, + char *buf, size_t buflen) +{ + WOLFSSL_CIPHER* cipher; + const char* name; + + if (conn == NULL || conn->ssl == NULL) + return -1; + + cipher = wolfSSL_get_current_cipher(conn->ssl); + if (cipher == NULL) + return -1; + + name = wolfSSL_CIPHER_get_name(cipher); + if (name == NULL) + return -1; + + if (os_strcmp(name, "SSL_RSA_WITH_RC4_128_SHA") == 0) + os_strlcpy(buf, "RC4-SHA", buflen); + else if (os_strcmp(name, "TLS_RSA_WITH_AES_128_CBC_SHA") == 0) + os_strlcpy(buf, "AES128-SHA", buflen); + else if (os_strcmp(name, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA") == 0) + os_strlcpy(buf, "DHE-RSA-AES128-SHA", buflen); + else if (os_strcmp(name, "TLS_DH_anon_WITH_AES_128_CBC_SHA") == 0) + os_strlcpy(buf, "ADH-AES128-SHA", buflen); + else if (os_strcmp(name, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA") == 0) + os_strlcpy(buf, "DHE-RSA-AES256-SHA", buflen); + else if (os_strcmp(name, "TLS_RSA_WITH_AES_256_CBC_SHA") == 0) + os_strlcpy(buf, "AES256-SHA", buflen); + else + os_strlcpy(buf, name, buflen); + + return 0; +} + + +int tls_connection_enable_workaround(void *tls_ctx, + struct tls_connection *conn) +{ + /* no empty fragments in wolfSSL for now */ + return 0; +} + + +int tls_connection_get_failed(void *tls_ctx, struct tls_connection *conn) +{ + if (conn == NULL) + return -1; + + return conn->failed; +} + + +int tls_connection_get_read_alerts(void *tls_ctx, struct tls_connection *conn) +{ + if (conn == NULL) + return -1; + + return conn->readAlerts; +} + + +int tls_connection_get_write_alerts(void *tls_ctx, + struct tls_connection *conn) +{ + if (conn == NULL) + return -1; + + return conn->writeAlerts; +} + + + +int tls_get_library_version(char *buf, size_t buf_len) +{ + return os_snprintf(buf, buf_len, "wolfSSL build=%s run=%s", WOLFSSL_VERSION, + wolfSSL_lib_version()); +} + +int tls_get_version(void *ssl_ctx, struct tls_connection *conn, + char *buf, size_t buflen) +{ + const char *name; + if (conn == NULL || conn->ssl == NULL) + return -1; + + name = wolfSSL_get_version(conn->ssl); + if (name == NULL) + return -1; + + os_strlcpy(buf, name, buflen); + return 0; +} + +int tls_connection_get_random(void *ssl_ctx, struct tls_connection *conn, + struct tls_random *keys) +{ + WOLFSSL *ssl; + + if (conn == NULL || keys == NULL) + return -1; + ssl = conn->ssl; + if (ssl == NULL) + return -1; + + os_memset(keys, 0, sizeof(*keys)); + keys->client_random = conn->client_random; + keys->client_random_len = wolfSSL_get_client_random( + ssl, conn->client_random, sizeof(conn->client_random)); + keys->server_random = conn->server_random; + keys->server_random_len = wolfSSL_get_server_random( + ssl, conn->server_random, sizeof(conn->server_random)); + + return 0; +} + +int tls_connection_export_key(void *tls_ctx, struct tls_connection *conn, + const char *label, u8 *out, size_t out_len) +{ + if (!conn || wolfSSL_make_eap_keys(conn->ssl, out, out_len, label) != 0) + return -1; + return 0; +} + +int tls_connection_get_eap_fast_key(void *tls_ctx, struct tls_connection *conn, + u8 *out, size_t out_len) +{ + int ret; + + if (conn == NULL || conn->ssl == NULL) + return -1; + + ret = wolfSSL_make_eap_keys(conn->ssl, out, out_len, "key expansion"); + if (ret != 0) + return -1; + return 0; +} + +#if defined(EAP_FAST) || defined(EAP_FAST_DYNAMIC) || defined(EAP_SERVER_FAST) +int tls_connection_client_hello_ext(void *ssl_ctx, struct tls_connection *conn, + int ext_type, const u8 *data, + size_t data_len) +{ + (void)ssl_ctx; + + if (conn == NULL || conn->ssl == NULL || ext_type != 35) + return -1; + + if (wolfSSL_set_SessionTicket(conn->ssl, data, (unsigned int)data_len) != 1) + return -1; + + return 0; +} + +static int tls_sess_sec_cb(WOLFSSL *s, void *secret, int *secret_len, void *arg) +{ + struct tls_connection *conn = arg; + int ret; + unsigned char client_random[RAN_LEN]; + unsigned char server_random[RAN_LEN]; + word32 ticketLen = (word32)sizeof(conn->session_ticket); + + if (conn == NULL || conn->session_ticket_cb == NULL) + return 1; + + if (wolfSSL_get_client_random(s, client_random, sizeof(client_random)) == 0) + return 1; + if (wolfSSL_get_server_random(s, server_random, sizeof(server_random)) == 0) + return 1; + if (wolfSSL_get_SessionTicket(s, conn->session_ticket, &ticketLen) != 1) + return 1; + + if (ticketLen == 0) + return 0; + + ret = conn->session_ticket_cb(conn->session_ticket_cb_ctx, + conn->session_ticket, ticketLen, + client_random, server_random, secret); + if (ret <= 0) + return 1; + + *secret_len = SECRET_LEN; + return 0; +} +#endif /* EAP_FAST || EAP_FAST_DYNAMIC || EAP_SERVER_FAST */ + +int tls_connection_set_session_ticket_cb(void *tls_ctx, + struct tls_connection *conn, + tls_session_ticket_cb cb, + void *ctx) +{ +#if defined(EAP_FAST) || defined(EAP_FAST_DYNAMIC) || defined(EAP_SERVER_FAST) + conn->session_ticket_cb = cb; + conn->session_ticket_cb_ctx = ctx; + + if (cb) { + if (wolfSSL_set_session_secret_cb(conn->ssl, tls_sess_sec_cb, + conn) != 1) + return -1; + } else { + if (wolfSSL_set_session_secret_cb(conn->ssl, NULL, NULL) != 1) + return -1; + } + + return 0; +#else /* EAP_FAST || EAP_FAST_DYNAMIC || EAP_SERVER_FAST */ + return -1; +#endif /* EAP_FAST || EAP_FAST_DYNAMIC || EAP_SERVER_FAST */ +} + +void tls_connection_set_success_data_resumed(struct tls_connection *conn) +{ + wpa_printf(MSG_DEBUG, "wolfSSL: Success data accepted for resumed session"); +} + +void tls_connection_remove_session(struct tls_connection *conn) +{ + WOLFSSL_SESSION *sess; + + sess = wolfSSL_get_session(conn->ssl); + if (!sess) + return; + + wolfSSL_SSL_SESSION_set_timeout(sess, 0); + wpa_printf(MSG_DEBUG, "wolfSSL: Removed cached session to disable session " + "resumption"); +} + +void tls_connection_set_success_data(struct tls_connection *conn, + struct wpabuf *data) +{ + WOLFSSL_SESSION *sess; + struct wpabuf *old; + + wpa_printf(MSG_DEBUG, "wolfSSL: Set success data"); + + sess = wolfSSL_get_session(conn->ssl); + if (sess == NULL) { + wpa_printf(MSG_DEBUG, "wolfSSL: No session found for success data"); + goto fail; + } + old = wolfSSL_SESSION_get_ex_data(sess, tls_ex_idx_session); + if (old) { + wpa_printf(MSG_DEBUG, "wolfSSL: Replacing old success data %p", old); + wpabuf_free(old); + } + if (wolfSSL_SESSION_set_ex_data(sess, tls_ex_idx_session, data) != 1) + goto fail; + + wpa_printf(MSG_DEBUG, "wolfSSL: Stored success data %p", data); + conn->success_data = 1; + return; + +fail: + wpa_printf(MSG_INFO, "wolfSSL: Failed to store success data"); + wpabuf_free(data); +} + +const struct wpabuf * +tls_connection_get_success_data(struct tls_connection *conn) +{ + WOLFSSL_SESSION *sess; + + wpa_printf(MSG_DEBUG, "wolfSSL: Get success data"); + + if ((sess = wolfSSL_get_session(conn->ssl)) == NULL) + return NULL; + return wolfSSL_SESSION_get_ex_data(sess, tls_ex_idx_session); +} + + diff --git a/tests/hwsim/example-hostapd.config b/tests/hwsim/example-hostapd.config index 71a2070..2333585 100644 --- a/tests/hwsim/example-hostapd.config +++ b/tests/hwsim/example-hostapd.config @@ -1,5 +1,9 @@ #CC=ccache gcc +#CFLAGS += -L/usr/local/include/wolfssl +#LIBS += -L/usr/local/lib + + CONFIG_DRIVER_NONE=y CONFIG_DRIVER_NL80211=y CONFIG_RSN_PREAUTH=y @@ -8,6 +12,7 @@ CONFIG_RSN_PREAUTH=y #CONFIG_INTERNAL_LIBTOMMATH=y #CONFIG_INTERNAL_LIBTOMMATH_FAST=y CONFIG_TLS=openssl +#CONFIG_TLS=wolfssl CONFIG_EAP=y CONFIG_ERP=y diff --git a/tests/hwsim/example-wpa_supplicant.config b/tests/hwsim/example-wpa_supplicant.config index 4587cf7..a30b7ac 100644 --- a/tests/hwsim/example-wpa_supplicant.config +++ b/tests/hwsim/example-wpa_supplicant.config @@ -1,6 +1,10 @@ #CC=ccache gcc +#CFLAGS += -L/usr/local/include/wolfssl +#LIBS += -L/usr/local/lib + CONFIG_TLS=openssl +#CONFIG_TLS=wolfssl #CONFIG_TLS=internal #CONFIG_INTERNAL_LIBTOMMATH=y #CONFIG_INTERNAL_LIBTOMMATH_FAST=y diff --git a/tests/hwsim/test_ap_eap.py b/tests/hwsim/test_ap_eap.py index 818e341..983a850 100644 --- a/tests/hwsim/test_ap_eap.py +++ b/tests/hwsim/test_ap_eap.py @@ -40,12 +40,12 @@ def check_eap_capa(dev, method): def check_subject_match_support(dev): tls = dev.request("GET tls_library") - if not tls.startswith("OpenSSL"): + if not tls.startswith("OpenSSL") and not tls.startswith("wolfSSL"): raise HwsimSkip("subject_match not supported with this TLS library: " + tls) def check_altsubject_match_support(dev): tls = dev.request("GET tls_library") - if not tls.startswith("OpenSSL"): + if not tls.startswith("OpenSSL") and not tls.startswith("wolfSSL"): raise HwsimSkip("altsubject_match not supported with this TLS library: " + tls) def check_domain_match(dev): @@ -60,7 +60,7 @@ def check_domain_suffix_match(dev): def check_domain_match_full(dev): tls = dev.request("GET tls_library") - if not tls.startswith("OpenSSL"): + if not tls.startswith("OpenSSL") and not tls.startswith("wolfSSL"): raise HwsimSkip("domain_suffix_match requires full match with this TLS library: " + tls) def check_cert_probe_support(dev): @@ -99,6 +99,8 @@ def check_pkcs12_support(dev): tls = dev.request("GET tls_library") #if tls.startswith("internal"): # raise HwsimSkip("PKCS#12 not supported with this TLS library: " + tls) + if tls.startswith("wolfSSL"): + raise HwsimSkip("PKCS#12 not supported with this TLS library: " + tls) def check_dh_dsa_support(dev): tls = dev.request("GET tls_library") @@ -2906,7 +2908,11 @@ def test_ap_wpa2_eap_ikev2_oom(dev, apdev): time.sleep(0.02) dev[0].request("REMOVE_NETWORK all") - tests = [ (1, "os_get_random;dh_init") ] + tls = dev[0].request("GET tls_library") + if not tls.startswith("wolfSSL"): + tests = [ (1, "os_get_random;dh_init") ] + else: + tests = [ (1, "crypto_dh_init;dh_init") ] for count, func in tests: with fail_test(dev[0], count, func): dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="IKEV2", @@ -3620,8 +3626,8 @@ def test_ap_wpa2_eap_fast_cipher_suites(dev, apdev): """EAP-FAST and different TLS cipher suites""" check_eap_capa(dev[0], "FAST") tls = dev[0].request("GET tls_library") - if not tls.startswith("OpenSSL"): - raise HwsimSkip("TLS library is not OpenSSL: " + tls) + if not tls.startswith("OpenSSL") and not tls.startswith("wolfSSL"): + raise HwsimSkip("TLS library is not OpenSSL or wolfSSL: " + tls) params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap") hapd = hostapd.add_ap(apdev[0], params) @@ -3826,6 +3832,7 @@ def int_eap_server_params(): def test_ap_wpa2_eap_tls_ocsp_key_id(dev, apdev, params): """EAP-TLS and OCSP certificate signed OCSP response using key ID""" check_ocsp_support(dev[0]) + check_pkcs12_support(dev[0]) ocsp = os.path.join(params['logdir'], "ocsp-server-cache-key-id.der") if not os.path.exists(ocsp): raise HwsimSkip("No OCSP response available") @@ -3841,6 +3848,7 @@ def test_ap_wpa2_eap_tls_ocsp_key_id(dev, apdev, params): def test_ap_wpa2_eap_tls_ocsp_ca_signed_good(dev, apdev, params): """EAP-TLS and CA signed OCSP response (good)""" check_ocsp_support(dev[0]) + check_pkcs12_support(dev[0]) ocsp = os.path.join(params['logdir'], "ocsp-resp-ca-signed.der") if not os.path.exists(ocsp): raise HwsimSkip("No OCSP response available") @@ -3856,6 +3864,7 @@ def test_ap_wpa2_eap_tls_ocsp_ca_signed_good(dev, apdev, params): def test_ap_wpa2_eap_tls_ocsp_ca_signed_revoked(dev, apdev, params): """EAP-TLS and CA signed OCSP response (revoked)""" check_ocsp_support(dev[0]) + check_pkcs12_support(dev[0]) ocsp = os.path.join(params['logdir'], "ocsp-resp-ca-signed-revoked.der") if not os.path.exists(ocsp): raise HwsimSkip("No OCSP response available") @@ -3887,6 +3896,7 @@ def test_ap_wpa2_eap_tls_ocsp_ca_signed_revoked(dev, apdev, params): def test_ap_wpa2_eap_tls_ocsp_ca_signed_unknown(dev, apdev, params): """EAP-TLS and CA signed OCSP response (unknown)""" check_ocsp_support(dev[0]) + check_pkcs12_support(dev[0]) ocsp = os.path.join(params['logdir'], "ocsp-resp-ca-signed-unknown.der") if not os.path.exists(ocsp): raise HwsimSkip("No OCSP response available") @@ -3916,6 +3926,7 @@ def test_ap_wpa2_eap_tls_ocsp_ca_signed_unknown(dev, apdev, params): def test_ap_wpa2_eap_tls_ocsp_server_signed(dev, apdev, params): """EAP-TLS and server signed OCSP response""" check_ocsp_support(dev[0]) + check_pkcs12_support(dev[0]) ocsp = os.path.join(params['logdir'], "ocsp-resp-server-signed.der") if not os.path.exists(ocsp): raise HwsimSkip("No OCSP response available") @@ -3945,6 +3956,7 @@ def test_ap_wpa2_eap_tls_ocsp_server_signed(dev, apdev, params): def test_ap_wpa2_eap_tls_ocsp_invalid_data(dev, apdev): """WPA2-Enterprise connection using EAP-TLS and invalid OCSP data""" check_ocsp_support(dev[0]) + check_pkcs12_support(dev[0]) params = int_eap_server_params() params["ocsp_stapling_response"] = "auth_serv/ocsp-req.der" hostapd.add_ap(apdev[0], params) @@ -3971,6 +3983,7 @@ def test_ap_wpa2_eap_tls_ocsp_invalid_data(dev, apdev): def test_ap_wpa2_eap_tls_ocsp_invalid(dev, apdev): """WPA2-Enterprise connection using EAP-TLS and invalid OCSP response""" check_ocsp_support(dev[0]) + check_pkcs12_support(dev[0]) params = int_eap_server_params() params["ocsp_stapling_response"] = "auth_serv/ocsp-server-cache.der-invalid" hostapd.add_ap(apdev[0], params) @@ -3997,6 +4010,7 @@ def test_ap_wpa2_eap_tls_ocsp_invalid(dev, apdev): def test_ap_wpa2_eap_tls_ocsp_unknown_sign(dev, apdev): """WPA2-Enterprise connection using EAP-TLS and unknown OCSP signer""" check_ocsp_support(dev[0]) + check_pkcs12_support(dev[0]) params = int_eap_server_params() params["ocsp_stapling_response"] = "auth_serv/ocsp-server-cache.der-unknown-sign" hostapd.add_ap(apdev[0], params) @@ -4096,7 +4110,7 @@ def test_ap_wpa2_eap_ttls_optional_ocsp_unknown(dev, apdev, params): def test_ap_wpa2_eap_tls_intermediate_ca(dev, apdev, params): """EAP-TLS with intermediate server/user CA""" params = int_eap_server_params() - params["ca_cert"] = "auth_serv/iCA-server/ca-and-root.pem" + params["ca_cert"] = "auth_serv/iCA-user/ca-and-root.pem" params["server_cert"] = "auth_serv/iCA-server/server.pem" params["private_key"] = "auth_serv/iCA-server/server.key" hostapd.add_ap(apdev[0], params) @@ -4201,7 +4215,7 @@ def test_ap_wpa2_eap_tls_intermediate_ca_ocsp_sha1(dev, apdev, params): def run_ap_wpa2_eap_tls_intermediate_ca_ocsp(dev, apdev, params, md): params = int_eap_server_params() - params["ca_cert"] = "auth_serv/iCA-server/ca-and-root.pem" + params["ca_cert"] = "auth_serv/iCA-user/ca-and-root.pem" params["server_cert"] = "auth_serv/iCA-server/server.pem" params["private_key"] = "auth_serv/iCA-server/server.key" fn = ica_ocsp("server.pem", md) @@ -4236,7 +4250,7 @@ def test_ap_wpa2_eap_tls_intermediate_ca_ocsp_revoked_sha1(dev, apdev, params): def run_ap_wpa2_eap_tls_intermediate_ca_ocsp_revoked(dev, apdev, params, md): params = int_eap_server_params() - params["ca_cert"] = "auth_serv/iCA-server/ca-and-root.pem" + params["ca_cert"] = "auth_serv/iCA-user/ca-and-root.pem" params["server_cert"] = "auth_serv/iCA-server/server-revoked.pem" params["private_key"] = "auth_serv/iCA-server/server-revoked.key" fn = ica_ocsp("server-revoked.pem", md) @@ -4286,7 +4300,7 @@ def test_ap_wpa2_eap_tls_intermediate_ca_ocsp_multi_missing_resp(dev, apdev, par check_ocsp_multi_support(dev[0]) params = int_eap_server_params() - params["ca_cert"] = "auth_serv/iCA-server/ca-and-root.pem" + params["ca_cert"] = "auth_serv/iCA-user/ca-and-root.pem" params["server_cert"] = "auth_serv/iCA-server/server.pem" params["private_key"] = "auth_serv/iCA-server/server.key" fn = ica_ocsp("server.pem") @@ -4336,7 +4350,7 @@ def test_ap_wpa2_eap_tls_intermediate_ca_ocsp_multi(dev, apdev, params): check_ocsp_multi_support(dev[0]) params = int_eap_server_params() - params["ca_cert"] = "auth_serv/iCA-server/ca-and-root.pem" + params["ca_cert"] = "auth_serv/iCA-user/ca-and-root.pem" params["server_cert"] = "auth_serv/iCA-server/server.pem" params["private_key"] = "auth_serv/iCA-server/server.key" fn = ica_ocsp("server.pem") @@ -4384,6 +4398,7 @@ def test_ap_wpa2_eap_tls_ocsp_multi_revoked(dev, apdev, params): """EAP-TLS and CA signed OCSP multi response (revoked)""" check_ocsp_support(dev[0]) check_ocsp_multi_support(dev[0]) + check_pkcs12_support(dev[0]) ocsp_revoked = os.path.join(params['logdir'], "ocsp-resp-ca-signed-revoked.der") @@ -4443,6 +4458,7 @@ def test_ap_wpa2_eap_tls_ocsp_multi_revoked(dev, apdev, params): def test_ap_wpa2_eap_tls_domain_suffix_match_cn_full(dev, apdev): """WPA2-Enterprise using EAP-TLS and domain suffix match (CN)""" check_domain_match_full(dev[0]) + check_pkcs12_support(dev[0]) params = int_eap_server_params() params["server_cert"] = "auth_serv/server-no-dnsname.pem" params["private_key"] = "auth_serv/server-no-dnsname.key" @@ -4457,6 +4473,7 @@ def test_ap_wpa2_eap_tls_domain_suffix_match_cn_full(dev, apdev): def test_ap_wpa2_eap_tls_domain_match_cn(dev, apdev): """WPA2-Enterprise using EAP-TLS and domainmatch (CN)""" check_domain_match(dev[0]) + check_pkcs12_support(dev[0]) params = int_eap_server_params() params["server_cert"] = "auth_serv/server-no-dnsname.pem" params["private_key"] = "auth_serv/server-no-dnsname.key" @@ -4471,6 +4488,7 @@ def test_ap_wpa2_eap_tls_domain_match_cn(dev, apdev): def test_ap_wpa2_eap_tls_domain_suffix_match_cn(dev, apdev): """WPA2-Enterprise using EAP-TLS and domain suffix match (CN)""" check_domain_match_full(dev[0]) + check_pkcs12_support(dev[0]) params = int_eap_server_params() params["server_cert"] = "auth_serv/server-no-dnsname.pem" params["private_key"] = "auth_serv/server-no-dnsname.key" @@ -4485,6 +4503,7 @@ def test_ap_wpa2_eap_tls_domain_suffix_match_cn(dev, apdev): def test_ap_wpa2_eap_tls_domain_suffix_mismatch_cn(dev, apdev): """WPA2-Enterprise using EAP-TLS and domain suffix mismatch (CN)""" check_domain_suffix_match(dev[0]) + check_pkcs12_support(dev[0]) params = int_eap_server_params() params["server_cert"] = "auth_serv/server-no-dnsname.pem" params["private_key"] = "auth_serv/server-no-dnsname.key" @@ -4513,6 +4532,7 @@ def test_ap_wpa2_eap_tls_domain_suffix_mismatch_cn(dev, apdev): def test_ap_wpa2_eap_tls_domain_mismatch_cn(dev, apdev): """WPA2-Enterprise using EAP-TLS and domain mismatch (CN)""" check_domain_match(dev[0]) + check_pkcs12_support(dev[0]) params = int_eap_server_params() params["server_cert"] = "auth_serv/server-no-dnsname.pem" params["private_key"] = "auth_serv/server-no-dnsname.key" @@ -5304,6 +5324,11 @@ def test_ap_wpa2_eap_tls_versions(dev, apdev): check_tls_ver(dev[0], hapd, "tls_disable_tlsv1_0=1 tls_disable_tlsv1_1=1", "TLSv1.2") + if tls.startswith("wolfSSL"): + if "build=3.10.0" in tls and "run=3.10.0" in tls: + check_tls_ver(dev[0], hapd, + "tls_disable_tlsv1_0=1 tls_disable_tlsv1_1=1", + "TLSv1.2") elif tls.startswith("internal"): check_tls_ver(dev[0], hapd, "tls_disable_tlsv1_0=1 tls_disable_tlsv1_1=1", "TLSv1.2") @@ -5351,7 +5376,7 @@ def test_rsn_ie_proto_eap_sta(dev, apdev): def check_tls_session_resumption_capa(dev, hapd): tls = hapd.request("GET tls_library") if not tls.startswith("OpenSSL"): - raise HwsimSkip("hostapd TLS library is not OpenSSL: " + tls) + raise HwsimSkip("hostapd TLS library is not OpenSSL or wolfSSL: " + tls) tls = dev.request("GET tls_library") if not tls.startswith("OpenSSL"): @@ -5497,6 +5522,7 @@ def test_eap_ttls_no_session_resumption(dev, apdev): def test_eap_peap_session_resumption(dev, apdev): """EAP-PEAP session resumption""" + check_eap_capa(dev[0], "MSCHAPV2") params = int_eap_server_params() params['tls_session_lifetime'] = '60' hapd = hostapd.add_ap(apdev[0], params) diff --git a/wpa_supplicant/Makefile b/wpa_supplicant/Makefile index 4431755..efa9b90 100644 --- a/wpa_supplicant/Makefile +++ b/wpa_supplicant/Makefile @@ -93,8 +93,12 @@ endif ifdef CONFIG_FIPS CONFIG_NO_RANDOM_POOL= +ifeq ($(CONFIG_TLS), wolfssl) +CONFIG_WOLFSSL_CMAC=y +else CONFIG_OPENSSL_CMAC=y endif +endif OBJS = config.o OBJS += notify.o @@ -709,6 +713,9 @@ endif ifdef CONFIG_EAP_PWD CFLAGS += -DEAP_PWD +ifeq ($(CONFIG_TLS), wolfssl) +CFLAGS += -DCONFIG_ECC +endif OBJS += ../src/eap_peer/eap_pwd.o ../src/eap_common/eap_pwd_common.o CONFIG_IEEE8021X_EAPOL=y NEED_SHA256=y @@ -1054,6 +1061,22 @@ CFLAGS += -DCONFIG_TLSV12 NEED_SHA256=y endif +ifeq ($(CONFIG_TLS), wolfssl) +CONFIG_WOLFSSL_CMAC=y +CFLAGS += -DCRYPTO_ABSTRACT_API +ifdef TLS_FUNCS +CFLAGS += -DWOLFSSL_DER_LOAD -I/usr/local/include/wolfssl +OBJS += ../src/crypto/tls_wolfssl.o +endif +OBJS += ../src/crypto/crypto_wolfssl.o +OBJS_p += ../src/crypto/crypto_wolfssl.o +ifdef NEED_FIPS186_2_PRF +OBJS += ../src/crypto/fips_prf_wolfssl.o +endif +LIBS += -lwolfssl -lm +LIBS_p += -lwolfssl -lm +endif + ifeq ($(CONFIG_TLS), openssl) ifdef TLS_FUNCS CFLAGS += -DEAP_TLS_OPENSSL @@ -1274,8 +1297,10 @@ AESOBJS += ../src/crypto/aes-internal.o ../src/crypto/aes-internal-dec.o endif ifneq ($(CONFIG_TLS), openssl) +ifneq ($(CONFIG_TLS), wolfssl) NEED_INTERNAL_AES_WRAP=y endif +endif ifdef CONFIG_OPENSSL_INTERNAL_AES_WRAP # Seems to be needed at least with BoringSSL NEED_INTERNAL_AES_WRAP=y @@ -1314,10 +1339,21 @@ ifdef CONFIG_OPENSSL_CMAC CFLAGS += -DCONFIG_OPENSSL_CMAC else ifneq ($(CONFIG_TLS), linux) +ifneq ($(CONFIG_TLS), wolfssl) AESOBJS += ../src/crypto/aes-omac1.o endif endif endif +ifdef CONFIG_WOLFSSL_CMAC +CFLAGS += -DCONFIG_WOLFSSL_CMAC +else +ifneq ($(CONFIG_TLS), linux) +ifneq ($(CONFIG_TLS), wolfssl) +AESOBJS += ../src/crypto/aes-omac1.o +endif +endif +endif +endif ifdef NEED_AES_WRAP NEED_AES_ENC=y ifdef NEED_INTERNAL_AES_WRAP @@ -1328,10 +1364,12 @@ ifdef NEED_AES_CBC NEED_AES_ENC=y ifneq ($(CONFIG_TLS), openssl) ifneq ($(CONFIG_TLS), linux) +ifneq ($(CONFIG_TLS), wolfssl) AESOBJS += ../src/crypto/aes-cbc.o endif endif endif +endif ifdef NEED_AES_ENC ifdef CONFIG_INTERNAL_AES AESOBJS += ../src/crypto/aes-internal-enc.o @@ -1345,10 +1383,12 @@ ifdef NEED_SHA1 ifneq ($(CONFIG_TLS), openssl) ifneq ($(CONFIG_TLS), linux) ifneq ($(CONFIG_TLS), gnutls) +ifneq ($(CONFIG_TLS), wolfssl) SHA1OBJS += ../src/crypto/sha1.o endif endif endif +endif SHA1OBJS += ../src/crypto/sha1-prf.o ifdef CONFIG_INTERNAL_SHA1 SHA1OBJS += ../src/crypto/sha1-internal.o @@ -1360,9 +1400,11 @@ ifdef CONFIG_NO_WPA_PASSPHRASE CFLAGS += -DCONFIG_NO_PBKDF2 else ifneq ($(CONFIG_TLS), openssl) +ifneq ($(CONFIG_TLS), wolfssl) SHA1OBJS += ../src/crypto/sha1-pbkdf2.o endif endif +endif ifdef NEED_T_PRF SHA1OBJS += ../src/crypto/sha1-tprf.o endif @@ -1375,11 +1417,13 @@ ifndef CONFIG_FIPS ifneq ($(CONFIG_TLS), openssl) ifneq ($(CONFIG_TLS), linux) ifneq ($(CONFIG_TLS), gnutls) +ifneq ($(CONFIG_TLS), wolfssl) MD5OBJS += ../src/crypto/md5.o endif endif endif endif +endif ifdef NEED_MD5 ifdef CONFIG_INTERNAL_MD5 MD5OBJS += ../src/crypto/md5-internal.o @@ -1397,6 +1441,9 @@ endif DESOBJS = # none needed when not internal ifdef NEED_DES +ifndef CONFIG_FIPS +CFLAGS += -DCONFIG_DES +endif ifdef CONFIG_INTERNAL_DES DESOBJS += ../src/crypto/des-internal.o endif @@ -1420,10 +1467,12 @@ CFLAGS += -DCONFIG_SHA256 ifneq ($(CONFIG_TLS), openssl) ifneq ($(CONFIG_TLS), linux) ifneq ($(CONFIG_TLS), gnutls) +ifneq ($(CONFIG_TLS), wolfssl) SHA256OBJS += ../src/crypto/sha256.o endif endif endif +endif SHA256OBJS += ../src/crypto/sha256-prf.o ifdef CONFIG_INTERNAL_SHA256 SHA256OBJS += ../src/crypto/sha256-internal.o @@ -1457,10 +1506,12 @@ ifdef NEED_SHA384 ifneq ($(CONFIG_TLS), openssl) ifneq ($(CONFIG_TLS), linux) ifneq ($(CONFIG_TLS), gnutls) +ifneq ($(CONFIG_TLS), wolfssl) OBJS += ../src/crypto/sha384.o endif endif endif +endif CFLAGS += -DCONFIG_SHA384 OBJS += ../src/crypto/sha384-prf.o endif @@ -1668,9 +1719,11 @@ endif ifdef CONFIG_FIPS CFLAGS += -DCONFIG_FIPS ifneq ($(CONFIG_TLS), openssl) +ifneq ($(CONFIG_TLS), wolfssl) $(error CONFIG_FIPS=y requires CONFIG_TLS=openssl) endif endif +endif OBJS += $(SHA1OBJS) $(DESOBJS)

Proposed Patch: Support for wolfSSL

Commit Message

Comments

Patch