aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJohannes Berg <johannes@sipsolutions.net>2009-08-11 17:06:23 (GMT)
committerJouni Malinen <j@w1.fi>2009-08-11 17:06:23 (GMT)
commit05edfe29943afe073f500129c7c3e00b540e8c4d (patch)
treecf92916ddeeb71dbadb4f0de55763060ca336ad4
parentad01a5315e6b23c8bc31d65a3f192f41d7a8595b (diff)
downloadhostap-05edfe29943afe073f500129c7c3e00b540e8c4d.zip
hostap-05edfe29943afe073f500129c7c3e00b540e8c4d.tar.gz
hostap-05edfe29943afe073f500129c7c3e00b540e8c4d.tar.bz2
Crypto build cleanup: remove NEED_FIPS186_2_PRF
Instead of using a define and conditional building of crypto wrapper parts, move the FIPS 186-2 PRF implementation into separate files.
-rw-r--r--hostapd/Makefile17
-rw-r--r--src/crypto/crypto_gnutls.c9
-rw-r--r--src/crypto/crypto_openssl.c67
-rw-r--r--src/crypto/fips_prf_gnutls.c26
-rw-r--r--src/crypto/fips_prf_internal.c75
-rw-r--r--src/crypto/fips_prf_openssl.c83
-rw-r--r--src/crypto/sha1-internal.c60
-rw-r--r--wpa_supplicant/Makefile15
8 files changed, 210 insertions, 142 deletions
diff --git a/hostapd/Makefile b/hostapd/Makefile
index cb33f7f..04f9b87 100644
--- a/hostapd/Makefile
+++ b/hostapd/Makefile
@@ -485,12 +485,22 @@ ifeq ($(CONFIG_TLS), openssl)
OBJS += ../src/crypto/crypto_openssl.o
OBJS_p += ../src/crypto/crypto_openssl.o
HOBJS += ../src/crypto/crypto_openssl.o
+ifdef NEED_FIPS186_2_PRF
+OBJS += ../src/crypto/fips_prf_openssl.o
+OBJS_p += ../src/crypto/fips_prf_openssl.o
+HOBJS += ../src/crypto/fips_prf_openssl.o
+endif
CONFIG_INTERNAL_SHA256=y
endif
ifeq ($(CONFIG_TLS), gnutls)
OBJS += ../src/crypto/crypto_gnutls.o
OBJS_p += ../src/crypto/crypto_gnutls.o
HOBJS += ../src/crypto/crypto_gnutls.o
+ifdef NEED_FIPS186_2_PRF
+OBJS += ../src/crypto/fips_prf_gnutls.o
+OBJS_p += ../src/crypto/fips_prf_gnutls.o
+HOBJS += ../src/crypto/fips_prf_gnutls.o
+endif
CONFIG_INTERNAL_SHA256=y
endif
ifeq ($(CONFIG_TLS), internal)
@@ -532,6 +542,9 @@ AESOBJS += ../src/crypto/aes-internal.o
endif
ifdef CONFIG_INTERNAL_SHA1
OBJS += ../src/crypto/sha1-internal.o
+ifdef NEED_FIPS186_2_PRF
+OBJS += ../src/crypto/fips_prf_internal.o
+endif
endif
ifdef CONFIG_INTERNAL_MD5
OBJS += ../src/crypto/md5-internal.o
@@ -554,10 +567,6 @@ ifdef NEED_DH_GROUPS
OBJS += ../src/crypto/dh_groups.o
endif
-ifndef NEED_FIPS186_2_PRF
-CFLAGS += -DCONFIG_NO_FIPS186_2_PRF
-endif
-
ifndef NEED_T_PRF
CFLAGS += -DCONFIG_NO_T_PRF
endif
diff --git a/src/crypto/crypto_gnutls.c b/src/crypto/crypto_gnutls.c
index 8f8611c..1d658bd 100644
--- a/src/crypto/crypto_gnutls.c
+++ b/src/crypto/crypto_gnutls.c
@@ -91,15 +91,6 @@ void sha1_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac)
}
-#ifndef CONFIG_NO_FIPS186_2_PRF
-int fips186_2_prf(const u8 *seed, size_t seed_len, u8 *x, size_t xlen)
-{
- /* FIX: how to do this with libgcrypt? */
- return -1;
-}
-#endif /* CONFIG_NO_FIPS186_2_PRF */
-
-
void * aes_encrypt_init(const u8 *key, size_t len)
{
gcry_cipher_hd_t hd;
diff --git a/src/crypto/crypto_openssl.c b/src/crypto/crypto_openssl.c
index a4c3415..09f94a0 100644
--- a/src/crypto/crypto_openssl.c
+++ b/src/crypto/crypto_openssl.c
@@ -90,73 +90,6 @@ void sha1_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac)
SHA1_Final(mac, &ctx);
}
-
-#ifndef CONFIG_NO_FIPS186_2_PRF
-static void sha1_transform(u8 *state, const u8 data[64])
-{
- SHA_CTX context;
- os_memset(&context, 0, sizeof(context));
- os_memcpy(&context.h0, state, 5 * 4);
- SHA1_Transform(&context, data);
- os_memcpy(state, &context.h0, 5 * 4);
-}
-
-
-int fips186_2_prf(const u8 *seed, size_t seed_len, u8 *x, size_t xlen)
-{
- u8 xkey[64];
- u32 t[5], _t[5];
- int i, j, m, k;
- u8 *xpos = x;
- u32 carry;
-
- if (seed_len > sizeof(xkey))
- seed_len = sizeof(xkey);
-
- /* FIPS 186-2 + change notice 1 */
-
- os_memcpy(xkey, seed, seed_len);
- os_memset(xkey + seed_len, 0, 64 - seed_len);
- t[0] = 0x67452301;
- t[1] = 0xEFCDAB89;
- t[2] = 0x98BADCFE;
- t[3] = 0x10325476;
- t[4] = 0xC3D2E1F0;
-
- m = xlen / 40;
- for (j = 0; j < m; j++) {
- /* XSEED_j = 0 */
- for (i = 0; i < 2; i++) {
- /* XVAL = (XKEY + XSEED_j) mod 2^b */
-
- /* w_i = G(t, XVAL) */
- os_memcpy(_t, t, 20);
- sha1_transform((u8 *) _t, xkey);
- _t[0] = host_to_be32(_t[0]);
- _t[1] = host_to_be32(_t[1]);
- _t[2] = host_to_be32(_t[2]);
- _t[3] = host_to_be32(_t[3]);
- _t[4] = host_to_be32(_t[4]);
- os_memcpy(xpos, _t, 20);
-
- /* XKEY = (1 + XKEY + w_i) mod 2^b */
- carry = 1;
- for (k = 19; k >= 0; k--) {
- carry += xkey[k] + xpos[k];
- xkey[k] = carry & 0xff;
- carry >>= 8;
- }
-
- xpos += 20;
- }
- /* x_j = w_0|w_1 */
- }
-
- return 0;
-}
-#endif /* CONFIG_NO_FIPS186_2_PRF */
-
-
void * aes_encrypt_init(const u8 *key, size_t len)
{
AES_KEY *ak;
diff --git a/src/crypto/fips_prf_gnutls.c b/src/crypto/fips_prf_gnutls.c
new file mode 100644
index 0000000..f742e98
--- /dev/null
+++ b/src/crypto/fips_prf_gnutls.c
@@ -0,0 +1,26 @@
+/*
+ * FIPS 186-2 PRF for libgcrypt
+ * Copyright (c) 2004-2009, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+#include <gcrypt.h>
+
+#include "common.h"
+#include "crypto.h"
+
+
+int fips186_2_prf(const u8 *seed, size_t seed_len, u8 *x, size_t xlen)
+{
+ /* FIX: how to do this with libgcrypt? */
+ return -1;
+}
diff --git a/src/crypto/fips_prf_internal.c b/src/crypto/fips_prf_internal.c
new file mode 100644
index 0000000..30acb64
--- /dev/null
+++ b/src/crypto/fips_prf_internal.c
@@ -0,0 +1,75 @@
+/*
+ * FIPS 186-2 PRF for internal crypto implementation
+ * Copyright (c) 2006-2007, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+
+#include "common.h"
+#include "sha1.h"
+#include "crypto.h"
+
+void SHA1Transform(u32 state[5], const unsigned char buffer[64]);
+
+
+int fips186_2_prf(const u8 *seed, size_t seed_len, u8 *x, size_t xlen)
+{
+ u8 xkey[64];
+ u32 t[5], _t[5];
+ int i, j, m, k;
+ u8 *xpos = x;
+ u32 carry;
+
+ if (seed_len > sizeof(xkey))
+ seed_len = sizeof(xkey);
+
+ /* FIPS 186-2 + change notice 1 */
+
+ os_memcpy(xkey, seed, seed_len);
+ os_memset(xkey + seed_len, 0, 64 - seed_len);
+ t[0] = 0x67452301;
+ t[1] = 0xEFCDAB89;
+ t[2] = 0x98BADCFE;
+ t[3] = 0x10325476;
+ t[4] = 0xC3D2E1F0;
+
+ m = xlen / 40;
+ for (j = 0; j < m; j++) {
+ /* XSEED_j = 0 */
+ for (i = 0; i < 2; i++) {
+ /* XVAL = (XKEY + XSEED_j) mod 2^b */
+
+ /* w_i = G(t, XVAL) */
+ os_memcpy(_t, t, 20);
+ SHA1Transform(_t, xkey);
+ _t[0] = host_to_be32(_t[0]);
+ _t[1] = host_to_be32(_t[1]);
+ _t[2] = host_to_be32(_t[2]);
+ _t[3] = host_to_be32(_t[3]);
+ _t[4] = host_to_be32(_t[4]);
+ os_memcpy(xpos, _t, 20);
+
+ /* XKEY = (1 + XKEY + w_i) mod 2^b */
+ carry = 1;
+ for (k = 19; k >= 0; k--) {
+ carry += xkey[k] + xpos[k];
+ xkey[k] = carry & 0xff;
+ carry >>= 8;
+ }
+
+ xpos += SHA1_MAC_LEN;
+ }
+ /* x_j = w_0|w_1 */
+ }
+
+ return 0;
+}
diff --git a/src/crypto/fips_prf_openssl.c b/src/crypto/fips_prf_openssl.c
new file mode 100644
index 0000000..d0af983
--- /dev/null
+++ b/src/crypto/fips_prf_openssl.c
@@ -0,0 +1,83 @@
+/*
+ * FIPS 186-2 PRF for libcrypto
+ * Copyright (c) 2004-2005, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+#include <openssl/sha.h>
+
+#include "common.h"
+#include "crypto.h"
+
+
+static void sha1_transform(u8 *state, const u8 data[64])
+{
+ SHA_CTX context;
+ os_memset(&context, 0, sizeof(context));
+ os_memcpy(&context.h0, state, 5 * 4);
+ SHA1_Transform(&context, data);
+ os_memcpy(state, &context.h0, 5 * 4);
+}
+
+
+int fips186_2_prf(const u8 *seed, size_t seed_len, u8 *x, size_t xlen)
+{
+ u8 xkey[64];
+ u32 t[5], _t[5];
+ int i, j, m, k;
+ u8 *xpos = x;
+ u32 carry;
+
+ if (seed_len > sizeof(xkey))
+ seed_len = sizeof(xkey);
+
+ /* FIPS 186-2 + change notice 1 */
+
+ os_memcpy(xkey, seed, seed_len);
+ os_memset(xkey + seed_len, 0, 64 - seed_len);
+ t[0] = 0x67452301;
+ t[1] = 0xEFCDAB89;
+ t[2] = 0x98BADCFE;
+ t[3] = 0x10325476;
+ t[4] = 0xC3D2E1F0;
+
+ m = xlen / 40;
+ for (j = 0; j < m; j++) {
+ /* XSEED_j = 0 */
+ for (i = 0; i < 2; i++) {
+ /* XVAL = (XKEY + XSEED_j) mod 2^b */
+
+ /* w_i = G(t, XVAL) */
+ os_memcpy(_t, t, 20);
+ sha1_transform((u8 *) _t, xkey);
+ _t[0] = host_to_be32(_t[0]);
+ _t[1] = host_to_be32(_t[1]);
+ _t[2] = host_to_be32(_t[2]);
+ _t[3] = host_to_be32(_t[3]);
+ _t[4] = host_to_be32(_t[4]);
+ os_memcpy(xpos, _t, 20);
+
+ /* XKEY = (1 + XKEY + w_i) mod 2^b */
+ carry = 1;
+ for (k = 19; k >= 0; k--) {
+ carry += xkey[k] + xpos[k];
+ xkey[k] = carry & 0xff;
+ carry >>= 8;
+ }
+
+ xpos += 20;
+ }
+ /* x_j = w_0|w_1 */
+ }
+
+ return 0;
+}
diff --git a/src/crypto/sha1-internal.c b/src/crypto/sha1-internal.c
index 702b861..f40401c 100644
--- a/src/crypto/sha1-internal.c
+++ b/src/crypto/sha1-internal.c
@@ -32,7 +32,7 @@ static void SHA1Init(struct SHA1Context *context);
static void SHA1Update(struct SHA1Context *context, const void *data, u32 len);
static void SHA1Final(unsigned char digest[20], struct SHA1Context *context);
#endif /* CONFIG_CRYPTO_INTERNAL */
-static void SHA1Transform(u32 state[5], const unsigned char buffer[64]);
+void SHA1Transform(u32 state[5], const unsigned char buffer[64]);
/**
@@ -55,62 +55,6 @@ void sha1_vector(size_t num_elem, const u8 *addr[], const size_t *len,
}
-#ifndef CONFIG_NO_FIPS186_2_PRF
-int fips186_2_prf(const u8 *seed, size_t seed_len, u8 *x, size_t xlen)
-{
- u8 xkey[64];
- u32 t[5], _t[5];
- int i, j, m, k;
- u8 *xpos = x;
- u32 carry;
-
- if (seed_len > sizeof(xkey))
- seed_len = sizeof(xkey);
-
- /* FIPS 186-2 + change notice 1 */
-
- os_memcpy(xkey, seed, seed_len);
- os_memset(xkey + seed_len, 0, 64 - seed_len);
- t[0] = 0x67452301;
- t[1] = 0xEFCDAB89;
- t[2] = 0x98BADCFE;
- t[3] = 0x10325476;
- t[4] = 0xC3D2E1F0;
-
- m = xlen / 40;
- for (j = 0; j < m; j++) {
- /* XSEED_j = 0 */
- for (i = 0; i < 2; i++) {
- /* XVAL = (XKEY + XSEED_j) mod 2^b */
-
- /* w_i = G(t, XVAL) */
- os_memcpy(_t, t, 20);
- SHA1Transform(_t, xkey);
- _t[0] = host_to_be32(_t[0]);
- _t[1] = host_to_be32(_t[1]);
- _t[2] = host_to_be32(_t[2]);
- _t[3] = host_to_be32(_t[3]);
- _t[4] = host_to_be32(_t[4]);
- os_memcpy(xpos, _t, 20);
-
- /* XKEY = (1 + XKEY + w_i) mod 2^b */
- carry = 1;
- for (k = 19; k >= 0; k--) {
- carry += xkey[k] + xpos[k];
- xkey[k] = carry & 0xff;
- carry >>= 8;
- }
-
- xpos += SHA1_MAC_LEN;
- }
- /* x_j = w_0|w_1 */
- }
-
- return 0;
-}
-#endif /* CONFIG_NO_FIPS186_2_PRF */
-
-
/* ===== start - public domain SHA1 implementation ===== */
/*
@@ -239,7 +183,7 @@ void SHAPrintContext(SHA1_CTX *context, char *msg)
/* Hash a single 512-bit block. This is the core of the algorithm. */
-static void SHA1Transform(u32 state[5], const unsigned char buffer[64])
+void SHA1Transform(u32 state[5], const unsigned char buffer[64])
{
u32 a, b, c, d, e;
typedef union {
diff --git a/wpa_supplicant/Makefile b/wpa_supplicant/Makefile
index f0eb364..54a0190 100644
--- a/wpa_supplicant/Makefile
+++ b/wpa_supplicant/Makefile
@@ -845,11 +845,19 @@ endif
ifeq ($(CONFIG_TLS), openssl)
OBJS += ../src/crypto/crypto_openssl.o
OBJS_p += ../src/crypto/crypto_openssl.o
+ifdef NEED_FIPS186_2_PRF
+OBJS += ../src/crypto/fips_prf_openssl.o
+OBJS_p += ../src/crypto/fips_prf_openssl.o
+endif
CONFIG_INTERNAL_SHA256=y
endif
ifeq ($(CONFIG_TLS), gnutls)
OBJS += ../src/crypto/crypto_gnutls.o
OBJS_p += ../src/crypto/crypto_gnutls.o
+ifdef NEED_FIPS186_2_PRF
+OBJS += ../src/crypto/fips_prf_gnutls.o
+OBJS_p += ../src/crypto/fips_prf_gnutls.o
+endif
CONFIG_INTERNAL_SHA256=y
endif
ifeq ($(CONFIG_TLS), schannel)
@@ -906,6 +914,9 @@ AESOBJS += ../src/crypto/aes-internal.o
endif
ifdef CONFIG_INTERNAL_SHA1
SHA1OBJS += ../src/crypto/sha1-internal.o
+ifdef NEED_FIPS186_2_PRF
+SHA1OBJS += ../src/crypto/fips_prf_internal.o
+endif
endif
ifdef CONFIG_INTERNAL_MD5
MD5OBJS += ../src/crypto/md5-internal.o
@@ -1075,10 +1086,6 @@ ifdef NEED_DH_GROUPS
OBJS += ../src/crypto/dh_groups.o
endif
-ifndef NEED_FIPS186_2_PRF
-CFLAGS += -DCONFIG_NO_FIPS186_2_PRF
-endif
-
ifndef NEED_T_PRF
CFLAGS += -DCONFIG_NO_T_PRF
endif