aboutsummaryrefslogtreecommitdiffstats
path: root/hostapd
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2017-02-26 23:10:02 (GMT)
committerJouni Malinen <j@w1.fi>2017-02-28 09:24:15 (GMT)
commit206516e8c2bdd12651438a0c5c355e4bce343611 (patch)
tree7d5d5d46e298a403d81c06344c4a6d79fcd39bac /hostapd
parentb41d3e0a7578c52207b7a09fbbbbb29563614873 (diff)
downloadhostap-206516e8c2bdd12651438a0c5c355e4bce343611.zip
hostap-206516e8c2bdd12651438a0c5c355e4bce343611.tar.gz
hostap-206516e8c2bdd12651438a0c5c355e4bce343611.tar.bz2
af_alg: Crypto wrappers for Linux kernel crypto (AF_ALG)
CONFIG_TLS=linux can now be used to select the crypto implementation that uses the user space socket interface (AF_ALG) for the Linux kernel crypto implementation. This commit includes some of the cipher, hash, and HMAC functions. The functions that are not available through AF_ALG (e.g., the actual TLS implementation) use the internal implementation (CONFIG_TLS=internal). Signed-off-by: Jouni Malinen <j@w1.fi>
Diffstat (limited to 'hostapd')
-rw-r--r--hostapd/Makefile60
-rw-r--r--hostapd/defconfig1
2 files changed, 61 insertions, 0 deletions
diff --git a/hostapd/Makefile b/hostapd/Makefile
index ea9234b..bc56c4c 100644
--- a/hostapd/Makefile
+++ b/hostapd/Makefile
@@ -732,6 +732,47 @@ CONFIG_INTERNAL_RC4=y
endif
endif
+ifeq ($(CONFIG_TLS), linux)
+OBJS += ../src/crypto/crypto_linux.o
+ifdef TLS_FUNCS
+OBJS += ../src/crypto/crypto_internal-rsa.o
+OBJS += ../src/crypto/tls_internal.o
+OBJS += ../src/tls/tlsv1_common.o
+OBJS += ../src/tls/tlsv1_record.o
+OBJS += ../src/tls/tlsv1_cred.o
+OBJS += ../src/tls/tlsv1_server.o
+OBJS += ../src/tls/tlsv1_server_write.o
+OBJS += ../src/tls/tlsv1_server_read.o
+OBJS += ../src/tls/asn1.o
+OBJS += ../src/tls/rsa.o
+OBJS += ../src/tls/x509v3.o
+OBJS += ../src/tls/pkcs1.o
+OBJS += ../src/tls/pkcs5.o
+OBJS += ../src/tls/pkcs8.o
+NEED_SHA256=y
+NEED_BASE64=y
+NEED_TLS_PRF=y
+ifdef CONFIG_TLSV12
+NEED_TLS_PRF_SHA256=y
+endif
+NEED_MODEXP=y
+NEED_CIPHER=y
+CFLAGS += -DCONFIG_TLS_INTERNAL
+CFLAGS += -DCONFIG_TLS_INTERNAL_SERVER
+endif
+ifdef NEED_MODEXP
+OBJS += ../src/crypto/crypto_internal-modexp.o
+OBJS += ../src/tls/bignum.o
+CFLAGS += -DCONFIG_INTERNAL_LIBTOMMATH
+CFLAGS += -DLTM_FAST
+endif
+CONFIG_INTERNAL_DH_GROUP5=y
+ifdef NEED_FIPS186_2_PRF
+OBJS += ../src/crypto/fips_prf_internal.o
+OBJS += ../src/crypto/sha1-internal.o
+endif
+endif
+
ifeq ($(CONFIG_TLS), none)
ifdef TLS_FUNCS
OBJS += ../src/crypto/tls_none.o
@@ -781,20 +822,26 @@ ifdef NEED_AES_ENCBLOCK
AESOBJS += ../src/crypto/aes-encblock.o
endif
ifdef NEED_AES_OMAC1
+ifneq ($(CONFIG_TLS), linux)
AESOBJS += ../src/crypto/aes-omac1.o
endif
+endif
ifdef NEED_AES_UNWRAP
ifneq ($(CONFIG_TLS), openssl)
+ifneq ($(CONFIG_TLS), linux)
NEED_AES_DEC=y
AESOBJS += ../src/crypto/aes-unwrap.o
endif
endif
+endif
ifdef NEED_AES_CBC
NEED_AES_DEC=y
ifneq ($(CONFIG_TLS), openssl)
+ifneq ($(CONFIG_TLS), linux)
AESOBJS += ../src/crypto/aes-cbc.o
endif
endif
+endif
ifdef NEED_AES_DEC
ifdef CONFIG_INTERNAL_AES
AESOBJS += ../src/crypto/aes-internal-dec.o
@@ -806,8 +853,10 @@ endif
ifdef NEED_SHA1
ifneq ($(CONFIG_TLS), openssl)
+ifneq ($(CONFIG_TLS), linux)
SHA1OBJS += ../src/crypto/sha1.o
endif
+endif
SHA1OBJS += ../src/crypto/sha1-prf.o
ifdef CONFIG_INTERNAL_SHA1
SHA1OBJS += ../src/crypto/sha1-internal.o
@@ -831,8 +880,10 @@ OBJS += $(SHA1OBJS)
endif
ifneq ($(CONFIG_TLS), openssl)
+ifneq ($(CONFIG_TLS), linux)
OBJS += ../src/crypto/md5.o
endif
+endif
ifdef NEED_MD5
ifdef CONFIG_INTERNAL_MD5
@@ -868,8 +919,10 @@ endif
ifdef NEED_SHA256
CFLAGS += -DCONFIG_SHA256
ifneq ($(CONFIG_TLS), openssl)
+ifneq ($(CONFIG_TLS), linux)
OBJS += ../src/crypto/sha256.o
endif
+endif
OBJS += ../src/crypto/sha256-prf.o
ifdef CONFIG_INTERNAL_SHA256
OBJS += ../src/crypto/sha256-internal.o
@@ -884,8 +937,10 @@ endif
ifdef NEED_SHA384
CFLAGS += -DCONFIG_SHA384
ifneq ($(CONFIG_TLS), openssl)
+ifneq ($(CONFIG_TLS), linux)
OBJS += ../src/crypto/sha384.o
endif
+endif
OBJS += ../src/crypto/sha384-prf.o
endif
@@ -923,9 +978,11 @@ HOBJS += ../src/crypto/random.o
HOBJS += ../src/utils/eloop.o
HOBJS += $(SHA1OBJS)
ifneq ($(CONFIG_TLS), openssl)
+ifneq ($(CONFIG_TLS), linux)
HOBJS += ../src/crypto/md5.o
endif
endif
+endif
ifdef CONFIG_RADIUS_SERVER
CFLAGS += -DRADIUS_SERVER
@@ -1124,6 +1181,9 @@ ifdef CONFIG_INTERNAL_AES
HOBJS += ../src/crypto/aes-internal.o
HOBJS += ../src/crypto/aes-internal-enc.o
endif
+ifeq ($(CONFIG_TLS), linux)
+HOBJS += ../src/crypto/crypto_linux.o
+endif
nt_password_hash: $(NOBJS)
$(Q)$(CC) $(LDFLAGS) -o nt_password_hash $(NOBJS) $(LIBS_n)
diff --git a/hostapd/defconfig b/hostapd/defconfig
index 9ade580..e92c0ed 100644
--- a/hostapd/defconfig
+++ b/hostapd/defconfig
@@ -265,6 +265,7 @@ CONFIG_IPV6=y
# openssl = OpenSSL (default)
# gnutls = GnuTLS
# internal = Internal TLSv1 implementation (experimental)
+# linux = Linux kernel AF_ALG and internal TLSv1 implementation (experimental)
# none = Empty template
#CONFIG_TLS=openssl