how to enable the internal client crypto on WPA_supplicant

Achuthan Paramanathan acp at rtx.dk
Fri Dec 4 01:31:37 PST 2015


Dear Jouni,

Thank you for your response !
It is working, however 

I am getting an error when I read in my private key (the same private key I use while not have enabled the internal crypto ie. using openSSL)

What I get from my debug dump is:

Ps: I have edited the debug hex_dump to print %c to better compare my "test" key ... and they are identical 

My guess is that the format is wrong (not that difficult to see that :) )...but the question is what format if not the format is the same as for openssl ?

Thx. in advance
Achuthan

....
....
TLSv1: Added certificate: C=DK, ST=Nord Jylland, O=myorg, CN=acpMyorg client certificate/emailAddress=acp at myorg.dk
PKCS #8: Does not start with PKCS #8 header (SEQUENCE); assume PKCS #8 not used
PKCS #8: Does not start with PKCS #8 header (SEQUENCE); assume encrypted PKCS #8 not used
Trying to parse PKCS #1 encoded RSA private key
RSA: Expected SEQUENCE (public key) - found class 0 tag 0xd
PEM DECODE - hexdump(len=968): 
 M I I C x j B A B g k q h k i G 9 w 0 B B Q 0 w M z A b B g k q h k i G 9 w 0 B B Q w w D g Q I P W G 9 v c p F P V w C A g g A 
 M B Q G C C q G S I b 3 D Q M H B A i s A Z y l F n o W W Q S C A o C S l R D m y q H U 6 E u R N 3 3 H e o U 1 m C S b J P g 3 
 b y d C h b E I J l N o z e n / R 8 L 7 7 X K W z E K o H 0 J m H l 1 A b 3 f D O v L 6 W b D / 2 E l 9 U 7 r P t 2 n k b 3 2 l 
 1 v 4 t r 2 b y R D V 5 g v w l S / 9 F + N N C e 7 l 0 6 I 5 z b W I s H t t e m C J C j G 5 X b q G 9 O O u D i R w B Z Z D b 
 H n y 2 S H J a 0 9 D w p 3 b 5 2 J A O r h a K b U E D n E F W 1 p B D h B U m N n H p w 9 F 8 n E 8 8 w e l C / P k h D t v / 
 C S D 3 k H X l M o M x c V H w w n x t I a P 9 I G v W O D p R l 1 c + E 5 E G E a j + D m K 4 t x V K r R 6 Y U J B y C F 1 G 
 5 3 x Z 2 6 H d N P l C h N 0 d 0 N U F A U q o 9 p Q a m c 8 j I n K V G L 0 z i X y 2 3 C A h F d D s N 7 y H v Z z v M m Q Z 
 w k o 9 f d w P T Q v S W P v h V 6 k t S 5 k J u T M a n a U z e x m 8 K h n g + 2 P 4 S 5 9 V L l 7 N Y Y r O 9 8 t d M h z x 
 R G / f u o Y 9 U X H L e u U k x K 3 Y T U v w + V x p p I U 3 2 g 5 a U q Q m N a 6 j n 1 S h y H b T U D n 2 8 H K r Q o x h 
 D + w 9 D / G 3 h m M s T b z + a Q + g + A V N R 6 n S N B 1 W M X R h q 6 7 / 2 c Q Z 3 f 4 L z H c C V E 9 L 7 i E n B 8 g q 
 9 p U a 0 6 p d s d 1 o 3 G 4 X n 0 R 1 9 8 J + t t a 1 E w R Y u 8 W 8 0 0 4 S V H N C e W 5 e Q / L g s g D k k x I h B b Y W 
 p s K j T 8 K i y h + E J B L K / 1 0 J k L D Z S W / H 0 m n P x t I y 1 w Z I 1 P K T l g e u K 5 Q 4 B M J Q + R 7 X a T U + 
 7 2 Y U 1 G u c F G l d m N v U O b 1 Z f B p m y R z v z Q j p 4 4 6 T 6 s 2 u z s p z Z 5 H a g s O O f 3 h s N a j V q z t I 
 / Q / O C m p J e I F b b a B q G X w x / 9 a L s W r g e o a H z C i b L X Y 0 p T N l Y 9 L / w t T K S X h Z 0 a q Q O X m 1 
 S 9 K 4 t / Z S E 0 m c V B U B L R o c j J O b M O B Z v W G s m d 0 r 2 q x X H B X s M Z P o A 8 x H S s f M 

[acp test]>>> base64_decode 1 [952 | 0] len 968
PKCS #8: Expected INTEGER - found class 0 tag 0x10; assume PKCS #8 not used
PKCS #5: encryption algorithm 1.2.840.113549.1.5.13
PKCS #5: unsupported encryption algorithm 1.2.840.113549.1.5.13
PKCS #5: Unsupported parameters
Trying to parse PKCS #1 encoded RSA private key
RSA: Expected INTEGER - found class 0 tag 0x10
RSA: Expected zero INTEGER in the beginning of private key; not found
TLSv1: Failed to parse private key
TLS: Failed to load private key
[acp test]>>>>>>>>>>>>>>>>>>> -1
TLS: Failed to set TLS connection parameters
TLSv1: Selected cipher suite: 0x0000
TLSv1: Record Layer - New write cipher suite 0x0000
TLSv1: Record Layer - New read cipher suite 0x0000




 

-----Original Message-----
From: Jouni Malinen [mailto:j at w1.fi] 
Sent: 3. december 2015 23:04
To: Achuthan Paramanathan <acp at rtx.dk>
Cc: Hostap at lists.infradead.org
Subject: Re: how to enable the internal client crypto on WPA_supplicant

On Thu, Dec 03, 2015 at 09:47:20AM +0000, Achuthan Paramanathan wrote:
> I am currently playing around with wpa_supplicant and as it is now, then the default crypto for an EAP-TLS connection, OPENSSL. 
> However, I would like to enable the internal  one, ie, CONFIG_TLS_INTERNAL_CLIENT
> 
> I am pretty new to this wpa_supplicant stuff .. And so far only  build the whole wpa_supplicant as it is, no changes to the make file or build config. 
> 
> 
> Any idea where to add this compiler flag ? or how to enable the internal crypto?  

Adding these to wpa_supplicant/.config is what I normally use for this:

CONFIG_TLS=internal
CONFIG_INTERNAL_LIBTOMMATH=y
CONFIG_INTERNAL_LIBTOMMATH_FAST=y

See wpa_supplicant/defconfig for more details on that.

> Ps.: I assume the internal crypto, is similar to OpenSSL.just that it is WPA_Supplicants own version of a TLS similar to OpenSSL and GNUSSL ? 

Correct.

-- 
Jouni Malinen                                            PGP id EFC895FA


More information about the Hostap mailing list