Proposed Patch: Support for wolfSSL

Sean Parkinson sean at wolfssl.com
Thu Mar 29 16:58:14 PDT 2018


Jouni,

Also note that the OCSP is not supported yet.

Thanks,
Sean
—
Sean Parkinson
sean at wolfssl.com
wolfSSL Inc



> On 29 Mar 2018, at 2:55 pm, Sean Parkinson <sean at wolfssl.com> wrote:
> 
> Jouni,
> 
> (Excuse the previous email. This one in plaintext.)
> 
> I’ve looked into the failures and made changes as needed.
> There were changes to wolfSSL as well.
> 
> To reproduce the setup I tested:
> - download wolfSSL latest from master (https://github.com/wolfssl/wolfssl)
> - configure wolfSSL with option -enable-wpas
> - build wolfSSL
> - in wpa_supplicant change .config
>   - CONFIG_TLS=wolfssl
>   - disable CONFIG_DPP
> 
> The proposed new patch is below.
> 
> Thanks,
> Sean
>> Sean Parkinson
> sean at wolfssl.com
> wolfSSL Inc
> 
> 
> From 80ba12c7fecdd650d7528211e68e6fd7ededd736 Mon Sep 17 00:00:00 2001
> From: Sean Parkinson <sparki at wolfssl.com>
> Date: Mon, 19 Mar 2018 13:19:08 +1000
> Subject: [PATCH] Fixes for wolfSSL integration.
> 
> Use new digest namespace.
> Changes for memory allocation failure testing.
> Use same certificates as used for GnuTLS in tests.
> Implement tls_connection_get_eap_fast_key using cryptographic primitives
> as wolfSSL implements different spec.
> Use a valid key exchange value in test.
> Fix loading of client certificate to use 'chain' APIs.
> 
> Signed-off-by: Sean Parkinson <sean at wolfssl.com>
> ---
> hostapd/Makefile              |   2 +
> src/crypto/crypto_wolfssl.c   | 192 +++++++++++++++++++++++++++++++++---------
> src/crypto/fips_prf_wolfssl.c |   3 +-
> src/crypto/tls_wolfssl.c      | 109 ++++++++++++++----------
> tests/hwsim/test_ap_eap.py    |  10 +--
> tests/hwsim/test_eap_proto.py |   2 +-
> wpa_supplicant/Makefile       |   1 +
> 7 files changed, 228 insertions(+), 91 deletions(-)
> 
> diff --git a/hostapd/Makefile b/hostapd/Makefile
> index 98ce115..9f8c6cf 100644
> --- a/hostapd/Makefile
> +++ b/hostapd/Makefile
> @@ -899,9 +899,11 @@ AESOBJS += ../src/crypto/aes-encblock.o
> endif
> ifdef NEED_AES_OMAC1
> ifneq ($(CONFIG_TLS), linux)
> +ifneq ($(CONFIG_TLS), wolfssl)
> AESOBJS += ../src/crypto/aes-omac1.o
> endif
> endif
> +endif
> ifdef NEED_AES_UNWRAP
> ifneq ($(CONFIG_TLS), openssl)
> ifneq ($(CONFIG_TLS), linux)
> diff --git a/src/crypto/crypto_wolfssl.c b/src/crypto/crypto_wolfssl.c
> index 90163c4..7e68716 100644
> --- a/src/crypto/crypto_wolfssl.c
> +++ b/src/crypto/crypto_wolfssl.c
> @@ -11,18 +11,8 @@
> #include "common.h"
> #include "crypto.h"
> 
> -#define WOLFSSL_AES_DIRECT
> -#define HAVE_AESGCM
> -#define HAVE_AES_KEYWRAP
> -#define WOLFSSL_SHA384
> -#define WOLFSSL_SHA512
> -#define WOLFSSL_CMAC
> -#define HAVE_ECC
> -#define USE_FAST_MATH
> -#define WOLFSSL_KEY_GEN
> -
> -#include <wolfssl/options.h>
> /* wolfSSL headers */
> +#include <wolfssl/options.h>
> #include <wolfssl/wolfcrypt/md4.h>
> #include <wolfssl/wolfcrypt/md5.h>
> #include <wolfssl/wolfcrypt/sha.h>
> @@ -62,7 +52,7 @@ int md4_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac)
> 
> int md5_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac)
> {
> -	Md5 md5;
> +	wc_Md5 md5;
> 	size_t i;
> 
> 	if (TEST_FAIL())
> @@ -83,7 +73,7 @@ int md5_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac)
> 
> int sha1_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac)
> {
> -	Sha sha;
> +	wc_Sha sha;
> 	size_t i;
> 
> 	if (TEST_FAIL())
> @@ -104,7 +94,7 @@ int sha1_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac)
> int sha256_vector(size_t num_elem, const u8 *addr[], const size_t *len,
> 		  u8 *mac)
> {
> -	Sha256 sha256;
> +	wc_Sha256 sha256;
> 	size_t i;
> 
> 	if (TEST_FAIL())
> @@ -126,7 +116,7 @@ int sha256_vector(size_t num_elem, const u8 *addr[], const size_t *len,
> int sha384_vector(size_t num_elem, const u8 *addr[], const size_t *len,
> 		  u8 *mac)
> {
> -	Sha384 sha384;
> +	wc_Sha384 sha384;
> 	size_t i;
> 
> 	if (TEST_FAIL())
> @@ -148,7 +138,7 @@ int sha384_vector(size_t num_elem, const u8 *addr[], const size_t *len,
> int sha512_vector(size_t num_elem, const u8 *addr[], const size_t *len,
> 		  u8 *mac)
> {
> -	Sha512 sha512;
> +	wc_Sha512 sha512;
> 	size_t i;
> 
> 	if (TEST_FAIL())
> @@ -186,6 +176,7 @@ static int wolfssl_hmac_vector(int type, const u8 *key,
> 			return -1;
> 	if (wc_HmacFinal(&hmac, mac) != 0)
> 		return -1;
> +
> 	return 0;
> }
> 
> @@ -195,7 +186,7 @@ static int wolfssl_hmac_vector(int type, const u8 *key,
> int hmac_md5_vector(const u8 *key, size_t key_len, size_t num_elem,
> 		    const u8 *addr[], const size_t *len, u8 *mac)
> {
> -	return wolfssl_hmac_vector(MD5, key, key_len, num_elem, addr, len, mac,
> +	return wolfssl_hmac_vector(WC_MD5, key, key_len, num_elem, addr, len, mac,
> 				   16);
> }
> 
> @@ -212,7 +203,7 @@ int hmac_md5(const u8 *key, size_t key_len, const u8 *data, size_t data_len,
> int hmac_sha1_vector(const u8 *key, size_t key_len, size_t num_elem,
> 		     const u8 *addr[], const size_t *len, u8 *mac)
> {
> -	return wolfssl_hmac_vector(SHA, key, key_len, num_elem, addr, len, mac,
> +	return wolfssl_hmac_vector(WC_SHA, key, key_len, num_elem, addr, len, mac,
> 				   20);
> }
> 
> @@ -229,7 +220,7 @@ int hmac_sha1(const u8 *key, size_t key_len, const u8 *data, size_t data_len,
> int hmac_sha256_vector(const u8 *key, size_t key_len, size_t num_elem,
> 		       const u8 *addr[], const size_t *len, u8 *mac)
> {
> -	return wolfssl_hmac_vector(SHA256, key, key_len, num_elem, addr, len,
> +	return wolfssl_hmac_vector(WC_SHA256, key, key_len, num_elem, addr, len,
> 				   mac, 32);
> }
> 
> @@ -248,7 +239,7 @@ int hmac_sha256(const u8 *key, size_t key_len, const u8 *data,
> int hmac_sha384_vector(const u8 *key, size_t key_len, size_t num_elem,
> 		       const u8 *addr[], const size_t *len, u8 *mac)
> {
> -	return wolfssl_hmac_vector(SHA384, key, key_len, num_elem, addr, len,
> +	return wolfssl_hmac_vector(WC_SHA384, key, key_len, num_elem, addr, len,
> 				   mac, 48);
> }
> 
> @@ -267,7 +258,7 @@ int hmac_sha384(const u8 *key, size_t key_len, const u8 *data,
> int hmac_sha512_vector(const u8 *key, size_t key_len, size_t num_elem,
> 		       const u8 *addr[], const size_t *len, u8 *mac)
> {
> -	return wolfssl_hmac_vector(SHA512, key, key_len, num_elem, addr, len,
> +	return wolfssl_hmac_vector(WC_SHA512, key, key_len, num_elem, addr, len,
> 				   mac, 64);
> }
> 
> @@ -285,7 +276,7 @@ int pbkdf2_sha1(const char *passphrase, const u8 *ssid, size_t ssid_len,
> 		int iterations, u8 *buf, size_t buflen)
> {
> 	if (wc_PBKDF2(buf, (const byte*)passphrase, os_strlen(passphrase), ssid,
> -		      ssid_len, iterations, buflen, SHA) != 0)
> +		      ssid_len, iterations, buflen, WC_SHA) != 0)
> 		return -1;
> 	return 0;
> }
> @@ -423,6 +414,9 @@ int aes_wrap(const u8 *kek, size_t kek_len, int n, const u8 *plain, u8 *cipher)
> {
> 	int ret;
> 
> +	if (TEST_FAIL())
> +		return -1;
> +
> 	ret = wc_AesKeyWrap(kek, kek_len, plain, n * 8, cipher, (n + 1) * 8,
> 			    NULL);
> 	return ret != (n + 1) * 8 ? -1 : 0;
> @@ -434,6 +428,9 @@ int aes_unwrap(const u8 *kek, size_t kek_len, int n, const u8 *cipher,
> {
> 	int ret;
> 
> +	if (TEST_FAIL())
> +		return -1;
> +
> 	ret = wc_AesKeyUnWrap(kek, kek_len, cipher, (n + 1) * 8, plain, n * 8,
> 			      NULL);
> 	return ret != n * 8 ? -1 : 0;
> @@ -654,13 +651,13 @@ void * dh5_init(struct wpabuf **priv, struct wpabuf **publ)
> 	wpabuf_free(*publ);
> 	*publ = NULL;
> 
> -	dh = os_malloc(sizeof(DhKey));
> +	dh = XMALLOC(sizeof(DhKey), NULL, DYNAMIC_TYPE_TMP_BUFFER);
> 	if (!dh)
> 		return NULL;
> 	wc_InitDhKey(dh);
> 
> 	if (wc_InitRng(&rng) != 0) {
> -		os_free(dh);
> +		XFREE(dh, NULL, DYNAMIC_TYPE_TMP_BUFFER);
> 		return NULL;
> 	}
> 
> @@ -692,7 +689,7 @@ done:
> 	wpabuf_clear_free(privkey);
> 	if (dh) {
> 		wc_FreeDhKey(dh);
> -		os_free(dh);
> +		XFREE(dh, NULL, DYNAMIC_TYPE_TMP_BUFFER);
> 	}
> 	wc_FreeRng(&rng);
> 	return ret;
> @@ -706,12 +703,12 @@ void * dh5_init_fixed(const struct wpabuf *priv, const struct wpabuf *publ)
> 	byte *secret;
> 	word32 secret_sz;
> 
> -	dh = os_malloc(sizeof(DhKey));
> +	dh = XMALLOC(sizeof(DhKey), NULL, DYNAMIC_TYPE_TMP_BUFFER);
> 	if (!dh)
> 		return NULL;
> 	wc_InitDhKey(dh);
> 
> -	secret = os_malloc(RFC3526_LEN);
> +	secret = XMALLOC(RFC3526_LEN, NULL, DYNAMIC_TYPE_TMP_BUFFER);
> 	if (!secret)
> 		goto done;
> 
> @@ -734,9 +731,9 @@ void * dh5_init_fixed(const struct wpabuf *priv, const struct wpabuf *publ)
> done:
> 	if (dh) {
> 		wc_FreeDhKey(dh);
> -		os_free(dh);
> +		XFREE(dh, NULL, DYNAMIC_TYPE_TMP_BUFFER);
> 	}
> -	os_free(secret);
> +	XFREE(secret, NULL, DYNAMIC_TYPE_TMP_BUFFER);
> 	return ret;
> }
> 
> @@ -773,7 +770,7 @@ void dh5_free(void *ctx)
> 		return;
> 
> 	wc_FreeDhKey(ctx);
> -	os_free(ctx);
> +	XFREE(ctx, NULL, DYNAMIC_TYPE_TMP_BUFFER);
> }
> 
> #endif /* CONFIG_WPS_NFC */
> @@ -787,9 +784,6 @@ int crypto_dh_init(u8 generator, const u8 *prime, size_t prime_len, u8 *privkey,
> 	DhKey *dh = NULL;
> 	word32 priv_sz, pub_sz;
> 
> -	if (TEST_FAIL())
> -		return -1;
> -
> 	dh = os_malloc(sizeof(DhKey));
> 	if (!dh)
> 		return -1;
> @@ -889,7 +883,7 @@ struct crypto_hash * crypto_hash_init(enum crypto_hash_alg alg, const u8 *key,
> 	struct crypto_hash *hash;
> 	int type;
> 
> -	hash = os_malloc(sizeof(*hash));
> +	hash = os_zalloc(sizeof(*hash));
> 	if (!hash)
> 		goto done;
> 
> @@ -897,19 +891,19 @@ struct crypto_hash * crypto_hash_init(enum crypto_hash_alg alg, const u8 *key,
> #ifndef NO_MD5
> 	case CRYPTO_HASH_ALG_HMAC_MD5:
> 		hash->size = 16;
> -		type = MD5;
> +		type = WC_MD5;
> 		break;
> #endif /* NO_MD5 */
> #ifndef NO_SHA
> 	case CRYPTO_HASH_ALG_HMAC_SHA1:
> -		type = SHA;
> +		type = WC_SHA;
> 		hash->size = 20;
> 		break;
> #endif /* NO_SHA */
> #ifdef CONFIG_SHA256
> #ifndef NO_SHA256
> 	case CRYPTO_HASH_ALG_HMAC_SHA256:
> -		type = SHA256;
> +		type = WC_SHA256;
> 		hash->size = 32;
> 		break;
> #endif /* NO_SHA256 */
> @@ -1597,7 +1591,7 @@ int crypto_ec_point_solve_y_coord(struct crypto_ec *e,
> 	ret = crypto_bignum_to_bin(x, buf + 1, prime_len, prime_len);
> 	if (ret <= 0)
> 		return -1;
> -	ret = wc_ecc_import_point_der(buf, ret + 1, e->key.idx,
> +	ret = wc_ecc_import_point_der(buf, ret * 2 + 1, e->key.idx,
> 				      (ecc_point *) p);
> 	if (ret != 0)
> 		return -1;
> @@ -1625,7 +1619,7 @@ crypto_ec_point_compute_y_sqr(struct crypto_ec *e,
> 		goto done;
> 
> 	if (mp_sqrmod((mp_int *) x, &e->prime, y2) != 0 ||
> -	    mp_mulmod((mp_int *) x, &t, &e->prime, y2) != 0 ||
> +	    mp_mulmod((mp_int *) x, y2, &e->prime, y2) != 0 ||
> 	    mp_mulmod((mp_int *) x, &e->a, &e->prime, &t) != 0 ||
> 	    mp_addmod(y2, &t, &e->prime, y2) != 0 ||
> 	    mp_addmod(y2, &e->b, &e->prime, y2) != 0)
> @@ -1667,4 +1661,124 @@ int crypto_ec_point_cmp(const struct crypto_ec *e,
> 	return wc_ecc_cmp_point((ecc_point *) a, (ecc_point *) b);
> }
> 
> +struct crypto_ecdh {
> +	struct crypto_ec *ec;
> +};
> +
> +struct crypto_ecdh * crypto_ecdh_init(int group)
> +{
> +	struct crypto_ecdh *ecdh = NULL;
> +	WC_RNG rng;
> +	int ret;
> +
> +	if (wc_InitRng(&rng) != 0)
> +		goto fail;
> +
> +	ecdh = os_zalloc(sizeof(*ecdh));
> +	if (!ecdh)
> +		goto fail;
> +
> +	ecdh->ec = crypto_ec_init(group);
> +	if (!ecdh->ec)
> +		goto fail;
> +
> +	ret = wc_ecc_make_key_ex(&rng, ecdh->ec->key.dp->size, &ecdh->ec->key,
> +				 ecdh->ec->key.dp->id);
> +	if (ret < 0)
> +		goto fail;
> +
> +done:
> +	wc_FreeRng(&rng);
> +
> +	return ecdh;
> +fail:
> +	crypto_ecdh_deinit(ecdh);
> +	ecdh = NULL;
> +	goto done;
> +}
> +
> +void crypto_ecdh_deinit(struct crypto_ecdh *ecdh)
> +{
> +	if (ecdh) {
> +		crypto_ec_deinit(ecdh->ec);
> +		os_free(ecdh);
> +	}
> +}
> +
> +struct wpabuf * crypto_ecdh_get_pubkey(struct crypto_ecdh *ecdh, int inc_y)
> +{
> +	struct wpabuf *buf = NULL;
> +	int ret;
> +	int len = ecdh->ec->key.dp->size;
> +
> +	buf = wpabuf_alloc(inc_y ? 2 * len : len);
> +	if (!buf)
> +		goto fail;
> +
> +	ret = crypto_bignum_to_bin((struct crypto_bignum *)
> +				   ecdh->ec->key.pubkey.x, wpabuf_put(buf, len),
> +				   len, len);
> +	if (ret < 0)
> +		goto fail;
> +	if (inc_y) {
> +		ret = crypto_bignum_to_bin((struct crypto_bignum *)
> +					   ecdh->ec->key.pubkey.y,
> +					   wpabuf_put(buf, len), len, len);
> +		if (ret < 0)
> +			goto fail;
> +	}
> +
> +done:
> +	return buf;
> +fail:
> +	wpabuf_free(buf);
> +	buf = NULL;
> +	goto done;
> +}
> +
> +struct wpabuf * crypto_ecdh_set_peerkey(struct crypto_ecdh *ecdh, int inc_y,
> +					const u8 *key, size_t len)
> +{
> +	int ret;
> +	struct wpabuf *pubkey = NULL;
> +	struct wpabuf *secret = NULL;
> +	word32 key_len = ecdh->ec->key.dp->size;
> +	ecc_point *point = NULL;
> +
> +	pubkey = wpabuf_alloc(key_len + 1);
> +	if (!pubkey)
> +		goto fail;
> +	wpabuf_put_u8(pubkey, inc_y ? 0x04 : 0x02);
> +	wpabuf_put_data(pubkey, key, key_len);
> +
> +	point = wc_ecc_new_point();
> +	if (!point)
> +		goto fail;
> +
> +	ret = wc_ecc_import_point_der(wpabuf_put(pubkey, key_len + 1), key_len,
> +				      ecdh->ec->key.dp->id, point);
> +	if (ret != MP_OKAY)
> +		goto fail;
> +
> +	secret = wpabuf_alloc(key_len);
> +	if (!secret)
> +		goto fail;
> +
> +	ret = wc_ecc_shared_secret_ex(&ecdh->ec->key, point,
> +				      (byte*)wpabuf_put(secret, key_len),
> +				      &key_len);
> +	if (ret != MP_OKAY)
> +		goto fail;
> +
> +done:
> +	wc_ecc_del_point(point);
> +	wpabuf_free(pubkey);
> +	return secret;
> +fail:
> +	wpabuf_free(secret);
> +	secret = NULL;
> +	goto done;
> +}
> +
> +
> #endif /* CONFIG_ECC */
> diff --git a/src/crypto/fips_prf_wolfssl.c b/src/crypto/fips_prf_wolfssl.c
> index 1709932..feb39db 100644
> --- a/src/crypto/fips_prf_wolfssl.c
> +++ b/src/crypto/fips_prf_wolfssl.c
> @@ -7,6 +7,7 @@
>  */
> 
> #include "includes.h"
> +#include <wolfssl/options.h>
> #include <wolfssl/wolfcrypt/sha.h>
> 
> #include "common.h"
> @@ -15,7 +16,7 @@
> 
> static void sha1_transform(u32 *state, const u8 data[64])
> {
> -	Sha sha;
> +	wc_Sha sha;
> 
> 	os_memset(&sha, 0, sizeof(sha));
> 	sha.digest[0] = state[0];
> diff --git a/src/crypto/tls_wolfssl.c b/src/crypto/tls_wolfssl.c
> index b7c452e..82ced39 100644
> --- a/src/crypto/tls_wolfssl.c
> +++ b/src/crypto/tls_wolfssl.c
> @@ -10,24 +10,16 @@
> 
> #include "common.h"
> #include "crypto.h"
> +#include "sha1.h"
> #include "tls.h"
> 
> -#define OPENSSL_EXTRA
> -#define HAVE_STUNNEL
> -#define HAVE_SECRET_CALLBACK
> -#define HAVE_SESSION_TICKET
> -#define HAVE_OCSP
> -#define HAVE_CERTIFICATE_STATUS_REQUEST
> -#define HAVE_CERTIFICATE_STATUS_REQUEST_V2
> -#ifndef WOLFSSL_DER_LOAD
> -#define WOLFSSL_DER_LOAD
> -#endif
> -#if 0
> -/* Enable if a debug build of wolfSSL is installed. */
> -#define DEBUG_WOLFSSL
> -#endif
> +/* sha256.h is a wolfSSL header file. */
> +extern void tls_prf_sha256(const u8 *secret, size_t secret_len,
> +			   const char *label, const u8 *seed, size_t seed_len,
> +			   u8 *out, size_t outlen);
> 
> /* wolfSSL includes */
> +#include <wolfssl/options.h>
> #include <wolfssl/ssl.h>
> #include <wolfssl/error-ssl.h>
> #include <wolfssl/wolfcrypt/asn.h>
> @@ -470,9 +462,9 @@ static int tls_connection_client_cert(struct tls_connection *conn,
> 		return 0;
> 
> 	if (client_cert_blob) {
> -		if (wolfSSL_use_certificate_buffer(conn->ssl, client_cert_blob,
> -						   blob_len,
> -						   SSL_FILETYPE_ASN1) < 0) {
> +		if (wolfSSL_use_certificate_chain_buffer_format(conn->ssl,
> +			    client_cert_blob, blob_len,
> +			    SSL_FILETYPE_ASN1) < 0) {
> 			wpa_printf(MSG_INFO,
> 				   "SSL: use client cert DER blob failed");
> 			return -1;
> @@ -482,11 +474,11 @@ static int tls_connection_client_cert(struct tls_connection *conn,
> 	}
> 
> 	if (client_cert) {
> -		if (wolfSSL_use_certificate_file(conn->ssl, client_cert,
> -						 SSL_FILETYPE_PEM) < 0) {
> +		if (wolfSSL_use_certificate_chain_file(conn->ssl,
> +						       client_cert) < 0) {
> 			wpa_printf(MSG_INFO,
> 				   "SSL: use client cert PEM file failed");
> -			if (wolfSSL_use_certificate_file(
> +			if (wolfSSL_use_certificate_chain_file_format(
> 				    conn->ssl, client_cert,
> 				    SSL_FILETYPE_ASN1) < 0) {
> 				wpa_printf(MSG_INFO,
> @@ -577,10 +569,6 @@ static int tls_connection_private_key(void *tls_ctx,
> }
> 
> 
> -#define GEN_EMAIL	1
> -#define GEN_DNS		ALT_NAMES_OID
> -#define GEN_URI		6
> -
> static int tls_match_alt_subject_component(WOLFSSL_X509 *cert, int type,
> 					   const char *value, size_t len)
> {
> @@ -590,7 +578,6 @@ static int tls_match_alt_subject_component(WOLFSSL_X509 *cert, int type,
> 	int i;
> 
> 	ext = wolfSSL_X509_get_ext_d2i(cert, ALT_NAMES_OID, NULL, NULL);
> -
> 	for (i = 0; ext && i < wolfSSL_sk_num(ext); i++) {
> 		gen = wolfSSL_sk_value(ext, i);
> 		if (gen->type != type)
> @@ -893,19 +880,16 @@ static void wolfssl_tls_cert_event(struct tls_connection *conn,
> 		if (num_alt_subject == TLS_MAX_ALT_SUBJECT)
> 			break;
> 		gen = wolfSSL_sk_value((void *) ext, i);
> -#if 0
> 		if (gen->type != GEN_EMAIL &&
> 		    gen->type != GEN_DNS &&
> 		    gen->type != GEN_URI)
> 			continue;
> -#endif
> 
> 		pos = os_malloc(10 + os_strlen((char *) gen->obj) + 1);
> 		if (!pos)
> 			break;
> 		alt_subject[num_alt_subject++] = pos;
> 
> -#if 0
> 		switch (gen->type) {
> 		case GEN_EMAIL:
> 			os_memcpy(pos, "EMAIL:", 6);
> @@ -920,10 +904,6 @@ static void wolfssl_tls_cert_event(struct tls_connection *conn,
> 			pos += 4;
> 			break;
> 		}
> -#else
> -		os_memcpy(pos, "DNS:", 4);
> -		pos += 4;
> -#endif
> 
> 		os_memcpy(pos, gen->obj, os_strlen((char *)gen->obj));
> 		pos += os_strlen((char *)gen->obj);
> @@ -1099,7 +1079,7 @@ static int tls_verify_cb(int preverify_ok, WOLFSSL_X509_STORE_CTX *x509_ctx)
> 				       TLS_FAIL_SERVER_CHAIN_PROBE);
> 	}
> 
> -#ifdef HAVE_OCSP_OPENSSL
> +#ifdef HAVE_OCSP_WOLFSSL
> 	if (depth == 0 && (conn->flags & TLS_CONN_REQUEST_OCSP) &&
> 	    preverify_ok) {
> 		enum ocsp_result res;
> @@ -1123,7 +1103,7 @@ static int tls_verify_cb(int preverify_ok, WOLFSSL_X509_STORE_CTX *x509_ctx)
> 					       TLS_FAIL_UNSPECIFIED);
> 		}
> 	}
> -#endif /* HAVE_OCSP */
> +#endif /* HAVE_OCSP_WOLFSSL */
> 	if (depth == 0 && preverify_ok && context->event_cb != NULL)
> 		context->event_cb(context->cb_ctx,
> 				  TLS_CERT_CHAIN_SUCCESS, NULL);
> @@ -1204,7 +1184,6 @@ static int tls_connection_ca_cert(void *tls_ctx, struct tls_connection *conn,
> 			return -1;
> 		}
> 		wolfSSL_CTX_set_cert_store(ctx, cm);
> -		XFREE(cm, NULL, DYNAMIC_TYPE_X509_STORE);
> 
> 		if (wolfSSL_CTX_load_verify_locations(ctx, ca_cert, ca_path) !=
> 		    SSL_SUCCESS) {
> @@ -1370,11 +1349,11 @@ static int tls_global_client_cert(void *ssl_ctx, const char *client_cert)
> 	if (!client_cert)
> 		return 0;
> 
> -	if (wolfSSL_CTX_use_certificate_file(ctx, client_cert,
> -					     SSL_FILETYPE_ASN1) !=
> +	if (wolfSSL_CTX_use_certificate_chain_file_format(ctx, client_cert,
> +							  SSL_FILETYPE_ASN1) !=
> 	    SSL_SUCCESS &&
> -	    wolfSSL_CTX_use_certificate_file(ctx, client_cert,
> -					     SSL_FILETYPE_PEM) != SSL_SUCCESS) {
> +	    wolfSSL_CTX_use_certificate_chain_file(ctx, client_cert) !=
> +	    SSL_SUCCESS) {
> 		wpa_printf(MSG_INFO, "Failed to load client certificate");
> 		return -1;
> 	}
> @@ -1988,18 +1967,58 @@ int tls_connection_export_key(void *tls_ctx, struct tls_connection *conn,
> }
> 
> 
> +#define SEED_LEN	(RAN_LEN + RAN_LEN)
> +
> int tls_connection_get_eap_fast_key(void *tls_ctx, struct tls_connection *conn,
> 				    u8 *out, size_t out_len)
> {
> -	int ret;
> +	byte seed[SEED_LEN];
> +	int ret = -1;
> +	WOLFSSL *ssl;
> +	byte *tmp_out = NULL;
> +	byte *_out;
> +	int skip = 0;
> +	byte *master_key;
> +	unsigned int master_key_len;
> +	byte *server_random;
> +	unsigned int server_len;
> +	byte *client_random;
> +	unsigned int client_len;
> 
> 	if (!conn || !conn->ssl)
> 		return -1;
> +	ssl = conn->ssl;
> 
> -	ret = wolfSSL_make_eap_keys(conn->ssl, out, out_len, "key expansion");
> -	if (ret != 0)
> +	skip = 2 * (wolfSSL_GetKeySize(ssl) + wolfSSL_GetHmacSize(ssl) +
> +		    wolfSSL_GetIVSize(ssl));
> +
> +	tmp_out = os_malloc(skip + out_len);
> +	if (!tmp_out)
> 		return -1;
> -	return 0;
> +	_out = tmp_out;
> +
> +	wolfSSL_get_keys(ssl, &master_key, &master_key_len, &server_random,
> +			 &server_len, &client_random, &client_len);
> +	XMEMCPY(seed          , server_random, RAN_LEN);
> +	XMEMCPY(seed + RAN_LEN, client_random, RAN_LEN);
> +
> +	if (wolfSSL_GetVersion(ssl) == WOLFSSL_TLSV1_2) {
> +		tls_prf_sha256(master_key, master_key_len,
> +			       "key expansion", seed, sizeof(seed),
> +			       _out, skip + out_len);
> +		ret = 0;
> +	} else if (tls_prf_sha1_md5(master_key, master_key_len,
> +				    "key expansion", seed, sizeof(seed),
> +				    _out, skip + out_len) == 0) {
> +		ret = 0;
> +	}
> +
> +	os_memset(master_key, 0, master_key_len);
> +	if (ret == 0)
> +		os_memcpy(out, _out + skip, out_len);
> +	bin_clear_free(tmp_out, skip);
> +
> +	return ret;
> }
> 
> 
> @@ -2037,14 +2056,14 @@ static int tls_sess_sec_cb(WOLFSSL *s, void *secret, int *secret_len, void *arg)
> 				      sizeof(client_random)) == 0 ||
> 	    wolfSSL_get_server_random(s, server_random,
> 				      sizeof(server_random)) == 0 ||
> -	    wolfSSL_get_SessionTicket(s, conn->session_ticket, &ticketLen) != 1)
> +	    wolfSSL_get_SessionTicket(s, conn->session_ticket, &ticket_len) != 1)
> 		return 1;
> 
> 	if (ticket_len == 0)
> 		return 0;
> 
> 	ret = conn->session_ticket_cb(conn->session_ticket_cb_ctx,
> -				      conn->session_ticket, ticketLen,
> +				      conn->session_ticket, ticket_len,
> 				      client_random, server_random, secret);
> 	if (ret <= 0)
> 		return 1;
> diff --git a/tests/hwsim/test_ap_eap.py b/tests/hwsim/test_ap_eap.py
> index 88041ca..804cbca 100644
> --- a/tests/hwsim/test_ap_eap.py
> +++ b/tests/hwsim/test_ap_eap.py
> @@ -4115,7 +4115,7 @@ def test_ap_wpa2_eap_tls_intermediate_ca(dev, apdev, params):
>     params["private_key"] = "auth_serv/iCA-server/server.key"
>     hostapd.add_ap(apdev[0], params)
>     tls = dev[0].request("GET tls_library")
> -    if "GnuTLS" in tls:
> +    if "GnuTLS" in tls or "wolfSSL" in tls:
>         ca_cert = "auth_serv/iCA-user/ca-and-root.pem"
>         client_cert = "auth_serv/iCA-user/user_and_ica.pem"
>     else:
> @@ -4223,7 +4223,7 @@ def run_ap_wpa2_eap_tls_intermediate_ca_ocsp(dev, apdev, params, md):
>     try:
>         hostapd.add_ap(apdev[0], params)
>         tls = dev[0].request("GET tls_library")
> -        if "GnuTLS" in tls:
> +        if "GnuTLS" in tls or "wolfSSL" in tls:
>             ca_cert = "auth_serv/iCA-user/ca-and-root.pem"
>             client_cert = "auth_serv/iCA-user/user_and_ica.pem"
>         else:
> @@ -4258,7 +4258,7 @@ def run_ap_wpa2_eap_tls_intermediate_ca_ocsp_revoked(dev, apdev, params, md):
>     try:
>         hostapd.add_ap(apdev[0], params)
>         tls = dev[0].request("GET tls_library")
> -        if "GnuTLS" in tls:
> +        if "GnuTLS" in tls or "wolfSSL" in tls:
>             ca_cert = "auth_serv/iCA-user/ca-and-root.pem"
>             client_cert = "auth_serv/iCA-user/user_and_ica.pem"
>         else:
> @@ -4308,7 +4308,7 @@ def test_ap_wpa2_eap_tls_intermediate_ca_ocsp_multi_missing_resp(dev, apdev, par
>     try:
>         hostapd.add_ap(apdev[0], params)
>         tls = dev[0].request("GET tls_library")
> -        if "GnuTLS" in tls:
> +        if "GnuTLS" in tls or "wolfSSL" in tls:
>             ca_cert = "auth_serv/iCA-user/ca-and-root.pem"
>             client_cert = "auth_serv/iCA-user/user_and_ica.pem"
>         else:
> @@ -4375,7 +4375,7 @@ def test_ap_wpa2_eap_tls_intermediate_ca_ocsp_multi(dev, apdev, params):
> 
>         hostapd.add_ap(apdev[0], params)
>         tls = dev[0].request("GET tls_library")
> -        if "GnuTLS" in tls:
> +        if "GnuTLS" in tls or "wolfSSL" in tls:
>             ca_cert = "auth_serv/iCA-user/ca-and-root.pem"
>             client_cert = "auth_serv/iCA-user/user_and_ica.pem"
>         else:
> diff --git a/tests/hwsim/test_eap_proto.py b/tests/hwsim/test_eap_proto.py
> index d97a6f1..2ff6743 100644
> --- a/tests/hwsim/test_eap_proto.py
> +++ b/tests/hwsim/test_eap_proto.py
> @@ -5124,7 +5124,7 @@ def test_eap_proto_ikev2(dev, apdev):
> 
>         def build_ke(next=0):
>             ke = struct.pack(">BBHHH", next, 0, 4 + 4 + 192, 5, 0)
> -            ke += 192*'\x00'
> +            ke += 191*'\x00'+'\x02'
>             return ke
> 
>         idx += 1
> diff --git a/wpa_supplicant/Makefile b/wpa_supplicant/Makefile
> index c761c22..eca20a9 100644
> --- a/wpa_supplicant/Makefile
> +++ b/wpa_supplicant/Makefile
> @@ -1067,6 +1067,7 @@ OBJS_p += ../src/crypto/crypto_wolfssl.o
> ifdef NEED_FIPS186_2_PRF
> OBJS += ../src/crypto/fips_prf_wolfssl.o
> endif
> +NEED_TLS_PRF_SHA256=y
> LIBS += -lwolfssl -lm
> LIBS_p += -lwolfssl -lm
> endif
> -- 
> 1.9.1
>> On 4 Mar 2018, at 5:19 am, Jouni Malinen <j at w1.fi> wrote:
>> 
>> On Thu, Jan 18, 2018 at 12:26:39PM +1000, Sean Parkinson wrote:
>>> I’ve prepared a new patch with the changes as asked for by Jouni.
>>> 
>>> This patch was written to allow hostap to be compiled with the wolfSSL cryptography and TLS library.
>> 
>> Thanks! I'm seeing number of errors in the hwsim test cases, but it
>> looks like it is easiest to move ahead with this if I push in the
>> cleaned up version that I've been testing with some fixes to avoid
>> breaking non-wolfSSL builds. I'd welcome any incremental changes on top
>> of the current hostap.git master branch snapshot to address things that
>> I list below or maybe a recommendation on how to configure the wolfSSL
>> build properly to avoid the issues. I ran my tests with wolfSSL 3.13.0
>> and ended up adding various configure options until the build went
>> through cleanly. This ended up with following options:
>> 
>> ./configure --prefix=/home/jm/wolfssl/3.13.0 --enable-des3 --enable-md4 --enable-harden --enable-pwdbased --enable-tlsv10 --enable-oldtls --enable-cmac --enable-aeskeywrap --enable-keygen --enable-crl --enable-ocsp --enable-ocspstapling --enable-ocspstapling2 --enable-pkcallbacks --enable-tls13 --enable-fortress --enable-wpas --enable-static=yes --enable-shared=no
>> 
>> 
>> These are the notes from my hwsim test runs:
>> 
>> SAE:
>> - SAE: Could not solve y
>> - SAE: Could not pick PWE
>> --> check crypto_ec_point_solve_y_coord() implementation
>>  (wc_ecc_import_point_der() returns -1)
>> sae
>> sae_anti_clogging
>> sae_anti_clogging_proto
>> sae_bignum_failure
>> sae_forced_anti_clogging
>> sae_group_nego
>> sae_groups
>> sae_invalid_anti_clogging_token_req
>> sae_key_lifetime_in_memory
>> sae_mixed
>> sae_mixed_mfp
>> sae_no_random
>> sae_oom_wpas
>> sae_password
>> sae_password_ecc
>> sae_password_long
>> sae_password_short
>> sae_pmksa_caching
>> sae_pmksa_caching_disabled
>> sae_proto_confirm_replay
>> sae_proto_ecc
>> sae_pwe_failure
>> ap_ft_sae
>> ap_ft_sae_over_ds
>> sigma_dut_ap_psk_sae
>> sigma_dut_ap_sae
>> sigma_dut_ap_sae_group
>> sigma_dut_ap_sae_password
>> sigma_dut_sae
>> sigma_dut_sae_password
>> wpas_mesh_password_mismatch
>> mesh_forwarding_secure
>> ap_mixed_security
>> 
>> 
>> TLS interop(?) issue with OpenSSL server:
>> - OpenSSL server:
>> * SSL: SSL3 alert: write (local SSL3 detected an error):fatal:bad record mac
>> * SSL: SSL_accept:error in SSLv3 read finished A
>> * OpenSSL: openssl_handshake - SSL_connect error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac
>> ap_hs20_remediation_sql
>> eap_tls_no_session_resumption_radius
>> authsrv_testing_options
>> ap_wpa2_eap_tls_versions
>> 
>> 
>> OpenSSL authentication server:
>> - OpenSSL: openssl_handshake - SSL_connect error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher
>> ap_wpa2_eap_ttls_dh_params
>> ap_wpa2_eap_ttls_dh_params_blob
>> ap_wpa2_eap_ttls_dh_params_dsa
>> 
>> 
>> OpenSSL authentication server:
>> - TLS: Certificate verification failed, error 20 (unable to get local issuer certificate) depth 0 for '/C=FI/O=w1.fi/CN=user.w1.fi'
>> - SSL: SSL3 alert: write (local SSL3 detected an error):fatal:unknown CA
>> - OpenSSL: openssl_handshake - SSL_connect error:14089086:SSL routines:ssl3_get_client_certificate:certificate verify failed
>> ap_wpa2_eap_tls_intermediate_ca
>> ap_wpa2_eap_tls_intermediate_ca_ocsp_sha1
>> ap_wpa2_eap_tls_intermediate_ca_ocsp
>> ap_wpa2_eap_tls_intermediate_ca_ocsp_revoked
>> ap_wpa2_eap_tls_intermediate_ca_ocsp_revoked_sha1
>> 
>> 
>> TLS: tls_verify_cb - preverify_ok=1 err=0 (unknown error number) ca_cert_verify=1 depth=0 buf='/C=FI/O=w1.fi/CN=server.w1.fi'
>> TLS: altSubjectName match 'EMAIL:noone at example.com;DNS:server.w1.fi;URI:http://example.com/' not found
>> wlan0: CTRL-EVENT-EAP-TLS-CERT-ERROR reason=6 depth=0 subject='/C=FI/O=w1.fi/CN=server.w1.fi' err='AltSubject mismatch'
>> ap_wpa2_eap_ttls_pap_subject_match
>> 
>> 
>> TLS: tls_verify_cb - preverify_ok=1 err=0 (unknown error number) ca_cert_verify=1 depth=0 buf='/C=FI/O=w1.fi/CN=server.w1.fi'
>> TLS: altSubjectName match 'EMAIL:noone at example.com;URI:http://example.com/;DNS:server.w1.fi' not found
>> wlan0: CTRL-EVENT-EAP-TLS-CERT-ERROR reason=6 depth=0 subject='/C=FI/O=w1.fi/CN=server.w1.fi' err='AltSubject mismatch'
>> ap_wpa2_eap_ttls_chap_altsubject_match
>> 
>> 
>> TLS: Certificate verification failed, error -407 (Invalid OCSP Status Error) depth 2 for '/C=FI/O=w1.fi/CN=server.w1.fi'
>> ap_wpa2_eap_ttls_ocsp_revoked
>> ap_wpa2_eap_ttls_ocsp_unknown
>> ap_wpa2_eap_ttls_optional_ocsp_unknown
>> 
>> 
>> Missing altsubject in D-Bus output?!
>> dbus_connect_eap
>> 
>> 
>> DH: crypto_dh_derive_secret failed
>> eap_proto_ikev2
>> 
>> 
>> TLS: Certificate verification failed, error -238 (ASN CA path length larger than signer error) depth 2 for '/C=FI/O=w1.fi/CN=sha384.server.w1.fi'
>> eap_tls_sha384
>> eap_tls_sha512
>> 
>> 
>> 
>> GET_FAIL/GET_ALLOC_FAIL failure did not trigger:
>> radius_mppe_failure
>> authsrv_oom
>> 
>> 
>> -- 
>> Jouni Malinen                                            PGP id EFC895FA
>> 
>> _______________________________________________
>> Hostap mailing list
>> Hostap at lists.infradead.org
>> http://lists.infradead.org/mailman/listinfo/hostap
> 
> 
> _______________________________________________
> Hostap mailing list
> Hostap at lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/hostap




More information about the Hostap mailing list