[PATCH] wolfSSL: Add support for DPP and EAP-TEAP/EAP-FAST

Jouni Malinen j at w1.fi
Sun Nov 27 05:25:13 PST 2022

On Fri, Jul 22, 2022 at 03:01:02PM +0200, Juliusz Sosinowicz wrote:
> Implement necessary backend functions in crypto_wolfssl.c to support DPP and EAP-TEAP/EAP-FAST. Logging has also been overhauled in new and modified crypto_wolfssl.c code. Crypto code in wolfSSL doesn't provide much debug logging so it was difficult to debug errors in crypto_wolfssl.c. New logging macros provide exact information where and what error occurred.

This is inconveniently large to review and I would like to see this
being split into quite a few smaller patches addressing items in small
independent steps. I was hoping to take a closer look at this, but it
would likely take me quite a few hours to go through the details and
split this myself and clearly I have not found the time to do that yet..

> - Improve logging around wolfSSL_accept and wolfSSL_connect

As an example, this has nothing to do with adding new functionality and
all the logging changes should really be in their own patches.

> - Fix memory leak in wpas_dpp_rx_peer_disc_resp due to not freeing intro

This has nothing to do with the wolfSSL changes and should have been in
a separate patch. Though, matching changes have since then been applied.

> - EAP-PWD is not compatible with FIPS since MD4 is used to hash the password.

EAP-pwd does not depend on MD4 password hashing; it is just one of the
available options. That option being there should not make any other
part of EAP-pwd incompatible with FIPS expectations.

> Tests that are incompatible with FIPS either due to using a HMAC password that is too short or using an unsupported curve (Brainpool is not supported at this time in FIPS):
> - dpp_and_sae_akm

What exactly is the issue for this one? This is SAE, so PBKDF2 password
constraint should not apply.

> - dpp_ap_config_bp512_bp512
> - dpp_ap_config_bp512_p521
> - dpp_ap_config_p521_bp512
> - dpp_auto_connect_legacy_psk_sae_1
> - dpp_auto_connect_legacy_psk_sae_2
> - dpp_auto_connect_legacy_sae_1
> - dpp_auto_connect_legacy_sae_2
> - dpp_configurator_enrollee_brainpoolP512r1
> - dpp_legacy_and_dpp_akm
> - dpp_pfs_connect_cmd_ap_2_sae
> - dpp_pkex_bp512
> - dpp_qr_code_auth_mutual_bp_512
> - dpp_qr_code_curve_brainpoolP512r1
> - dpp_qr_code_curves_brainpool
> - dpp_qr_code_curve_select

check_dpp_capab() could be extended to skip test cases when the build
uses wolfSSL in FIPS mode.

I'm not completely sure how the other test cases listed here are
impacted.. Is that because of the HMAC password constraint for the PSK
cases? If so, I guess those test cases could be modified to use a longer
passphrase. That said, there are also SAE-only test cases in the list
and they should not have the same constraint.

skip_with_fips() can be used with test cases that are clearly not
possible to execute in FIPS mode. I've added it to quite a few test
cases, but I'm sure that list is still quite far from complete.

Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list