Commit graph

13 commits

Author SHA1 Message Date
Jouni Malinen
b11fa98bcb Add explicit checks for peer's DH public key
Pass the group order (if known/specified) to crypto_dh_derive_secret()
(and also to OpenSSL DH_generate_key() in case of Group 5) and verify
that the public key received from the peer meets 1 < pubkey < p and
pubkey^q == 1 mod p conditions.

While all these use cases were using only ephemeral DH keys, it is
better to use more explicit checks while deriving the shared secret to
avoid unexpected behavior.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-05 17:05:03 +02:00
Jouni Malinen
9973129646 wolfSSL: Fix crypto_bignum_rshift() wrapper
The n argument to this function is number of bits, not bytes, to shift.
As such, need to use mp_rshb() instead of mp_rshd(). This fixes EAP-pwd
with P-521 curve.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-05-17 22:02:02 +03:00
Sean Parkinson
4b2e03c42a wolfSSL: DH initialization to call TEST_FAIL() for error tests
Signed-off-by: Sean Parkinson <sean@wolfssl.com>
2018-05-17 20:08:22 +03:00
Sean Parkinson
2b01270c8a wolfSSL: Fix ECDH set peer to use the index when importing point
Signed-off-by: Sean Parkinson <sean@wolfssl.com>
2018-05-17 20:08:15 +03:00
Sean Parkinson
7be462084e wolfSSL: Use defines from wolfssl/options.h
Depend on proper wolfSSL configuration instead of trying to define these
build configuration values externally.

Signed-off-by: Sean Parkinson <sean@wolfssl.com>
2018-05-02 13:32:51 +03:00
Sean Parkinson
385dd7189a wolfSSL: Use wolfSSL memory allocation in dh5_init()
Signed-off-by: Sean Parkinson <sean@wolfssl.com>
2018-05-02 13:32:51 +03:00
Sean Parkinson
fc5e88e3ea wolfSSL: Changes for memory allocation failure testing
Signed-off-by: Sean Parkinson <sean@wolfssl.com>
2018-05-02 13:32:51 +03:00
Sean Parkinson
06657d3166 wolfSSL: Fix crypto_hash_init() memory clearing
Explicitly clear the allocated memory to avoid uninitialized data in
struct crypto_hash.

Signed-off-by: Sean Parkinson <sean@wolfssl.com>
2018-05-02 13:32:51 +03:00
Sean Parkinson
d396057109 wolfSSL: Fix crypto_ec_point_y_sqr()
Use the correct intermediate result from mp_sqrmod() in the following
mp_mulmod() call (t is not initialized here; it is used only after this
step).

Signed-off-by: Sean Parkinson <sean@wolfssl.com>
2018-05-02 13:32:51 +03:00
Sean Parkinson
e3501ac18f wolfSSL: Fix crypto_ec_point_solve_y_coord()
Provide full uncompressed DER data length to wc_ecc_import_point_der()
even though a compressed form is used here. In addition, use
ECC_POINT_COMP_* defined values to make this more readable.

Signed-off-by: Sean Parkinson <sean@wolfssl.com>
2018-05-02 13:32:51 +03:00
Sean Parkinson
187ad3a303 wolfSSL: Add crypto_ecdh_*()
Implement the wrapper functions for ECDH operations.

Signed-off-by: Sean Parkinson <sean@wolfssl.com>
2018-05-02 13:32:49 +03:00
Sean Parkinson
3d2f638d61 wolfSSL: Use new digest namespace
Signed-off-by: Sean Parkinson <sean@wolfssl.com>
2018-05-02 12:04:46 +03:00
Sean Parkinson
fec03f9838 Add support for wolfSSL cryptographic library
Allow hostapd/wpa_supplicant to be compiled with the wolfSSL
cryptography and TLS library.

Signed-off-by: Sean Parkinson <sean@wolfssl.com>
2018-03-03 11:52:40 +02:00