From 0b5e98557ecacf7a27d053f42fd60f8b7f5dbdfd Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Thu, 16 Aug 2012 22:19:53 +0300 Subject: [PATCH] FIPS: Use OpenSSL CMAC implementation instead of aes-omac1.c Signed-hostap: Jouni Malinen --- src/crypto/crypto_openssl.c | 38 +++++++++++++++++++++++++++++++++++++ wpa_supplicant/Android.mk | 5 +++++ wpa_supplicant/Makefile | 5 +++++ 3 files changed, 48 insertions(+) diff --git a/src/crypto/crypto_openssl.c b/src/crypto/crypto_openssl.c index b49ab1242..07d0c6d04 100644 --- a/src/crypto/crypto_openssl.c +++ b/src/crypto/crypto_openssl.c @@ -16,6 +16,9 @@ #include #include #include +#ifdef CONFIG_OPENSSL_CMAC +#include +#endif /* CONFIG_OPENSSL_CMAC */ #include "common.h" #include "wpabuf.h" @@ -747,3 +750,38 @@ int crypto_get_random(void *buf, size_t len) return -1; return 0; } + + +#ifdef CONFIG_OPENSSL_CMAC +int omac1_aes_128_vector(const u8 *key, size_t num_elem, + const u8 *addr[], const size_t *len, u8 *mac) +{ + CMAC_CTX *ctx; + int ret = -1; + size_t outlen, i; + + ctx = CMAC_CTX_new(); + if (ctx == NULL) + return -1; + + if (!CMAC_Init(ctx, key, 16, EVP_aes_128_cbc(), NULL)) + goto fail; + for (i = 0; i < num_elem; i++) { + if (!CMAC_Update(ctx, addr[i], len[i])) + goto fail; + } + if (!CMAC_Final(ctx, mac, &outlen) || outlen != 16) + goto fail; + + ret = 0; +fail: + CMAC_CTX_free(ctx); + return ret; +} + + +int omac1_aes_128(const u8 *key, const u8 *data, size_t data_len, u8 *mac) +{ + return omac1_aes_128_vector(key, 1, &data, &data_len, mac); +} +#endif /* CONFIG_OPENSSL_CMAC */ diff --git a/wpa_supplicant/Android.mk b/wpa_supplicant/Android.mk index 25d262dca..9b51f0773 100644 --- a/wpa_supplicant/Android.mk +++ b/wpa_supplicant/Android.mk @@ -70,6 +70,7 @@ endif ifdef CONFIG_FIPS CONFIG_NO_RANDOM_POOL= +CONFIG_OPENSSL_CMAC=y endif OBJS = config.c @@ -1037,8 +1038,12 @@ AESOBJS += src/crypto/aes-encblock.c endif ifdef NEED_AES_OMAC1 NEED_AES_ENC=y +ifdef CONFIG_OPENSSL_CMAC +CFLAGS += -DCONFIG_OPENSSL_CMAC +else AESOBJS += src/crypto/aes-omac1.c endif +endif ifdef NEED_AES_WRAP NEED_AES_ENC=y AESOBJS += src/crypto/aes-wrap.c diff --git a/wpa_supplicant/Makefile b/wpa_supplicant/Makefile index 7f581dff8..70c5788a8 100644 --- a/wpa_supplicant/Makefile +++ b/wpa_supplicant/Makefile @@ -57,6 +57,7 @@ install: $(addprefix $(DESTDIR)$(BINDIR)/,$(BINALL)) ifdef CONFIG_FIPS CONFIG_NO_RANDOM_POOL= +CONFIG_OPENSSL_CMAC=y endif OBJS = config.o @@ -1065,8 +1066,12 @@ AESOBJS += ../src/crypto/aes-encblock.o endif ifdef NEED_AES_OMAC1 NEED_AES_ENC=y +ifdef CONFIG_OPENSSL_CMAC +CFLAGS += -DCONFIG_OPENSSL_CMAC +else AESOBJS += ../src/crypto/aes-omac1.o endif +endif ifdef NEED_AES_WRAP NEED_AES_ENC=y AESOBJS += ../src/crypto/aes-wrap.o