wolfSSL: Fix EAP-FAST key derivation

Implement tls_connection_get_eap_fast_key() using cryptographic primitives as wolfSSL implements different spec. Signed-off-by: Sean Parkinson <sean@wolfssl.com>
2024-11-25 00:38:24 -05:00 · 2018-03-29 14:55:55 +10:00 · 2018-03-29 14:55:55 +10:00 · ab35793ec1
commit ab35793ec1
parent 71faf06cb6
2 changed files with 47 additions and 4 deletions
--- a/src/crypto/tls_wolfssl.c
+++ b/src/crypto/tls_wolfssl.c
@ -10,6 +10,8 @@

 #include "common.h"
 #include "crypto.h"
+#include "crypto/sha1.h"
+#include "crypto/sha256.h"
 #include "tls.h"

 /* wolfSSL includes */
@ -1962,18 +1964,58 @@ int tls_connection_export_key(void *tls_ctx, struct tls_connection *conn,
 }


+#define SEED_LEN	(RAN_LEN + RAN_LEN)
+
 int tls_connection_get_eap_fast_key(void *tls_ctx, struct tls_connection *conn,
 				    u8 *out, size_t out_len)
 {
-	int ret;
+	byte seed[SEED_LEN];
+	int ret = -1;
+	WOLFSSL *ssl;
+	byte *tmp_out;
+	byte *_out;
+	int skip = 0;
+	byte *master_key;
+	unsigned int master_key_len;
+	byte *server_random;
+	unsigned int server_len;
+	byte *client_random;
+	unsigned int client_len;

 	if (!conn || !conn->ssl)
 		return -1;
+	ssl = conn->ssl;

-	ret = wolfSSL_make_eap_keys(conn->ssl, out, out_len, "key expansion");
-	if (ret != 0)
+	skip = 2 * (wolfSSL_GetKeySize(ssl) + wolfSSL_GetHmacSize(ssl) +
+		    wolfSSL_GetIVSize(ssl));
+
+	tmp_out = os_malloc(skip + out_len);
+	if (!tmp_out)
 		return -1;
-	return 0;
+	_out = tmp_out;
+
+	wolfSSL_get_keys(ssl, &master_key, &master_key_len, &server_random,
+			 &server_len, &client_random, &client_len);
+	os_memcpy(seed, server_random, RAN_LEN);
+	os_memcpy(seed + RAN_LEN, client_random, RAN_LEN);
+
+	if (wolfSSL_GetVersion(ssl) == WOLFSSL_TLSV1_2) {
+		tls_prf_sha256(master_key, master_key_len,
+			       "key expansion", seed, sizeof(seed),
+			       _out, skip + out_len);
+		ret = 0;
+	} else {
+		ret = tls_prf_sha1_md5(master_key, master_key_len,
+				       "key expansion", seed, sizeof(seed),
+				       _out, skip + out_len);
+	}
+
+	os_memset(master_key, 0, master_key_len);
+	if (ret == 0)
+		os_memcpy(out, _out + skip, out_len);
+	bin_clear_free(tmp_out, skip + out_len);
+
+	return ret;
 }


--- a/wpa_supplicant/Makefile
+++ b/wpa_supplicant/Makefile
@ -1059,6 +1059,7 @@ OBJS_p += ../src/crypto/crypto_wolfssl.o
 ifdef NEED_FIPS186_2_PRF
 OBJS += ../src/crypto/fips_prf_wolfssl.o
 endif
+NEED_TLS_PRF_SHA256=y
 LIBS += -lwolfssl -lm
 LIBS_p += -lwolfssl -lm
 endif