wpa_supplicant: Port more crypto functions to use mbedtls

Use mbedtls PBKDF2 and SHA1 for faster calculations during four-way
handshake.

Closes WIFI-1590

components/wpa_supplicant/src/crypto/sha1-internal.c

@@ -20,11 +20,17 @@
 #include "crypto/md5.h"
 #include "crypto/crypto.h"
 
+#ifdef USE_MBEDTLS_CRYPTO
+#include "mbedtls/sha1.h"
+#endif
+
 typedef struct SHA1Context SHA1_CTX;
 
 void SHA1Transform(u32 state[5], const unsigned char buffer[64]);
 
 
+
+#ifndef USE_MBEDTLS_CRYPTO
 /**
  * sha1_vector - SHA-1 hash for data vector
  * @num_elem: Number of elements in the data vector
@@ -45,7 +51,49 @@ sha1_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac)
 	SHA1Final(mac, &ctx);
 	return 0;
 }
+#else 
+/**
+ * sha1_vector - SHA-1 hash for data vector
+ * @num_elem: Number of elements in the data vector
+ * @addr: Pointers to the data areas
+ * @len: Lengths of the data blocks
+ * @mac: Buffer for the hash
+ * Returns: 0 on success, -1 of failure
+ */
+int
+sha1_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac)
+{
+    mbedtls_sha1_context ctx;
+	size_t i;
+    int ret;
 
+    mbedtls_sha1_init( &ctx );
+
+    if ((ret = mbedtls_sha1_starts_ret( &ctx)) != 0) {
+        goto exit;
+    }
+
+
+    for (i = 0; i < num_elem; i++) {
+        if ((ret = mbedtls_sha1_update_ret(&ctx, addr[i], len[i])) != 0) {
+            goto exit;
+        }
+    }
+ 
+    if ((ret = mbedtls_sha1_finish_ret( &ctx, mac)) != 0) {
+        goto exit;
+    }
+
+exit:
+    mbedtls_sha1_free( &ctx );
+
+    if (ret) {
+        return -1;
+    }
+
+    return 0;
+}
+#endif
 
 /* ===== start - public domain SHA1 implementation ===== */
 
@@ -309,5 +357,4 @@ SHA1Final(unsigned char digest[20], SHA1_CTX* context)
 	os_memset(context->count, 0, 8);
 	os_memset(finalcount, 0, 8);
 }
-
 /* ===== end - public domain SHA1 implementation ===== */

components/wpa_supplicant/src/crypto/sha1-pbkdf2.c

@@ -18,10 +18,63 @@
 #include "crypto/md5.h"
 #include "crypto/crypto.h"
 
+#ifdef USE_MBEDTLS_CRYPTO
+#include "mbedtls/pkcs5.h"
+
+/**
+ * pbkdf2_sha1 - SHA1-based key derivation function (PBKDF2) for IEEE 802.11i
+ * @passphrase: ASCII passphrase
+ * @ssid: SSID
+ * @ssid_len: SSID length in bytes
+ * @iterations: Number of iterations to run
+ * @buf: Buffer for the generated key
+ * @buflen: Length of the buffer in bytes
+ * Returns: 0 on success, -1 of failure
+ *
+ * This function is used to derive PSK for WPA-PSK. For this protocol,
+ * iterations is set to 4096 and buflen to 32. This function is described in
+ * IEEE Std 802.11-2004, Clause H.4. The main construction is from PKCS#5 v2.0.
+ */
+int
+pbkdf2_sha1(const char *passphrase, const char *ssid, size_t ssid_len,
+		int iterations, u8 *buf, size_t buflen)
+{
+
+    mbedtls_md_context_t sha1_ctx;
+    const mbedtls_md_info_t *info_sha1;
+    int ret;
+
+    mbedtls_md_init( &sha1_ctx );
+
+    info_sha1 = mbedtls_md_info_from_type( MBEDTLS_MD_SHA1 );
+    if (info_sha1 == NULL) {
+        ret = -1;
+        goto exit;
+    }
+
+    if ((ret = mbedtls_md_setup( &sha1_ctx, info_sha1, 1 ) ) != 0) {
+        ret = -1;
+        goto exit;
+    }
+
+    ret = mbedtls_pkcs5_pbkdf2_hmac( &sha1_ctx, (const unsigned char*) passphrase, os_strlen(passphrase) , (const unsigned char*) ssid,
+            ssid_len, iterations, 32, buf );
+    if (ret != 0) {
+        ret = -1;
+        goto exit;
+    }
+
+exit:
+    mbedtls_md_free( &sha1_ctx );
+
+    return ret;
+}
+#else
+
 static int 
 pbkdf2_sha1_f(const char *passphrase, const char *ssid,
-			 size_t ssid_len, int iterations, unsigned int count,
+        size_t ssid_len, int iterations, unsigned int count,
-			 u8 *digest)
+        u8 *digest)
 {
 	unsigned char tmp[SHA1_MAC_LEN], tmp2[SHA1_MAC_LEN];
 	int i, j;
@@ -99,3 +152,4 @@ pbkdf2_sha1(const char *passphrase, const char *ssid, size_t ssid_len,
 
 	return 0;
 }
+#endif