Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

mbedTLS support #106

Closed
neheb opened this issue Jul 22, 2019 · 13 comments
Closed

mbedTLS support #106

neheb opened this issue Jul 22, 2019 · 13 comments

Comments

@neheb
Copy link
Contributor

neheb commented Jul 22, 2019

In OpenWrt, mbedTLS is used for libcurl as the default provider for TLS for size reasons. However with hcxtools, libopenssl must be present as well. This presents a challenge for flash size limited routers. Here are some sizes: https://downloads.openwrt.org/snapshots/packages/arc_arc700/base/

libmbedtls12_2.16.2-1_arc_arc700.ipk | 156.1 KB
libopenssl1.1_1.1.1c-1_arc_arc700.ipk | 855.6 KB

As far as I can tell, the only missing piece for mbedTLS is that CMAC is disabled by default. It can be compile time enabled.

libopenssl is faster, yes, but I don't think speed is important here.
@ZerBea
Copy link
Owner

ZerBea commented Jul 22, 2019

Should be not a big problem to use libmbedtls instead of libopenssl. Unfortunately I can't test it here. Can you make a PR?

@RealEnder RealEnder mentioned this issue Jan 7, 2020
Closed
@ZerBea ZerBea mentioned this issue Jan 23, 2020
Closed
@ZerBea ZerBea mentioned this issue Jul 23, 2020
Closed
@ZerBea
Copy link
Owner

ZerBea commented Feb 8, 2021

OpenSSL is switching to v3.0.0, soon. Due to some API changes, many functions have to be recoded.
Now it's time to think about switching to mbedTLS support.

Is there any good documentation how to replace the following OpenSSL functions by mbedTLS functions:

static inline int mschapv2_challenge_hash(uint8_t *peer_challenge, uint8_t *auth_challenge, uint8_t *username, size_t usernamelen, uint8_t *challenge)
https://github.com/ZerBea/hcxtools/blob/master/hcxpcapngtool.c#L1218

int omac1_aes_128_vector(const uint8_t *key, size_t num_elem, const uint8_t *addr[], const size_t *len, uint8_t *mac)
https://github.com/ZerBea/hcxtools/blob/master/hcxpcapngtool.c#L1667

HMAC(EVP_sha1(), testpmk, 32, pkedata, 100, ptk + p *20, NULL);
HMAC(EVP_md5(), &ptk, 16, eapoldata, eapollen, miczero, NULL);
HMAC(EVP_sha256(), testpmk, 32, pkedata_prf, 2 + 98 + 2, ptk, NULL);
https://github.com/ZerBea/hcxtools/blob/master/hcxpcapngtool.c#L1739

PKCS5_PBKDF2_HMAC_SHA1(zeroedpsk, 8, essid, essidlen, 4096, 32, calculatedpmk)
https://github.com/ZerBea/hcxtools/blob/master/hcxpcapngtool.c#L1790

Any information is appreciated.

@neheb
Copy link
Contributor Author

neheb commented Feb 8, 2021 via email

@ZerBea
Copy link
Owner

ZerBea commented Feb 8, 2021

Got them from curl lib directory. Thanks

@ZerBea
Copy link
Owner

ZerBea commented Feb 8, 2021

According to this:
https://wiki.archlinux.org/index.php/Transport_Layer_Security#Implementations
we have several implementations, running Arch Linux.
I'll do some tests on some of them (OpenSSL, LibreSSL and mbedTLS) and choose the one which is fast and well documented.

@neheb
Copy link
Contributor Author

neheb commented Feb 8, 2021

Speed should be in that order.

LibreSSL shouldn't really be used. It's mostly a BSD thing. Alpine Linux removed it because of all the patching that was needed.

mbedTLS is nice for embedded devices. Note that hcxtools are available for OpenWrt where OpenSSL is huge.

@ZerBea
Copy link
Owner

ZerBea commented Feb 9, 2021
edited

I aggree. Hcxdumptool and hcxtools are designed to run on small machines (e.g. Raspberry Pi Zero and some small BE systems - you may have noticed the massive code changes during the last past weeks, regarding endianess). That was the reason why I dropped libpcap and WiringPi completely. All the oversized functions are simply not required.
Also I'm a friend of the "KISS principle" and I don't like an oversized WiFi suite which can do everything but nothing really prefect.
Now I'm going to test the migration of the 6 HMAC functions and the TLS function to mbedTLS. Therefore I have to find a good documention of mbedTLS, without diving into the source code of curl. Unfortunately my first test (pkcs5) using mbedTLS failed.
Another option is to take the 6 HMAC functions from hashcat and to use TLS from mbedTLS, only.
But anyway, the HMAC functions are mandatory to identify initial PMKIDs/PTKs, calculated from a zeroed PMK. That is the only way to filter them out, because they are useless for us.

BTW:
mbedTLS is part of Arch Linux packages:
https://archlinux.org/packages/community/x86_64/mbedtls/
https://archlinuxarm.org/packages/arm/mbedtls
https://archlinuxarm.org/packages/armv6h/mbedtls
https://archlinuxarm.org/packages/armv7h/mbedtls
https://archlinuxarm.org/packages/aarch64/mbedtls

Also, I aggree about the installed size:
Packages (1) mbedtls-2.25.0-1
Total Installed Size: 5.07 MiB

Packages (1) openssl-1.1.1.i-2
Total Installed Size: 7.31 MiB

@neheb
Copy link
Contributor Author

neheb commented Feb 9, 2021

On OpenWrt it's 971.2 KB OpenSSL vs 175.1 KB mbedtls for mips architecture.

If you don't need TLS, why use a TLS library? Taking the functions from hashcat sounds like a good idea.

@ZerBea
Copy link
Owner

ZerBea commented Feb 9, 2021
edited

We need the TLS functions of the library on EAP-TLS.

Luckily, I think I figured out how the libray works:
openssl:

$ wlangenpmk -p passwort -e essid
essid (networkname)....: essid
password...............: passwort
plainmasterkey (SHA1)..: 0897f67a8db79ebadf8b1931d853373ef8b1ec7e80d69f4ecafba220f4d21541

Speedtest 1000 PMKs calculated:
$ time ./wlangenpmk -p passwort -e essid
real	0m1,895s
user	0m1,890s
sys	0m0,000s

vs. mbedTLS:

$ ./mbedtls
0897f67a8db79ebadf8b1931d853373ef8b1ec7e80d69f4ecafba220f4d21541

Speedtest 1000 PMKs calculated:
$ time ./mbedtls
real	0m7,826s
user	0m7,822s
sys	0m0,000s

After some speed tests, I noticed that the single thread calculation time is much more than expected.
We are nearly 4 times slower than running openssl. That will slow down the conversion process of pcapngfiles (containig many EAPOL messages and/or PMKIDs) extremely.

@neheb
Copy link
Contributor Author

neheb commented Feb 9, 2021

Unfortunate.

There's also WolfSSL, which is smaller than OpenSSL and around 2x mbedTLS. It should be comparable to OpenSSL.

@ZerBea
Copy link
Owner

ZerBea commented Feb 9, 2021

Indeed, unfortunate. Everything looked fine, until a started the speed comparison.

WolfSSL is no alternative, because it isn't part of Arch Linux package system.

Looks like there will be no quick and easy solution.
But anyway, I started to add openssl 3.0 compatibility to hcxtools to avoid tons of warnings when Arch moved to 3.0, until I'll find a better solution (adding hashcat HMAC functions on time sensitive algo's).

@ZerBea
Copy link
Owner

ZerBea commented Feb 9, 2021

Closed this feature request due to massive speed impact.
Now only 2 options remaining:
adding openssl 3.0.0 support - quick fix, only few test mandatory
adding hashcat has functions - will take a while, massive tests mandatory

@ZerBea ZerBea closed this as completed Feb 9, 2021
@ZerBea ZerBea mentioned this issue Mar 15, 2021
Closed
@ZerBea
Copy link
Owner

ZerBea commented Mar 16, 2021
edited

Looks like this patch is working and we have a tiny alternative, now:
#184 (comment)
reference:
libressl/portable#651

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@neheb @ZerBea