alex/esp-idf
alex/esp-idf
1
0
Fork 0
mirror of https://github.com/espressif/esp-idf.git synced 2024-10-05 20:47:46 -04:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge branch 'feature/mbedtls_private_cleanup' into 'master'

Browse Source 
mbedtls: `MBEDTLS_PRIVATE` & `MBEDTLS_ALLOW_PRIVATE_ACCESS`-related cleanup

Closes IDF-5861

See merge request espressif/esp-idf!20163
This commit is contained in:
Mahavir Jain 2022-09-29 18:20:26 +08:00
commit 16a123ce8f
9 changed files with 114 additions and 91 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
components/mbedtls/port/dynamic/esp_mbedtls_dynamic_impl.c
View File

@ -458,10 +458,10 @@ size_t esp_mbedtls_get_crt_size(mbedtls_x509_crt *cert, size_t *num)
size_t bytes = 0;
while (cert) {
bytes += cert->MBEDTLS_PRIVATE(raw).MBEDTLS_PRIVATE(len);
bytes += cert->raw.len;
n++;
cert = cert->MBEDTLS_PRIVATE(next);
cert = cert->next;
}
*num = n;
@ -473,14 +473,15 @@ size_t esp_mbedtls_get_crt_size(mbedtls_x509_crt *cert, size_t *num)
void esp_mbedtls_free_dhm(mbedtls_ssl_context *ssl)
{
#ifdef CONFIG_MBEDTLS_DHM_C
mbedtls_mpi_free((mbedtls_mpi *)&ssl->MBEDTLS_PRIVATE(conf)->MBEDTLS_PRIVATE(dhm_P));
mbedtls_mpi_free((mbedtls_mpi *)&ssl->MBEDTLS_PRIVATE(conf)->MBEDTLS_PRIVATE(dhm_G));
const mbedtls_ssl_config *conf = mbedtls_ssl_context_get_config(ssl);
mbedtls_mpi_free((mbedtls_mpi *)conf->MBEDTLS_PRIVATE(dhm_P));
mbedtls_mpi_free((mbedtls_mpi *)conf->MBEDTLS_PRIVATE(dhm_G));
#endif /* CONFIG_MBEDTLS_DHM_C */
}
void esp_mbedtls_free_keycert(mbedtls_ssl_context *ssl)
{
mbedtls_ssl_config *conf = (mbedtls_ssl_config *)ssl->MBEDTLS_PRIVATE(conf);
mbedtls_ssl_config *conf = (mbedtls_ssl_config * )mbedtls_ssl_context_get_config(ssl);
mbedtls_ssl_key_cert *keycert = conf->MBEDTLS_PRIVATE(key_cert), *next;
while (keycert) {
@ -498,7 +499,8 @@ void esp_mbedtls_free_keycert(mbedtls_ssl_context *ssl)
void esp_mbedtls_free_keycert_key(mbedtls_ssl_context *ssl)
{
mbedtls_ssl_key_cert *keycert = ssl->MBEDTLS_PRIVATE(conf)->MBEDTLS_PRIVATE(key_cert);
const mbedtls_ssl_config *conf = mbedtls_ssl_context_get_config(ssl);
mbedtls_ssl_key_cert *keycert = conf->MBEDTLS_PRIVATE(key_cert);
while (keycert) {
if (keycert->key) {
@ -511,7 +513,8 @@ void esp_mbedtls_free_keycert_key(mbedtls_ssl_context *ssl)
void esp_mbedtls_free_keycert_cert(mbedtls_ssl_context *ssl)
{
mbedtls_ssl_key_cert *keycert = ssl->MBEDTLS_PRIVATE(conf)->MBEDTLS_PRIVATE(key_cert);
const mbedtls_ssl_config *conf = mbedtls_ssl_context_get_config(ssl);
mbedtls_ssl_key_cert *keycert = conf->MBEDTLS_PRIVATE(key_cert);
while (keycert) {
if (keycert->cert) {
@ -527,7 +530,7 @@ void esp_mbedtls_free_keycert_cert(mbedtls_ssl_context *ssl)
void esp_mbedtls_free_cacert(mbedtls_ssl_context *ssl)
{
if (ssl->MBEDTLS_PRIVATE(conf)->MBEDTLS_PRIVATE(ca_chain)) {
mbedtls_ssl_config *conf = (mbedtls_ssl_config *)ssl->MBEDTLS_PRIVATE(conf);
mbedtls_ssl_config *conf = (mbedtls_ssl_config * )mbedtls_ssl_context_get_config(ssl);
mbedtls_x509_crt_free(conf->MBEDTLS_PRIVATE(ca_chain));
conf->MBEDTLS_PRIVATE(ca_chain) = NULL;

16
components/mbedtls/port/dynamic/esp_mbedtls_dynamic_impl.h
View File

@ -9,15 +9,19 @@
#include <stddef.h>
#include <string.h>
#include <stdbool.h>
/* ToDo - Remove this once appropriate solution is available.
We need to define this for the file as ssl_misc.h uses private structures from mbedtls,
which are undefined if the following flag is not defined */
/* Many APIs in the file make use of this flag instead of `MBEDTLS_PRIVATE` */
/* ToDo - Replace them with proper getter-setter once they are added */
/* TODO: Remove this once the appropriate solution is found
*
* ssl_misc.h header uses private elements from
* mbedtls, which become undefined if the following flag
* is not defined
*/
#define MBEDTLS_ALLOW_PRIVATE_ACCESS
// located at mbedtls/library/ssl_misc.h
#include "ssl_misc.h"
#include "mbedtls/ssl.h"
#include "ssl_misc.h" // located at mbedtls/library/ssl_misc.h
#include "mbedtls/platform.h"
#include "esp_log.h"

6
components/mbedtls/port/dynamic/esp_ssl_cli.c
View File

@ -19,7 +19,7 @@ static int manage_resource(mbedtls_ssl_context *ssl, bool add)
{
int state = add ? ssl->MBEDTLS_PRIVATE(state) : ssl->MBEDTLS_PRIVATE(state) - 1;
if (ssl->MBEDTLS_PRIVATE(state) == MBEDTLS_SSL_HANDSHAKE_OVER || ssl->MBEDTLS_PRIVATE(handshake) == NULL) {
if (mbedtls_ssl_is_handshake_over(ssl) || ssl->MBEDTLS_PRIVATE(handshake) == NULL) {
return 0;
}
@ -103,7 +103,9 @@ static int manage_resource(mbedtls_ssl_context *ssl, bool add)
case MBEDTLS_SSL_CLIENT_CERTIFICATE:
if (add) {
size_t buffer_len = 3;
mbedtls_ssl_key_cert *key_cert = ssl->MBEDTLS_PRIVATE(conf)->MBEDTLS_PRIVATE(key_cert);
const mbedtls_ssl_config *conf = mbedtls_ssl_context_get_config(ssl);
mbedtls_ssl_key_cert *key_cert = conf->MBEDTLS_PRIVATE(key_cert);
while (key_cert && key_cert->cert) {
size_t num;

10
components/mbedtls/port/dynamic/esp_ssl_srv.c
View File

@ -18,8 +18,8 @@ static const char *TAG = "SSL Server";
*/
static bool ssl_ciphersuite_uses_rsa_key_ex(mbedtls_ssl_context *ssl)
{
const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
ssl->MBEDTLS_PRIVATE(handshake)->ciphersuite_info;
int suite_id = mbedtls_ssl_get_ciphersuite_id_from_ssl(ssl);
const mbedtls_ssl_ciphersuite_t *ciphersuite_info = mbedtls_ssl_ciphersuite_from_id(suite_id);
if (ciphersuite_info->MBEDTLS_PRIVATE(key_exchange) == MBEDTLS_KEY_EXCHANGE_RSA ||
ciphersuite_info->MBEDTLS_PRIVATE(key_exchange) == MBEDTLS_KEY_EXCHANGE_RSA_PSK) {
@ -34,7 +34,7 @@ static int manage_resource(mbedtls_ssl_context *ssl, bool add)
{
int state = add ? ssl->MBEDTLS_PRIVATE(state) : ssl->MBEDTLS_PRIVATE(state) - 1;
if (ssl->MBEDTLS_PRIVATE(state) == MBEDTLS_SSL_HANDSHAKE_OVER || ssl->MBEDTLS_PRIVATE(handshake) == NULL) {
if (mbedtls_ssl_is_handshake_over(ssl) || ssl->MBEDTLS_PRIVATE(handshake) == NULL) {
return 0;
}
@ -66,7 +66,9 @@ static int manage_resource(mbedtls_ssl_context *ssl, bool add)
case MBEDTLS_SSL_SERVER_CERTIFICATE:
if (add) {
size_t buffer_len = 3;
mbedtls_ssl_key_cert *key_cert = ssl->MBEDTLS_PRIVATE(conf)->MBEDTLS_PRIVATE(key_cert);
const mbedtls_ssl_config *conf = mbedtls_ssl_context_get_config(ssl);
mbedtls_ssl_key_cert *key_cert = conf->MBEDTLS_PRIVATE(key_cert);
while (key_cert && key_cert->cert) {
size_t num;

23
components/mbedtls/port/ecc/ecc_alt.c
View File

@ -8,11 +8,6 @@
#include "soc/hwcrypto_periph.h"
#include "ecc_impl.h"
/* TBD: Remove this and use proper getter/setter methods to access
* private members of EC data structures once they are available
* in mbedTLS stack */
#define MBEDTLS_ALLOW_PRIVATE_ACCESS
#include "mbedtls/ecp.h"
#include "mbedtls/platform_util.h"
@ -37,19 +32,19 @@ static int esp_mbedtls_ecp_point_multiply(const mbedtls_ecp_group *grp, mbedtls_
p_pt.len = grp->pbits / 8;
memcpy(&p_pt.x, P->X.p, mbedtls_mpi_size(&P->X));
memcpy(&p_pt.y, P->Y.p, mbedtls_mpi_size(&P->Y));
memcpy(&p_pt.x, P->MBEDTLS_PRIVATE(X).MBEDTLS_PRIVATE(p), mbedtls_mpi_size(&P->MBEDTLS_PRIVATE(X)));
memcpy(&p_pt.y, P->MBEDTLS_PRIVATE(Y).MBEDTLS_PRIVATE(p), mbedtls_mpi_size(&P->MBEDTLS_PRIVATE(Y)));
ret = esp_ecc_point_multiply(&p_pt, (uint8_t *)m->p, &r_pt, false);
ret = esp_ecc_point_multiply(&p_pt, (uint8_t *)m->MBEDTLS_PRIVATE(p), &r_pt, false);
for (int i = 0; i < MAX_SIZE; i++) {
x_tmp[MAX_SIZE - i - 1] = r_pt.x[i];
y_tmp[MAX_SIZE - i - 1] = r_pt.y[i];
}
mbedtls_mpi_read_binary(&R->X, x_tmp, MAX_SIZE);
mbedtls_mpi_read_binary(&R->Y, y_tmp, MAX_SIZE);
mbedtls_mpi_lset(&R->Z, 1);
mbedtls_mpi_read_binary(&R->MBEDTLS_PRIVATE(X), x_tmp, MAX_SIZE);
mbedtls_mpi_read_binary(&R->MBEDTLS_PRIVATE(Y), y_tmp, MAX_SIZE);
mbedtls_mpi_lset(&R->MBEDTLS_PRIVATE(Z), 1);
return ret;
}
@ -94,13 +89,13 @@ int mbedtls_ecp_check_pubkey( const mbedtls_ecp_group *grp,
ECP_VALIDATE_RET( pt != NULL );
/* Must use affine coordinates */
if( mbedtls_mpi_cmp_int( &pt->Z, 1 ) != 0 )
if( mbedtls_mpi_cmp_int( &pt->MBEDTLS_PRIVATE(Z), 1 ) != 0 )
return( MBEDTLS_ERR_ECP_INVALID_KEY );
mbedtls_platform_zeroize((void *)&point, sizeof(ecc_point_t));
memcpy(&point.x, pt->X.p, mbedtls_mpi_size(&pt->X));
memcpy(&point.y, pt->Y.p, mbedtls_mpi_size(&pt->Y));
memcpy(&point.x, pt->MBEDTLS_PRIVATE(X).MBEDTLS_PRIVATE(p), mbedtls_mpi_size(&pt->MBEDTLS_PRIVATE(X)));
memcpy(&point.y, pt->MBEDTLS_PRIVATE(Y).MBEDTLS_PRIVATE(p), mbedtls_mpi_size(&pt->MBEDTLS_PRIVATE(Y)));
point.len = grp->pbits / 8;

8
components/mbedtls/port/esp_timing.c
View File

@ -83,4 +83,12 @@ int mbedtls_timing_get_delay( void *data )
return( 0 );
}
/*
* Get the final delay.
*/
uint32_t mbedtls_timing_get_final_delay( const mbedtls_timing_delay_context *data )
{
return( data->MBEDTLS_PRIVATE(fin_ms) );
}
#endif /* MBEDTLS_ESP_TIMING_C */

48
components/mbedtls/test_apps/main/test_ecp.c
View File

@ -12,13 +12,6 @@
#include <stdbool.h>
#include <esp_random.h>
/* ToDo - Remove this once appropriate solution is available.
We need to define this for the file as ssl_misc.h uses private structures from mbedtls,
which are undefined if the following flag is not defined */
/* Many APIs in the file make use of this flag instead of `MBEDTLS_PRIVATE` */
/* ToDo - Replace them with proper getter-setter once they are added */
#define MBEDTLS_ALLOW_PRIVATE_ACCESS
#include <mbedtls/entropy.h>
#include <mbedtls/ctr_drbg.h>
#include <mbedtls/ecdh.h>
@ -31,6 +24,20 @@ which are undefined if the following flag is not defined */
error hex value (mbedTLS uses -N for error codes) */
#define TEST_ASSERT_MBEDTLS_OK(X) TEST_ASSERT_EQUAL_HEX32(0, -(X))
/* TODO: Currently MBEDTLS_ECDH_LEGACY_CONTEXT is enabled by default
* when MBEDTLS_ECP_RESTARTABLE is enabled.
* This is a temporary workaround to allow that.
*
* The legacy option is soon going to be removed in future mbedtls
* versions and this workaround will be removed once the appropriate
* solution is available.
*/
#ifdef CONFIG_MBEDTLS_ECDH_LEGACY_CONTEXT
#define ACCESS_ECDH(S, var) S.MBEDTLS_PRIVATE(var)
#else
#define ACCESS_ECDH(S, var) S.MBEDTLS_PRIVATE(ctx).MBEDTLS_PRIVATE(mbed_ecdh).MBEDTLS_PRIVATE(var)
#endif
TEST_CASE("mbedtls ECDH Generate Key", "[mbedtls]")
{
mbedtls_ecdh_context ctx;
@ -43,9 +50,9 @@ TEST_CASE("mbedtls ECDH Generate Key", "[mbedtls]")
mbedtls_entropy_init(&entropy);
TEST_ASSERT_MBEDTLS_OK( mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, NULL, 0) );
TEST_ASSERT_MBEDTLS_OK( mbedtls_ecp_group_load(&ctx.ctx.mbed_ecdh.grp, MBEDTLS_ECP_DP_CURVE25519) );
TEST_ASSERT_MBEDTLS_OK( mbedtls_ecp_group_load(ACCESS_ECDH(&ctx, grp), MBEDTLS_ECP_DP_CURVE25519) );
TEST_ASSERT_MBEDTLS_OK( mbedtls_ecdh_gen_public(&ctx.ctx.mbed_ecdh.grp, &ctx.ctx.mbed_ecdh.d, &ctx.ctx.mbed_ecdh.Q,
TEST_ASSERT_MBEDTLS_OK( mbedtls_ecdh_gen_public(ACCESS_ECDH(&ctx, grp), ACCESS_ECDH(&ctx, d), ACCESS_ECDH(&ctx, Q),
mbedtls_ctr_drbg_random, &ctr_drbg ) );
mbedtls_ecdh_free(&ctx);
@ -77,7 +84,8 @@ TEST_CASE("mbedtls ECP mul w/ koblitz", "[mbedtls]")
mbedtls_ctr_drbg_random, &ctxRandom) );
TEST_ASSERT_MBEDTLS_OK(mbedtls_ecp_mul(&ctxECDSA.grp, &ctxECDSA.Q, &ctxECDSA.d, &ctxECDSA.grp.G,
TEST_ASSERT_MBEDTLS_OK(mbedtls_ecp_mul(&ctxECDSA.MBEDTLS_PRIVATE(grp), &ctxECDSA.MBEDTLS_PRIVATE(Q),
&ctxECDSA.MBEDTLS_PRIVATE(d), &ctxECDSA.MBEDTLS_PRIVATE(grp).G,
mbedtls_ctr_drbg_random, &ctxRandom) );
mbedtls_ecdsa_free(&ctxECDSA);
@ -184,20 +192,20 @@ static void test_ecp_mul(mbedtls_ecp_group_id id, const uint8_t *x_coord, const
mbedtls_mpi_read_binary(&m, scalar, size);
mbedtls_mpi_read_binary(&P.X, x_coord, size);
mbedtls_mpi_read_binary(&P.Y, y_coord, size);
mbedtls_mpi_read_binary(&P.MBEDTLS_PRIVATE(X), x_coord, size);
mbedtls_mpi_read_binary(&P.MBEDTLS_PRIVATE(Y), y_coord, size);
mbedtls_mpi_lset(&P.Z, 1);
mbedtls_mpi_lset(&P.MBEDTLS_PRIVATE(Z), 1);
ret = mbedtls_ecp_mul(&grp, &R, &m, &P, rng_wrapper, NULL);
TEST_ASSERT_EQUAL(0, ret);
mbedtls_mpi_write_binary(&R.X, x, mbedtls_mpi_size(&R.X));
mbedtls_mpi_write_binary(&R.Y, y, mbedtls_mpi_size(&R.Y));
mbedtls_mpi_write_binary(&R.MBEDTLS_PRIVATE(X), x, mbedtls_mpi_size(&R.MBEDTLS_PRIVATE(X)));
mbedtls_mpi_write_binary(&R.MBEDTLS_PRIVATE(Y), y, mbedtls_mpi_size(&R.MBEDTLS_PRIVATE(Y)));
TEST_ASSERT_EQUAL(0, memcmp(x, result_x_coord, mbedtls_mpi_size(&R.X)));
TEST_ASSERT_EQUAL(0, memcmp(y, result_y_coord, mbedtls_mpi_size(&R.Y)));
TEST_ASSERT_EQUAL(0, memcmp(x, result_x_coord, mbedtls_mpi_size(&R.MBEDTLS_PRIVATE(X))));
TEST_ASSERT_EQUAL(0, memcmp(y, result_y_coord, mbedtls_mpi_size(&R.MBEDTLS_PRIVATE(Y))));
mbedtls_ecp_point_free(&R);
mbedtls_ecp_point_free(&P);
@ -232,9 +240,9 @@ static void test_ecp_verify(mbedtls_ecp_group_id id, const uint8_t *x_coord, con
size = grp.pbits / 8;
mbedtls_mpi_read_binary(&P.X, x_coord, size);
mbedtls_mpi_read_binary(&P.Y, y_coord, size);
mbedtls_mpi_lset(&P.Z, 1);
mbedtls_mpi_read_binary(&P.MBEDTLS_PRIVATE(X), x_coord, size);
mbedtls_mpi_read_binary(&P.MBEDTLS_PRIVATE(Y), y_coord, size);
mbedtls_mpi_lset(&P.MBEDTLS_PRIVATE(Z), 1);
ret = mbedtls_ecp_check_pubkey(&grp, &P);

28
components/protocomm/src/security/security1.c
View File

@ -10,23 +10,18 @@
#include <esp_err.h>
#include <esp_log.h>
/* ToDo - Remove this once appropriate solution is available.
We need to define this for the file as ssl_misc.h uses private structures from mbedtls,
which are undefined if the following flag is not defined */
/* Many APIs in the file make use of this flag instead of `MBEDTLS_PRIVATE` */
/* ToDo - Replace them with proper getter-setter once they are added */
#define MBEDTLS_ALLOW_PRIVATE_ACCESS
/* ToDo - Remove this once appropriate solution is available.
* Currently MBEDTLS_LEGACY_CONTEXT is enabled by default for MBEDTLS_ECP_RESTARTABLE
/* TODO: Currently MBEDTLS_ECDH_LEGACY_CONTEXT is enabled by default
* when MBEDTLS_ECP_RESTARTABLE is enabled.
* This is a temporary workaround to allow that.
* The LEGACY option is soon going to be removed in future mbedtls
* once it is removed we can remove the workaround.
*
* The legacy option is soon going to be removed in future mbedtls
* versions and this workaround will be removed once the appropriate
* solution is available.
*/
#ifdef CONFIG_MBEDTLS_ECDH_LEGACY_CONTEXT
#define ACCESS_ECDH(S, var) S->var
#define ACCESS_ECDH(S, var) S->MBEDTLS_PRIVATE(var)
#else
#define ACCESS_ECDH(S, var) S->ctx.mbed_ecdh.var
#define ACCESS_ECDH(S, var) S->MBEDTLS_PRIVATE(ctx).MBEDTLS_PRIVATE(mbed_ecdh).MBEDTLS_PRIVATE(var)
#endif
#include <mbedtls/aes.h>
@ -36,7 +31,6 @@ which are undefined if the following flag is not defined */
#include <mbedtls/ecdh.h>
#include <mbedtls/error.h>
#include <mbedtls/constant_time.h>
#include <ssl_misc.h>
#include <protocomm_security.h>
#include <protocomm_security1.h>
@ -249,7 +243,7 @@ static esp_err_t handle_session_command0(session_t *cur_session,
goto exit_cmd0;
}
mbed_err = mbedtls_mpi_write_binary(ACCESS_ECDH(&ctx_server, Q).X,
mbed_err = mbedtls_mpi_write_binary(ACCESS_ECDH(&ctx_server, Q).MBEDTLS_PRIVATE(X),
cur_session->device_pubkey,
PUBLIC_KEY_LEN);
if (mbed_err != 0) {
@ -266,7 +260,7 @@ static esp_err_t handle_session_command0(session_t *cur_session,
hexdump("Device pubkey", dev_pubkey, PUBLIC_KEY_LEN);
hexdump("Client pubkey", cli_pubkey, PUBLIC_KEY_LEN);
mbed_err = mbedtls_mpi_lset(ACCESS_ECDH(&ctx_server, Qp).Z, 1);
mbed_err = mbedtls_mpi_lset(ACCESS_ECDH(&ctx_server, Qp).MBEDTLS_PRIVATE(Z), 1);
if (mbed_err != 0) {
ESP_LOGE(TAG, "Failed at mbedtls_mpi_lset with error code : -0x%x", -mbed_err);
ret = ESP_FAIL;
@ -274,7 +268,7 @@ static esp_err_t handle_session_command0(session_t *cur_session,
}
flip_endian(cur_session->client_pubkey, PUBLIC_KEY_LEN);
mbed_err = mbedtls_mpi_read_binary(ACCESS_ECDH(&ctx_server, Qp).X, cli_pubkey, PUBLIC_KEY_LEN);
mbed_err = mbedtls_mpi_read_binary(ACCESS_ECDH(&ctx_server, Qp).MBEDTLS_PRIVATE(X), cli_pubkey, PUBLIC_KEY_LEN);
flip_endian(cur_session->client_pubkey, PUBLIC_KEY_LEN);
if (mbed_err != 0) {
ESP_LOGE(TAG, "Failed at mbedtls_mpi_read_binary with error code : -0x%x", -mbed_err);

47
components/protocomm/test_apps/main/test_protocomm.c
View File

@ -14,12 +14,19 @@
#include <unistd.h>
#include <unity.h>
/* ToDo - Remove this once appropriate solution is available.
We need to define this for the file as ssl_misc.h uses private structures from mbedtls,
which are undefined if the following flag is not defined */
/* Many APIs in the file make use of this flag instead of `MBEDTLS_PRIVATE()` */
/* ToDo - Replace them with proper getter-setter once they are added */
#define MBEDTLS_ALLOW_PRIVATE_ACCESS
/* TODO: Currently MBEDTLS_ECDH_LEGACY_CONTEXT is enabled by default
* when MBEDTLS_ECP_RESTARTABLE is enabled.
* This is a temporary workaround to allow that.
*
* The legacy option is soon going to be removed in future mbedtls
* versions and this workaround will be removed once the appropriate
* solution is available.
*/
#ifdef CONFIG_MBEDTLS_ECDH_LEGACY_CONTEXT
#define ACCESS_ECDH(S, var) S.MBEDTLS_PRIVATE(var)
#else
#define ACCESS_ECDH(S, var) S.MBEDTLS_PRIVATE(ctx).MBEDTLS_PRIVATE(mbed_ecdh).MBEDTLS_PRIVATE(var)
#endif
#include <mbedtls/aes.h>
#include <mbedtls/sha256.h>
@ -155,24 +162,24 @@ static esp_err_t verify_response0(session_t *session, SessionData *resp)
hexdump("Device pubkey", dev_pubkey, PUBLIC_KEY_LEN);
hexdump("Client pubkey", cli_pubkey, PUBLIC_KEY_LEN);
ret = mbedtls_mpi_lset(&session->ctx_client.ctx.mbed_ecdh.Qp.Z, 1);
ret = mbedtls_mpi_lset(ACCESS_ECDH(&session->ctx_client, Qp).MBEDTLS_PRIVATE(Z), 1);
if (ret != 0) {
ESP_LOGE(TAG, "Failed at mbedtls_mpi_lset with error code : %d", ret);
return ESP_FAIL;
}
flip_endian(session->device_pubkey, PUBLIC_KEY_LEN);
ret = mbedtls_mpi_read_binary(&session->ctx_client.ctx.mbed_ecdh.Qp.X, dev_pubkey, PUBLIC_KEY_LEN);
ret = mbedtls_mpi_read_binary(ACCESS_ECDH(&session->ctx_client, Qp).MBEDTLS_PRIVATE(X), dev_pubkey, PUBLIC_KEY_LEN);
flip_endian(session->device_pubkey, PUBLIC_KEY_LEN);
if (ret != 0) {
ESP_LOGE(TAG, "Failed at mbedtls_mpi_read_binary with error code : %d", ret);
return ESP_FAIL;
}
ret = mbedtls_ecdh_compute_shared(&session->ctx_client.ctx.mbed_ecdh.grp,
&session->ctx_client.ctx.mbed_ecdh.z,
&session->ctx_client.ctx.mbed_ecdh.Qp,
&session->ctx_client.ctx.mbed_ecdh.d,
ret = mbedtls_ecdh_compute_shared(ACCESS_ECDH(&session->ctx_client, grp),
ACCESS_ECDH(&session->ctx_client, z),
ACCESS_ECDH(&session->ctx_client, Qp),
ACCESS_ECDH(&session->ctx_client, d),
mbedtls_ctr_drbg_random,
&session->ctr_drbg);
if (ret != 0) {
@ -180,7 +187,7 @@ static esp_err_t verify_response0(session_t *session, SessionData *resp)
return ESP_FAIL;
}
ret = mbedtls_mpi_write_binary(&session->ctx_client.ctx.mbed_ecdh.z, session->sym_key, PUBLIC_KEY_LEN);
ret = mbedtls_mpi_write_binary(ACCESS_ECDH(&session->ctx_client, z), session->sym_key, PUBLIC_KEY_LEN);
if (ret != 0) {
ESP_LOGE(TAG, "Failed at mbedtls_mpi_write_binary with error code : %d", ret);
return ESP_FAIL;
@ -382,15 +389,15 @@ static esp_err_t test_sec_endpoint(session_t *session)
goto abort_test_sec_endpoint;
}
ret = mbedtls_ecp_group_load(&session->ctx_client.ctx.mbed_ecdh.grp, MBEDTLS_ECP_DP_CURVE25519);
ret = mbedtls_ecp_group_load(ACCESS_ECDH(&session->ctx_client, grp), MBEDTLS_ECP_DP_CURVE25519);
if (ret != 0) {
ESP_LOGE(TAG, "Failed at mbedtls_ecp_group_load with error code : %d", ret);
goto abort_test_sec_endpoint;
}
ret = mbedtls_ecdh_gen_public(&session->ctx_client.ctx.mbed_ecdh.grp,
&session->ctx_client.ctx.mbed_ecdh.d,
&session->ctx_client.ctx.mbed_ecdh.Q,
ret = mbedtls_ecdh_gen_public(ACCESS_ECDH(&session->ctx_client, grp),
ACCESS_ECDH(&session->ctx_client, d),
ACCESS_ECDH(&session->ctx_client, Q),
mbedtls_ctr_drbg_random,
&session->ctr_drbg);
if (ret != 0) {
@ -400,7 +407,7 @@ static esp_err_t test_sec_endpoint(session_t *session)
if (session->weak) {
/* Read zero client public key */
ret = mbedtls_mpi_read_binary(&session->ctx_client.ctx.mbed_ecdh.Q.X,
ret = mbedtls_mpi_read_binary(ACCESS_ECDH(&session->ctx_client, Q).MBEDTLS_PRIVATE(X),
session->client_pubkey,
PUBLIC_KEY_LEN);
if (ret != 0) {
@ -408,7 +415,7 @@ static esp_err_t test_sec_endpoint(session_t *session)
goto abort_test_sec_endpoint;
}
}
ret = mbedtls_mpi_write_binary(&session->ctx_client.ctx.mbed_ecdh.Q.X,
ret = mbedtls_mpi_write_binary(ACCESS_ECDH(&session->ctx_client, Q).MBEDTLS_PRIVATE(X),
session->client_pubkey,
PUBLIC_KEY_LEN);
if (ret != 0) {
@ -557,7 +564,7 @@ static esp_err_t test_req_endpoint(session_t *session)
// Check if the AES key is correctly set before calling the software encryption
// API. Without this check, the code will crash, resulting in a test case failure.
// For hardware AES, portability layer takes care of this.
if (session->ctx_aes.rk != NULL && session->ctx_aes.nr > 0) {
if (session->ctx_aes.MBEDTLS_PRIVATE(rk) != NULL && session->ctx_aes.MBEDTLS_PRIVATE(nr) > 0) {
#endif
mbedtls_aes_crypt_ctr(&session->ctx_aes, sizeof(rand_test_data), &session->nc_off,