From 8dc9e243ae3951f95db32def26e9cd86c154d1e9 Mon Sep 17 00:00:00 2001 From: Xia Xiao Tian Date: Fri, 11 Nov 2016 10:38:57 +0800 Subject: [PATCH 01/10] wpa2 enterprise: add wpa2 enterprise API and crypto files --- components/esp32/component.mk | 2 +- components/esp32/include/esp_wpa2.h | 112 ++++ components/wpa_supplicant/component.mk | 2 +- .../wpa_supplicant/include/crypto/ms_funcs.h | 60 ++ .../wpa_supplicant/include/wpa/common.h | 13 + .../wpa_supplicant/src/crypto/des-internal.c | 494 ++++++++++++++++ .../wpa_supplicant/src/crypto/md4-internal.c | 201 +++++++ .../wpa_supplicant/src/crypto/ms_funcs.c | 528 ++++++++++++++++++ 8 files changed, 1410 insertions(+), 2 deletions(-) create mode 100644 components/esp32/include/esp_wpa2.h create mode 100644 components/wpa_supplicant/include/crypto/ms_funcs.h create mode 100644 components/wpa_supplicant/src/crypto/des-internal.c create mode 100644 components/wpa_supplicant/src/crypto/md4-internal.c create mode 100644 components/wpa_supplicant/src/crypto/ms_funcs.c diff --git a/components/esp32/component.mk b/components/esp32/component.mk index c658787d87..14a56ff7a6 100644 --- a/components/esp32/component.mk +++ b/components/esp32/component.mk @@ -10,7 +10,7 @@ COMPONENT_SRCDIRS := . hwcrypto -LIBS := core net80211 phy rtc pp wpa smartconfig coexist +LIBS := core net80211 phy rtc pp wpa smartconfig coexist wpa2 LINKER_SCRIPTS += -T esp32_out.ld -T esp32.common.ld -T esp32.rom.ld -T esp32.peripherals.ld diff --git a/components/esp32/include/esp_wpa2.h b/components/esp32/include/esp_wpa2.h new file mode 100644 index 0000000000..d60513a3b9 --- /dev/null +++ b/components/esp32/include/esp_wpa2.h @@ -0,0 +1,112 @@ +#ifndef ESP_WPA2_H +#define ESP_WPA2_H + +#include "esp_err.h" + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * @brief Set wpa2 enterprise authentication. + * + * @attention wpa2 enterprise authentication can only be used when ESP8266 station is enabled. + * wpa2 enterprise authentication can only support PEAP-MSCHAPv2 and TTLS-MSCHAPv2 method. + * + * @param enable + * - 1: enable wpa2 enterprise authentication; + * - 0: disable wpa2 enterprise authentication + * + * @return 0: succeed + -1: fail + */ +esp_err_t esp_wifi_station_set_wpa2_enterprise_auth(int enable); + +/** + * @brief Set username for PEAP/TTLS method. + * + * @param username: point to address where stores the username; + * len: length of username, limited to 1~127 + * + * @return 0: succeed + * -1: fail(len <= 0 or len >= 128) + * -2: fail(internal memory malloc fail) + */ +esp_err_t esp_wifi_station_set_enterprise_username(unsigned char *username, int len); + +/** + * @brief Set password for PEAP/TTLS method.. + * + * @param password: point to address where stores the password; + * len: length of password + * + * @return 0: succeed + * -1: fail(len <= 0) + * -2: fail(internal memory malloc fail) + */ +esp_err_t esp_wifi_station_set_enterprise_password(unsigned char *password, int len); + +/** + * @brief Set CA certificate for PEAP/TTLS method. + * + * @param ca_cert: point to address where stores the CA certificate; + * len: length of ca_cert + * + * @return 0: succeed + */ +esp_err_t esp_wifi_station_set_enterprise_ca_cert(unsigned char *ca_cert, int len); + +/** + * @brief Clear username for PEAP/TTLS method. + * + * @param null + * + * @return null + */ +void esp_wifi_station_clear_enterprise_username(void); + +/** + * @brief Clear password for PEAP/TTLS method.. + * + * @param null + * + * @return null + */ +void esp_wifi_station_clear_enterprise_password(void); + +/** + * @brief Clear CA certificate for PEAP/TTLS method. + * + * @param null + * + * @return null + */ +void esp_wifi_station_clear_enterprise_ca_cert(void); + +/** + * @brief Set client certificate and key. + * + * @param client_cert: point to address where stores the client certificate; + * client_cert_len: length of client certificate; + * private_key: point to address where stores the private key; + * private_key_len: length of private key; + * private_key_password: point to address where stores the private key password; + * private_key_password_len: length of private key password; + * + * @return 0: succeed + */ +esp_err_t esp_wifi_station_set_enterprise_cert_key(unsigned char *client_cert, int client_cert_len, unsigned char *private_key, int private_key_len, unsigned char *private_key_passwd, int private_key_passwd_len); + +/** + * @brief Clear client certificate and key. + * + * @param null + * + * @return null + */ +void esp_wifi_station_clear_enterprise_cert_key(void); + +#ifdef __cplusplus +} +#endif +#endif diff --git a/components/wpa_supplicant/component.mk b/components/wpa_supplicant/component.mk index cb6b06652f..1189bb257a 100644 --- a/components/wpa_supplicant/component.mk +++ b/components/wpa_supplicant/component.mk @@ -1,6 +1,6 @@ COMPONENT_ADD_INCLUDEDIRS := include port/include COMPONENT_SRCDIRS := src/crypto -CFLAGS += -DEMBEDDED_SUPP -D__ets__ -Wno-strict-aliasing +CFLAGS += -DEMBEDDED_SUPP -D__ets__ -Wno-strict-aliasing -D__ESP32_SUPP_TYPE__ include $(IDF_PATH)/make/component_common.mk diff --git a/components/wpa_supplicant/include/crypto/ms_funcs.h b/components/wpa_supplicant/include/crypto/ms_funcs.h new file mode 100644 index 0000000000..dadb7d9321 --- /dev/null +++ b/components/wpa_supplicant/include/crypto/ms_funcs.h @@ -0,0 +1,60 @@ +/* + * WPA Supplicant / shared MSCHAPV2 helper functions + * + * + */ + +#ifndef MS_FUNCS_H +#define MS_FUNCS_H + +int generate_nt_response(const u8 *auth_challenge, const u8 *peer_challenge, + const u8 *username, size_t username_len, + const u8 *password, size_t password_len, + u8 *response); + +int generate_nt_response_pwhash(const u8 *auth_challenge, + const u8 *peer_challenge, + const u8 *username, size_t username_len, + const u8 *password_hash, + u8 *response); +int generate_authenticator_response(const u8 *password, size_t password_len, + const u8 *peer_challenge, + const u8 *auth_challenge, + const u8 *username, size_t username_len, + const u8 *nt_response, u8 *response); +int generate_authenticator_response_pwhash( + const u8 *password_hash, + const u8 *peer_challenge, const u8 *auth_challenge, + const u8 *username, size_t username_len, + const u8 *nt_response, u8 *response); +int nt_challenge_response(const u8 *challenge, const u8 *password, + size_t password_len, u8 *response); + +void challenge_response(const u8 *challenge, const u8 *password_hash, + u8 *response); +int nt_password_hash(const u8 *password, size_t password_len, + u8 *password_hash); +int hash_nt_password_hash(const u8 *password_hash, u8 *password_hash_hash); +int get_master_key(const u8 *password_hash_hash, const u8 *nt_response, + u8 *master_key); +int get_asymetric_start_key(const u8 *master_key, u8 *session_key, + size_t session_key_len, int is_send, + int is_server); +int encrypt_pw_block_with_password_hash( + const u8 *password, size_t password_len, + const u8 *password_hash, u8 *pw_block); +int __must_check encry_pw_block_with_password_hash( + const u8 *password, size_t password_len, + const u8 *password_hash, u8 *pw_block); +int __must_check new_password_encrypted_with_old_nt_password_hash( + const u8 *new_password, size_t new_password_len, + const u8 *old_password, size_t old_password_len, + u8 *encrypted_pw_block); +void nt_password_hash_encrypted_with_block(const u8 *password_hash, + const u8 *block, u8 *cypher); +int old_nt_password_hash_encrypted_with_new_nt_password_hash( + const u8 *new_password, size_t new_password_len, + const u8 *old_password, size_t old_password_len, + u8 *encrypted_password_hash); + +#endif /* MS_FUNCS_H */ diff --git a/components/wpa_supplicant/include/wpa/common.h b/components/wpa_supplicant/include/wpa/common.h index ca80c2394f..05868cc258 100644 --- a/components/wpa_supplicant/include/wpa/common.h +++ b/components/wpa_supplicant/include/wpa/common.h @@ -19,6 +19,19 @@ #endif /* ets */ #include "os.h" +/* Define platform specific variable type macros */ +#if defined(__ESP32_SUPP_TYPE__) +#include +typedef uint64_t u64; +typedef uint32_t u32; +typedef uint16_t u16; +typedef uint8_t u8; +typedef int64_t s64; +typedef int32_t s32; +typedef int16_t s16; +typedef int8_t s8; +#endif /*__ESP32_SUPP_TYPE__*/ + #if defined(__XTENSA__) #include #define __BYTE_ORDER BYTE_ORDER diff --git a/components/wpa_supplicant/src/crypto/des-internal.c b/components/wpa_supplicant/src/crypto/des-internal.c new file mode 100644 index 0000000000..410199a7bc --- /dev/null +++ b/components/wpa_supplicant/src/crypto/des-internal.c @@ -0,0 +1,494 @@ +/* + * DES and 3DES-EDE ciphers + * + * Modifications to LibTomCrypt implementation: + * Copyright (c) 2006-2009, Jouni Malinen + * + * This software may be distributed under the terms of the BSD license. + * See README for more details. + */ + + +#include "wpa/includes.h" + +#include "wpa/common.h" +#include "crypto/crypto.h" +//#include "des_i.h" + +/* + * This implementation is based on a DES implementation included in + * LibTomCrypt. The version here is modified to fit in wpa_supplicant/hostapd + * coding style. + */ + +/* LibTomCrypt, modular cryptographic library -- Tom St Denis + * + * LibTomCrypt is a library that provides various cryptographic + * algorithms in a highly modular and flexible manner. + * + * The library is free for all purposes without any express + * guarantee it works. + * + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com + */ + +/** + DES code submitted by Dobes Vandermeer +*/ + +#define ROLc(x, y) \ + ((((unsigned long) (x) << (unsigned long) ((y) & 31)) | \ + (((unsigned long) (x) & 0xFFFFFFFFUL) >> \ + (unsigned long) (32 - ((y) & 31)))) & 0xFFFFFFFFUL) +#define RORc(x, y) \ + (((((unsigned long) (x) & 0xFFFFFFFFUL) >> \ + (unsigned long) ((y) & 31)) | \ + ((unsigned long) (x) << (unsigned long) (32 - ((y) & 31)))) & \ + 0xFFFFFFFFUL) + + +static const u32 bytebit[8] = +{ + 0200, 0100, 040, 020, 010, 04, 02, 01 +}; + +static const u32 bigbyte[24] = +{ + 0x800000UL, 0x400000UL, 0x200000UL, 0x100000UL, + 0x80000UL, 0x40000UL, 0x20000UL, 0x10000UL, + 0x8000UL, 0x4000UL, 0x2000UL, 0x1000UL, + 0x800UL, 0x400UL, 0x200UL, 0x100UL, + 0x80UL, 0x40UL, 0x20UL, 0x10UL, + 0x8UL, 0x4UL, 0x2UL, 0x1L +}; + +/* Use the key schedule specific in the standard (ANSI X3.92-1981) */ + +static const u8 pc1[56] = { + 56, 48, 40, 32, 24, 16, 8, 0, 57, 49, 41, 33, 25, 17, + 9, 1, 58, 50, 42, 34, 26, 18, 10, 2, 59, 51, 43, 35, + 62, 54, 46, 38, 30, 22, 14, 6, 61, 53, 45, 37, 29, 21, + 13, 5, 60, 52, 44, 36, 28, 20, 12, 4, 27, 19, 11, 3 +}; + +static const u8 totrot[16] = { + 1, 2, 4, 6, + 8, 10, 12, 14, + 15, 17, 19, 21, + 23, 25, 27, 28 +}; + +static const u8 pc2[48] = { + 13, 16, 10, 23, 0, 4, 2, 27, 14, 5, 20, 9, + 22, 18, 11, 3, 25, 7, 15, 6, 26, 19, 12, 1, + 40, 51, 30, 36, 46, 54, 29, 39, 50, 44, 32, 47, + 43, 48, 38, 55, 33, 52, 45, 41, 49, 35, 28, 31 +}; + + +static const u32 SP1[64] = +{ + 0x01010400UL, 0x00000000UL, 0x00010000UL, 0x01010404UL, + 0x01010004UL, 0x00010404UL, 0x00000004UL, 0x00010000UL, + 0x00000400UL, 0x01010400UL, 0x01010404UL, 0x00000400UL, + 0x01000404UL, 0x01010004UL, 0x01000000UL, 0x00000004UL, + 0x00000404UL, 0x01000400UL, 0x01000400UL, 0x00010400UL, + 0x00010400UL, 0x01010000UL, 0x01010000UL, 0x01000404UL, + 0x00010004UL, 0x01000004UL, 0x01000004UL, 0x00010004UL, + 0x00000000UL, 0x00000404UL, 0x00010404UL, 0x01000000UL, + 0x00010000UL, 0x01010404UL, 0x00000004UL, 0x01010000UL, + 0x01010400UL, 0x01000000UL, 0x01000000UL, 0x00000400UL, + 0x01010004UL, 0x00010000UL, 0x00010400UL, 0x01000004UL, + 0x00000400UL, 0x00000004UL, 0x01000404UL, 0x00010404UL, + 0x01010404UL, 0x00010004UL, 0x01010000UL, 0x01000404UL, + 0x01000004UL, 0x00000404UL, 0x00010404UL, 0x01010400UL, + 0x00000404UL, 0x01000400UL, 0x01000400UL, 0x00000000UL, + 0x00010004UL, 0x00010400UL, 0x00000000UL, 0x01010004UL +}; + +static const u32 SP2[64] = +{ + 0x80108020UL, 0x80008000UL, 0x00008000UL, 0x00108020UL, + 0x00100000UL, 0x00000020UL, 0x80100020UL, 0x80008020UL, + 0x80000020UL, 0x80108020UL, 0x80108000UL, 0x80000000UL, + 0x80008000UL, 0x00100000UL, 0x00000020UL, 0x80100020UL, + 0x00108000UL, 0x00100020UL, 0x80008020UL, 0x00000000UL, + 0x80000000UL, 0x00008000UL, 0x00108020UL, 0x80100000UL, + 0x00100020UL, 0x80000020UL, 0x00000000UL, 0x00108000UL, + 0x00008020UL, 0x80108000UL, 0x80100000UL, 0x00008020UL, + 0x00000000UL, 0x00108020UL, 0x80100020UL, 0x00100000UL, + 0x80008020UL, 0x80100000UL, 0x80108000UL, 0x00008000UL, + 0x80100000UL, 0x80008000UL, 0x00000020UL, 0x80108020UL, + 0x00108020UL, 0x00000020UL, 0x00008000UL, 0x80000000UL, + 0x00008020UL, 0x80108000UL, 0x00100000UL, 0x80000020UL, + 0x00100020UL, 0x80008020UL, 0x80000020UL, 0x00100020UL, + 0x00108000UL, 0x00000000UL, 0x80008000UL, 0x00008020UL, + 0x80000000UL, 0x80100020UL, 0x80108020UL, 0x00108000UL +}; + +static const u32 SP3[64] = +{ + 0x00000208UL, 0x08020200UL, 0x00000000UL, 0x08020008UL, + 0x08000200UL, 0x00000000UL, 0x00020208UL, 0x08000200UL, + 0x00020008UL, 0x08000008UL, 0x08000008UL, 0x00020000UL, + 0x08020208UL, 0x00020008UL, 0x08020000UL, 0x00000208UL, + 0x08000000UL, 0x00000008UL, 0x08020200UL, 0x00000200UL, + 0x00020200UL, 0x08020000UL, 0x08020008UL, 0x00020208UL, + 0x08000208UL, 0x00020200UL, 0x00020000UL, 0x08000208UL, + 0x00000008UL, 0x08020208UL, 0x00000200UL, 0x08000000UL, + 0x08020200UL, 0x08000000UL, 0x00020008UL, 0x00000208UL, + 0x00020000UL, 0x08020200UL, 0x08000200UL, 0x00000000UL, + 0x00000200UL, 0x00020008UL, 0x08020208UL, 0x08000200UL, + 0x08000008UL, 0x00000200UL, 0x00000000UL, 0x08020008UL, + 0x08000208UL, 0x00020000UL, 0x08000000UL, 0x08020208UL, + 0x00000008UL, 0x00020208UL, 0x00020200UL, 0x08000008UL, + 0x08020000UL, 0x08000208UL, 0x00000208UL, 0x08020000UL, + 0x00020208UL, 0x00000008UL, 0x08020008UL, 0x00020200UL +}; + +static const u32 SP4[64] = +{ + 0x00802001UL, 0x00002081UL, 0x00002081UL, 0x00000080UL, + 0x00802080UL, 0x00800081UL, 0x00800001UL, 0x00002001UL, + 0x00000000UL, 0x00802000UL, 0x00802000UL, 0x00802081UL, + 0x00000081UL, 0x00000000UL, 0x00800080UL, 0x00800001UL, + 0x00000001UL, 0x00002000UL, 0x00800000UL, 0x00802001UL, + 0x00000080UL, 0x00800000UL, 0x00002001UL, 0x00002080UL, + 0x00800081UL, 0x00000001UL, 0x00002080UL, 0x00800080UL, + 0x00002000UL, 0x00802080UL, 0x00802081UL, 0x00000081UL, + 0x00800080UL, 0x00800001UL, 0x00802000UL, 0x00802081UL, + 0x00000081UL, 0x00000000UL, 0x00000000UL, 0x00802000UL, + 0x00002080UL, 0x00800080UL, 0x00800081UL, 0x00000001UL, + 0x00802001UL, 0x00002081UL, 0x00002081UL, 0x00000080UL, + 0x00802081UL, 0x00000081UL, 0x00000001UL, 0x00002000UL, + 0x00800001UL, 0x00002001UL, 0x00802080UL, 0x00800081UL, + 0x00002001UL, 0x00002080UL, 0x00800000UL, 0x00802001UL, + 0x00000080UL, 0x00800000UL, 0x00002000UL, 0x00802080UL +}; + +static const u32 SP5[64] = +{ + 0x00000100UL, 0x02080100UL, 0x02080000UL, 0x42000100UL, + 0x00080000UL, 0x00000100UL, 0x40000000UL, 0x02080000UL, + 0x40080100UL, 0x00080000UL, 0x02000100UL, 0x40080100UL, + 0x42000100UL, 0x42080000UL, 0x00080100UL, 0x40000000UL, + 0x02000000UL, 0x40080000UL, 0x40080000UL, 0x00000000UL, + 0x40000100UL, 0x42080100UL, 0x42080100UL, 0x02000100UL, + 0x42080000UL, 0x40000100UL, 0x00000000UL, 0x42000000UL, + 0x02080100UL, 0x02000000UL, 0x42000000UL, 0x00080100UL, + 0x00080000UL, 0x42000100UL, 0x00000100UL, 0x02000000UL, + 0x40000000UL, 0x02080000UL, 0x42000100UL, 0x40080100UL, + 0x02000100UL, 0x40000000UL, 0x42080000UL, 0x02080100UL, + 0x40080100UL, 0x00000100UL, 0x02000000UL, 0x42080000UL, + 0x42080100UL, 0x00080100UL, 0x42000000UL, 0x42080100UL, + 0x02080000UL, 0x00000000UL, 0x40080000UL, 0x42000000UL, + 0x00080100UL, 0x02000100UL, 0x40000100UL, 0x00080000UL, + 0x00000000UL, 0x40080000UL, 0x02080100UL, 0x40000100UL +}; + +static const u32 SP6[64] = +{ + 0x20000010UL, 0x20400000UL, 0x00004000UL, 0x20404010UL, + 0x20400000UL, 0x00000010UL, 0x20404010UL, 0x00400000UL, + 0x20004000UL, 0x00404010UL, 0x00400000UL, 0x20000010UL, + 0x00400010UL, 0x20004000UL, 0x20000000UL, 0x00004010UL, + 0x00000000UL, 0x00400010UL, 0x20004010UL, 0x00004000UL, + 0x00404000UL, 0x20004010UL, 0x00000010UL, 0x20400010UL, + 0x20400010UL, 0x00000000UL, 0x00404010UL, 0x20404000UL, + 0x00004010UL, 0x00404000UL, 0x20404000UL, 0x20000000UL, + 0x20004000UL, 0x00000010UL, 0x20400010UL, 0x00404000UL, + 0x20404010UL, 0x00400000UL, 0x00004010UL, 0x20000010UL, + 0x00400000UL, 0x20004000UL, 0x20000000UL, 0x00004010UL, + 0x20000010UL, 0x20404010UL, 0x00404000UL, 0x20400000UL, + 0x00404010UL, 0x20404000UL, 0x00000000UL, 0x20400010UL, + 0x00000010UL, 0x00004000UL, 0x20400000UL, 0x00404010UL, + 0x00004000UL, 0x00400010UL, 0x20004010UL, 0x00000000UL, + 0x20404000UL, 0x20000000UL, 0x00400010UL, 0x20004010UL +}; + +static const u32 SP7[64] = +{ + 0x00200000UL, 0x04200002UL, 0x04000802UL, 0x00000000UL, + 0x00000800UL, 0x04000802UL, 0x00200802UL, 0x04200800UL, + 0x04200802UL, 0x00200000UL, 0x00000000UL, 0x04000002UL, + 0x00000002UL, 0x04000000UL, 0x04200002UL, 0x00000802UL, + 0x04000800UL, 0x00200802UL, 0x00200002UL, 0x04000800UL, + 0x04000002UL, 0x04200000UL, 0x04200800UL, 0x00200002UL, + 0x04200000UL, 0x00000800UL, 0x00000802UL, 0x04200802UL, + 0x00200800UL, 0x00000002UL, 0x04000000UL, 0x00200800UL, + 0x04000000UL, 0x00200800UL, 0x00200000UL, 0x04000802UL, + 0x04000802UL, 0x04200002UL, 0x04200002UL, 0x00000002UL, + 0x00200002UL, 0x04000000UL, 0x04000800UL, 0x00200000UL, + 0x04200800UL, 0x00000802UL, 0x00200802UL, 0x04200800UL, + 0x00000802UL, 0x04000002UL, 0x04200802UL, 0x04200000UL, + 0x00200800UL, 0x00000000UL, 0x00000002UL, 0x04200802UL, + 0x00000000UL, 0x00200802UL, 0x04200000UL, 0x00000800UL, + 0x04000002UL, 0x04000800UL, 0x00000800UL, 0x00200002UL +}; + +static const u32 SP8[64] = +{ + 0x10001040UL, 0x00001000UL, 0x00040000UL, 0x10041040UL, + 0x10000000UL, 0x10001040UL, 0x00000040UL, 0x10000000UL, + 0x00040040UL, 0x10040000UL, 0x10041040UL, 0x00041000UL, + 0x10041000UL, 0x00041040UL, 0x00001000UL, 0x00000040UL, + 0x10040000UL, 0x10000040UL, 0x10001000UL, 0x00001040UL, + 0x00041000UL, 0x00040040UL, 0x10040040UL, 0x10041000UL, + 0x00001040UL, 0x00000000UL, 0x00000000UL, 0x10040040UL, + 0x10000040UL, 0x10001000UL, 0x00041040UL, 0x00040000UL, + 0x00041040UL, 0x00040000UL, 0x10041000UL, 0x00001000UL, + 0x00000040UL, 0x10040040UL, 0x00001000UL, 0x00041040UL, + 0x10001000UL, 0x00000040UL, 0x10000040UL, 0x10040000UL, + 0x10040040UL, 0x10000000UL, 0x00040000UL, 0x10001040UL, + 0x00000000UL, 0x10041040UL, 0x00040040UL, 0x10000040UL, + 0x10040000UL, 0x10001000UL, 0x10001040UL, 0x00000000UL, + 0x10041040UL, 0x00041000UL, 0x00041000UL, 0x00001040UL, + 0x00001040UL, 0x00040040UL, 0x10000000UL, 0x10041000UL +}; + +static void cookey(const u32 *raw1, u32 *keyout) +{ + u32 *cook; + const u32 *raw0; + u32 dough[32]; + int i; + + cook = dough; + for (i = 0; i < 16; i++, raw1++) { + raw0 = raw1++; + *cook = (*raw0 & 0x00fc0000L) << 6; + *cook |= (*raw0 & 0x00000fc0L) << 10; + *cook |= (*raw1 & 0x00fc0000L) >> 10; + *cook++ |= (*raw1 & 0x00000fc0L) >> 6; + *cook = (*raw0 & 0x0003f000L) << 12; + *cook |= (*raw0 & 0x0000003fL) << 16; + *cook |= (*raw1 & 0x0003f000L) >> 4; + *cook++ |= (*raw1 & 0x0000003fL); + } + + os_memcpy(keyout, dough, sizeof(dough)); +} + + +static void deskey(const u8 *key, int decrypt, u32 *keyout) +{ + u32 i, j, l, m, n, kn[32]; + u8 pc1m[56], pcr[56]; + + for (j = 0; j < 56; j++) { + l = (u32) pc1[j]; + m = l & 7; + pc1m[j] = (u8) + ((key[l >> 3U] & bytebit[m]) == bytebit[m] ? 1 : 0); + } + + for (i = 0; i < 16; i++) { + if (decrypt) + m = (15 - i) << 1; + else + m = i << 1; + n = m + 1; + kn[m] = kn[n] = 0L; + for (j = 0; j < 28; j++) { + l = j + (u32) totrot[i]; + if (l < 28) + pcr[j] = pc1m[l]; + else + pcr[j] = pc1m[l - 28]; + } + for (/* j = 28 */; j < 56; j++) { + l = j + (u32) totrot[i]; + if (l < 56) + pcr[j] = pc1m[l]; + else + pcr[j] = pc1m[l - 28]; + } + for (j = 0; j < 24; j++) { + if ((int) pcr[(int) pc2[j]] != 0) + kn[m] |= bigbyte[j]; + if ((int) pcr[(int) pc2[j + 24]] != 0) + kn[n] |= bigbyte[j]; + } + } + + cookey(kn, keyout); +} + + +static void desfunc(u32 *block, const u32 *keys) +{ + u32 work, right, leftt; + int cur_round; + + leftt = block[0]; + right = block[1]; + + work = ((leftt >> 4) ^ right) & 0x0f0f0f0fL; + right ^= work; + leftt ^= (work << 4); + + work = ((leftt >> 16) ^ right) & 0x0000ffffL; + right ^= work; + leftt ^= (work << 16); + + work = ((right >> 2) ^ leftt) & 0x33333333L; + leftt ^= work; + right ^= (work << 2); + + work = ((right >> 8) ^ leftt) & 0x00ff00ffL; + leftt ^= work; + right ^= (work << 8); + + right = ROLc(right, 1); + work = (leftt ^ right) & 0xaaaaaaaaL; + + leftt ^= work; + right ^= work; + leftt = ROLc(leftt, 1); + + for (cur_round = 0; cur_round < 8; cur_round++) { + work = RORc(right, 4) ^ *keys++; + leftt ^= SP7[work & 0x3fL] + ^ SP5[(work >> 8) & 0x3fL] + ^ SP3[(work >> 16) & 0x3fL] + ^ SP1[(work >> 24) & 0x3fL]; + work = right ^ *keys++; + leftt ^= SP8[ work & 0x3fL] + ^ SP6[(work >> 8) & 0x3fL] + ^ SP4[(work >> 16) & 0x3fL] + ^ SP2[(work >> 24) & 0x3fL]; + + work = RORc(leftt, 4) ^ *keys++; + right ^= SP7[ work & 0x3fL] + ^ SP5[(work >> 8) & 0x3fL] + ^ SP3[(work >> 16) & 0x3fL] + ^ SP1[(work >> 24) & 0x3fL]; + work = leftt ^ *keys++; + right ^= SP8[ work & 0x3fL] + ^ SP6[(work >> 8) & 0x3fL] + ^ SP4[(work >> 16) & 0x3fL] + ^ SP2[(work >> 24) & 0x3fL]; + } + + right = RORc(right, 1); + work = (leftt ^ right) & 0xaaaaaaaaL; + leftt ^= work; + right ^= work; + leftt = RORc(leftt, 1); + work = ((leftt >> 8) ^ right) & 0x00ff00ffL; + right ^= work; + leftt ^= (work << 8); + /* -- */ + work = ((leftt >> 2) ^ right) & 0x33333333L; + right ^= work; + leftt ^= (work << 2); + work = ((right >> 16) ^ leftt) & 0x0000ffffL; + leftt ^= work; + right ^= (work << 16); + work = ((right >> 4) ^ leftt) & 0x0f0f0f0fL; + leftt ^= work; + right ^= (work << 4); + + block[0] = right; + block[1] = leftt; +} + + +/* wpa_supplicant/hostapd specific wrapper */ + +void des_encrypt(const u8 *clear, const u8 *key, u8 *cypher) +{ + u8 pkey[8], next, tmp; + int i; + u32 ek[32], work[2]; + + /* Add parity bits to the key */ + next = 0; + for (i = 0; i < 7; i++) { + tmp = key[i]; + pkey[i] = (tmp >> i) | next | 1; + next = tmp << (7 - i); + } + pkey[i] = next | 1; + + deskey(pkey, 0, ek); + + work[0] = WPA_GET_BE32(clear); + work[1] = WPA_GET_BE32(clear + 4); + desfunc(work, ek); + WPA_PUT_BE32(cypher, work[0]); + WPA_PUT_BE32(cypher + 4, work[1]); + + os_memset(pkey, 0, sizeof(pkey)); + os_memset(ek, 0, sizeof(ek)); +} + +/* +void des_key_setup(const u8 *key, u32 *ek, u32 *dk) +{ + deskey(key, 0, ek); + deskey(key, 1, dk); +} + + +void des_block_encrypt(const u8 *plain, const u32 *ek, u8 *crypt) +{ + u32 work[2]; + work[0] = WPA_GET_BE32(plain); + work[1] = WPA_GET_BE32(plain + 4); + desfunc(work, ek); + WPA_PUT_BE32(crypt, work[0]); + WPA_PUT_BE32(crypt + 4, work[1]); +} + + +void des_block_decrypt(const u8 *crypt, const u32 *dk, u8 *plain) +{ + u32 work[2]; + work[0] = WPA_GET_BE32(crypt); + work[1] = WPA_GET_BE32(crypt + 4); + desfunc(work, dk); + WPA_PUT_BE32(plain, work[0]); + WPA_PUT_BE32(plain + 4, work[1]); +} + + +void des3_key_setup(const u8 *key, struct des3_key_s *dkey) +{ + deskey(key, 0, dkey->ek[0]); + deskey(key + 8, 1, dkey->ek[1]); + deskey(key + 16, 0, dkey->ek[2]); + + deskey(key, 1, dkey->dk[2]); + deskey(key + 8, 0, dkey->dk[1]); + deskey(key + 16, 1, dkey->dk[0]); +} + + +void des3_encrypt(const u8 *plain, const struct des3_key_s *key, u8 *crypt) +{ + u32 work[2]; + + work[0] = WPA_GET_BE32(plain); + work[1] = WPA_GET_BE32(plain + 4); + desfunc(work, key->ek[0]); + desfunc(work, key->ek[1]); + desfunc(work, key->ek[2]); + WPA_PUT_BE32(crypt, work[0]); + WPA_PUT_BE32(crypt + 4, work[1]); +} + + +void des3_decrypt(const u8 *crypt, const struct des3_key_s *key, u8 *plain) +{ + u32 work[2]; + + work[0] = WPA_GET_BE32(crypt); + work[1] = WPA_GET_BE32(crypt + 4); + desfunc(work, key->dk[0]); + desfunc(work, key->dk[1]); + desfunc(work, key->dk[2]); + WPA_PUT_BE32(plain, work[0]); + WPA_PUT_BE32(plain + 4, work[1]); +}*/ + diff --git a/components/wpa_supplicant/src/crypto/md4-internal.c b/components/wpa_supplicant/src/crypto/md4-internal.c new file mode 100644 index 0000000000..a3ad58129a --- /dev/null +++ b/components/wpa_supplicant/src/crypto/md4-internal.c @@ -0,0 +1,201 @@ +/* + * MD4 hash implementation + * + * This software may be distributed under the terms of BSD license. + */ + +#include "crypto/includes.h" +#include "crypto/common.h" +#include "crypto/crypto.h" + +#define MD4_BLOCK_LENGTH 64 +#define MD4_DIGEST_LENGTH 16 + +typedef struct MD4Context { + u32 state[4]; + u64 count; + u8 buffer[MD4_BLOCK_LENGTH]; +} MD4_CTX; + +static void MD4Init(MD4_CTX *ctx); +static void MD4Update(MD4_CTX *ctx, const unsigned char *input, size_t len); +static void MD4Final(unsigned char digest[MD4_DIGEST_LENGTH], MD4_CTX *ctx); + +int md4_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac) +{ + MD4_CTX ctx; + size_t i; + + MD4Init(&ctx); + for (i = 0; i < num_elem; i++) + MD4Update(&ctx, addr[i], len[i]); + MD4Final(mac, &ctx); + return 0; +} + +#define MD4_DIGEST_STRING_LENGTH (MD4_DIGEST_LENGTH * 2 + 1) + +static void MD4Transform(u32 state[4], const u8 block[MD4_BLOCK_LENGTH]); + +#define PUT_64BIT_LE(cp, value) do { \ + (cp)[7] = (value) >> 56; \ + (cp)[6] = (value) >> 48; \ + (cp)[5] = (value) >> 40; \ + (cp)[4] = (value) >> 32; \ + (cp)[3] = (value) >> 24; \ + (cp)[2] = (value) >> 16; \ + (cp)[1] = (value) >> 8; \ + (cp)[0] = (value); } while (0) + +#define PUT_32BIT_LE(cp, value) do { \ + (cp)[3] = (value) >> 24; \ + (cp)[2] = (value) >> 16; \ + (cp)[1] = (value) >> 8; \ + (cp)[0] = (value); } while (0) + +static u8 PADDING[MD4_BLOCK_LENGTH] = { + 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 +}; + +static void MD4Init(MD4_CTX *ctx) +{ + ctx->count = 0; + ctx->state[0] = 0x67452301; + ctx->state[1] = 0xefcdab89; + ctx->state[2] = 0x98badcfe; + ctx->state[3] = 0x10325476; +} + +static void MD4Update(MD4_CTX *ctx, const unsigned char *input, size_t len) +{ + size_t have, need; + + have = (size_t)((ctx->count >> 3) & (MD4_BLOCK_LENGTH - 1)); + need = MD4_BLOCK_LENGTH - have; + + ctx->count += (u64)len << 3; + + if (len >= need) { + if (have != 0) { + os_memcpy(ctx->buffer + have, input, need); + MD4Transform(ctx->state, ctx->buffer); + input += need; + len -= need; + have = 0; + } + + while (len >= MD4_BLOCK_LENGTH) { + MD4Transform(ctx->state, input); + input += MD4_BLOCK_LENGTH; + len -= MD4_BLOCK_LENGTH; + } + } + + if (len != 0) + os_memcpy(ctx->buffer + have, input, len); +} + +static void MD4Pad(MD4_CTX *ctx) +{ + u8 count[8]; + size_t padlen; + + PUT_64BIT_LE(count, ctx->count); + + padlen = MD4_BLOCK_LENGTH - + ((ctx->count >> 3) & (MD4_BLOCK_LENGTH - 1)); + if (padlen < 1 + 8) + padlen += MD4_BLOCK_LENGTH; + MD4Update(ctx, PADDING, padlen - 8); + MD4Update(ctx, count, 8); +} + +static void MD4Final(unsigned char digest[MD4_DIGEST_LENGTH], MD4_CTX *ctx) +{ + int i; + + MD4Pad(ctx); + if (digest != NULL) { + for (i = 0; i < 4; i ++) + PUT_32BIT_LE(digest + i * 4, ctx->state[i]); + os_memset(ctx, 0, sizeof(*ctx)); + } +} + +#define F1(x, y, z) (z ^ (x & (y ^ z))) +#define F2(x, y, z) ((x & y) | (x & z) | (y & z)) +#define F3(x, y, z) (x ^ y ^ z) + +#define MD4SETP(f, w, x, y, z, data, s) \ + ( w += f(x, y, z) + data, w = w<>(32-s) ) + +static void MD4Transform(u32 state[4], const u8 block[MD4_BLOCK_LENGTH]) +{ + u32 a, b, c, d, in[MD4_BLOCK_LENGTH / 4]; + + os_memcpy(in, block, sizeof(in)); + + a = state[0]; + b = state[1]; + c = state[2]; + d = state[3]; + + MD4SETP(F1, a, b, c, d, in[ 0], 3); + MD4SETP(F1, d, a, b, c, in[ 1], 7); + MD4SETP(F1, c, d, a, b, in[ 2], 11); + MD4SETP(F1, b, c, d, a, in[ 3], 19); + MD4SETP(F1, a, b, c, d, in[ 4], 3); + MD4SETP(F1, d, a, b, c, in[ 5], 7); + MD4SETP(F1, c, d, a, b, in[ 6], 11); + MD4SETP(F1, b, c, d, a, in[ 7], 19); + MD4SETP(F1, a, b, c, d, in[ 8], 3); + MD4SETP(F1, d, a, b, c, in[ 9], 7); + MD4SETP(F1, c, d, a, b, in[10], 11); + MD4SETP(F1, b, c, d, a, in[11], 19); + MD4SETP(F1, a, b, c, d, in[12], 3); + MD4SETP(F1, d, a, b, c, in[13], 7); + MD4SETP(F1, c, d, a, b, in[14], 11); + MD4SETP(F1, b, c, d, a, in[15], 19); + + MD4SETP(F2, a, b, c, d, in[ 0] + 0x5a827999, 3); + MD4SETP(F2, d, a, b, c, in[ 4] + 0x5a827999, 5); + MD4SETP(F2, c, d, a, b, in[ 8] + 0x5a827999, 9); + MD4SETP(F2, b, c, d, a, in[12] + 0x5a827999, 13); + MD4SETP(F2, a, b, c, d, in[ 1] + 0x5a827999, 3); + MD4SETP(F2, d, a, b, c, in[ 5] + 0x5a827999, 5); + MD4SETP(F2, c, d, a, b, in[ 9] + 0x5a827999, 9); + MD4SETP(F2, b, c, d, a, in[13] + 0x5a827999, 13); + MD4SETP(F2, a, b, c, d, in[ 2] + 0x5a827999, 3); + MD4SETP(F2, d, a, b, c, in[ 6] + 0x5a827999, 5); + MD4SETP(F2, c, d, a, b, in[10] + 0x5a827999, 9); + MD4SETP(F2, b, c, d, a, in[14] + 0x5a827999, 13); + MD4SETP(F2, a, b, c, d, in[ 3] + 0x5a827999, 3); + MD4SETP(F2, d, a, b, c, in[ 7] + 0x5a827999, 5); + MD4SETP(F2, c, d, a, b, in[11] + 0x5a827999, 9); + MD4SETP(F2, b, c, d, a, in[15] + 0x5a827999, 13); + + MD4SETP(F3, a, b, c, d, in[ 0] + 0x6ed9eba1, 3); + MD4SETP(F3, d, a, b, c, in[ 8] + 0x6ed9eba1, 9); + MD4SETP(F3, c, d, a, b, in[ 4] + 0x6ed9eba1, 11); + MD4SETP(F3, b, c, d, a, in[12] + 0x6ed9eba1, 15); + MD4SETP(F3, a, b, c, d, in[ 2] + 0x6ed9eba1, 3); + MD4SETP(F3, d, a, b, c, in[10] + 0x6ed9eba1, 9); + MD4SETP(F3, c, d, a, b, in[ 6] + 0x6ed9eba1, 11); + MD4SETP(F3, b, c, d, a, in[14] + 0x6ed9eba1, 15); + MD4SETP(F3, a, b, c, d, in[ 1] + 0x6ed9eba1, 3); + MD4SETP(F3, d, a, b, c, in[ 9] + 0x6ed9eba1, 9); + MD4SETP(F3, c, d, a, b, in[ 5] + 0x6ed9eba1, 11); + MD4SETP(F3, b, c, d, a, in[13] + 0x6ed9eba1, 15); + MD4SETP(F3, a, b, c, d, in[ 3] + 0x6ed9eba1, 3); + MD4SETP(F3, d, a, b, c, in[11] + 0x6ed9eba1, 9); + MD4SETP(F3, c, d, a, b, in[ 7] + 0x6ed9eba1, 11); + MD4SETP(F3, b, c, d, a, in[15] + 0x6ed9eba1, 15); + + state[0] += a; + state[1] += b; + state[2] += c; + state[3] += d; +} diff --git a/components/wpa_supplicant/src/crypto/ms_funcs.c b/components/wpa_supplicant/src/crypto/ms_funcs.c new file mode 100644 index 0000000000..9fc671298f --- /dev/null +++ b/components/wpa_supplicant/src/crypto/ms_funcs.c @@ -0,0 +1,528 @@ +/* + * WPA Supplicant / shared MSCHAPV2 helper functions / RFC 2433 / RFC 2759 + * Copyright (c) 2004-2012, Jouni Malinen + * + * This software may be distributed under the terms of the BSD license. + * See README for more details. + */ + + +#include "wpa/includes.h" + +#include "wpa/common.h" +#include "crypto/sha1.h" +#include "crypto/ms_funcs.h" +#include "crypto/crypto.h" + +/** + * utf8_to_ucs2 - Convert UTF-8 string to UCS-2 encoding + * @utf8_string: UTF-8 string (IN) + * @utf8_string_len: Length of utf8_string (IN) + * @ucs2_buffer: UCS-2 buffer (OUT) + * @ucs2_buffer_size: Length of UCS-2 buffer (IN) + * @ucs2_string_size: Number of 2-byte words in the resulting UCS-2 string + * Returns: 0 on success, -1 on failure + */ +static int utf8_to_ucs2(const u8 *utf8_string, size_t utf8_string_len, + u8 *ucs2_buffer, size_t ucs2_buffer_size, + size_t *ucs2_string_size) +{ + size_t i, j; + + for (i = 0, j = 0; i < utf8_string_len; i++) { + u8 c = utf8_string[i]; + if (j >= ucs2_buffer_size) { + /* input too long */ + return -1; + } + if (c <= 0x7F) { + WPA_PUT_LE16(ucs2_buffer + j, c); + j += 2; + } else if (i == utf8_string_len - 1 || + j >= ucs2_buffer_size - 1) { + /* incomplete surrogate */ + return -1; + } else { + u8 c2 = utf8_string[++i]; + if ((c & 0xE0) == 0xC0) { + /* two-byte encoding */ + WPA_PUT_LE16(ucs2_buffer + j, + ((c & 0x1F) << 6) | (c2 & 0x3F)); + j += 2; + } else if (i == utf8_string_len || + j >= ucs2_buffer_size - 1) { + /* incomplete surrogate */ + return -1; + } else { + /* three-byte encoding */ + u8 c3 = utf8_string[++i]; + WPA_PUT_LE16(ucs2_buffer + j, + ((c & 0xF) << 12) | + ((c2 & 0x3F) << 6) | (c3 & 0x3F)); + } + } + } + + if (ucs2_string_size) + *ucs2_string_size = j / 2; + return 0; +} + + +/** + * challenge_hash - ChallengeHash() - RFC 2759, Sect. 8.2 + * @peer_challenge: 16-octet PeerChallenge (IN) + * @auth_challenge: 16-octet AuthenticatorChallenge (IN) + * @username: 0-to-256-char UserName (IN) + * @username_len: Length of username + * @challenge: 8-octet Challenge (OUT) + * Returns: 0 on success, -1 on failure + */ +static int challenge_hash(const u8 *peer_challenge, const u8 *auth_challenge, + const u8 *username, size_t username_len, + u8 *challenge) +{ + u8 hash[SHA1_MAC_LEN]; + const unsigned char *addr[3]; + size_t len[3]; + + addr[0] = peer_challenge; + len[0] = 16; + addr[1] = auth_challenge; + len[1] = 16; + addr[2] = username; + len[2] = username_len; + + if (sha1_vector(3, addr, len, hash)) + return -1; + os_memcpy(challenge, hash, 8); + return 0; +} + + +/** + * nt_password_hash - NtPasswordHash() - RFC 2759, Sect. 8.3 + * @password: 0-to-256-unicode-char Password (IN; UTF-8) + * @password_len: Length of password + * @password_hash: 16-octet PasswordHash (OUT) + * Returns: 0 on success, -1 on failure + */ +int nt_password_hash(const u8 *password, size_t password_len, + u8 *password_hash) +{ + u8 buf[512], *pos; + size_t len, max_len; + + max_len = sizeof(buf); + if (utf8_to_ucs2(password, password_len, buf, max_len, &len) < 0) + return -1; + + len *= 2; + pos = buf; + return md4_vector(1, (const u8 **) &pos, &len, password_hash); +} + + +/** + * hash_nt_password_hash - HashNtPasswordHash() - RFC 2759, Sect. 8.4 + * @password_hash: 16-octet PasswordHash (IN) + * @password_hash_hash: 16-octet PasswordHashHash (OUT) + * Returns: 0 on success, -1 on failure + */ +int hash_nt_password_hash(const u8 *password_hash, u8 *password_hash_hash) +{ + size_t len = 16; + return md4_vector(1, &password_hash, &len, password_hash_hash); +} + + +/** + * challenge_response - ChallengeResponse() - RFC 2759, Sect. 8.5 + * @challenge: 8-octet Challenge (IN) + * @password_hash: 16-octet PasswordHash (IN) + * @response: 24-octet Response (OUT) + */ +void challenge_response(const u8 *challenge, const u8 *password_hash, + u8 *response) +{ + u8 zpwd[7]; + des_encrypt(challenge, password_hash, response); + des_encrypt(challenge, password_hash + 7, response + 8); + zpwd[0] = password_hash[14]; + zpwd[1] = password_hash[15]; + os_memset(zpwd + 2, 0, 5); + des_encrypt(challenge, zpwd, response + 16); +} + + +/** + * generate_nt_response - GenerateNTResponse() - RFC 2759, Sect. 8.1 + * @auth_challenge: 16-octet AuthenticatorChallenge (IN) + * @peer_challenge: 16-octet PeerChallenge (IN) + * @username: 0-to-256-char UserName (IN) + * @username_len: Length of username + * @password: 0-to-256-unicode-char Password (IN; UTF-8) + * @password_len: Length of password + * @response: 24-octet Response (OUT) + * Returns: 0 on success, -1 on failure + */ +int generate_nt_response(const u8 *auth_challenge, const u8 *peer_challenge, + const u8 *username, size_t username_len, + const u8 *password, size_t password_len, + u8 *response) +{ + u8 challenge[8]; + u8 password_hash[16]; + + if (challenge_hash(peer_challenge, auth_challenge, username, + username_len, challenge)) + return -1; + if (nt_password_hash(password, password_len, password_hash)) + return -1; + challenge_response(challenge, password_hash, response); + return 0; +} + + +/** + * generate_nt_response_pwhash - GenerateNTResponse() - RFC 2759, Sect. 8.1 + * @auth_challenge: 16-octet AuthenticatorChallenge (IN) + * @peer_challenge: 16-octet PeerChallenge (IN) + * @username: 0-to-256-char UserName (IN) + * @username_len: Length of username + * @password_hash: 16-octet PasswordHash (IN) + * @response: 24-octet Response (OUT) + * Returns: 0 on success, -1 on failure + */ +int generate_nt_response_pwhash(const u8 *auth_challenge, + const u8 *peer_challenge, + const u8 *username, size_t username_len, + const u8 *password_hash, + u8 *response) +{ + u8 challenge[8]; + + if (challenge_hash(peer_challenge, auth_challenge, + username, username_len, + challenge)) + return -1; + challenge_response(challenge, password_hash, response); + return 0; +} + + +/** + * generate_authenticator_response_pwhash - GenerateAuthenticatorResponse() - RFC 2759, Sect. 8.7 + * @password_hash: 16-octet PasswordHash (IN) + * @nt_response: 24-octet NT-Response (IN) + * @peer_challenge: 16-octet PeerChallenge (IN) + * @auth_challenge: 16-octet AuthenticatorChallenge (IN) + * @username: 0-to-256-char UserName (IN) + * @username_len: Length of username + * @response: 20-octet AuthenticatorResponse (OUT) (note: this value is usually + * encoded as a 42-octet ASCII string (S=hexdump_of_response) + * Returns: 0 on success, -1 on failure + */ +int generate_authenticator_response_pwhash( + const u8 *password_hash, + const u8 *peer_challenge, const u8 *auth_challenge, + const u8 *username, size_t username_len, + const u8 *nt_response, u8 *response) +{ + static const u8 magic1[39] = { + 0x4D, 0x61, 0x67, 0x69, 0x63, 0x20, 0x73, 0x65, 0x72, 0x76, + 0x65, 0x72, 0x20, 0x74, 0x6F, 0x20, 0x63, 0x6C, 0x69, 0x65, + 0x6E, 0x74, 0x20, 0x73, 0x69, 0x67, 0x6E, 0x69, 0x6E, 0x67, + 0x20, 0x63, 0x6F, 0x6E, 0x73, 0x74, 0x61, 0x6E, 0x74 + }; + static const u8 magic2[41] = { + 0x50, 0x61, 0x64, 0x20, 0x74, 0x6F, 0x20, 0x6D, 0x61, 0x6B, + 0x65, 0x20, 0x69, 0x74, 0x20, 0x64, 0x6F, 0x20, 0x6D, 0x6F, + 0x72, 0x65, 0x20, 0x74, 0x68, 0x61, 0x6E, 0x20, 0x6F, 0x6E, + 0x65, 0x20, 0x69, 0x74, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6F, + 0x6E + }; + + u8 password_hash_hash[16], challenge[8]; + const unsigned char *addr1[3]; + const size_t len1[3] = { 16, 24, sizeof(magic1) }; + const unsigned char *addr2[3]; + const size_t len2[3] = { SHA1_MAC_LEN, 8, sizeof(magic2) }; + + addr1[0] = password_hash_hash; + addr1[1] = nt_response; + addr1[2] = magic1; + + addr2[0] = response; + addr2[1] = challenge; + addr2[2] = magic2; + + if (hash_nt_password_hash(password_hash, password_hash_hash)) + return -1; + if (sha1_vector(3, addr1, len1, response)) + return -1; + + if (challenge_hash(peer_challenge, auth_challenge, username, + username_len, challenge)) + return -1; + return sha1_vector(3, addr2, len2, response); +} + + +/** + * generate_authenticator_response - GenerateAuthenticatorResponse() - RFC 2759, Sect. 8.7 + * @password: 0-to-256-unicode-char Password (IN; UTF-8) + * @password_len: Length of password + * @nt_response: 24-octet NT-Response (IN) + * @peer_challenge: 16-octet PeerChallenge (IN) + * @auth_challenge: 16-octet AuthenticatorChallenge (IN) + * @username: 0-to-256-char UserName (IN) + * @username_len: Length of username + * @response: 20-octet AuthenticatorResponse (OUT) (note: this value is usually + * encoded as a 42-octet ASCII string (S=hexdump_of_response) + * Returns: 0 on success, -1 on failure + */ +int generate_authenticator_response(const u8 *password, size_t password_len, + const u8 *peer_challenge, + const u8 *auth_challenge, + const u8 *username, size_t username_len, + const u8 *nt_response, u8 *response) +{ + u8 password_hash[16]; + if (nt_password_hash(password, password_len, password_hash)) + return -1; + return generate_authenticator_response_pwhash( + password_hash, peer_challenge, auth_challenge, + username, username_len, nt_response, response); +} + + +/** + * nt_challenge_response - NtChallengeResponse() - RFC 2433, Sect. A.5 + * @challenge: 8-octet Challenge (IN) + * @password: 0-to-256-unicode-char Password (IN; UTF-8) + * @password_len: Length of password + * @response: 24-octet Response (OUT) + * Returns: 0 on success, -1 on failure + */ +int nt_challenge_response(const u8 *challenge, const u8 *password, + size_t password_len, u8 *response) +{ + u8 password_hash[16]; + if (nt_password_hash(password, password_len, password_hash)) + return -1; + challenge_response(challenge, password_hash, response); + return 0; +} + + +/** + * get_master_key - GetMasterKey() - RFC 3079, Sect. 3.4 + * @password_hash_hash: 16-octet PasswordHashHash (IN) + * @nt_response: 24-octet NTResponse (IN) + * @master_key: 16-octet MasterKey (OUT) + * Returns: 0 on success, -1 on failure + */ +int get_master_key(const u8 *password_hash_hash, const u8 *nt_response, + u8 *master_key) +{ + static const u8 magic1[27] = { + 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74, + 0x68, 0x65, 0x20, 0x4d, 0x50, 0x50, 0x45, 0x20, 0x4d, + 0x61, 0x73, 0x74, 0x65, 0x72, 0x20, 0x4b, 0x65, 0x79 + }; + const unsigned char *addr[3]; + const size_t len[3] = { 16, 24, sizeof(magic1) }; + u8 hash[SHA1_MAC_LEN]; + + addr[0] = password_hash_hash; + addr[1] = nt_response; + addr[2] = magic1; + + if (sha1_vector(3, addr, len, hash)) + return -1; + os_memcpy(master_key, hash, 16); + return 0; +} + + +/** + * get_asymetric_start_key - GetAsymetricStartKey() - RFC 3079, Sect. 3.4 + * @master_key: 16-octet MasterKey (IN) + * @session_key: 8-to-16 octet SessionKey (OUT) + * @session_key_len: SessionKeyLength (Length of session_key) (IN) + * @is_send: IsSend (IN, BOOLEAN) + * @is_server: IsServer (IN, BOOLEAN) + * Returns: 0 on success, -1 on failure + */ +int get_asymetric_start_key(const u8 *master_key, u8 *session_key, + size_t session_key_len, int is_send, + int is_server) +{ + static const u8 magic2[84] = { + 0x4f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x69, + 0x65, 0x6e, 0x74, 0x20, 0x73, 0x69, 0x64, 0x65, 0x2c, 0x20, + 0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68, + 0x65, 0x20, 0x73, 0x65, 0x6e, 0x64, 0x20, 0x6b, 0x65, 0x79, + 0x3b, 0x20, 0x6f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x73, + 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x73, 0x69, 0x64, 0x65, + 0x2c, 0x20, 0x69, 0x74, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68, + 0x65, 0x20, 0x72, 0x65, 0x63, 0x65, 0x69, 0x76, 0x65, 0x20, + 0x6b, 0x65, 0x79, 0x2e + }; + static const u8 magic3[84] = { + 0x4f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x69, + 0x65, 0x6e, 0x74, 0x20, 0x73, 0x69, 0x64, 0x65, 0x2c, 0x20, + 0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68, + 0x65, 0x20, 0x72, 0x65, 0x63, 0x65, 0x69, 0x76, 0x65, 0x20, + 0x6b, 0x65, 0x79, 0x3b, 0x20, 0x6f, 0x6e, 0x20, 0x74, 0x68, + 0x65, 0x20, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x73, + 0x69, 0x64, 0x65, 0x2c, 0x20, 0x69, 0x74, 0x20, 0x69, 0x73, + 0x20, 0x74, 0x68, 0x65, 0x20, 0x73, 0x65, 0x6e, 0x64, 0x20, + 0x6b, 0x65, 0x79, 0x2e + }; + static const u8 shs_pad1[40] = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 + }; + + static const u8 shs_pad2[40] = { + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2 + }; + u8 digest[SHA1_MAC_LEN]; + const unsigned char *addr[4]; + const size_t len[4] = { 16, 40, 84, 40 }; + + addr[0] = master_key; + addr[1] = shs_pad1; + if (is_send) { + addr[2] = is_server ? magic3 : magic2; + } else { + addr[2] = is_server ? magic2 : magic3; + } + addr[3] = shs_pad2; + + if (sha1_vector(4, addr, len, digest)) + return -1; + + if (session_key_len > SHA1_MAC_LEN) + session_key_len = SHA1_MAC_LEN; + os_memcpy(session_key, digest, session_key_len); + return 0; +} + + +#define PWBLOCK_LEN 516 + +/** + * encrypt_pw_block_with_password_hash - EncryptPwBlockWithPasswordHash() - RFC 2759, Sect. 8.10 + * @password: 0-to-256-unicode-char Password (IN; UTF-8) + * @password_len: Length of password + * @password_hash: 16-octet PasswordHash (IN) + * @pw_block: 516-byte PwBlock (OUT) + * Returns: 0 on success, -1 on failure + */ +int encrypt_pw_block_with_password_hash( + const u8 *password, size_t password_len, + const u8 *password_hash, u8 *pw_block) +{ + size_t ucs2_len, offset; + u8 *pos; + + os_memset(pw_block, 0, PWBLOCK_LEN); + + if (utf8_to_ucs2(password, password_len, pw_block, 512, &ucs2_len) < 0) + return -1; + + if (ucs2_len > 256) + return -1; + + offset = (256 - ucs2_len) * 2; + if (offset != 0) { + os_memmove(pw_block + offset, pw_block, ucs2_len * 2); + if (os_get_random(pw_block, offset) < 0) + return -1; + } + /* + * PasswordLength is 4 octets, but since the maximum password length is + * 256, only first two (in little endian byte order) can be non-zero. + */ + pos = &pw_block[2 * 256]; + WPA_PUT_LE16(pos, password_len * 2); + rc4_skip(password_hash, 16, 0, pw_block, PWBLOCK_LEN); + return 0; +} + + +/** + * new_password_encrypted_with_old_nt_password_hash - NewPasswordEncryptedWithOldNtPasswordHash() - RFC 2759, Sect. 8.9 + * @new_password: 0-to-256-unicode-char NewPassword (IN; UTF-8) + * @new_password_len: Length of new_password + * @old_password: 0-to-256-unicode-char OldPassword (IN; UTF-8) + * @old_password_len: Length of old_password + * @encrypted_pw_block: 516-octet EncryptedPwBlock (OUT) + * Returns: 0 on success, -1 on failure + */ +int new_password_encrypted_with_old_nt_password_hash( + const u8 *new_password, size_t new_password_len, + const u8 *old_password, size_t old_password_len, + u8 *encrypted_pw_block) +{ + u8 password_hash[16]; + + if (nt_password_hash(old_password, old_password_len, password_hash)) + return -1; + if (encrypt_pw_block_with_password_hash(new_password, new_password_len, + password_hash, + encrypted_pw_block)) + return -1; + return 0; +} + + +/** + * nt_password_hash_encrypted_with_block - NtPasswordHashEncryptedWithBlock() - RFC 2759, Sect 8.13 + * @password_hash: 16-octer PasswordHash (IN) + * @block: 16-octet Block (IN) + * @cypher: 16-octer Cypher (OUT) + */ +void nt_password_hash_encrypted_with_block(const u8 *password_hash, + const u8 *block, u8 *cypher) +{ + des_encrypt(password_hash, block, cypher); + des_encrypt(password_hash + 8, block + 7, cypher + 8); +} + + +/** + * old_nt_password_hash_encrypted_with_new_nt_password_hash - OldNtPasswordHashEncryptedWithNewNtPasswordHash() - RFC 2759, Sect. 8.12 + * @new_password: 0-to-256-unicode-char NewPassword (IN; UTF-8) + * @new_password_len: Length of new_password + * @old_password: 0-to-256-unicode-char OldPassword (IN; UTF-8) + * @old_password_len: Length of old_password + * @encrypted_password_hash: 16-octet EncryptedPasswordHash (OUT) + * Returns: 0 on success, -1 on failure + */ +int old_nt_password_hash_encrypted_with_new_nt_password_hash( + const u8 *new_password, size_t new_password_len, + const u8 *old_password, size_t old_password_len, + u8 *encrypted_password_hash) +{ + u8 old_password_hash[16], new_password_hash[16]; + + if (nt_password_hash(old_password, old_password_len, + old_password_hash) || + nt_password_hash(new_password, new_password_len, + new_password_hash)) + return -1; + nt_password_hash_encrypted_with_block(old_password_hash, + new_password_hash, + encrypted_password_hash); + return 0; +} + From a485af0e2d4015f2fbd80e66415070e0dce57807 Mon Sep 17 00:00:00 2001 From: Xia Xiao Tian Date: Mon, 21 Nov 2016 14:17:52 +0800 Subject: [PATCH 02/10] wpa2: change "station to sta" in wpa2 API --- components/esp32/include/esp_wpa2.h | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/components/esp32/include/esp_wpa2.h b/components/esp32/include/esp_wpa2.h index d60513a3b9..fb76ac7729 100644 --- a/components/esp32/include/esp_wpa2.h +++ b/components/esp32/include/esp_wpa2.h @@ -20,7 +20,7 @@ extern "C" { * @return 0: succeed -1: fail */ -esp_err_t esp_wifi_station_set_wpa2_enterprise_auth(int enable); +esp_err_t esp_wifi_sta_set_wpa2_enterprise_auth(int enable); /** * @brief Set username for PEAP/TTLS method. @@ -32,7 +32,7 @@ esp_err_t esp_wifi_station_set_wpa2_enterprise_auth(int enable); * -1: fail(len <= 0 or len >= 128) * -2: fail(internal memory malloc fail) */ -esp_err_t esp_wifi_station_set_enterprise_username(unsigned char *username, int len); +esp_err_t esp_wifi_sta_set_enterprise_username(unsigned char *username, int len); /** * @brief Set password for PEAP/TTLS method.. @@ -44,7 +44,7 @@ esp_err_t esp_wifi_station_set_enterprise_username(unsigned char *username, int * -1: fail(len <= 0) * -2: fail(internal memory malloc fail) */ -esp_err_t esp_wifi_station_set_enterprise_password(unsigned char *password, int len); +esp_err_t esp_wifi_sta_set_enterprise_password(unsigned char *password, int len); /** * @brief Set CA certificate for PEAP/TTLS method. @@ -54,7 +54,7 @@ esp_err_t esp_wifi_station_set_enterprise_password(unsigned char *password, int * * @return 0: succeed */ -esp_err_t esp_wifi_station_set_enterprise_ca_cert(unsigned char *ca_cert, int len); +esp_err_t esp_wifi_sta_set_enterprise_ca_cert(unsigned char *ca_cert, int len); /** * @brief Clear username for PEAP/TTLS method. @@ -63,7 +63,7 @@ esp_err_t esp_wifi_station_set_enterprise_ca_cert(unsigned char *ca_cert, int le * * @return null */ -void esp_wifi_station_clear_enterprise_username(void); +void esp_wifi_sta_clear_enterprise_username(void); /** * @brief Clear password for PEAP/TTLS method.. @@ -72,7 +72,7 @@ void esp_wifi_station_clear_enterprise_username(void); * * @return null */ -void esp_wifi_station_clear_enterprise_password(void); +void esp_wifi_sta_clear_enterprise_password(void); /** * @brief Clear CA certificate for PEAP/TTLS method. @@ -81,7 +81,7 @@ void esp_wifi_station_clear_enterprise_password(void); * * @return null */ -void esp_wifi_station_clear_enterprise_ca_cert(void); +void esp_wifi_sta_clear_enterprise_ca_cert(void); /** * @brief Set client certificate and key. @@ -95,7 +95,7 @@ void esp_wifi_station_clear_enterprise_ca_cert(void); * * @return 0: succeed */ -esp_err_t esp_wifi_station_set_enterprise_cert_key(unsigned char *client_cert, int client_cert_len, unsigned char *private_key, int private_key_len, unsigned char *private_key_passwd, int private_key_passwd_len); +esp_err_t esp_wifi_sta_set_enterprise_cert_key(unsigned char *client_cert, int client_cert_len, unsigned char *private_key, int private_key_len, unsigned char *private_key_passwd, int private_key_passwd_len); /** * @brief Clear client certificate and key. @@ -104,7 +104,7 @@ esp_err_t esp_wifi_station_set_enterprise_cert_key(unsigned char *client_cert, i * * @return null */ -void esp_wifi_station_clear_enterprise_cert_key(void); +void esp_wifi_sta_clear_enterprise_cert_key(void); #ifdef __cplusplus } From f7fb8b264f60e74950b80ec365b690a2dbcca12f Mon Sep 17 00:00:00 2001 From: Xia Xiaotian Date: Wed, 23 Nov 2016 15:29:01 +0800 Subject: [PATCH 03/10] wpa2 enterprise: update wpa2 enterprise APIs --- components/esp32/include/esp_wpa2.h | 122 ++++++++++++++++++++-------- 1 file changed, 87 insertions(+), 35 deletions(-) diff --git a/components/esp32/include/esp_wpa2.h b/components/esp32/include/esp_wpa2.h index fb76ac7729..31031b1978 100644 --- a/components/esp32/include/esp_wpa2.h +++ b/components/esp32/include/esp_wpa2.h @@ -8,19 +8,29 @@ extern "C" { #endif /** - * @brief Set wpa2 enterprise authentication. + * @brief Enable wpa2 enterprise authentication. * - * @attention wpa2 enterprise authentication can only be used when ESP8266 station is enabled. - * wpa2 enterprise authentication can only support PEAP-MSCHAPv2 and TTLS-MSCHAPv2 method. + * @attention wpa2 enterprise authentication can only be used when ESP32 station is enabled. + * wpa2 enterprise authentication can only support TLS, PEAP-MSCHAPv2 and TTLS-MSCHAPv2 method. * - * @param enable - * - 1: enable wpa2 enterprise authentication; - * - 0: disable wpa2 enterprise authentication + * @param null * - * @return 0: succeed - -1: fail + * @return ESP_ERR_WIFI_OK: succeed. + * ESP_ERR_WIFI_NO_MEM: fail(internal memory malloc fail) */ -esp_err_t esp_wifi_sta_set_wpa2_enterprise_auth(int enable); +esp_err_t esp_wifi_sta_wpa2_enterprise_enable(void); + +/** + * @brief Disable wpa2 enterprise authentication. + * + * @attention wpa2 enterprise authentication can only be used when ESP32 station is enabled. + * wpa2 enterprise authentication can only support TLS, PEAP-MSCHAPv2 and TTLS-MSCHAPv2 method. + * + * @param null + * + * @return ESP_ERR_WIFI_OK: succeed. + */ +esp_err_t esp_wifi_sta_wpa2_enterprise_disable(void); /** * @brief Set username for PEAP/TTLS method. @@ -28,34 +38,12 @@ esp_err_t esp_wifi_sta_set_wpa2_enterprise_auth(int enable); * @param username: point to address where stores the username; * len: length of username, limited to 1~127 * - * @return 0: succeed - * -1: fail(len <= 0 or len >= 128) - * -2: fail(internal memory malloc fail) + * @return ESP_ERR_WIFI_OK: succeed + * ESP_ERR_WIFI_ARG: fail(len <= 0 or len >= 128) + * ESP_ERR_WIFI_NO_MEM: fail(internal memory malloc fail) */ esp_err_t esp_wifi_sta_set_enterprise_username(unsigned char *username, int len); -/** - * @brief Set password for PEAP/TTLS method.. - * - * @param password: point to address where stores the password; - * len: length of password - * - * @return 0: succeed - * -1: fail(len <= 0) - * -2: fail(internal memory malloc fail) - */ -esp_err_t esp_wifi_sta_set_enterprise_password(unsigned char *password, int len); - -/** - * @brief Set CA certificate for PEAP/TTLS method. - * - * @param ca_cert: point to address where stores the CA certificate; - * len: length of ca_cert - * - * @return 0: succeed - */ -esp_err_t esp_wifi_sta_set_enterprise_ca_cert(unsigned char *ca_cert, int len); - /** * @brief Clear username for PEAP/TTLS method. * @@ -65,6 +53,19 @@ esp_err_t esp_wifi_sta_set_enterprise_ca_cert(unsigned char *ca_cert, int len); */ void esp_wifi_sta_clear_enterprise_username(void); +/** + * @brief Set password for PEAP/TTLS method.. + * + * @param password: point to address where stores the password; + * len: length of password + * + * @return ESP_ERR_WIFI_OK: succeed + * ESP_ERR_WIFI_ARG: fail(len <= 0) + * ESP_ERR_WIFI_NO_MEM: fail(internal memory malloc fail) + */ + +esp_err_t esp_wifi_sta_set_enterprise_password(unsigned char *password, int len); + /** * @brief Clear password for PEAP/TTLS method.. * @@ -74,6 +75,38 @@ void esp_wifi_sta_clear_enterprise_username(void); */ void esp_wifi_sta_clear_enterprise_password(void); +/** + * @brief Set new password for PEAP/TTLS method.. + * + * @param password: point to address where stores the password; + * len: length of password + * + * @return ESP_ERR_WIFI_OK: succeed + * ESP_ERR_WIFI_ARG: fail(len <= 0) + * ESP_ERR_WIFI_NO_MEM: fail(internal memory malloc fail) + */ + +esp_err_t esp_wifi_sta_set_enterprise_new_password(unsigned char *password, int len); + +/** + * @brief Clear new password for PEAP/TTLS method.. + * + * @param null + * + * @return null + */ +void esp_wifi_sta_clear_enterprise_new_password(void); + +/** + * @brief Set CA certificate for PEAP/TTLS method. + * + * @param ca_cert: point to address where stores the CA certificate; + * len: length of ca_cert + * + * @return ESP_ERR_WIFI_OK: succeed + */ +esp_err_t esp_wifi_sta_set_enterprise_ca_cert(unsigned char *ca_cert, int len); + /** * @brief Clear CA certificate for PEAP/TTLS method. * @@ -93,7 +126,7 @@ void esp_wifi_sta_clear_enterprise_ca_cert(void); * private_key_password: point to address where stores the private key password; * private_key_password_len: length of private key password; * - * @return 0: succeed + * @return ESP_ERR_WIFI_OK: succeed */ esp_err_t esp_wifi_sta_set_enterprise_cert_key(unsigned char *client_cert, int client_cert_len, unsigned char *private_key, int private_key_len, unsigned char *private_key_passwd, int private_key_passwd_len); @@ -106,6 +139,25 @@ esp_err_t esp_wifi_sta_set_enterprise_cert_key(unsigned char *client_cert, int c */ void esp_wifi_sta_clear_enterprise_cert_key(void); +/** + * @brief Set wpa2 enterprise certs time check(disable or not). + * + * @param true: disable wpa2 enterprise certs time check + * false: enable wpa2 enterprise certs time check + * + * @return ESP_ERR_WIFI_OK: succeed + */ +esp_err_t esp_wifi_sta_set_enterprise_disable_time_check(bool disable); + +/** + * @brief Get wpa2 enterprise certs time check(disable or not). + * + * @param disable: store disable value + * + * @return ESP_ERR_WIFI_OK: succeed + */ +esp_err_t esp_wifi_sta_get_enterprise_disable_time_check(bool *disable); + #ifdef __cplusplus } #endif From 4ea18083f7bf1aeda2601b277935194972d07023 Mon Sep 17 00:00:00 2001 From: Xia Xiaotian Date: Thu, 24 Nov 2016 19:46:37 +0800 Subject: [PATCH 04/10] wpa2 enterprise: add wifi lib --- components/esp32/lib | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/components/esp32/lib b/components/esp32/lib index aa74ce2761..28e2c94055 160000 --- a/components/esp32/lib +++ b/components/esp32/lib @@ -1 +1 @@ -Subproject commit aa74ce27618c931fef8bdbdb683f80f4b364ba53 +Subproject commit 28e2c9405570e1ca5935501f2c05d44d16a17d6a From 1cdd082a9e14916d751a175c632587f84ede2f53 Mon Sep 17 00:00:00 2001 From: Xia Xiaotian Date: Thu, 24 Nov 2016 20:41:44 +0800 Subject: [PATCH 05/10] wpa2 enterprise: update wifi lib in master branch --- components/esp32/include/esp_wpa2.h | 15 ++++++++++++++- components/esp32/lib | 2 +- 2 files changed, 15 insertions(+), 2 deletions(-) diff --git a/components/esp32/include/esp_wpa2.h b/components/esp32/include/esp_wpa2.h index 31031b1978..12b50fba44 100644 --- a/components/esp32/include/esp_wpa2.h +++ b/components/esp32/include/esp_wpa2.h @@ -1,3 +1,17 @@ +// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at + +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + #ifndef ESP_WPA2_H #define ESP_WPA2_H @@ -63,7 +77,6 @@ void esp_wifi_sta_clear_enterprise_username(void); * ESP_ERR_WIFI_ARG: fail(len <= 0) * ESP_ERR_WIFI_NO_MEM: fail(internal memory malloc fail) */ - esp_err_t esp_wifi_sta_set_enterprise_password(unsigned char *password, int len); /** diff --git a/components/esp32/lib b/components/esp32/lib index 28e2c94055..6cc03db27a 160000 --- a/components/esp32/lib +++ b/components/esp32/lib @@ -1 +1 @@ -Subproject commit 28e2c9405570e1ca5935501f2c05d44d16a17d6a +Subproject commit 6cc03db27a4ee7842d3549f0c262a6401e8ab1af From 340b14f0b79d2ca7c3eea162211ada1e4a90465c Mon Sep 17 00:00:00 2001 From: Liu Zhi Fu Date: Thu, 24 Nov 2016 21:37:46 +0800 Subject: [PATCH 06/10] esp32: update wifi lib to contain bt/wifi coexist code --- components/esp32/lib | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/components/esp32/lib b/components/esp32/lib index 6cc03db27a..60ae2940df 160000 --- a/components/esp32/lib +++ b/components/esp32/lib @@ -1 +1 @@ -Subproject commit 6cc03db27a4ee7842d3549f0c262a6401e8ab1af +Subproject commit 60ae2940dfdca8c8279128bee8bf7716356d864b From 0dbc11e37d13feeac8682be89095f21a5d468831 Mon Sep 17 00:00:00 2001 From: Xia Xiaotian Date: Fri, 25 Nov 2016 11:03:33 +0800 Subject: [PATCH 07/10] wpa2 enterprise: update wpa2 enterprise API comments --- components/esp32/include/esp_wpa2.h | 47 +++++++++++------------------ 1 file changed, 18 insertions(+), 29 deletions(-) diff --git a/components/esp32/include/esp_wpa2.h b/components/esp32/include/esp_wpa2.h index 12b50fba44..9967f801c2 100644 --- a/components/esp32/include/esp_wpa2.h +++ b/components/esp32/include/esp_wpa2.h @@ -27,8 +27,6 @@ extern "C" { * @attention wpa2 enterprise authentication can only be used when ESP32 station is enabled. * wpa2 enterprise authentication can only support TLS, PEAP-MSCHAPv2 and TTLS-MSCHAPv2 method. * - * @param null - * * @return ESP_ERR_WIFI_OK: succeed. * ESP_ERR_WIFI_NO_MEM: fail(internal memory malloc fail) */ @@ -40,8 +38,6 @@ esp_err_t esp_wifi_sta_wpa2_enterprise_enable(void); * @attention wpa2 enterprise authentication can only be used when ESP32 station is enabled. * wpa2 enterprise authentication can only support TLS, PEAP-MSCHAPv2 and TTLS-MSCHAPv2 method. * - * @param null - * * @return ESP_ERR_WIFI_OK: succeed. */ esp_err_t esp_wifi_sta_wpa2_enterprise_disable(void); @@ -49,6 +45,8 @@ esp_err_t esp_wifi_sta_wpa2_enterprise_disable(void); /** * @brief Set username for PEAP/TTLS method. * + * @attention The API only passes the parameter username to the global pointer variable in wpa2 enterprise module. + * * @param username: point to address where stores the username; * len: length of username, limited to 1~127 * @@ -60,18 +58,16 @@ esp_err_t esp_wifi_sta_set_enterprise_username(unsigned char *username, int len) /** * @brief Clear username for PEAP/TTLS method. - * - * @param null - * - * @return null */ void esp_wifi_sta_clear_enterprise_username(void); /** * @brief Set password for PEAP/TTLS method.. * + * @attention The API only passes the parameter password to the global pointer variable in wpa2 enterprise module. + * * @param password: point to address where stores the password; - * len: length of password + * len: length of password(len > 0) * * @return ESP_ERR_WIFI_OK: succeed * ESP_ERR_WIFI_ARG: fail(len <= 0) @@ -81,15 +77,14 @@ esp_err_t esp_wifi_sta_set_enterprise_password(unsigned char *password, int len) /** * @brief Clear password for PEAP/TTLS method.. - * - * @param null - * - * @return null */ void esp_wifi_sta_clear_enterprise_password(void); /** - * @brief Set new password for PEAP/TTLS method.. + * @brief Set new password for MSCHAPv2 method.. + * + * @attention The API only passes the parameter password to the global pointer variable in wpa2 enterprise module. + * The new password is used to substitute the old password when eap-mschapv2 failure request message with error code ERROR_PASSWD_EXPIRED is received. * * @param password: point to address where stores the password; * len: length of password @@ -102,17 +97,16 @@ void esp_wifi_sta_clear_enterprise_password(void); esp_err_t esp_wifi_sta_set_enterprise_new_password(unsigned char *password, int len); /** - * @brief Clear new password for PEAP/TTLS method.. - * - * @param null - * - * @return null + * @brief Clear new password for MSCHAPv2 method.. */ void esp_wifi_sta_clear_enterprise_new_password(void); /** * @brief Set CA certificate for PEAP/TTLS method. * + * @attention The API only passes the parameter ca_cert to the global pointer variable in wpa2 enterprise module. + * The ca_cert should be zero terminated. + * * @param ca_cert: point to address where stores the CA certificate; * len: length of ca_cert * @@ -122,16 +116,15 @@ esp_err_t esp_wifi_sta_set_enterprise_ca_cert(unsigned char *ca_cert, int len); /** * @brief Clear CA certificate for PEAP/TTLS method. - * - * @param null - * - * @return null */ void esp_wifi_sta_clear_enterprise_ca_cert(void); /** * @brief Set client certificate and key. * + * @attention The API only passes the parameter client_cert, private_key and private_key_passwd to the global pointer variable in wpa2 enterprise module. + * The client_cert, private_key and private_key_passwd should be zero terminated. + * * @param client_cert: point to address where stores the client certificate; * client_cert_len: length of client certificate; * private_key: point to address where stores the private key; @@ -145,10 +138,6 @@ esp_err_t esp_wifi_sta_set_enterprise_cert_key(unsigned char *client_cert, int c /** * @brief Clear client certificate and key. - * - * @param null - * - * @return null */ void esp_wifi_sta_clear_enterprise_cert_key(void); @@ -158,7 +147,7 @@ void esp_wifi_sta_clear_enterprise_cert_key(void); * @param true: disable wpa2 enterprise certs time check * false: enable wpa2 enterprise certs time check * - * @return ESP_ERR_WIFI_OK: succeed + * @return ESP_OK: succeed */ esp_err_t esp_wifi_sta_set_enterprise_disable_time_check(bool disable); @@ -167,7 +156,7 @@ esp_err_t esp_wifi_sta_set_enterprise_disable_time_check(bool disable); * * @param disable: store disable value * - * @return ESP_ERR_WIFI_OK: succeed + * @return ESP_OK: succeed */ esp_err_t esp_wifi_sta_get_enterprise_disable_time_check(bool *disable); From 1818af1c3ec96dfcffc026486eec317d69800087 Mon Sep 17 00:00:00 2001 From: Xia Xiaotian Date: Fri, 25 Nov 2016 12:03:58 +0800 Subject: [PATCH 08/10] wpa2 enterprise: update wifi lib and add wpa2_printf --- components/esp32/lib | 2 +- components/esp32/lib_printf.c | 9 +++++++++ 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/components/esp32/lib b/components/esp32/lib index 60ae2940df..1ef5197246 160000 --- a/components/esp32/lib +++ b/components/esp32/lib @@ -1 +1 @@ -Subproject commit 60ae2940dfdca8c8279128bee8bf7716356d864b +Subproject commit 1ef5197246db363681ca78c1e3edc2d2cca92bbe diff --git a/components/esp32/lib_printf.c b/components/esp32/lib_printf.c index 135faa4f9c..a2aff4cf56 100644 --- a/components/esp32/lib_printf.c +++ b/components/esp32/lib_printf.c @@ -78,6 +78,15 @@ int wpa_printf(const char* format, ...) return res; } +int wpa2_printf(const char* format, ...) +{ + va_list arg; + va_start(arg, format); + int res = lib_printf("wpa2", format, arg); + va_end(arg); + return res; +} + int wps_printf(const char* format, ...) { va_list arg; From 73f4e8b2afa9c6e827734c8c7a7b182079ab9eec Mon Sep 17 00:00:00 2001 From: Xia Xiaotian Date: Fri, 25 Nov 2016 16:56:09 +0800 Subject: [PATCH 09/10] wpa2 enterprise: change the type macro to platform default macro ESP_PLATFORM. --- components/wpa_supplicant/component.mk | 2 +- components/wpa_supplicant/include/wpa/common.h | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/components/wpa_supplicant/component.mk b/components/wpa_supplicant/component.mk index 7d52655011..daac5ca70e 100644 --- a/components/wpa_supplicant/component.mk +++ b/components/wpa_supplicant/component.mk @@ -1,4 +1,4 @@ COMPONENT_ADD_INCLUDEDIRS := include port/include COMPONENT_SRCDIRS := src/crypto port -CFLAGS += -DEMBEDDED_SUPP -D__ets__ -Wno-strict-aliasing -D__ESP32_SUPP_TYPE__ +CFLAGS += -DEMBEDDED_SUPP -D__ets__ -Wno-strict-aliasing diff --git a/components/wpa_supplicant/include/wpa/common.h b/components/wpa_supplicant/include/wpa/common.h index 05868cc258..2e6012f868 100644 --- a/components/wpa_supplicant/include/wpa/common.h +++ b/components/wpa_supplicant/include/wpa/common.h @@ -20,7 +20,7 @@ #include "os.h" /* Define platform specific variable type macros */ -#if defined(__ESP32_SUPP_TYPE__) +#if defined(ESP_PLATFORM) #include typedef uint64_t u64; typedef uint32_t u32; @@ -30,7 +30,7 @@ typedef int64_t s64; typedef int32_t s32; typedef int16_t s16; typedef int8_t s8; -#endif /*__ESP32_SUPP_TYPE__*/ +#endif /*ESP_PLATFORM*/ #if defined(__XTENSA__) #include From 6e3b7f4ea217eb74e9aa137535f92e7aeaab2502 Mon Sep 17 00:00:00 2001 From: Xia Xiaotian Date: Fri, 25 Nov 2016 18:08:21 +0800 Subject: [PATCH 10/10] wpa2 enterprise: change wpa2 enterprise APIs to esp_wifi_sta_wpa2_ent_XXX --- components/esp32/include/esp_wpa2.h | 28 ++++++++++++++-------------- components/esp32/lib | 2 +- 2 files changed, 15 insertions(+), 15 deletions(-) diff --git a/components/esp32/include/esp_wpa2.h b/components/esp32/include/esp_wpa2.h index 9967f801c2..6d88c9a127 100644 --- a/components/esp32/include/esp_wpa2.h +++ b/components/esp32/include/esp_wpa2.h @@ -30,7 +30,7 @@ extern "C" { * @return ESP_ERR_WIFI_OK: succeed. * ESP_ERR_WIFI_NO_MEM: fail(internal memory malloc fail) */ -esp_err_t esp_wifi_sta_wpa2_enterprise_enable(void); +esp_err_t esp_wifi_sta_wpa2_ent_enable(void); /** * @brief Disable wpa2 enterprise authentication. @@ -40,7 +40,7 @@ esp_err_t esp_wifi_sta_wpa2_enterprise_enable(void); * * @return ESP_ERR_WIFI_OK: succeed. */ -esp_err_t esp_wifi_sta_wpa2_enterprise_disable(void); +esp_err_t esp_wifi_sta_wpa2_ent_disable(void); /** * @brief Set username for PEAP/TTLS method. @@ -54,12 +54,12 @@ esp_err_t esp_wifi_sta_wpa2_enterprise_disable(void); * ESP_ERR_WIFI_ARG: fail(len <= 0 or len >= 128) * ESP_ERR_WIFI_NO_MEM: fail(internal memory malloc fail) */ -esp_err_t esp_wifi_sta_set_enterprise_username(unsigned char *username, int len); +esp_err_t esp_wifi_sta_wpa2_ent_set_username(unsigned char *username, int len); /** * @brief Clear username for PEAP/TTLS method. */ -void esp_wifi_sta_clear_enterprise_username(void); +void esp_wifi_sta_wpa2_ent_clear_username(void); /** * @brief Set password for PEAP/TTLS method.. @@ -73,12 +73,12 @@ void esp_wifi_sta_clear_enterprise_username(void); * ESP_ERR_WIFI_ARG: fail(len <= 0) * ESP_ERR_WIFI_NO_MEM: fail(internal memory malloc fail) */ -esp_err_t esp_wifi_sta_set_enterprise_password(unsigned char *password, int len); +esp_err_t esp_wifi_sta_wpa2_ent_set_password(unsigned char *password, int len); /** * @brief Clear password for PEAP/TTLS method.. */ -void esp_wifi_sta_clear_enterprise_password(void); +void esp_wifi_sta_wpa2_ent_clear_password(void); /** * @brief Set new password for MSCHAPv2 method.. @@ -94,12 +94,12 @@ void esp_wifi_sta_clear_enterprise_password(void); * ESP_ERR_WIFI_NO_MEM: fail(internal memory malloc fail) */ -esp_err_t esp_wifi_sta_set_enterprise_new_password(unsigned char *password, int len); +esp_err_t esp_wifi_sta_wpa2_ent_set_new_password(unsigned char *password, int len); /** * @brief Clear new password for MSCHAPv2 method.. */ -void esp_wifi_sta_clear_enterprise_new_password(void); +void esp_wifi_sta_wpa2_ent_clear_new_password(void); /** * @brief Set CA certificate for PEAP/TTLS method. @@ -112,12 +112,12 @@ void esp_wifi_sta_clear_enterprise_new_password(void); * * @return ESP_ERR_WIFI_OK: succeed */ -esp_err_t esp_wifi_sta_set_enterprise_ca_cert(unsigned char *ca_cert, int len); +esp_err_t esp_wifi_sta_wpa2_ent_set_ca_cert(unsigned char *ca_cert, int len); /** * @brief Clear CA certificate for PEAP/TTLS method. */ -void esp_wifi_sta_clear_enterprise_ca_cert(void); +void esp_wifi_sta_wpa2_ent_clear_ca_cert(void); /** * @brief Set client certificate and key. @@ -134,12 +134,12 @@ void esp_wifi_sta_clear_enterprise_ca_cert(void); * * @return ESP_ERR_WIFI_OK: succeed */ -esp_err_t esp_wifi_sta_set_enterprise_cert_key(unsigned char *client_cert, int client_cert_len, unsigned char *private_key, int private_key_len, unsigned char *private_key_passwd, int private_key_passwd_len); +esp_err_t esp_wifi_sta_wpa2_ent_set_cert_key(unsigned char *client_cert, int client_cert_len, unsigned char *private_key, int private_key_len, unsigned char *private_key_passwd, int private_key_passwd_len); /** * @brief Clear client certificate and key. */ -void esp_wifi_sta_clear_enterprise_cert_key(void); +void esp_wifi_sta_wpa2_ent_clear_cert_key(void); /** * @brief Set wpa2 enterprise certs time check(disable or not). @@ -149,7 +149,7 @@ void esp_wifi_sta_clear_enterprise_cert_key(void); * * @return ESP_OK: succeed */ -esp_err_t esp_wifi_sta_set_enterprise_disable_time_check(bool disable); +esp_err_t esp_wifi_sta_wpa2_ent_set_disable_time_check(bool disable); /** * @brief Get wpa2 enterprise certs time check(disable or not). @@ -158,7 +158,7 @@ esp_err_t esp_wifi_sta_set_enterprise_disable_time_check(bool disable); * * @return ESP_OK: succeed */ -esp_err_t esp_wifi_sta_get_enterprise_disable_time_check(bool *disable); +esp_err_t esp_wifi_sta_wpa2_ent_get_disable_time_check(bool *disable); #ifdef __cplusplus } diff --git a/components/esp32/lib b/components/esp32/lib index 1ef5197246..c0804cdc87 160000 --- a/components/esp32/lib +++ b/components/esp32/lib @@ -1 +1 @@ -Subproject commit 1ef5197246db363681ca78c1e3edc2d2cca92bbe +Subproject commit c0804cdc879a17774258785093be4369db79c9c4