mbedtls-3.1 update: Removed the MBEDTLS_PRIVATE from multiple files

after they have been again made public in mbedtls-3.1

*Added `MBEDTLS_ALLOW_PRIVATE_ACCESS` in some files.
This commit is contained in:
Aditya Patwardhan 2022-01-05 10:00:35 +05:30
parent 6a164cc5bc
commit 60b167f2d6
13 changed files with 2165 additions and 81 deletions

File diff suppressed because it is too large Load Diff

View File

@ -1,5 +1,5 @@
/*
* SPDX-FileCopyrightText: 2019-2021 Espressif Systems (Shanghai) CO LTD
* SPDX-FileCopyrightText: 2019-2022 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
@ -74,7 +74,7 @@ esp_err_t esp_create_mbedtls_handle(const char *hostname, size_t hostlen, const
assert(tls != NULL);
int ret;
esp_err_t esp_ret = ESP_FAIL;
tls->server_fd.MBEDTLS_PRIVATE(fd) = tls->sockfd;
tls->server_fd.fd = tls->sockfd;
mbedtls_ssl_init(&tls->ssl);
mbedtls_ctr_drbg_init(&tls->ctr_drbg);
mbedtls_ssl_config_init(&tls->conf);
@ -251,7 +251,7 @@ void esp_mbedtls_conn_delete(esp_tls_t *tls)
esp_mbedtls_cleanup(tls);
if (tls->is_tls) {
mbedtls_net_free(&tls->server_fd);
tls->sockfd = tls->server_fd.MBEDTLS_PRIVATE(fd);
tls->sockfd = tls->server_fd.fd;
}
}
}

View File

@ -1,18 +1,8 @@
// Copyright 2018-2019 Espressif Systems (Shanghai) PTE LTD
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
/*
* SPDX-FileCopyrightText: 2018-2022 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
#include <string.h>
#include <esp_system.h>
#include "esp_crt_bundle.h"
@ -53,28 +43,28 @@ static int esp_crt_check_signature(mbedtls_x509_crt *child, const uint8_t *pub_k
mbedtls_x509_crt_init(&parent);
if ( (ret = mbedtls_pk_parse_public_key(&parent.MBEDTLS_PRIVATE(pk), pub_key_buf, pub_key_len) ) != 0) {
if ( (ret = mbedtls_pk_parse_public_key(&parent.pk, pub_key_buf, pub_key_len) ) != 0) {
ESP_LOGE(TAG, "PK parse failed with error %X", ret);
goto cleanup;
}
// Fast check to avoid expensive computations when not necessary
if (!mbedtls_pk_can_do(&parent.MBEDTLS_PRIVATE(pk), child->MBEDTLS_PRIVATE(sig_pk))) {
if (!mbedtls_pk_can_do(&parent.pk, child->MBEDTLS_PRIVATE(sig_pk))) {
ESP_LOGE(TAG, "Simple compare failed");
ret = -1;
goto cleanup;
}
md_info = mbedtls_md_info_from_type(child->MBEDTLS_PRIVATE(sig_md));
if ( (ret = mbedtls_md( md_info, child->MBEDTLS_PRIVATE(tbs).MBEDTLS_PRIVATE(p), child->MBEDTLS_PRIVATE(tbs).MBEDTLS_PRIVATE(len), hash )) != 0 ) {
if ( (ret = mbedtls_md( md_info, child->tbs.p, child->tbs.len, hash )) != 0 ) {
ESP_LOGE(TAG, "Internal mbedTLS error %X", ret);
goto cleanup;
}
if ( (ret = mbedtls_pk_verify_ext( child->MBEDTLS_PRIVATE(sig_pk), child->MBEDTLS_PRIVATE(sig_opts), &parent.MBEDTLS_PRIVATE(pk),
if ( (ret = mbedtls_pk_verify_ext( child->MBEDTLS_PRIVATE(sig_pk), child->MBEDTLS_PRIVATE(sig_opts), &parent.pk,
child->MBEDTLS_PRIVATE(sig_md), hash, mbedtls_md_get_size( md_info ),
child->MBEDTLS_PRIVATE(sig).MBEDTLS_PRIVATE(p), child->MBEDTLS_PRIVATE(sig).MBEDTLS_PRIVATE(len) )) != 0 ) {
child->MBEDTLS_PRIVATE(sig).p, child->MBEDTLS_PRIVATE(sig).len )) != 0 ) {
ESP_LOGE(TAG, "PK verify failed with error %X", ret);
goto cleanup;
@ -125,7 +115,7 @@ int esp_crt_verify_callback(void *buf, mbedtls_x509_crt *crt, int depth, uint32_
name_len = s_crt_bundle.crts[middle][0] << 8 | s_crt_bundle.crts[middle][1];
crt_name = s_crt_bundle.crts[middle] + CRT_HEADER_OFFSET;
int cmp_res = memcmp(child->MBEDTLS_PRIVATE(issuer_raw).MBEDTLS_PRIVATE(p), crt_name, name_len );
int cmp_res = memcmp(child->issuer_raw.p, crt_name, name_len );
if (cmp_res == 0) {
crt_found = true;
break;

View File

@ -9,6 +9,13 @@
#include <stddef.h>
#include <string.h>
/* ToDo - Remove this once appropriate solution is available.
We need to define this for the file as ssl_misc.h uses private structures from mbedtls,
which are undefined if the following flag is not defined */
/* Many APIs in the file make use of this flag instead of `MBEDTLS_PRIVATE` */
/* ToDo - Replace them with proper getter-setter once they are added */
#define MBEDTLS_ALLOW_PRIVATE_ACCESS
#include "mbedtls/ssl.h"
#include "ssl_misc.h" // located at mbedtls/library/ssl_misc.h
#include "mbedtls/platform.h"

View File

@ -62,7 +62,7 @@ static int net_prepare( void )
*/
void mbedtls_net_init( mbedtls_net_context *ctx )
{
ctx->MBEDTLS_PRIVATE(fd) = -1;
ctx->fd = -1;
}
/*
@ -98,7 +98,7 @@ int mbedtls_net_connect( mbedtls_net_context *ctx, const char *host, const char
}
if ( connect( fd, cur->ai_addr, cur->ai_addrlen ) == 0 ) {
ctx->MBEDTLS_PRIVATE(fd) = fd; // connected!
ctx->fd = fd; // connected!
ret = 0;
break;
}
@ -175,7 +175,7 @@ int mbedtls_net_bind( mbedtls_net_context *ctx, const char *bind_ip, const char
}
/* I we ever get there, it's a success */
ctx->MBEDTLS_PRIVATE(fd) = fd;
ctx->fd = fd;
ret = 0;
break;
}
@ -224,7 +224,7 @@ int mbedtls_net_accept( mbedtls_net_context *bind_ctx,
socklen_t type_len = (socklen_t) sizeof( type );
/* Is this a TCP or UDP socket? */
if ( getsockopt( bind_ctx->MBEDTLS_PRIVATE(fd), SOL_SOCKET, SO_TYPE,
if ( getsockopt( bind_ctx->fd, SOL_SOCKET, SO_TYPE,
(void *) &type, (socklen_t *) &type_len ) != 0 ||
( type != SOCK_STREAM && type != SOCK_DGRAM ) ) {
return ( MBEDTLS_ERR_NET_ACCEPT_FAILED );
@ -232,13 +232,13 @@ int mbedtls_net_accept( mbedtls_net_context *bind_ctx,
if ( type == SOCK_STREAM ) {
/* TCP: actual accept() */
ret = client_ctx->MBEDTLS_PRIVATE(fd) = (int) accept( bind_ctx->MBEDTLS_PRIVATE(fd),
ret = client_ctx->fd = (int) accept( bind_ctx->fd,
(struct sockaddr *) &client_addr, &n );
} else {
/* UDP: wait for a message, but keep it in the queue */
char buf[1] = { 0 };
ret = recvfrom( bind_ctx->MBEDTLS_PRIVATE(fd), buf, sizeof( buf ), MSG_PEEK,
ret = recvfrom( bind_ctx->fd, buf, sizeof( buf ), MSG_PEEK,
(struct sockaddr *) &client_addr, &n );
}
@ -257,24 +257,24 @@ int mbedtls_net_accept( mbedtls_net_context *bind_ctx,
struct sockaddr_in local_addr;
int one = 1;
if ( connect( bind_ctx->MBEDTLS_PRIVATE(fd), (struct sockaddr *) &client_addr, n ) != 0 ) {
if ( connect( bind_ctx->fd, (struct sockaddr *) &client_addr, n ) != 0 ) {
return ( MBEDTLS_ERR_NET_ACCEPT_FAILED );
}
client_ctx->MBEDTLS_PRIVATE(fd) = bind_ctx->MBEDTLS_PRIVATE(fd);
bind_ctx->MBEDTLS_PRIVATE(fd) = -1; /* In case we exit early */
client_ctx->fd = bind_ctx->fd;
bind_ctx->fd = -1; /* In case we exit early */
n = sizeof( struct sockaddr_in );
if ( getsockname( client_ctx->MBEDTLS_PRIVATE(fd),
if ( getsockname( client_ctx->fd,
(struct sockaddr *) &local_addr, &n ) != 0 ||
( bind_ctx->MBEDTLS_PRIVATE(fd) = (int) socket( AF_INET,
( bind_ctx->fd = (int) socket( AF_INET,
SOCK_DGRAM, IPPROTO_UDP ) ) < 0 ||
setsockopt( bind_ctx->MBEDTLS_PRIVATE(fd), SOL_SOCKET, SO_REUSEADDR,
setsockopt( bind_ctx->fd, SOL_SOCKET, SO_REUSEADDR,
(const char *) &one, sizeof( one ) ) != 0 ) {
return ( MBEDTLS_ERR_NET_SOCKET_FAILED );
}
if ( bind( bind_ctx->MBEDTLS_PRIVATE(fd), (struct sockaddr *) &local_addr, n ) != 0 ) {
if ( bind( bind_ctx->fd, (struct sockaddr *) &local_addr, n ) != 0 ) {
return ( MBEDTLS_ERR_NET_BIND_FAILED );
}
}
@ -298,12 +298,12 @@ int mbedtls_net_accept( mbedtls_net_context *bind_ctx,
*/
int mbedtls_net_set_block( mbedtls_net_context *ctx )
{
return ( fcntl( ctx->MBEDTLS_PRIVATE(fd), F_SETFL, fcntl( ctx->MBEDTLS_PRIVATE(fd), F_GETFL, 0 ) & ~O_NONBLOCK ) );
return ( fcntl( ctx->fd, F_SETFL, fcntl( ctx->fd, F_GETFL, 0 ) & ~O_NONBLOCK ) );
}
int mbedtls_net_set_nonblock( mbedtls_net_context *ctx )
{
return ( fcntl( ctx->MBEDTLS_PRIVATE(fd), F_SETFL, fcntl( ctx->MBEDTLS_PRIVATE(fd), F_GETFL, 0 ) | O_NONBLOCK ) );
return ( fcntl( ctx->fd, F_SETFL, fcntl( ctx->fd, F_GETFL, 0 ) | O_NONBLOCK ) );
}
/*
@ -323,7 +323,7 @@ void mbedtls_net_usleep( unsigned long usec )
int mbedtls_net_recv( void *ctx, unsigned char *buf, size_t len )
{
int ret;
int fd = ((mbedtls_net_context *) ctx)->MBEDTLS_PRIVATE(fd);
int fd = ((mbedtls_net_context *) ctx)->fd;
if ( fd < 0 ) {
return ( MBEDTLS_ERR_NET_INVALID_CONTEXT );
@ -359,7 +359,7 @@ int mbedtls_net_recv_timeout( void *ctx, unsigned char *buf, size_t len,
int ret;
struct timeval tv;
fd_set read_fds;
int fd = ((mbedtls_net_context *) ctx)->MBEDTLS_PRIVATE(fd);
int fd = ((mbedtls_net_context *) ctx)->fd;
if ( fd < 0 ) {
return ( MBEDTLS_ERR_NET_INVALID_CONTEXT );
@ -396,7 +396,7 @@ int mbedtls_net_recv_timeout( void *ctx, unsigned char *buf, size_t len,
int mbedtls_net_send( void *ctx, const unsigned char *buf, size_t len )
{
int ret;
int fd = ((mbedtls_net_context *) ctx)->MBEDTLS_PRIVATE(fd);
int fd = ((mbedtls_net_context *) ctx)->fd;
if ( fd < 0 ) {
return ( MBEDTLS_ERR_NET_INVALID_CONTEXT );
@ -428,14 +428,14 @@ int mbedtls_net_send( void *ctx, const unsigned char *buf, size_t len )
*/
void mbedtls_net_free( mbedtls_net_context *ctx )
{
if ( ctx->MBEDTLS_PRIVATE(fd) == -1 ) {
if ( ctx->fd == -1) {
return;
}
shutdown( ctx->MBEDTLS_PRIVATE(fd), 2 );
close( ctx->MBEDTLS_PRIVATE(fd) );
shutdown( ctx->fd, 2);
close(ctx->fd);
ctx->MBEDTLS_PRIVATE(fd) = -1;
ctx->fd = -1;
}
#endif /* MBEDTLS_NET_C */

View File

@ -3,7 +3,7 @@
* Focus on testing functionality where we use ESP32 hardware
* accelerated crypto features.
*
* SPDX-FileCopyrightText: 2021 Espressif Systems (Shanghai) CO LTD
* SPDX-FileCopyrightText: 2021-2022 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
@ -12,6 +12,13 @@
#include <stdbool.h>
#include <esp_system.h>
/* ToDo - Remove this once appropriate solution is available.
We need to define this for the file as ssl_misc.h uses private structures from mbedtls,
which are undefined if the following flag is not defined */
/* Many APIs in the file make use of this flag instead of `MBEDTLS_PRIVATE` */
/* ToDo - Replace them with proper getter-setter once they are added */
#define MBEDTLS_ALLOW_PRIVATE_ACCESS
#include <mbedtls/entropy.h>
#include <mbedtls/ctr_drbg.h>
#include <mbedtls/ecdh.h>
@ -36,9 +43,9 @@ TEST_CASE("mbedtls ECDH Generate Key", "[mbedtls]")
mbedtls_entropy_init(&entropy);
TEST_ASSERT_MBEDTLS_OK( mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, NULL, 0) );
TEST_ASSERT_MBEDTLS_OK( mbedtls_ecp_group_load(&ctx.MBEDTLS_PRIVATE(grp), MBEDTLS_ECP_DP_CURVE25519) );
TEST_ASSERT_MBEDTLS_OK( mbedtls_ecp_group_load(&ctx.ctx.mbed_ecdh.grp, MBEDTLS_ECP_DP_CURVE25519) );
TEST_ASSERT_MBEDTLS_OK( mbedtls_ecdh_gen_public(&ctx.MBEDTLS_PRIVATE(grp), &ctx.MBEDTLS_PRIVATE(d), &ctx.MBEDTLS_PRIVATE(Q),
TEST_ASSERT_MBEDTLS_OK( mbedtls_ecdh_gen_public(&ctx.ctx.mbed_ecdh.grp, &ctx.ctx.mbed_ecdh.d, &ctx.ctx.mbed_ecdh.Q,
mbedtls_ctr_drbg_random, &ctr_drbg ) );
mbedtls_ecdh_free(&ctx);
@ -70,7 +77,7 @@ TEST_CASE("mbedtls ECP mul w/ koblitz", "[mbedtls]")
mbedtls_ctr_drbg_random, &ctxRandom) );
TEST_ASSERT_MBEDTLS_OK(mbedtls_ecp_mul(&ctxECDSA.MBEDTLS_PRIVATE(grp), &ctxECDSA.MBEDTLS_PRIVATE(Q), &ctxECDSA.MBEDTLS_PRIVATE(d), &ctxECDSA.MBEDTLS_PRIVATE(grp).G,
TEST_ASSERT_MBEDTLS_OK(mbedtls_ecp_mul(&ctxECDSA.grp, &ctxECDSA.Q, &ctxECDSA.d, &ctxECDSA.grp.G,
mbedtls_ctr_drbg_random, &ctxRandom) );
mbedtls_ecdsa_free(&ctxECDSA);

View File

@ -3,7 +3,7 @@
* Focus on testing functionality where we use ESP32 hardware
* accelerated crypto features
*
* SPDX-FileCopyrightText: 2021 Espressif Systems (Shanghai) CO LTD
* SPDX-FileCopyrightText: 2021-2022 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
@ -361,7 +361,7 @@ static void test_cert(const char *cert, const uint8_t *expected_output, size_t o
strlen(cert)+1),
"parse cert");
rsa = mbedtls_pk_rsa(crt.MBEDTLS_PRIVATE(pk));
rsa = mbedtls_pk_rsa(crt.pk);
TEST_ASSERT_NOT_NULL(rsa);
res = mbedtls_rsa_check_pubkey(rsa);
@ -542,7 +542,7 @@ TEST_CASE("mbedtls RSA Generate Key", "[mbedtls][timeout=60]")
esp_task_wdt_add(xTaskGetIdleTaskHandleForCPU(0));
#endif //CONFIG_MBEDTLS_MPI_USE_INTERRUPT
mbedtls_rsa_init(&ctx, MBEDTLS_RSA_PKCS_V15, 0);
mbedtls_rsa_init(&ctx);
mbedtls_ctr_drbg_init(&ctr_drbg);
mbedtls_entropy_init(&entropy);

View File

@ -1,5 +1,5 @@
/*
* SPDX-FileCopyrightText: 2021 Espressif Systems (Shanghai) CO LTD
* SPDX-FileCopyrightText: 2021-2022 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
@ -10,6 +10,7 @@
#include <string.h>
#include <stdio.h>
#include <stdbool.h>
#include <string.h>
#include "mbedtls/sha256.h"
#include "unity.h"
#include "sdkconfig.h"

View File

@ -10,6 +10,13 @@
#include <esp_err.h>
#include <esp_log.h>
/* ToDo - Remove this once appropriate solution is available.
We need to define this for the file as ssl_misc.h uses private structures from mbedtls,
which are undefined if the following flag is not defined */
/* Many APIs in the file make use of this flag instead of `MBEDTLS_PRIVATE` */
/* ToDo - Replace them with proper getter-setter once they are added */
#define MBEDTLS_ALLOW_PRIVATE_ACCESS
#include <mbedtls/aes.h>
#include <mbedtls/sha256.h>
#include <mbedtls/entropy.h>
@ -18,6 +25,7 @@
#include <mbedtls/error.h>
#include <mbedtls/constant_time.h>
#include <mbedtls/library/ssl_misc.h>
#include <mbedtls/constant_time.h>
#include <protocomm_security.h>
#include <protocomm_security1.h>
@ -214,14 +222,14 @@ static esp_err_t handle_session_command0(session_t *cur_session,
goto exit_cmd0;
}
mbed_err = mbedtls_ecp_group_load(&ctx_server->MBEDTLS_PRIVATE(grp), MBEDTLS_ECP_DP_CURVE25519);
mbed_err = mbedtls_ecp_group_load(&ctx_server->ctx.mbed_ecdh.grp, MBEDTLS_ECP_DP_CURVE25519);
if (mbed_err != 0) {
ESP_LOGE(TAG, "Failed at mbedtls_ecp_group_load with error code : -0x%x", -mbed_err);
ret = ESP_FAIL;
goto exit_cmd0;
}
mbed_err = mbedtls_ecdh_gen_public(&ctx_server->MBEDTLS_PRIVATE(grp), &ctx_server->MBEDTLS_PRIVATE(d), &ctx_server->MBEDTLS_PRIVATE(Q),
mbed_err = mbedtls_ecdh_gen_public(&ctx_server->ctx.mbed_ecdh.grp, &ctx_server->ctx.mbed_ecdh.d, &ctx_server->ctx.mbed_ecdh.Q,
mbedtls_ctr_drbg_random, ctr_drbg);
if (mbed_err != 0) {
ESP_LOGE(TAG, "Failed at mbedtls_ecdh_gen_public with error code : -0x%x", -mbed_err);
@ -229,7 +237,7 @@ static esp_err_t handle_session_command0(session_t *cur_session,
goto exit_cmd0;
}
mbed_err = mbedtls_mpi_write_binary(&ctx_server->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(X),
mbed_err = mbedtls_mpi_write_binary(&ctx_server->ctx.mbed_ecdh.Q.X,
cur_session->device_pubkey,
PUBLIC_KEY_LEN);
if (mbed_err != 0) {
@ -246,7 +254,7 @@ static esp_err_t handle_session_command0(session_t *cur_session,
hexdump("Device pubkey", dev_pubkey, PUBLIC_KEY_LEN);
hexdump("Client pubkey", cli_pubkey, PUBLIC_KEY_LEN);
mbed_err = mbedtls_mpi_lset(&ctx_server->MBEDTLS_PRIVATE(Qp).MBEDTLS_PRIVATE(Z), 1);
mbed_err = mbedtls_mpi_lset(&ctx_server->ctx.mbed_ecdh.Qp.Z, 1);
if (mbed_err != 0) {
ESP_LOGE(TAG, "Failed at mbedtls_mpi_lset with error code : -0x%x", -mbed_err);
ret = ESP_FAIL;
@ -254,7 +262,7 @@ static esp_err_t handle_session_command0(session_t *cur_session,
}
flip_endian(cur_session->client_pubkey, PUBLIC_KEY_LEN);
mbed_err = mbedtls_mpi_read_binary(&ctx_server->MBEDTLS_PRIVATE(Qp).MBEDTLS_PRIVATE(X), cli_pubkey, PUBLIC_KEY_LEN);
mbed_err = mbedtls_mpi_read_binary(&ctx_server->ctx.mbed_ecdh.Qp.X, cli_pubkey, PUBLIC_KEY_LEN);
flip_endian(cur_session->client_pubkey, PUBLIC_KEY_LEN);
if (mbed_err != 0) {
ESP_LOGE(TAG, "Failed at mbedtls_mpi_read_binary with error code : -0x%x", -mbed_err);
@ -262,15 +270,15 @@ static esp_err_t handle_session_command0(session_t *cur_session,
goto exit_cmd0;
}
mbed_err = mbedtls_ecdh_compute_shared(&ctx_server->MBEDTLS_PRIVATE(grp), &ctx_server->MBEDTLS_PRIVATE(z), &ctx_server->MBEDTLS_PRIVATE(Qp),
&ctx_server->MBEDTLS_PRIVATE(d), mbedtls_ctr_drbg_random, ctr_drbg);
mbed_err = mbedtls_ecdh_compute_shared(&ctx_server->ctx.mbed_ecdh.grp, &ctx_server->ctx.mbed_ecdh.z, &ctx_server->ctx.mbed_ecdh.Qp,
&ctx_server->ctx.mbed_ecdh.d, mbedtls_ctr_drbg_random, ctr_drbg);
if (mbed_err != 0) {
ESP_LOGE(TAG, "Failed at mbedtls_ecdh_compute_shared with error code : -0x%x", -mbed_err);
ret = ESP_FAIL;
goto exit_cmd0;
}
mbed_err = mbedtls_mpi_write_binary(&ctx_server->MBEDTLS_PRIVATE(z), cur_session->sym_key, PUBLIC_KEY_LEN);
mbed_err = mbedtls_mpi_write_binary(&ctx_server->ctx.mbed_ecdh.z, cur_session->sym_key, PUBLIC_KEY_LEN);
if (mbed_err != 0) {
ESP_LOGE(TAG, "Failed at mbedtls_mpi_write_binary with error code : -0x%x", -mbed_err);
ret = ESP_FAIL;

View File

@ -14,6 +14,13 @@
#include <unistd.h>
#include <unity.h>
/* ToDo - Remove this once appropriate solution is available.
We need to define this for the file as ssl_misc.h uses private structures from mbedtls,
which are undefined if the following flag is not defined */
/* Many APIs in the file make use of this flag instead of `MBEDTLS_PRIVATE()` */
/* ToDo - Replace them with proper getter-setter once they are added */
#define MBEDTLS_ALLOW_PRIVATE_ACCESS
#include <mbedtls/aes.h>
#include <mbedtls/sha256.h>
#include <mbedtls/entropy.h>
@ -147,24 +154,24 @@ static esp_err_t verify_response0(session_t *session, SessionData *resp)
hexdump("Device pubkey", dev_pubkey, PUBLIC_KEY_LEN);
hexdump("Client pubkey", cli_pubkey, PUBLIC_KEY_LEN);
ret = mbedtls_mpi_lset(&session->ctx_client.MBEDTLS_PRIVATE(Qp).MBEDTLS_PRIVATE(Z), 1);
ret = mbedtls_mpi_lset(&session->ctx_client.ctx.mbed_ecdh.Qp.Z, 1);
if (ret != 0) {
ESP_LOGE(TAG, "Failed at mbedtls_mpi_lset with error code : %d", ret);
return ESP_FAIL;
}
flip_endian(session->device_pubkey, PUBLIC_KEY_LEN);
ret = mbedtls_mpi_read_binary(&session->ctx_client.MBEDTLS_PRIVATE(Qp).MBEDTLS_PRIVATE(X), dev_pubkey, PUBLIC_KEY_LEN);
ret = mbedtls_mpi_read_binary(&session->ctx_client.ctx.mbed_ecdh.Qp.X, dev_pubkey, PUBLIC_KEY_LEN);
flip_endian(session->device_pubkey, PUBLIC_KEY_LEN);
if (ret != 0) {
ESP_LOGE(TAG, "Failed at mbedtls_mpi_read_binary with error code : %d", ret);
return ESP_FAIL;
}
ret = mbedtls_ecdh_compute_shared(&session->ctx_client.MBEDTLS_PRIVATE(grp),
&session->ctx_client.MBEDTLS_PRIVATE(z),
&session->ctx_client.MBEDTLS_PRIVATE(Qp),
&session->ctx_client.MBEDTLS_PRIVATE(d),
ret = mbedtls_ecdh_compute_shared(&session->ctx_client.ctx.mbed_ecdh.grp,
&session->ctx_client.ctx.mbed_ecdh.z,
&session->ctx_client.ctx.mbed_ecdh.Qp,
&session->ctx_client.ctx.mbed_ecdh.d,
mbedtls_ctr_drbg_random,
&session->ctr_drbg);
if (ret != 0) {
@ -172,7 +179,7 @@ static esp_err_t verify_response0(session_t *session, SessionData *resp)
return ESP_FAIL;
}
ret = mbedtls_mpi_write_binary(&session->ctx_client.MBEDTLS_PRIVATE(z), session->sym_key, PUBLIC_KEY_LEN);
ret = mbedtls_mpi_write_binary(&session->ctx_client.ctx.mbed_ecdh.z, session->sym_key, PUBLIC_KEY_LEN);
if (ret != 0) {
ESP_LOGE(TAG, "Failed at mbedtls_mpi_write_binary with error code : %d", ret);
return ESP_FAIL;
@ -373,15 +380,15 @@ static esp_err_t test_sec_endpoint(session_t *session)
goto abort_test_sec_endpoint;
}
ret = mbedtls_ecp_group_load(&session->ctx_client.MBEDTLS_PRIVATE(grp), MBEDTLS_ECP_DP_CURVE25519);
ret = mbedtls_ecp_group_load(&session->ctx_client.ctx.mbed_ecdh.grp, MBEDTLS_ECP_DP_CURVE25519);
if (ret != 0) {
ESP_LOGE(TAG, "Failed at mbedtls_ecp_group_load with error code : %d", ret);
goto abort_test_sec_endpoint;
}
ret = mbedtls_ecdh_gen_public(&session->ctx_client.MBEDTLS_PRIVATE(grp),
&session->ctx_client.MBEDTLS_PRIVATE(d),
&session->ctx_client.MBEDTLS_PRIVATE(Q),
ret = mbedtls_ecdh_gen_public(&session->ctx_client.ctx.mbed_ecdh.grp,
&session->ctx_client.ctx.mbed_ecdh.d,
&session->ctx_client.ctx.mbed_ecdh.Q,
mbedtls_ctr_drbg_random,
&session->ctr_drbg);
if (ret != 0) {
@ -391,7 +398,7 @@ static esp_err_t test_sec_endpoint(session_t *session)
if (session->weak) {
/* Read zero client public key */
ret = mbedtls_mpi_read_binary(&session->ctx_client.MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(X),
ret = mbedtls_mpi_read_binary(&session->ctx_client.ctx.mbed_ecdh.Q.X,
session->client_pubkey,
PUBLIC_KEY_LEN);
if (ret != 0) {
@ -399,7 +406,7 @@ static esp_err_t test_sec_endpoint(session_t *session)
goto abort_test_sec_endpoint;
}
}
ret = mbedtls_mpi_write_binary(&session->ctx_client.MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(X),
ret = mbedtls_mpi_write_binary(&session->ctx_client.ctx.mbed_ecdh.Q.X,
session->client_pubkey,
PUBLIC_KEY_LEN);
if (ret != 0) {

View File

@ -125,7 +125,7 @@ struct crypto_ec_group *crypto_ec_get_group_byname(const char *name)
mbedtls_ecp_group_init( &e->group );
if (mbedtls_ecp_group_load(&e->group, curve->MBEDTLS_PRIVATE(grp_id))) {
if (mbedtls_ecp_group_load(&e->group, curve->grp_id)) {
crypto_ec_deinit(e);
e = NULL;
}

View File

@ -35,6 +35,8 @@ which are undefined if the following flag is not defined */
#define TLS_MASTER_SECRET_LEN 48
#define MAX_CIPHERSUITE 32
/* Throw a compilation error if basic requirements in mbedtls are not enabled */
#if !defined(MBEDTLS_SSL_TLS_C)
#error "TLS not enabled in mbedtls config"
@ -465,7 +467,7 @@ static void tls_set_ciphersuite(const struct tls_connection_params *cfg, tls_con
if (tls->ciphersuite[0]) {
mbedtls_ssl_conf_ciphersuites(&tls->conf, tls->ciphersuite);
} else if (mbedtls_pk_get_bitlen(&tls->clientkey) > 2048 ||
(tls->cacert_ptr && mbedtls_pk_get_bitlen(&tls->cacert_ptr->MBEDTLS_PRIVATE(pk)) > 2048)) {
(tls->cacert_ptr && mbedtls_pk_get_bitlen(&tls->cacert_ptr->pk) > 2048)) {
mbedtls_ssl_conf_ciphersuites(&tls->conf, eap_ciphersuite_preference);
}
}

View File

@ -1100,7 +1100,6 @@ components/mbedtls/port/aes/esp_aes_xts.c
components/mbedtls/port/crypto_shared_gdma/esp_crypto_shared_gdma.c
components/mbedtls/port/dynamic/esp_ssl_cli.c
components/mbedtls/port/dynamic/esp_ssl_srv.c
components/mbedtls/port/dynamic/esp_mbedtls_dynamic_impl.h
components/mbedtls/port/esp32/bignum.c
components/mbedtls/port/esp32c2/bignum.c
components/mbedtls/port/esp32c3/bignum.c
@ -1135,7 +1134,6 @@ components/mbedtls/port/include/sha1_alt.h
components/mbedtls/port/include/sha256_alt.h
components/mbedtls/port/include/sha512_alt.h
components/mbedtls/port/mbedtls_debug.c
components/mbedtls/port/net_sockets.c
components/mbedtls/port/sha/dma/esp_sha1.c
components/mbedtls/port/sha/dma/esp_sha256.c
components/mbedtls/port/sha/dma/esp_sha512.c
@ -1154,7 +1152,6 @@ components/mbedtls/test/test_apb_dport_access.c
components/mbedtls/test/test_apb_dport_access.h
components/mbedtls/test/test_mbedtls.c
components/mbedtls/test/test_mbedtls_mpi.c
components/mbedtls/test/test_rsa.c
components/mbedtls/test/test_mbedtls_sha.c
components/mbedtls/test/test_sha_perf.c
components/mdns/host_test/components/esp_event_mock/esp_event_mock.c
@ -1298,7 +1295,6 @@ components/protocomm/python/session_pb2.py
components/protocomm/src/common/protocomm.c
components/protocomm/src/common/protocomm_priv.h
components/protocomm/src/security/security0.c
components/protocomm/test/test_protocomm.c
components/protocomm/src/transports/protocomm_httpd.c
components/pthread/include/esp_pthread.h
components/pthread/pthread_cond_var.c