alex/esp-idf
alex/esp-idf
1
0
Fork 0
mirror of https://github.com/espressif/esp-idf.git synced 2024-10-05 20:47:46 -04:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

wpa_supplicant: MBEDTLS_PRIVATE & MBEDTLS_ALLOW_PRIVATE_ACCESS-related cleanup

Browse Source
This commit is contained in:
Laukik Hase 2022-09-14 14:55:17 +05:30
parent d35bb630ab
commit 82c5bdcb76
No known key found for this signature in database
GPG Key ID: 11C571361F51A199
4 changed files with 25 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
components/wpa_supplicant/esp_supplicant/src/crypto/crypto_mbedtls-ec.c
View File

@ -4,8 +4,6 @@
* SPDX-License-Identifier: Apache-2.0 * SPDX-License-Identifier: Apache-2.0
*/ */
#define MBEDTLS_ALLOW_PRIVATE_ACCESS
#ifdef ESP_PLATFORM #ifdef ESP_PLATFORM
#include "esp_system.h" #include "esp_system.h"
#include "mbedtls/bignum.h" #include "mbedtls/bignum.h"
@ -31,9 +29,9 @@
#define ECP_PRV_DER_MAX_BYTES 29 + 3 * MBEDTLS_ECP_MAX_BYTES #define ECP_PRV_DER_MAX_BYTES 29 + 3 * MBEDTLS_ECP_MAX_BYTES
#ifdef CONFIG_MBEDTLS_ECDH_LEGACY_CONTEXT #ifdef CONFIG_MBEDTLS_ECDH_LEGACY_CONTEXT
#define ACCESS_ECDH(S, var) S->var #define ACCESS_ECDH(S, var) S->MBEDTLS_PRIVATE(var)
#else #else
#define ACCESS_ECDH(S, var) S->ctx.mbed_ecdh.var #define ACCESS_ECDH(S, var) S->MBEDTLS_PRIVATE(ctx).MBEDTLS_PRIVATE(mbed_ecdh).MBEDTLS_PRIVATE(var)
#endif #endif
#ifdef CONFIG_ECC #ifdef CONFIG_ECC
@ -1053,7 +1051,7 @@ struct crypto_ecdh * crypto_ecdh_init(int group)
} }
mbedtls_ecdh_init(ctx); mbedtls_ecdh_init(ctx);
#ifndef CONFIG_MBEDTLS_ECDH_LEGACY_CONTEXT #ifndef CONFIG_MBEDTLS_ECDH_LEGACY_CONTEXT
ctx->var = MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0; ctx->MBEDTLS_PRIVATE(var) = MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0;
#endif #endif
if ((mbedtls_ecp_group_load(ACCESS_ECDH(&ctx, grp), crypto_mbedtls_get_grp_id(group))) != 0) { if ((mbedtls_ecp_group_load(ACCESS_ECDH(&ctx, grp), crypto_mbedtls_get_grp_id(group))) != 0) {
@ -1105,7 +1103,7 @@ struct wpabuf * crypto_ecdh_get_pubkey(struct crypto_ecdh *ecdh, int y)
} }
/* Export an MPI into unsigned big endian binary data of fixed size */ /* Export an MPI into unsigned big endian binary data of fixed size */
mbedtls_mpi_write_binary(ACCESS_ECDH(&ctx, Q).X, buf, prime_len); mbedtls_mpi_write_binary(ACCESS_ECDH(&ctx, Q).MBEDTLS_PRIVATE(X), buf, prime_len);
public_key = wpabuf_alloc_copy(buf, 32); public_key = wpabuf_alloc_copy(buf, 32);
os_free(buf); os_free(buf);
return public_key; return public_key;
@ -1179,9 +1177,9 @@ struct wpabuf * crypto_ecdh_set_peerkey(struct crypto_ecdh *ecdh, int inc_y,
/* Setup ECDH context from EC key */ /* Setup ECDH context from EC key */
/* Call to mbedtls_ecdh_get_params() will initialize the context when not LEGACY context */ /* Call to mbedtls_ecdh_get_params() will initialize the context when not LEGACY context */
if (ctx != NULL && peer != NULL) { if (ctx != NULL && peer != NULL) {
mbedtls_ecp_copy( ACCESS_ECDH(&ctx, Qp), &(mbedtls_pk_ec(*peer))->Q ); mbedtls_ecp_copy( ACCESS_ECDH(&ctx, Qp), &(mbedtls_pk_ec(*peer))->MBEDTLS_PRIVATE(Q) );
#ifndef CONFIG_MBEDTLS_ECDH_LEGACY_CONTEXT #ifndef CONFIG_MBEDTLS_ECDH_LEGACY_CONTEXT
ctx->var = MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0; ctx->MBEDTLS_PRIVATE(var) = MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0;
#endif #endif
} else { } else {
wpa_printf(MSG_ERROR, "Failed to set peer's ECDH context"); wpa_printf(MSG_ERROR, "Failed to set peer's ECDH context");

7
components/wpa_supplicant/esp_supplicant/src/crypto/crypto_mbedtls-rsa.c
View File

@ -217,7 +217,7 @@ int crypto_public_key_encrypt_pkcs1_v15(struct crypto_public_key *key,
wpa_printf(MSG_ERROR, " failed ! mbedtls_rsa_pkcs1_encrypt returned -0x%04x", -ret); wpa_printf(MSG_ERROR, " failed ! mbedtls_rsa_pkcs1_encrypt returned -0x%04x", -ret);
goto cleanup; goto cleanup;
} }
*outlen = mbedtls_pk_rsa(*pkey)->MBEDTLS_PRIVATE(len); *outlen = mbedtls_rsa_get_len(mbedtls_pk_rsa(*pkey));
cleanup: cleanup:
mbedtls_ctr_drbg_free( ctr_drbg ); mbedtls_ctr_drbg_free( ctr_drbg );
@ -256,7 +256,7 @@ int crypto_private_key_decrypt_pkcs1_v15(struct crypto_private_key *key,
if (ret < 0) if (ret < 0)
goto cleanup; goto cleanup;
i = mbedtls_pk_rsa(*pkey)->MBEDTLS_PRIVATE(len); i = mbedtls_rsa_get_len(mbedtls_pk_rsa(*pkey));
ret = mbedtls_rsa_rsaes_pkcs1_v15_decrypt(mbedtls_pk_rsa(*pkey), mbedtls_ctr_drbg_random, ret = mbedtls_rsa_rsaes_pkcs1_v15_decrypt(mbedtls_pk_rsa(*pkey), mbedtls_ctr_drbg_random,
ctr_drbg, &i, in, out, *outlen); ctr_drbg, &i, in, out, *outlen);
@ -301,7 +301,8 @@ int crypto_private_key_sign_pkcs1(struct crypto_private_key *key,
wpa_printf(MSG_ERROR, " failed ! mbedtls_rsa_pkcs1_sign returned %d", ret ); wpa_printf(MSG_ERROR, " failed ! mbedtls_rsa_pkcs1_sign returned %d", ret );
goto cleanup; goto cleanup;
} }
*outlen = mbedtls_pk_rsa(*pkey)->MBEDTLS_PRIVATE(len); *outlen = mbedtls_rsa_get_len(mbedtls_pk_rsa(*pkey));
cleanup: cleanup:
mbedtls_ctr_drbg_free( ctr_drbg ); mbedtls_ctr_drbg_free( ctr_drbg );
mbedtls_entropy_free( entropy ); mbedtls_entropy_free( entropy );

3
components/wpa_supplicant/esp_supplicant/src/crypto/crypto_mbedtls.c
View File

@ -220,7 +220,8 @@ int crypto_hash_finish(struct crypto_hash *crypto_ctx, u8 *mac, size_t *len)
if (mac == NULL || len == NULL) { if (mac == NULL || len == NULL) {
goto err; goto err;
} }
md_type = mbedtls_md_get_type(ctx->MBEDTLS_PRIVATE(md_info));
md_type = mbedtls_md_get_type(mbedtls_md_info_from_ctx(ctx));
switch(md_type) { switch(md_type) {
case MBEDTLS_MD_MD5: case MBEDTLS_MD_MD5:
if (*len < MD5_MAC_LEN) { if (*len < MD5_MAC_LEN) {

27
components/wpa_supplicant/esp_supplicant/src/crypto/tls_mbedtls.c
View File

@ -13,14 +13,17 @@
#include "crypto/sha256.h" #include "crypto/sha256.h"
#include "crypto/sha384.h" #include "crypto/sha384.h"
/* ToDo - Remove this once appropriate solution is available. /* TODO: Remove this once the appropriate solution is found
We need to define this for the file as ssl_misc.h uses private structures from mbedtls, *
which are undefined if the following flag is not defined */ * ssl_misc.h header uses private elements from
/* Many APIs in the file make use of this flag instead of `MBEDTLS_PRIVATE` */ * mbedtls, which become undefined if the following flag
/* ToDo - Replace them with proper getter-setter once they are added */ * is not defined
*/
#define MBEDTLS_ALLOW_PRIVATE_ACCESS #define MBEDTLS_ALLOW_PRIVATE_ACCESS
// located at mbedtls/library/ssl_misc.h
#include "ssl_misc.h" #include "ssl_misc.h"
#include "mbedtls/ctr_drbg.h" #include "mbedtls/ctr_drbg.h"
#include "mbedtls/entropy.h" #include "mbedtls/entropy.h"
#include "mbedtls/debug.h" #include "mbedtls/debug.h"
@ -659,11 +662,7 @@ int tls_connection_established(void *tls_ctx, struct tls_connection *conn)
{ {
mbedtls_ssl_context *ssl = &conn->tls->ssl; mbedtls_ssl_context *ssl = &conn->tls->ssl;
if (ssl->MBEDTLS_PRIVATE(state) == MBEDTLS_SSL_HANDSHAKE_OVER) { return mbedtls_ssl_is_handshake_over(ssl);
return 1;
}
return 0;
} }
int tls_global_set_verify(void *tls_ctx, int check_crl, int strict) int tls_global_set_verify(void *tls_ctx, int check_crl, int strict)
@ -696,13 +695,13 @@ struct wpabuf * tls_connection_handshake(void *tls_ctx,
} }
/* Multiple reads */ /* Multiple reads */
while (tls->ssl.MBEDTLS_PRIVATE(state) != MBEDTLS_SSL_HANDSHAKE_OVER) { while (!mbedtls_ssl_is_handshake_over(&tls->ssl)) {
if (tls->ssl.MBEDTLS_PRIVATE(state) == MBEDTLS_SSL_CLIENT_CERTIFICATE) { if (tls->ssl.MBEDTLS_PRIVATE(state) == MBEDTLS_SSL_CLIENT_CERTIFICATE) {
/* Read random data before session completes, not present after handshake */ /* Read random data before session completes, not present after handshake */
if (tls->ssl.MBEDTLS_PRIVATE(handshake)) { if (tls->ssl.MBEDTLS_PRIVATE(handshake)) {
os_memcpy(conn->randbytes, tls->ssl.MBEDTLS_PRIVATE(handshake)->randbytes, os_memcpy(conn->randbytes, tls->ssl.MBEDTLS_PRIVATE(handshake)->randbytes,
TLS_RANDOM_LEN * 2); TLS_RANDOM_LEN * 2);
conn->mac = tls->ssl.handshake->ciphersuite_info->mac; conn->mac = tls->ssl.MBEDTLS_PRIVATE(handshake)->ciphersuite_info->mac;
} }
} }
ret = mbedtls_ssl_handshake_step(&tls->ssl); ret = mbedtls_ssl_handshake_step(&tls->ssl);
@ -944,7 +943,7 @@ static int tls_connection_prf(void *tls_ctx, struct tls_connection *conn,
wpa_printf(MSG_ERROR, "TLS: %s, session ingo is null", __func__); wpa_printf(MSG_ERROR, "TLS: %s, session ingo is null", __func__);
return -1; return -1;
} }
if (ssl->MBEDTLS_PRIVATE(state) != MBEDTLS_SSL_HANDSHAKE_OVER) { if (!mbedtls_ssl_is_handshake_over(ssl)) {
wpa_printf(MSG_ERROR, "TLS: %s, incorrect tls state=%d", __func__, ssl->MBEDTLS_PRIVATE(state)); wpa_printf(MSG_ERROR, "TLS: %s, incorrect tls state=%d", __func__, ssl->MBEDTLS_PRIVATE(state));
return -1; return -1;
} }
@ -957,7 +956,7 @@ static int tls_connection_prf(void *tls_ctx, struct tls_connection *conn,
} }
wpa_hexdump_key(MSG_MSGDUMP, "random", seed, 2 * TLS_RANDOM_LEN); wpa_hexdump_key(MSG_MSGDUMP, "random", seed, 2 * TLS_RANDOM_LEN);
wpa_hexdump_key(MSG_MSGDUMP, "master", ssl->MBEDTLS_PRIVATE(session)->MBEDTLS_PRIVATE(master), TLS_MASTER_SECRET_LEN); wpa_hexdump_key(MSG_MSGDUMP, "master", ssl->MBEDTLS_PRIVATE(session)->MBEDTLS_PRIVATE(master), TLS_MASTER_SECRET_LEN);
ret = mbedtls_ssl_tls_prf(conn->tls_prf_type, conn->master_secret, TLS_MASTER_SECRET_LEN, ret = mbedtls_ssl_tls_prf(conn->tls_prf_type, conn->master_secret, TLS_MASTER_SECRET_LEN,
label, seed, 2 * TLS_RANDOM_LEN, out, out_len); label, seed, 2 * TLS_RANDOM_LEN, out, out_len);