mirror of
https://github.com/espressif/esp-idf.git
synced 2024-10-05 20:47:46 -04:00
Merge branch 'feature/wpa_supp_mbedtls_private_cleanup' into 'master'
wpa_supplicant: `MBEDTLS_PRIVATE` & `MBEDTLS_ALLOW_PRIVATE_ACCESS`-related cleanup Closes IDF-5861 See merge request espressif/esp-idf!20171
This commit is contained in:
Mahavir Jain
commit
dd76328927
@ -4,8 +4,6 @@
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*/
|
||||
|
||||
#define MBEDTLS_ALLOW_PRIVATE_ACCESS
|
||||
|
||||
#ifdef ESP_PLATFORM
|
||||
#include "esp_system.h"
|
||||
#include "mbedtls/bignum.h"
|
||||
@ -31,9 +29,9 @@
|
||||
#define ECP_PRV_DER_MAX_BYTES 29 + 3 * MBEDTLS_ECP_MAX_BYTES
|
||||
|
||||
#ifdef CONFIG_MBEDTLS_ECDH_LEGACY_CONTEXT
|
||||
#define ACCESS_ECDH(S, var) S->var
|
||||
#define ACCESS_ECDH(S, var) S->MBEDTLS_PRIVATE(var)
|
||||
#else
|
||||
#define ACCESS_ECDH(S, var) S->ctx.mbed_ecdh.var
|
||||
#define ACCESS_ECDH(S, var) S->MBEDTLS_PRIVATE(ctx).MBEDTLS_PRIVATE(mbed_ecdh).MBEDTLS_PRIVATE(var)
|
||||
#endif
|
||||
|
||||
#ifdef CONFIG_ECC
|
||||
@ -1053,7 +1051,7 @@ struct crypto_ecdh * crypto_ecdh_init(int group)
|
||||
}
|
||||
mbedtls_ecdh_init(ctx);
|
||||
#ifndef CONFIG_MBEDTLS_ECDH_LEGACY_CONTEXT
|
||||
ctx->var = MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0;
|
||||
ctx->MBEDTLS_PRIVATE(var) = MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0;
|
||||
#endif
|
||||
|
||||
if ((mbedtls_ecp_group_load(ACCESS_ECDH(&ctx, grp), crypto_mbedtls_get_grp_id(group))) != 0) {
|
||||
@ -1105,7 +1103,7 @@ struct wpabuf * crypto_ecdh_get_pubkey(struct crypto_ecdh *ecdh, int y)
|
||||
}
|
||||
|
||||
/* Export an MPI into unsigned big endian binary data of fixed size */
|
||||
mbedtls_mpi_write_binary(ACCESS_ECDH(&ctx, Q).X, buf, prime_len);
|
||||
mbedtls_mpi_write_binary(ACCESS_ECDH(&ctx, Q).MBEDTLS_PRIVATE(X), buf, prime_len);
|
||||
public_key = wpabuf_alloc_copy(buf, 32);
|
||||
os_free(buf);
|
||||
return public_key;
|
||||
@ -1179,9 +1177,9 @@ struct wpabuf * crypto_ecdh_set_peerkey(struct crypto_ecdh *ecdh, int inc_y,
|
||||
/* Setup ECDH context from EC key */
|
||||
/* Call to mbedtls_ecdh_get_params() will initialize the context when not LEGACY context */
|
||||
if (ctx != NULL && peer != NULL) {
|
||||
mbedtls_ecp_copy( ACCESS_ECDH(&ctx, Qp), &(mbedtls_pk_ec(*peer))->Q );
|
||||
mbedtls_ecp_copy( ACCESS_ECDH(&ctx, Qp), &(mbedtls_pk_ec(*peer))->MBEDTLS_PRIVATE(Q) );
|
||||
#ifndef CONFIG_MBEDTLS_ECDH_LEGACY_CONTEXT
|
||||
ctx->var = MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0;
|
||||
ctx->MBEDTLS_PRIVATE(var) = MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0;
|
||||
#endif
|
||||
} else {
|
||||
wpa_printf(MSG_ERROR, "Failed to set peer's ECDH context");
|
||||
|
||||
@ -217,7 +217,7 @@ int crypto_public_key_encrypt_pkcs1_v15(struct crypto_public_key *key,
|
||||
wpa_printf(MSG_ERROR, " failed ! mbedtls_rsa_pkcs1_encrypt returned -0x%04x", -ret);
|
||||
goto cleanup;
|
||||
}
|
||||
*outlen = mbedtls_pk_rsa(*pkey)->MBEDTLS_PRIVATE(len);
|
||||
*outlen = mbedtls_rsa_get_len(mbedtls_pk_rsa(*pkey));
|
||||
|
||||
cleanup:
|
||||
mbedtls_ctr_drbg_free( ctr_drbg );
|
||||
@ -256,7 +256,7 @@ int crypto_private_key_decrypt_pkcs1_v15(struct crypto_private_key *key,
|
||||
if (ret < 0)
|
||||
goto cleanup;
|
||||
|
||||
i = mbedtls_pk_rsa(*pkey)->MBEDTLS_PRIVATE(len);
|
||||
i = mbedtls_rsa_get_len(mbedtls_pk_rsa(*pkey));
|
||||
ret = mbedtls_rsa_rsaes_pkcs1_v15_decrypt(mbedtls_pk_rsa(*pkey), mbedtls_ctr_drbg_random,
|
||||
ctr_drbg, &i, in, out, *outlen);
|
||||
|
||||
@ -301,7 +301,8 @@ int crypto_private_key_sign_pkcs1(struct crypto_private_key *key,
|
||||
wpa_printf(MSG_ERROR, " failed ! mbedtls_rsa_pkcs1_sign returned %d", ret );
|
||||
goto cleanup;
|
||||
}
|
||||
*outlen = mbedtls_pk_rsa(*pkey)->MBEDTLS_PRIVATE(len);
|
||||
*outlen = mbedtls_rsa_get_len(mbedtls_pk_rsa(*pkey));
|
||||
|
||||
cleanup:
|
||||
mbedtls_ctr_drbg_free( ctr_drbg );
|
||||
mbedtls_entropy_free( entropy );
|
||||
|
||||
@ -220,7 +220,8 @@ int crypto_hash_finish(struct crypto_hash *crypto_ctx, u8 *mac, size_t *len)
|
||||
if (mac == NULL || len == NULL) {
|
||||
goto err;
|
||||
}
|
||||
md_type = mbedtls_md_get_type(ctx->MBEDTLS_PRIVATE(md_info));
|
||||
|
||||
md_type = mbedtls_md_get_type(mbedtls_md_info_from_ctx(ctx));
|
||||
switch(md_type) {
|
||||
case MBEDTLS_MD_MD5:
|
||||
if (*len < MD5_MAC_LEN) {
|
||||
|
||||
@ -13,14 +13,17 @@
|
||||
#include "crypto/sha256.h"
|
||||
#include "crypto/sha384.h"
|
||||
|
||||
/* ToDo - Remove this once appropriate solution is available.
|
||||
We need to define this for the file as ssl_misc.h uses private structures from mbedtls,
|
||||
which are undefined if the following flag is not defined */
|
||||
/* Many APIs in the file make use of this flag instead of `MBEDTLS_PRIVATE` */
|
||||
/* ToDo - Replace them with proper getter-setter once they are added */
|
||||
/* TODO: Remove this once the appropriate solution is found
|
||||
*
|
||||
* ssl_misc.h header uses private elements from
|
||||
* mbedtls, which become undefined if the following flag
|
||||
* is not defined
|
||||
*/
|
||||
#define MBEDTLS_ALLOW_PRIVATE_ACCESS
|
||||
|
||||
// located at mbedtls/library/ssl_misc.h
|
||||
#include "ssl_misc.h"
|
||||
|
||||
#include "mbedtls/ctr_drbg.h"
|
||||
#include "mbedtls/entropy.h"
|
||||
#include "mbedtls/debug.h"
|
||||
@ -659,11 +662,7 @@ int tls_connection_established(void *tls_ctx, struct tls_connection *conn)
|
||||
{
|
||||
mbedtls_ssl_context *ssl = &conn->tls->ssl;
|
||||
|
||||
if (ssl->MBEDTLS_PRIVATE(state) == MBEDTLS_SSL_HANDSHAKE_OVER) {
|
||||
return 1;
|
||||
}
|
||||
|
||||
return 0;
|
||||
return mbedtls_ssl_is_handshake_over(ssl);
|
||||
}
|
||||
|
||||
int tls_global_set_verify(void *tls_ctx, int check_crl, int strict)
|
||||
@ -696,13 +695,13 @@ struct wpabuf * tls_connection_handshake(void *tls_ctx,
|
||||
}
|
||||
|
||||
/* Multiple reads */
|
||||
while (tls->ssl.MBEDTLS_PRIVATE(state) != MBEDTLS_SSL_HANDSHAKE_OVER) {
|
||||
while (!mbedtls_ssl_is_handshake_over(&tls->ssl)) {
|
||||
if (tls->ssl.MBEDTLS_PRIVATE(state) == MBEDTLS_SSL_CLIENT_CERTIFICATE) {
|
||||
/* Read random data before session completes, not present after handshake */
|
||||
if (tls->ssl.MBEDTLS_PRIVATE(handshake)) {
|
||||
os_memcpy(conn->randbytes, tls->ssl.MBEDTLS_PRIVATE(handshake)->randbytes,
|
||||
TLS_RANDOM_LEN * 2);
|
||||
conn->mac = tls->ssl.handshake->ciphersuite_info->mac;
|
||||
conn->mac = tls->ssl.MBEDTLS_PRIVATE(handshake)->ciphersuite_info->mac;
|
||||
}
|
||||
}
|
||||
ret = mbedtls_ssl_handshake_step(&tls->ssl);
|
||||
@ -944,7 +943,7 @@ static int tls_connection_prf(void *tls_ctx, struct tls_connection *conn,
|
||||
wpa_printf(MSG_ERROR, "TLS: %s, session ingo is null", __func__);
|
||||
return -1;
|
||||
}
|
||||
if (ssl->MBEDTLS_PRIVATE(state) != MBEDTLS_SSL_HANDSHAKE_OVER) {
|
||||
if (!mbedtls_ssl_is_handshake_over(ssl)) {
|
||||
wpa_printf(MSG_ERROR, "TLS: %s, incorrect tls state=%d", __func__, ssl->MBEDTLS_PRIVATE(state));
|
||||
return -1;
|
||||
}
|
||||
@ -957,7 +956,7 @@ static int tls_connection_prf(void *tls_ctx, struct tls_connection *conn,
|
||||
}
|
||||
|
||||
wpa_hexdump_key(MSG_MSGDUMP, "random", seed, 2 * TLS_RANDOM_LEN);
|
||||
wpa_hexdump_key(MSG_MSGDUMP, "master", ssl->MBEDTLS_PRIVATE(session)->MBEDTLS_PRIVATE(master), TLS_MASTER_SECRET_LEN);
|
||||
wpa_hexdump_key(MSG_MSGDUMP, "master", ssl->MBEDTLS_PRIVATE(session)->MBEDTLS_PRIVATE(master), TLS_MASTER_SECRET_LEN);
|
||||
|
||||
ret = mbedtls_ssl_tls_prf(conn->tls_prf_type, conn->master_secret, TLS_MASTER_SECRET_LEN,
|
||||
label, seed, 2 * TLS_RANDOM_LEN, out, out_len);
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user