Commit Graph

36334 Commits

Author SHA1 Message Date
Sarvesh Bodakhe
05b882baea fix(wpa_supplicant): Update cipher suite list for TLSv1.3 suiteb and some refactoring
- Use MBEDTLS_TLS1_3_AES_256_GCM_SHA384 cipher for TLSv1.3-suiteb
- Call psa_crypto_init() in tls_connection_init() to reduce redundancy
2024-03-20 09:33:52 +05:30
Sarvesh Bodakhe
5903e9ea2b feat(wpa_supplicant): Make CONFIG_ESP_WIFI_EAP_TLS1_3 an experimental feature 2024-03-20 09:33:52 +05:30
Sarvesh Bodakhe
5ce95cae91 fix(esp_wifi): Enable Server certificate validation when using mbedtls TLS v1.3
In TLS v1.2, It was possible to disable server certificate validation simply by using
API 'mbedtls_ssl_conf_authmode'. But this behaviour is changed in TLS v1.3. We can not
disable server certificate validation in TLS v1.3 using this API anymore.

For more details, refer https://github.com/Mbed-TLS/mbedtls/issues/7075
2024-03-20 09:33:52 +05:30
Sarvesh Bodakhe
ec09cdf885 feat(wpa_supplicant): Add TLS v1.3 support for WiFi enterprise
* Add TLS v1.3 support for following EAP methods:
  - EAP-TLS  (RFC 9190)
  - EAP-PEAP (RFC 9427)
  - EAP-TTLS (RFC 9427)
* Add mbedtls porting for TLS v1.3 exporter (RFC 8446 Section 7.5)
* Add new Kconfig flag to enable TLS v1.3 for EAP methods
* Advertise TLS v1.3 signature algorithms if TLS 1.3 is enabled for EAP
  methods
* Advertise TLS v1.3 cipher suites if CONFIG_ESP_WIFI_EAP_TLS1_3 enabled
* Add support to Ack protected success indication
  (workaround for EAP-TLS 1.3 and 1.2 compatibilty)
2024-03-20 09:33:52 +05:30
Glenn Strauss
b3e4aae7bb TLS: Fix unsigned int underflow in internal TLS 1.0/1.1 implementation
Taking sizeof(ptr) is incorrect to determine size of passed in hash and
results in hlen getting set to a very large value since MD5_MAC_LEN >
sizeof(ptr). Provide the actual size of the hash buffer from the caller
to fix this.

tls_key_x_server_params_hash() callers src/tls/tlsv1_client_read.c and
src/tls/tlsv1_server_write.c both pass in a large enough hash (hash[64]
or hash[100]) that this does not appear to have an impact, though it is
still wrong.

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2024-03-20 09:33:52 +05:30
Glenn Strauss
b58dbf2808 Update tls_connection_set_verify() documentation to verify_peer=2
This new value was added to verify peer certificate if it is provided,
but not reject the TLS handshake if no peer certificate is provided.

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2024-03-20 09:33:52 +05:30
Jouni Malinen
8ff4837830 Fix tls_connection_set_success_data() in TLS library wrappers
Some of the TLS library wrappers defined only an empty function for
tls_connection_set_success_data(). That could result in memory leaks in
TLS server cases, so update these to do the minimal thing and free the
provided buffer as unused.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-03-20 09:33:52 +05:30
Jouni Malinen
6658c3ed63 Remove useless DH file configuration from TLS library wrappers
These operations do not really have any effect since
tls_connection_set_params() is used only in the TLS client case and the
client receives the DH parameters from the server instead of local
configuration.

Signed-off-by: Jouni Malinen <j@w1.fi>
2024-03-20 09:33:52 +05:30
Jouni Malinen
89fc940ec0 EAP-TLS: Do not allow TLSv1.3 success without protected result indication
RFC 9190 requires protected result indication to be used with TLSv1.3,
so do not allow EAP-TLS to complete successfully if the server does not
send that indication.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-03-20 09:33:52 +05:30
Jouni Malinen
98183fe062 EAP-TLS: Replace the Commitment Message term with RFC 9190 language
While the drafts for RFC 9190 used a separate Commitment Message term,
that term was removed from the published RFC. Update the debug prints to
match that final language.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-03-20 09:33:52 +05:30
Jouni Malinen
9cb8c0545f EAP-TLS: Update specification references to RFC 5216 and 9190
The previously used references were pointing to an obsoleted RFC and
draft versions. Replace these with current versions.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-03-20 09:33:52 +05:30
Alexander Clouter
b17d6a1b3a EAP-TTLS peer: Handle Commitment Message for TLS 1.3
Recognize the explicitly defined Commitment Message per
draft-ietf-emu-eap-tls13-13 at the conclusion of the EAP-TTLS with TLS
1.3.

Signed-off-by: Alexander Clouter <alex@digriz.org.uk>
2024-03-20 09:33:52 +05:30
Alexander Clouter
65248148f0 EAP-TLS peer: Handle Commitment Message for TLS 1.3
Recognize the explicitly defined Commitment Message per
draft-ietf-emu-eap-tls13-13 at the conclusion of the EAP-TLS with TLS
1.3.

Signed-off-by: Alexander Clouter <alex@digriz.org.uk>
2024-03-20 09:33:52 +05:30
Alexander Clouter
a5ee253d62 EAP: Extend Session-Id derivation with TLS 1.3 to PEAP and EAP-TTLS
This newer Session-Id/Method-Id derivation is used with PEAP and
EAP-TTLS when using TLS 1.3 per draft-ietf-emu-tls-eap-types-00, so do
not limit this to only EAP-TLS.

Signed-off-by: Alexander Clouter <alex@digriz.org.uk>
2024-03-20 09:33:52 +05:30
Alexander Clouter
42e37285e5 EAP-TTLS: Key derivation per draft-ietf-emu-tls-eap-types-00
Use the TLS-Exporter with the label and context as defined in
draft-ietf-emu-tls-eap-types-00 when deriving keys for EAP-TTLS with TLS
1.3.

Signed-off-by: Alexander Clouter <alex@digriz.org.uk>
2024-03-20 09:33:52 +05:30
Alexander Clouter
0d90484018 EAP-PEAP: Key derivation per draft-ietf-emu-tls-eap-types-00
Use the TLS-Exporter with the label and context as defined in
draft-ietf-emu-tls-eap-types-00 when deriving keys for PEAP with TLS
1.3.

Signed-off-by: Alexander Clouter <alex@digriz.org.uk>
2024-03-20 09:33:52 +05:30
Alexander Clouter
252dd1b976 EAP-TTLS/PEAP peer: Fix failure when using session tickets under TLS 1.3
EAP peer does not expect data present when beginning the Phase 2 in
EAP-{TTLS,PEAP} but in TLS 1.3 session tickets are sent after the
handshake completes.

There are several strategies that can be used to handle this, but this
patch picks up from the discussion[1] and implements the proposed use of
SSL_MODE_AUTO_RETRY. SSL_MODE_AUTO_RETRY has already been enabled by
default in OpenSSL 1.1.1, but it needs to be enabled for older versions.

The main OpenSSL wrapper change in tls_connection_decrypt() takes care
of the new possible case with SSL_MODE_AUTO_RETRY for
SSL_ERROR_WANT_READ to indicate that a non-application_data was
processed. That is not really an error case with TLS 1.3, so allow it to
complete and return an empty decrypted application data buffer.
EAP-PEAP/TTLS processing can then use this to move ahead with starting
Phase 2.

[1] https://www.spinics.net/lists/hostap/msg05376.html

Signed-off-by: Alexander Clouter <alex@digriz.org.uk>
2024-03-20 09:33:52 +05:30
Jouni Malinen
a5b01a93ff EAP-TTLS peer: Support vendor EAP method in Phase 2
The implementation was previously hardcoded to use only the non-expanded
IETF EAP methods in Phase 2. Extend that to allow vendor EAP methods
with expanded header to be used.

Signed-off-by: Jouni Malinen <j@w1.fi>
2024-03-20 09:33:52 +05:30
Jouni Malinen
a9170c6a20 EAP-TLS peer: Handle possible application data at the end
EAP-TLS with TLS 1.3 uses an empty application data record from the
server to indicate end of the exchange, so EAP-TLS peer will need to
check for this special case and finish the exchange with an empty
EAP-TLS (ACK) so that the server can send out EAP-Success.

Signed-off-by: Jouni Malinen <j@w1.fi>
2024-03-20 09:33:52 +05:30
Ervin Oro
caf49e8c10 Add Type-Code context to EAP-TLS 1.3 exported Key_Material and Method-Id
Change to require the Type-Code in context for Key_Material and
Method-Id has now been published as draft-ietf-emu-eap-tls13-04.
https://tools.ietf.org/html/draft-ietf-emu-eap-tls13-04#section-2.3

Signed-off-by: Ervin Oro <ervin.oro@aalto.fi>
2024-03-20 09:33:52 +05:30
Sarvesh Bodakhe
886bf9e82f feat(wpa_supplicant): Add support for RFC 5705 TLS exporter context with mbedTLS 2024-03-20 09:33:52 +05:30
Ervin Oro
562bc59576 Add support for an optional context parameter to TLS exporter
Allow an additional context value to be passed to TLS exporter as
specified in RFC 5705 section 4.

This does not yet implement it for the internal TLS implementation.
However, as currently nothing uses context yet, this will not break
anything right now. WolfSSL maintainers also stated that they are not
going to add context support yet, but would look into it if/when this is
required by a published draft or a standard.

Signed-off-by: Ervin Oro <ervin.oro@aalto.fi>
2024-03-20 09:33:52 +05:30
Jouni Malinen
1e38fa2c12 EAP peer: Clear temporary message buffers before freeing
These buffers in TLS-based EAP methods might contain keys or password
(e.g., when using TTLS-PAP or PEAP-GTC), so clear them explicitly to
avoid leaving such material into heap memory unnecessarily.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2024-03-20 09:33:52 +05:30
Jouni Malinen
aa987d418e EAP-PEAP: Derive EMSK and use 128-octet derivation for MSK
Derive EMSK when using EAP-PEAP to enable ERP. In addition, change the
MSK derivation for EAP-PEAP to always derive 128 octets of key material
instead of the 64 octets to cover just the MSK. This is needed with the
PRF used in TLS 1.3 since the output length is mixed into the PRF
context.

Signed-off-by: Jouni Malinen <j@w1.fi>
2024-03-20 09:33:52 +05:30
Jouni Malinen
f4d7329ae6 EAP peer: Clear keying material on deinit
Reduce the amount of time keying material (MSK, EMSK, temporary private
data) remains in memory in EAP methods. This provides additional
protection should there be any issues that could expose process memory
to external observers.

Signed-off-by: Jouni Malinen <j@w1.fi>
2024-03-20 09:33:52 +05:30
Jouni Malinen
bb16734aa9 EAP-TLS: Update Session-Id derivation with TLS v1.3
Move to the version used in draft-ietf-emu-eap-tls13-03.txt, i.e.,
include the 0x0D prefix and use a different TLS-Exporter() label string.

Signed-off-by: Jouni Malinen <j@w1.fi>
2024-03-20 09:33:52 +05:30
Jouni Malinen
ed8452d53f EAP-TLS: Derive Session-Id using TLS-Exporter when TLS v1.3 is used
This updates Session-Id derivation with TLS v1.3 per
draft-ietf-emu-eap-tls13-00.

Signed-off-by: Jouni Malinen <j@w1.fi>
2024-03-20 09:33:51 +05:30
Jouni Malinen
a2336b74f9 EAP-TLS: Update key derivation label per draft-ietf-emu-eap-tls13-00
The label strings used for deriving Key_Material with TLS v1.3 were
changed, so update the implementation to match the new values.

Signed-off-by: Jouni Malinen <j@w1.fi>
2024-03-20 09:33:51 +05:30
Jouni Malinen
e9f6949d7e EAP-TLS peer: MSK/EMSK derivation with TLS v1.3
Use new MSK/EMSK derivation mechanism if TLS v1.3 or newer is used per
draft-mattsson-eap-tls13-02.txt.

Signed-off-by: Jouni Malinen <j@w1.fi>
2024-03-20 09:33:51 +05:30
Jouni Malinen
34a8628d4e EAP-TLS peer: Allow NewSessionTicket after Client Finished with TLS v1.3
The EAP session cannot be marked fully completed on sending Client
Finished with TLS v1.3 since the server may still send NewSessionTicket
before EAP-Success.

Signed-off-by: Jouni Malinen <j@w1.fi>
2024-03-20 09:33:51 +05:30
Jouni Malinen
6a83540ae0 EAP-TLS peer: Support fragmentation of last message
With TLS v1.3, the Finished message from the client can require
fragmentation. Postpone key derivation and marking of the EAP session
fully completed until all the fragments of that last message are sent to
avoid losing all the subsequent fragments.

Signed-off-by: Jouni Malinen <j@w1.fi>
2024-03-20 09:33:51 +05:30
Jouni Malinen
77d87edbb2 EAP-TLS peer: Determine whether TLS v1.3 or newer is used
This is needed to be able to handle different key derivation and message
handshakes in EAP implementation.

Signed-off-by: Jouni Malinen <j@w1.fi>
2024-03-20 09:33:48 +05:30
Ilan Peer
a539c63d68 EAP-TTLS: Fix possible memory leak in eap_ttls_phase2_request_mschap()
The msg buffer needs to be freed on these two error paths.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2024-03-20 09:32:32 +05:30
Jouni Malinen
5c0fb10902 EAP peer: External server certificate chain validation
This adds support for optional functionality to validate server
certificate chain in TLS-based EAP methods in an external program.
wpa_supplicant control interface is used to indicate when such
validation is needed and what the result of the external validation is.

This external validation can extend or replace the internal validation.
When ca_cert or ca_path parameter is set, the internal validation is
used. If these parameters are omitted, only the external validation is
used. It needs to be understood that leaving those parameters out will
disable most of the validation steps done with the TLS library and that
configuration is not really recommend.

By default, the external validation is not used. It can be enabled by
addingtls_ext_cert_check=1 into the network profile phase1 parameter.
When enabled, external validation is required through the CTRL-REQ/RSP
mechanism similarly to other EAP authentication parameters through the
control interface.

The request to perform external validation is indicated by the following
event:
CTRL-REQ-EXT_CERT_CHECK-<id>:External server certificate validation needed for SSID <ssid>

Before that event, the server certificate chain is provided with the
CTRL-EVENT-EAP-PEER-CERT events that include the cert=<hexdump>
parameter. depth=# indicates which certificate is in question (0 for the
server certificate, 1 for its issues, and so on).

The result of the external validation is provided with the following
command:
CTRL-RSP-EXT_CERT_CHECK-<id>:<good|bad>

It should be noted that this is currently enabled only for OpenSSL (and
BoringSSL/LibreSSL). Due to the constraints in the library API, the
validation result from external processing cannot be reported cleanly
with TLS alert. In other words, if the external validation reject the
server certificate chain, the pending TLS handshake is terminated
without sending more messages to the server.

Signed-off-by: Jouni Malinen <j@w1.fi>
2024-03-20 09:32:32 +05:30
Jin Cheng
45af060963 change(bt/bluedroid): Use BTC util to convert HCI status to ESP status 2024-03-20 10:38:44 +08:00
Wan Lei
a7355d3aba Merge branch 'feat/c6lite_c61_g0_component_s4' into 'master'
feat(esp32c61): add G0 component (hal, riscv) support (stage 4/8)

See merge request espressif/esp-idf!29551
2024-03-20 10:09:42 +08:00
Darian
53e3833f44 Merge branch 'refactor/usb_fsls_phy_hal' into 'master'
refactor(hal/usb): Update USB PHY related HAL/LL API

See merge request espressif/esp-idf!29659
2024-03-20 06:07:29 +08:00
Jiang Jiang Jian
8a06233051 Merge branch 'feature/updates_for_wpa3_spec_v3.3' into 'master'
feat(esp_wifi): Update Wi-Fi WPA3 authmodes as per WPA Specification v3.3

See merge request espressif/esp-idf!29608
2024-03-20 02:31:01 +08:00
Alexey Lapshin
00b55a654c Merge branch 'feature/cleanup-linker-scripts' into 'master'
feat(system): refactor linker scripts

See merge request espressif/esp-idf!29515
2024-03-20 02:25:11 +08:00
Darshan Dobariya
e0e89b8bde fix(nimble): Added support for deleting the oldest bonded device across reboot 2024-03-19 22:26:22 +05:30
Sudeep Mohanty
42c935e2c3 fix(freertos): Fixed an issue where accessing task lists could overrun memory
This commit fixes a potential issue of illegal memory access when
accessing the various task lists in FreeRTOS while fetching tasks using
the xTaskGetNext() function.
2024-03-19 17:33:18 +01:00
Rahul Tank
dd737f9821 Merge branch 'bugfix/fixed_task_invokation_after_pairing' into 'master'
fix(nimble): Fixed the call to ble_hid_task_startup after pairing

See merge request espressif/esp-idf!29655
2024-03-19 23:26:27 +08:00
Sudeep Mohanty
ca07ef3837 Merge branch 'contrib/github_pr_13180' into 'master'
ulp_riscv_print: Add convenience function that supports different widths (GitHub PR)

Closes IDFGH-12124

See merge request espressif/esp-idf!29716
2024-03-19 22:52:50 +08:00
Ivan Grokhotkov
5fee4b0f72 Merge branch 'feature/move_fatfs_scripts_to_storage' into 'master'
feat(storage/fatfs): move fatfs related scripts under control of the storage team

Closes IDF-9544

See merge request espressif/esp-idf!29738
2024-03-19 22:51:29 +08:00
Jakub Kocka
3ad5e5c722 refactor(idf_tools): IDF version is acquired only from version or header file
Closes https://github.com/espressif/esp-idf/issues/13385
2024-03-19 15:40:45 +01:00
Song Ruo Jing
34f05287ab Merge branch 'bugfix/dma2d_various_small_fixes' into 'master'
fix(dma2d): correct a few 2D-DMA driver issues

See merge request espressif/esp-idf!29705
2024-03-19 21:36:45 +08:00
Ondrej Kosta
9d0b8d62b0 Merge branch 'feature/emac_intr_prio' into 'master'
feat(esp_eth): added option to configure interrupt priority

Closes IDF-7969

See merge request espressif/esp-idf!29300
2024-03-19 21:09:30 +08:00
Tomáš Rohlínek
a17ef2f8d8
feat(storage/fatfs): move fatfs related scripts under control of the storage team 2024-03-19 13:36:40 +01:00
Fu Hanxi
129eb33dd8 Merge branch 'ci/run_full_pipeline_while_testing_constraint_file' into 'master'
CI: run full pipeline while testing constraint file

See merge request espressif/esp-idf!29731
2024-03-19 20:17:31 +08:00
Fu Hanxi
74843a442b fix: component manager load all component dirs even set(COMPONENTS ...) 2024-03-19 19:52:20 +08:00