mirror of
https://github.com/espressif/esp-idf.git
synced 2025-08-04 21:24:32 +02:00
Merge branch 'bugfix/wpa2_enterprise_issues' into 'master'
esp_wifi: WPA2 enterprise related changes Closes WIFI-4579 See merge request espressif/esp-idf!19162
This commit is contained in:
Jiang Jiang Jian
@@ -251,7 +251,7 @@ if(CONFIG_WPA_11R_SUPPORT)
|
|||||||
endif()
|
endif()
|
||||||
if(NOT CONFIG_WPA_MBEDTLS_TLS_CLIENT)
|
if(NOT CONFIG_WPA_MBEDTLS_TLS_CLIENT)
|
||||||
target_compile_definitions(${COMPONENT_LIB} PRIVATE CONFIG_TLS_INTERNAL_CLIENT
|
target_compile_definitions(${COMPONENT_LIB} PRIVATE CONFIG_TLS_INTERNAL_CLIENT
|
||||||
CONFIG_TLSV11 CONFIG_TLSV12 CONFIG_INTERNAL_SHA384 CONFIG_INTERNAL_SHA512 EAP_FAST)
|
CONFIG_TLSV11 CONFIG_TLSV12 EAP_FAST)
|
||||||
endif()
|
endif()
|
||||||
if(CONFIG_WPA_MBEDTLS_CRYPTO)
|
if(CONFIG_WPA_MBEDTLS_CRYPTO)
|
||||||
target_compile_definitions(${COMPONENT_LIB} PRIVATE CONFIG_CRYPTO_MBEDTLS)
|
target_compile_definitions(${COMPONENT_LIB} PRIVATE CONFIG_CRYPTO_MBEDTLS)
|
||||||
|
|||||||
@@ -119,14 +119,10 @@ int md4_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac)
|
|||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
struct crypto_hash {
|
|
||||||
mbedtls_md_context_t ctx;
|
|
||||||
};
|
|
||||||
|
|
||||||
struct crypto_hash * crypto_hash_init(enum crypto_hash_alg alg, const u8 *key,
|
struct crypto_hash * crypto_hash_init(enum crypto_hash_alg alg, const u8 *key,
|
||||||
size_t key_len)
|
size_t key_len)
|
||||||
{
|
{
|
||||||
struct crypto_hash *ctx;
|
mbedtls_md_context_t *ctx = NULL;
|
||||||
mbedtls_md_type_t md_type;
|
mbedtls_md_type_t md_type;
|
||||||
const mbedtls_md_info_t *md_info;
|
const mbedtls_md_info_t *md_info;
|
||||||
int ret;
|
int ret;
|
||||||
@@ -169,53 +165,53 @@ struct crypto_hash * crypto_hash_init(enum crypto_hash_alg alg, const u8 *key,
|
|||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
mbedtls_md_init(&ctx->ctx);
|
mbedtls_md_init(ctx);
|
||||||
md_info = mbedtls_md_info_from_type(md_type);
|
md_info = mbedtls_md_info_from_type(md_type);
|
||||||
if (!md_info) {
|
if (!md_info) {
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
if (mbedtls_md_setup(&ctx->ctx, md_info, 1) != 0) {
|
if (mbedtls_md_setup(ctx, md_info, is_hmac) != 0) {
|
||||||
goto cleanup;
|
|
||||||
}
|
|
||||||
if (mbedtls_md_hmac_starts(&ctx->ctx, key, key_len) != 0) {
|
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
if (is_hmac) {
|
if (is_hmac) {
|
||||||
ret = mbedtls_md_hmac_starts(&ctx->ctx, key, key_len);
|
ret = mbedtls_md_hmac_starts(ctx, key, key_len);
|
||||||
} else {
|
} else {
|
||||||
ret = mbedtls_md_starts(&ctx->ctx);
|
ret = mbedtls_md_starts(ctx);
|
||||||
}
|
}
|
||||||
if (ret < 0) {
|
if (ret < 0) {
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
|
|
||||||
return ctx;
|
return (struct crypto_hash *)ctx;
|
||||||
cleanup:
|
cleanup:
|
||||||
|
mbedtls_md_free(ctx);
|
||||||
os_free(ctx);
|
os_free(ctx);
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
void crypto_hash_update(struct crypto_hash *ctx, const u8 *data, size_t len)
|
void crypto_hash_update(struct crypto_hash *crypto_ctx, const u8 *data, size_t len)
|
||||||
{
|
{
|
||||||
int ret;
|
int ret;
|
||||||
|
mbedtls_md_context_t *ctx = (mbedtls_md_context_t *)crypto_ctx;
|
||||||
|
|
||||||
if (ctx == NULL) {
|
if (ctx == NULL) {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
if (ctx->ctx.MBEDTLS_PRIVATE(hmac_ctx)) {
|
if (ctx->MBEDTLS_PRIVATE(hmac_ctx)) {
|
||||||
ret = mbedtls_md_hmac_update(&ctx->ctx, data, len);
|
ret = mbedtls_md_hmac_update(ctx, data, len);
|
||||||
} else {
|
} else {
|
||||||
ret = mbedtls_md_update(&ctx->ctx, data, len);
|
ret = mbedtls_md_update(ctx, data, len);
|
||||||
}
|
}
|
||||||
if (ret != 0) {
|
if (ret != 0) {
|
||||||
wpa_printf(MSG_ERROR, "%s: mbedtls_md_hmac_update failed", __func__);
|
wpa_printf(MSG_ERROR, "%s: mbedtls_md_hmac_update failed", __func__);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
int crypto_hash_finish(struct crypto_hash *ctx, u8 *mac, size_t *len)
|
int crypto_hash_finish(struct crypto_hash *crypto_ctx, u8 *mac, size_t *len)
|
||||||
{
|
{
|
||||||
int ret = 0;
|
int ret = 0;
|
||||||
mbedtls_md_type_t md_type;
|
mbedtls_md_type_t md_type;
|
||||||
|
mbedtls_md_context_t *ctx = (mbedtls_md_context_t *)crypto_ctx;
|
||||||
|
|
||||||
if (ctx == NULL) {
|
if (ctx == NULL) {
|
||||||
return -2;
|
return -2;
|
||||||
@@ -224,7 +220,7 @@ int crypto_hash_finish(struct crypto_hash *ctx, u8 *mac, size_t *len)
|
|||||||
if (mac == NULL || len == NULL) {
|
if (mac == NULL || len == NULL) {
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
md_type = mbedtls_md_get_type(ctx->ctx.MBEDTLS_PRIVATE(md_info));
|
md_type = mbedtls_md_get_type(ctx->MBEDTLS_PRIVATE(md_info));
|
||||||
switch(md_type) {
|
switch(md_type) {
|
||||||
case MBEDTLS_MD_MD5:
|
case MBEDTLS_MD_MD5:
|
||||||
if (*len < MD5_MAC_LEN) {
|
if (*len < MD5_MAC_LEN) {
|
||||||
@@ -271,14 +267,14 @@ int crypto_hash_finish(struct crypto_hash *ctx, u8 *mac, size_t *len)
|
|||||||
ret = -1;
|
ret = -1;
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
if (ctx->ctx.MBEDTLS_PRIVATE(hmac_ctx)) {
|
if (ctx->MBEDTLS_PRIVATE(hmac_ctx)) {
|
||||||
ret = mbedtls_md_hmac_finish(&ctx->ctx, mac);
|
ret = mbedtls_md_hmac_finish(ctx, mac);
|
||||||
} else {
|
} else {
|
||||||
ret = mbedtls_md_finish(&ctx->ctx, mac);
|
ret = mbedtls_md_finish(ctx, mac);
|
||||||
}
|
}
|
||||||
|
|
||||||
err:
|
err:
|
||||||
mbedtls_md_free(&ctx->ctx);
|
mbedtls_md_free(ctx);
|
||||||
bin_clear_free(ctx, sizeof(*ctx));
|
bin_clear_free(ctx, sizeof(*ctx));
|
||||||
|
|
||||||
return ret;
|
return ret;
|
||||||
|
|||||||
@@ -483,15 +483,25 @@ struct tlsv1_client * tlsv1_client_init(void)
|
|||||||
|
|
||||||
count = 0;
|
count = 0;
|
||||||
suites = conn->cipher_suites;
|
suites = conn->cipher_suites;
|
||||||
|
#ifdef CONFIG_CRYPTO_MBEDTLS
|
||||||
suites[count++] = TLS_DHE_RSA_WITH_AES_256_CBC_SHA256;
|
suites[count++] = TLS_DHE_RSA_WITH_AES_256_CBC_SHA256;
|
||||||
|
#endif
|
||||||
suites[count++] = TLS_RSA_WITH_AES_256_CBC_SHA256;
|
suites[count++] = TLS_RSA_WITH_AES_256_CBC_SHA256;
|
||||||
|
#ifdef CONFIG_CRYPTO_MBEDTLS
|
||||||
suites[count++] = TLS_DHE_RSA_WITH_AES_256_CBC_SHA;
|
suites[count++] = TLS_DHE_RSA_WITH_AES_256_CBC_SHA;
|
||||||
|
#endif
|
||||||
suites[count++] = TLS_RSA_WITH_AES_256_CBC_SHA;
|
suites[count++] = TLS_RSA_WITH_AES_256_CBC_SHA;
|
||||||
|
#ifdef CONFIG_CRYPTO_MBEDTLS
|
||||||
suites[count++] = TLS_DHE_RSA_WITH_AES_128_CBC_SHA256;
|
suites[count++] = TLS_DHE_RSA_WITH_AES_128_CBC_SHA256;
|
||||||
|
#endif
|
||||||
suites[count++] = TLS_RSA_WITH_AES_128_CBC_SHA256;
|
suites[count++] = TLS_RSA_WITH_AES_128_CBC_SHA256;
|
||||||
|
#ifdef CONFIG_CRYPTO_MBEDTLS
|
||||||
suites[count++] = TLS_DHE_RSA_WITH_AES_128_CBC_SHA;
|
suites[count++] = TLS_DHE_RSA_WITH_AES_128_CBC_SHA;
|
||||||
|
#endif
|
||||||
suites[count++] = TLS_RSA_WITH_AES_128_CBC_SHA;
|
suites[count++] = TLS_RSA_WITH_AES_128_CBC_SHA;
|
||||||
|
#ifdef CONFIG_CRYPTO_MBEDTLS
|
||||||
suites[count++] = TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA;
|
suites[count++] = TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA;
|
||||||
|
#endif
|
||||||
suites[count++] = TLS_RSA_WITH_3DES_EDE_CBC_SHA;
|
suites[count++] = TLS_RSA_WITH_3DES_EDE_CBC_SHA;
|
||||||
suites[count++] = TLS_RSA_WITH_RC4_128_SHA;
|
suites[count++] = TLS_RSA_WITH_RC4_128_SHA;
|
||||||
suites[count++] = TLS_RSA_WITH_RC4_128_MD5;
|
suites[count++] = TLS_RSA_WITH_RC4_128_MD5;
|
||||||
|
|||||||
@@ -126,16 +126,26 @@ u8 * tls_send_client_hello(struct tlsv1_client *conn, size_t *out_len)
|
|||||||
WPA_PUT_BE16(pos, TLS_EXT_SIGNATURE_ALGORITHMS);
|
WPA_PUT_BE16(pos, TLS_EXT_SIGNATURE_ALGORITHMS);
|
||||||
pos += 2;
|
pos += 2;
|
||||||
/* opaque extension_data<0..2^16-1> length */
|
/* opaque extension_data<0..2^16-1> length */
|
||||||
|
#ifdef CONFIG_CRYPTO_MBEDTLS
|
||||||
WPA_PUT_BE16(pos, 8);
|
WPA_PUT_BE16(pos, 8);
|
||||||
|
#else
|
||||||
|
WPA_PUT_BE16(pos, 4);
|
||||||
|
#endif
|
||||||
pos += 2;
|
pos += 2;
|
||||||
/* supported_signature_algorithms<2..2^16-2> length */
|
/* supported_signature_algorithms<2..2^16-2> length */
|
||||||
|
#ifdef CONFIG_CRYPTO_MBEDTLS
|
||||||
WPA_PUT_BE16(pos, 6);
|
WPA_PUT_BE16(pos, 6);
|
||||||
|
#else
|
||||||
|
WPA_PUT_BE16(pos, 2);
|
||||||
|
#endif
|
||||||
pos += 2;
|
pos += 2;
|
||||||
/* supported_signature_algorithms */
|
/* supported_signature_algorithms */
|
||||||
|
#ifdef CONFIG_CRYPTO_MBEDTLS
|
||||||
*pos++ = TLS_HASH_ALG_SHA512;
|
*pos++ = TLS_HASH_ALG_SHA512;
|
||||||
*pos++ = TLS_SIGN_ALG_RSA;
|
*pos++ = TLS_SIGN_ALG_RSA;
|
||||||
*pos++ = TLS_HASH_ALG_SHA384;
|
*pos++ = TLS_HASH_ALG_SHA384;
|
||||||
*pos++ = TLS_SIGN_ALG_RSA;
|
*pos++ = TLS_SIGN_ALG_RSA;
|
||||||
|
#endif
|
||||||
*pos++ = TLS_HASH_ALG_SHA256;
|
*pos++ = TLS_HASH_ALG_SHA256;
|
||||||
*pos++ = TLS_SIGN_ALG_RSA;
|
*pos++ = TLS_SIGN_ALG_RSA;
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -350,6 +350,7 @@ int tlsv12_key_x_server_params_hash(u16 tls_version, u8 hash_alg,
|
|||||||
alg = CRYPTO_HASH_ALG_SHA256;
|
alg = CRYPTO_HASH_ALG_SHA256;
|
||||||
hlen = SHA256_MAC_LEN;
|
hlen = SHA256_MAC_LEN;
|
||||||
break;
|
break;
|
||||||
|
#ifdef CONFIG_CRYPTO_MBEDTLS
|
||||||
case TLS_HASH_ALG_SHA384:
|
case TLS_HASH_ALG_SHA384:
|
||||||
alg = CRYPTO_HASH_ALG_SHA384;
|
alg = CRYPTO_HASH_ALG_SHA384;
|
||||||
hlen = 48;
|
hlen = 48;
|
||||||
@@ -358,6 +359,7 @@ int tlsv12_key_x_server_params_hash(u16 tls_version, u8 hash_alg,
|
|||||||
alg = CRYPTO_HASH_ALG_SHA512;
|
alg = CRYPTO_HASH_ALG_SHA512;
|
||||||
hlen = 64;
|
hlen = 64;
|
||||||
break;
|
break;
|
||||||
|
#endif
|
||||||
default:
|
default:
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user