espressif/esp-idf
1
0
Fork 1
mirror of https://github.com/espressif/esp-idf.git synced 2025-11-02 16:11:41 +01:00
Code Issues Packages Projects Releases Wiki Activity

mbedtls-3.0: Fixed ESP32 build issues

Browse Source 
- Added MBEDLTS_PRIVATE(...) wherever necessary
- For functions like mbedtls_pk_parse_key(...), it is necessary to pass the RNG function
  pointers as parameter. Solved for dependent components: wpa_supplicant & openSSL
- For libcoap, the SSLv2 ClientHello handshake method has been deprecated, need to handle this.
  Currently, corresponding snippet has been commented.
- Examples tested: hello-world | https_request | wifi_prov_mgr

mbedtls-3.0: Fixed ESP32-C3 & ESP32-S3 build issues
- Removed MBEDTLS_DEPRECATED_REMOVED macro from sha1 port
- DS peripheral: esp_ds_rsa_sign -> removed unsused 'mode' argument
- Added MBEDTLS_PRIVATE(...) wherever required

mbedtls-3.0: Fixed ESP32-S2 build issues
- Fixed outdated function prototypes and usage in mbedlts/port/aes/esp_aes_gcm.c due to changes in GCM module

mbedtls-3.0: Fixed ESP32-H2 build issues

ci: Fixing build stage
- Added MBEDTLS_PRIVATE(...) wherever required
- Added RNG function parameter
- Updated GCM Module changes
- Updated Copyright notices

- Tests:
- build_esp_idf_tests_cmake_esp32
- build_esp_idf_tests_cmake_esp32s2
- build_esp_idf_tests_cmake_esp32c3
- build_esp_idf_tests_cmake_esp32s3

ci: Fixing build stage (mbedtls-related changes)
- Added MBEDTLS_PRIVATE(...) wherever required
- Updated SHAXXX functions
- Updated esp_config according to mbedtls changes

- Tests:
- build_examples_cmake_esp32
- build_examples_cmake_esp32s2
- build_examples_cmake_esp32c3
- build_examples_cmake_esp32s3

ci: Fixing build stage (example-related changes)
- Added MBEDTLS_PRIVATE(...) wherever required
- Updated SHAXXX functions
- Updated esp_config according to mbedtls changes

- Tests:
- build_examples_cmake_esp32
- build_examples_cmake_esp32s2
- build_examples_cmake_esp32c3
- build_examples_cmake_esp32s3

ci: Fixing target_test stage
- Updated test SSL version to TLS_v1_2

- Tests:
- example_test_protocols 1/2

ci: Fixing build stage
- Added checks for MBEDTLS_DHM_C (disabled by default)
- Updated esp_cryptoauthlib submodule
- Updated factory partition size for legacy BLE provisioning example

- Tests:
- build_examples_cmake_esp32
- build_examples_cmake_esp32s2
- build_examples_cmake_esp32c3
- build_examples_cmake_esp32s3

Co-authored-by: Laukik Hase <laukik.hase@espressif.com>
This commit is contained in:
Aditya Patwardhan
2021-08-09 15:28:36 +05:30
parent 45122533e0
commit 3b71bd7326
44 changed files with 635 additions and 517 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
components/protocomm/src/security/security1.c
View File

@@ -16,7 +16,6 @@
#include <mbedtls/ctr_drbg.h>
#include <mbedtls/ecdh.h>
#include <mbedtls/error.h>
#include <mbedtls/ssl_internal.h>
#include <mbedtls/constant_time.h>
#include <mbedtls/library/ssl_misc.h>
@@ -215,14 +214,14 @@ static esp_err_t handle_session_command0(session_t *cur_session,
goto exit_cmd0;
}
mbed_err = mbedtls_ecp_group_load(&ctx_server->grp, MBEDTLS_ECP_DP_CURVE25519);
mbed_err = mbedtls_ecp_group_load(&ctx_server->MBEDTLS_PRIVATE(grp), MBEDTLS_ECP_DP_CURVE25519);
if (mbed_err != 0) {
ESP_LOGE(TAG, "Failed at mbedtls_ecp_group_load with error code : -0x%x", -mbed_err);
ret = ESP_FAIL;
goto exit_cmd0;
}
mbed_err = mbedtls_ecdh_gen_public(&ctx_server->grp, &ctx_server->d, &ctx_server->Q,
mbed_err = mbedtls_ecdh_gen_public(&ctx_server->MBEDTLS_PRIVATE(grp), &ctx_server->MBEDTLS_PRIVATE(d), &ctx_server->MBEDTLS_PRIVATE(Q),
mbedtls_ctr_drbg_random, ctr_drbg);
if (mbed_err != 0) {
ESP_LOGE(TAG, "Failed at mbedtls_ecdh_gen_public with error code : -0x%x", -mbed_err);
@@ -230,7 +229,7 @@ static esp_err_t handle_session_command0(session_t *cur_session,
goto exit_cmd0;
}
mbed_err = mbedtls_mpi_write_binary(&ctx_server->Q.X,
mbed_err = mbedtls_mpi_write_binary(&ctx_server->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(X),
cur_session->device_pubkey,
PUBLIC_KEY_LEN);
if (mbed_err != 0) {
@@ -247,7 +246,7 @@ static esp_err_t handle_session_command0(session_t *cur_session,
hexdump("Device pubkey", dev_pubkey, PUBLIC_KEY_LEN);
hexdump("Client pubkey", cli_pubkey, PUBLIC_KEY_LEN);
mbed_err = mbedtls_mpi_lset(&ctx_server->Qp.Z, 1);
mbed_err = mbedtls_mpi_lset(&ctx_server->MBEDTLS_PRIVATE(Qp).MBEDTLS_PRIVATE(Z), 1);
if (mbed_err != 0) {
ESP_LOGE(TAG, "Failed at mbedtls_mpi_lset with error code : -0x%x", -mbed_err);
ret = ESP_FAIL;
@@ -255,7 +254,7 @@ static esp_err_t handle_session_command0(session_t *cur_session,
}
flip_endian(cur_session->client_pubkey, PUBLIC_KEY_LEN);
mbed_err = mbedtls_mpi_read_binary(&ctx_server->Qp.X, cli_pubkey, PUBLIC_KEY_LEN);
mbed_err = mbedtls_mpi_read_binary(&ctx_server->MBEDTLS_PRIVATE(Qp).MBEDTLS_PRIVATE(X), cli_pubkey, PUBLIC_KEY_LEN);
flip_endian(cur_session->client_pubkey, PUBLIC_KEY_LEN);
if (mbed_err != 0) {
ESP_LOGE(TAG, "Failed at mbedtls_mpi_read_binary with error code : -0x%x", -mbed_err);
@@ -263,15 +262,15 @@ static esp_err_t handle_session_command0(session_t *cur_session,
goto exit_cmd0;
}
mbed_err = mbedtls_ecdh_compute_shared(&ctx_server->grp, &ctx_server->z, &ctx_server->Qp,
&ctx_server->d, mbedtls_ctr_drbg_random, ctr_drbg);
mbed_err = mbedtls_ecdh_compute_shared(&ctx_server->MBEDTLS_PRIVATE(grp), &ctx_server->MBEDTLS_PRIVATE(z), &ctx_server->MBEDTLS_PRIVATE(Qp),
&ctx_server->MBEDTLS_PRIVATE(d), mbedtls_ctr_drbg_random, ctr_drbg);
if (mbed_err != 0) {
ESP_LOGE(TAG, "Failed at mbedtls_ecdh_compute_shared with error code : -0x%x", -mbed_err);
ret = ESP_FAIL;
goto exit_cmd0;
}
mbed_err = mbedtls_mpi_write_binary(&ctx_server->z, cur_session->sym_key, PUBLIC_KEY_LEN);
mbed_err = mbedtls_mpi_write_binary(&ctx_server->MBEDTLS_PRIVATE(z), cur_session->sym_key, PUBLIC_KEY_LEN);
if (mbed_err != 0) {
ESP_LOGE(TAG, "Failed at mbedtls_mpi_write_binary with error code : -0x%x", -mbed_err);
ret = ESP_FAIL;
@@ -283,7 +282,7 @@ static esp_err_t handle_session_command0(session_t *cur_session,
ESP_LOGD(TAG, "Adding proof of possession");
uint8_t sha_out[PUBLIC_KEY_LEN];
mbed_err = mbedtls_sha256_ret((const unsigned char *) pop->data, pop->len, sha_out, 0);
mbed_err = mbedtls_sha256((const unsigned char *) pop->data, pop->len, sha_out, 0);
if (mbed_err != 0) {
ESP_LOGE(TAG, "Failed at mbedtls_sha256_ret with error code : -0x%x", -mbed_err);
ret = ESP_FAIL;

46
components/protocomm/test/test_protocomm.c
View File

@@ -1,16 +1,8 @@
// Copyright 2018 Espressif Systems (Shanghai) PTE LTD
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
/*
* SPDX-FileCopyrightText: 2018-2021 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
#include <stdlib.h>
#include <string.h>
@@ -155,24 +147,24 @@ static esp_err_t verify_response0(session_t *session, SessionData *resp)
hexdump("Device pubkey", dev_pubkey, PUBLIC_KEY_LEN);
hexdump("Client pubkey", cli_pubkey, PUBLIC_KEY_LEN);
ret = mbedtls_mpi_lset(&session->ctx_client.Qp.Z, 1);
ret = mbedtls_mpi_lset(&session->ctx_client.MBEDTLS_PRIVATE(Qp).MBEDTLS_PRIVATE(Z), 1);
if (ret != 0) {
ESP_LOGE(TAG, "Failed at mbedtls_mpi_lset with error code : %d", ret);
return ESP_FAIL;
}
flip_endian(session->device_pubkey, PUBLIC_KEY_LEN);
ret = mbedtls_mpi_read_binary(&session->ctx_client.Qp.X, dev_pubkey, PUBLIC_KEY_LEN);
ret = mbedtls_mpi_read_binary(&session->ctx_client.MBEDTLS_PRIVATE(Qp).MBEDTLS_PRIVATE(X), dev_pubkey, PUBLIC_KEY_LEN);
flip_endian(session->device_pubkey, PUBLIC_KEY_LEN);
if (ret != 0) {
ESP_LOGE(TAG, "Failed at mbedtls_mpi_read_binary with error code : %d", ret);
return ESP_FAIL;
}
ret = mbedtls_ecdh_compute_shared(&session->ctx_client.grp,
&session->ctx_client.z,
&session->ctx_client.Qp,
&session->ctx_client.d,
ret = mbedtls_ecdh_compute_shared(&session->ctx_client.MBEDTLS_PRIVATE(grp),
&session->ctx_client.MBEDTLS_PRIVATE(z),
&session->ctx_client.MBEDTLS_PRIVATE(Qp),
&session->ctx_client.MBEDTLS_PRIVATE(d),
mbedtls_ctr_drbg_random,
&session->ctr_drbg);
if (ret != 0) {
@@ -180,7 +172,7 @@ static esp_err_t verify_response0(session_t *session, SessionData *resp)
return ESP_FAIL;
}
ret = mbedtls_mpi_write_binary(&session->ctx_client.z, session->sym_key, PUBLIC_KEY_LEN);
ret = mbedtls_mpi_write_binary(&session->ctx_client.MBEDTLS_PRIVATE(z), session->sym_key, PUBLIC_KEY_LEN);
if (ret != 0) {
ESP_LOGE(TAG, "Failed at mbedtls_mpi_write_binary with error code : %d", ret);
return ESP_FAIL;
@@ -192,7 +184,7 @@ static esp_err_t verify_response0(session_t *session, SessionData *resp)
ESP_LOGD(TAG, "Adding proof of possession");
uint8_t sha_out[PUBLIC_KEY_LEN];
ret = mbedtls_sha256_ret((const unsigned char *) pop->data, pop->len, sha_out, 0);
ret = mbedtls_sha256((const unsigned char *) pop->data, pop->len, sha_out, 0);
if (ret != 0) {
ESP_LOGE(TAG, "Failed at mbedtls_sha256_ret with error code : %d", ret);
return ESP_FAIL;
@@ -381,15 +373,15 @@ static esp_err_t test_sec_endpoint(session_t *session)
goto abort_test_sec_endpoint;
}
ret = mbedtls_ecp_group_load(&session->ctx_client.grp, MBEDTLS_ECP_DP_CURVE25519);
ret = mbedtls_ecp_group_load(&session->ctx_client.MBEDTLS_PRIVATE(grp), MBEDTLS_ECP_DP_CURVE25519);
if (ret != 0) {
ESP_LOGE(TAG, "Failed at mbedtls_ecp_group_load with error code : %d", ret);
goto abort_test_sec_endpoint;
}
ret = mbedtls_ecdh_gen_public(&session->ctx_client.grp,
&session->ctx_client.d,
&session->ctx_client.Q,
ret = mbedtls_ecdh_gen_public(&session->ctx_client.MBEDTLS_PRIVATE(grp),
&session->ctx_client.MBEDTLS_PRIVATE(d),
&session->ctx_client.MBEDTLS_PRIVATE(Q),
mbedtls_ctr_drbg_random,
&session->ctr_drbg);
if (ret != 0) {
@@ -399,7 +391,7 @@ static esp_err_t test_sec_endpoint(session_t *session)
if (session->weak) {
/* Read zero client public key */
ret = mbedtls_mpi_read_binary(&session->ctx_client.Q.X,
ret = mbedtls_mpi_read_binary(&session->ctx_client.MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(X),
session->client_pubkey,
PUBLIC_KEY_LEN);
if (ret != 0) {
@@ -407,7 +399,7 @@ static esp_err_t test_sec_endpoint(session_t *session)
goto abort_test_sec_endpoint;
}
}
ret = mbedtls_mpi_write_binary(&session->ctx_client.Q.X,
ret = mbedtls_mpi_write_binary(&session->ctx_client.MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(X),
session->client_pubkey,
PUBLIC_KEY_LEN);
if (ret != 0) {