From adfec6463d30d4784767f6fd864ff30ad3222bec Mon Sep 17 00:00:00 2001 From: Kapil Gupta Date: Tue, 15 Apr 2025 13:01:30 +0530 Subject: [PATCH] fix(esp_wifi): Use supplicant's internal SHA1 if not available from IDF --- components/wpa_supplicant/CMakeLists.txt | 13 ++++++++++--- .../esp_supplicant/src/crypto/crypto_mbedtls.c | 4 ++++ .../test_apps/main/test_fast_pbkdf2.c | 2 ++ 3 files changed, 16 insertions(+), 3 deletions(-) diff --git a/components/wpa_supplicant/CMakeLists.txt b/components/wpa_supplicant/CMakeLists.txt index 2de8fd2eaf..c3b67f3f93 100644 --- a/components/wpa_supplicant/CMakeLists.txt +++ b/components/wpa_supplicant/CMakeLists.txt @@ -114,7 +114,6 @@ endif() if(CONFIG_ESP_WIFI_MBEDTLS_CRYPTO) set(crypto_src - "esp_supplicant/src/crypto/fastpbkdf2.c" "esp_supplicant/src/crypto/crypto_mbedtls.c" "esp_supplicant/src/crypto/crypto_mbedtls-bignum.c" "esp_supplicant/src/crypto/crypto_mbedtls-rsa.c" @@ -127,7 +126,14 @@ if(CONFIG_ESP_WIFI_MBEDTLS_CRYPTO) if(NOT CONFIG_MBEDTLS_DES_C) set(crypto_src ${crypto_src} "src/crypto/des-internal.c") endif() - if(NOT CONFIG_MBEDTLS_SHA1_C) + if(NOT CONFIG_MBEDTLS_SHA1_C AND NOT CONFIG_MBEDTLS_HARDWARE_SHA) + set(crypto_src ${crypto_src} "src/crypto/sha1-pbkdf2.c" + ${crypto_src} "src/crypto/sha1.c" + ${crypto_src} "src/crypto/sha1-internal.c") + else() + set(crypto_src ${crypto_src} "esp_supplicant/src/crypto/fastpbkdf2.c") + endif() + if(NOT CONFIG_MBEDTLS_SHA1_C AND CONFIG_MBEDTLS_HARDWARE_SHA) set(crypto_src ${crypto_src} "src/crypto/sha1.c") endif() # Enabling this only for WiFi is probably not a good idea since MbedTLS @@ -317,7 +323,8 @@ if(NOT CONFIG_ESP_WIFI_MBEDTLS_TLS_CLIENT) endif() if(CONFIG_ESP_WIFI_MBEDTLS_CRYPTO) target_compile_definitions(${COMPONENT_LIB} PRIVATE CONFIG_CRYPTO_MBEDTLS) -else() +endif() +if(NOT CONFIG_MBEDTLS_SHA1_C AND NOT CONFIG_MBEDTLS_HARDWARE_SHA) target_compile_definitions(${COMPONENT_LIB} PRIVATE CONFIG_CRYPTO_INTERNAL) endif() if(CONFIG_ESP_WIFI_WPS_SOFTAP_REGISTRAR) diff --git a/components/wpa_supplicant/esp_supplicant/src/crypto/crypto_mbedtls.c b/components/wpa_supplicant/esp_supplicant/src/crypto/crypto_mbedtls.c index 028efd7f58..73addce23b 100644 --- a/components/wpa_supplicant/esp_supplicant/src/crypto/crypto_mbedtls.c +++ b/components/wpa_supplicant/esp_supplicant/src/crypto/crypto_mbedtls.c @@ -105,6 +105,7 @@ int sha512_vector(size_t num_elem, const u8 *addr[], const size_t *len, return digest_vector(MBEDTLS_MD_SHA512, num_elem, addr, len, mac); } +#if CONFIG_MBEDTLS_SHA1_C || CONFIG_MBEDTLS_HARDWARE_SHA int sha1_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac) { #if defined(MBEDTLS_SHA1_C) @@ -130,6 +131,7 @@ exit: return -ENOTSUP; #endif } +#endif int md5_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac) { @@ -773,6 +775,7 @@ cleanup: return ret; } +#if defined(CONFIG_MBEDTLS_SHA1_C) || defined(CONFIG_MBEDTLS_HARDWARE_SHA) int pbkdf2_sha1(const char *passphrase, const u8 *ssid, size_t ssid_len, int iterations, u8 *buf, size_t buflen) { @@ -800,6 +803,7 @@ cleanup: return ret; #endif } +#endif /* defined(CONFIG_MBEDTLS_SHA1_C) || defined(CONFIG_MBEDTLS_HARDWARE_SHA) */ #ifdef MBEDTLS_DES_C int des_encrypt(const u8 *clear, const u8 *key, u8 *cypher) diff --git a/components/wpa_supplicant/test_apps/main/test_fast_pbkdf2.c b/components/wpa_supplicant/test_apps/main/test_fast_pbkdf2.c index 14a2f45333..0bedd60ab4 100644 --- a/components/wpa_supplicant/test_apps/main/test_fast_pbkdf2.c +++ b/components/wpa_supplicant/test_apps/main/test_fast_pbkdf2.c @@ -22,6 +22,7 @@ void fastpbkdf2_hmac_sha1(const uint8_t *pw, size_t npw, int64_t esp_timer_get_time(void); +#if defined(CONFIG_MBEDTLS_SHA1_C) || defined(CONFIG_MBEDTLS_HARDWARE_SHA) TEST_CASE("Test pbkdf2", "[crypto-pbkdf2]") { set_leak_threshold(130); @@ -105,3 +106,4 @@ TEST_CASE("Test pbkdf2", "[crypto-pbkdf2]") ESP_LOGI("Timing", "Average time for fast_pbkdf2_sha1: %lld microseconds", avg_time_fast); ESP_LOGI("Timing", "Average time for mbedtls_pkcs5_pbkdf2_hmac_ext: %lld microseconds", avg_time_mbedtls); } +#endif