fix(esp_wifi): Use supplicant's internal SHA1 if not available from IDF

2025-07-30 18:57:19 +02:00 · 2025-04-15 13:01:30 +05:30
parent 5bd3fb9f0c
commit adfec6463d
3 changed files with 16 additions and 3 deletions
--- a/components/wpa_supplicant/CMakeLists.txt
+++ b/components/wpa_supplicant/CMakeLists.txt
@ -114,7 +114,6 @@ endif()

 if(CONFIG_ESP_WIFI_MBEDTLS_CRYPTO)
    set(crypto_src
-    "esp_supplicant/src/crypto/fastpbkdf2.c"
    "esp_supplicant/src/crypto/crypto_mbedtls.c"
    "esp_supplicant/src/crypto/crypto_mbedtls-bignum.c"
    "esp_supplicant/src/crypto/crypto_mbedtls-rsa.c"
@ -127,7 +126,14 @@ if(CONFIG_ESP_WIFI_MBEDTLS_CRYPTO)
    if(NOT CONFIG_MBEDTLS_DES_C)
        set(crypto_src ${crypto_src} "src/crypto/des-internal.c")
    endif()
-    if(NOT CONFIG_MBEDTLS_SHA1_C)
+    if(NOT CONFIG_MBEDTLS_SHA1_C AND NOT CONFIG_MBEDTLS_HARDWARE_SHA)
+        set(crypto_src ${crypto_src} "src/crypto/sha1-pbkdf2.c"
+                       ${crypto_src} "src/crypto/sha1.c"
+                       ${crypto_src} "src/crypto/sha1-internal.c")
+    else()
+        set(crypto_src ${crypto_src} "esp_supplicant/src/crypto/fastpbkdf2.c")
+    endif()
+    if(NOT CONFIG_MBEDTLS_SHA1_C AND CONFIG_MBEDTLS_HARDWARE_SHA)
        set(crypto_src ${crypto_src} "src/crypto/sha1.c")
    endif()
    # Enabling this only for WiFi is probably not a good idea since MbedTLS
@ -317,7 +323,8 @@ if(NOT CONFIG_ESP_WIFI_MBEDTLS_TLS_CLIENT)
 endif()
 if(CONFIG_ESP_WIFI_MBEDTLS_CRYPTO)
    target_compile_definitions(${COMPONENT_LIB} PRIVATE CONFIG_CRYPTO_MBEDTLS)
-else()
+endif()
+if(NOT CONFIG_MBEDTLS_SHA1_C AND NOT CONFIG_MBEDTLS_HARDWARE_SHA)
    target_compile_definitions(${COMPONENT_LIB} PRIVATE CONFIG_CRYPTO_INTERNAL)
 endif()
 if(CONFIG_ESP_WIFI_WPS_SOFTAP_REGISTRAR)
--- a/components/wpa_supplicant/esp_supplicant/src/crypto/crypto_mbedtls.c
+++ b/components/wpa_supplicant/esp_supplicant/src/crypto/crypto_mbedtls.c
@ -105,6 +105,7 @@ int sha512_vector(size_t num_elem, const u8 *addr[], const size_t *len,
    return digest_vector(MBEDTLS_MD_SHA512, num_elem, addr, len, mac);
 }

+#if CONFIG_MBEDTLS_SHA1_C || CONFIG_MBEDTLS_HARDWARE_SHA
 int sha1_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac)
 {
 #if defined(MBEDTLS_SHA1_C)
@ -130,6 +131,7 @@ exit:
    return -ENOTSUP;
 #endif
 }
+#endif

 int md5_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac)
 {
@ -773,6 +775,7 @@ cleanup:
    return ret;
 }

+#if defined(CONFIG_MBEDTLS_SHA1_C) || defined(CONFIG_MBEDTLS_HARDWARE_SHA)
 int pbkdf2_sha1(const char *passphrase, const u8 *ssid, size_t ssid_len,
                int iterations, u8 *buf, size_t buflen)
 {
@ -800,6 +803,7 @@ cleanup:
    return ret;
 #endif
 }
+#endif /* defined(CONFIG_MBEDTLS_SHA1_C) || defined(CONFIG_MBEDTLS_HARDWARE_SHA) */

 #ifdef MBEDTLS_DES_C
 int des_encrypt(const u8 *clear, const u8 *key, u8 *cypher)
--- a/components/wpa_supplicant/test_apps/main/test_fast_pbkdf2.c
+++ b/components/wpa_supplicant/test_apps/main/test_fast_pbkdf2.c
@ -22,6 +22,7 @@ void fastpbkdf2_hmac_sha1(const uint8_t *pw, size_t npw,

 int64_t esp_timer_get_time(void);

+#if defined(CONFIG_MBEDTLS_SHA1_C) || defined(CONFIG_MBEDTLS_HARDWARE_SHA)
 TEST_CASE("Test pbkdf2", "[crypto-pbkdf2]")
 {
    set_leak_threshold(130);
@ -105,3 +106,4 @@ TEST_CASE("Test pbkdf2", "[crypto-pbkdf2]")
    ESP_LOGI("Timing", "Average time for fast_pbkdf2_sha1: %lld microseconds", avg_time_fast);
    ESP_LOGI("Timing", "Average time for mbedtls_pkcs5_pbkdf2_hmac_ext: %lld microseconds", avg_time_mbedtls);
 }
+#endif