kopia lustrzana https://github.com/espressif/esp-idf
wpa_supplicant: Fix crypto related bugs
1. Fix aes_unwrap functionality when hardware acceleration is disabled 2. Fix compilation errors when mbedTLS is disabled. 3. Disable WPA3 when mbedTLS is disabled.pull/7307/head
Kapil Gupta
bot
rodzic
d5845abe62
commit
a7713676b8
|
|
@ -316,6 +316,7 @@ menu "Wi-Fi"
|
|||
config ESP32_WIFI_ENABLE_WPA3_SAE
|
||||
bool "Enable WPA3-Personal"
|
||||
default y
|
||||
depends on WPA_MBEDTLS_CRYPTO
|
||||
help
|
||||
Select this option to allow the device to establish a WPA3-Personal connection with eligible AP's.
|
||||
PMF (Protected Management Frames) is a prerequisite feature for a WPA3 connection, it needs to be
|
||||
|
|
|
|||
|
|
@ -28,6 +28,7 @@
|
|||
#define MSG_INFO ESP_LOG_INFO
|
||||
#define MSG_DEBUG ESP_LOG_DEBUG
|
||||
#define MSG_MSGDUMP ESP_LOG_VERBOSE
|
||||
#define MSG_EXCESSIVE ESP_LOG_VERBOSE
|
||||
|
||||
#else
|
||||
enum { MSG_MSGDUMP, MSG_DEBUG, MSG_INFO, MSG_WARNING, MSG_ERROR };
|
||||
|
|
|
|||
|
|
@ -21,6 +21,7 @@
|
|||
#define USE_MBEDTLS_CRYPTO 1
|
||||
#else
|
||||
#define CONFIG_TLS_INTERNAL_CLIENT
|
||||
#define CONFIG_CRYPTO_INTERNAL
|
||||
#define CONFIG_TLSV12
|
||||
#endif
|
||||
|
||||
|
|
|
|||
|
|
@ -281,31 +281,37 @@ int hmac_sha1(const u8 *key, size_t key_len, const u8 *data, size_t data_len,
|
|||
return hmac_sha1_vector(key, key_len, 1, &data, &data_len, mac);
|
||||
}
|
||||
|
||||
void *aes_crypt_init(const u8 *key, size_t len)
|
||||
static void *aes_crypt_init(int mode, const u8 *key, size_t len)
|
||||
{
|
||||
int ret = -1;
|
||||
mbedtls_aes_context *aes = os_malloc(sizeof(*aes));
|
||||
if (!aes) {
|
||||
return NULL;
|
||||
}
|
||||
mbedtls_aes_init(aes);
|
||||
|
||||
if (mbedtls_aes_setkey_enc(aes, key, len * 8) < 0) {
|
||||
if (mode == MBEDTLS_AES_ENCRYPT) {
|
||||
ret = mbedtls_aes_setkey_enc(aes, key, len * 8);
|
||||
} else if (mode == MBEDTLS_AES_DECRYPT){
|
||||
ret = mbedtls_aes_setkey_dec(aes, key, len * 8);
|
||||
}
|
||||
if (ret < 0) {
|
||||
mbedtls_aes_free(aes);
|
||||
os_free(aes);
|
||||
wpa_printf(MSG_ERROR, "%s: mbedtls_aes_setkey_enc failed", __func__);
|
||||
wpa_printf(MSG_ERROR, "%s: mbedtls_aes_setkey_enc/mbedtls_aes_setkey_dec failed", __func__);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
return (void *) aes;
|
||||
}
|
||||
|
||||
int aes_crypt(void *ctx, int mode, const u8 *in, u8 *out)
|
||||
static int aes_crypt(void *ctx, int mode, const u8 *in, u8 *out)
|
||||
{
|
||||
return mbedtls_aes_crypt_ecb((mbedtls_aes_context *)ctx,
|
||||
mode, in, out);
|
||||
}
|
||||
|
||||
void aes_crypt_deinit(void *ctx)
|
||||
static void aes_crypt_deinit(void *ctx)
|
||||
{
|
||||
mbedtls_aes_free((mbedtls_aes_context *)ctx);
|
||||
os_free(ctx);
|
||||
|
|
@ -313,7 +319,7 @@ void aes_crypt_deinit(void *ctx)
|
|||
|
||||
void *aes_encrypt_init(const u8 *key, size_t len)
|
||||
{
|
||||
return aes_crypt_init(key, len);
|
||||
return aes_crypt_init(MBEDTLS_AES_ENCRYPT, key, len);
|
||||
}
|
||||
|
||||
int aes_encrypt(void *ctx, const u8 *plain, u8 *crypt)
|
||||
|
|
@ -328,7 +334,7 @@ void aes_encrypt_deinit(void *ctx)
|
|||
|
||||
void * aes_decrypt_init(const u8 *key, size_t len)
|
||||
{
|
||||
return aes_crypt_init(key, len);
|
||||
return aes_crypt_init(MBEDTLS_AES_DECRYPT, key, len);
|
||||
}
|
||||
|
||||
int aes_decrypt(void *ctx, const u8 *crypt, u8 *plain)
|
||||
|
|
|
|||
|
|
@ -12,7 +12,7 @@
|
|||
#include "bignum.h"
|
||||
|
||||
#ifdef CONFIG_INTERNAL_LIBTOMMATH
|
||||
#include "libtommath.c"
|
||||
#include "libtommath.h"
|
||||
#else /* CONFIG_INTERNAL_LIBTOMMATH */
|
||||
#include <tommath.h>
|
||||
#endif /* CONFIG_INTERNAL_LIBTOMMATH */
|
||||
|
|
|
|||
|
|
@ -1,17 +1,18 @@
|
|||
/*
|
||||
* RSA
|
||||
* Copyright (c) 2006, Jouni Malinen <j@w1.fi>
|
||||
* Copyright (c) 2006-2014, Jouni Malinen <j@w1.fi>
|
||||
*
|
||||
* This software may be distributed under the terms of the BSD license.
|
||||
* See README for more details.
|
||||
*/
|
||||
|
||||
#include "utils/includes.h"
|
||||
#include "includes.h"
|
||||
|
||||
#include "common.h"
|
||||
#include "asn1.h"
|
||||
#include "bignum.h"
|
||||
#include "rsa.h"
|
||||
|
||||
#include "utils/common.h"
|
||||
#include "tls/asn1.h"
|
||||
#include "tls/bignum.h"
|
||||
#include "tls/rsa.h"
|
||||
|
||||
struct crypto_rsa_key {
|
||||
int private_key; /* whether private key is set */
|
||||
|
|
@ -64,7 +65,7 @@ crypto_rsa_import_public_key(const u8 *buf, size_t len)
|
|||
struct asn1_hdr hdr;
|
||||
const u8 *pos, *end;
|
||||
|
||||
key = (struct crypto_rsa_key *)os_zalloc(sizeof(*key));
|
||||
key = os_zalloc(sizeof(*key));
|
||||
if (key == NULL)
|
||||
return NULL;
|
||||
|
||||
|
|
@ -115,6 +116,29 @@ error:
|
|||
}
|
||||
|
||||
|
||||
struct crypto_rsa_key *
|
||||
crypto_rsa_import_public_key_parts(const u8 *n, size_t n_len,
|
||||
const u8 *e, size_t e_len)
|
||||
{
|
||||
struct crypto_rsa_key *key;
|
||||
|
||||
key = os_zalloc(sizeof(*key));
|
||||
if (key == NULL)
|
||||
return NULL;
|
||||
|
||||
key->n = bignum_init();
|
||||
key->e = bignum_init();
|
||||
if (key->n == NULL || key->e == NULL ||
|
||||
bignum_set_unsigned_bin(key->n, n, n_len) < 0 ||
|
||||
bignum_set_unsigned_bin(key->e, e, e_len) < 0) {
|
||||
crypto_rsa_free(key);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
return key;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* crypto_rsa_import_private_key - Import an RSA private key
|
||||
* @buf: Key buffer (DER encoded RSA private key)
|
||||
|
|
@ -129,7 +153,7 @@ crypto_rsa_import_private_key(const u8 *buf, size_t len)
|
|||
struct asn1_hdr hdr;
|
||||
const u8 *pos, *end;
|
||||
|
||||
key = (struct crypto_rsa_key *)os_zalloc(sizeof(*key));
|
||||
key = os_zalloc(sizeof(*key));
|
||||
if (key == NULL)
|
||||
return NULL;
|
||||
|
||||
|
|
@ -261,7 +285,7 @@ int crypto_rsa_exptmod(const u8 *in, size_t inlen, u8 *out, size_t *outlen,
|
|||
|
||||
if (use_private) {
|
||||
/*
|
||||
* Decrypt (or sign) using Chinese remainer theorem to speed
|
||||
* Decrypt (or sign) using Chinese remainder theorem to speed
|
||||
* up calculation. This is equivalent to tmp = tmp^d mod n
|
||||
* (which would require more CPU to calculate directly).
|
||||
*
|
||||
|
|
@ -321,7 +345,6 @@ int crypto_rsa_exptmod(const u8 *in, size_t inlen, u8 *out, size_t *outlen,
|
|||
ret = 0;
|
||||
|
||||
error:
|
||||
|
||||
bignum_deinit(tmp);
|
||||
bignum_deinit(a);
|
||||
bignum_deinit(b);
|
||||
|
|
|
|||
|
|
@ -14,6 +14,9 @@ struct crypto_rsa_key;
|
|||
struct crypto_rsa_key *
|
||||
crypto_rsa_import_public_key(const u8 *buf, size_t len);
|
||||
struct crypto_rsa_key *
|
||||
crypto_rsa_import_public_key_parts(const u8 *n, size_t n_len,
|
||||
const u8 *e, size_t e_len);
|
||||
struct crypto_rsa_key *
|
||||
crypto_rsa_import_private_key(const u8 *buf, size_t len);
|
||||
size_t crypto_rsa_get_modulus_len(struct crypto_rsa_key *key);
|
||||
int crypto_rsa_exptmod(const u8 *in, size_t inlen, u8 *out, size_t *outlen,
|
||||
|
|
|
|||
|
|
@ -547,3 +547,8 @@ const char * wpa_ssid_txt(const u8 *ssid, size_t ssid_len)
|
|||
printf_encode(ssid_txt, sizeof(ssid_txt), ssid, ssid_len);
|
||||
return ssid_txt;
|
||||
}
|
||||
|
||||
void * __hide_aliasing_typecast(void *foo)
|
||||
{
|
||||
return foo;
|
||||
}
|
||||
|
|
|
|||
Ładowanie…
Reference in New Issue