alex/esp-idf
1
0
Fork 0
mirror of https://github.com/espressif/esp-idf.git synced 2025-08-08 04:02:27 +00:00
Code Issues Packages Projects Releases Wiki Activity

mbedtls-3.0: Fixed ESP32 build issues

Browse Source 
- Added MBEDLTS_PRIVATE(...) wherever necessary
- For functions like mbedtls_pk_parse_key(...), it is necessary to pass the RNG function
  pointers as parameter. Solved for dependent components: wpa_supplicant & openSSL
- For libcoap, the SSLv2 ClientHello handshake method has been deprecated, need to handle this.
  Currently, corresponding snippet has been commented.
- Examples tested: hello-world | https_request | wifi_prov_mgr

mbedtls-3.0: Fixed ESP32-C3 & ESP32-S3 build issues
- Removed MBEDTLS_DEPRECATED_REMOVED macro from sha1 port
- DS peripheral: esp_ds_rsa_sign -> removed unsused 'mode' argument
- Added MBEDTLS_PRIVATE(...) wherever required

mbedtls-3.0: Fixed ESP32-S2 build issues
- Fixed outdated function prototypes and usage in mbedlts/port/aes/esp_aes_gcm.c due to changes in GCM module

mbedtls-3.0: Fixed ESP32-H2 build issues

ci: Fixing build stage
- Added MBEDTLS_PRIVATE(...) wherever required
- Added RNG function parameter
- Updated GCM Module changes
- Updated Copyright notices

- Tests:
- build_esp_idf_tests_cmake_esp32
- build_esp_idf_tests_cmake_esp32s2
- build_esp_idf_tests_cmake_esp32c3
- build_esp_idf_tests_cmake_esp32s3

ci: Fixing build stage (mbedtls-related changes)
- Added MBEDTLS_PRIVATE(...) wherever required
- Updated SHAXXX functions
- Updated esp_config according to mbedtls changes

- Tests:
- build_examples_cmake_esp32
- build_examples_cmake_esp32s2
- build_examples_cmake_esp32c3
- build_examples_cmake_esp32s3

ci: Fixing build stage (example-related changes)
- Added MBEDTLS_PRIVATE(...) wherever required
- Updated SHAXXX functions
- Updated esp_config according to mbedtls changes

- Tests:
- build_examples_cmake_esp32
- build_examples_cmake_esp32s2
- build_examples_cmake_esp32c3
- build_examples_cmake_esp32s3

ci: Fixing target_test stage
- Updated test SSL version to TLS_v1_2

- Tests:
- example_test_protocols 1/2

ci: Fixing build stage
- Added checks for MBEDTLS_DHM_C (disabled by default)
- Updated esp_cryptoauthlib submodule
- Updated factory partition size for legacy BLE provisioning example

- Tests:
- build_examples_cmake_esp32
- build_examples_cmake_esp32s2
- build_examples_cmake_esp32c3
- build_examples_cmake_esp32s3

Co-authored-by: Laukik Hase <laukik.hase@espressif.com>
This commit is contained in:
Aditya Patwardhan
2021-08-09 15:28:36 +05:30
parent 45122533e0
commit 3b71bd7326
44 changed files with 635 additions and 517 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
components/bootloader_support/src/secure_boot_v1/secure_boot_signatures_app.c
View File

@@ -102,8 +102,8 @@ esp_err_t esp_secure_boot_verify_ecdsa_signature_block(const esp_secure_boot_sig
mbedtls_ecdsa_context ecdsa_context;
mbedtls_ecdsa_init(&ecdsa_context);
mbedtls_ecp_group_load(&ecdsa_context.grp, MBEDTLS_ECP_DP_SECP256R1);
size_t plen = mbedtls_mpi_size(&ecdsa_context.grp.P);
mbedtls_ecp_group_load(&ecdsa_context.MBEDTLS_PRIVATE(grp), MBEDTLS_ECP_DP_SECP256R1);
size_t plen = mbedtls_mpi_size(&ecdsa_context.MBEDTLS_PRIVATE(grp).P);
if (keylen != 2 * plen) {
ESP_LOGE(TAG, "Incorrect ECDSA key length %d", keylen);
ret = ESP_FAIL;
@@ -111,11 +111,11 @@ esp_err_t esp_secure_boot_verify_ecdsa_signature_block(const esp_secure_boot_sig
}
/* Extract X and Y components from ECDSA public key */
MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&ecdsa_context.Q.X, signature_verification_key_start, plen));
MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&ecdsa_context.Q.Y, signature_verification_key_start + plen, plen));
MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&ecdsa_context.Q.Z, 1));
MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&ecdsa_context.MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(X), signature_verification_key_start, plen));
MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&ecdsa_context.MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Y), signature_verification_key_start + plen, plen));
MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&ecdsa_context.MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Z), 1));
ret = mbedtls_ecdsa_verify(&ecdsa_context.grp, image_digest, ESP_SECURE_BOOT_DIGEST_LEN, &ecdsa_context.Q, &r, &s);
ret = mbedtls_ecdsa_verify(&ecdsa_context.MBEDTLS_PRIVATE(grp), image_digest, ESP_SECURE_BOOT_DIGEST_LEN, &ecdsa_context.MBEDTLS_PRIVATE(Q), &r, &s);
ESP_LOGD(TAG, "Verification result %d", ret);
cleanup:

15
components/bootloader_support/src/secure_boot_v2/secure_boot_signatures_app.c
View File

@@ -222,13 +222,13 @@ esp_err_t esp_secure_boot_verify_rsa_signature_block(const ets_secure_boot_signa
ESP_LOGI(TAG, "Verifying with RSA-PSS...");
const mbedtls_mpi N = { .s = 1,
.n = sizeof(trusted_block->key.n)/sizeof(mbedtls_mpi_uint),
.p = (void *)trusted_block->key.n,
const mbedtls_mpi N = { .MBEDTLS_PRIVATE(s) = 1,
.MBEDTLS_PRIVATE(n) = sizeof(trusted_block->key.n)/sizeof(mbedtls_mpi_uint),
.MBEDTLS_PRIVATE(p) = (void *)trusted_block->key.n,
};
const mbedtls_mpi e = { .s = 1,
.n = sizeof(trusted_block->key.e)/sizeof(mbedtls_mpi_uint), // 1
.p = (void *)&trusted_block->key.e,
const mbedtls_mpi e = { .MBEDTLS_PRIVATE(s) = 1,
.MBEDTLS_PRIVATE(n) = sizeof(trusted_block->key.e)/sizeof(mbedtls_mpi_uint), // 1
.MBEDTLS_PRIVATE(p) = (void *)&trusted_block->key.e,
};
mbedtls_rsa_init(&pk);
mbedtls_rsa_set_padding(&pk,MBEDTLS_RSA_PKCS_V21, MBEDTLS_MD_SHA256);
@@ -261,8 +261,7 @@ esp_err_t esp_secure_boot_verify_rsa_signature_block(const ets_secure_boot_signa
goto exit_inner;
}
ret = mbedtls_rsa_rsassa_pss_verify( &pk, mbedtls_ctr_drbg_random, &ctr_drbg, MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_SHA256, ESP_SECURE_BOOT_DIGEST_LEN,
image_digest, sig_be);
ret = mbedtls_rsa_rsassa_pss_verify( &pk, MBEDTLS_MD_SHA256, ESP_SECURE_BOOT_DIGEST_LEN, image_digest, sig_be);
if (ret != 0) {
ESP_LOGE(TAG, "Failed mbedtls_rsa_rsassa_pss_verify, err: %d", ret);
} else {

7
components/esp-tls/esp_tls_mbedtls.c
View File

@@ -74,7 +74,7 @@ esp_err_t esp_create_mbedtls_handle(const char *hostname, size_t hostlen, const
assert(tls != NULL);
int ret;
esp_err_t esp_ret = ESP_FAIL;
tls->server_fd.fd = tls->sockfd;
tls->server_fd.MBEDTLS_PRIVATE(fd) = tls->sockfd;
mbedtls_ssl_init(&tls->ssl);
mbedtls_ctr_drbg_init(&tls->ctr_drbg);
mbedtls_ssl_config_init(&tls->conf);
@@ -251,7 +251,7 @@ void esp_mbedtls_conn_delete(esp_tls_t *tls)
esp_mbedtls_cleanup(tls);
if (tls->is_tls) {
mbedtls_net_free(&tls->server_fd);
tls->sockfd = tls->server_fd.fd;
tls->sockfd = tls->server_fd.MBEDTLS_PRIVATE(fd);
}
}
}
@@ -365,7 +365,8 @@ static esp_err_t set_pki_context(esp_tls_t *tls, const esp_tls_pki_t *pki)
#endif
if (pki->privkey_pem_buf != NULL) {
ret = mbedtls_pk_parse_key(pki->pk_key, pki->privkey_pem_buf, pki->privkey_pem_bytes,
pki->privkey_password, pki->privkey_password_len);
pki->privkey_password, pki->privkey_password_len,
mbedtls_ctr_drbg_random, &tls->ctr_drbg);
} else {
return ESP_ERR_INVALID_ARG;
}

2
components/esp_http_server/src/httpd_ws.c
View File

@@ -143,7 +143,7 @@ esp_err_t httpd_ws_respond_server_handshake(httpd_req_t *req, const char *suppor
/* Generate SHA-1 first and then encode to Base64 */
size_t key_len = strlen(server_raw_text);
mbedtls_sha1_ret((uint8_t *)server_raw_text, key_len, server_key_hash);
mbedtls_sha1((uint8_t *)server_raw_text, key_len, server_key_hash);
size_t encoded_len = 0;
mbedtls_base64_encode((uint8_t *)server_key_encoded, sizeof(server_key_encoded), &encoded_len,

2
components/lwip/lwip

Submodule components/lwip/lwip updated: 2195f7416f...2749568fe1

16
components/mbedtls/esp_crt_bundle/esp_crt_bundle.c
View File

@@ -53,28 +53,28 @@ static int esp_crt_check_signature(mbedtls_x509_crt *child, const uint8_t *pub_k
mbedtls_x509_crt_init(&parent);
if ( (ret = mbedtls_pk_parse_public_key(&parent.pk, pub_key_buf, pub_key_len) ) != 0) {
if ( (ret = mbedtls_pk_parse_public_key(&parent.MBEDTLS_PRIVATE(pk), pub_key_buf, pub_key_len) ) != 0) {
ESP_LOGE(TAG, "PK parse failed with error %X", ret);
goto cleanup;
}
// Fast check to avoid expensive computations when not necessary
if (!mbedtls_pk_can_do(&parent.pk, child->sig_pk)) {
if (!mbedtls_pk_can_do(&parent.MBEDTLS_PRIVATE(pk), child->MBEDTLS_PRIVATE(sig_pk))) {
ESP_LOGE(TAG, "Simple compare failed");
ret = -1;
goto cleanup;
}
md_info = mbedtls_md_info_from_type(child->sig_md);
if ( (ret = mbedtls_md( md_info, child->tbs.p, child->tbs.len, hash )) != 0 ) {
md_info = mbedtls_md_info_from_type(child->MBEDTLS_PRIVATE(sig_md));
if ( (ret = mbedtls_md( md_info, child->MBEDTLS_PRIVATE(tbs).MBEDTLS_PRIVATE(p), child->MBEDTLS_PRIVATE(tbs).MBEDTLS_PRIVATE(len), hash )) != 0 ) {
ESP_LOGE(TAG, "Internal mbedTLS error %X", ret);
goto cleanup;
}
if ( (ret = mbedtls_pk_verify_ext( child->sig_pk, child->sig_opts, &parent.pk,
child->sig_md, hash, mbedtls_md_get_size( md_info ),
child->sig.p, child->sig.len )) != 0 ) {
if ( (ret = mbedtls_pk_verify_ext( child->MBEDTLS_PRIVATE(sig_pk), child->MBEDTLS_PRIVATE(sig_opts), &parent.MBEDTLS_PRIVATE(pk),
child->MBEDTLS_PRIVATE(sig_md), hash, mbedtls_md_get_size( md_info ),
child->MBEDTLS_PRIVATE(sig).MBEDTLS_PRIVATE(p), child->MBEDTLS_PRIVATE(sig).MBEDTLS_PRIVATE(len) )) != 0 ) {
ESP_LOGE(TAG, "PK verify failed with error %X", ret);
goto cleanup;
@@ -125,7 +125,7 @@ int esp_crt_verify_callback(void *buf, mbedtls_x509_crt *crt, int depth, uint32_
name_len = s_crt_bundle.crts[middle][0] << 8 | s_crt_bundle.crts[middle][1];
crt_name = s_crt_bundle.crts[middle] + CRT_HEADER_OFFSET;
int cmp_res = memcmp(child->issuer_raw.p, crt_name, name_len );
int cmp_res = memcmp(child->MBEDTLS_PRIVATE(issuer_raw).MBEDTLS_PRIVATE(p), crt_name, name_len );
if (cmp_res == 0) {
crt_found = true;
break;

2
components/mbedtls/mbedtls

Submodule components/mbedtls/mbedtls updated: 8b0e35f2ad...284d235f28

81
components/mbedtls/port/aes/esp_aes_gcm.c
View File

@@ -336,15 +336,12 @@ void esp_aes_gcm_free( esp_gcm_context *ctx)
int esp_aes_gcm_starts( esp_gcm_context *ctx,
int mode,
const unsigned char *iv,
size_t iv_len,
const unsigned char *aad,
size_t aad_len )
size_t iv_len )
{
/* IV and AD are limited to 2^32 bits, so 2^29 bytes */
/* IV is limited to 2^32 bits, so 2^29 bytes */
/* IV is not allowed to be zero length */
if ( iv_len == 0 ||
( (uint32_t) iv_len ) >> 29 != 0 ||
( (uint32_t) aad_len ) >> 29 != 0 ) {
( (uint32_t) iv_len ) >> 29 != 0 ) {
return ( MBEDTLS_ERR_GCM_BAD_INPUT );
}
@@ -358,19 +355,12 @@ int esp_aes_gcm_starts( esp_gcm_context *ctx,
return -1;
}
if ( (aad_len > 0) && !aad) {
ESP_LOGE(TAG, "No aad supplied");
return -1;
}
/* Initialize AES-GCM context */
memset(ctx->ghash, 0, sizeof(ctx->ghash));
ctx->data_len = 0;
ctx->iv = iv;
ctx->iv_len = iv_len;
ctx->aad = aad;
ctx->aad_len = aad_len;
ctx->mode = mode;
/* H and the lookup table are only generated once per ctx */
@@ -389,6 +379,40 @@ int esp_aes_gcm_starts( esp_gcm_context *ctx,
ctx->gcm_state = ESP_AES_GCM_STATE_START;
return ( 0 );
}
int esp_aes_gcm_update_ad( esp_gcm_context *ctx,
const unsigned char *aad,
size_t aad_len )
{
/* AD are limited to 2^32 bits, so 2^29 bytes */
if ( ( (uint32_t) aad_len ) >> 29 != 0 ) {
return ( MBEDTLS_ERR_GCM_BAD_INPUT );
}
if (!ctx) {
ESP_LOGE(TAG, "No AES context supplied");
return -1;
}
if ( (aad_len > 0) && !aad) {
ESP_LOGE(TAG, "No aad supplied");
return -1;
}
/* Initialize AES-GCM context */
memset(ctx->ghash, 0, sizeof(ctx->ghash));
ctx->data_len = 0;
ctx->aad = aad;
ctx->aad_len = aad_len;
if (ctx->gcm_state != ESP_AES_GCM_STATE_START) {
ESP_LOGE(TAG, "AES context in invalid state!");
return -1;
}
/* Once H is obtained we need to derive J0 (Initial Counter Block) */
esp_gcm_derive_J0(ctx);
@@ -405,9 +429,9 @@ int esp_aes_gcm_starts( esp_gcm_context *ctx,
/* Perform AES-GCM operation */
int esp_aes_gcm_update( esp_gcm_context *ctx,
size_t length,
const unsigned char *input,
unsigned char *output )
const unsigned char *input, size_t input_length,
unsigned char *output, size_t output_size,
size_t *output_length )
{
size_t nc_off = 0;
uint8_t nonce_counter[AES_BLOCK_BYTES] = {0};
@@ -426,7 +450,7 @@ int esp_aes_gcm_update( esp_gcm_context *ctx,
return -1;
}
if ( output > input && (size_t) ( output - input ) < length ) {
if ( output > input && (size_t) ( output - input ) < input_length ) {
return ( MBEDTLS_ERR_GCM_BAD_INPUT );
}
/* If this is the first time esp_gcm_update is getting called
@@ -444,21 +468,21 @@ int esp_aes_gcm_update( esp_gcm_context *ctx,
/* Perform intermediate GHASH on "encrypted" data during decryption */
if (ctx->mode == ESP_AES_DECRYPT) {
esp_gcm_ghash(ctx, input, length, ctx->ghash);
esp_gcm_ghash(ctx, input, input_length, ctx->ghash);
}
/* Output = GCTR(J0, Input): Encrypt/Decrypt the input */
esp_aes_crypt_ctr(&ctx->aes_ctx, length, &nc_off, nonce_counter, stream, input, output);
esp_aes_crypt_ctr(&ctx->aes_ctx, input_length, &nc_off, nonce_counter, stream, input, output);
/* ICB gets auto incremented after GCTR operation here so update the context */
memcpy(ctx->J0, nonce_counter, AES_BLOCK_BYTES);
/* Keep updating the length counter for final tag calculation */
ctx->data_len += length;
ctx->data_len += input_length;
/* Perform intermediate GHASH on "encrypted" data during encryption*/
if (ctx->mode == ESP_AES_ENCRYPT) {
esp_gcm_ghash(ctx, output, length, ctx->ghash);
esp_gcm_ghash(ctx, output, input_length, ctx->ghash);
}
return 0;
@@ -466,8 +490,9 @@ int esp_aes_gcm_update( esp_gcm_context *ctx,
/* Function to read the tag value */
int esp_aes_gcm_finish( esp_gcm_context *ctx,
unsigned char *tag,
size_t tag_len )
unsigned char *output, size_t output_size,
size_t *output_length,
unsigned char *tag, size_t tag_len )
{
size_t nc_off = 0;
uint8_t len_block[AES_BLOCK_BYTES] = {0};
@@ -531,15 +556,19 @@ static int esp_aes_gcm_crypt_and_tag_partial_hw( esp_gcm_context *ctx,
{
int ret = 0;
if ( ( ret = esp_aes_gcm_starts( ctx, mode, iv, iv_len, aad, aad_len ) ) != 0 ) {
if ( ( ret = esp_aes_gcm_starts( ctx, mode, iv, iv_len ) ) != 0 ) {
return ( ret );
}
if ( ( ret = esp_aes_gcm_update( ctx, length, input, output ) ) != 0 ) {
if ( ( ret = esp_aes_gcm_update_ad( ctx, aad, aad_len ) ) != 0 ) {
return ( ret );
}
if ( ( ret = esp_aes_gcm_finish( ctx, tag, tag_len ) ) != 0 ) {
if ( ( ret = esp_aes_gcm_update( ctx, input, length, output, 0, NULL ) ) != 0 ) {
return ( ret );
}
if ( ( ret = esp_aes_gcm_finish( ctx, output, 0, NULL, tag, tag_len ) ) != 0 ) {
return ( ret );
}

202
components/mbedtls/port/dynamic/esp_mbedtls_dynamic_impl.c
View File

@@ -44,8 +44,8 @@ static void esp_mbedtls_init_ssl_buf(struct esp_mbedtls_ssl_buf *buf, unsigned i
static void esp_mbedtls_parse_record_header(mbedtls_ssl_context *ssl)
{
ssl->in_msgtype = ssl->in_hdr[0];
ssl->in_msglen = (ssl->in_len[0] << 8) | ssl->in_len[1];
ssl->MBEDTLS_PRIVATE(in_msgtype) = ssl->MBEDTLS_PRIVATE(in_hdr)[0];
ssl->MBEDTLS_PRIVATE(in_msglen) = (ssl->MBEDTLS_PRIVATE(in_len)[0] << 8) | ssl->MBEDTLS_PRIVATE(in_len)[1];
}
static int tx_buffer_len(mbedtls_ssl_context *ssl, int len)
@@ -66,82 +66,82 @@ static int tx_buffer_len(mbedtls_ssl_context *ssl, int len)
static void init_tx_buffer(mbedtls_ssl_context *ssl, unsigned char *buf)
{
/**
* In mbedtls, ssl->out_msg = ssl->out_buf + offset;
* In mbedtls, ssl->MBEDTLS_PRIVATE(out_msg) = ssl->MBEDTLS_PRIVATE(out_buf) + offset;
*/
if (!buf) {
int out_msg_off = (int)ssl->out_msg - (int)ssl->out_buf;
int out_msg_off = (int)ssl->MBEDTLS_PRIVATE(out_msg) - (int)ssl->MBEDTLS_PRIVATE(out_buf);
if (!out_msg_off) {
out_msg_off = MBEDTLS_SSL_HEADER_LEN;
}
ssl->out_buf = NULL;
ssl->out_ctr = NULL;
ssl->out_hdr = NULL;
ssl->out_len = NULL;
ssl->out_iv = NULL;
ssl->out_msg = (unsigned char *)out_msg_off;
ssl->MBEDTLS_PRIVATE(out_buf) = NULL;
ssl->MBEDTLS_PRIVATE(out_ctr) = NULL;
ssl->MBEDTLS_PRIVATE(out_hdr) = NULL;
ssl->MBEDTLS_PRIVATE(out_len) = NULL;
ssl->MBEDTLS_PRIVATE(out_iv) = NULL;
ssl->MBEDTLS_PRIVATE(out_msg) = (unsigned char *)out_msg_off;
} else {
int out_msg_off = (int)ssl->out_msg;
int out_msg_off = (int)ssl->MBEDTLS_PRIVATE(out_msg);
ssl->out_buf = buf;
ssl->out_ctr = ssl->out_buf;
ssl->out_hdr = ssl->out_buf + 8;
ssl->out_len = ssl->out_buf + 11;
ssl->out_iv = ssl->out_buf + MBEDTLS_SSL_HEADER_LEN;
ssl->out_msg = ssl->out_buf + out_msg_off;
ssl->MBEDTLS_PRIVATE(out_buf) = buf;
ssl->MBEDTLS_PRIVATE(out_ctr) = ssl->MBEDTLS_PRIVATE(out_buf);
ssl->MBEDTLS_PRIVATE(out_hdr) = ssl->MBEDTLS_PRIVATE(out_buf) + 8;
ssl->MBEDTLS_PRIVATE(out_len) = ssl->MBEDTLS_PRIVATE(out_buf) + 11;
ssl->MBEDTLS_PRIVATE(out_iv) = ssl->MBEDTLS_PRIVATE(out_buf) + MBEDTLS_SSL_HEADER_LEN;
ssl->MBEDTLS_PRIVATE(out_msg) = ssl->MBEDTLS_PRIVATE(out_buf) + out_msg_off;
ESP_LOGV(TAG, "out msg offset is %d", out_msg_off);
}
ssl->out_msgtype = 0;
ssl->out_msglen = 0;
ssl->out_left = 0;
ssl->MBEDTLS_PRIVATE(out_msgtype) = 0;
ssl->MBEDTLS_PRIVATE(out_msglen) = 0;
ssl->MBEDTLS_PRIVATE(out_left) = 0;
}
static void init_rx_buffer(mbedtls_ssl_context *ssl, unsigned char *buf)
{
/**
* In mbedtls, ssl->in_msg = ssl->in_buf + offset;
* In mbedtls, ssl->MBEDTLS_PRIVATE(in_msg) = ssl->MBEDTLS_PRIVATE(in_buf) + offset;
*/
if (!buf) {
int in_msg_off = (int)ssl->in_msg - (int)ssl->in_buf;
int in_msg_off = (int)ssl->MBEDTLS_PRIVATE(in_msg) - (int)ssl->MBEDTLS_PRIVATE(in_buf);
if (!in_msg_off) {
in_msg_off = MBEDTLS_SSL_HEADER_LEN;
}
ssl->in_buf = NULL;
ssl->in_ctr = NULL;
ssl->in_hdr = NULL;
ssl->in_len = NULL;
ssl->in_iv = NULL;
ssl->in_msg = (unsigned char *)in_msg_off;
ssl->MBEDTLS_PRIVATE(in_buf) = NULL;
ssl->MBEDTLS_PRIVATE(in_ctr) = NULL;
ssl->MBEDTLS_PRIVATE(in_hdr) = NULL;
ssl->MBEDTLS_PRIVATE(in_len) = NULL;
ssl->MBEDTLS_PRIVATE(in_iv) = NULL;
ssl->MBEDTLS_PRIVATE(in_msg) = (unsigned char *)in_msg_off;
} else {
int in_msg_off = (int)ssl->in_msg;
int in_msg_off = (int)ssl->MBEDTLS_PRIVATE(in_msg);
ssl->in_buf = buf;
ssl->in_ctr = ssl->in_buf;
ssl->in_hdr = ssl->in_buf + 8;
ssl->in_len = ssl->in_buf + 11;
ssl->in_iv = ssl->in_buf + MBEDTLS_SSL_HEADER_LEN;
ssl->in_msg = ssl->in_buf + in_msg_off;
ssl->MBEDTLS_PRIVATE(in_buf) = buf;
ssl->MBEDTLS_PRIVATE(in_ctr) = ssl->MBEDTLS_PRIVATE(in_buf);
ssl->MBEDTLS_PRIVATE(in_hdr) = ssl->MBEDTLS_PRIVATE(in_buf) + 8;
ssl->MBEDTLS_PRIVATE(in_len) = ssl->MBEDTLS_PRIVATE(in_buf) + 11;
ssl->MBEDTLS_PRIVATE(in_iv) = ssl->MBEDTLS_PRIVATE(in_buf) + MBEDTLS_SSL_HEADER_LEN;
ssl->MBEDTLS_PRIVATE(in_msg) = ssl->MBEDTLS_PRIVATE(in_buf) + in_msg_off;
ESP_LOGV(TAG, "in msg offset is %d", in_msg_off);
}
ssl->in_msgtype = 0;
ssl->in_msglen = 0;
ssl->in_left = 0;
ssl->MBEDTLS_PRIVATE(in_msgtype) = 0;
ssl->MBEDTLS_PRIVATE(in_msglen) = 0;
ssl->MBEDTLS_PRIVATE(in_left) = 0;
}
static int esp_mbedtls_alloc_tx_buf(mbedtls_ssl_context *ssl, int len)
{
struct esp_mbedtls_ssl_buf *esp_buf;
if (ssl->out_buf) {
esp_mbedtls_free_buf(ssl->out_buf);
ssl->out_buf = NULL;
if (ssl->MBEDTLS_PRIVATE(out_buf)) {
esp_mbedtls_free_buf(ssl->MBEDTLS_PRIVATE(out_buf));
ssl->MBEDTLS_PRIVATE(out_buf) = NULL;
}
esp_buf = mbedtls_calloc(1, SSL_BUF_HEAD_OFFSET_SIZE + len);
@@ -154,11 +154,11 @@ static int esp_mbedtls_alloc_tx_buf(mbedtls_ssl_context *ssl, int len)
esp_mbedtls_init_ssl_buf(esp_buf, len);
/**
* Mark the out_msg offset from ssl->out_buf.
* Mark the out_msg offset from ssl->MBEDTLS_PRIVATE(out_buf).
*
* In mbedtls, ssl->out_msg = ssl->out_buf + offset;
* In mbedtls, ssl->MBEDTLS_PRIVATE(out_msg) = ssl->MBEDTLS_PRIVATE(out_buf) + offset;
*/
ssl->out_msg = (unsigned char *)MBEDTLS_SSL_HEADER_LEN;
ssl->MBEDTLS_PRIVATE(out_msg) = (unsigned char *)MBEDTLS_SSL_HEADER_LEN;
init_tx_buffer(ssl, esp_buf->buf);
@@ -170,14 +170,14 @@ int esp_mbedtls_setup_tx_buffer(mbedtls_ssl_context *ssl)
CHECK_OK(esp_mbedtls_alloc_tx_buf(ssl, TX_IDLE_BUFFER_SIZE));
/* mark the out buffer has no data cached */
esp_mbedtls_set_buf_state(ssl->out_buf, ESP_MBEDTLS_SSL_BUF_NO_CACHED);
esp_mbedtls_set_buf_state(ssl->MBEDTLS_PRIVATE(out_buf), ESP_MBEDTLS_SSL_BUF_NO_CACHED);
return 0;
}
void esp_mbedtls_setup_rx_buffer(mbedtls_ssl_context *ssl)
{
ssl->in_msg = ssl->in_buf = NULL;
ssl->MBEDTLS_PRIVATE(in_msg) = ssl->MBEDTLS_PRIVATE(in_buf) = NULL;
init_rx_buffer(ssl, NULL);
}
@@ -188,7 +188,7 @@ int esp_mbedtls_reset_add_tx_buffer(mbedtls_ssl_context *ssl)
int esp_mbedtls_reset_free_tx_buffer(mbedtls_ssl_context *ssl)
{
esp_mbedtls_free_buf(ssl->out_buf);
esp_mbedtls_free_buf(ssl->MBEDTLS_PRIVATE(out_buf));
init_tx_buffer(ssl, NULL);
CHECK_OK(esp_mbedtls_setup_tx_buffer(ssl));
@@ -200,9 +200,9 @@ int esp_mbedtls_reset_add_rx_buffer(mbedtls_ssl_context *ssl)
{
struct esp_mbedtls_ssl_buf *esp_buf;
if (ssl->in_buf) {
esp_mbedtls_free_buf(ssl->in_buf);
ssl->in_buf = NULL;
if (ssl->MBEDTLS_PRIVATE(in_buf)) {
esp_mbedtls_free_buf(ssl->MBEDTLS_PRIVATE(in_buf));
ssl->MBEDTLS_PRIVATE(in_buf) = NULL;
}
esp_buf = mbedtls_calloc(1, SSL_BUF_HEAD_OFFSET_SIZE + MBEDTLS_SSL_IN_BUFFER_LEN);
@@ -215,11 +215,11 @@ int esp_mbedtls_reset_add_rx_buffer(mbedtls_ssl_context *ssl)
esp_mbedtls_init_ssl_buf(esp_buf, MBEDTLS_SSL_IN_BUFFER_LEN);
/**
* Mark the in_msg offset from ssl->in_buf.
* Mark the in_msg offset from ssl->MBEDTLS_PRIVATE(in_buf).
*
* In mbedtls, ssl->in_msg = ssl->in_buf + offset;
* In mbedtls, ssl->MBEDTLS_PRIVATE(in_msg) = ssl->MBEDTLS_PRIVATE(in_buf) + offset;
*/
ssl->in_msg = (unsigned char *)MBEDTLS_SSL_HEADER_LEN;
ssl->MBEDTLS_PRIVATE(in_msg) = (unsigned char *)MBEDTLS_SSL_HEADER_LEN;
init_rx_buffer(ssl, esp_buf->buf);
@@ -228,7 +228,7 @@ int esp_mbedtls_reset_add_rx_buffer(mbedtls_ssl_context *ssl)
void esp_mbedtls_reset_free_rx_buffer(mbedtls_ssl_context *ssl)
{
esp_mbedtls_free_buf(ssl->in_buf);
esp_mbedtls_free_buf(ssl->MBEDTLS_PRIVATE(in_buf));
init_rx_buffer(ssl, NULL);
}
@@ -241,14 +241,14 @@ int esp_mbedtls_add_tx_buffer(mbedtls_ssl_context *ssl, size_t buffer_len)
ESP_LOGV(TAG, "--> add out");
if (ssl->out_buf) {
if (esp_mbedtls_get_buf_state(ssl->out_buf) == ESP_MBEDTLS_SSL_BUF_CACHED) {
if (ssl->MBEDTLS_PRIVATE(out_buf)) {
if (esp_mbedtls_get_buf_state(ssl->MBEDTLS_PRIVATE(out_buf)) == ESP_MBEDTLS_SSL_BUF_CACHED) {
ESP_LOGV(TAG, "out buffer is not empty");
ret = 0;
goto exit;
} else {
memcpy(cache_buf, ssl->out_buf, CACHE_BUFFER_SIZE);
esp_mbedtls_free_buf(ssl->out_buf);
memcpy(cache_buf, ssl->MBEDTLS_PRIVATE(out_buf), CACHE_BUFFER_SIZE);
esp_mbedtls_free_buf(ssl->MBEDTLS_PRIVATE(out_buf));
init_tx_buffer(ssl, NULL);
cached = 1;
}
@@ -269,11 +269,11 @@ int esp_mbedtls_add_tx_buffer(mbedtls_ssl_context *ssl, size_t buffer_len)
init_tx_buffer(ssl, esp_buf->buf);
if (cached) {
memcpy(ssl->out_ctr, cache_buf, COUNTER_SIZE);
memcpy(ssl->out_iv, cache_buf + COUNTER_SIZE, CACHE_IV_SIZE);
memcpy(ssl->MBEDTLS_PRIVATE(out_ctr), cache_buf, COUNTER_SIZE);
memcpy(ssl->MBEDTLS_PRIVATE(out_iv), cache_buf + COUNTER_SIZE, CACHE_IV_SIZE);
}
ESP_LOGV(TAG, "ssl->out_buf=%p ssl->out_msg=%p", ssl->out_buf, ssl->out_msg);
ESP_LOGV(TAG, "ssl->MBEDTLS_PRIVATE(out_buf)=%p ssl->MBEDTLS_PRIVATE(out_msg)=%p", ssl->MBEDTLS_PRIVATE(out_buf), ssl->MBEDTLS_PRIVATE(out_msg));
exit:
ESP_LOGV(TAG, "<-- add out");
@@ -290,15 +290,15 @@ int esp_mbedtls_free_tx_buffer(mbedtls_ssl_context *ssl)
ESP_LOGV(TAG, "--> free out");
if (!ssl->out_buf || (ssl->out_buf && (esp_mbedtls_get_buf_state(ssl->out_buf) == ESP_MBEDTLS_SSL_BUF_NO_CACHED))) {
if (!ssl->MBEDTLS_PRIVATE(out_buf) || (ssl->MBEDTLS_PRIVATE(out_buf) && (esp_mbedtls_get_buf_state(ssl->MBEDTLS_PRIVATE(out_buf)) == ESP_MBEDTLS_SSL_BUF_NO_CACHED))) {
ret = 0;
goto exit;
}
memcpy(buf, ssl->out_ctr, COUNTER_SIZE);
memcpy(buf + COUNTER_SIZE, ssl->out_iv, CACHE_IV_SIZE);
memcpy(buf, ssl->MBEDTLS_PRIVATE(out_ctr), COUNTER_SIZE);
memcpy(buf + COUNTER_SIZE, ssl->MBEDTLS_PRIVATE(out_iv), CACHE_IV_SIZE);
esp_mbedtls_free_buf(ssl->out_buf);
esp_mbedtls_free_buf(ssl->MBEDTLS_PRIVATE(out_buf));
init_tx_buffer(ssl, NULL);
esp_buf = mbedtls_calloc(1, SSL_BUF_HEAD_OFFSET_SIZE + TX_IDLE_BUFFER_SIZE);
@@ -310,7 +310,7 @@ int esp_mbedtls_free_tx_buffer(mbedtls_ssl_context *ssl)
esp_mbedtls_init_ssl_buf(esp_buf, TX_IDLE_BUFFER_SIZE);
memcpy(esp_buf->buf, buf, CACHE_BUFFER_SIZE);
init_tx_buffer(ssl, esp_buf->buf);
esp_mbedtls_set_buf_state(ssl->out_buf, ESP_MBEDTLS_SSL_BUF_NO_CACHED);
esp_mbedtls_set_buf_state(ssl->MBEDTLS_PRIVATE(out_buf), ESP_MBEDTLS_SSL_BUF_NO_CACHED);
exit:
ESP_LOGV(TAG, "<-- free out");
@@ -329,8 +329,8 @@ int esp_mbedtls_add_rx_buffer(mbedtls_ssl_context *ssl)
ESP_LOGV(TAG, "--> add rx");
if (ssl->in_buf) {
if (esp_mbedtls_get_buf_state(ssl->in_buf) == ESP_MBEDTLS_SSL_BUF_CACHED) {
if (ssl->MBEDTLS_PRIVATE(in_buf)) {
if (esp_mbedtls_get_buf_state(ssl->MBEDTLS_PRIVATE(in_buf)) == ESP_MBEDTLS_SSL_BUF_CACHED) {
ESP_LOGV(TAG, "in buffer is not empty");
ret = 0;
goto exit;
@@ -339,8 +339,8 @@ int esp_mbedtls_add_rx_buffer(mbedtls_ssl_context *ssl)
}
}
ssl->in_hdr = msg_head;
ssl->in_len = msg_head + 3;
ssl->MBEDTLS_PRIVATE(in_hdr) = msg_head;
ssl->MBEDTLS_PRIVATE(in_len) = msg_head + 3;
if ((ret = mbedtls_ssl_fetch_input(ssl, mbedtls_ssl_in_hdr_len(ssl))) != 0) {
if (ret == MBEDTLS_ERR_SSL_TIMEOUT) {
@@ -356,16 +356,16 @@ int esp_mbedtls_add_rx_buffer(mbedtls_ssl_context *ssl)
esp_mbedtls_parse_record_header(ssl);
in_left = ssl->in_left;
in_msglen = ssl->in_msglen;
in_left = ssl->MBEDTLS_PRIVATE(in_left);
in_msglen = ssl->MBEDTLS_PRIVATE(in_msglen);
buffer_len = tx_buffer_len(ssl, in_msglen);
ESP_LOGV(TAG, "message length is %d RX buffer length should be %d left is %d",
(int)in_msglen, (int)buffer_len, (int)ssl->in_left);
(int)in_msglen, (int)buffer_len, (int)ssl->MBEDTLS_PRIVATE(in_left));
if (cached) {
memcpy(cache_buf, ssl->in_buf, 16);
esp_mbedtls_free_buf(ssl->in_buf);
memcpy(cache_buf, ssl->MBEDTLS_PRIVATE(in_buf), 16);
esp_mbedtls_free_buf(ssl->MBEDTLS_PRIVATE(in_buf));
init_rx_buffer(ssl, NULL);
}
@@ -382,13 +382,13 @@ int esp_mbedtls_add_rx_buffer(mbedtls_ssl_context *ssl)
init_rx_buffer(ssl, esp_buf->buf);
if (cached) {
memcpy(ssl->in_ctr, cache_buf, 8);
memcpy(ssl->in_iv, cache_buf + 8, 8);
memcpy(ssl->MBEDTLS_PRIVATE(in_ctr), cache_buf, 8);
memcpy(ssl->MBEDTLS_PRIVATE(in_iv), cache_buf + 8, 8);
}
memcpy(ssl->in_hdr, msg_head, in_left);
ssl->in_left = in_left;
ssl->in_msglen = 0;
memcpy(ssl->MBEDTLS_PRIVATE(in_hdr), msg_head, in_left);
ssl->MBEDTLS_PRIVATE(in_left) = in_left;
ssl->MBEDTLS_PRIVATE(in_msglen) = 0;
exit:
ESP_LOGV(TAG, "<-- add rx");
@@ -407,23 +407,23 @@ int esp_mbedtls_free_rx_buffer(mbedtls_ssl_context *ssl)
/**
* When have read multi messages once, can't free the input buffer directly.
*/
if (!ssl->in_buf || (ssl->in_hslen && (ssl->in_hslen < ssl->in_msglen)) ||
(ssl->in_buf && (esp_mbedtls_get_buf_state(ssl->in_buf) == ESP_MBEDTLS_SSL_BUF_NO_CACHED))) {
if (!ssl->MBEDTLS_PRIVATE(in_buf) || (ssl->MBEDTLS_PRIVATE(in_hslen) && (ssl->MBEDTLS_PRIVATE(in_hslen) < ssl->MBEDTLS_PRIVATE(in_msglen))) ||
(ssl->MBEDTLS_PRIVATE(in_buf) && (esp_mbedtls_get_buf_state(ssl->MBEDTLS_PRIVATE(in_buf)) == ESP_MBEDTLS_SSL_BUF_NO_CACHED))) {
ret = 0;
goto exit;
}
/**
* The previous processing is just skipped, so "ssl->in_msglen = 0"
* The previous processing is just skipped, so "ssl->MBEDTLS_PRIVATE(in_msglen) = 0"
*/
if (!ssl->in_msgtype) {
if (!ssl->MBEDTLS_PRIVATE(in_msgtype)) {
goto exit;
}
memcpy(buf, ssl->in_ctr, 8);
memcpy(buf + 8, ssl->in_iv, 8);
memcpy(buf, ssl->MBEDTLS_PRIVATE(in_ctr), 8);
memcpy(buf + 8, ssl->MBEDTLS_PRIVATE(in_iv), 8);
esp_mbedtls_free_buf(ssl->in_buf);
esp_mbedtls_free_buf(ssl->MBEDTLS_PRIVATE(in_buf));
init_rx_buffer(ssl, NULL);
esp_buf = mbedtls_calloc(1, SSL_BUF_HEAD_OFFSET_SIZE + 16);
@@ -436,7 +436,7 @@ int esp_mbedtls_free_rx_buffer(mbedtls_ssl_context *ssl)
esp_mbedtls_init_ssl_buf(esp_buf, 16);
memcpy(esp_buf->buf, buf, 16);
init_rx_buffer(ssl, esp_buf->buf);
esp_mbedtls_set_buf_state(ssl->in_buf, ESP_MBEDTLS_SSL_BUF_NO_CACHED);
esp_mbedtls_set_buf_state(ssl->MBEDTLS_PRIVATE(in_buf), ESP_MBEDTLS_SSL_BUF_NO_CACHED);
exit:
ESP_LOGV(TAG, "<-- free rx");
@@ -449,10 +449,10 @@ size_t esp_mbedtls_get_crt_size(mbedtls_x509_crt *cert, size_t *num)
size_t bytes = 0;
while (cert) {
bytes += cert->raw.len;
bytes += cert->MBEDTLS_PRIVATE(raw).MBEDTLS_PRIVATE(len);
n++;
cert = cert->next;
cert = cert->MBEDTLS_PRIVATE(next);
}
*num = n;
@@ -464,15 +464,15 @@ size_t esp_mbedtls_get_crt_size(mbedtls_x509_crt *cert, size_t *num)
void esp_mbedtls_free_dhm(mbedtls_ssl_context *ssl)
{
#ifdef CONFIG_MBEDTLS_DHM_C
mbedtls_mpi_free((mbedtls_mpi *)&ssl->conf->dhm_P);
mbedtls_mpi_free((mbedtls_mpi *)&ssl->conf->dhm_G);
mbedtls_mpi_free((mbedtls_mpi *)&ssl->MBEDTLS_PRIVATE(conf)->MBEDTLS_PRIVATE(dhm_P));
mbedtls_mpi_free((mbedtls_mpi *)&ssl->MBEDTLS_PRIVATE(conf)->MBEDTLS_PRIVATE(dhm_G));
#endif /* CONFIG_MBEDTLS_DHM_C */
}
void esp_mbedtls_free_keycert(mbedtls_ssl_context *ssl)
{
mbedtls_ssl_config *conf = (mbedtls_ssl_config *)ssl->conf;
mbedtls_ssl_key_cert *keycert = conf->key_cert, *next;
mbedtls_ssl_config *conf = (mbedtls_ssl_config *)ssl->MBEDTLS_PRIVATE(conf);
mbedtls_ssl_key_cert *keycert = conf->MBEDTLS_PRIVATE(key_cert), *next;
while (keycert) {
next = keycert->next;
@@ -484,12 +484,12 @@ void esp_mbedtls_free_keycert(mbedtls_ssl_context *ssl)
keycert = next;
}
conf->key_cert = NULL;
conf->MBEDTLS_PRIVATE(key_cert) = NULL;
}
void esp_mbedtls_free_keycert_key(mbedtls_ssl_context *ssl)
{
mbedtls_ssl_key_cert *keycert = ssl->conf->key_cert;
mbedtls_ssl_key_cert *keycert = ssl->MBEDTLS_PRIVATE(conf)->MBEDTLS_PRIVATE(key_cert);
while (keycert) {
if (keycert->key) {
@@ -502,7 +502,7 @@ void esp_mbedtls_free_keycert_key(mbedtls_ssl_context *ssl)
void esp_mbedtls_free_keycert_cert(mbedtls_ssl_context *ssl)
{
mbedtls_ssl_key_cert *keycert = ssl->conf->key_cert;
mbedtls_ssl_key_cert *keycert = ssl->MBEDTLS_PRIVATE(conf)->MBEDTLS_PRIVATE(key_cert);
while (keycert) {
if (keycert->cert) {
@@ -517,11 +517,11 @@ void esp_mbedtls_free_keycert_cert(mbedtls_ssl_context *ssl)
#ifdef CONFIG_MBEDTLS_DYNAMIC_FREE_CA_CERT
void esp_mbedtls_free_cacert(mbedtls_ssl_context *ssl)
{
if (ssl->conf->ca_chain) {
mbedtls_ssl_config *conf = (mbedtls_ssl_config *)ssl->conf;
if (ssl->MBEDTLS_PRIVATE(conf)->MBEDTLS_PRIVATE(ca_chain)) {
mbedtls_ssl_config *conf = (mbedtls_ssl_config *)ssl->MBEDTLS_PRIVATE(conf);
mbedtls_x509_crt_free(conf->ca_chain);
conf->ca_chain = NULL;
mbedtls_x509_crt_free(conf->MBEDTLS_PRIVATE(ca_chain));
conf->MBEDTLS_PRIVATE(ca_chain) = NULL;
}
}
#endif /* CONFIG_MBEDTLS_DYNAMIC_FREE_CA_CERT */

16
components/mbedtls/port/dynamic/esp_ssl_cli.c
View File

@@ -15,14 +15,14 @@ static const char *TAG = "SSL client";
static int manage_resource(mbedtls_ssl_context *ssl, bool add)
{
int state = add ? ssl->state : ssl->state - 1;
int state = add ? ssl->MBEDTLS_PRIVATE(state) : ssl->MBEDTLS_PRIVATE(state) - 1;
if (ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER || ssl->handshake == NULL) {
if (ssl->MBEDTLS_PRIVATE(state) == MBEDTLS_SSL_HANDSHAKE_OVER || ssl->MBEDTLS_PRIVATE(handshake) == NULL) {
return 0;
}
if (!add) {
if (!ssl->out_left) {
if (!ssl->MBEDTLS_PRIVATE(out_left)) {
CHECK_OK(esp_mbedtls_free_tx_buffer(ssl));
}
}
@@ -61,25 +61,25 @@ static int manage_resource(mbedtls_ssl_context *ssl, bool add)
if (add) {
CHECK_OK(esp_mbedtls_add_rx_buffer(ssl));
} else {
if (!ssl->keep_current_message) {
if (!ssl->MBEDTLS_PRIVATE(keep_current_message)) {
CHECK_OK(esp_mbedtls_free_rx_buffer(ssl));
}
}
break;
case MBEDTLS_SSL_CERTIFICATE_REQUEST:
if (add) {
if (!ssl->keep_current_message) {
if (!ssl->MBEDTLS_PRIVATE(keep_current_message)) {
CHECK_OK(esp_mbedtls_add_rx_buffer(ssl));
}
} else {
if (!ssl->keep_current_message) {
if (!ssl->MBEDTLS_PRIVATE(keep_current_message)) {
CHECK_OK(esp_mbedtls_free_rx_buffer(ssl));
}
}
break;
case MBEDTLS_SSL_SERVER_HELLO_DONE:
if (add) {
if (!ssl->keep_current_message) {
if (!ssl->MBEDTLS_PRIVATE(keep_current_message)) {
CHECK_OK(esp_mbedtls_add_rx_buffer(ssl));
}
} else {
@@ -91,7 +91,7 @@ static int manage_resource(mbedtls_ssl_context *ssl, bool add)
case MBEDTLS_SSL_CLIENT_CERTIFICATE:
if (add) {
size_t buffer_len = 3;
mbedtls_ssl_key_cert *key_cert = ssl->conf->key_cert;
mbedtls_ssl_key_cert *key_cert = ssl->MBEDTLS_PRIVATE(conf)->MBEDTLS_PRIVATE(key_cert);
while (key_cert && key_cert->cert) {
size_t num;

10
components/mbedtls/port/dynamic/esp_ssl_srv.c
View File

@@ -14,21 +14,21 @@ static const char *TAG = "SSL Server";
static int manage_resource(mbedtls_ssl_context *ssl, bool add)
{
int state = add ? ssl->state : ssl->state - 1;
int state = add ? ssl->MBEDTLS_PRIVATE(state) : ssl->MBEDTLS_PRIVATE(state) - 1;
if (ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER || ssl->handshake == NULL) {
if (ssl->MBEDTLS_PRIVATE(state) == MBEDTLS_SSL_HANDSHAKE_OVER || ssl->MBEDTLS_PRIVATE(handshake) == NULL) {
return 0;
}
if (!add) {
if (!ssl->out_left) {
if (!ssl->MBEDTLS_PRIVATE(out_left)) {
CHECK_OK(esp_mbedtls_free_tx_buffer(ssl));
}
}
switch (state) {
case MBEDTLS_SSL_HELLO_REQUEST:
ssl->major_ver = MBEDTLS_SSL_MAJOR_VERSION_3;
ssl->MBEDTLS_PRIVATE(major_ver) = MBEDTLS_SSL_MAJOR_VERSION_3;
break;
case MBEDTLS_SSL_CLIENT_HELLO:
if (add) {
@@ -49,7 +49,7 @@ static int manage_resource(mbedtls_ssl_context *ssl, bool add)
case MBEDTLS_SSL_SERVER_CERTIFICATE:
if (add) {
size_t buffer_len = 3;
mbedtls_ssl_key_cert *key_cert = ssl->conf->key_cert;
mbedtls_ssl_key_cert *key_cert = ssl->MBEDTLS_PRIVATE(conf)->MBEDTLS_PRIVATE(key_cert);
while (key_cert && key_cert->cert) {
size_t num;

23
components/mbedtls/port/dynamic/esp_ssl_tls.c
View File

@@ -3,7 +3,6 @@
*
* SPDX-License-Identifier: Apache-2.0
*/
#include <sys/param.h>
#include "esp_mbedtls_dynamic_impl.h"
@@ -27,7 +26,7 @@ static const char *TAG = "SSL TLS";
static int tx_done(mbedtls_ssl_context *ssl)
{
if (!ssl->out_left)
if (!ssl->MBEDTLS_PRIVATE(out_left))
return 1;
return 0;
@@ -35,7 +34,7 @@ static int tx_done(mbedtls_ssl_context *ssl)
static int rx_done(mbedtls_ssl_context *ssl)
{
if (!ssl->in_msglen) {
if (!ssl->MBEDTLS_PRIVATE(in_msglen)) {
return 1;
}
@@ -178,10 +177,12 @@ int __wrap_mbedtls_ssl_setup(mbedtls_ssl_context *ssl, const mbedtls_ssl_config
ssl->conf = conf;
CHECK_OK(ssl_handshake_init(ssl));
ssl->out_buf = NULL;
mbedtls_free(ssl->MBEDTLS_PRIVATE(out_buf));
ssl->MBEDTLS_PRIVATE(out_buf) = NULL;
CHECK_OK(esp_mbedtls_setup_tx_buffer(ssl));
ssl->in_buf = NULL;
mbedtls_free(ssl->MBEDTLS_PRIVATE(in_buf));
ssl->MBEDTLS_PRIVATE(in_buf) = NULL;
esp_mbedtls_setup_rx_buffer(ssl);
return 0;
@@ -228,14 +229,14 @@ int __wrap_mbedtls_ssl_read(mbedtls_ssl_context *ssl, unsigned char *buf, size_t
void __wrap_mbedtls_ssl_free(mbedtls_ssl_context *ssl)
{
if (ssl->out_buf) {
esp_mbedtls_free_buf(ssl->out_buf);
ssl->out_buf = NULL;
if (ssl->MBEDTLS_PRIVATE(out_buf)) {
esp_mbedtls_free_buf(ssl->MBEDTLS_PRIVATE(out_buf));
ssl->MBEDTLS_PRIVATE(out_buf) = NULL;
}
if (ssl->in_buf) {
esp_mbedtls_free_buf(ssl->in_buf);
ssl->in_buf = NULL;
if (ssl->MBEDTLS_PRIVATE(in_buf)) {
esp_mbedtls_free_buf(ssl->MBEDTLS_PRIVATE(in_buf));
ssl->MBEDTLS_PRIVATE(in_buf) = NULL;
}
__real_mbedtls_ssl_free(ssl);

14
components/mbedtls/port/esp32/bignum.c
View File

@@ -83,11 +83,11 @@ void esp_mpi_interrupt_clear( void )
static inline void mpi_to_mem_block(uint32_t mem_base, const mbedtls_mpi *mpi, size_t hw_words)
{
uint32_t *pbase = (uint32_t *)mem_base;
uint32_t copy_words = MIN(hw_words, mpi->n);
uint32_t copy_words = MIN(hw_words, mpi->MBEDTLS_PRIVATE(n));
/* Copy MPI data to memory block registers */
for (uint32_t i = 0; i < copy_words; i++) {
pbase[i] = mpi->p[i];
pbase[i] = mpi->MBEDTLS_PRIVATE(p[i]);
}
/* Zero any remaining memory block data */
@@ -105,15 +105,15 @@ static inline void mpi_to_mem_block(uint32_t mem_base, const mbedtls_mpi *mpi, s
*/
static inline void mem_block_to_mpi(mbedtls_mpi *x, uint32_t mem_base, size_t num_words)
{
assert(x->n >= num_words);
assert(x->MBEDTLS_PRIVATE(n) >= num_words);
/* Copy data from memory block registers */
esp_dport_access_read_buffer(x->p, mem_base, num_words);
esp_dport_access_read_buffer(x->MBEDTLS_PRIVATE(p), mem_base, num_words);
/* Zero any remaining limbs in the bignum, if the buffer is bigger
than num_words */
for (size_t i = num_words; i < x->n; i++) {
x->p[i] = 0;
for (size_t i = num_words; i < x->MBEDTLS_PRIVATE(n); i++) {
x->MBEDTLS_PRIVATE(p[i]) = 0;
}
}
@@ -215,7 +215,7 @@ int esp_mont_hw_op(mbedtls_mpi *Z, const mbedtls_mpi *X, const mbedtls_mpi *Y, c
mpi_to_mem_block(RSA_MEM_RB_BLOCK_BASE, Y, hw_words);
start_op(RSA_MULT_START_REG);
Z->s = 1; // The sign of Z will be = M->s (but M->s is always 1)
Z->MBEDTLS_PRIVATE(s) = 1; // The sign of Z will be = M->s (but M->s is always 1)
MBEDTLS_MPI_CHK( mbedtls_mpi_grow(Z, hw_words) );
wait_op_complete();

10
components/mbedtls/port/esp32c3/bignum.c
View File

@@ -80,11 +80,11 @@ void esp_mpi_interrupt_clear( void )
static inline void mpi_to_mem_block(uint32_t mem_base, const mbedtls_mpi *mpi, size_t num_words)
{
uint32_t *pbase = (uint32_t *)mem_base;
uint32_t copy_words = MIN(num_words, mpi->n);
uint32_t copy_words = MIN(num_words, mpi->MBEDTLS_PRIVATE(n));
/* Copy MPI data to memory block registers */
for (int i = 0; i < copy_words; i++) {
pbase[i] = mpi->p[i];
pbase[i] = mpi->MBEDTLS_PRIVATE(p)[i];
}
/* Zero any remaining memory block data */
@@ -103,12 +103,12 @@ static inline void mem_block_to_mpi(mbedtls_mpi *x, uint32_t mem_base, int num_w
/* Copy data from memory block registers */
const size_t REG_WIDTH = sizeof(uint32_t);
for (size_t i = 0; i < num_words; i++) {
x->p[i] = REG_READ(mem_base + (i * REG_WIDTH));
x->MBEDTLS_PRIVATE(p)[i] = REG_READ(mem_base + (i * REG_WIDTH));
}
/* Zero any remaining limbs in the bignum, if the buffer is bigger
than num_words */
for (size_t i = num_words; i < x->n; i++) {
x->p[i] = 0;
for (size_t i = num_words; i < x->MBEDTLS_PRIVATE(n); i++) {
x->MBEDTLS_PRIVATE(p)[i] = 0;
}
}

10
components/mbedtls/port/esp32h2/bignum.c
View File

@@ -80,11 +80,11 @@ void esp_mpi_interrupt_clear( void )
static inline void mpi_to_mem_block(uint32_t mem_base, const mbedtls_mpi *mpi, size_t num_words)
{
uint32_t *pbase = (uint32_t *)mem_base;
uint32_t copy_words = MIN(num_words, mpi->n);
uint32_t copy_words = MIN(num_words, mpi->MBEDTLS_PRIVATE(n));
/* Copy MPI data to memory block registers */
for (int i = 0; i < copy_words; i++) {
pbase[i] = mpi->p[i];
pbase[i] = mpi->MBEDTLS_PRIVATE(p)[i];
}
/* Zero any remaining memory block data */
@@ -103,12 +103,12 @@ static inline void mem_block_to_mpi(mbedtls_mpi *x, uint32_t mem_base, int num_w
/* Copy data from memory block registers */
const size_t REG_WIDTH = sizeof(uint32_t);
for (size_t i = 0; i < num_words; i++) {
x->p[i] = REG_READ(mem_base + (i * REG_WIDTH));
x->MBEDTLS_PRIVATE(p)[i] = REG_READ(mem_base + (i * REG_WIDTH));
}
/* Zero any remaining limbs in the bignum, if the buffer is bigger
than num_words */
for (size_t i = num_words; i < x->n; i++) {
x->p[i] = 0;
for (size_t i = num_words; i < x->MBEDTLS_PRIVATE(n); i++) {
x->MBEDTLS_PRIVATE(p)[i] = 0;
}
}

10
components/mbedtls/port/esp32s2/bignum.c
View File

@@ -78,11 +78,11 @@ void esp_mpi_interrupt_clear( void )
static inline void mpi_to_mem_block(uint32_t mem_base, const mbedtls_mpi *mpi, size_t num_words)
{
uint32_t *pbase = (uint32_t *)mem_base;
uint32_t copy_words = MIN(num_words, mpi->n);
uint32_t copy_words = MIN(num_words, mpi->MBEDTLS_PRIVATE(n));
/* Copy MPI data to memory block registers */
for (uint32_t i = 0; i < copy_words; i++) {
pbase[i] = mpi->p[i];
pbase[i] = mpi->MBEDTLS_PRIVATE(p)[i];
}
/* Zero any remaining memory block data */
@@ -99,11 +99,11 @@ static inline void mem_block_to_mpi(mbedtls_mpi *x, uint32_t mem_base, int num_w
{
/* Copy data from memory block registers */
esp_dport_access_read_buffer(x->p, mem_base, num_words);
esp_dport_access_read_buffer(x->MBEDTLS_PRIVATE(p), mem_base, num_words);
/* Zero any remaining limbs in the bignum, if the buffer is bigger
than num_words */
for (size_t i = num_words; i < x->n; i++) {
x->p[i] = 0;
for (size_t i = num_words; i < x->MBEDTLS_PRIVATE(n); i++) {
x->MBEDTLS_PRIVATE(p)[i] = 0;
}
}

10
components/mbedtls/port/esp32s3/bignum.c
View File

@@ -75,11 +75,11 @@ void esp_mpi_interrupt_clear( void )
static inline void mpi_to_mem_block(uint32_t mem_base, const mbedtls_mpi *mpi, size_t num_words)
{
uint32_t *pbase = (uint32_t *)mem_base;
uint32_t copy_words = MIN(num_words, mpi->n);
uint32_t copy_words = MIN(num_words, mpi->MBEDTLS_PRIVATE(n));
/* Copy MPI data to memory block registers */
for (uint32_t i = 0; i < copy_words; i++) {
pbase[i] = mpi->p[i];
pbase[i] = mpi->MBEDTLS_PRIVATE(p)[i];
}
/* Zero any remaining memory block data */
@@ -96,11 +96,11 @@ static inline void mem_block_to_mpi(mbedtls_mpi *x, uint32_t mem_base, int num_w
{
/* Copy data from memory block registers */
esp_dport_access_read_buffer(x->p, mem_base, num_words);
esp_dport_access_read_buffer(x->MBEDTLS_PRIVATE(p), mem_base, num_words);
/* Zero any remaining limbs in the bignum, if the buffer is bigger
than num_words */
for (size_t i = num_words; i < x->n; i++) {
x->p[i] = 0;
for (size_t i = num_words; i < x->MBEDTLS_PRIVATE(n); i++) {
x->MBEDTLS_PRIVATE(p)[i] = 0;
}
}

52
components/mbedtls/port/esp_bignum.c
View File

@@ -150,8 +150,8 @@ static inline size_t bits_to_words(size_t bits)
#if defined(MBEDTLS_MPI_EXP_MOD_ALT) || defined(MBEDTLS_MPI_EXP_MOD_ALT_FALLBACK)
static size_t mpi_words(const mbedtls_mpi *mpi)
{
for (size_t i = mpi->n; i > 0; i--) {
if (mpi->p[i - 1] != 0) {
for (size_t i = mpi->MBEDTLS_PRIVATE(n); i > 0; i--) {
if (mpi->MBEDTLS_PRIVATE(p[i - 1]) != 0) {
return i;
}
}
@@ -174,7 +174,7 @@ static mbedtls_mpi_uint modular_inverse(const mbedtls_mpi *M)
uint64_t t = 1;
uint64_t two_2_i_minus_1 = 2; /* 2^(i-1) */
uint64_t two_2_i = 4; /* 2^i */
uint64_t N = M->p[0];
uint64_t N = M->MBEDTLS_PRIVATE(p[0]);
for (i = 2; i <= 32; i++) {
if ((mbedtls_mpi_uint) N * t % two_2_i >= two_2_i_minus_1) {
@@ -252,7 +252,7 @@ int esp_mpi_mul_mpi_mod(mbedtls_mpi *Z, const mbedtls_mpi *X, const mbedtls_mpi
MBEDTLS_MPI_CHK(mbedtls_mpi_grow(Z, z_words));
esp_mpi_read_result_hw_op(Z, z_words);
Z->s = X->s * Y->s;
Z->MBEDTLS_PRIVATE(s) = X->MBEDTLS_PRIVATE(s) * Y->MBEDTLS_PRIVATE(s);
cleanup:
mbedtls_mpi_free(&Rinv);
@@ -270,11 +270,11 @@ cleanup:
static size_t mbedtls_mpi_msb( const mbedtls_mpi *X )
{
int i, j;
if (X != NULL && X->n != 0) {
for (i = X->n - 1; i >= 0; i--) {
if (X->p[i] != 0) {
if (X != NULL && X->MBEDTLS_PRIVATE(n) != 0) {
for (i = X->MBEDTLS_PRIVATE(n) - 1; i >= 0; i--) {
if (X->MBEDTLS_PRIVATE(p[i]) != 0) {
for (j = biL - 1; j >= 0; j--) {
if ((X->p[i] & (1 << j)) != 0) {
if ((X->MBEDTLS_PRIVATE(p[i]) & (1 << j)) != 0) {
return (i * biL) + j;
}
}
@@ -374,7 +374,7 @@ static int esp_mpi_exp_mod( mbedtls_mpi *Z, const mbedtls_mpi *X, const mbedtls_
return MBEDTLS_ERR_MPI_NOT_ACCEPTABLE;
}
if (mbedtls_mpi_cmp_int(M, 0) <= 0 || (M->p[0] & 1) == 0) {
if (mbedtls_mpi_cmp_int(M, 0) <= 0 || (M->MBEDTLS_PRIVATE(p[0]) & 1) == 0) {
return MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
}
@@ -394,7 +394,7 @@ static int esp_mpi_exp_mod( mbedtls_mpi *Z, const mbedtls_mpi *X, const mbedtls_
} else {
Rinv = _Rinv;
}
if (Rinv->p == NULL) {
if (Rinv->MBEDTLS_PRIVATE(p) == NULL) {
MBEDTLS_MPI_CHK(calculate_rinv(Rinv, M, num_words));
}
@@ -435,11 +435,11 @@ static int esp_mpi_exp_mod( mbedtls_mpi *Z, const mbedtls_mpi *X, const mbedtls_
#endif
// Compensate for negative X
if (X->s == -1 && (Y->p[0] & 1) != 0) {
Z->s = -1;
if (X->MBEDTLS_PRIVATE(s) == -1 && (Y->MBEDTLS_PRIVATE(p[0]) & 1) != 0) {
Z->MBEDTLS_PRIVATE(s) = -1;
MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(Z, M, Z));
} else {
Z->s = 1;
Z->MBEDTLS_PRIVATE(s) = 1;
}
cleanup:
@@ -504,12 +504,12 @@ int mbedtls_mpi_mul_mpi( mbedtls_mpi *Z, const mbedtls_mpi *X, const mbedtls_mpi
}
if (x_bits == 1) {
ret = mbedtls_mpi_copy(Z, Y);
Z->s *= X->s;
Z->MBEDTLS_PRIVATE(s) *= X->MBEDTLS_PRIVATE(s);
return ret;
}
if (y_bits == 1) {
ret = mbedtls_mpi_copy(Z, X);
Z->s *= Y->s;
Z->MBEDTLS_PRIVATE(s) *= Y->MBEDTLS_PRIVATE(s);
return ret;
}
@@ -548,7 +548,7 @@ int mbedtls_mpi_mul_mpi( mbedtls_mpi *Z, const mbedtls_mpi *X, const mbedtls_mpi
esp_mpi_disable_hardware_hw_op();
Z->s = X->s * Y->s;
Z->MBEDTLS_PRIVATE(s) = X->MBEDTLS_PRIVATE(s) * Y->MBEDTLS_PRIVATE(s);
cleanup:
return ret;
@@ -559,9 +559,9 @@ int mbedtls_mpi_mul_int( mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_uint
mbedtls_mpi _B;
mbedtls_mpi_uint p[1];
_B.s = 1;
_B.n = 1;
_B.p = p;
_B.MBEDTLS_PRIVATE(s) = 1;
_B.MBEDTLS_PRIVATE(n) = 1;
_B.MBEDTLS_PRIVATE(p) = p;
p[0] = b;
return( mbedtls_mpi_mul_mpi( X, A, &_B ) );
@@ -592,15 +592,15 @@ static int mpi_mult_mpi_overlong(mbedtls_mpi *Z, const mbedtls_mpi *X, const mbe
const size_t words_slice = y_words / 2;
/* Yp holds lower bits of Y (declared to reuse Y's array contents to save on copying) */
const mbedtls_mpi Yp = {
.p = Y->p,
.n = words_slice,
.s = Y->s
.MBEDTLS_PRIVATE(p) = Y->MBEDTLS_PRIVATE(p),
.MBEDTLS_PRIVATE(n) = words_slice,
.MBEDTLS_PRIVATE(s) = Y->MBEDTLS_PRIVATE(s)
};
/* Ypp holds upper bits of Y, right shifted (also reuses Y's array contents) */
const mbedtls_mpi Ypp = {
.p = Y->p + words_slice,
.n = y_words - words_slice,
.s = Y->s
.MBEDTLS_PRIVATE(p) = Y->MBEDTLS_PRIVATE(p) + words_slice,
.MBEDTLS_PRIVATE(n) = y_words - words_slice,
.MBEDTLS_PRIVATE(s) = Y->MBEDTLS_PRIVATE(s)
};
mbedtls_mpi_init(&Ztemp);
@@ -651,7 +651,7 @@ static int mpi_mult_mpi_failover_mod_mult( mbedtls_mpi *Z, const mbedtls_mpi *X,
MBEDTLS_MPI_CHK( mbedtls_mpi_grow(Z, hw_words) );
esp_mpi_read_result_hw_op(Z, hw_words);
Z->s = X->s * Y->s;
Z->MBEDTLS_PRIVATE(s) = X->MBEDTLS_PRIVATE(s) * Y->MBEDTLS_PRIVATE(s);
cleanup:
esp_mpi_disable_hardware_hw_op();
return ret;

2
components/mbedtls/port/esp_ds/esp_rsa_sign_alt.c
View File

@@ -204,7 +204,7 @@ static int rsa_rsassa_pkcs1_v15_encode( mbedtls_md_type_t md_alg,
int esp_ds_rsa_sign( void *ctx,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
int mode, mbedtls_md_type_t md_alg, unsigned int hashlen,
mbedtls_md_type_t md_alg, unsigned int hashlen,
const unsigned char *hash, unsigned char *sig )
{
esp_ds_context_t *esp_ds_ctx;

14
components/mbedtls/port/esp_timing.c
View File

@@ -66,11 +66,11 @@ void mbedtls_timing_set_delay( void *data, uint32_t int_ms, uint32_t fin_ms )
{
mbedtls_timing_delay_context *ctx = (mbedtls_timing_delay_context *) data;
ctx->int_ms = int_ms;
ctx->fin_ms = fin_ms;
ctx->MBEDTLS_PRIVATE(int_ms) = int_ms;
ctx->MBEDTLS_PRIVATE(fin_ms) = fin_ms;
if( fin_ms != 0 )
(void) mbedtls_timing_get_timer( &ctx->timer, 1 );
(void) mbedtls_timing_get_timer( &ctx->MBEDTLS_PRIVATE(timer), 1 );
}
/*
@@ -81,15 +81,15 @@ int mbedtls_timing_get_delay( void *data )
mbedtls_timing_delay_context *ctx = (mbedtls_timing_delay_context *) data;
unsigned long elapsed_ms;
if( ctx->fin_ms == 0 )
if( ctx->MBEDTLS_PRIVATE(fin_ms) == 0 )
return( -1 );
elapsed_ms = mbedtls_timing_get_timer( &ctx->timer, 0 );
elapsed_ms = mbedtls_timing_get_timer( &ctx->MBEDTLS_PRIVATE(timer), 0 );
if( elapsed_ms >= ctx->fin_ms )
if( elapsed_ms >= ctx->MBEDTLS_PRIVATE(fin_ms) )
return( 2 );
if( elapsed_ms >= ctx->int_ms )
if( elapsed_ms >= ctx->MBEDTLS_PRIVATE(int_ms) )
return( 1 );
return( 0 );

127
components/mbedtls/port/include/aes/esp_aes_gcm.h
View File

@@ -93,22 +93,41 @@ int esp_aes_gcm_setkey( esp_gcm_context *ctx,
* \brief This function starts a GCM encryption or decryption
* operation.
*
* \param ctx The GCM context.
* \param ctx The GCM context. This must be initialized.
* \param mode The operation to perform: #MBEDTLS_GCM_ENCRYPT or
* #MBEDTLS_GCM_DECRYPT.
* \param iv The initialization vector.
* \param iv The initialization vector. This must be a readable buffer of
* at least \p iv_len Bytes.
* \param iv_len The length of the IV.
* \param add The buffer holding the additional data, or NULL
* if \p aad_len is 0.
* \param aad_len The length of the additional data. If 0,
* \p add is NULL.
*
* \return \c 0 on success.
*/
int esp_aes_gcm_starts( esp_gcm_context *ctx,
int mode,
const unsigned char *iv,
size_t iv_len,
size_t iv_len );
/**
* \brief This function feeds an input buffer as associated data
* (authenticated but not encrypted data) in a GCM
* encryption or decryption operation.
*
* Call this function after mbedtls_gcm_starts() to pass
* the associated data. If the associated data is empty,
* you do not need to call this function. You may not
* call this function after calling mbedtls_cipher_update().
*
* \param ctx The GCM context. This must have been started with
* mbedtls_gcm_starts() and must not have yet received
* any input with mbedtls_gcm_update().
* \param aad The buffer holding the additional data, or \c NULL
* if \p aad_len is \c 0.
* \param aad_len The length of the additional data. If \c 0,
* \p add may be \c NULL.
*
* \return \c 0 on success.
*/
int esp_aes_gcm_update_ad( esp_gcm_context *ctx,
const unsigned char *aad,
size_t aad_len );
@@ -116,27 +135,57 @@ int esp_aes_gcm_starts( esp_gcm_context *ctx,
* \brief This function feeds an input buffer into an ongoing GCM
* encryption or decryption operation.
*
* ` The function expects input to be a multiple of 16
* Bytes. Only the last call before calling
* mbedtls_gcm_finish() can be less than 16 Bytes.
* You may call this function zero, one or more times
* to pass successive parts of the input: the plaintext to
* encrypt, or the ciphertext (not including the tag) to
* decrypt. After the last part of the input, call
* mbedtls_gcm_finish().
*
* This function may produce output in one of the following
* ways:
* - Immediate output: the output length is always equal
* to the input length.
* - Buffered output: the output consists of a whole number
* of 16-byte blocks. If the total input length so far
* (not including associated data) is 16 \* *B* + *A*
* with *A* < 16 then the total output length is 16 \* *B*.
*
* In particular:
* - It is always correct to call this function with
* \p output_size >= \p input_length + 15.
* - If \p input_length is a multiple of 16 for all the calls
* to this function during an operation, then it is
* correct to use \p output_size = \p input_length.
*
* \note For decryption, the output buffer cannot be the same as
* input buffer. If the buffers overlap, the output buffer
* must trail at least 8 Bytes behind the input buffer.
*
* \param ctx The GCM context.
* \param length The length of the input data. This must be a multiple of
* 16 except in the last call before mbedtls_gcm_finish().
* \param input The buffer holding the input data.
* \param output The buffer for holding the output data.
* \param ctx The GCM context. This must be initialized.
* \param input The buffer holding the input data. If \p input_length
* is greater than zero, this must be a readable buffer
* of at least \p input_length bytes.
* \param input_length The length of the input data in bytes.
* \param output The buffer for the output data. If \p output_size
* is greater than zero, this must be a writable buffer of
* of at least \p output_size bytes.
* \param output_size The size of the output buffer in bytes.
* See the function description regarding the output size.
* \param output_length On success, \p *output_length contains the actual
* length of the output written in \p output.
* On failure, the content of \p *output_length is
* unspecified.
*
* \return \c 0 on success.
* \return #MBEDTLS_ERR_GCM_BAD_INPUT on failure.
* \return #MBEDTLS_ERR_GCM_BAD_INPUT on failure:
* total input length too long,
* unsupported input/output buffer overlap detected,
* or \p output_size too small.
*/
int esp_aes_gcm_update( esp_gcm_context *ctx,
size_t length,
const unsigned char *input,
unsigned char *output );
const unsigned char *input, size_t input_length,
unsigned char *output, size_t output_size,
size_t *output_length );
/**
* \brief This function finishes the GCM operation and generates
@@ -145,16 +194,36 @@ int esp_aes_gcm_update( esp_gcm_context *ctx,
* It wraps up the GCM stream, and generates the
* tag. The tag can have a maximum length of 16 Bytes.
*
* \param ctx The GCM context.
* \param tag The buffer for holding the tag.
* \param tag_len The length of the tag to generate. Must be at least four.
* \param ctx The GCM context. This must be initialized.
* \param tag The buffer for holding the tag. This must be a writable
* buffer of at least \p tag_len Bytes.
* \param tag_len The length of the tag to generate. This must be at least
* four.
* \param output The buffer for the final output.
* If \p output_size is nonzero, this must be a writable
* buffer of at least \p output_size bytes.
* \param output_size The size of the \p output buffer in bytes.
* This must be large enough for the output that
* mbedtls_gcm_update() has not produced. In particular:
* - If mbedtls_gcm_update() produces immediate output,
* or if the total input size is a multiple of \c 16,
* then mbedtls_gcm_finish() never produces any output,
* so \p output_size can be \c 0.
* - \p output_size never needs to be more than \c 15.
* \param output_length On success, \p *output_length contains the actual
* length of the output written in \p output.
* On failure, the content of \p *output_length is
* unspecified.
*
* \return \c 0 on success.
* \return #MBEDTLS_ERR_GCM_BAD_INPUT on failure.
* \return #MBEDTLS_ERR_GCM_BAD_INPUT on failure:
* invalid value of \p tag_len,
* or \p output_size too small.
*/
int esp_aes_gcm_finish( esp_gcm_context *ctx,
unsigned char *tag,
size_t tag_len );
unsigned char *output, size_t output_size,
size_t *output_length,
unsigned char *tag, size_t tag_len );
/**
* \brief This function clears a GCM context
@@ -178,7 +247,7 @@ void esp_aes_gcm_free( esp_gcm_context *ctx);
* 16 except in the last call before mbedtls_gcm_finish().
* \param iv The initialization vector.
* \param iv_len The length of the IV.
* \param add The buffer holding the additional data.
* \param aad The buffer holding the additional data.
* \param aad_len The length of the additional data.
* \param input The buffer holding the input data.
* \param output The buffer for holding the output data.
@@ -192,7 +261,7 @@ int esp_aes_gcm_crypt_and_tag( esp_gcm_context *ctx,
size_t length,
const unsigned char *iv,
size_t iv_len,
const unsigned char *add,
const unsigned char *aad,
size_t aad_len,
const unsigned char *input,
unsigned char *output,
@@ -213,7 +282,7 @@ int esp_aes_gcm_crypt_and_tag( esp_gcm_context *ctx,
* of 16 except in the last call before mbedtls_gcm_finish().
* \param iv The initialization vector.
* \param iv_len The length of the IV.
* \param add The buffer holding the additional data.
* \param aad The buffer holding the additional data.
* \param aad_len The length of the additional data.
* \param tag The buffer holding the tag.
* \param tag_len The length of the tag.
@@ -227,7 +296,7 @@ int esp_aes_gcm_auth_decrypt( esp_gcm_context *ctx,
size_t length,
const unsigned char *iv,
size_t iv_len,
const unsigned char *add,
const unsigned char *aad,
size_t aad_len,
const unsigned char *tag,
size_t tag_len,

20
components/mbedtls/port/include/esp_ds/esp_rsa_sign_alt.h
View File

@@ -1,16 +1,8 @@
// Copyright 2020 Espressif Systems (Shanghai) PTE LTD
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
/*
* SPDX-FileCopyrightText: 2021 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
#pragma once
@@ -65,7 +57,7 @@ void esp_ds_release_ds_lock(void);
*/
int esp_ds_rsa_sign( void *ctx,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
int mode, mbedtls_md_type_t md_alg, unsigned int hashlen,
mbedtls_md_type_t md_alg, unsigned int hashlen,
const unsigned char *hash, unsigned char *sig );
/*

1
components/mbedtls/port/include/gcm_alt.h
View File

@@ -41,6 +41,7 @@ typedef esp_gcm_context mbedtls_gcm_context;
#define mbedtls_gcm_free esp_aes_gcm_free
#define mbedtls_gcm_setkey esp_aes_gcm_setkey
#define mbedtls_gcm_starts esp_aes_gcm_starts
#define mbedtls_gcm_update_ad esp_aes_gcm_update_ad
#define mbedtls_gcm_update esp_aes_gcm_update
#define mbedtls_gcm_finish esp_aes_gcm_finish
#define mbedtls_gcm_auth_decrypt esp_aes_gcm_auth_decrypt

2
components/mbedtls/port/include/mbedtls/esp_config.h
View File

@@ -2188,8 +2188,10 @@
* This module adds support for SHA-384 and SHA-512.
*/
#ifdef CONFIG_MBEDTLS_SHA512_C
#define MBEDTLS_SHA384_C
#define MBEDTLS_SHA512_C
#else
#undef MBEDTLS_SHA384_C
#undef MBEDTLS_SHA512_C
#endif

44
components/mbedtls/port/net_sockets.c
View File

@@ -62,7 +62,7 @@ static int net_prepare( void )
*/
void mbedtls_net_init( mbedtls_net_context *ctx )
{
ctx->fd = -1;
ctx->MBEDTLS_PRIVATE(fd) = -1;
}
/*
@@ -98,7 +98,7 @@ int mbedtls_net_connect( mbedtls_net_context *ctx, const char *host, const char
}
if ( connect( fd, cur->ai_addr, cur->ai_addrlen ) == 0 ) {
ctx->fd = fd; // connected!
ctx->MBEDTLS_PRIVATE(fd) = fd; // connected!
ret = 0;
break;
}
@@ -175,7 +175,7 @@ int mbedtls_net_bind( mbedtls_net_context *ctx, const char *bind_ip, const char
}
/* I we ever get there, it's a success */
ctx->fd = fd;
ctx->MBEDTLS_PRIVATE(fd) = fd;
ret = 0;
break;
}
@@ -224,7 +224,7 @@ int mbedtls_net_accept( mbedtls_net_context *bind_ctx,
socklen_t type_len = (socklen_t) sizeof( type );
/* Is this a TCP or UDP socket? */
if ( getsockopt( bind_ctx->fd, SOL_SOCKET, SO_TYPE,
if ( getsockopt( bind_ctx->MBEDTLS_PRIVATE(fd), SOL_SOCKET, SO_TYPE,
(void *) &type, (socklen_t *) &type_len ) != 0 ||
( type != SOCK_STREAM && type != SOCK_DGRAM ) ) {
return ( MBEDTLS_ERR_NET_ACCEPT_FAILED );
@@ -232,13 +232,13 @@ int mbedtls_net_accept( mbedtls_net_context *bind_ctx,
if ( type == SOCK_STREAM ) {
/* TCP: actual accept() */
ret = client_ctx->fd = (int) accept( bind_ctx->fd,
ret = client_ctx->MBEDTLS_PRIVATE(fd) = (int) accept( bind_ctx->MBEDTLS_PRIVATE(fd),
(struct sockaddr *) &client_addr, &n );
} else {
/* UDP: wait for a message, but keep it in the queue */
char buf[1] = { 0 };
ret = recvfrom( bind_ctx->fd, buf, sizeof( buf ), MSG_PEEK,
ret = recvfrom( bind_ctx->MBEDTLS_PRIVATE(fd), buf, sizeof( buf ), MSG_PEEK,
(struct sockaddr *) &client_addr, &n );
}
@@ -257,24 +257,24 @@ int mbedtls_net_accept( mbedtls_net_context *bind_ctx,
struct sockaddr_in local_addr;
int one = 1;
if ( connect( bind_ctx->fd, (struct sockaddr *) &client_addr, n ) != 0 ) {
if ( connect( bind_ctx->MBEDTLS_PRIVATE(fd), (struct sockaddr *) &client_addr, n ) != 0 ) {
return ( MBEDTLS_ERR_NET_ACCEPT_FAILED );
}
client_ctx->fd = bind_ctx->fd;
bind_ctx->fd = -1; /* In case we exit early */
client_ctx->MBEDTLS_PRIVATE(fd) = bind_ctx->MBEDTLS_PRIVATE(fd);
bind_ctx->MBEDTLS_PRIVATE(fd) = -1; /* In case we exit early */
n = sizeof( struct sockaddr_in );
if ( getsockname( client_ctx->fd,
if ( getsockname( client_ctx->MBEDTLS_PRIVATE(fd),
(struct sockaddr *) &local_addr, &n ) != 0 ||
( bind_ctx->fd = (int) socket( AF_INET,
( bind_ctx->MBEDTLS_PRIVATE(fd) = (int) socket( AF_INET,
SOCK_DGRAM, IPPROTO_UDP ) ) < 0 ||
setsockopt( bind_ctx->fd, SOL_SOCKET, SO_REUSEADDR,
setsockopt( bind_ctx->MBEDTLS_PRIVATE(fd), SOL_SOCKET, SO_REUSEADDR,
(const char *) &one, sizeof( one ) ) != 0 ) {
return ( MBEDTLS_ERR_NET_SOCKET_FAILED );
}
if ( bind( bind_ctx->fd, (struct sockaddr *) &local_addr, n ) != 0 ) {
if ( bind( bind_ctx->MBEDTLS_PRIVATE(fd), (struct sockaddr *) &local_addr, n ) != 0 ) {
return ( MBEDTLS_ERR_NET_BIND_FAILED );
}
}
@@ -298,12 +298,12 @@ int mbedtls_net_accept( mbedtls_net_context *bind_ctx,
*/
int mbedtls_net_set_block( mbedtls_net_context *ctx )
{
return ( fcntl( ctx->fd, F_SETFL, fcntl( ctx->fd, F_GETFL, 0 ) & ~O_NONBLOCK ) );
return ( fcntl( ctx->MBEDTLS_PRIVATE(fd), F_SETFL, fcntl( ctx->MBEDTLS_PRIVATE(fd), F_GETFL, 0 ) & ~O_NONBLOCK ) );
}
int mbedtls_net_set_nonblock( mbedtls_net_context *ctx )
{
return ( fcntl( ctx->fd, F_SETFL, fcntl( ctx->fd, F_GETFL, 0 ) | O_NONBLOCK ) );
return ( fcntl( ctx->MBEDTLS_PRIVATE(fd), F_SETFL, fcntl( ctx->MBEDTLS_PRIVATE(fd), F_GETFL, 0 ) | O_NONBLOCK ) );
}
/*
@@ -323,7 +323,7 @@ void mbedtls_net_usleep( unsigned long usec )
int mbedtls_net_recv( void *ctx, unsigned char *buf, size_t len )
{
int ret;
int fd = ((mbedtls_net_context *) ctx)->fd;
int fd = ((mbedtls_net_context *) ctx)->MBEDTLS_PRIVATE(fd);
if ( fd < 0 ) {
return ( MBEDTLS_ERR_NET_INVALID_CONTEXT );
@@ -359,7 +359,7 @@ int mbedtls_net_recv_timeout( void *ctx, unsigned char *buf, size_t len,
int ret;
struct timeval tv;
fd_set read_fds;
int fd = ((mbedtls_net_context *) ctx)->fd;
int fd = ((mbedtls_net_context *) ctx)->MBEDTLS_PRIVATE(fd);
if ( fd < 0 ) {
return ( MBEDTLS_ERR_NET_INVALID_CONTEXT );
@@ -396,7 +396,7 @@ int mbedtls_net_recv_timeout( void *ctx, unsigned char *buf, size_t len,
int mbedtls_net_send( void *ctx, const unsigned char *buf, size_t len )
{
int ret;
int fd = ((mbedtls_net_context *) ctx)->fd;
int fd = ((mbedtls_net_context *) ctx)->MBEDTLS_PRIVATE(fd);
if ( fd < 0 ) {
return ( MBEDTLS_ERR_NET_INVALID_CONTEXT );
@@ -428,14 +428,14 @@ int mbedtls_net_send( void *ctx, const unsigned char *buf, size_t len )
*/
void mbedtls_net_free( mbedtls_net_context *ctx )
{
if ( ctx->fd == -1 ) {
if ( ctx->MBEDTLS_PRIVATE(fd) == -1 ) {
return;
}
shutdown( ctx->fd, 2 );
close( ctx->fd );
shutdown( ctx->MBEDTLS_PRIVATE(fd), 2 );
close( ctx->MBEDTLS_PRIVATE(fd) );
ctx->fd = -1;
ctx->MBEDTLS_PRIVATE(fd) = -1;
}
#endif /* MBEDTLS_NET_C */

21
components/mbedtls/port/sha/dma/esp_sha1.c
View File

@@ -177,15 +177,6 @@ int mbedtls_sha1_update( mbedtls_sha1_context *ctx, const unsigned char *input,
return 0;
}
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
void mbedtls_sha1_update( mbedtls_sha1_context *ctx,
const unsigned char *input,
size_t ilen )
{
mbedtls_sha1__update( ctx, input, ilen );
}
#endif
static const unsigned char sha1_padding[64] = {
0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
@@ -214,10 +205,10 @@ int mbedtls_sha1_finish( mbedtls_sha1_context *ctx, unsigned char output[20] )
padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );
if ( ( ret = mbedtls_sha1__update( ctx, sha1_padding, padn ) ) != 0 ) {
if ( ( ret = mbedtls_sha1_update( ctx, sha1_padding, padn ) ) != 0 ) {
return ret;
}
if ( ( ret = mbedtls_sha1__update( ctx, msglen, 8 ) ) != 0 ) {
if ( ( ret = mbedtls_sha1_update( ctx, msglen, 8 ) ) != 0 ) {
return ret;
}
@@ -226,12 +217,4 @@ int mbedtls_sha1_finish( mbedtls_sha1_context *ctx, unsigned char output[20] )
return ret;
}
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
void mbedtls_sha1_finish( mbedtls_sha1_context *ctx,
unsigned char output[20] )
{
mbedtls_sha1_finish( ctx, output );
}
#endif
#endif /* MBEDTLS_SHA1_C && MBEDTLS_SHA1_ALT */

43
components/mbedtls/test/test_aes_gcm.c
View File

@@ -1,6 +1,9 @@
/* mbedTLS GCM test
*
* SPDX-FileCopyrightText: 2021-2022 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
#include <string.h>
#include <stdio.h>
#include <stdbool.h>
@@ -99,15 +102,16 @@ TEST_CASE("mbedtls GCM stream test", "[aes-gcm]")
mbedtls_gcm_init(&ctx);
mbedtls_gcm_setkey(&ctx, cipher, key, 128);
mbedtls_gcm_starts( &ctx, MBEDTLS_AES_ENCRYPT, nonce, sizeof(nonce), NULL, 0 );
mbedtls_gcm_starts( &ctx, MBEDTLS_AES_ENCRYPT, nonce, sizeof(nonce) );
// Encrypt
for (int idx = 0; idx < SZ; idx = idx + bytes_to_process) {
// Limit length of last call to avoid exceeding buffer size
size_t length = (idx + bytes_to_process > SZ) ? (SZ - idx) : bytes_to_process;
mbedtls_gcm_update(&ctx, length, plaintext + idx, chipertext + idx );
mbedtls_gcm_update(&ctx, plaintext + idx, length, chipertext + idx, 0, NULL);
}
mbedtls_gcm_finish( &ctx, tag, sizeof(tag) );
size_t olen;
mbedtls_gcm_finish( &ctx, NULL, 0, &olen, tag, sizeof(tag) );
TEST_ASSERT_EQUAL_HEX8_ARRAY(expected_cipher, chipertext, SZ);
TEST_ASSERT_EQUAL_HEX8_ARRAY(expected_tag, tag, sizeof(tag));
@@ -116,15 +120,15 @@ TEST_CASE("mbedtls GCM stream test", "[aes-gcm]")
mbedtls_gcm_free( &ctx );
mbedtls_gcm_init(&ctx);
mbedtls_gcm_setkey(&ctx, cipher, key, 128);
mbedtls_gcm_starts( &ctx, MBEDTLS_AES_DECRYPT, nonce, sizeof(nonce), NULL, 0 );
mbedtls_gcm_starts( &ctx, MBEDTLS_AES_DECRYPT, nonce, sizeof(nonce));
for (int idx = 0; idx < SZ; idx = idx + bytes_to_process) {
// Limit length of last call to avoid exceeding buffer size
size_t length = (idx + bytes_to_process > SZ) ? (SZ - idx) : bytes_to_process;
mbedtls_gcm_update(&ctx, length, chipertext + idx, decryptedtext + idx );
mbedtls_gcm_update(&ctx, chipertext + idx, length, decryptedtext + idx, 0, NULL);
}
mbedtls_gcm_finish( &ctx, tag, sizeof(tag) );
mbedtls_gcm_finish( &ctx, NULL, 0, &olen, tag, sizeof(tag) );
TEST_ASSERT_EQUAL_HEX8_ARRAY(plaintext, decryptedtext, SZ);
mbedtls_gcm_free( &ctx );
}
@@ -185,14 +189,15 @@ static void aes_gcm_test(aes_gcm_test_cfg_t *cfg, aes_gcm_test_expected_res_t *r
mbedtls_gcm_init(&ctx);
mbedtls_gcm_setkey(&ctx, cipher, cfg->key, cfg->key_bits);
size_t olen;
/* Encrypt and tag */
if (aes_gcm_type == AES_GCM_TEST_CRYPT_N_TAG) {
mbedtls_gcm_crypt_and_tag(&ctx, MBEDTLS_AES_ENCRYPT, cfg->plaintext_length, iv_buf, cfg->iv_length, cfg->add_buf, cfg->add_length, cfg->plaintext, ciphertext, cfg->tag_len, tag_buf_encrypt);
} else if (aes_gcm_type == AES_GCM_TEST_START_UPDATE_FINISH) {
TEST_ASSERT(mbedtls_gcm_starts( &ctx, MBEDTLS_AES_ENCRYPT, iv_buf, cfg->iv_length, cfg->add_buf, cfg->add_length) == 0 );
TEST_ASSERT(mbedtls_gcm_update( &ctx, cfg->plaintext_length, cfg->plaintext, ciphertext) == 0 );
TEST_ASSERT(mbedtls_gcm_finish( &ctx, tag_buf_encrypt, cfg->tag_len) == 0 );
TEST_ASSERT(mbedtls_gcm_starts( &ctx, MBEDTLS_AES_ENCRYPT, iv_buf, cfg->iv_length) == 0 );
TEST_ASSERT(mbedtls_gcm_update_ad( &ctx, cfg->add_buf, cfg->add_length) == 0 );
TEST_ASSERT(mbedtls_gcm_update( &ctx, cfg->plaintext, cfg->plaintext_length, ciphertext, 0, NULL) == 0 );
TEST_ASSERT(mbedtls_gcm_finish( &ctx, NULL, 0, &olen, tag_buf_encrypt, cfg->tag_len) == 0 );
}
size_t offset = cfg->plaintext_length > 16 ? cfg->plaintext_length - 16 : 0;
/* Sanity check: make sure the last ciphertext block matches what we expect to see. */
@@ -204,9 +209,10 @@ static void aes_gcm_test(aes_gcm_test_cfg_t *cfg, aes_gcm_test_expected_res_t *r
if (aes_gcm_type == AES_GCM_TEST_CRYPT_N_TAG) {
TEST_ASSERT(mbedtls_gcm_auth_decrypt(&ctx, cfg->plaintext_length, iv_buf, cfg->iv_length, cfg->add_buf, cfg->add_length, res->expected_tag, cfg->tag_len, ciphertext, output) == 0);
} else if (aes_gcm_type == AES_GCM_TEST_START_UPDATE_FINISH) {
TEST_ASSERT(mbedtls_gcm_starts( &ctx, MBEDTLS_AES_DECRYPT, iv_buf, cfg->iv_length, cfg->add_buf, cfg->add_length) == 0 );
TEST_ASSERT(mbedtls_gcm_update( &ctx, cfg->plaintext_length, ciphertext, output) == 0 );
TEST_ASSERT(mbedtls_gcm_finish( &ctx, tag_buf_decrypt, cfg->tag_len) == 0 );
TEST_ASSERT(mbedtls_gcm_starts( &ctx, MBEDTLS_AES_DECRYPT, iv_buf, cfg->iv_length) == 0 );
TEST_ASSERT(mbedtls_gcm_update_ad( &ctx, cfg->add_buf, cfg->add_length) == 0 );
TEST_ASSERT(mbedtls_gcm_update( &ctx, ciphertext, cfg->plaintext_length, output, 0, NULL) == 0 );
TEST_ASSERT(mbedtls_gcm_finish( &ctx, NULL, 0, &olen, tag_buf_decrypt, cfg->tag_len) == 0 );
/* mbedtls_gcm_auth_decrypt already checks tag so only needed for AES_GCM_TEST_START_UPDATE_FINISH */
TEST_ASSERT_EQUAL_HEX8_ARRAY(res->expected_tag, tag_buf_decrypt, cfg->tag_len);
@@ -412,7 +418,7 @@ TEST_CASE("mbedtls AES GCM performance, start, update, ret", "[aes-gcm]")
uint8_t iv[16];
uint8_t key[16];
uint8_t aad[16];
size_t olen;
memset(iv, 0xEE, 16);
memset(key, 0x44, 16);
memset(aad, 0x76, 16);
@@ -428,9 +434,10 @@ TEST_CASE("mbedtls AES GCM performance, start, update, ret", "[aes-gcm]")
memset(buf, 0xAA, CALL_SZ);
TEST_ASSERT(mbedtls_gcm_starts( &ctx, MBEDTLS_AES_ENCRYPT, iv, sizeof(iv), aad, sizeof(aad) ) == 0 );
TEST_ASSERT(mbedtls_gcm_update( &ctx, CALL_SZ, buf, buf ) == 0 );
TEST_ASSERT(mbedtls_gcm_finish( &ctx, tag_buf, 16 ) == 0 );
TEST_ASSERT(mbedtls_gcm_starts( &ctx, MBEDTLS_AES_ENCRYPT, iv, sizeof(iv) ) == 0 );
TEST_ASSERT(mbedtls_gcm_update_ad( &ctx, aad, sizeof(aad)) == 0 );
TEST_ASSERT(mbedtls_gcm_update( &ctx, buf, CALL_SZ, buf, 0, NULL) == 0 );
TEST_ASSERT(mbedtls_gcm_finish( &ctx, NULL, 0, &olen, tag_buf, 16 ) == 0 );
elapsed_usec = ccomp_timer_stop();

17
components/mbedtls/test/test_ecp.c
View File

@@ -1,8 +1,11 @@
/* mbedTLS Elliptic Curve functionality tests
Focus on testing functionality where we use ESP32 hardware
accelerated crypto features.
*
* Focus on testing functionality where we use ESP32 hardware
* accelerated crypto features.
*
* SPDX-FileCopyrightText: 2021 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
#include <string.h>
#include <stdio.h>
@@ -33,9 +36,9 @@ TEST_CASE("mbedtls ECDH Generate Key", "[mbedtls]")
mbedtls_entropy_init(&entropy);
TEST_ASSERT_MBEDTLS_OK( mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, NULL, 0) );
TEST_ASSERT_MBEDTLS_OK( mbedtls_ecp_group_load(&ctx.grp, MBEDTLS_ECP_DP_CURVE25519) );
TEST_ASSERT_MBEDTLS_OK( mbedtls_ecp_group_load(&ctx.MBEDTLS_PRIVATE(grp), MBEDTLS_ECP_DP_CURVE25519) );
TEST_ASSERT_MBEDTLS_OK( mbedtls_ecdh_gen_public(&ctx.grp, &ctx.d, &ctx.Q,
TEST_ASSERT_MBEDTLS_OK( mbedtls_ecdh_gen_public(&ctx.MBEDTLS_PRIVATE(grp), &ctx.MBEDTLS_PRIVATE(d), &ctx.MBEDTLS_PRIVATE(Q),
mbedtls_ctr_drbg_random, &ctr_drbg ) );
mbedtls_ecdh_free(&ctx);
@@ -67,7 +70,7 @@ TEST_CASE("mbedtls ECP mul w/ koblitz", "[mbedtls]")
mbedtls_ctr_drbg_random, &ctxRandom) );
TEST_ASSERT_MBEDTLS_OK(mbedtls_ecp_mul(&ctxECDSA.grp, &ctxECDSA.Q, &ctxECDSA.d, &ctxECDSA.grp.G,
TEST_ASSERT_MBEDTLS_OK(mbedtls_ecp_mul(&ctxECDSA.MBEDTLS_PRIVATE(grp), &ctxECDSA.MBEDTLS_PRIVATE(Q), &ctxECDSA.MBEDTLS_PRIVATE(d), &ctxECDSA.MBEDTLS_PRIVATE(grp).G,
mbedtls_ctr_drbg_random, &ctxRandom) );
mbedtls_ecdsa_free(&ctxECDSA);

26
components/mbedtls/test/test_esp_crt_bundle.c
View File

@@ -2,21 +2,12 @@
*
* Adapted from the ssl_server example in mbedtls.
*
* Original Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
* Additions Copyright (C) Copyright 2019 Espressif Systems (Shanghai) PTE LTD, Apache 2.0 License.
* SPDX-FileCopyrightText: 2006-2015, ARM Limited, All Rights Reserved
* 2021 The Mbed TLS Contributors
*
* SPDX-License-Identifier: Apache 2.0 License
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
* SPDX-FileContributor: 2019-2021 Espressif Systems (Shanghai) CO LTD
*/
#include "esp_err.h"
#include "esp_log.h"
@@ -29,6 +20,7 @@
#include "mbedtls/ctr_drbg.h"
#include "mbedtls/x509.h"
#include "mbedtls/ssl.h"
#include "mbedtls/library/entropy_poll.h"
#include "mbedtls/net_sockets.h"
#include "mbedtls/error.h"
#include "mbedtls/debug.h"
@@ -90,6 +82,12 @@ static volatile bool exit_flag;
esp_err_t endpoint_teardown(mbedtls_endpoint_t *endpoint);
static int myrand(void *rng_state, unsigned char *output, size_t len)
{
size_t olen;
return mbedtls_hardware_poll(rng_state, output, len, &olen);
}
esp_err_t server_setup(mbedtls_endpoint_t *server)
{
int ret;
@@ -112,7 +110,7 @@ esp_err_t server_setup(mbedtls_endpoint_t *server)
}
ret = mbedtls_pk_parse_key( &server->pkey, (const unsigned char *)server_pk_start,
server_pk_end - server_pk_start, NULL, 0 );
server_pk_end - server_pk_start, NULL, 0, myrand, NULL );
if ( ret != 0 ) {
ESP_LOGE(TAG, "mbedtls_pk_parse_key returned %d", ret );
return ESP_FAIL;

6
components/mbedtls/test/test_mbedtls_mpi.c
View File

@@ -1,4 +1,8 @@
/* mbedTLS bignum (MPI) self-tests as unit tests
*
* SPDX-FileCopyrightText: 2021 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
#include <string.h>
#include <stdio.h>
@@ -24,7 +28,7 @@ void mbedtls_mpi_printf(const char *name, const mbedtls_mpi *X)
memset(buf, 0, sizeof(buf));
mbedtls_mpi_write_string(X, 16, buf, sizeof(buf)-1, &n);
if(n) {
printf("%s = (s=%d) 0x%s\n", name, X->s, buf);
printf("%s = (s=%d) 0x%s\n", name, X->MBEDTLS_PRIVATE(s), buf);
} else {
printf("%s = TOOLONG\n", name);
}

25
components/mbedtls/test/test_rsa.c
View File

@@ -1,8 +1,11 @@
/* mbedTLS RSA functionality tests
Focus on testing functionality where we use ESP32 hardware
accelerated crypto features.
*
* Focus on testing functionality where we use ESP32 hardware
* accelerated crypto features
*
* SPDX-FileCopyrightText: 2021 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
#include <string.h>
#include <stdbool.h>
@@ -358,7 +361,7 @@ static void test_cert(const char *cert, const uint8_t *expected_output, size_t o
strlen(cert)+1),
"parse cert");
rsa = mbedtls_pk_rsa(crt.pk);
rsa = mbedtls_pk_rsa(crt.MBEDTLS_PRIVATE(pk));
TEST_ASSERT_NOT_NULL(rsa);
res = mbedtls_rsa_check_pubkey(rsa);
@@ -461,20 +464,20 @@ static void rsa_key_operations(int keysize, bool check_performance, bool use_bli
memset(orig_buf, 0xAA, sizeof(orig_buf));
orig_buf[0] = 0; // Ensure that orig_buf is smaller than rsa.N
if (generate_new_rsa) {
mbedtls_rsa_init(&rsa, MBEDTLS_RSA_PRIVATE, 0);
mbedtls_rsa_init(&rsa);
TEST_ASSERT_EQUAL(0, mbedtls_rsa_gen_key(&rsa, myrand, NULL, keysize, 65537));
} else {
mbedtls_pk_init(&clientkey);
switch(keysize) {
case 4096:
res = mbedtls_pk_parse_key(&clientkey, (const uint8_t *)privkey_4096_buf, sizeof(privkey_4096_buf), NULL, 0);
res = mbedtls_pk_parse_key(&clientkey, (const uint8_t *)privkey_4096_buf, sizeof(privkey_4096_buf), NULL, 0, myrand, NULL);
break;
case 3072:
res = mbedtls_pk_parse_key(&clientkey, (const uint8_t *)privkey_3072_buf, sizeof(privkey_3072_buf), NULL, 0);
res = mbedtls_pk_parse_key(&clientkey, (const uint8_t *)privkey_3072_buf, sizeof(privkey_3072_buf), NULL, 0, myrand, NULL);
break;
case 2048:
res = mbedtls_pk_parse_key(&clientkey, (const uint8_t *)privkey_2048_buf, sizeof(privkey_2048_buf), NULL, 0);
res = mbedtls_pk_parse_key(&clientkey, (const uint8_t *)privkey_2048_buf, sizeof(privkey_2048_buf), NULL, 0, myrand, NULL);
break;
default:
TEST_FAIL_MESSAGE("unsupported keysize, pass generate_new_rsa=true or update test");
@@ -489,8 +492,8 @@ static void rsa_key_operations(int keysize, bool check_performance, bool use_bli
print_rsa_details(&rsa);
#endif
TEST_ASSERT_EQUAL(keysize, (int)rsa.len * 8);
TEST_ASSERT_EQUAL(keysize, (int)rsa.D.n * sizeof(mbedtls_mpi_uint) * 8); // The private exponent
TEST_ASSERT_EQUAL(keysize, (int)rsa.MBEDTLS_PRIVATE(len) * 8);
TEST_ASSERT_EQUAL(keysize, (int)rsa.MBEDTLS_PRIVATE(D).MBEDTLS_PRIVATE(n) * sizeof(mbedtls_mpi_uint) * 8); // The private exponent
ccomp_timer_start();
res = mbedtls_rsa_public(&rsa, orig_buf, encrypted_buf);

4
components/mbedtls/test/test_sha.c
View File

@@ -118,12 +118,12 @@ TEST_CASE("Test esp_sha() function with long input", "[hw_crypto]")
TEST_ASSERT_EQUAL(0, r);
esp_sha(SHA2_256, ptr, LEN, sha256_espsha);
r = mbedtls_sha256_ret(ptr, LEN, sha256_mbedtls, 0);
r = mbedtls_sha256(ptr, LEN, sha256_mbedtls, 0);
TEST_ASSERT_EQUAL(0, r);
#if SOC_SHA_SUPPORT_SHA512
esp_sha(SHA2_512, ptr, LEN, sha512_espsha);
r = mbedtls_sha512_ret(ptr, LEN, sha512_mbedtls, 0);
r = mbedtls_sha512(ptr, LEN, sha512_mbedtls, 0);
TEST_ASSERT_EQUAL(0, r);
#endif

19
components/protocomm/src/security/security1.c
View File

@@ -16,7 +16,6 @@
#include <mbedtls/ctr_drbg.h>
#include <mbedtls/ecdh.h>
#include <mbedtls/error.h>
#include <mbedtls/ssl_internal.h>
#include <mbedtls/constant_time.h>
#include <mbedtls/library/ssl_misc.h>
@@ -215,14 +214,14 @@ static esp_err_t handle_session_command0(session_t *cur_session,
goto exit_cmd0;
}
mbed_err = mbedtls_ecp_group_load(&ctx_server->grp, MBEDTLS_ECP_DP_CURVE25519);
mbed_err = mbedtls_ecp_group_load(&ctx_server->MBEDTLS_PRIVATE(grp), MBEDTLS_ECP_DP_CURVE25519);
if (mbed_err != 0) {
ESP_LOGE(TAG, "Failed at mbedtls_ecp_group_load with error code : -0x%x", -mbed_err);
ret = ESP_FAIL;
goto exit_cmd0;
}
mbed_err = mbedtls_ecdh_gen_public(&ctx_server->grp, &ctx_server->d, &ctx_server->Q,
mbed_err = mbedtls_ecdh_gen_public(&ctx_server->MBEDTLS_PRIVATE(grp), &ctx_server->MBEDTLS_PRIVATE(d), &ctx_server->MBEDTLS_PRIVATE(Q),
mbedtls_ctr_drbg_random, ctr_drbg);
if (mbed_err != 0) {
ESP_LOGE(TAG, "Failed at mbedtls_ecdh_gen_public with error code : -0x%x", -mbed_err);
@@ -230,7 +229,7 @@ static esp_err_t handle_session_command0(session_t *cur_session,
goto exit_cmd0;
}
mbed_err = mbedtls_mpi_write_binary(&ctx_server->Q.X,
mbed_err = mbedtls_mpi_write_binary(&ctx_server->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(X),
cur_session->device_pubkey,
PUBLIC_KEY_LEN);
if (mbed_err != 0) {
@@ -247,7 +246,7 @@ static esp_err_t handle_session_command0(session_t *cur_session,
hexdump("Device pubkey", dev_pubkey, PUBLIC_KEY_LEN);
hexdump("Client pubkey", cli_pubkey, PUBLIC_KEY_LEN);
mbed_err = mbedtls_mpi_lset(&ctx_server->Qp.Z, 1);
mbed_err = mbedtls_mpi_lset(&ctx_server->MBEDTLS_PRIVATE(Qp).MBEDTLS_PRIVATE(Z), 1);
if (mbed_err != 0) {
ESP_LOGE(TAG, "Failed at mbedtls_mpi_lset with error code : -0x%x", -mbed_err);
ret = ESP_FAIL;
@@ -255,7 +254,7 @@ static esp_err_t handle_session_command0(session_t *cur_session,
}
flip_endian(cur_session->client_pubkey, PUBLIC_KEY_LEN);
mbed_err = mbedtls_mpi_read_binary(&ctx_server->Qp.X, cli_pubkey, PUBLIC_KEY_LEN);
mbed_err = mbedtls_mpi_read_binary(&ctx_server->MBEDTLS_PRIVATE(Qp).MBEDTLS_PRIVATE(X), cli_pubkey, PUBLIC_KEY_LEN);
flip_endian(cur_session->client_pubkey, PUBLIC_KEY_LEN);
if (mbed_err != 0) {
ESP_LOGE(TAG, "Failed at mbedtls_mpi_read_binary with error code : -0x%x", -mbed_err);
@@ -263,15 +262,15 @@ static esp_err_t handle_session_command0(session_t *cur_session,
goto exit_cmd0;
}
mbed_err = mbedtls_ecdh_compute_shared(&ctx_server->grp, &ctx_server->z, &ctx_server->Qp,
&ctx_server->d, mbedtls_ctr_drbg_random, ctr_drbg);
mbed_err = mbedtls_ecdh_compute_shared(&ctx_server->MBEDTLS_PRIVATE(grp), &ctx_server->MBEDTLS_PRIVATE(z), &ctx_server->MBEDTLS_PRIVATE(Qp),
&ctx_server->MBEDTLS_PRIVATE(d), mbedtls_ctr_drbg_random, ctr_drbg);
if (mbed_err != 0) {
ESP_LOGE(TAG, "Failed at mbedtls_ecdh_compute_shared with error code : -0x%x", -mbed_err);
ret = ESP_FAIL;
goto exit_cmd0;
}
mbed_err = mbedtls_mpi_write_binary(&ctx_server->z, cur_session->sym_key, PUBLIC_KEY_LEN);
mbed_err = mbedtls_mpi_write_binary(&ctx_server->MBEDTLS_PRIVATE(z), cur_session->sym_key, PUBLIC_KEY_LEN);
if (mbed_err != 0) {
ESP_LOGE(TAG, "Failed at mbedtls_mpi_write_binary with error code : -0x%x", -mbed_err);
ret = ESP_FAIL;
@@ -283,7 +282,7 @@ static esp_err_t handle_session_command0(session_t *cur_session,
ESP_LOGD(TAG, "Adding proof of possession");
uint8_t sha_out[PUBLIC_KEY_LEN];
mbed_err = mbedtls_sha256_ret((const unsigned char *) pop->data, pop->len, sha_out, 0);
mbed_err = mbedtls_sha256((const unsigned char *) pop->data, pop->len, sha_out, 0);
if (mbed_err != 0) {
ESP_LOGE(TAG, "Failed at mbedtls_sha256_ret with error code : -0x%x", -mbed_err);
ret = ESP_FAIL;

46
components/protocomm/test/test_protocomm.c
View File

@@ -1,16 +1,8 @@
// Copyright 2018 Espressif Systems (Shanghai) PTE LTD
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
/*
* SPDX-FileCopyrightText: 2018-2021 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
#include <stdlib.h>
#include <string.h>
@@ -155,24 +147,24 @@ static esp_err_t verify_response0(session_t *session, SessionData *resp)
hexdump("Device pubkey", dev_pubkey, PUBLIC_KEY_LEN);
hexdump("Client pubkey", cli_pubkey, PUBLIC_KEY_LEN);
ret = mbedtls_mpi_lset(&session->ctx_client.Qp.Z, 1);
ret = mbedtls_mpi_lset(&session->ctx_client.MBEDTLS_PRIVATE(Qp).MBEDTLS_PRIVATE(Z), 1);
if (ret != 0) {
ESP_LOGE(TAG, "Failed at mbedtls_mpi_lset with error code : %d", ret);
return ESP_FAIL;
}
flip_endian(session->device_pubkey, PUBLIC_KEY_LEN);
ret = mbedtls_mpi_read_binary(&session->ctx_client.Qp.X, dev_pubkey, PUBLIC_KEY_LEN);
ret = mbedtls_mpi_read_binary(&session->ctx_client.MBEDTLS_PRIVATE(Qp).MBEDTLS_PRIVATE(X), dev_pubkey, PUBLIC_KEY_LEN);
flip_endian(session->device_pubkey, PUBLIC_KEY_LEN);
if (ret != 0) {
ESP_LOGE(TAG, "Failed at mbedtls_mpi_read_binary with error code : %d", ret);
return ESP_FAIL;
}
ret = mbedtls_ecdh_compute_shared(&session->ctx_client.grp,
&session->ctx_client.z,
&session->ctx_client.Qp,
&session->ctx_client.d,
ret = mbedtls_ecdh_compute_shared(&session->ctx_client.MBEDTLS_PRIVATE(grp),
&session->ctx_client.MBEDTLS_PRIVATE(z),
&session->ctx_client.MBEDTLS_PRIVATE(Qp),
&session->ctx_client.MBEDTLS_PRIVATE(d),
mbedtls_ctr_drbg_random,
&session->ctr_drbg);
if (ret != 0) {
@@ -180,7 +172,7 @@ static esp_err_t verify_response0(session_t *session, SessionData *resp)
return ESP_FAIL;
}
ret = mbedtls_mpi_write_binary(&session->ctx_client.z, session->sym_key, PUBLIC_KEY_LEN);
ret = mbedtls_mpi_write_binary(&session->ctx_client.MBEDTLS_PRIVATE(z), session->sym_key, PUBLIC_KEY_LEN);
if (ret != 0) {
ESP_LOGE(TAG, "Failed at mbedtls_mpi_write_binary with error code : %d", ret);
return ESP_FAIL;
@@ -192,7 +184,7 @@ static esp_err_t verify_response0(session_t *session, SessionData *resp)
ESP_LOGD(TAG, "Adding proof of possession");
uint8_t sha_out[PUBLIC_KEY_LEN];
ret = mbedtls_sha256_ret((const unsigned char *) pop->data, pop->len, sha_out, 0);
ret = mbedtls_sha256((const unsigned char *) pop->data, pop->len, sha_out, 0);
if (ret != 0) {
ESP_LOGE(TAG, "Failed at mbedtls_sha256_ret with error code : %d", ret);
return ESP_FAIL;
@@ -381,15 +373,15 @@ static esp_err_t test_sec_endpoint(session_t *session)
goto abort_test_sec_endpoint;
}
ret = mbedtls_ecp_group_load(&session->ctx_client.grp, MBEDTLS_ECP_DP_CURVE25519);
ret = mbedtls_ecp_group_load(&session->ctx_client.MBEDTLS_PRIVATE(grp), MBEDTLS_ECP_DP_CURVE25519);
if (ret != 0) {
ESP_LOGE(TAG, "Failed at mbedtls_ecp_group_load with error code : %d", ret);
goto abort_test_sec_endpoint;
}
ret = mbedtls_ecdh_gen_public(&session->ctx_client.grp,
&session->ctx_client.d,
&session->ctx_client.Q,
ret = mbedtls_ecdh_gen_public(&session->ctx_client.MBEDTLS_PRIVATE(grp),
&session->ctx_client.MBEDTLS_PRIVATE(d),
&session->ctx_client.MBEDTLS_PRIVATE(Q),
mbedtls_ctr_drbg_random,
&session->ctr_drbg);
if (ret != 0) {
@@ -399,7 +391,7 @@ static esp_err_t test_sec_endpoint(session_t *session)
if (session->weak) {
/* Read zero client public key */
ret = mbedtls_mpi_read_binary(&session->ctx_client.Q.X,
ret = mbedtls_mpi_read_binary(&session->ctx_client.MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(X),
session->client_pubkey,
PUBLIC_KEY_LEN);
if (ret != 0) {
@@ -407,7 +399,7 @@ static esp_err_t test_sec_endpoint(session_t *session)
goto abort_test_sec_endpoint;
}
}
ret = mbedtls_mpi_write_binary(&session->ctx_client.Q.X,
ret = mbedtls_mpi_write_binary(&session->ctx_client.MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(X),
session->client_pubkey,
PUBLIC_KEY_LEN);
if (ret != 0) {

58
components/wpa_supplicant/src/crypto/crypto_mbedtls-ec.c
View File

@@ -125,7 +125,7 @@ struct crypto_ec_group *crypto_ec_get_group_byname(const char *name)
mbedtls_ecp_group_init( &e->group );
if (mbedtls_ecp_group_load(&e->group, curve->grp_id)) {
if (mbedtls_ecp_group_load(&e->group, curve->MBEDTLS_PRIVATE(grp_id))) {
crypto_ec_deinit(e);
e = NULL;
}
@@ -157,7 +157,7 @@ int crypto_ec_point_to_bin(struct crypto_ec *e,
int len = mbedtls_mpi_size(&e->group.P);
if (x) {
if(crypto_bignum_to_bin((struct crypto_bignum *) & ((mbedtls_ecp_point *) point)->X,
if(crypto_bignum_to_bin((struct crypto_bignum *) & ((mbedtls_ecp_point *) point)->MBEDTLS_PRIVATE(X),
x, len, len) < 0) {
return -1;
}
@@ -165,7 +165,7 @@ int crypto_ec_point_to_bin(struct crypto_ec *e,
}
if (y) {
if(crypto_bignum_to_bin((struct crypto_bignum *) & ((mbedtls_ecp_point *) point)->Y,
if(crypto_bignum_to_bin((struct crypto_bignum *) & ((mbedtls_ecp_point *) point)->MBEDTLS_PRIVATE(Y),
y, len, len) < 0) {
return -1;
}
@@ -180,17 +180,17 @@ int crypto_ec_get_affine_coordinates(struct crypto_ec *e, struct crypto_ec_point
int ret = -1;
mbedtls_ecp_point *point = (mbedtls_ecp_point *)pt;
if (!mbedtls_ecp_is_zero(point) && (mbedtls_mpi_cmp_int( &point->Z, 1 ) == 0 )) {
if (!mbedtls_ecp_is_zero(point) && (mbedtls_mpi_cmp_int( &point->MBEDTLS_PRIVATE(Z), 1 ) == 0 )) {
// Affine coordinates mean that z should be 1,
wpa_printf(MSG_ERROR, "Z coordinate is neither 0 or 1");
return -1;
}
if (x) {
MBEDTLS_MPI_CHK(mbedtls_mpi_copy((mbedtls_mpi*) x, &((mbedtls_ecp_point* )point)->X));
MBEDTLS_MPI_CHK(mbedtls_mpi_copy((mbedtls_mpi*) x, &((mbedtls_ecp_point* )point)->MBEDTLS_PRIVATE(X)));
}
if (y) {
MBEDTLS_MPI_CHK(mbedtls_mpi_copy((mbedtls_mpi*) y, &((mbedtls_ecp_point* )point)->Y));
MBEDTLS_MPI_CHK(mbedtls_mpi_copy((mbedtls_mpi*) y, &((mbedtls_ecp_point* )point)->MBEDTLS_PRIVATE(Y)));
}
return 0;
cleanup:
@@ -215,9 +215,9 @@ struct crypto_ec_point *crypto_ec_point_from_bin(struct crypto_ec *e,
}
mbedtls_ecp_point_init(pt);
MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&pt->X, val, len));
MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&pt->Y, val + len, len));
MBEDTLS_MPI_CHK(mbedtls_mpi_lset((&pt->Z), 1));
MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&pt->MBEDTLS_PRIVATE(X), val, len));
MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&pt->MBEDTLS_PRIVATE(Y), val + len, len));
MBEDTLS_MPI_CHK(mbedtls_mpi_lset((&pt->MBEDTLS_PRIVATE(Z)), 1));
return (struct crypto_ec_point *) pt;
@@ -287,8 +287,8 @@ static int ecp_opp(const mbedtls_ecp_group *grp, mbedtls_ecp_point *R, const mbe
}
/* In-place opposite */
if (mbedtls_mpi_cmp_int(&R->Y, 0) != 0) {
MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&R->Y, &grp->P, &R->Y));
if (mbedtls_mpi_cmp_int(&R->MBEDTLS_PRIVATE(Y), 0) != 0) {
MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&R->MBEDTLS_PRIVATE(Y), &grp->P, &R->MBEDTLS_PRIVATE(Y)));
}
cleanup:
@@ -309,7 +309,7 @@ int crypto_ec_point_solve_y_coord(struct crypto_ec *e,
mbedtls_mpi_init(&temp);
int ret = 0;
y = &((mbedtls_ecp_point *)p)->Y;
y = &((mbedtls_ecp_point *)p)->MBEDTLS_PRIVATE(Y);
/* Faster way to find sqrt
* Works only with curves having prime p
@@ -333,8 +333,8 @@ int crypto_ec_point_solve_y_coord(struct crypto_ec *e,
if (y_bit != mbedtls_mpi_get_bit(y, 0))
MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(y, &e->group.P, y));
MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&((mbedtls_ecp_point* )p)->X, (const mbedtls_mpi*) x));
MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&((mbedtls_ecp_point *)p)->Z, 1));
MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&((mbedtls_ecp_point* )p)->MBEDTLS_PRIVATE(X), (const mbedtls_mpi*) x));
MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&((mbedtls_ecp_point *)p)->MBEDTLS_PRIVATE(Z), 1));
} else {
ret = 1;
}
@@ -418,9 +418,9 @@ int crypto_ec_point_is_on_curve(struct crypto_ec *e,
/* Calculate y^2 mod P*/
MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&two, 2));
MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&y_sqr_lhs, &((const mbedtls_ecp_point *)p)->Y , &two, &e->group.P, NULL));
MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&y_sqr_lhs, &((const mbedtls_ecp_point *)p)->MBEDTLS_PRIVATE(Y) , &two, &e->group.P, NULL));
y_sqr_rhs = (mbedtls_mpi *) crypto_ec_point_compute_y_sqr(e, (const struct crypto_bignum *) & ((const mbedtls_ecp_point *)p)->X);
y_sqr_rhs = (mbedtls_mpi *) crypto_ec_point_compute_y_sqr(e, (const struct crypto_bignum *) & ((const mbedtls_ecp_point *)p)->MBEDTLS_PRIVATE(X));
if (y_sqr_rhs && (mbedtls_mpi_cmp_mpi(y_sqr_rhs, &y_sqr_lhs) == 0)) {
on_curve = 1;
@@ -443,7 +443,7 @@ int crypto_ec_point_cmp(const struct crypto_ec *e,
}
int crypto_key_compare(struct crypto_key *key1, struct crypto_key *key2)
{
if (mbedtls_pk_check_pair((mbedtls_pk_context *)key1, (mbedtls_pk_context *)key2) < 0)
if (mbedtls_pk_check_pair((mbedtls_pk_context *)key1, (mbedtls_pk_context *)key2, NULL, NULL) < 0)
return 0;
return 1;
@@ -513,8 +513,8 @@ struct crypto_key * crypto_ec_set_pubkey_point(const struct crypto_ec_group *gro
if( ( ret = mbedtls_pk_setup( key,
mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY) ) ) != 0 )
goto fail;
mbedtls_ecp_copy(&mbedtls_pk_ec(*key)->Q, point);
mbedtls_ecp_group_load(&mbedtls_pk_ec(*key)->grp, MBEDTLS_ECP_DP_SECP256R1);
mbedtls_ecp_copy(&mbedtls_pk_ec(*key)->MBEDTLS_PRIVATE(Q), point);
mbedtls_ecp_group_load(&mbedtls_pk_ec(*key)->MBEDTLS_PRIVATE(grp), MBEDTLS_ECP_DP_SECP256R1);
pkey = (struct crypto_key *)key;
crypto_ec_point_deinit((struct crypto_ec_point *)point, 0);
@@ -540,7 +540,7 @@ struct crypto_ec_point *crypto_ec_get_public_key(struct crypto_key *key)
{
mbedtls_pk_context *pkey = (mbedtls_pk_context *)key;
return (struct crypto_ec_point *)&mbedtls_pk_ec(*pkey)->Q;
return (struct crypto_ec_point *)&mbedtls_pk_ec(*pkey)->MBEDTLS_PRIVATE(Q);
}
@@ -568,14 +568,14 @@ struct crypto_ec_group *crypto_ec_get_group_from_key(struct crypto_key *key)
{
mbedtls_pk_context *pkey = (mbedtls_pk_context *)key;
return (struct crypto_ec_group *)&(mbedtls_pk_ec(*pkey)->grp);
return (struct crypto_ec_group *)&(mbedtls_pk_ec(*pkey)->MBEDTLS_PRIVATE(grp));
}
struct crypto_bignum *crypto_ec_get_private_key(struct crypto_key *key)
{
mbedtls_pk_context *pkey = (mbedtls_pk_context *)key;
return ((struct crypto_bignum *)&(mbedtls_pk_ec(*pkey)->d));
return ((struct crypto_bignum *)&(mbedtls_pk_ec(*pkey)->MBEDTLS_PRIVATE(d)));
}
int crypto_ec_get_publickey_buf(struct crypto_key *key, u8 *key_buf, int len)
@@ -624,7 +624,7 @@ struct crypto_key *crypto_ec_get_key(const u8 *privkey, size_t privkey_len)
wpa_printf(MSG_ERROR, "memory allocation failed\n");
return NULL;
}
ret = mbedtls_pk_parse_key(kctx, privkey, privkey_len, NULL, 0);
ret = mbedtls_pk_parse_key(kctx, privkey, privkey_len, NULL, 0, crypto_rng_wrapper, NULL);
if (ret < 0) {
//crypto_print_error_string(ret);
@@ -744,8 +744,8 @@ int crypto_ecdsa_get_sign(unsigned char *hash,
if (mbedtls_ecdsa_from_keypair(ctx, mbedtls_pk_ec(*pkey)) < 0) {
goto fail;
}
ret = mbedtls_ecdsa_sign(&ctx->grp, (mbedtls_mpi *)r, (mbedtls_mpi *)s,
&ctx->d, hash, SHA256_MAC_LEN, crypto_rng_wrapper, NULL);
ret = mbedtls_ecdsa_sign(&ctx->MBEDTLS_PRIVATE(grp), (mbedtls_mpi *)r, (mbedtls_mpi *)s,
&ctx->MBEDTLS_PRIVATE(d), hash, SHA256_MAC_LEN, crypto_rng_wrapper, NULL);
fail:
mbedtls_ecdsa_free(ctx);
@@ -770,8 +770,8 @@ int crypto_edcsa_sign_verify(const unsigned char *hash,
if (mbedtls_ecdsa_from_keypair(ctx, mbedtls_pk_ec(*pkey)) < 0)
return ret;
if((ret = mbedtls_ecdsa_verify(&ctx->grp, hash, hlen,
&ctx->Q, (mbedtls_mpi *)r, (mbedtls_mpi *)s)) != 0){
if((ret = mbedtls_ecdsa_verify(&ctx->MBEDTLS_PRIVATE(grp), hash, hlen,
&ctx->MBEDTLS_PRIVATE(Q), (mbedtls_mpi *)r, (mbedtls_mpi *)s)) != 0){
wpa_printf(MSG_ERROR, "ecdsa verification failed\n");
return ret;
}
@@ -858,7 +858,7 @@ static int pk_write_ec_param( unsigned char **p, unsigned char *start,
const char *oid;
size_t oid_len;
if( ( ret = mbedtls_oid_get_oid_by_ec_grp( ec->grp.id, &oid, &oid_len ) ) != 0 )
if( ( ret = mbedtls_oid_get_oid_by_ec_grp( ec->MBEDTLS_PRIVATE(grp).id, &oid, &oid_len ) ) != 0 )
return( ret );
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_oid( p, start, oid, oid_len ) );
@@ -873,7 +873,7 @@ static int pk_write_ec_pubkey_formatted( unsigned char **p, unsigned char *start
size_t len = 0;
unsigned char buf[MBEDTLS_ECP_MAX_PT_LEN];
if( ( ret = mbedtls_ecp_point_write_binary( &ec->grp, &ec->Q,
if( ( ret = mbedtls_ecp_point_write_binary( &ec->MBEDTLS_PRIVATE(grp), &ec->MBEDTLS_PRIVATE(Q),
format,
&len, buf, sizeof( buf ) ) ) != 0 )
{

4
components/wpa_supplicant/src/crypto/crypto_mbedtls.c
View File

@@ -399,12 +399,12 @@ static int crypto_init_cipher_ctx(mbedtls_cipher_context_t *ctx,
return -1;
}
if (mbedtls_cipher_setkey(ctx, key, cipher_info->key_bitlen,
if (mbedtls_cipher_setkey(ctx, key, cipher_info->MBEDTLS_PRIVATE(key_bitlen),
operation) != 0) {
wpa_printf(MSG_ERROR, "mbedtls_cipher_setkey returned error");
return -1;
}
if (mbedtls_cipher_set_iv(ctx, iv, cipher_info->iv_size) != 0) {
if (mbedtls_cipher_set_iv(ctx, iv, cipher_info->MBEDTLS_PRIVATE(iv_size)) != 0) {
wpa_printf(MSG_ERROR, "mbedtls_cipher_set_iv returned error");
return -1;
}

76
components/wpa_supplicant/src/crypto/tls_mbedtls.c
View File

@@ -456,7 +456,7 @@ static void tls_set_ciphersuite(const struct tls_connection_params *cfg, tls_con
if (tls->ciphersuite[0]) {
mbedtls_ssl_conf_ciphersuites(&tls->conf, tls->ciphersuite);
} else if (mbedtls_pk_get_bitlen(&tls->clientkey) > 2048 ||
(tls->cacert_ptr && mbedtls_pk_get_bitlen(&tls->cacert_ptr->pk) > 2048)) {
(tls->cacert_ptr && mbedtls_pk_get_bitlen(&tls->cacert_ptr->MBEDTLS_PRIVATE(pk)) > 2048)) {
mbedtls_ssl_conf_ciphersuites(&tls->conf, eap_ciphersuite_preference);
}
}
@@ -610,7 +610,7 @@ int tls_connection_established(void *tls_ctx, struct tls_connection *conn)
{
mbedtls_ssl_context *ssl = &conn->tls->ssl;
if (ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER) {
if (ssl->MBEDTLS_PRIVATE(state) == MBEDTLS_SSL_HANDSHAKE_OVER) {
return 1;
}
@@ -647,11 +647,11 @@ struct wpabuf * tls_connection_handshake(void *tls_ctx,
}
/* Multiple reads */
while (tls->ssl.state != MBEDTLS_SSL_HANDSHAKE_OVER) {
if (tls->ssl.state == MBEDTLS_SSL_CLIENT_CERTIFICATE) {
while (tls->ssl.MBEDTLS_PRIVATE(state) != MBEDTLS_SSL_HANDSHAKE_OVER) {
if (tls->ssl.MBEDTLS_PRIVATE(state) == MBEDTLS_SSL_CLIENT_CERTIFICATE) {
/* Read random data before session completes, not present after handshake */
if (tls->ssl.handshake) {
os_memcpy(conn->randbytes, tls->ssl.handshake->randbytes,
if (tls->ssl.MBEDTLS_PRIVATE(handshake)) {
os_memcpy(conn->randbytes, tls->ssl.MBEDTLS_PRIVATE(handshake)->randbytes,
TLS_RANDOM_LEN * 2);
conn->mac = tls->ssl.handshake->ciphersuite_info->mac;
}
@@ -666,6 +666,44 @@ struct wpabuf * tls_connection_handshake(void *tls_ctx,
goto end;
}
/* State machine just started, get client hello */
if (tls->ssl.MBEDTLS_PRIVATE(state) == MBEDTLS_SSL_CLIENT_HELLO) {
ret = mbedtls_ssl_handshake_step(&tls->ssl);
}
if (ret < 0) {
wpa_printf(MSG_ERROR, "%s:%d", __func__, __LINE__);
goto end;
}
/* Already read sever data till hello done */
if (tls->ssl.MBEDTLS_PRIVATE(state) == MBEDTLS_SSL_CLIENT_CERTIFICATE) {
/* Read random data before session completes, not present after handshake */
if (tls->ssl.MBEDTLS_PRIVATE(handshake)) {
os_memcpy(conn->randbytes, tls->ssl.MBEDTLS_PRIVATE(handshake)->randbytes,
TLS_RANDOM_LEN * 2);
}
/* trigger state machine multiple times to reach till finish */
while (tls->ssl.MBEDTLS_PRIVATE(state) <= MBEDTLS_SSL_CLIENT_FINISHED) {
ret = mbedtls_ssl_handshake_step(&tls->ssl);
if (ret < 0) {
break;
}
}
}
/* Trigger state machine till handshake is complete or error occures */
if (tls->ssl.MBEDTLS_PRIVATE(state) == MBEDTLS_SSL_FLUSH_BUFFERS) {
while (tls->ssl.MBEDTLS_PRIVATE(state) <= MBEDTLS_SSL_HANDSHAKE_OVER) {
ret = mbedtls_ssl_handshake_step(&tls->ssl);
if (ret < 0) {
break;
}
}
}
if (!conn->tls_io_data.out_data) {
wpa_printf(MSG_INFO, "application data is null, adding one byte for ack");
u8 *dummy = os_zalloc(1);
@@ -754,8 +792,8 @@ cleanup:
int tls_connection_resumed(void *tls_ctx, struct tls_connection *conn)
{
if (conn && conn->tls && conn->tls->ssl.handshake) {
return conn->tls->ssl.handshake->resume;
if (conn && conn->tls && conn->tls->ssl.MBEDTLS_PRIVATE(handshake)) {
return conn->tls->ssl.MBEDTLS_PRIVATE(handshake)->resume;
}
return 0;
@@ -890,13 +928,14 @@ static int tls_connection_prf(void *tls_ctx, struct tls_connection *conn,
int ret;
u8 seed[2 * TLS_RANDOM_LEN];
mbedtls_ssl_context *ssl = &conn->tls->ssl;
mbedtls_ssl_transform *transform = ssl->MBEDTLS_PRIVATE(transform);
if (!ssl || !ssl->transform) {
wpa_printf(MSG_ERROR, "TLS: %s, session ingo is null", __func__);
return -1;
}
if (ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER) {
wpa_printf(MSG_ERROR, "TLS: %s, incorrect tls state=%d", __func__, ssl->state);
if (ssl->MBEDTLS_PRIVATE(state) != MBEDTLS_SSL_HANDSHAKE_OVER) {
wpa_printf(MSG_ERROR, "TLS: %s, incorrect tls state=%d", __func__, ssl->MBEDTLS_PRIVATE(state));
return -1;
}
@@ -908,16 +947,17 @@ static int tls_connection_prf(void *tls_ctx, struct tls_connection *conn,
}
wpa_hexdump_key(MSG_MSGDUMP, "random", seed, 2 * TLS_RANDOM_LEN);
wpa_hexdump_key(MSG_MSGDUMP, "master", ssl->session->master, TLS_MASTER_SECRET_LEN);
wpa_hexdump_key(MSG_MSGDUMP, "master", ssl->MBEDTLS_PRIVATE(session)->MBEDTLS_PRIVATE(master), TLS_MASTER_SECRET_LEN);
if (conn->mac == MBEDTLS_MD_SHA384) {
ret = tls_prf_sha384(ssl->session->master, TLS_MASTER_SECRET_LEN,
if (ssl->MBEDTLS_PRIVATE(handshake)->ciphersuite_info->MBEDTLS_PRIVATE(mac) == MBEDTLS_MD_SHA384) {
ret = tls_prf_sha384(ssl->MBEDTLS_PRIVATE(session)->MBEDTLS_PRIVATE(master), TLS_MASTER_SECRET_LEN,
label, seed, 2 * TLS_RANDOM_LEN, out, out_len);
} else if (conn->mac == MBEDTLS_MD_SHA256) {
ret = tls_prf_sha256(ssl->session->master, TLS_MASTER_SECRET_LEN,
} else if (ssl->MBEDTLS_PRIVATE(handshake)->ciphersuite_info->MBEDTLS_PRIVATE(mac) == MBEDTLS_MD_SHA256) {
ret = tls_prf_sha256(ssl->MBEDTLS_PRIVATE(session)->MBEDTLS_PRIVATE(master), TLS_MASTER_SECRET_LEN,
label, seed, 2 * TLS_RANDOM_LEN, out, out_len);
} else {
ret = tls_prf_sha1_md5(ssl->session->master, TLS_MASTER_SECRET_LEN,
ret = tls_prf_sha1_md5(ssl->MBEDTLS_PRIVATE(session)->MBEDTLS_PRIVATE(master), TLS_MASTER_SECRET_LEN,
label, seed, 2 * TLS_RANDOM_LEN, out, out_len);
}
@@ -970,14 +1010,14 @@ int tls_connection_get_random(void *tls_ctx, struct tls_connection *conn,
mbedtls_ssl_context *ssl = &conn->tls->ssl;
os_memset(data, 0, sizeof(*data));
if (ssl->state == MBEDTLS_SSL_CLIENT_HELLO) {
if (ssl->MBEDTLS_PRIVATE(state) == MBEDTLS_SSL_CLIENT_HELLO) {
return -1;
}
data->client_random = conn->randbytes;
data->client_random_len = TLS_RANDOM_LEN;
if (ssl->state != MBEDTLS_SSL_SERVER_HELLO) {
if (ssl->MBEDTLS_PRIVATE(state) != MBEDTLS_SSL_SERVER_HELLO) {
data->server_random = conn->randbytes + TLS_RANDOM_LEN;
data->server_random_len = TLS_RANDOM_LEN;
}

62
components/wpa_supplicant/test/test_crypto.c
View File

@@ -1,16 +1,8 @@
// Copyright 2015-2018 Espressif Systems (Shanghai) PTE LTD
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
/*
* SPDX-FileCopyrightText: 2015-2021 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
#include <stdio.h>
#include <ctype.h>
#include <errno.h>
@@ -328,10 +320,10 @@ TEST_CASE("Test crypto lib bignum apis", "[wpa_crypto]")
*/
static inline void ecp_mpi_load( mbedtls_mpi *X, const mbedtls_mpi_uint *p, size_t len )
{
X->s = 1;
X->n = len / sizeof( mbedtls_mpi_uint );
X->p = os_zalloc(len);
memcpy(X->p, (void *)p, len);
X->MBEDTLS_PRIVATE(s) = 1;
X->MBEDTLS_PRIVATE(n) = len / sizeof( mbedtls_mpi_uint );
X->MBEDTLS_PRIVATE(p) = os_zalloc(len);
memcpy(X->MBEDTLS_PRIVATE(p), (void *)p, len);
}
@@ -399,10 +391,10 @@ TEST_CASE("Test crypto lib ECC apis", "[wpa_crypto]")
mbedtls_mpi_init( &num );
mbedtls_mpi_lset( &num, 3 );
ecp_mpi_load(& ((mbedtls_ecp_point *)p)->X, secp256r1_gx, sizeof(secp256r1_gx));
ecp_mpi_load(& ((mbedtls_ecp_point *)p)->Y, secp256r1_gy, sizeof(secp256r1_gy));
ecp_mpi_load(& ((mbedtls_ecp_point *)p)->MBEDTLS_PRIVATE(X), secp256r1_gx, sizeof(secp256r1_gx));
ecp_mpi_load(& ((mbedtls_ecp_point *)p)->MBEDTLS_PRIVATE(Y), secp256r1_gy, sizeof(secp256r1_gy));
mbedtls_mpi_lset((&((mbedtls_ecp_point *)p)->Z), 1);
mbedtls_mpi_lset((&((mbedtls_ecp_point *)p)->MBEDTLS_PRIVATE(Z)), 1);
TEST_ASSERT(crypto_ec_point_mul(e, p, (crypto_bignum *) &num, q) == 0); //q = 3p
@@ -438,10 +430,10 @@ TEST_CASE("Test crypto lib ECC apis", "[wpa_crypto]")
mbedtls_mpi_init( &num );
mbedtls_mpi_lset( &num, 100 );
ecp_mpi_load(& ((mbedtls_ecp_point *)p)->X, secp256r1_gx, sizeof(secp256r1_gx));
ecp_mpi_load(& ((mbedtls_ecp_point *)p)->Y, secp256r1_gy, sizeof(secp256r1_gy));
ecp_mpi_load(& ((mbedtls_ecp_point *)p)->MBEDTLS_PRIVATE(X), secp256r1_gx, sizeof(secp256r1_gx));
ecp_mpi_load(& ((mbedtls_ecp_point *)p)->MBEDTLS_PRIVATE(Y), secp256r1_gy, sizeof(secp256r1_gy));
mbedtls_mpi_lset((&((mbedtls_ecp_point *)p)->Z), 1);
mbedtls_mpi_lset((&((mbedtls_ecp_point *)p)->MBEDTLS_PRIVATE(Z)), 1);
TEST_ASSERT(crypto_ec_point_mul(e, p, (crypto_bignum *) &num, q) == 0);
TEST_ASSERT(crypto_ec_point_mul(e, p, (crypto_bignum *) &num, r) == 0);
@@ -474,10 +466,10 @@ TEST_CASE("Test crypto lib ECC apis", "[wpa_crypto]")
mbedtls_mpi_init( &num );
mbedtls_mpi_lset( &num, 50 );
ecp_mpi_load(& ((mbedtls_ecp_point *)p)->X, secp256r1_gx, sizeof(secp256r1_gx));
ecp_mpi_load(& ((mbedtls_ecp_point *)p)->Y, secp256r1_gy, sizeof(secp256r1_gy));
ecp_mpi_load(& ((mbedtls_ecp_point *)p)->MBEDTLS_PRIVATE(X), secp256r1_gx, sizeof(secp256r1_gx));
ecp_mpi_load(& ((mbedtls_ecp_point *)p)->MBEDTLS_PRIVATE(Y), secp256r1_gy, sizeof(secp256r1_gy));
mbedtls_mpi_lset((&((mbedtls_ecp_point *)p)->Z), 1);
mbedtls_mpi_lset((&((mbedtls_ecp_point *)p)->MBEDTLS_PRIVATE(Z)), 1);
/* Generator should always be on the curve*/
TEST_ASSERT(crypto_ec_point_is_on_curve(e, p));
@@ -512,21 +504,21 @@ TEST_CASE("Test crypto lib ECC apis", "[wpa_crypto]")
mbedtls_mpi_init( &num );
mbedtls_mpi_lset( &num, 50 );
ecp_mpi_load(& ((mbedtls_ecp_point *)p)->X, secp256r1_gx, sizeof(secp256r1_gx));
ecp_mpi_load(& ((mbedtls_ecp_point *)p)->Y, secp256r1_gy, sizeof(secp256r1_gy));
ecp_mpi_load(& ((mbedtls_ecp_point *)p)->MBEDTLS_PRIVATE(X), secp256r1_gx, sizeof(secp256r1_gx));
ecp_mpi_load(& ((mbedtls_ecp_point *)p)->MBEDTLS_PRIVATE(Y), secp256r1_gy, sizeof(secp256r1_gy));
mbedtls_mpi_lset((&((mbedtls_ecp_point *)p)->Z), 1);
mbedtls_mpi_lset((&((mbedtls_ecp_point *)p)->MBEDTLS_PRIVATE(Z)), 1);
mbedtls_mpi_copy(&((mbedtls_ecp_point *)q)->X, &((mbedtls_ecp_point *)p)->X);
mbedtls_mpi_copy(&((mbedtls_ecp_point *)r)->X, &((mbedtls_ecp_point *)p)->X);
mbedtls_mpi_copy(&((mbedtls_ecp_point *)q)->MBEDTLS_PRIVATE(X), &((mbedtls_ecp_point *)p)->MBEDTLS_PRIVATE(X));
mbedtls_mpi_copy(&((mbedtls_ecp_point *)r)->MBEDTLS_PRIVATE(X), &((mbedtls_ecp_point *)p)->MBEDTLS_PRIVATE(X));
mbedtls_mpi_lset((&((mbedtls_ecp_point *)q)->Z), 1);
mbedtls_mpi_lset((&((mbedtls_ecp_point *)r)->Z), 1);
mbedtls_mpi_lset((&((mbedtls_ecp_point *)q)->MBEDTLS_PRIVATE(Z)), 1);
mbedtls_mpi_lset((&((mbedtls_ecp_point *)r)->MBEDTLS_PRIVATE(Z)), 1);
TEST_ASSERT(crypto_ec_point_solve_y_coord(e, q, (crypto_bignum *) & ((mbedtls_ecp_point *)q)->X, 0) == 0);
TEST_ASSERT(crypto_ec_point_solve_y_coord(e, q, (crypto_bignum *) & ((mbedtls_ecp_point *)q)->MBEDTLS_PRIVATE(X), 0) == 0);
TEST_ASSERT(crypto_ec_point_is_on_curve(e, q));
TEST_ASSERT(crypto_ec_point_solve_y_coord(e, r, (crypto_bignum *) & ((mbedtls_ecp_point *)q)->X, 1) == 0);
TEST_ASSERT(crypto_ec_point_solve_y_coord(e, r, (crypto_bignum *) & ((mbedtls_ecp_point *)q)->MBEDTLS_PRIVATE(X), 1) == 0);
TEST_ASSERT(crypto_ec_point_is_on_curve(e, r));
TEST_ASSERT((crypto_ec_point_cmp(e, p, q) == 0) || (crypto_ec_point_cmp(e, p, r) == 0));

6
examples/bluetooth/blufi/main/blufi_security.c
View File

@@ -103,7 +103,7 @@ void blufi_dh_negotiate_data_handler(uint8_t *data, int len, uint8_t **output_da
}
free(blufi_sec->dh_param);
blufi_sec->dh_param = NULL;
ret = mbedtls_dhm_make_public(&blufi_sec->dhm, (int) mbedtls_mpi_size( &blufi_sec->dhm.P ), blufi_sec->self_public_key, blufi_sec->dhm.len, myrand, NULL);
ret = mbedtls_dhm_make_public(&blufi_sec->dhm, (int) mbedtls_mpi_size( &blufi_sec->dhm.MBEDTLS_PRIVATE(P) ), blufi_sec->self_public_key, mbedtls_mpi_size( &blufi_sec->dhm.MBEDTLS_PRIVATE(P) ), myrand, NULL);
if (ret) {
BLUFI_ERROR("%s make public failed %d\n", __func__, ret);
btc_blufi_report_error(ESP_BLUFI_MAKE_PUBLIC_ERROR);
@@ -116,7 +116,7 @@ void blufi_dh_negotiate_data_handler(uint8_t *data, int len, uint8_t **output_da
&blufi_sec->share_len,
NULL, NULL);
ret = mbedtls_md5_ret(blufi_sec->share_key, blufi_sec->share_len, blufi_sec->psk);
ret = mbedtls_md5(blufi_sec->share_key, blufi_sec->share_len, blufi_sec->psk);
if (ret) {
BLUFI_ERROR("%s mbedtls_md5 failed %d\n", __func__, ret);
@@ -128,7 +128,7 @@ void blufi_dh_negotiate_data_handler(uint8_t *data, int len, uint8_t **output_da
/* alloc output data */
*output_data = &blufi_sec->self_public_key[0];
*output_len = blufi_sec->dhm.len;
*output_len = mbedtls_mpi_size( &blufi_sec->dhm.MBEDTLS_PRIVATE(P) );
*need_free = false;
}

2
examples/bluetooth/esp_ble_mesh/aligenie_demo/main/aligenie_demo.c
View File

@@ -1282,7 +1282,7 @@ void config_triples(void)
ESP_LOGI(TAG, "authvalue_string: %s", authvalue_string);
uint8_t sha256_out[32] = {0};
mbedtls_sha256_ret((const unsigned char *)authvalue_string, strlen(authvalue_string), sha256_out, 0);
mbedtls_sha256((const unsigned char *)authvalue_string, strlen(authvalue_string), sha256_out, 0);
memcpy(static_val, sha256_out, 16);
provision.static_val = static_val;

2
examples/peripherals/secure_element/atecc608_ecdsa/components/esp-cryptoauthlib

Submodule examples/peripherals/secure_element/atecc608_ecdsa/components/esp-cryptoauthlib updated: ef34699429...077758db50

4
examples/peripherals/secure_element/atecc608_ecdsa/main/ecdsa_example_main.c
View File

@@ -19,7 +19,7 @@
*/
/* This is mbedtls boilerplate for library configuration */
#include "mbedtls/config.h"
#include "mbedtls/mbedtls_config.h"
/* System Includes*/
#include <stdio.h>
@@ -146,7 +146,7 @@ static int atca_ecdsa_test(void)
#endif
ESP_LOGI(TAG, " Generating ECDSA Signature...");
ret = mbedtls_pk_sign(&pkey, MBEDTLS_MD_SHA256, hash, 0, buf, &olen,
ret = mbedtls_pk_sign(&pkey, MBEDTLS_MD_SHA256, hash, 0, buf, MBEDTLS_MPI_MAX_SIZE, &olen,
mbedtls_ctr_drbg_random, &ctr_drbg);
if (ret != 0) {
ESP_LOGI(TAG, " failed ! mbedtls_pk_sign returned -0x%04x", -ret);

2
examples/protocols/https_server/simple/example_test.py
View File

@@ -121,7 +121,7 @@ def test_examples_protocol_https_server_simple(env, extra_data): # type: (tiny_
CLIENT_CERT_FILE = 'client_cert.pem'
CLIENT_KEY_FILE = 'client_key.pem'
ssl_context = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
ssl_context = ssl.SSLContext(ssl.PROTOCOL_TLSv1_2)
ssl_context.verify_mode = ssl.CERT_REQUIRED
ssl_context.check_hostname = False
ssl_context.load_verify_locations(cadata=server_cert_pem)

13
tools/ci/check_copyright_ignore.txt
View File

@@ -1097,6 +1097,10 @@ components/mbedtls/port/aes/dma/include/esp_aes_dma_priv.h
components/mbedtls/port/aes/esp_aes_common.c
components/mbedtls/port/aes/esp_aes_gcm.c
components/mbedtls/port/aes/esp_aes_xts.c
components/mbedtls/port/crypto_shared_gdma/esp_crypto_shared_gdma.c
components/mbedtls/port/dynamic/esp_ssl_cli.c
components/mbedtls/port/dynamic/esp_ssl_srv.c
components/mbedtls/port/dynamic/esp_mbedtls_dynamic_impl.h
components/mbedtls/port/esp32/bignum.c
components/mbedtls/port/esp32c2/bignum.c
components/mbedtls/port/esp32c3/bignum.c
@@ -1118,7 +1122,6 @@ components/mbedtls/port/include/esp32s2/aes.h
components/mbedtls/port/include/esp32s2/gcm.h
components/mbedtls/port/include/esp32s2/sha.h
components/mbedtls/port/include/esp_crypto_shared_gdma.h
components/mbedtls/port/include/esp_ds/esp_rsa_sign_alt.h
components/mbedtls/port/include/esp_mem.h
components/mbedtls/port/include/gcm_alt.h
components/mbedtls/port/include/mbedtls/esp_config.h
@@ -1145,16 +1148,15 @@ components/mbedtls/port/sha/parallel_engine/esp_sha256.c
components/mbedtls/port/sha/parallel_engine/esp_sha512.c
components/mbedtls/port/sha/parallel_engine/sha.c
components/mbedtls/test/test_aes.c
components/mbedtls/test/test_aes_gcm.c
components/mbedtls/test/test_aes_perf.c
components/mbedtls/test/test_aes_sha_parallel.c
components/mbedtls/test/test_apb_dport_access.c
components/mbedtls/test/test_apb_dport_access.h
components/mbedtls/test/test_ecp.c
components/mbedtls/test/test_esp_crt_bundle.c
components/mbedtls/test/test_mbedtls.c
components/mbedtls/test/test_mbedtls_mpi.c
components/mbedtls/test/test_rsa.c
components/mbedtls/test/test_mbedtls_sha.c
components/mbedtls/test/test_sha_perf.c
components/mdns/host_test/components/esp_event_mock/esp_event_mock.c
components/mdns/host_test/components/esp_event_mock/include/esp_event.h
components/mdns/host_test/components/esp_event_mock/include/esp_event_base.h
@@ -1297,6 +1299,8 @@ components/protocomm/src/common/protocomm.c
components/protocomm/src/common/protocomm_priv.h
components/protocomm/src/security/security0.c
components/protocomm/test/test_protocomm.c
components/protocomm/src/transports/protocomm_httpd.c
components/pthread/include/esp_pthread.h
components/pthread/pthread_cond_var.c
components/pthread/pthread_internal.h
components/pthread/pthread_local_storage.c
@@ -2049,7 +2053,6 @@ components/wpa_supplicant/src/wps/wps_enrollee.c
components/wpa_supplicant/src/wps/wps_i.h
components/wpa_supplicant/src/wps/wps_registrar.c
components/wpa_supplicant/src/wps/wps_validate.c
components/wpa_supplicant/test/test_crypto.c
components/wpa_supplicant/test/test_dpp.c
components/xtensa/eri.c
components/xtensa/esp32/include/xtensa/config/core-isa.h