mirror of
https://github.com/espressif/esp-idf.git
synced 2025-08-21 16:55:33 +00:00
wpa_supplicant: Write Crypto API based on mbedtls
This commit add following crypto changes 1. Update current crypto code with upstream supplicant code 2. Add a proper porting layer to use mbedtls APIs for all the crypto operations used by supplicant. Internal crypto will be used when USE_MBEDLTS flag is disabled in supplicant's menuconfig. This commit also removes the clutter in crypto files due to partial porting of some APIs to mbedtls, all the code from those files have been removed and rewritten in a generic way, this is inspired from current upstream code. This also reduces the lib size significantly, supplicant's lib size reduces around ~567kb after this change(NB: lib size doesn't indicate reduction in final bin size).
This commit is contained in:
kapil.gupta
@@ -5,32 +5,14 @@
|
||||
* This software may be distributed under the terms of the BSD license.
|
||||
* See README for more details.
|
||||
*/
|
||||
/*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Hardware crypto support Copyright 2017-2019 Espressif Systems (Shanghai) PTE LTD
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
#include "utils/includes.h"
|
||||
#include "utils/common.h"
|
||||
#include "includes.h"
|
||||
|
||||
#include "common.h"
|
||||
#include "crypto.h"
|
||||
#include "sha256_i.h"
|
||||
#include "sha1_i.h"
|
||||
#include "md5_i.h"
|
||||
#ifdef USE_MBEDTLS_CRYPTO
|
||||
#include "mbedtls/sha256.h"
|
||||
#else
|
||||
#include "sha256_i.h"
|
||||
#endif
|
||||
|
||||
struct crypto_hash {
|
||||
enum crypto_hash_alg alg;
|
||||
@@ -38,19 +20,21 @@ struct crypto_hash {
|
||||
struct MD5Context md5;
|
||||
struct SHA1Context sha1;
|
||||
#ifdef CONFIG_SHA256
|
||||
#ifdef USE_MBEDTLS_CRYPTO
|
||||
mbedtls_sha256_context sha256;
|
||||
#else /* USE_MBEDTLS_CRYPTO */
|
||||
struct sha256_state sha256;
|
||||
#endif /* USE_MBEDTLS_CRYPTO */
|
||||
#endif /* CONFIG_SHA256 */
|
||||
#ifdef CONFIG_INTERNAL_SHA384
|
||||
struct sha384_state sha384;
|
||||
#endif /* CONFIG_INTERNAL_SHA384 */
|
||||
#ifdef CONFIG_INTERNAL_SHA512
|
||||
struct sha512_state sha512;
|
||||
#endif /* CONFIG_INTERNAL_SHA512 */
|
||||
} u;
|
||||
u8 key[64];
|
||||
size_t key_len;
|
||||
};
|
||||
|
||||
|
||||
struct crypto_hash * crypto_hash_init(enum crypto_hash_alg alg, const u8 *key,
|
||||
struct crypto_hash * crypto_hash_init(enum crypto_hash_alg alg, const u8 *key,
|
||||
size_t key_len)
|
||||
{
|
||||
struct crypto_hash *ctx;
|
||||
@@ -58,7 +42,7 @@ struct crypto_hash * crypto_hash_init(enum crypto_hash_alg alg, const u8 *key,
|
||||
u8 tk[32];
|
||||
size_t i;
|
||||
|
||||
ctx = (struct crypto_hash *)os_zalloc(sizeof(*ctx));
|
||||
ctx = os_zalloc(sizeof(*ctx));
|
||||
if (ctx == NULL)
|
||||
return NULL;
|
||||
|
||||
@@ -73,14 +57,19 @@ struct crypto_hash * crypto_hash_init(enum crypto_hash_alg alg, const u8 *key,
|
||||
break;
|
||||
#ifdef CONFIG_SHA256
|
||||
case CRYPTO_HASH_ALG_SHA256:
|
||||
#ifdef USE_MBEDTLS_CRYPTO
|
||||
mbedtls_sha256_init(&ctx->u.sha256);
|
||||
mbedtls_sha256_starts_ret(&ctx->u.sha256, 0);
|
||||
#else /* USE_MBEDTLS_CRYPTO */
|
||||
sha256_init(&ctx->u.sha256);
|
||||
#endif /* USE_MBEDTLS_CRYPTO */
|
||||
break;
|
||||
#endif /* CONFIG_SHA256 */
|
||||
#ifdef CONFIG_INTERNAL_SHA384
|
||||
case CRYPTO_HASH_ALG_SHA384:
|
||||
sha384_init(&ctx->u.sha384);
|
||||
break;
|
||||
#endif /* CONFIG_INTERNAL_SHA384 */
|
||||
#ifdef CONFIG_INTERNAL_SHA512
|
||||
case CRYPTO_HASH_ALG_SHA512:
|
||||
sha512_init(&ctx->u.sha512);
|
||||
break;
|
||||
#endif /* CONFIG_INTERNAL_SHA512 */
|
||||
case CRYPTO_HASH_ALG_HMAC_MD5:
|
||||
if (key_len > sizeof(k_pad)) {
|
||||
MD5Init(&ctx->u.md5);
|
||||
@@ -122,17 +111,9 @@ struct crypto_hash * crypto_hash_init(enum crypto_hash_alg alg, const u8 *key,
|
||||
#ifdef CONFIG_SHA256
|
||||
case CRYPTO_HASH_ALG_HMAC_SHA256:
|
||||
if (key_len > sizeof(k_pad)) {
|
||||
#ifdef USE_MBEDTLS_CRYPTO
|
||||
mbedtls_sha256_init(&ctx->u.sha256);
|
||||
mbedtls_sha256_starts_ret(&ctx->u.sha256, 0);
|
||||
mbedtls_sha256_update_ret(&ctx->u.sha256, key, key_len);
|
||||
mbedtls_sha256_finish_ret(&ctx->u.sha256, tk);
|
||||
mbedtls_sha256_free(&ctx->u.sha256);
|
||||
#else /* USE_MBEDTLS_CRYPTO */
|
||||
sha256_init(&ctx->u.sha256);
|
||||
sha256_process(&ctx->u.sha256, key, key_len);
|
||||
sha256_done(&ctx->u.sha256, tk);
|
||||
#endif /* USE_MBEDTLS_CRYPTO */
|
||||
key = tk;
|
||||
key_len = 32;
|
||||
}
|
||||
@@ -144,14 +125,8 @@ struct crypto_hash * crypto_hash_init(enum crypto_hash_alg alg, const u8 *key,
|
||||
os_memset(k_pad + key_len, 0, sizeof(k_pad) - key_len);
|
||||
for (i = 0; i < sizeof(k_pad); i++)
|
||||
k_pad[i] ^= 0x36;
|
||||
#ifdef USE_MBEDTLS_CRYPTO
|
||||
mbedtls_sha256_init(&ctx->u.sha256);
|
||||
mbedtls_sha256_starts_ret(&ctx->u.sha256, 0);
|
||||
mbedtls_sha256_update_ret(&ctx->u.sha256, k_pad, sizeof(k_pad));
|
||||
#else /* USE_MBEDTLS_CRYPTO */
|
||||
sha256_init(&ctx->u.sha256);
|
||||
sha256_process(&ctx->u.sha256, k_pad, sizeof(k_pad));
|
||||
#endif /* USE_MBEDTLS_CRYPTO */
|
||||
break;
|
||||
#endif /* CONFIG_SHA256 */
|
||||
default:
|
||||
@@ -163,7 +138,7 @@ struct crypto_hash * crypto_hash_init(enum crypto_hash_alg alg, const u8 *key,
|
||||
}
|
||||
|
||||
|
||||
void crypto_hash_update(struct crypto_hash *ctx, const u8 *data, size_t len)
|
||||
void crypto_hash_update(struct crypto_hash *ctx, const u8 *data, size_t len)
|
||||
{
|
||||
if (ctx == NULL)
|
||||
return;
|
||||
@@ -180,20 +155,26 @@ void crypto_hash_update(struct crypto_hash *ctx, const u8 *data, size_t len)
|
||||
#ifdef CONFIG_SHA256
|
||||
case CRYPTO_HASH_ALG_SHA256:
|
||||
case CRYPTO_HASH_ALG_HMAC_SHA256:
|
||||
#ifdef USE_MBEDTLS_CRYPTO
|
||||
mbedtls_sha256_update_ret(&ctx->u.sha256, data, len);
|
||||
#else /* USE_MBEDTLS_CRYPTO */
|
||||
sha256_process(&ctx->u.sha256, data, len);
|
||||
#endif /* USE_MBEDTLS_CRYPTO */
|
||||
break;
|
||||
#endif /* CONFIG_SHA256 */
|
||||
#ifdef CONFIG_INTERNAL_SHA384
|
||||
case CRYPTO_HASH_ALG_SHA384:
|
||||
sha384_process(&ctx->u.sha384, data, len);
|
||||
break;
|
||||
#endif /* CONFIG_INTERNAL_SHA384 */
|
||||
#ifdef CONFIG_INTERNAL_SHA512
|
||||
case CRYPTO_HASH_ALG_SHA512:
|
||||
sha512_process(&ctx->u.sha512, data, len);
|
||||
break;
|
||||
#endif /* CONFIG_INTERNAL_SHA512 */
|
||||
default:
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
int crypto_hash_finish(struct crypto_hash *ctx, u8 *mac, size_t *len)
|
||||
int crypto_hash_finish(struct crypto_hash *ctx, u8 *mac, size_t *len)
|
||||
{
|
||||
u8 k_pad[64];
|
||||
size_t i;
|
||||
@@ -233,14 +214,31 @@ int crypto_hash_finish(struct crypto_hash *ctx, u8 *mac, size_t *len)
|
||||
return -1;
|
||||
}
|
||||
*len = 32;
|
||||
#ifdef USE_MBEDTLS_CRYPTO
|
||||
mbedtls_sha256_finish_ret(&ctx->u.sha256, mac);
|
||||
mbedtls_sha256_free(&ctx->u.sha256);
|
||||
#else /* USE_MBEDTLS_CRYPTO */
|
||||
sha256_done(&ctx->u.sha256, mac);
|
||||
#endif /* USE_MBEDTLS_CRYPTO */
|
||||
break;
|
||||
#endif /* CONFIG_SHA256 */
|
||||
#ifdef CONFIG_INTERNAL_SHA384
|
||||
case CRYPTO_HASH_ALG_SHA384:
|
||||
if (*len < 48) {
|
||||
*len = 48;
|
||||
os_free(ctx);
|
||||
return -1;
|
||||
}
|
||||
*len = 48;
|
||||
sha384_done(&ctx->u.sha384, mac);
|
||||
break;
|
||||
#endif /* CONFIG_INTERNAL_SHA384 */
|
||||
#ifdef CONFIG_INTERNAL_SHA512
|
||||
case CRYPTO_HASH_ALG_SHA512:
|
||||
if (*len < 64) {
|
||||
*len = 64;
|
||||
os_free(ctx);
|
||||
return -1;
|
||||
}
|
||||
*len = 64;
|
||||
sha512_done(&ctx->u.sha512, mac);
|
||||
break;
|
||||
#endif /* CONFIG_INTERNAL_SHA512 */
|
||||
case CRYPTO_HASH_ALG_HMAC_MD5:
|
||||
if (*len < 16) {
|
||||
*len = 16;
|
||||
@@ -290,31 +288,17 @@ int crypto_hash_finish(struct crypto_hash *ctx, u8 *mac, size_t *len)
|
||||
}
|
||||
*len = 32;
|
||||
|
||||
#ifdef USE_MBEDTLS_CRYPTO
|
||||
mbedtls_sha256_finish_ret(&ctx->u.sha256, mac);
|
||||
mbedtls_sha256_free(&ctx->u.sha256);
|
||||
#else /* USE_MBEDTLS_CRYPTO */
|
||||
sha256_done(&ctx->u.sha256, mac);
|
||||
#endif /* USE_MBEDTLS_CRYPTO */
|
||||
|
||||
os_memcpy(k_pad, ctx->key, ctx->key_len);
|
||||
os_memset(k_pad + ctx->key_len, 0,
|
||||
sizeof(k_pad) - ctx->key_len);
|
||||
for (i = 0; i < sizeof(k_pad); i++)
|
||||
k_pad[i] ^= 0x5c;
|
||||
#ifdef USE_MBEDTLS_CRYPTO
|
||||
mbedtls_sha256_init(&ctx->u.sha256);
|
||||
mbedtls_sha256_starts_ret(&ctx->u.sha256, 0);
|
||||
mbedtls_sha256_update_ret(&ctx->u.sha256, k_pad, sizeof(k_pad));
|
||||
mbedtls_sha256_update_ret(&ctx->u.sha256, mac, 32);
|
||||
mbedtls_sha256_finish_ret(&ctx->u.sha256, mac);
|
||||
mbedtls_sha256_free(&ctx->u.sha256);
|
||||
#else /* USE_MBEDTLS_CRYPTO */
|
||||
sha256_init(&ctx->u.sha256);
|
||||
sha256_process(&ctx->u.sha256, k_pad, sizeof(k_pad));
|
||||
sha256_process(&ctx->u.sha256, mac, 32);
|
||||
sha256_done(&ctx->u.sha256, mac);
|
||||
#endif /* USE_MBEDTLS_CRYPTO */
|
||||
break;
|
||||
#endif /* CONFIG_SHA256 */
|
||||
default:
|
||||
@@ -324,16 +308,19 @@ int crypto_hash_finish(struct crypto_hash *ctx, u8 *mac, size_t *len)
|
||||
|
||||
os_free(ctx);
|
||||
|
||||
if (TEST_FAIL())
|
||||
return -1;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
int crypto_global_init(void)
|
||||
int crypto_global_init(void)
|
||||
{
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
void crypto_global_deinit(void)
|
||||
void crypto_global_deinit(void)
|
||||
{
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user