Skip to content

Commit

Permalink
Merge branch 'feature/support_DPP_AKM_v1' into 'master'
Browse files Browse the repository at this point in the history
Add support of Network Introduction Protocol in DPP.

Closes WIFI-6171 and WIFIBUG-156

See merge request espressif/esp-idf!20856
  • Loading branch information
jack0c committed Feb 22, 2024
2 parents 9c0714f + 90cc615 commit 2a6b3df
Show file tree
Hide file tree
Showing 23 changed files with 526 additions and 115 deletions.
3 changes: 2 additions & 1 deletion components/esp_wifi/include/esp_wifi_types_generic.h
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,7 @@ typedef struct {
} wifi_country_t;

/* Strength of authmodes */
/* OPEN < WEP < WPA_PSK < OWE < WPA2_PSK = WPA_WPA2_PSK < WAPI_PSK < WPA3_PSK = WPA2_WPA3_PSK < WPA3_EXT_PSK = WPA3_EXT_PSK_MIXED_MODE */
/* OPEN < WEP < WPA_PSK < OWE < WPA2_PSK = WPA_WPA2_PSK < WAPI_PSK < WPA3_PSK = WPA2_WPA3_PSK = DPP < WPA3_EXT_PSK = WPA3_EXT_PSK_MIXED_MODE */
typedef enum {
WIFI_AUTH_OPEN = 0, /**< authenticate mode : open */
WIFI_AUTH_WEP, /**< authenticate mode : WEP */
Expand All @@ -73,6 +73,7 @@ typedef enum {
WIFI_AUTH_WPA3_ENT_192, /**< authenticate mode : WPA3_ENT_SUITE_B_192_BIT */
WIFI_AUTH_WPA3_EXT_PSK, /**< authenticate mode : WPA3_PSK_EXT_KEY */
WIFI_AUTH_WPA3_EXT_PSK_MIXED_MODE, /**< authenticate mode: WPA3_PSK + WPA3_PSK_EXT_KEY */
WIFI_AUTH_DPP, /**< authenticate mode : DPP */
WIFI_AUTH_MAX
} wifi_auth_mode_t;

Expand Down
13 changes: 11 additions & 2 deletions components/wpa_supplicant/esp_supplicant/include/esp_dpp.h
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@
#include <stdbool.h>

#include "esp_err.h"
#include "esp_wifi_types.h"

#ifdef __cplusplus
extern "C" {
Expand All @@ -32,6 +33,7 @@ typedef enum dpp_bootstrap_type {
typedef enum {
ESP_SUPP_DPP_URI_READY, /**< URI is ready through Bootstrapping */
ESP_SUPP_DPP_CFG_RECVD, /**< Config received via DPP Authentication */
ESP_SUPP_DPP_PDR_RECVD, /**< Peer Discovery Response is received */
ESP_SUPP_DPP_FAIL, /**< DPP Authentication failure */
} esp_supp_dpp_event_t;

Expand Down Expand Up @@ -62,8 +64,11 @@ esp_err_t esp_supp_dpp_init(esp_supp_dpp_event_cb_t evt_cb);
* @brief De-initalize DPP Supplicant
*
* Frees memory from DPP Supplicant Data Structures.
*
* @return
* - ESP_OK: Success
*/
void esp_supp_dpp_deinit(void);
esp_err_t esp_supp_dpp_deinit(void);

/**
* @brief Generates Bootstrap Information as an Enrollee.
Expand Down Expand Up @@ -101,8 +106,12 @@ esp_err_t esp_supp_dpp_start_listen(void);
* @brief Stop listening on Channels.
*
* Stops listening on Channels and cancels ongoing listen operation.
*
* @return
* - ESP_OK: Success
* - ESP_FAIL: Failure
*/
void esp_supp_dpp_stop_listen(void);
esp_err_t esp_supp_dpp_stop_listen(void);

#ifdef __cplusplus
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,8 @@
#include "mbedtls/error.h"
#include "mbedtls/oid.h"

#define ECP_PRV_DER_MAX_BYTES 29 + 3 * MBEDTLS_ECP_MAX_BYTES
#define ECP_PRV_DER_MAX_BYTES ( 29 + 3 * MBEDTLS_ECP_MAX_BYTES )
#define ECP_PUB_DER_MAX_BYTES ( 30 + 2 * MBEDTLS_ECP_MAX_BYTES )

#ifdef CONFIG_MBEDTLS_ECDH_LEGACY_CONTEXT
#define ACCESS_ECDH(S, var) S->MBEDTLS_PRIVATE(var)
Expand Down Expand Up @@ -518,6 +519,7 @@ struct crypto_key * crypto_ec_set_pubkey_point(const struct crypto_ec_group *gro
struct crypto_key *pkey = NULL;
int ret;
mbedtls_pk_context *key = (mbedtls_pk_context *)crypto_alloc_key();
mbedtls_ecp_group *ecp_grp = (mbedtls_ecp_group *)group;

if (!key) {
wpa_printf(MSG_ERROR, "%s: memory allocation failed", __func__);
Expand All @@ -538,7 +540,7 @@ struct crypto_key * crypto_ec_set_pubkey_point(const struct crypto_ec_group *gro
goto fail;
}

if (mbedtls_ecp_check_pubkey((mbedtls_ecp_group *)group, point) < 0) { //typecast
if (mbedtls_ecp_check_pubkey(ecp_grp, point) < 0) {
// ideally should have failed in upper condition, duplicate code??
wpa_printf(MSG_ERROR, "Invalid key");
goto fail;
Expand All @@ -547,8 +549,9 @@ struct crypto_key * crypto_ec_set_pubkey_point(const struct crypto_ec_group *gro
if( ( ret = mbedtls_pk_setup( key,
mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY) ) ) != 0 )
goto fail;

mbedtls_ecp_copy(&mbedtls_pk_ec(*key)->MBEDTLS_PRIVATE(Q), point);
mbedtls_ecp_group_load(&mbedtls_pk_ec(*key)->MBEDTLS_PRIVATE(grp), MBEDTLS_ECP_DP_SECP256R1);
mbedtls_ecp_group_load(&mbedtls_pk_ec(*key)->MBEDTLS_PRIVATE(grp), ecp_grp->id);

pkey = (struct crypto_key *)key;
crypto_ec_point_deinit((struct crypto_ec_point *)point, 0);
Expand Down Expand Up @@ -581,19 +584,27 @@ struct crypto_ec_point *crypto_ec_get_public_key(struct crypto_key *key)
int crypto_ec_get_priv_key_der(struct crypto_key *key, unsigned char **key_data, int *key_len)
{
mbedtls_pk_context *pkey = (mbedtls_pk_context *)key;
char der_data[ECP_PRV_DER_MAX_BYTES];
char *der_data = os_malloc(ECP_PRV_DER_MAX_BYTES);

if (!der_data) {
wpa_printf(MSG_ERROR, "memory allocation failed");
return -1;
}
*key_len = mbedtls_pk_write_key_der(pkey, (unsigned char *)der_data, ECP_PRV_DER_MAX_BYTES);
if (*key_len <= 0)
if (*key_len <= 0) {
wpa_printf(MSG_ERROR, "Failed to write priv key");
os_free(der_data);
return -1;

}
*key_data = os_malloc(*key_len);

if (!*key_data) {
wpa_printf(MSG_ERROR, "memory allocation failed");
os_free(der_data);
return -1;
}
os_memcpy(*key_data, der_data, *key_len);
os_memcpy(*key_data, der_data + ECP_PRV_DER_MAX_BYTES - *key_len, *key_len);
os_free(der_data);

return 0;
}
Expand Down Expand Up @@ -643,16 +654,25 @@ int crypto_ec_get_publickey_buf(struct crypto_key *key, u8 *key_buf, int len)

int crypto_write_pubkey_der(struct crypto_key *key, unsigned char **key_buf)
{
unsigned char output_buf[1600] = {0};
int len = mbedtls_pk_write_pubkey_der((mbedtls_pk_context *)key, output_buf, 1600);
if (len <= 0)
return 0;
unsigned char *buf = os_malloc(ECP_PUB_DER_MAX_BYTES);

if(!buf) {
wpa_printf(MSG_ERROR, "memory allocation failed");
return -1;
}
int len = mbedtls_pk_write_pubkey_der((mbedtls_pk_context *)key, buf, ECP_PUB_DER_MAX_BYTES);
if (len <= 0) {
os_free(buf);
return -1;
}

*key_buf = os_malloc(len);
if (!*key_buf) {
return 0;
os_free(buf);
return -1;
}
os_memcpy(*key_buf, output_buf + 1600 - len, len);
os_memcpy(*key_buf, buf + ECP_PUB_DER_MAX_BYTES - len, len);
os_free(buf);

return len;
}
Expand Down Expand Up @@ -812,28 +832,21 @@ int crypto_ecdsa_get_sign(unsigned char *hash,
int crypto_edcsa_sign_verify(const unsigned char *hash,
const struct crypto_bignum *r, const struct crypto_bignum *s, struct crypto_key *csign, int hlen)
{
mbedtls_pk_context *pkey = (mbedtls_pk_context *)csign;
int ret = 0;

mbedtls_ecdsa_context *ctx = os_malloc(sizeof(*ctx));
if (!ctx) {
wpa_printf(MSG_ERROR, "failed to allcate memory");
return ret;
/* (mbedtls_ecdsa_context *) */
mbedtls_ecp_keypair *ecp_kp = mbedtls_pk_ec(*(mbedtls_pk_context *)csign);
if (!ecp_kp) {
return -1;
}
mbedtls_ecdsa_init(ctx);

if (mbedtls_ecdsa_from_keypair(ctx, mbedtls_pk_ec(*pkey)) < 0)
return ret;

if((ret = mbedtls_ecdsa_verify(&ctx->MBEDTLS_PRIVATE(grp), hash, hlen,
&ctx->MBEDTLS_PRIVATE(Q), (mbedtls_mpi *)r, (mbedtls_mpi *)s)) != 0){
mbedtls_ecp_group *ecp_kp_grp = &ecp_kp->MBEDTLS_PRIVATE(grp);
mbedtls_ecp_point *ecp_kp_q = &ecp_kp->MBEDTLS_PRIVATE(Q);
int ret = mbedtls_ecdsa_verify(ecp_kp_grp, hash, hlen,
ecp_kp_q, (mbedtls_mpi *)r, (mbedtls_mpi *)s);
if (ret != 0) {
wpa_printf(MSG_ERROR, "ecdsa verification failed");
return ret;
}

mbedtls_ecdsa_free(ctx);
os_free(ctx);

return ret;
}

Expand Down Expand Up @@ -861,14 +874,18 @@ struct crypto_key *crypto_ec_parse_subpub_key(const unsigned char *p, size_t len
{
int ret;
mbedtls_pk_context *pkey = (mbedtls_pk_context *)crypto_alloc_key();
ret = mbedtls_pk_parse_subpubkey((unsigned char **)&p, p + len, pkey);

if (ret < 0) {
os_free(pkey);
if (!pkey) {
return NULL;
}
ret = mbedtls_pk_parse_subpubkey((unsigned char **)&p, p + len, pkey);
if (ret == 0) {
return (struct crypto_key *)pkey;
}

return (struct crypto_key *)pkey;
mbedtls_pk_free(pkey);
os_free(pkey);
return NULL;
}

int crypto_is_ec_key(struct crypto_key *key)
Expand Down
Loading

0 comments on commit 2a6b3df

Please sign in to comment.