feat(esp_wifi): Add support of Network Introduction Protocol in DPP

espressif · Feb 21, 2024 · 90cc615 · 90cc615
1 parent 03d6b09
commit 90cc615
Show file tree

Hide file tree

Showing 23 changed files with 526 additions and 115 deletions.
diff --git a/components/esp_wifi/include/esp_wifi_types_generic.h b/components/esp_wifi/include/esp_wifi_types_generic.h
@@ -57,7 +57,7 @@ typedef struct {
 } wifi_country_t;
 
 /* Strength of authmodes */
-/* OPEN < WEP < WPA_PSK < OWE < WPA2_PSK = WPA_WPA2_PSK < WAPI_PSK < WPA3_PSK = WPA2_WPA3_PSK < WPA3_EXT_PSK = WPA3_EXT_PSK_MIXED_MODE */
+/* OPEN < WEP < WPA_PSK < OWE < WPA2_PSK = WPA_WPA2_PSK < WAPI_PSK < WPA3_PSK = WPA2_WPA3_PSK = DPP < WPA3_EXT_PSK = WPA3_EXT_PSK_MIXED_MODE */
 typedef enum {
     WIFI_AUTH_OPEN = 0,         /**< authenticate mode : open */
     WIFI_AUTH_WEP,              /**< authenticate mode : WEP */
@@ -73,6 +73,7 @@ typedef enum {
     WIFI_AUTH_WPA3_ENT_192,     /**< authenticate mode : WPA3_ENT_SUITE_B_192_BIT */
     WIFI_AUTH_WPA3_EXT_PSK,     /**< authenticate mode : WPA3_PSK_EXT_KEY */
     WIFI_AUTH_WPA3_EXT_PSK_MIXED_MODE, /**< authenticate mode: WPA3_PSK + WPA3_PSK_EXT_KEY */
+    WIFI_AUTH_DPP,              /**< authenticate mode : DPP */
     WIFI_AUTH_MAX
 } wifi_auth_mode_t;
 

diff --git a/components/esp_wifi/lib b/components/esp_wifi/lib
diff --git a/components/wpa_supplicant/esp_supplicant/include/esp_dpp.h b/components/wpa_supplicant/esp_supplicant/include/esp_dpp.h
@@ -10,6 +10,7 @@
 #include <stdbool.h>
 
 #include "esp_err.h"
+#include "esp_wifi_types.h"
 
 #ifdef __cplusplus
 extern "C" {
@@ -32,6 +33,7 @@ typedef enum dpp_bootstrap_type {
 typedef enum {
     ESP_SUPP_DPP_URI_READY,     /**< URI is ready through Bootstrapping */
     ESP_SUPP_DPP_CFG_RECVD,     /**< Config received via DPP Authentication */
+    ESP_SUPP_DPP_PDR_RECVD,     /**< Peer Discovery Response is received */
     ESP_SUPP_DPP_FAIL,          /**< DPP Authentication failure */
 } esp_supp_dpp_event_t;
 
@@ -62,8 +64,11 @@ esp_err_t esp_supp_dpp_init(esp_supp_dpp_event_cb_t evt_cb);
   * @brief De-initalize DPP Supplicant
   *
   *        Frees memory from DPP Supplicant Data Structures.
+  *
+  * @return
+  *    - ESP_OK: Success
   */
-void esp_supp_dpp_deinit(void);
+esp_err_t esp_supp_dpp_deinit(void);
 
 /**
   * @brief Generates Bootstrap Information as an Enrollee.
@@ -101,8 +106,12 @@ esp_err_t esp_supp_dpp_start_listen(void);
   * @brief Stop listening on Channels.
   *
   *        Stops listening on Channels and cancels ongoing listen operation.
+  *
+  * @return
+  *    - ESP_OK: Success
+  *    - ESP_FAIL: Failure
   */
-void esp_supp_dpp_stop_listen(void);
+esp_err_t esp_supp_dpp_stop_listen(void);
 
 #ifdef __cplusplus
 }

diff --git a/components/wpa_supplicant/esp_supplicant/src/crypto/crypto_mbedtls-ec.c b/components/wpa_supplicant/esp_supplicant/src/crypto/crypto_mbedtls-ec.c
@@ -26,7 +26,8 @@
 #include "mbedtls/error.h"
 #include "mbedtls/oid.h"
 
-#define ECP_PRV_DER_MAX_BYTES   29 + 3 * MBEDTLS_ECP_MAX_BYTES
+#define ECP_PRV_DER_MAX_BYTES   ( 29 + 3 * MBEDTLS_ECP_MAX_BYTES )
+#define ECP_PUB_DER_MAX_BYTES   ( 30 + 2 * MBEDTLS_ECP_MAX_BYTES )
 
 #ifdef CONFIG_MBEDTLS_ECDH_LEGACY_CONTEXT
 #define ACCESS_ECDH(S, var) S->MBEDTLS_PRIVATE(var)
@@ -518,6 +519,7 @@ struct crypto_key * crypto_ec_set_pubkey_point(const struct crypto_ec_group *gro
 	struct crypto_key *pkey = NULL;
 	int ret;
 	mbedtls_pk_context *key = (mbedtls_pk_context *)crypto_alloc_key();
+	mbedtls_ecp_group *ecp_grp = (mbedtls_ecp_group *)group;
 
 	if (!key) {
 		wpa_printf(MSG_ERROR, "%s: memory allocation failed", __func__);
@@ -538,7 +540,7 @@ struct crypto_key * crypto_ec_set_pubkey_point(const struct crypto_ec_group *gro
 		goto fail;
 	}
 
-	if (mbedtls_ecp_check_pubkey((mbedtls_ecp_group *)group, point) < 0) { //typecast
+	if (mbedtls_ecp_check_pubkey(ecp_grp, point) < 0) {
 		// ideally should have failed in upper condition, duplicate code??
 		wpa_printf(MSG_ERROR, "Invalid key");
 		goto fail;
@@ -547,8 +549,9 @@ struct crypto_key * crypto_ec_set_pubkey_point(const struct crypto_ec_group *gro
 	if( ( ret = mbedtls_pk_setup( key,
 					mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY) ) ) != 0 )
 		goto fail;
+
 	mbedtls_ecp_copy(&mbedtls_pk_ec(*key)->MBEDTLS_PRIVATE(Q), point);
-	mbedtls_ecp_group_load(&mbedtls_pk_ec(*key)->MBEDTLS_PRIVATE(grp), MBEDTLS_ECP_DP_SECP256R1);
+	mbedtls_ecp_group_load(&mbedtls_pk_ec(*key)->MBEDTLS_PRIVATE(grp), ecp_grp->id);
 
 	pkey = (struct crypto_key *)key;
 	crypto_ec_point_deinit((struct crypto_ec_point *)point, 0);
@@ -581,19 +584,27 @@ struct crypto_ec_point *crypto_ec_get_public_key(struct crypto_key *key)
 int crypto_ec_get_priv_key_der(struct crypto_key *key, unsigned char **key_data, int *key_len)
 {
 	mbedtls_pk_context *pkey = (mbedtls_pk_context *)key;
-	char der_data[ECP_PRV_DER_MAX_BYTES];
+	char *der_data = os_malloc(ECP_PRV_DER_MAX_BYTES);
 
+	if (!der_data) {
+		wpa_printf(MSG_ERROR, "memory allocation failed");
+		return -1;
+	}
 	*key_len = mbedtls_pk_write_key_der(pkey, (unsigned char *)der_data, ECP_PRV_DER_MAX_BYTES);
-	if (*key_len <= 0)
+	if (*key_len <= 0) {
+		wpa_printf(MSG_ERROR, "Failed to write priv key");
+		os_free(der_data);
 		return -1;
-
+	}
 	*key_data = os_malloc(*key_len);
 
 	if (!*key_data) {
 		wpa_printf(MSG_ERROR, "memory allocation failed");
+		os_free(der_data);
 		return -1;
 	}
-	os_memcpy(*key_data, der_data, *key_len);
+	os_memcpy(*key_data, der_data + ECP_PRV_DER_MAX_BYTES - *key_len, *key_len);
+	os_free(der_data);
 
 	return 0;
 }
@@ -643,16 +654,25 @@ int crypto_ec_get_publickey_buf(struct crypto_key *key, u8 *key_buf, int len)
 
 int crypto_write_pubkey_der(struct crypto_key *key, unsigned char **key_buf)
 {
-	unsigned char output_buf[1600] = {0};
-	int len = mbedtls_pk_write_pubkey_der((mbedtls_pk_context *)key, output_buf, 1600);
-	if (len <= 0)
-		return 0;
+	unsigned char *buf = os_malloc(ECP_PUB_DER_MAX_BYTES);
+
+	if(!buf) {
+		wpa_printf(MSG_ERROR, "memory allocation failed");
+		return -1;
+	}
+	int len = mbedtls_pk_write_pubkey_der((mbedtls_pk_context *)key, buf, ECP_PUB_DER_MAX_BYTES);
+	if (len <= 0) {
+		os_free(buf);
+		return -1;
+	}
 
 	*key_buf = os_malloc(len);
 	if (!*key_buf) {
-		return 0;
+		os_free(buf);
+		return -1;
 	}
-	os_memcpy(*key_buf, output_buf + 1600 - len, len);
+	os_memcpy(*key_buf, buf + ECP_PUB_DER_MAX_BYTES - len, len);
+	os_free(buf);
 
 	return len;
 }
@@ -812,28 +832,21 @@ int crypto_ecdsa_get_sign(unsigned char *hash,
 int crypto_edcsa_sign_verify(const unsigned char *hash,
 		const struct crypto_bignum *r, const struct crypto_bignum *s, struct crypto_key *csign, int hlen)
 {
-	mbedtls_pk_context *pkey = (mbedtls_pk_context *)csign;
-	int ret = 0;
-
-	mbedtls_ecdsa_context *ctx = os_malloc(sizeof(*ctx));
-	if (!ctx) {
-		wpa_printf(MSG_ERROR, "failed to allcate memory");
-		return ret;
+	/* (mbedtls_ecdsa_context *) */
+        mbedtls_ecp_keypair *ecp_kp = mbedtls_pk_ec(*(mbedtls_pk_context *)csign);
+        if (!ecp_kp) {
+                return -1;
 	}
-	mbedtls_ecdsa_init(ctx);
-
-	if (mbedtls_ecdsa_from_keypair(ctx, mbedtls_pk_ec(*pkey)) < 0)
-		return ret;
 
-	if((ret = mbedtls_ecdsa_verify(&ctx->MBEDTLS_PRIVATE(grp), hash, hlen,
-					&ctx->MBEDTLS_PRIVATE(Q), (mbedtls_mpi *)r, (mbedtls_mpi *)s)) != 0){
+        mbedtls_ecp_group *ecp_kp_grp = &ecp_kp->MBEDTLS_PRIVATE(grp);
+        mbedtls_ecp_point *ecp_kp_q = &ecp_kp->MBEDTLS_PRIVATE(Q);
+        int ret = mbedtls_ecdsa_verify(ecp_kp_grp, hash, hlen,
+                                       ecp_kp_q, (mbedtls_mpi *)r, (mbedtls_mpi *)s);
+        if (ret != 0) {
 		wpa_printf(MSG_ERROR, "ecdsa verification failed");
 		return ret;
 	}
 
-	mbedtls_ecdsa_free(ctx);
-	os_free(ctx);
-
 	return ret;
 }
 
@@ -861,14 +874,18 @@ struct crypto_key *crypto_ec_parse_subpub_key(const unsigned char *p, size_t len
 {
 	int ret;
 	mbedtls_pk_context *pkey = (mbedtls_pk_context *)crypto_alloc_key();
-	ret = mbedtls_pk_parse_subpubkey((unsigned char **)&p, p + len, pkey);
 
-	if (ret < 0) {
-		os_free(pkey);
+	if (!pkey) {
 		return NULL;
 	}
+	ret = mbedtls_pk_parse_subpubkey((unsigned char **)&p, p + len, pkey);
+	if (ret == 0) {
+		return (struct crypto_key *)pkey;
+	}
 
-	return (struct crypto_key *)pkey;
+	mbedtls_pk_free(pkey);
+	os_free(pkey);
+	return NULL;
 }
 
 int crypto_is_ec_key(struct crypto_key *key)
+ −		esp32/libcore.a
+ −		esp32/libespnow.a
+ −		esp32/libmesh.a
+ −		esp32/libnet80211.a
+ −		esp32/libpp.a
+ −		esp32/libsmartconfig.a
+ −		esp32/libwapi.a
+ −		esp32c2/libcore.a
+ −		esp32c2/libespnow.a
+ −		esp32c2/libnet80211.a
+ −		esp32c2/libpp.a
+ −		esp32c2/libsmartconfig.a
+ −		esp32c3/libcore.a
+ −		esp32c3/libespnow.a
+ −		esp32c3/libmesh.a
+ −		esp32c3/libnet80211.a
+ −		esp32c3/libpp.a
+ −		esp32c3/libsmartconfig.a
+ −		esp32c3/libwapi.a
+ −		esp32c6/libcore.a
+ −		esp32c6/libespnow.a
+ −		esp32c6/libmesh.a
+ −		esp32c6/libnet80211.a
+ −		esp32c6/libpp.a
+ −		esp32c6/libsmartconfig.a
+ −		esp32c6/libwapi.a
+ −		esp32s2/libcore.a
+ −		esp32s2/libespnow.a
+ −		esp32s2/libmesh.a
+ −		esp32s2/libnet80211.a
+ −		esp32s2/libpp.a
+ −		esp32s2/libsmartconfig.a
+ −		esp32s2/libwapi.a
+ −		esp32s3/libcore.a
+ −		esp32s3/libespnow.a
+ −		esp32s3/libmesh.a
+ −		esp32s3/libnet80211.a
+ −		esp32s3/libpp.a
+ −		esp32s3/libsmartconfig.a
+ −		esp32s3/libwapi.a