Merge branch 'bugfix/aes_wrap_failed' into 'master'

wpa_supplicant: Fix crypto related bugs

Closes WIFI-3801 and WIFI-3835

See merge request espressif/esp-idf!13854

components/esp_wifi/Kconfig

@@ -316,6 +316,7 @@ menu "Wi-Fi"
     config ESP32_WIFI_ENABLE_WPA3_SAE
         bool "Enable WPA3-Personal"
         default y
+        depends on WPA_MBEDTLS_CRYPTO
         help
             Select this option to allow the device to establish a WPA3-Personal connection with eligible AP's.
             PMF (Protected Management Frames) is a prerequisite feature for a WPA3 connection, it needs to be

components/wpa_supplicant/include/utils/wpa_debug.h

@@ -28,6 +28,7 @@
 #define MSG_INFO ESP_LOG_INFO
 #define MSG_DEBUG ESP_LOG_DEBUG
 #define MSG_MSGDUMP ESP_LOG_VERBOSE
+#define MSG_EXCESSIVE ESP_LOG_VERBOSE
 
 #else
 enum { MSG_MSGDUMP, MSG_DEBUG, MSG_INFO, MSG_WARNING, MSG_ERROR };

components/wpa_supplicant/port/include/supplicant_opt.h

@@ -21,6 +21,7 @@
 #define USE_MBEDTLS_CRYPTO 1
 #else
 #define CONFIG_TLS_INTERNAL_CLIENT
+#define CONFIG_CRYPTO_INTERNAL
 #define CONFIG_TLSV12
 #endif
 

components/wpa_supplicant/src/crypto/crypto_mbedtls.c

@@ -281,31 +281,37 @@ int hmac_sha1(const u8 *key, size_t key_len, const u8 *data, size_t data_len,
 	return hmac_sha1_vector(key, key_len, 1, &data, &data_len, mac);
 }
 
-void *aes_crypt_init(const u8 *key, size_t len)
+static void *aes_crypt_init(int mode, const u8 *key, size_t len)
 {
+	int ret = -1;
 	mbedtls_aes_context *aes = os_malloc(sizeof(*aes));
 	if (!aes) {
 		return NULL;
 	}
 	mbedtls_aes_init(aes);
 
-	if (mbedtls_aes_setkey_enc(aes, key, len * 8) < 0) {
+	if (mode == MBEDTLS_AES_ENCRYPT) {
+		ret = mbedtls_aes_setkey_enc(aes, key, len * 8);
+	} else if (mode == MBEDTLS_AES_DECRYPT){
+		ret = mbedtls_aes_setkey_dec(aes, key, len * 8);
+	}
+	if (ret < 0) {
 		mbedtls_aes_free(aes);
 		os_free(aes);
-		wpa_printf(MSG_ERROR, "%s: mbedtls_aes_setkey_enc failed", __func__);
+		wpa_printf(MSG_ERROR, "%s: mbedtls_aes_setkey_enc/mbedtls_aes_setkey_dec failed", __func__);
 		return NULL;
 	}
 
 	return (void *) aes;
 }
 
-int aes_crypt(void *ctx, int mode, const u8 *in, u8 *out)
+static int aes_crypt(void *ctx, int mode, const u8 *in, u8 *out)
 {
 	return mbedtls_aes_crypt_ecb((mbedtls_aes_context *)ctx,
 				     mode, in, out);
 }
 
-void aes_crypt_deinit(void *ctx)
+static void aes_crypt_deinit(void *ctx)
 {
 	mbedtls_aes_free((mbedtls_aes_context *)ctx);
 	os_free(ctx);
@@ -313,7 +319,7 @@ void aes_crypt_deinit(void *ctx)
 
 void *aes_encrypt_init(const u8 *key, size_t len)
 {
-	return aes_crypt_init(key, len);
+	return aes_crypt_init(MBEDTLS_AES_ENCRYPT, key, len);
 }
 
 int aes_encrypt(void *ctx, const u8 *plain, u8 *crypt)
@@ -328,7 +334,7 @@ void aes_encrypt_deinit(void *ctx)
 
 void * aes_decrypt_init(const u8 *key, size_t len)
 {
-	return aes_crypt_init(key, len);
+	return aes_crypt_init(MBEDTLS_AES_DECRYPT, key, len);
 }
 
 int aes_decrypt(void *ctx, const u8 *crypt, u8 *plain)

components/wpa_supplicant/src/tls/bignum.c

@@ -12,7 +12,7 @@
 #include "bignum.h"
 
 #ifdef CONFIG_INTERNAL_LIBTOMMATH
-#include "libtommath.c"
+#include "libtommath.h"
 #else /* CONFIG_INTERNAL_LIBTOMMATH */
 #include <tommath.h>
 #endif /* CONFIG_INTERNAL_LIBTOMMATH */

components/wpa_supplicant/src/tls/rsa.c

@@ -1,17 +1,18 @@
 /*
  * RSA
- * Copyright (c) 2006, Jouni Malinen <j@w1.fi>
+ * Copyright (c) 2006-2014, Jouni Malinen <j@w1.fi>
  *
  * This software may be distributed under the terms of the BSD license.
  * See README for more details.
  */
 
-#include "utils/includes.h"
+#include "includes.h"
+
+#include "common.h"
+#include "asn1.h"
+#include "bignum.h"
+#include "rsa.h"
 
-#include "utils/common.h"
-#include "tls/asn1.h"
-#include "tls/bignum.h"
-#include "tls/rsa.h"
 
 struct crypto_rsa_key {
 	int private_key; /* whether private key is set */
@@ -64,7 +65,7 @@ crypto_rsa_import_public_key(const u8 *buf, size_t len)
 	struct asn1_hdr hdr;
 	const u8 *pos, *end;
 
-	key = (struct crypto_rsa_key *)os_zalloc(sizeof(*key));
+	key = os_zalloc(sizeof(*key));
 	if (key == NULL)
 		return NULL;
 
@@ -115,6 +116,29 @@ error:
 }
 
 
+struct crypto_rsa_key *
+crypto_rsa_import_public_key_parts(const u8 *n, size_t n_len,
+				   const u8 *e, size_t e_len)
+{
+	struct crypto_rsa_key *key;
+
+	key = os_zalloc(sizeof(*key));
+	if (key == NULL)
+		return NULL;
+
+	key->n = bignum_init();
+	key->e = bignum_init();
+	if (key->n == NULL || key->e == NULL ||
+	    bignum_set_unsigned_bin(key->n, n, n_len) < 0 ||
+	    bignum_set_unsigned_bin(key->e, e, e_len) < 0) {
+		crypto_rsa_free(key);
+		return NULL;
+	}
+
+	return key;
+}
+
+
 /**
  * crypto_rsa_import_private_key - Import an RSA private key
  * @buf: Key buffer (DER encoded RSA private key)
@@ -129,7 +153,7 @@ crypto_rsa_import_private_key(const u8 *buf, size_t len)
 	struct asn1_hdr hdr;
 	const u8 *pos, *end;
 
-	key = (struct crypto_rsa_key *)os_zalloc(sizeof(*key));
+	key = os_zalloc(sizeof(*key));
 	if (key == NULL)
 		return NULL;
 
@@ -261,7 +285,7 @@ int crypto_rsa_exptmod(const u8 *in, size_t inlen, u8 *out, size_t *outlen,
 
 	if (use_private) {
 		/*
-		 * Decrypt (or sign) using Chinese remainer theorem to speed
+		 * Decrypt (or sign) using Chinese remainder theorem to speed
 		 * up calculation. This is equivalent to tmp = tmp^d mod n
 		 * (which would require more CPU to calculate directly).
 		 *
@@ -321,7 +345,6 @@ int crypto_rsa_exptmod(const u8 *in, size_t inlen, u8 *out, size_t *outlen,
 	ret = 0;
 
 error:
-
 	bignum_deinit(tmp);
 	bignum_deinit(a);
 	bignum_deinit(b);

components/wpa_supplicant/src/tls/rsa.h

@@ -14,6 +14,9 @@ struct crypto_rsa_key;
 struct crypto_rsa_key *
 crypto_rsa_import_public_key(const u8 *buf, size_t len);
 struct crypto_rsa_key *
+crypto_rsa_import_public_key_parts(const u8 *n, size_t n_len,
+				   const u8 *e, size_t e_len);
+struct crypto_rsa_key *
 crypto_rsa_import_private_key(const u8 *buf, size_t len);
 size_t crypto_rsa_get_modulus_len(struct crypto_rsa_key *key);
 int crypto_rsa_exptmod(const u8 *in, size_t inlen, u8 *out, size_t *outlen,

components/wpa_supplicant/src/utils/common.c

@@ -547,3 +547,8 @@ const char * wpa_ssid_txt(const u8 *ssid, size_t ssid_len)
 	printf_encode(ssid_txt, sizeof(ssid_txt), ssid, ssid_len);
 	return ssid_txt;
 }
+
+void * __hide_aliasing_typecast(void *foo)
+{
+	return foo;
+}