wpa_supplicant: Make internal crypto headers private (backport v4.0)

A lot of internally used crypto headers are publicly includeable
in user projects. This leads to bug reports when these headers
are incorrectly used or the API's are not used as intended.

Move all crypto headers into private crypto src folder, also move
crypto_ops into Supplicant to remove dependecy on crypto headers.

Closes IDF-476

components/esp32/esp_adapter.c

@@ -38,11 +38,6 @@
 #include "esp_private/wifi_os_adapter.h"
 #include "esp_private/wifi.h"
 #include "esp_phy_init.h"
-#include "crypto/md5.h"
-#include "crypto/sha1.h"
-#include "crypto/crypto.h"
-#include "crypto/aes.h"
-#include "crypto/dh_group5.h"
 #include "driver/periph_ctrl.h"
 #include "nvs.h"
 #include "os.h"

components/esp_wifi/CMakeLists.txt

@@ -5,7 +5,6 @@ if(NOT CONFIG_ESP32_NO_BLOBS)
 endif()
 
 idf_component_register(SRCS "src/coexist.c"
-                            "src/crypto_ops.c"
                             "src/lib_printf.c"
                             "src/mesh_event.c"
                             "src/phy_init.c"

components/wpa_supplicant/CMakeLists.txt

@@ -12,6 +12,7 @@ set(srcs "port/os_xtensa.c"
     "src/crypto/aes-wrap.c"
     "src/crypto/bignum.c"
     "src/crypto/crypto_mbedtls.c"
+    "src/crypto/crypto_ops.c"
     "src/crypto/crypto_internal-cipher.c"
     "src/crypto/crypto_internal-modexp.c"
     "src/crypto/crypto_internal-rsa.c"

components/wpa_supplicant/include/crypto/wepkey.h

@@ -1,10 +0,0 @@
-#ifndef WEPKEY_H
-#define WEPKEY_H
-
-#define WEPKEY_64_BYTES   5
-#define WePKEY_128_BYTES  13
-
-unsigned int wepkey_64(uint8_t *out, unsigned int size, const char *in, int n);
-unsigned int wepkey_128(uint8_t *out, unsigned int size, const char *in, int n);
-
-#endif /* WEPKEY_H */

components/wpa_supplicant/include/esp_supplicant/esp_wpa.h

@@ -40,7 +40,10 @@ extern "C" {
 /** @addtogroup WPA_APIs
   * @{
   */
-
+/* Crypto callback functions */
+const wpa_crypto_funcs_t g_wifi_default_wpa_crypto_funcs;
+/* Mesh crypto callback functions */
+const mesh_crypto_funcs_t g_wifi_default_mesh_crypto_funcs;
 
 /**
   * @brief     Supplicant initialization

components/wpa_supplicant/src/ap/ieee802_1x.c

@@ -10,7 +10,6 @@
 
 #include "utils/common.h"
 #include "crypto/crypto.h"
-#include "crypto/random.h"
 #include "common/ieee802_11_defs.h"
 #include "hostapd.h"
 #include "ap/sta_info.h"

components/wpa_supplicant/src/crypto/aes-cbc.c

@@ -31,8 +31,8 @@
 #include "utils/includes.h"
 
 #include "utils/common.h"
-#include "crypto/aes.h"
-#include "crypto/aes_wrap.h"
+#include "aes.h"
+#include "aes_wrap.h"
 
 #ifdef USE_MBEDTLS_CRYPTO
 #include "mbedtls/aes.h"

components/wpa_supplicant/src/crypto/aes-internal-dec.c

@@ -24,8 +24,8 @@
 #include "utils/includes.h"
 
 #include "utils/common.h"
-#include "crypto/crypto.h"
-#include "crypto/aes_i.h"
+#include "crypto.h"
+#include "aes_i.h"
 
 
 

components/wpa_supplicant/src/crypto/aes-internal-enc.c

@@ -23,8 +23,8 @@
 
 #include "utils/includes.h"
 #include "utils/common.h"
-#include "crypto/crypto.h"
-#include "crypto/aes_i.h"
+#include "crypto.h"
+#include "aes_i.h"
 
 #include "os.h"
 

components/wpa_supplicant/src/crypto/aes-internal.c

@@ -24,8 +24,8 @@
 #include "utils/includes.h"
 
 #include "utils/common.h"
-#include "crypto/crypto.h"
-#include "crypto/aes_i.h"
+#include "crypto.h"
+#include "aes_i.h"
 
 /*
  * rijndael-alg-fst.c

components/wpa_supplicant/src/crypto/aes-unwrap.c

@@ -34,8 +34,8 @@
 #ifdef USE_MBEDTLS_CRYPTO
 #include "mbedtls/aes.h"
 #else /* USE_MBEDTLS_CRYPTO */
-#include "crypto/aes.h"
-#include "crypto/aes_wrap.h"
+#include "aes.h"
+#include "aes_wrap.h"
 #endif /* USE_MBEDTLS_CRYPTO */
 
 /**

components/wpa_supplicant/src/crypto/aes-wrap.c

@@ -25,8 +25,8 @@
 #include "utils/includes.h"
 
 #include "utils/common.h"
-#include "crypto/aes.h"
-#include "crypto/aes_wrap.h"
+#include "aes.h"
+#include "aes_wrap.h"
 #ifdef USE_MBEDTLS_CRYPTO
 #include "mbedtls/aes.h"
 #endif /* USE_MBEDTLS_CRYPTO */

components/wpa_supplicant/src/crypto/aes_i.h

@@ -15,7 +15,7 @@
 #ifndef AES_I_H
 #define AES_I_H
 
-#include "crypto/aes.h"
+#include "aes.h"
 
 /* #define FULL_UNROLL */
 #define AES_SMALL_TABLES

components/wpa_supplicant/src/crypto/crypto_internal-cipher.c

@@ -23,10 +23,10 @@
 
 #include "utils/common.h"
 #include "utils/includes.h"
-#include "crypto/crypto.h"
-#include "crypto/aes.h"
+#include "crypto.h"
+#include "aes.h"
 #if defined(CONFIG_DES) || defined(CONFIG_DES3)
-#include "crypto/des_i.h"
+#include "des_i.h"
 #endif
 #ifdef USE_MBEDTLS_CRYPTO
 #include "mbedtls/aes.h"

components/wpa_supplicant/src/crypto/crypto_internal-modexp.c

@@ -35,7 +35,7 @@
 #else /* USE_MBEDTLS_CRYPTO */
 #include "bignum.h"
 #endif /* USE_MBEDTLS_CRYPTO */
-#include "crypto/crypto.h"
+#include "crypto.h"
 
 #ifdef USE_MBEDTLS_CRYPTO
 int

components/wpa_supplicant/src/crypto/crypto_internal-rsa.c

@@ -7,7 +7,7 @@
  */
 
 #include "utils/common.h"
-#include "crypto/crypto.h"
+#include "crypto.h"
 
 #include "utils/includes.h"
 #include "utils/common.h"

components/wpa_supplicant/src/crypto/crypto_internal.c

@@ -23,9 +23,9 @@
 
 #include "utils/includes.h"
 #include "utils/common.h"
-#include "crypto/crypto.h"
-#include "crypto/sha1_i.h"
-#include "crypto/md5_i.h"
+#include "crypto.h"
+#include "sha1_i.h"
+#include "md5_i.h"
 #ifdef USE_MBEDTLS_CRYPTO
 #include "mbedtls/sha256.h"
 #endif

components/wpa_supplicant/src/crypto/crypto_mbedtls.c

@@ -19,7 +19,7 @@
 
 #include "utils/includes.h"
 #include "utils/common.h"
-#include "crypto/crypto.h"
+#include "crypto.h"
 
 #include "mbedtls/ecp.h"
 #include "mbedtls/entropy.h"

components/esp_wifi/src/crypto_ops.c → components/wpa_supplicant/src/crypto/crypto_ops.c

@@ -13,14 +13,14 @@
 // limitations under the License.
 
 #include "utils/common.h"
-#include "crypto/aes_wrap.h"
-#include "crypto/sha256.h"
-#include "crypto/crypto.h"
-#include "crypto/md5.h"
-#include "crypto/sha1.h"
-#include "crypto/aes.h"
-#include "crypto/dh_group5.h"
-#include "esp_wifi_crypto_types.h"
+#include "aes_wrap.h"
+#include "sha256.h"
+#include "crypto.h"
+#include "md5.h"
+#include "sha1.h"
+#include "aes.h"
+#include "esp_wpa.h"
+
 /* 
  * This structure is used to set the cyrpto callback function for station to connect when in security mode.
  * These functions either call MbedTLS API's if USE_MBEDTLS_CRYPTO flag is set through Kconfig, or native

components/wpa_supplicant/src/crypto/des-internal.c

@@ -12,7 +12,7 @@
 #include "utils/includes.h"
 
 #include "utils/common.h"
-#include "crypto/crypto.h"
+#include "crypto.h"
 //#include "des_i.h"
 
 /*

components/wpa_supplicant/src/crypto/dh_group5.c

@@ -15,8 +15,8 @@
 #include "utils/includes.h"
 
 #include "utils/common.h"
-#include "crypto/dh_groups.h"
-#include "crypto/dh_group5.h"
+#include "dh_groups.h"
+#include "dh_group5.h"
 
 
 void * 

components/wpa_supplicant/src/crypto/dh_groups.c

@@ -15,9 +15,9 @@
 #include "utils/includes.h"
 
 #include "utils/common.h"
-#include "crypto/crypto.h"
-#include "crypto/random.h"
-#include "crypto/dh_groups.h"
+#include "crypto.h"
+#include "random.h"
+#include "dh_groups.h"
 #include "utils/wpabuf.h"
 #include "utils/wpa_debug.h"
 #include "esp_wifi_crypto_types.h"

components/wpa_supplicant/src/crypto/md4-internal.c

@@ -6,7 +6,7 @@
 
 #include "utils/includes.h"
 #include "utils/common.h"
-#include "crypto/crypto.h"
+#include "crypto.h"
 
 #define MD4_BLOCK_LENGTH	64
 #define MD4_DIGEST_LENGTH	16

components/wpa_supplicant/src/crypto/md5-internal.c

@@ -15,9 +15,9 @@
 #include "utils/includes.h"
 
 #include "utils/common.h"
-#include "crypto/md5.h"
-#include "crypto/md5_i.h"
-#include "crypto/crypto.h"
+#include "md5.h"
+#include "md5_i.h"
+#include "crypto.h"
 
 
 static void MD5Transform(u32 buf[4], u32 const in[16]);

components/wpa_supplicant/src/crypto/md5.c

@@ -15,8 +15,8 @@
 #include "utils/includes.h"
 
 #include "utils/common.h"
-#include "crypto/md5.h"
-#include "crypto/crypto.h"
+#include "md5.h"
+#include "crypto.h"
 
 
 /**

components/wpa_supplicant/src/crypto/ms_funcs.c

@@ -10,9 +10,9 @@
 #include "utils/includes.h"
 
 #include "utils/common.h"
-#include "crypto/sha1.h"
-#include "crypto/ms_funcs.h"
-#include "crypto/crypto.h"
+#include "sha1.h"
+#include "ms_funcs.h"
+#include "crypto.h"
 
 /**
  * utf8_to_ucs2 - Convert UTF-8 string to UCS-2 encoding

components/wpa_supplicant/src/crypto/rc4.c

@@ -15,7 +15,7 @@
 #include "utils/includes.h"
 
 #include "utils/common.h"
-#include "crypto/crypto.h"
+#include "crypto.h"
 
 #define S_SWAP(a,b) do { u8 t = S[a]; S[a] = S[b]; S[b] = t; } while(0)
 

components/wpa_supplicant/src/crypto/sha1-internal.c

@@ -15,10 +15,10 @@
 #include "utils/includes.h"
 
 #include "utils/common.h"
-#include "crypto/sha1.h"
-#include "crypto/sha1_i.h"
-#include "crypto/md5.h"
-#include "crypto/crypto.h"
+#include "sha1.h"
+#include "sha1_i.h"
+#include "md5.h"
+#include "crypto.h"
 
 typedef struct SHA1Context SHA1_CTX;
 

components/wpa_supplicant/src/crypto/sha1-pbkdf2.c

@@ -14,9 +14,9 @@
 
 #include "utils/includes.h"
 #include "utils/common.h"
-#include "crypto/sha1.h"
-#include "crypto/md5.h"
-#include "crypto/crypto.h"
+#include "sha1.h"
+#include "md5.h"
+#include "crypto.h"
 
 static int 
 pbkdf2_sha1_f(const char *passphrase, const char *ssid,

components/wpa_supplicant/src/crypto/sha1.c

@@ -15,8 +15,8 @@
 #include "utils/includes.h"
 
 #include "utils/common.h"
-#include "crypto/sha1.h"
-#include "crypto/crypto.h"
+#include "sha1.h"
+#include "crypto.h"
 
 
 /**

components/wpa_supplicant/src/crypto/sha256-internal.c

@@ -33,8 +33,8 @@
 #ifdef USE_MBEDTLS_CRYPTO
 #include "mbedtls/sha256.h"
 #else /* USE_MBEDTLS_CRYPTO */
-#include "crypto/sha256.h"
-#include "crypto/crypto.h"
+#include "sha256.h"
+#include "crypto.h"
 #endif /* USE_MBEDTLS_CRYPTO */
 
 #ifdef USE_MBEDTLS_CRYPTO

components/wpa_supplicant/src/crypto/sha256.c

@@ -30,8 +30,8 @@
 #include "utils/includes.h"
 
 #include "utils/common.h"
-#include "crypto/sha256.h"
-#include "crypto/crypto.h"
+#include "sha256.h"
+#include "crypto.h"
 
 
 /**

components/wpa_supplicant/src/eap_peer/eap_ttls.c

@@ -10,7 +10,6 @@
 
 #ifdef EAP_TTLS
 #include "utils/common.h"
-#include "crypto/ms_funcs.h"
 #include "crypto/sha1.h"
 #include "tls/tls.h"
 #include "eap_peer/eap.h"

components/wpa_supplicant/src/esp_supplicant/esp_wpa_main.c

@@ -29,7 +29,6 @@
 #include "crypto/crypto.h"
 #include "crypto/sha1.h"
 #include "crypto/aes_wrap.h"
-#include "crypto/wepkey.h"
 
 #include "esp_wifi_driver.h"
 #include "esp_private/wifi.h"

components/wpa_supplicant/src/rsn_supp/wpa.c

@@ -26,7 +26,6 @@
 #include "crypto/crypto.h"
 #include "crypto/sha1.h"
 #include "crypto/aes_wrap.h"
-#include "crypto/wepkey.h"
 
 /**
  * eapol_sm_notify_eap_success - Notification of external EAP success trigger

components/wpa_supplicant/src/wps/wps.c

@@ -14,8 +14,6 @@
 #include "utils/wpa_debug.h"
 #include "common/ieee802_11_defs.h"
 
-#include "crypto/dh_group5.h"
-
 #include "wps/wps_i.h"
 #include "wps/wps_dev_attr.h"
 

components/wpa_supplicant/src/wps/wps_attr_build.c

@@ -11,9 +11,9 @@
 
 #include "crypto/aes_wrap.h"
 #include "crypto/crypto.h"
-#include "crypto/dh_group5.h"
 #include "crypto/sha256.h"
 #include "crypto/random.h"
+#include "crypto/dh_group5.h"
 
 #include "common/ieee802_11_defs.h"
 #include "wps/wps_i.h"

components/wpa_supplicant/src/wps/wps_common.c

@@ -12,9 +12,9 @@
 
 #include "crypto/aes_wrap.h"
 #include "crypto/crypto.h"
-#include "crypto/dh_group5.h"
 #include "crypto/sha1.h"
 #include "crypto/sha256.h"
+#include "crypto/dh_group5.h"
 #include "crypto/random.h"
 
 #include "wps/wps_i.h"