adafruit
diff --git a/‎components/wpa_supplicant/CMakeLists.txt
Lines changed: 29 additions & 18 deletions b/‎components/wpa_supplicant/CMakeLists.txt
Lines changed: 29 additions & 18 deletions
diff --git a/‎components/wpa_supplicant/Kconfig
Lines changed: 0 additions & 6 deletions b/‎components/wpa_supplicant/Kconfig
Lines changed: 0 additions & 6 deletions
diff --git a/‎components/wpa_supplicant/component.mk
Lines changed: 25 additions & 1 deletion b/‎components/wpa_supplicant/component.mk
Lines changed: 25 additions & 1 deletion
diff --git a/‎components/wpa_supplicant/port/include/os.h
Lines changed: 3 additions & 12 deletions b/‎components/wpa_supplicant/port/include/os.h
Lines changed: 3 additions & 12 deletions
diff --git a/‎components/wpa_supplicant/port/include/supplicant_opt.h
Lines changed: 3 additions & 4 deletions b/‎components/wpa_supplicant/port/include/supplicant_opt.h
Lines changed: 3 additions & 4 deletions
diff --git a/‎components/wpa_supplicant/src/crypto/crypto_mbedtls.c
Lines changed: 72 additions & 0 deletions b/‎components/wpa_supplicant/src/crypto/crypto_mbedtls.c
Lines changed: 72 additions & 0 deletions
diff --git a/‎components/wpa_supplicant/src/crypto/sha1-tlsprf.c
Lines changed: 101 additions & 0 deletions b/‎components/wpa_supplicant/src/crypto/sha1-tlsprf.c
Lines changed: 101 additions & 0 deletions
@@ -18,9 +18,9 @@ set(srcs "port/os_xtensa.c"
     "src/crypto/aes-unwrap.c"
     "src/crypto/aes-wrap.c"
     "src/crypto/aes-omac1.c"
-    "src/crypto/sha256-tlsprf.c"
     "src/crypto/bignum.c"
     "src/crypto/ccmp.c"
+    "src/crypto/crypto_mbedtls.c"
     "src/crypto/crypto_mbedtls-bignum.c"
     "src/crypto/crypto_mbedtls-ec.c"
     "src/crypto/crypto_ops.c"
@@ -42,6 +42,10 @@ set(srcs "port/os_xtensa.c"
     "src/crypto/sha1.c"
     "src/crypto/sha256-internal.c"
     "src/crypto/sha256.c"
+    "src/crypto/sha1-tlsprf.c"
+    "src/crypto/sha256-tlsprf.c"
+    "src/crypto/sha384-tlsprf.c"
+    "src/crypto/sha256-prf.c"
     "src/eap_peer/chap.c"
     "src/eap_peer/eap.c"
     "src/eap_peer/eap_common.c"
@@ -61,6 +65,27 @@ set(srcs "port/os_xtensa.c"
     "src/rsn_supp/pmksa_cache.c"
     "src/rsn_supp/wpa.c"
     "src/rsn_supp/wpa_ie.c"
+    "src/utils/base64.c"
+    "src/utils/common.c"
+    "src/utils/ext_password.c"
+    "src/utils/uuid.c"
+    "src/utils/wpabuf.c"
+    "src/utils/wpa_debug.c"
+    "src/utils/json.c"
+    "src/wps/wps.c"
+    "src/wps/wps_attr_build.c"
+    "src/wps/wps_attr_parse.c"
+    "src/wps/wps_attr_process.c"
+    "src/wps/wps_common.c"
+    "src/wps/wps_dev_attr.c"
+    "src/wps/wps_enrollee.c"
+    "src/wps/wps_registrar.c"
+    "src/wps/wps_validate.c")
+
+if(CONFIG_WPA_MBEDTLS_CRYPTO)
+    set(tls_src "src/crypto/tls_mbedtls.c")
+else()
+    set(tls_src
     "src/tls/asn1.c"
     "src/tls/bignum.c"
     "src/tls/pkcs1.c"
@@ -78,24 +103,10 @@ set(srcs "port/os_xtensa.c"
     "src/tls/tlsv1_server_read.c"
     "src/tls/tlsv1_server_write.c"
     "src/tls/x509v3.c"
-    "src/utils/base64.c"
-    "src/utils/common.c"
-    "src/utils/ext_password.c"
-    "src/utils/uuid.c"
-    "src/utils/wpabuf.c"
-    "src/utils/wpa_debug.c"
-    "src/utils/json.c"
-    "src/wps/wps.c"
-    "src/wps/wps_attr_build.c"
-    "src/wps/wps_attr_parse.c"
-    "src/wps/wps_attr_process.c"
-    "src/wps/wps_common.c"
-    "src/wps/wps_dev_attr.c"
-    "src/wps/wps_enrollee.c"
-    "src/wps/wps_registrar.c"
-    "src/wps/wps_validate.c")
+    )
+endif()
 
-idf_component_register(SRCS "${srcs}"
+idf_component_register(SRCS "${srcs}" "${tls_src}"
                     INCLUDE_DIRS include port/include include/esp_supplicant
                     PRIV_INCLUDE_DIRS src
                     PRIV_REQUIRES mbedtls esp_timer)
 
@@ -23,12 +23,6 @@ menu "Supplicant"
         help
             Select this to enable unity test for DPP.
 
-    config WPA_TLS_V12
-        bool "Enable TLS v1.2"
-        default n
-        help
-            Select this to enable TLS v1.2 for WPA2-Enterprise Authentication.
-
     config WPA_WPS_WARS
         bool "Add WPS Inter operatability Fixes"
         default n
 
@@ -1,5 +1,29 @@
-COMPONENT_ADD_INCLUDEDIRS := include port/include include/esp_supplicant
+# supplicant make file
+
 COMPONENT_PRIV_INCLUDEDIRS := src
 COMPONENT_SRCDIRS := port src/ap src/common src/crypto src/eap_peer src/rsn_supp src/tls src/utils src/esp_supplicant src/wps
+COMPONENT_ADD_INCLUDEDIRS := include port/include include/esp_supplicant
+
+ifeq ($(CONFIG_WPA_MBEDTLS_CRYPTO), y)
+    COMPONENT_OBJEXCLUDE := src/tls/asn1.o \
+    src/tls/bignum.o \
+    src/tls/pkcs1.o \
+    src/tls/pkcs5.o \
+    src/tls/pkcs8.o \
+    src/tls/rsa.o \
+    src/tls/tls_internal.o \
+    src/tls/tlsv1_client.o \
+    src/tls/tlsv1_client_read.o \
+    src/tls/tlsv1_client_write.o \
+    src/tls/tlsv1_common.o \
+    src/tls/tlsv1_cred.o \
+    src/tls/tlsv1_record.o \
+    src/tls/tlsv1_server.o \
+    src/tls/tlsv1_server_read.o \
+    src/tls/tlsv1_server_write.o \
+    src/tls/x509v3.o
+else
+    COMPONENT_OBJEXCLUDE := src/crypto/tls_mbedtls.o
+endif
 
 CFLAGS += -DCONFIG_DPP -DCONFIG_WPA3_SAE -DCONFIG_IEEE80211W -DESP_SUPPLICANT -DIEEE8021X_EAPOL -DEAP_PEER_METHOD -DEAP_TLS -DEAP_TTLS -DEAP_PEAP -DEAP_MSCHAPv2 -DUSE_WPA2_TASK -DCONFIG_WPS2 -DCONFIG_WPS_PIN -DUSE_WPS_TASK -DESPRESSIF_USE -DESP32_WORKAROUND -DCONFIG_ECC -D__ets__ -Wno-strict-aliasing
@@ -278,6 +278,9 @@ char * ets_strdup(const char *s);
 #ifndef os_strstr
 #define os_strstr(h, n) strstr((h), (n))
 #endif
+#ifndef os_strlcpy
+#define os_strlcpy(d, s, n) strlcpy((d), (s), (n))
+#endif
 
 #ifndef os_snprintf
 #ifdef _MSC_VER
@@ -291,16 +294,4 @@ static inline int os_snprintf_error(size_t size, int res)
 {
         return res < 0 || (unsigned int) res >= size;
 }
-
-/**
- * os_strlcpy - Copy a string with size bound and NUL-termination
- * @dest: Destination
- * @src: Source
- * @siz: Size of the target buffer
- * Returns: Total length of the target string (length of src) (not including
- * NUL-termination)
- *
- * This function matches in behavior with the strlcpy(3) function in OpenBSD.
- */
-size_t os_strlcpy(char *dest, const char *src, size_t siz);
 #endif /* OS_H */
@@ -19,14 +19,13 @@
 
 #if CONFIG_WPA_MBEDTLS_CRYPTO
 #define USE_MBEDTLS_CRYPTO 1
+#else
+#define CONFIG_TLS_INTERNAL_CLIENT
+#define CONFIG_TLSV12
 #endif
 
 #if CONFIG_WPA_DEBUG_PRINT
 #define DEBUG_PRINT
 #endif
 
-#if CONFIG_WPA_TLS_V12
-#define CONFIG_TLSV12
-#endif
-
 #endif /* _SUPPLICANT_OPT_H */
@@ -0,0 +1,72 @@
+/**
+ * Copyright 2020 Espressif Systems (Shanghai) PTE LTD
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifdef ESP_PLATFORM
+#include "esp_system.h"
+#endif
+
+#include "utils/includes.h"
+#include "utils/common.h"
+#include "crypto.h"
+#include "random.h"
+#include "sha256.h"
+
+#include "mbedtls/ecp.h"
+#include "mbedtls/entropy.h"
+#include "mbedtls/ctr_drbg.h"
+#include "mbedtls/md.h"
+
+int mbedtls_hmac_vector(mbedtls_md_type_t md_type, const u8 *key, size_t key_len,
+		        size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac)
+{
+	size_t i;
+	const mbedtls_md_info_t *md_info;
+	mbedtls_md_context_t md_ctx;
+	int ret;
+
+	mbedtls_md_init(&md_ctx);
+
+	if((md_info = mbedtls_md_info_from_type(md_type)) == NULL )
+		return -1;
+
+	if ((ret = mbedtls_md_setup( &md_ctx, md_info, 1)) != 0)
+		return(ret);
+
+	mbedtls_md_hmac_starts(&md_ctx, key, key_len);
+
+	for( i = 0; i < num_elem; i++)
+		mbedtls_md_hmac_update(&md_ctx, addr[i], len[i]);
+
+	mbedtls_md_hmac_finish(&md_ctx, mac);
+
+	mbedtls_md_free(&md_ctx);
+
+	return 0;
+}
+
+int hmac_sha384_vector(const u8 *key, size_t key_len, size_t num_elem,
+		const u8 *addr[], const size_t *len, u8 *mac)
+{
+	return mbedtls_hmac_vector(MBEDTLS_MD_SHA384, key, key_len, num_elem, addr,
+				   len, mac);
+}
+
+
+int hmac_sha384(const u8 *key, size_t key_len, const u8 *data,
+		size_t data_len, u8 *mac)
+{
+	return hmac_sha384_vector(key, key_len, 1, &data, &data_len, mac);
+}
@@ -0,0 +1,101 @@
+/*
+ * TLS PRF (SHA1 + MD5)
+ * Copyright (c) 2003-2005, Jouni Malinen <[email protected]>
+ *
+ * This software may be distributed under the terms of the BSD license.
+ * See README for more details.
+ */
+
+#include "utils/includes.h"
+
+#include "utils/common.h"
+#include "sha1.h"
+#include "md5.h"
+
+
+/**
+ * tls_prf_sha1_md5 - Pseudo-Random Function for TLS (TLS-PRF, RFC 2246)
+ * @secret: Key for PRF
+ * @secret_len: Length of the key in bytes
+ * @label: A unique label for each purpose of the PRF
+ * @seed: Seed value to bind into the key
+ * @seed_len: Length of the seed
+ * @out: Buffer for the generated pseudo-random key
+ * @outlen: Number of bytes of key to generate
+ * Returns: 0 on success, -1 on failure.
+ *
+ * This function is used to derive new, cryptographically separate keys from a
+ * given key in TLS. This PRF is defined in RFC 2246, Chapter 5.
+ */
+int tls_prf_sha1_md5(const u8 *secret, size_t secret_len, const char *label,
+		     const u8 *seed, size_t seed_len, u8 *out, size_t outlen)
+{
+	size_t L_S1, L_S2, i;
+	const u8 *S1, *S2;
+	u8 A_MD5[MD5_MAC_LEN], A_SHA1[SHA1_MAC_LEN];
+	u8 P_MD5[MD5_MAC_LEN], P_SHA1[SHA1_MAC_LEN];
+	int MD5_pos, SHA1_pos;
+	const u8 *MD5_addr[3];
+	size_t MD5_len[3];
+	const unsigned char *SHA1_addr[3];
+	size_t SHA1_len[3];
+
+	MD5_addr[0] = A_MD5;
+	MD5_len[0] = MD5_MAC_LEN;
+	MD5_addr[1] = (unsigned char *) label;
+	MD5_len[1] = os_strlen(label);
+	MD5_addr[2] = seed;
+	MD5_len[2] = seed_len;
+
+	SHA1_addr[0] = A_SHA1;
+	SHA1_len[0] = SHA1_MAC_LEN;
+	SHA1_addr[1] = (unsigned char *) label;
+	SHA1_len[1] = os_strlen(label);
+	SHA1_addr[2] = seed;
+	SHA1_len[2] = seed_len;
+
+	/* RFC 2246, Chapter 5
+	 * A(0) = seed, A(i) = HMAC(secret, A(i-1))
+	 * P_hash = HMAC(secret, A(1) + seed) + HMAC(secret, A(2) + seed) + ..
+	 * PRF = P_MD5(S1, label + seed) XOR P_SHA-1(S2, label + seed)
+	 */
+
+	L_S1 = L_S2 = (secret_len + 1) / 2;
+	S1 = secret;
+	S2 = secret + L_S1;
+	if (secret_len & 1) {
+		/* The last byte of S1 will be shared with S2 */
+		S2--;
+	}
+
+	hmac_md5_vector(S1, L_S1, 2, &MD5_addr[1], &MD5_len[1], A_MD5);
+	hmac_sha1_vector(S2, L_S2, 2, &SHA1_addr[1], &SHA1_len[1], A_SHA1);
+
+	MD5_pos = MD5_MAC_LEN;
+	SHA1_pos = SHA1_MAC_LEN;
+	for (i = 0; i < outlen; i++) {
+		if (MD5_pos == MD5_MAC_LEN) {
+			hmac_md5_vector(S1, L_S1, 3, MD5_addr, MD5_len, P_MD5);
+			MD5_pos = 0;
+			hmac_md5(S1, L_S1, A_MD5, MD5_MAC_LEN, A_MD5);
+		}
+		if (SHA1_pos == SHA1_MAC_LEN) {
+			hmac_sha1_vector(S2, L_S2, 3, SHA1_addr, SHA1_len,
+					 P_SHA1);
+			SHA1_pos = 0;
+			hmac_sha1(S2, L_S2, A_SHA1, SHA1_MAC_LEN, A_SHA1);
+		}
+
+		out[i] = P_MD5[MD5_pos] ^ P_SHA1[SHA1_pos];
+
+		MD5_pos++;
+		SHA1_pos++;
+	}
+
+	os_memset(A_MD5, 0, MD5_MAC_LEN);
+	os_memset(P_MD5, 0, MD5_MAC_LEN);
+	os_memset(A_SHA1, 0, SHA1_MAC_LEN);
+	os_memset(P_SHA1, 0, SHA1_MAC_LEN);
+
+	return 0;
+}