Skip to content

Commit

Permalink
Updated nanostack to be compatible with mbed TLS 3.0 (ARMmbed#2657)
Browse files Browse the repository at this point in the history 
Updated functions names for SHA256 and MD5, updated export keys function
for EAP-TLS key material export, disabled extended Wi-SUN certification
field checks (other name, extended key usage) for now, made the SSL state
to refer to private state for now. Do not include config, instead include
version.h that is present in both 2.0 and 3.0 and will include config and
define version macros.
  • Loading branch information
Mika Leppänen authored Aug 3, 2021
1 parent 29744e0 commit 1af7cfe
Show file tree
Hide file tree
Showing 6 changed files with 165 additions and 16 deletions.
32 changes: 32 additions & 0 deletions nanostack/ns_sha256.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -61,45 +61,77 @@ static inline void ns_sha256_clone(ns_sha256_context *dst,

static inline void ns_sha256_starts(ns_sha256_context *ctx)
{
#if (MBEDTLS_VERSION_MAJOR >= 3)
(void)mbedtls_sha256_starts(ctx, 0);
#else
(void)mbedtls_sha256_starts_ret(ctx, 0);
#endif
}

static inline void ns_sha256_update(ns_sha256_context *ctx, const void *input,
size_t ilen)
{
#if (MBEDTLS_VERSION_MAJOR >= 3)
(void)mbedtls_sha256_update(ctx, input, ilen);
#else
(void)mbedtls_sha256_update_ret(ctx, input, ilen);
#endif
}

static inline void ns_sha256_finish(ns_sha256_context *ctx, void *output)
{
#if (MBEDTLS_VERSION_MAJOR >= 3)
(void)mbedtls_sha256_finish(ctx, output);
#else
(void)mbedtls_sha256_finish_ret(ctx, output);
#endif
}

static inline void ns_sha256(const void *input, size_t ilen, void *output)
{
#if (MBEDTLS_VERSION_MAJOR >= 3)
(void)mbedtls_sha256(input, ilen, output, 0);
#else
(void)mbedtls_sha256_ret(input, ilen, output, 0);
#endif
}

/* Extensions to standard mbed TLS - output the first bits of a hash only */
/* Number of bits must be a multiple of 32, and <=256 */
static inline void ns_sha256_finish_nbits(ns_sha256_context *ctx, void *output, unsigned obits)
{
if (obits == 256) {
#if (MBEDTLS_VERSION_MAJOR >= 3)
(void)mbedtls_sha256_finish(ctx, output);
#else
(void)mbedtls_sha256_finish_ret(ctx, output);
#endif
} else {
uint8_t sha256[32];
#if (MBEDTLS_VERSION_MAJOR >= 3)
(void)mbedtls_sha256_finish(ctx, sha256);
#else
(void)mbedtls_sha256_finish_ret(ctx, sha256);
#endif
memcpy(output, sha256, obits / 8);
}
}

static inline void ns_sha256_nbits(const void *input, size_t ilen, void *output, unsigned obits)
{
if (obits == 256) {
#if (MBEDTLS_VERSION_MAJOR >= 3)
(void)mbedtls_sha256(input, ilen, output, 0);
#else
(void)mbedtls_sha256_ret(input, ilen, output, 0);
#endif
} else {
uint8_t sha256[32];
#if (MBEDTLS_VERSION_MAJOR >= 3)
(void)mbedtls_sha256(input, ilen, sha256, 0);
#else
(void)mbedtls_sha256_ret(input, ilen, sha256, 0);
#endif
memcpy(output, sha256, obits / 8);
}
}
Expand Down
12 changes: 12 additions & 0 deletions source/6LoWPAN/ws/ws_pae_controller.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -546,19 +546,31 @@ static int8_t ws_pae_controller_gak_from_gtk(uint8_t *gak, uint8_t *gtk, char *n

mbedtls_sha256_init(&ctx);

#if (MBEDTLS_VERSION_MAJOR >= 3)
if (mbedtls_sha256_starts(&ctx, 0) != 0) {
#else
if (mbedtls_sha256_starts_ret(&ctx, 0) != 0) {
#endif
ret_val = -1;
goto error;
}

#if (MBEDTLS_VERSION_MAJOR >= 3)
if (mbedtls_sha256_update(&ctx, input, network_name_len + GTK_LEN) != 0) {
#else
if (mbedtls_sha256_update_ret(&ctx, input, network_name_len + GTK_LEN) != 0) {
#endif
ret_val = -1;
goto error;
}

uint8_t output[32];

#if (MBEDTLS_VERSION_MAJOR >= 3)
if (mbedtls_sha256_finish(&ctx, output) != 0) {
#else
if (mbedtls_sha256_finish_ret(&ctx, output) != 0) {
#endif
ret_val = -1;
goto error;
}
Expand Down
52 changes: 52 additions & 0 deletions source/Security/protocols/radius_sec_prot/radius_client_sec_prot.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -786,19 +786,31 @@ static int8_t radius_client_sec_prot_eui_64_hash_generate(uint8_t *eui_64, uint8

mbedtls_sha256_init(&ctx);

#if (MBEDTLS_VERSION_MAJOR >= 3)
if (mbedtls_sha256_starts(&ctx, 0) != 0) {
#else
if (mbedtls_sha256_starts_ret(&ctx, 0) != 0) {
#endif
ret_val = -1;
goto error;
}

#if (MBEDTLS_VERSION_MAJOR >= 3)
if (mbedtls_sha256_update(&ctx, hashed_string, 24) != 0) {
#else
if (mbedtls_sha256_update_ret(&ctx, hashed_string, 24) != 0) {
#endif
ret_val = -1;
goto error;
}

uint8_t output[32];

#if (MBEDTLS_VERSION_MAJOR >= 3)
if (mbedtls_sha256_finish(&ctx, output) != 0) {
#else
if (mbedtls_sha256_finish_ret(&ctx, output) != 0) {
#endif
ret_val = -1;
goto error;
}
Expand Down Expand Up @@ -872,19 +884,35 @@ static int8_t radius_client_sec_prot_response_authenticator_calc(sec_prot_t *pro

mbedtls_md5_init(&ctx);

#if (MBEDTLS_VERSION_MAJOR >= 3)
if (mbedtls_md5_starts(&ctx) != 0) {
#else
if (mbedtls_md5_starts_ret(&ctx) != 0) {
#endif
goto end;
}

#if (MBEDTLS_VERSION_MAJOR >= 3)
if (mbedtls_md5_update(&ctx, msg_ptr, msg_len) != 0) {
#else
if (mbedtls_md5_update_ret(&ctx, msg_ptr, msg_len) != 0) {
#endif
goto end;
}

#if (MBEDTLS_VERSION_MAJOR >= 3)
if (mbedtls_md5_update(&ctx, key, key_len) != 0) {
#else
if (mbedtls_md5_update_ret(&ctx, key, key_len) != 0) {
#endif
goto end;
}

#if (MBEDTLS_VERSION_MAJOR >= 3)
if (mbedtls_md5_finish(&ctx, auth_ptr) != 0) {
#else
if (mbedtls_md5_finish_ret(&ctx, auth_ptr) != 0) {
#endif
goto end;
}

Expand Down Expand Up @@ -940,35 +968,59 @@ static int8_t radius_client_sec_prot_ms_mppe_recv_key_pmk_decrypt(sec_prot_t *pr
while (cipher_text_len >= MS_MPPE_RECV_KEY_BLOCK_LEN) {
mbedtls_md5_init(&ctx);

#if (MBEDTLS_VERSION_MAJOR >= 3)
if (mbedtls_md5_starts(&ctx) != 0) {
#else
if (mbedtls_md5_starts_ret(&ctx) != 0) {
#endif
md5_failed = true;
break;
}

#if (MBEDTLS_VERSION_MAJOR >= 3)
if (mbedtls_md5_update(&ctx, key, key_len) != 0) {
#else
if (mbedtls_md5_update_ret(&ctx, key, key_len) != 0) {
#endif
md5_failed = true;
break;
}

if (first_interm_b_value) {
// b(1) = MD5(secret + request-authenticator + salt)
#if (MBEDTLS_VERSION_MAJOR >= 3)
if (mbedtls_md5_update(&ctx, request_authenticator, MS_MPPE_RECV_KEY_BLOCK_LEN) != 0) {
#else
if (mbedtls_md5_update_ret(&ctx, request_authenticator, MS_MPPE_RECV_KEY_BLOCK_LEN) != 0) {
#endif
md5_failed = true;
break;
}
#if (MBEDTLS_VERSION_MAJOR >= 3)
if (mbedtls_md5_update(&ctx, salt_ptr, MS_MPPE_RECV_KEY_SALT_LEN) != 0) {
#else
if (mbedtls_md5_update_ret(&ctx, salt_ptr, MS_MPPE_RECV_KEY_SALT_LEN) != 0) {
#endif
md5_failed = true;
break;
}
} else {
// b(i) = MD5(secret + cipher_text(i - 1))
#if (MBEDTLS_VERSION_MAJOR >= 3)
if (mbedtls_md5_update(&ctx, cipher_text_ptr - MS_MPPE_RECV_KEY_BLOCK_LEN, MS_MPPE_RECV_KEY_BLOCK_LEN) != 0) {
#else
if (mbedtls_md5_update_ret(&ctx, cipher_text_ptr - MS_MPPE_RECV_KEY_BLOCK_LEN, MS_MPPE_RECV_KEY_BLOCK_LEN) != 0) {
#endif
md5_failed = true;
break;
}
}

#if (MBEDTLS_VERSION_MAJOR >= 3)
if (mbedtls_md5_finish(&ctx, interm_b_val) != 0) {
#else
if (mbedtls_md5_finish_ret(&ctx, interm_b_val) != 0) {
#endif
md5_failed = true;
break;
}
Expand Down
12 changes: 12 additions & 0 deletions source/Security/protocols/sec_prot_lib.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -514,19 +514,31 @@ int8_t sec_prot_lib_gtkhash_generate(uint8_t *gtk, uint8_t *gtk_hash)

mbedtls_sha256_init(&ctx);

#if (MBEDTLS_VERSION_MAJOR >= 3)
if (mbedtls_sha256_starts(&ctx, 0) != 0) {
#else
if (mbedtls_sha256_starts_ret(&ctx, 0) != 0) {
#endif
ret_val = -1;
goto error;
}

#if (MBEDTLS_VERSION_MAJOR >= 3)
if (mbedtls_sha256_update(&ctx, gtk, 16) != 0) {
#else
if (mbedtls_sha256_update_ret(&ctx, gtk, 16) != 0) {
#endif
ret_val = -1;
goto error;
}

uint8_t output[32];

#if (MBEDTLS_VERSION_MAJOR >= 3)
if (mbedtls_sha256_finish(&ctx, output) != 0) {
#else
if (mbedtls_sha256_finish_ret(&ctx, output) != 0) {
#endif
ret_val = -1;
goto error;
}
Expand Down
Loading

0 comments on commit 1af7cfe

Please sign in to comment.