提交 1b232d77 编写于 作者: 徐杰

modify code for EAP-TLS/PEAP/TTLS/PWD

Signed-off-by: N徐杰 <xujie223@huawei.com>
上级 8bc17e57
......@@ -293,6 +293,7 @@ wpa_base_sources = [
"$WPA_ROOT_DIR/src/eap_common/eap_sim_common.c",
"$WPA_ROOT_DIR/src/eap_common/eap_wsc_common.c",
"$WPA_ROOT_DIR/src/eap_peer/eap_aka.c",
"$WPA_ROOT_DIR/src/eap_peer/eap_gtc.c",
"$WPA_ROOT_DIR/src/eap_peer/eap_mschapv2.c",
"$WPA_ROOT_DIR/src/eap_peer/eap_peap.c",
"$WPA_ROOT_DIR/src/eap_peer/eap_pwd.c",
......@@ -411,6 +412,8 @@ ohos_shared_library("wpa") {
"-DCONFIG_SAE",
"-DCONFIG_SME",
"-DCONFIG_WEP",
"-DPKCS12_FUNCS",
"-DEAP_GTC",
]
if ("${CONFIG_CTRL_IFACE}" == "udp") {
cflags += [ "-DCONFIG_CTRL_IFACE_UDP" ]
......@@ -555,6 +558,8 @@ ohos_shared_library("wpa_updater") {
"-DCONFIG_SAE",
"-DCONFIG_SME",
"-DCONFIG_WEP",
"-DPKCS12_FUNCS",
"-DEAP_GTC",
]
if ("${CONFIG_CTRL_IFACE}" == "udp") {
cflags += [ "-DCONFIG_CTRL_IFACE_UDP" ]
......
......@@ -41,6 +41,8 @@
#include "wpa_evp_key.h"
#endif
#define OH_PREFIX "oh:"
#if !defined(CONFIG_FIPS) && \
(defined(EAP_FAST) || defined(EAP_FAST_DYNAMIC) || \
defined(EAP_SERVER_FAST))
......@@ -3344,29 +3346,55 @@ static int tls_connection_client_cert(struct tls_connection *conn,
#endif /* ANDROID */
#ifdef CONFIG_OHOS_CERTMGR
int ret = -1;
X509 *x509 = NULL;
BIO *bio = BIO_from_cm(&client_cert[0]);
if (bio)
x509 = PEM_read_bio_X509(bio, NULL, NULL, NULL);
if (x509) {
if (SSL_use_certificate(conn->ssl, x509) == 1)
ret = 0;
X509_free(x509);
}
/* Read additional certificates into the chain. */
while (bio) {
x509 = PEM_read_bio_X509(bio, NULL, NULL, NULL);
if (x509) {
/* Takes ownership of x509 */
SSL_add0_chain_cert(conn->ssl, x509);
} else {
BIO_free(bio);
bio = NULL;
}
}
return ret;
if (os_strncmp(OH_PREFIX, client_cert, os_strlen(OH_PREFIX)) == 0) {
int ret = -1;
X509 *x509 = NULL;
struct Credential certificate = { 0 };
certificate.credData.data = (uint8_t *)malloc(MAX_LEN_CERTIFICATE_CHAIN);
if (certificate.credData.data == NULL) {
wpa_printf(MSG_ERROR, "%s malloc certificate.credData.data fail", __func__);
return -1;
}
BIO *bio = BIO_from_cm(&client_cert[0], certificate);
if (!bio) {
wpa_printf(MSG_DEBUG, "tls_connection_client_cert: bio = NULL");
if (certificate.credData.data != NULL) {
free(certificate.credData.data);
}
return -1;
}
if (bio) {
x509 = PEM_read_bio_X509(bio, NULL, NULL, NULL);
}
if (x509) {
if (SSL_use_certificate(conn->ssl, x509) == 1) {
ret = 0;
}
X509_free(x509);
}
/* Read additional certificates into the chain. */
while (bio) {
x509 = PEM_read_bio_X509(bio, NULL, NULL, NULL);
if (x509) {
/* Takes ownership of x509 */
SSL_add0_chain_cert(conn->ssl, x509);
} else {
BIO_free(bio);
bio = NULL;
}
}
if (certificate.credData.data != NULL) {
free(certificate.credData.data);
}
return ret;
}
#endif
#ifndef OPENSSL_NO_STDIO
......
......@@ -206,7 +206,7 @@ void wpa_debug_close_linux_tracing(void)
#endif // LOG_TAG
#define LOG_DOMAIN 0xD0015C0
#define LOG_TAG "wpa_supplicant"
#define WPA_MAX_LOG_CHAR 1024
#define WPA_MAX_LOG_CHAR 8196
#define WPA_PROP_KEY_DEBUG_ON "persist.sys.wpa_debug_on"
#define PARAM_VALUE_MAX_LEN 10
......
......@@ -107,13 +107,28 @@ static EVP_PKEY *wrap_rsa(const char *key_id, const RSA *public_rsa)
static EVP_PKEY* get_pubkey(const char *key_id)
{
BIO* bio = BIO_from_cm(key_id);
struct Credential certificate = { 0 };
certificate.credData.data = (uint8_t *)malloc(MAX_LEN_CERTIFICATE_CHAIN);
if (certificate.credData.data == NULL) {
wpa_printf(MSG_ERROR, "%s malloc certificate.credData.data fail", __func__);
return NULL;
}
BIO* bio = BIO_from_cm(key_id, certificate);
if (bio == NULL) {
wpa_printf(MSG_ERROR, "%s bio is null", __func__);
if (certificate.credData.data != NULL) {
free(certificate.credData.data);
}
return NULL;
}
X509 *decoded_cert = PEM_read_bio_X509(bio, NULL, NULL, NULL);
if (certificate.credData.data != NULL) {
free(certificate.credData.data);
}
if (decoded_cert == NULL) {
wpa_printf(MSG_ERROR, "%s decoded cert is null", __func__);
return NULL;
......@@ -156,10 +171,9 @@ EVP_PKEY *GET_EVP_PKEY(const char *key_id)
return wrap_key;
}
BIO *BIO_from_cm(const char *key_id)
BIO *BIO_from_cm(const char *key_id, struct Credential certificate)
{
BIO *bio = NULL;
struct Credential certificate = { 0 };
uint32_t store = CM_PRI_CREDENTIAL_STORE;
struct CmBlob keyUri;
......@@ -170,17 +184,11 @@ BIO *BIO_from_cm(const char *key_id)
keyUri.size = strlen(key_id) + 1;
keyUri.data = (uint8_t *)key_id;
certificate.credData.data = (uint8_t *)malloc(MAX_LEN_CERTIFICATE_CHAIN);
if (certificate.credData.data == NULL) {
wpa_printf(MSG_ERROR, "%s malloc fail", __func__);
return bio;
}
certificate.credData.size = MAX_LEN_CERTIFICATE_CHAIN;
int ret = CmGetAppCert(&keyUri, store, &certificate);
if (ret != 0) {
wpa_printf(MSG_ERROR, "%s key:%s, size:%u, ret:%d", __func__,
key_id, certificate.credData.size, ret);
free(certificate.credData.data);
return bio;
}
......@@ -190,6 +198,5 @@ BIO *BIO_from_cm(const char *key_id)
if (certificate.credData.size > 0)
bio = BIO_new_mem_buf(certificate.credData.data, certificate.credData.size);
free(certificate.credData.data);
return bio;
}
......@@ -18,7 +18,7 @@ extern "C" {
#define DEFAULT_SIGNATURE_LEN 1024
EVP_PKEY *GET_EVP_PKEY(const char *key_id);
BIO *BIO_from_cm(const char *key_id);
BIO *BIO_from_cm(const char *key_id, struct Credential certificate);
#ifdef __cplusplus
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册