Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
OpenHarmony
Third Party Wpa Supplicant
提交
df74be28
T
Third Party Wpa Supplicant
项目概览
OpenHarmony
/
Third Party Wpa Supplicant
大约 1 年 前同步成功
通知
2
Star
19
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
T
Third Party Wpa Supplicant
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
df74be28
编写于
2月 07, 2023
作者:
H
handf0830
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
support eap tls
Signed-off-by:
N
handf0830
<
handf0830@thundersoft.com
>
上级
a218b2fa
变更
4
隐藏空白更改
内联
并排
Showing
4 changed file
with
289 addition
and
0 deletion
+289
-0
wpa_supplicant-2.9_standard/BUILD.gn
wpa_supplicant-2.9_standard/BUILD.gn
+12
-0
wpa_supplicant-2.9_standard/src/crypto/tls_openssl.c
wpa_supplicant-2.9_standard/src/crypto/tls_openssl.c
+54
-0
wpa_supplicant-2.9_standard/wpa_supplicant_lib/wpa_evp_key.c
wpa_supplicant-2.9_standard/wpa_supplicant_lib/wpa_evp_key.c
+196
-0
wpa_supplicant-2.9_standard/wpa_supplicant_lib/wpa_evp_key.h
wpa_supplicant-2.9_standard/wpa_supplicant_lib/wpa_evp_key.h
+27
-0
未找到文件。
wpa_supplicant-2.9_standard/BUILD.gn
浏览文件 @
df74be28
...
...
@@ -18,6 +18,7 @@ WPA_ROOT_DIR = "//third_party/wpa_supplicant/wpa_supplicant-2.9_standard"
declare_args() {
wpa_supplicant_driver_nl80211_hisi = false
wpa_supplicant_driver_nl80211 = false
wpa_supplicant_ohos_certmgr = true
}
if (wpa_supplicant_driver_nl80211_hisi) {
...
...
@@ -407,6 +408,17 @@ ohos_shared_library("wpa") {
}
}
if (wpa_supplicant_ohos_certmgr) {
sources += [ "$WPA_ROOT_DIR/wpa_supplicant_lib/wpa_evp_key.c" ]
deps += [ "//base/security/certificate_manager/interfaces/innerkits/cert_manager_standard/main:cert_manager_sdk" ]
include_dirs += [
"//base/security/certificate_manager/frameworks/cert_manager_standard/main/common/include",
"//base/security/certificate_manager/interfaces/innerkits/cert_manager_standard/main/include",
"//third_party/openssl",
]
defines += [ "CONFIG_OHOS_CERTMGR" ]
}
configs = [ ":wpa_warnings" ]
part_name = "wpa_supplicant-2.9"
subsystem_name = "wpa_supplicant-2.9"
...
...
wpa_supplicant-2.9_standard/src/crypto/tls_openssl.c
浏览文件 @
df74be28
...
...
@@ -37,6 +37,9 @@
#include "sha256.h"
#include "tls.h"
#include "tls_openssl.h"
#ifdef CONFIG_OHOS_CERTMGR
#include "wpa_evp_key.h"
#endif
#if !defined(CONFIG_FIPS) && \
(defined(EAP_FAST) || defined(EAP_FAST_DYNAMIC) || \
...
...
@@ -3340,6 +3343,32 @@ static int tls_connection_client_cert(struct tls_connection *conn,
}
#endif
/* ANDROID */
#ifdef CONFIG_OHOS_CERTMGR
int
ret
=
-
1
;
X509
*
x509
=
NULL
;
BIO
*
bio
=
BIO_from_cm
(
&
client_cert
[
0
]);
if
(
bio
)
x509
=
PEM_read_bio_X509
(
bio
,
NULL
,
NULL
,
NULL
);
if
(
x509
)
{
if
(
SSL_use_certificate
(
conn
->
ssl
,
x509
)
==
1
)
ret
=
0
;
X509_free
(
x509
);
}
/* Read additional certificates into the chain. */
while
(
bio
)
{
x509
=
PEM_read_bio_X509
(
bio
,
NULL
,
NULL
,
NULL
);
if
(
x509
)
{
/* Takes ownership of x509 */
SSL_add0_chain_cert
(
conn
->
ssl
,
x509
);
}
else
{
BIO_free
(
bio
);
bio
=
NULL
;
}
}
return
ret
;
#endif
#ifndef OPENSSL_NO_STDIO
if
(
SSL_use_certificate_file
(
conn
->
ssl
,
client_cert
,
SSL_FILETYPE_ASN1
)
==
1
)
{
...
...
@@ -3779,6 +3808,24 @@ static int tls_use_private_key_file(struct tls_data *data, SSL *ssl,
#endif
/* OPENSSL_NO_STDIO */
}
#ifdef CONFIG_OHOS_CERTMGR
static
int
tls_use_cm_key
(
struct
tls_data
*
data
,
SSL
*
ssl
,
const
char
*
private_key
)
{
int
ret
;
EVP_PKEY
*
pkey
=
GET_EVP_PKEY
(
private_key
);
if
(
pkey
==
NULL
)
{
wpa_printf
(
MSG_DEBUG
,
"can not get evp pkey"
);
return
-
1
;
}
if
(
ssl
)
ret
=
SSL_use_PrivateKey
(
ssl
,
pkey
);
else
ret
=
SSL_CTX_use_PrivateKey
(
data
->
ssl
,
pkey
);
EVP_PKEY_free
(
pkey
);
return
ret
==
1
?
0
:
-
1
;
}
#endif
static
int
tls_connection_private_key
(
struct
tls_data
*
data
,
struct
tls_connection
*
conn
,
...
...
@@ -3868,6 +3915,13 @@ static int tls_connection_private_key(struct tls_data *data,
}
while
(
!
ok
&&
private_key
)
{
#ifdef CONFIG_OHOS_CERTMGR
if
(
tls_use_cm_key
(
data
,
conn
->
ssl
,
private_key
)
==
0
)
{
ok
=
1
;
break
;
}
#endif
if
(
tls_use_private_key_file
(
data
,
conn
->
ssl
,
private_key
,
private_key_passwd
)
==
0
)
{
ok
=
1
;
...
...
wpa_supplicant-2.9_standard/wpa_supplicant_lib/wpa_evp_key.c
0 → 100644
浏览文件 @
df74be28
/*
* Copyright (c) 2022 Huawei Device Co., Ltd.
*
* This software may be distributed under the terms of the BSD license.
* See README for more details.
*/
#include "wpa_evp_key.h"
#include <stdlib.h>
#include <string.h>
#include <crypto/evp.h>
#include <crypto/rsa/rsa_local.h>
#include <crypto/x509.h>
#include <openssl/asn1.h>
#include <openssl/crypto.h>
#include <openssl/engine.h>
#include <openssl/ossl_typ.h>
#include <openssl/rsa.h>
#include <openssl/x509.h>
#include "cert_manager_api.h"
#include "common.h"
static
char
g_key_uri
[
MAX_LEN_URI
];
static
RSA_METHOD
g_rsa_method
;
static
int
cm_sign
(
const
struct
CmBlob
*
keyUri
,
const
struct
CmBlob
*
message
,
struct
CmBlob
*
signature
)
{
int32_t
ret
;
uint64_t
handleValue
=
0
;
struct
CmBlob
handle
=
{
sizeof
(
uint64_t
),
(
uint8_t
*
)
&
handleValue
};
struct
CmSignatureSpec
spec
=
{
CM_KEY_PURPOSE_SIGN
,
CM_PADDING_PKCS1_V1_5
,
CM_DIGEST_NONE
};
ret
=
CmInit
(
keyUri
,
&
spec
,
&
handle
);
if
(
ret
!=
CM_SUCCESS
)
{
wpa_printf
(
MSG_DEBUG
,
"sign CmInit failed"
);
return
0
;
}
ret
=
CmUpdate
(
&
handle
,
message
);
if
(
ret
!=
CM_SUCCESS
)
{
wpa_printf
(
MSG_DEBUG
,
"sign CmUpdate failed"
);
return
0
;
}
struct
CmBlob
inDataFinish
=
{
0
,
NULL
};
ret
=
CmFinish
(
&
handle
,
&
inDataFinish
,
signature
);
if
(
ret
!=
CM_SUCCESS
)
{
wpa_printf
(
MSG_DEBUG
,
"sign CmFinish failed"
);
return
0
;
}
ret
=
CmAbort
(
&
handle
);
if
(
ret
!=
CM_SUCCESS
)
{
wpa_printf
(
MSG_DEBUG
,
"sign CmAbort failed"
);
}
return
1
;
}
int
rsa_sign
(
int
type
,
const
unsigned
char
*
m
,
unsigned
int
m_length
,
unsigned
char
*
sigret
,
unsigned
int
*
siglen
,
const
RSA
*
rsa
)
{
int
ret
;
struct
CmBlob
keyUri
=
{
sizeof
(
g_key_uri
),
(
uint8_t
*
)
g_key_uri
};
struct
CmBlob
message
=
{
m_length
,
(
uint8_t
*
)
m
};
uint8_t
signData
[
DEFAULT_SIGNATURE_LEN
]
=
{
0
};
struct
CmBlob
signature
=
{
DEFAULT_SIGNATURE_LEN
,
(
uint8_t
*
)
signData
};
wpa_printf
(
MSG_DEBUG
,
"%s type:%d m:%d m_len:%u"
,
__func__
,
type
,
m
==
NULL
,
m_length
);
ret
=
cm_sign
(
&
keyUri
,
&
message
,
&
signature
);
if
(
ret
&&
signature
.
size
>
0
)
{
*
siglen
=
signature
.
size
;
os_memcpy
(
sigret
,
signature
.
data
,
signature
.
size
);
wpa_printf
(
MSG_ERROR
,
"%s sign len:%u"
,
__func__
,
signature
.
size
);
return
1
;
}
return
0
;
}
static
EVP_PKEY
*
wrap_rsa
(
const
char
*
key_id
,
const
RSA
*
public_rsa
)
{
RSA
*
rsa
=
RSA_new
();
if
(
rsa
==
NULL
)
{
wpa_printf
(
MSG_ERROR
,
"%s rsa is NULL"
,
__func__
);
return
NULL
;
}
os_memset
(
&
g_rsa_method
,
0
,
sizeof
(
RSA_METHOD
));
g_rsa_method
.
rsa_sign
=
rsa_sign
;
RSA_set_method
(
rsa
,
&
g_rsa_method
);
rsa
->
n
=
BN_dup
(
public_rsa
->
n
);
rsa
->
e
=
BN_dup
(
public_rsa
->
e
);
EVP_PKEY
*
result
=
EVP_PKEY_new
();
if
(
result
!=
NULL
&&
!
EVP_PKEY_assign_RSA
(
result
,
rsa
))
{
wpa_printf
(
MSG_ERROR
,
"%s assign rsa fail"
,
__func__
);
RSA_free
(
rsa
);
EVP_PKEY_free
(
result
);
return
NULL
;
}
os_memset
(
g_key_uri
,
0
,
sizeof
(
g_key_uri
));
if
(
strlen
(
key_id
)
<
sizeof
(
g_key_uri
))
os_memcpy
(
g_key_uri
,
key_id
,
strlen
(
key_id
));
return
result
;
}
static
EVP_PKEY
*
get_pubkey
(
const
char
*
key_id
)
{
BIO
*
bio
=
BIO_from_cm
(
key_id
);
if
(
bio
==
NULL
)
{
wpa_printf
(
MSG_ERROR
,
"%s bio is null"
,
__func__
);
return
NULL
;
}
X509
*
decoded_cert
=
PEM_read_bio_X509
(
bio
,
NULL
,
NULL
,
NULL
);
if
(
decoded_cert
==
NULL
)
{
wpa_printf
(
MSG_ERROR
,
"%s decoded cert is null"
,
__func__
);
return
NULL
;
}
return
X509_get_pubkey
(
decoded_cert
);
}
EVP_PKEY
*
GET_EVP_PKEY
(
const
char
*
key_id
)
{
int
key_type
;
EVP_PKEY
*
wrap_key
=
NULL
;
RSA
*
public_rsa
=
NULL
;
EVP_PKEY
*
pub_key
=
NULL
;
if
(
key_id
==
NULL
)
{
wpa_printf
(
MSG_ERROR
,
"key id is NULL"
);
return
NULL
;
}
pub_key
=
get_pubkey
(
key_id
);
if
(
pub_key
==
NULL
)
{
wpa_printf
(
MSG_ERROR
,
"pub key is NULL"
);
return
NULL
;
}
key_type
=
EVP_PKEY_type
(
pub_key
->
type
);
if
(
key_type
!=
EVP_PKEY_RSA
)
{
wpa_printf
(
MSG_ERROR
,
"unsupported key type:%d"
,
key_type
);
EVP_PKEY_free
(
pub_key
);
return
NULL
;
}
public_rsa
=
EVP_PKEY_get0_RSA
(
pub_key
);
if
(
public_rsa
==
NULL
)
{
wpa_printf
(
MSG_ERROR
,
"public_rsa is NULL"
);
EVP_PKEY_free
(
pub_key
);
return
NULL
;
}
wrap_key
=
wrap_rsa
(
key_id
,
public_rsa
);
EVP_PKEY_free
(
pub_key
);
return
wrap_key
;
}
BIO
*
BIO_from_cm
(
const
char
*
key_id
)
{
BIO
*
bio
=
NULL
;
struct
Credential
certificate
=
{
0
};
uint32_t
store
=
CM_PRI_CREDENTIAL_STORE
;
struct
CmBlob
keyUri
;
if
(
key_id
==
NULL
)
{
wpa_printf
(
MSG_ERROR
,
"key id is NULL"
);
return
NULL
;
}
keyUri
.
size
=
strlen
(
key_id
)
+
1
;
keyUri
.
data
=
(
uint8_t
*
)
key_id
;
certificate
.
credData
.
data
=
(
uint8_t
*
)
malloc
(
MAX_LEN_CERTIFICATE_CHAIN
);
if
(
certificate
.
credData
.
data
==
NULL
)
{
wpa_printf
(
MSG_ERROR
,
"%s malloc fail"
,
__func__
);
return
bio
;
}
certificate
.
credData
.
size
=
MAX_LEN_CERTIFICATE_CHAIN
;
int
ret
=
CmGetAppCert
(
&
keyUri
,
store
,
&
certificate
);
if
(
ret
!=
0
)
{
wpa_printf
(
MSG_ERROR
,
"%s key:%s, size:%u, ret:%d"
,
__func__
,
key_id
,
certificate
.
credData
.
size
,
ret
);
free
(
certificate
.
credData
.
data
);
return
bio
;
}
wpa_printf
(
MSG_DEBUG
,
"%s key:%s, size:%u"
,
__func__
,
key_id
,
certificate
.
credData
.
size
);
if
(
certificate
.
credData
.
size
>
0
)
bio
=
BIO_new_mem_buf
(
certificate
.
credData
.
data
,
certificate
.
credData
.
size
);
free
(
certificate
.
credData
.
data
);
return
bio
;
}
wpa_supplicant-2.9_standard/wpa_supplicant_lib/wpa_evp_key.h
0 → 100644
浏览文件 @
df74be28
/*
* Copyright (c) 2022 Huawei Device Co., Ltd.
*
* This software may be distributed under the terms of the BSD license.
* See README for more details.
*/
#ifndef WPA_EVP_KEY_H
#define WPA_EVP_KEY_H
#include <openssl/evp.h>
#include "cert_manager_api.h"
#ifdef __cplusplus
extern
"C"
{
#endif
#define DEFAULT_SIGNATURE_LEN 1024
EVP_PKEY
*
GET_EVP_PKEY
(
const
char
*
key_id
);
BIO
*
BIO_from_cm
(
const
char
*
key_id
);
#ifdef __cplusplus
}
#endif
#endif // WPA_EVP_KEY_H
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录