mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2024-11-25 00:38:24 -05:00
DPP2: Include E-nonce in reconfig ke derivation
This was changed in the protocol design to include nonce from both devices, so update implementation to match. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit is contained in:
parent
4ae5e459dd
commit
10c3e58b27
@ -19,6 +19,7 @@
|
|||||||
#include "utils/json.h"
|
#include "utils/json.h"
|
||||||
#include "common/ieee802_11_defs.h"
|
#include "common/ieee802_11_defs.h"
|
||||||
#include "crypto/crypto.h"
|
#include "crypto/crypto.h"
|
||||||
|
#include "crypto/random.h"
|
||||||
#include "crypto/sha384.h"
|
#include "crypto/sha384.h"
|
||||||
#include "crypto/sha512.h"
|
#include "crypto/sha512.h"
|
||||||
#include "dpp.h"
|
#include "dpp.h"
|
||||||
@ -2269,6 +2270,7 @@ int dpp_reconfig_derive_ke_responder(struct dpp_authentication *auth,
|
|||||||
u8 prk[DPP_MAX_HASH_LEN];
|
u8 prk[DPP_MAX_HASH_LEN];
|
||||||
const struct dpp_curve_params *curve;
|
const struct dpp_curve_params *curve;
|
||||||
int res = -1;
|
int res = -1;
|
||||||
|
u8 nonces[2 * DPP_MAX_NONCE_LEN];
|
||||||
|
|
||||||
own_key = dpp_set_keypair(&auth->curve, net_access_key,
|
own_key = dpp_set_keypair(&auth->curve, net_access_key,
|
||||||
net_access_key_len);
|
net_access_key_len);
|
||||||
@ -2293,6 +2295,13 @@ int dpp_reconfig_derive_ke_responder(struct dpp_authentication *auth,
|
|||||||
if (!auth->own_protocol_key)
|
if (!auth->own_protocol_key)
|
||||||
goto fail;
|
goto fail;
|
||||||
|
|
||||||
|
if (random_get_bytes(auth->e_nonce, auth->curve->nonce_len)) {
|
||||||
|
wpa_printf(MSG_ERROR, "DPP: Failed to generate E-nonce");
|
||||||
|
goto fail;
|
||||||
|
}
|
||||||
|
wpa_hexdump_key(MSG_DEBUG, "DPP: E-nonce",
|
||||||
|
auth->e_nonce, auth->curve->nonce_len);
|
||||||
|
|
||||||
/* M = { cR + pR } * CI */
|
/* M = { cR + pR } * CI */
|
||||||
cR = EVP_PKEY_get0_EC_KEY(own_key);
|
cR = EVP_PKEY_get0_EC_KEY(own_key);
|
||||||
pR = EVP_PKEY_get0_EC_KEY(auth->own_protocol_key);
|
pR = EVP_PKEY_get0_EC_KEY(auth->own_protocol_key);
|
||||||
@ -2325,10 +2334,12 @@ int dpp_reconfig_derive_ke_responder(struct dpp_authentication *auth,
|
|||||||
goto fail;
|
goto fail;
|
||||||
wpa_hexdump_key(MSG_DEBUG, "DPP: M.x", Mx, curve->prime_len);
|
wpa_hexdump_key(MSG_DEBUG, "DPP: M.x", Mx, curve->prime_len);
|
||||||
|
|
||||||
/* ke = HKDF(C-nonce, "dpp reconfig key", M.x) */
|
/* ke = HKDF(C-nonce | E-nonce, "dpp reconfig key", M.x) */
|
||||||
|
|
||||||
/* HKDF-Extract(C-nonce, M.x) */
|
/* HKDF-Extract(C-nonce | E-nonce, M.x) */
|
||||||
if (dpp_hmac(curve->hash_len, auth->c_nonce, curve->nonce_len,
|
os_memcpy(nonces, auth->c_nonce, curve->nonce_len);
|
||||||
|
os_memcpy(&nonces[curve->nonce_len], auth->e_nonce, curve->nonce_len);
|
||||||
|
if (dpp_hmac(curve->hash_len, nonces, 2 * curve->nonce_len,
|
||||||
Mx, curve->prime_len, prk) < 0)
|
Mx, curve->prime_len, prk) < 0)
|
||||||
goto fail;
|
goto fail;
|
||||||
wpa_hexdump_key(MSG_DEBUG, "DPP: PRK", prk, curve->hash_len);
|
wpa_hexdump_key(MSG_DEBUG, "DPP: PRK", prk, curve->hash_len);
|
||||||
@ -2338,7 +2349,7 @@ int dpp_reconfig_derive_ke_responder(struct dpp_authentication *auth,
|
|||||||
"dpp reconfig key", auth->ke, curve->hash_len) < 0)
|
"dpp reconfig key", auth->ke, curve->hash_len) < 0)
|
||||||
goto fail;
|
goto fail;
|
||||||
wpa_hexdump_key(MSG_DEBUG,
|
wpa_hexdump_key(MSG_DEBUG,
|
||||||
"DPP: ke = HKDF(C-nonce, \"dpp reconfig key\", M.x)",
|
"DPP: ke = HKDF(C-nonce | E-nonce, \"dpp reconfig key\", M.x)",
|
||||||
auth->ke, curve->hash_len);
|
auth->ke, curve->hash_len);
|
||||||
|
|
||||||
res = 0;
|
res = 0;
|
||||||
@ -2375,6 +2386,7 @@ int dpp_reconfig_derive_ke_initiator(struct dpp_authentication *auth,
|
|||||||
u8 prk[DPP_MAX_HASH_LEN];
|
u8 prk[DPP_MAX_HASH_LEN];
|
||||||
int res = -1;
|
int res = -1;
|
||||||
const struct dpp_curve_params *curve;
|
const struct dpp_curve_params *curve;
|
||||||
|
u8 nonces[2 * DPP_MAX_NONCE_LEN];
|
||||||
|
|
||||||
pr = dpp_set_pubkey_point(auth->conf->connector_key,
|
pr = dpp_set_pubkey_point(auth->conf->connector_key,
|
||||||
r_proto, r_proto_len);
|
r_proto, r_proto_len);
|
||||||
@ -2420,10 +2432,12 @@ int dpp_reconfig_derive_ke_initiator(struct dpp_authentication *auth,
|
|||||||
|
|
||||||
wpa_hexdump_key(MSG_DEBUG, "DPP: M.x", Mx, curve->prime_len);
|
wpa_hexdump_key(MSG_DEBUG, "DPP: M.x", Mx, curve->prime_len);
|
||||||
|
|
||||||
/* ke = HKDF(C-nonce, "dpp reconfig key", M.x) */
|
/* ke = HKDF(C-nonce | E-nonce, "dpp reconfig key", M.x) */
|
||||||
|
|
||||||
/* HKDF-Extract(C-nonce, M.x) */
|
/* HKDF-Extract(C-nonce | E-nonce, M.x) */
|
||||||
if (dpp_hmac(curve->hash_len, auth->c_nonce, curve->nonce_len,
|
os_memcpy(nonces, auth->c_nonce, curve->nonce_len);
|
||||||
|
os_memcpy(&nonces[curve->nonce_len], auth->e_nonce, curve->nonce_len);
|
||||||
|
if (dpp_hmac(curve->hash_len, nonces, 2 * curve->nonce_len,
|
||||||
Mx, curve->prime_len, prk) < 0)
|
Mx, curve->prime_len, prk) < 0)
|
||||||
goto fail;
|
goto fail;
|
||||||
wpa_hexdump_key(MSG_DEBUG, "DPP: PRK", prk, curve->hash_len);
|
wpa_hexdump_key(MSG_DEBUG, "DPP: PRK", prk, curve->hash_len);
|
||||||
@ -2433,7 +2447,7 @@ int dpp_reconfig_derive_ke_initiator(struct dpp_authentication *auth,
|
|||||||
"dpp reconfig key", auth->ke, curve->hash_len) < 0)
|
"dpp reconfig key", auth->ke, curve->hash_len) < 0)
|
||||||
goto fail;
|
goto fail;
|
||||||
wpa_hexdump_key(MSG_DEBUG,
|
wpa_hexdump_key(MSG_DEBUG,
|
||||||
"DPP: ke = HKDF(C-nonce, \"dpp reconfig key\", M.x)",
|
"DPP: ke = HKDF(C-nonce | E-nonce, \"dpp reconfig key\", M.x)",
|
||||||
auth->ke, curve->hash_len);
|
auth->ke, curve->hash_len);
|
||||||
|
|
||||||
res = 0;
|
res = 0;
|
||||||
|
@ -533,13 +533,6 @@ dpp_reconfig_auth_req_rx(struct dpp_global *dpp, void *msg_ctx,
|
|||||||
goto fail;
|
goto fail;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (random_get_bytes(auth->e_nonce, auth->curve->nonce_len)) {
|
|
||||||
wpa_printf(MSG_ERROR, "DPP: Failed to generate E-nonce");
|
|
||||||
goto fail;
|
|
||||||
}
|
|
||||||
wpa_hexdump_key(MSG_DEBUG, "DPP: E-nonce",
|
|
||||||
auth->e_nonce, auth->curve->nonce_len);
|
|
||||||
|
|
||||||
/* Build Connection Status object */
|
/* Build Connection Status object */
|
||||||
/* TODO: Get appropriate result value */
|
/* TODO: Get appropriate result value */
|
||||||
/* TODO: ssid64 and channelList */
|
/* TODO: ssid64 and channelList */
|
||||||
|
Loading…
Reference in New Issue
Block a user