mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2024-11-28 10:18:21 -05:00
DPP2: Include E-nonce in reconfig ke derivation
This was changed in the protocol design to include nonce from both devices, so update implementation to match. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit is contained in:
parent
4ae5e459dd
commit
10c3e58b27
@ -19,6 +19,7 @@
|
||||
#include "utils/json.h"
|
||||
#include "common/ieee802_11_defs.h"
|
||||
#include "crypto/crypto.h"
|
||||
#include "crypto/random.h"
|
||||
#include "crypto/sha384.h"
|
||||
#include "crypto/sha512.h"
|
||||
#include "dpp.h"
|
||||
@ -2269,6 +2270,7 @@ int dpp_reconfig_derive_ke_responder(struct dpp_authentication *auth,
|
||||
u8 prk[DPP_MAX_HASH_LEN];
|
||||
const struct dpp_curve_params *curve;
|
||||
int res = -1;
|
||||
u8 nonces[2 * DPP_MAX_NONCE_LEN];
|
||||
|
||||
own_key = dpp_set_keypair(&auth->curve, net_access_key,
|
||||
net_access_key_len);
|
||||
@ -2293,6 +2295,13 @@ int dpp_reconfig_derive_ke_responder(struct dpp_authentication *auth,
|
||||
if (!auth->own_protocol_key)
|
||||
goto fail;
|
||||
|
||||
if (random_get_bytes(auth->e_nonce, auth->curve->nonce_len)) {
|
||||
wpa_printf(MSG_ERROR, "DPP: Failed to generate E-nonce");
|
||||
goto fail;
|
||||
}
|
||||
wpa_hexdump_key(MSG_DEBUG, "DPP: E-nonce",
|
||||
auth->e_nonce, auth->curve->nonce_len);
|
||||
|
||||
/* M = { cR + pR } * CI */
|
||||
cR = EVP_PKEY_get0_EC_KEY(own_key);
|
||||
pR = EVP_PKEY_get0_EC_KEY(auth->own_protocol_key);
|
||||
@ -2325,10 +2334,12 @@ int dpp_reconfig_derive_ke_responder(struct dpp_authentication *auth,
|
||||
goto fail;
|
||||
wpa_hexdump_key(MSG_DEBUG, "DPP: M.x", Mx, curve->prime_len);
|
||||
|
||||
/* ke = HKDF(C-nonce, "dpp reconfig key", M.x) */
|
||||
/* ke = HKDF(C-nonce | E-nonce, "dpp reconfig key", M.x) */
|
||||
|
||||
/* HKDF-Extract(C-nonce, M.x) */
|
||||
if (dpp_hmac(curve->hash_len, auth->c_nonce, curve->nonce_len,
|
||||
/* HKDF-Extract(C-nonce | E-nonce, M.x) */
|
||||
os_memcpy(nonces, auth->c_nonce, curve->nonce_len);
|
||||
os_memcpy(&nonces[curve->nonce_len], auth->e_nonce, curve->nonce_len);
|
||||
if (dpp_hmac(curve->hash_len, nonces, 2 * curve->nonce_len,
|
||||
Mx, curve->prime_len, prk) < 0)
|
||||
goto fail;
|
||||
wpa_hexdump_key(MSG_DEBUG, "DPP: PRK", prk, curve->hash_len);
|
||||
@ -2338,7 +2349,7 @@ int dpp_reconfig_derive_ke_responder(struct dpp_authentication *auth,
|
||||
"dpp reconfig key", auth->ke, curve->hash_len) < 0)
|
||||
goto fail;
|
||||
wpa_hexdump_key(MSG_DEBUG,
|
||||
"DPP: ke = HKDF(C-nonce, \"dpp reconfig key\", M.x)",
|
||||
"DPP: ke = HKDF(C-nonce | E-nonce, \"dpp reconfig key\", M.x)",
|
||||
auth->ke, curve->hash_len);
|
||||
|
||||
res = 0;
|
||||
@ -2375,6 +2386,7 @@ int dpp_reconfig_derive_ke_initiator(struct dpp_authentication *auth,
|
||||
u8 prk[DPP_MAX_HASH_LEN];
|
||||
int res = -1;
|
||||
const struct dpp_curve_params *curve;
|
||||
u8 nonces[2 * DPP_MAX_NONCE_LEN];
|
||||
|
||||
pr = dpp_set_pubkey_point(auth->conf->connector_key,
|
||||
r_proto, r_proto_len);
|
||||
@ -2420,10 +2432,12 @@ int dpp_reconfig_derive_ke_initiator(struct dpp_authentication *auth,
|
||||
|
||||
wpa_hexdump_key(MSG_DEBUG, "DPP: M.x", Mx, curve->prime_len);
|
||||
|
||||
/* ke = HKDF(C-nonce, "dpp reconfig key", M.x) */
|
||||
/* ke = HKDF(C-nonce | E-nonce, "dpp reconfig key", M.x) */
|
||||
|
||||
/* HKDF-Extract(C-nonce, M.x) */
|
||||
if (dpp_hmac(curve->hash_len, auth->c_nonce, curve->nonce_len,
|
||||
/* HKDF-Extract(C-nonce | E-nonce, M.x) */
|
||||
os_memcpy(nonces, auth->c_nonce, curve->nonce_len);
|
||||
os_memcpy(&nonces[curve->nonce_len], auth->e_nonce, curve->nonce_len);
|
||||
if (dpp_hmac(curve->hash_len, nonces, 2 * curve->nonce_len,
|
||||
Mx, curve->prime_len, prk) < 0)
|
||||
goto fail;
|
||||
wpa_hexdump_key(MSG_DEBUG, "DPP: PRK", prk, curve->hash_len);
|
||||
@ -2433,7 +2447,7 @@ int dpp_reconfig_derive_ke_initiator(struct dpp_authentication *auth,
|
||||
"dpp reconfig key", auth->ke, curve->hash_len) < 0)
|
||||
goto fail;
|
||||
wpa_hexdump_key(MSG_DEBUG,
|
||||
"DPP: ke = HKDF(C-nonce, \"dpp reconfig key\", M.x)",
|
||||
"DPP: ke = HKDF(C-nonce | E-nonce, \"dpp reconfig key\", M.x)",
|
||||
auth->ke, curve->hash_len);
|
||||
|
||||
res = 0;
|
||||
|
@ -533,13 +533,6 @@ dpp_reconfig_auth_req_rx(struct dpp_global *dpp, void *msg_ctx,
|
||||
goto fail;
|
||||
}
|
||||
|
||||
if (random_get_bytes(auth->e_nonce, auth->curve->nonce_len)) {
|
||||
wpa_printf(MSG_ERROR, "DPP: Failed to generate E-nonce");
|
||||
goto fail;
|
||||
}
|
||||
wpa_hexdump_key(MSG_DEBUG, "DPP: E-nonce",
|
||||
auth->e_nonce, auth->curve->nonce_len);
|
||||
|
||||
/* Build Connection Status object */
|
||||
/* TODO: Get appropriate result value */
|
||||
/* TODO: ssid64 and channelList */
|
||||
|
Loading…
Reference in New Issue
Block a user