mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2025-01-18 10:54:03 -05:00
DPP: Move signed connector checking into a helper function
This can be reused for similar need with reconfiguration. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit is contained in:
parent
94a28a4940
commit
94f73f90ef
@ -6521,9 +6521,6 @@ dpp_peer_intro(struct dpp_introduction *intro, const char *own_connector,
|
|||||||
struct wpabuf *own_key_pub = NULL;
|
struct wpabuf *own_key_pub = NULL;
|
||||||
const struct dpp_curve_params *curve, *own_curve;
|
const struct dpp_curve_params *curve, *own_curve;
|
||||||
struct dpp_signed_connector_info info;
|
struct dpp_signed_connector_info info;
|
||||||
const unsigned char *p;
|
|
||||||
EVP_PKEY *csign = NULL;
|
|
||||||
char *signed_connector = NULL;
|
|
||||||
size_t Nx_len;
|
size_t Nx_len;
|
||||||
u8 Nx[DPP_MAX_SHARED_SECRET_LEN];
|
u8 Nx[DPP_MAX_SHARED_SECRET_LEN];
|
||||||
|
|
||||||
@ -6532,14 +6529,6 @@ dpp_peer_intro(struct dpp_introduction *intro, const char *own_connector,
|
|||||||
if (expiry)
|
if (expiry)
|
||||||
*expiry = 0;
|
*expiry = 0;
|
||||||
|
|
||||||
p = csign_key;
|
|
||||||
csign = d2i_PUBKEY(NULL, &p, csign_key_len);
|
|
||||||
if (!csign) {
|
|
||||||
wpa_printf(MSG_ERROR,
|
|
||||||
"DPP: Failed to parse local C-sign-key information");
|
|
||||||
goto fail;
|
|
||||||
}
|
|
||||||
|
|
||||||
own_key = dpp_set_keypair(&own_curve, net_access_key,
|
own_key = dpp_set_keypair(&own_curve, net_access_key,
|
||||||
net_access_key_len);
|
net_access_key_len);
|
||||||
if (!own_key) {
|
if (!own_key) {
|
||||||
@ -6551,15 +6540,8 @@ dpp_peer_intro(struct dpp_introduction *intro, const char *own_connector,
|
|||||||
if (!own_root)
|
if (!own_root)
|
||||||
goto fail;
|
goto fail;
|
||||||
|
|
||||||
wpa_hexdump_ascii(MSG_DEBUG, "DPP: Peer signedConnector",
|
res = dpp_check_signed_connector(&info, csign_key, csign_key_len,
|
||||||
peer_connector, peer_connector_len);
|
peer_connector, peer_connector_len);
|
||||||
signed_connector = os_malloc(peer_connector_len + 1);
|
|
||||||
if (!signed_connector)
|
|
||||||
goto fail;
|
|
||||||
os_memcpy(signed_connector, peer_connector, peer_connector_len);
|
|
||||||
signed_connector[peer_connector_len] = '\0';
|
|
||||||
|
|
||||||
res = dpp_process_signed_connector(&info, csign, signed_connector);
|
|
||||||
if (res != DPP_STATUS_OK) {
|
if (res != DPP_STATUS_OK) {
|
||||||
ret = res;
|
ret = res;
|
||||||
goto fail;
|
goto fail;
|
||||||
@ -6640,12 +6622,10 @@ fail:
|
|||||||
if (ret != DPP_STATUS_OK)
|
if (ret != DPP_STATUS_OK)
|
||||||
os_memset(intro, 0, sizeof(*intro));
|
os_memset(intro, 0, sizeof(*intro));
|
||||||
os_memset(Nx, 0, sizeof(Nx));
|
os_memset(Nx, 0, sizeof(Nx));
|
||||||
os_free(signed_connector);
|
|
||||||
os_free(info.payload);
|
os_free(info.payload);
|
||||||
EVP_PKEY_free(own_key);
|
EVP_PKEY_free(own_key);
|
||||||
wpabuf_free(own_key_pub);
|
wpabuf_free(own_key_pub);
|
||||||
EVP_PKEY_free(peer_key);
|
EVP_PKEY_free(peer_key);
|
||||||
EVP_PKEY_free(csign);
|
|
||||||
json_free(root);
|
json_free(root);
|
||||||
json_free(own_root);
|
json_free(own_root);
|
||||||
return ret;
|
return ret;
|
||||||
|
@ -1370,6 +1370,39 @@ fail:
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
enum dpp_status_error
|
||||||
|
dpp_check_signed_connector(struct dpp_signed_connector_info *info,
|
||||||
|
const u8 *csign_key, size_t csign_key_len,
|
||||||
|
const u8 *peer_connector, size_t peer_connector_len)
|
||||||
|
{
|
||||||
|
const unsigned char *p;
|
||||||
|
EVP_PKEY *csign = NULL;
|
||||||
|
char *signed_connector = NULL;
|
||||||
|
enum dpp_status_error res = DPP_STATUS_INVALID_CONNECTOR;
|
||||||
|
|
||||||
|
p = csign_key;
|
||||||
|
csign = d2i_PUBKEY(NULL, &p, csign_key_len);
|
||||||
|
if (!csign) {
|
||||||
|
wpa_printf(MSG_ERROR,
|
||||||
|
"DPP: Failed to parse local C-sign-key information");
|
||||||
|
goto fail;
|
||||||
|
}
|
||||||
|
|
||||||
|
wpa_hexdump_ascii(MSG_DEBUG, "DPP: Peer signedConnector",
|
||||||
|
peer_connector, peer_connector_len);
|
||||||
|
signed_connector = os_malloc(peer_connector_len + 1);
|
||||||
|
if (!signed_connector)
|
||||||
|
goto fail;
|
||||||
|
os_memcpy(signed_connector, peer_connector, peer_connector_len);
|
||||||
|
signed_connector[peer_connector_len] = '\0';
|
||||||
|
res = dpp_process_signed_connector(info, csign, signed_connector);
|
||||||
|
fail:
|
||||||
|
os_free(signed_connector);
|
||||||
|
EVP_PKEY_free(csign);
|
||||||
|
return res;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
int dpp_gen_r_auth(struct dpp_authentication *auth, u8 *r_auth)
|
int dpp_gen_r_auth(struct dpp_authentication *auth, u8 *r_auth)
|
||||||
{
|
{
|
||||||
struct wpabuf *pix, *prx, *bix, *brx;
|
struct wpabuf *pix, *prx, *bix, *brx;
|
||||||
|
@ -42,6 +42,10 @@ struct dpp_signed_connector_info {
|
|||||||
enum dpp_status_error
|
enum dpp_status_error
|
||||||
dpp_process_signed_connector(struct dpp_signed_connector_info *info,
|
dpp_process_signed_connector(struct dpp_signed_connector_info *info,
|
||||||
EVP_PKEY *csign_pub, const char *connector);
|
EVP_PKEY *csign_pub, const char *connector);
|
||||||
|
enum dpp_status_error
|
||||||
|
dpp_check_signed_connector(struct dpp_signed_connector_info *info,
|
||||||
|
const u8 *csign_key, size_t csign_key_len,
|
||||||
|
const u8 *peer_connector, size_t peer_connector_len);
|
||||||
const struct dpp_curve_params * dpp_get_curve_name(const char *name);
|
const struct dpp_curve_params * dpp_get_curve_name(const char *name);
|
||||||
const struct dpp_curve_params * dpp_get_curve_jwk_crv(const char *name);
|
const struct dpp_curve_params * dpp_get_curve_jwk_crv(const char *name);
|
||||||
const struct dpp_curve_params * dpp_get_curve_oid(const ASN1_OBJECT *poid);
|
const struct dpp_curve_params * dpp_get_curve_oid(const ASN1_OBJECT *poid);
|
||||||
|
Loading…
Reference in New Issue
Block a user