From 0b42ca7c309d596d69a29f97d90f55d3ea193c94 Mon Sep 17 00:00:00 2001 From: James Prestwood Date: Fri, 16 Nov 2018 14:22:50 -0800 Subject: [PATCH] crypto: renamed hkdf_256 The RFC (5869) for this implementation defines two functions, HKDF-Extract and HKDF-Expand. The existing 'hkdf_256' was implementing the Extract function, so it was renamed appropriately. The name was changed for consistency when the Expand function will be added in the future. --- src/crypto.c | 2 +- src/crypto.h | 4 ++-- src/eap-pwd.c | 22 +++++++++++----------- src/sae.c | 3 ++- 4 files changed, 16 insertions(+), 15 deletions(-) diff --git a/src/crypto.c b/src/crypto.c index 90d6efba..ca0329b8 100644 --- a/src/crypto.c +++ b/src/crypto.c @@ -411,7 +411,7 @@ bool kdf_sha256(const void *key, size_t key_len, * * Null key equates to a zero key (makes calls in EAP-PWD more convenient) */ -bool hkdf_256(const uint8_t *key, size_t key_len, uint8_t num_args, +bool hkdf_extract_sha256(const uint8_t *key, size_t key_len, uint8_t num_args, uint8_t *out, ...) { struct l_checksum *hmac; diff --git a/src/crypto.h b/src/crypto.h index 7ff08d19..9980e02b 100644 --- a/src/crypto.h +++ b/src/crypto.h @@ -92,8 +92,8 @@ bool kdf_sha256(const void *key, size_t key_len, bool prf_sha1(const void *key, size_t key_len, const void *prefix, size_t prefix_len, const void *data, size_t data_len, void *output, size_t size); -bool hkdf_256(const uint8_t *key, size_t key_len, uint8_t num_args, - uint8_t *out, ...); +bool hkdf_extract_sha256(const uint8_t *key, size_t key_len, uint8_t num_args, + uint8_t *out, ...); bool crypto_derive_pairwise_ptk(const uint8_t *pmk, const uint8_t *addr1, const uint8_t *addr2, diff --git a/src/eap-pwd.c b/src/eap-pwd.c index 3b411aa8..23f7207a 100644 --- a/src/eap-pwd.c +++ b/src/eap-pwd.c @@ -282,9 +282,9 @@ static void eap_pwd_handle_id(struct eap_state *eap, while (counter < 20) { /* pwd-seed = H(token|peer-ID|server-ID|password|counter) */ - hkdf_256(NULL, 0, 5, pwd_seed, &token, 4, pwd->identity, - strlen(pwd->identity), pkt + 9, len - 9, - pwd->password, strlen(pwd->password), + hkdf_extract_sha256(NULL, 0, 5, pwd_seed, &token, 4, + pwd->identity, strlen(pwd->identity), pkt + 9, + len - 9, pwd->password, strlen(pwd->password), &counter, 1); /* @@ -492,13 +492,13 @@ static void eap_pwd_handle_confirm(struct eap_state *eap, * compute Confirm_P = H(kp | Element_P | Scalar_P | * Element_S | Scalar_S | Ciphersuite) */ - hkdf_256(NULL, 0, 8, confirm_p, kp.x, ECC_BYTES, pwd->element_p.x, - ECC_BYTES, pwd->element_p.y, ECC_BYTES, pwd->scalar_p, - ECC_BYTES, pwd->element_s.x, ECC_BYTES, - pwd->element_s.y, ECC_BYTES, pwd->scalar_s, + hkdf_extract_sha256(NULL, 0, 8, confirm_p, kp.x, ECC_BYTES, + pwd->element_p.x, ECC_BYTES, pwd->element_p.y, + ECC_BYTES, pwd->scalar_p, ECC_BYTES, pwd->element_s.x, + ECC_BYTES, pwd->element_s.y, ECC_BYTES, pwd->scalar_s, ECC_BYTES, &pwd->ciphersuite, 4); - hkdf_256(NULL, 0, 8, expected_confirm_s, kp.x, ECC_BYTES, + hkdf_extract_sha256(NULL, 0, 8, expected_confirm_s, kp.x, ECC_BYTES, pwd->element_s.x, ECC_BYTES, pwd->element_s.y, ECC_BYTES, pwd->scalar_s, ECC_BYTES, pwd->element_p.x, ECC_BYTES, pwd->element_p.y, ECC_BYTES, @@ -515,15 +515,15 @@ static void eap_pwd_handle_confirm(struct eap_state *eap, pos += 32; /* derive MK = H(kp | Confirm_P | Confirm_S ) */ - hkdf_256(NULL, 0, 3, mk, kp.x, ECC_BYTES, confirm_p, ECC_BYTES, - confirm_s, ECC_BYTES); + hkdf_extract_sha256(NULL, 0, 3, mk, kp.x, ECC_BYTES, confirm_p, + ECC_BYTES, confirm_s, ECC_BYTES); eap_pwd_send_response(eap, resp, pos - resp); eap_method_success(eap); session_id[0] = 52; - hkdf_256(NULL, 0, 3, session_id + 1, &pwd->ciphersuite, 4, + hkdf_extract_sha256(NULL, 0, 3, session_id + 1, &pwd->ciphersuite, 4, pwd->scalar_p, ECC_BYTES, pwd->scalar_s, ECC_BYTES); kdf(mk, 32, (const char *) session_id, 33, msk_emsk, 128); eap_set_key_material(eap, msk_emsk, 64, msk_emsk + 64, 64, NULL, 0); diff --git a/src/sae.c b/src/sae.c index ec37c34b..76e4c8ad 100644 --- a/src/sae.c +++ b/src/sae.c @@ -137,7 +137,8 @@ static bool sae_pwd_seed(const uint8_t *addr1, const uint8_t *addr2, memcpy(key + 6, addr1, 6); } - return hkdf_256(key, 12, 2, out, base, base_len, &counter, 1); + return hkdf_extract_sha256(key, 12, 2, out, base, base_len, + &counter, 1); } static bool sae_pwd_value(uint8_t *pwd_seed, uint64_t *pwd_value)