3
0
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git synced 2024-11-26 10:39:23 +01:00

eap-wsc: Use new l_key DH helper functions

Start using l_key_generate_dh_private and l_key_validate_dh_payload to
check for the disallowed corner case values in the DH private/public
values generated/received.
This commit is contained in:
Andrew Zaborowski 2019-01-14 15:53:59 +01:00 committed by Denis Kenzior
parent 726bf9d8e4
commit 8aa306fddc

View File

@ -778,6 +778,12 @@ static void eap_wsc_handle_m2(struct eap_state *eap,
return; return;
} }
if (!l_key_validate_dh_payload(wsc->m2->public_key,
sizeof(wsc->m2->public_key),
crypto_dh5_prime,
crypto_dh5_prime_size))
return;
remote_public = l_key_new(L_KEY_RAW, wsc->m2->public_key, remote_public = l_key_new(L_KEY_RAW, wsc->m2->public_key,
sizeof(wsc->m2->public_key)); sizeof(wsc->m2->public_key));
if (!remote_public) if (!remote_public)
@ -1179,11 +1185,19 @@ static bool eap_wsc_load_settings(struct eap_state *eap,
wsc->m1->enrollee_nonce, 16)) wsc->m1->enrollee_nonce, 16))
l_getrandom(wsc->m1->enrollee_nonce, 16); l_getrandom(wsc->m1->enrollee_nonce, 16);
if (!load_hexencoded(settings, "PrivateKey", private_key, 192)) if (load_hexencoded(settings, "PrivateKey", private_key, 192)) {
l_getrandom(private_key, 192); if (!l_key_validate_dh_payload(private_key, 192,
crypto_dh5_prime,
crypto_dh5_prime_size)) {
memset(private_key, 0, 192);
goto err;
}
wsc->private = l_key_new(L_KEY_RAW, private_key, 192); wsc->private = l_key_new(L_KEY_RAW, private_key, 192);
memset(private_key, 0, 192); memset(private_key, 0, 192);
} else
wsc->private = l_key_generate_dh_private(crypto_dh5_prime,
crypto_dh5_prime_size);
if (!wsc->private) if (!wsc->private)
goto err; goto err;