Kernel
/
iwd
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git
3
0
Fork 0
Code Releases Activity

dpp-util: allow mutual auth in dpp_derive_ke 

The Ke derivation requires an additional "L.x" value when
mutual authentication is used.
This commit is contained in:
James Prestwood 2023-10-12 13:01:37 -07:00 committed by Denis Kenzior
parent 808f8eea34
commit c0b92d9498
3 changed files with 10 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/dpp-util.c
View File

@ -681,12 +681,13 @@ free_n:
bool dpp_derive_ke(const uint8_t *i_nonce, const uint8_t *r_nonce,
struct l_ecc_scalar *m, struct l_ecc_scalar *n,
void *ke)
struct l_ecc_point *l, void *ke)
{
uint8_t nonces[32 + 32];
size_t nonce_len;
uint64_t mx_bytes[L_ECC_MAX_DIGITS];
uint64_t nx_bytes[L_ECC_MAX_DIGITS];
uint64_t lx_bytes[L_ECC_MAX_DIGITS];
uint64_t bk[L_ECC_MAX_DIGITS];
ssize_t key_len;
enum l_checksum_type sha;
@ -697,12 +698,15 @@ bool dpp_derive_ke(const uint8_t *i_nonce, const uint8_t *r_nonce,
nonce_len = dpp_nonce_len_from_key_len(key_len);
sha = dpp_sha_from_key_len(key_len);
if (l)
l_ecc_point_get_x(l, lx_bytes, key_len * 2);
memcpy(nonces, i_nonce, nonce_len);
memcpy(nonces + nonce_len, r_nonce, nonce_len);
/* bk = HKDF-Extract(I-nonce | R-nonce, M.x | N.x [ | L.x]) */
if (!hkdf_extract(sha, nonces, nonce_len * 2, 2, bk, mx_bytes,
key_len, nx_bytes, key_len))
if (!hkdf_extract(sha, nonces, nonce_len * 2, 3, bk, mx_bytes,
key_len, nx_bytes, key_len, lx_bytes, l ? key_len : 0))
return false;
/* ke = HKDF-Expand(bk, "DPP Key", length) */

2
src/dpp-util.h
View File

@ -176,7 +176,7 @@ struct l_ecc_scalar *dpp_derive_k2(const struct l_ecc_point *i_proto_public,
void *k2);
bool dpp_derive_ke(const uint8_t *i_nonce, const uint8_t *r_nonce,
struct l_ecc_scalar *m, struct l_ecc_scalar *n,
void *ke);
struct l_ecc_point *l, void *ke);
uint8_t *dpp_point_to_asn1(const struct l_ecc_point *p, size_t *len_out);
struct l_ecc_point *dpp_point_from_asn1(const uint8_t *asn1, size_t len);

4
src/dpp.c
View File

@ -1807,7 +1807,7 @@ static void authenticate_request(struct dpp_sm *dpp, const uint8_t *from,
l_getrandom(dpp->r_nonce, dpp->nonce_len);
if (!dpp_derive_ke(dpp->i_nonce, dpp->r_nonce, m, n, dpp->ke))
if (!dpp_derive_ke(dpp->i_nonce, dpp->r_nonce, m, n, NULL, dpp->ke))
goto auth_request_failed;
if (!dpp_derive_r_auth(dpp->i_nonce, dpp->r_nonce, dpp->nonce_len,
@ -1983,7 +1983,7 @@ static void authenticate_response(struct dpp_sm *dpp, const uint8_t *from,
return;
}
if (!dpp_derive_ke(i_nonce, r_nonce, dpp->m, n, dpp->ke)) {
if (!dpp_derive_ke(i_nonce, r_nonce, dpp->m, n, NULL, dpp->ke)) {
l_debug("Failed to derive ke");
return;
}