From c0b92d9498b296c0863ae80c180da4ff523409ab Mon Sep 17 00:00:00 2001 From: James Prestwood Date: Thu, 12 Oct 2023 13:01:37 -0700 Subject: [PATCH] dpp-util: allow mutual auth in dpp_derive_ke The Ke derivation requires an additional "L.x" value when mutual authentication is used. --- src/dpp-util.c | 10 +++++++--- src/dpp-util.h | 2 +- src/dpp.c | 4 ++-- 3 files changed, 10 insertions(+), 6 deletions(-) diff --git a/src/dpp-util.c b/src/dpp-util.c index d3171d02..0406a4dc 100644 --- a/src/dpp-util.c +++ b/src/dpp-util.c @@ -681,12 +681,13 @@ free_n: bool dpp_derive_ke(const uint8_t *i_nonce, const uint8_t *r_nonce, struct l_ecc_scalar *m, struct l_ecc_scalar *n, - void *ke) + struct l_ecc_point *l, void *ke) { uint8_t nonces[32 + 32]; size_t nonce_len; uint64_t mx_bytes[L_ECC_MAX_DIGITS]; uint64_t nx_bytes[L_ECC_MAX_DIGITS]; + uint64_t lx_bytes[L_ECC_MAX_DIGITS]; uint64_t bk[L_ECC_MAX_DIGITS]; ssize_t key_len; enum l_checksum_type sha; @@ -697,12 +698,15 @@ bool dpp_derive_ke(const uint8_t *i_nonce, const uint8_t *r_nonce, nonce_len = dpp_nonce_len_from_key_len(key_len); sha = dpp_sha_from_key_len(key_len); + if (l) + l_ecc_point_get_x(l, lx_bytes, key_len * 2); + memcpy(nonces, i_nonce, nonce_len); memcpy(nonces + nonce_len, r_nonce, nonce_len); /* bk = HKDF-Extract(I-nonce | R-nonce, M.x | N.x [ | L.x]) */ - if (!hkdf_extract(sha, nonces, nonce_len * 2, 2, bk, mx_bytes, - key_len, nx_bytes, key_len)) + if (!hkdf_extract(sha, nonces, nonce_len * 2, 3, bk, mx_bytes, + key_len, nx_bytes, key_len, lx_bytes, l ? key_len : 0)) return false; /* ke = HKDF-Expand(bk, "DPP Key", length) */ diff --git a/src/dpp-util.h b/src/dpp-util.h index 050d66cc..96711c35 100644 --- a/src/dpp-util.h +++ b/src/dpp-util.h @@ -176,7 +176,7 @@ struct l_ecc_scalar *dpp_derive_k2(const struct l_ecc_point *i_proto_public, void *k2); bool dpp_derive_ke(const uint8_t *i_nonce, const uint8_t *r_nonce, struct l_ecc_scalar *m, struct l_ecc_scalar *n, - void *ke); + struct l_ecc_point *l, void *ke); uint8_t *dpp_point_to_asn1(const struct l_ecc_point *p, size_t *len_out); struct l_ecc_point *dpp_point_from_asn1(const uint8_t *asn1, size_t len); diff --git a/src/dpp.c b/src/dpp.c index 287033de..c93b9f1c 100644 --- a/src/dpp.c +++ b/src/dpp.c @@ -1807,7 +1807,7 @@ static void authenticate_request(struct dpp_sm *dpp, const uint8_t *from, l_getrandom(dpp->r_nonce, dpp->nonce_len); - if (!dpp_derive_ke(dpp->i_nonce, dpp->r_nonce, m, n, dpp->ke)) + if (!dpp_derive_ke(dpp->i_nonce, dpp->r_nonce, m, n, NULL, dpp->ke)) goto auth_request_failed; if (!dpp_derive_r_auth(dpp->i_nonce, dpp->r_nonce, dpp->nonce_len, @@ -1983,7 +1983,7 @@ static void authenticate_response(struct dpp_sm *dpp, const uint8_t *from, return; } - if (!dpp_derive_ke(i_nonce, r_nonce, dpp->m, n, dpp->ke)) { + if (!dpp_derive_ke(i_nonce, r_nonce, dpp->m, n, NULL, dpp->ke)) { l_debug("Failed to derive ke"); return; }