mirror of
https://git.kernel.org/pub/scm/network/wireless/iwd.git
synced 2024-11-22 06:29:23 +01:00
dpp-util: allow mutual auth in dpp_derive_ke
The Ke derivation requires an additional "L.x" value when mutual authentication is used.
This commit is contained in:
parent
808f8eea34
commit
c0b92d9498
@ -681,12 +681,13 @@ free_n:
|
||||
|
||||
bool dpp_derive_ke(const uint8_t *i_nonce, const uint8_t *r_nonce,
|
||||
struct l_ecc_scalar *m, struct l_ecc_scalar *n,
|
||||
void *ke)
|
||||
struct l_ecc_point *l, void *ke)
|
||||
{
|
||||
uint8_t nonces[32 + 32];
|
||||
size_t nonce_len;
|
||||
uint64_t mx_bytes[L_ECC_MAX_DIGITS];
|
||||
uint64_t nx_bytes[L_ECC_MAX_DIGITS];
|
||||
uint64_t lx_bytes[L_ECC_MAX_DIGITS];
|
||||
uint64_t bk[L_ECC_MAX_DIGITS];
|
||||
ssize_t key_len;
|
||||
enum l_checksum_type sha;
|
||||
@ -697,12 +698,15 @@ bool dpp_derive_ke(const uint8_t *i_nonce, const uint8_t *r_nonce,
|
||||
nonce_len = dpp_nonce_len_from_key_len(key_len);
|
||||
sha = dpp_sha_from_key_len(key_len);
|
||||
|
||||
if (l)
|
||||
l_ecc_point_get_x(l, lx_bytes, key_len * 2);
|
||||
|
||||
memcpy(nonces, i_nonce, nonce_len);
|
||||
memcpy(nonces + nonce_len, r_nonce, nonce_len);
|
||||
|
||||
/* bk = HKDF-Extract(I-nonce | R-nonce, M.x | N.x [ | L.x]) */
|
||||
if (!hkdf_extract(sha, nonces, nonce_len * 2, 2, bk, mx_bytes,
|
||||
key_len, nx_bytes, key_len))
|
||||
if (!hkdf_extract(sha, nonces, nonce_len * 2, 3, bk, mx_bytes,
|
||||
key_len, nx_bytes, key_len, lx_bytes, l ? key_len : 0))
|
||||
return false;
|
||||
|
||||
/* ke = HKDF-Expand(bk, "DPP Key", length) */
|
||||
|
@ -176,7 +176,7 @@ struct l_ecc_scalar *dpp_derive_k2(const struct l_ecc_point *i_proto_public,
|
||||
void *k2);
|
||||
bool dpp_derive_ke(const uint8_t *i_nonce, const uint8_t *r_nonce,
|
||||
struct l_ecc_scalar *m, struct l_ecc_scalar *n,
|
||||
void *ke);
|
||||
struct l_ecc_point *l, void *ke);
|
||||
|
||||
uint8_t *dpp_point_to_asn1(const struct l_ecc_point *p, size_t *len_out);
|
||||
struct l_ecc_point *dpp_point_from_asn1(const uint8_t *asn1, size_t len);
|
||||
|
@ -1807,7 +1807,7 @@ static void authenticate_request(struct dpp_sm *dpp, const uint8_t *from,
|
||||
|
||||
l_getrandom(dpp->r_nonce, dpp->nonce_len);
|
||||
|
||||
if (!dpp_derive_ke(dpp->i_nonce, dpp->r_nonce, m, n, dpp->ke))
|
||||
if (!dpp_derive_ke(dpp->i_nonce, dpp->r_nonce, m, n, NULL, dpp->ke))
|
||||
goto auth_request_failed;
|
||||
|
||||
if (!dpp_derive_r_auth(dpp->i_nonce, dpp->r_nonce, dpp->nonce_len,
|
||||
@ -1983,7 +1983,7 @@ static void authenticate_response(struct dpp_sm *dpp, const uint8_t *from,
|
||||
return;
|
||||
}
|
||||
|
||||
if (!dpp_derive_ke(i_nonce, r_nonce, dpp->m, n, dpp->ke)) {
|
||||
if (!dpp_derive_ke(i_nonce, r_nonce, dpp->m, n, NULL, dpp->ke)) {
|
||||
l_debug("Failed to derive ke");
|
||||
return;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user