WPS NFC: Split DH key generation to a separate function

This allows DH key generation to be shared for other purposes than just
the case of OOB Device Password building. In addition, force the DH
public key buffer to be full 192 octets with zero padding to avoid
issues with the buffer being used in messages sent to a peer device.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
This commit is contained in:
Jouni Malinen 2013-04-30 18:17:23 +03:00 committed by Jouni Malinen
parent 975491793b
commit 3f1639da57
2 changed files with 28 additions and 9 deletions

View file

@ -856,6 +856,7 @@ struct wpabuf * wps_build_nfc_pw_token(u16 dev_pw_id,
const struct wpabuf *dev_pw); const struct wpabuf *dev_pw);
struct wpabuf * wps_nfc_token_build(int ndef, int id, struct wpabuf *pubkey, struct wpabuf * wps_nfc_token_build(int ndef, int id, struct wpabuf *pubkey,
struct wpabuf *dev_pw); struct wpabuf *dev_pw);
int wps_nfc_gen_dh(struct wpabuf **pubkey, struct wpabuf **privkey);
struct wpabuf * wps_nfc_token_gen(int ndef, int *id, struct wpabuf **pubkey, struct wpabuf * wps_nfc_token_gen(int ndef, int *id, struct wpabuf **pubkey,
struct wpabuf **privkey, struct wpabuf **privkey,
struct wpabuf **dev_pw); struct wpabuf **dev_pw);

View file

@ -634,12 +634,36 @@ struct wpabuf * wps_nfc_token_build(int ndef, int id, struct wpabuf *pubkey,
} }
int wps_nfc_gen_dh(struct wpabuf **pubkey, struct wpabuf **privkey)
{
struct wpabuf *priv = NULL, *pub = NULL;
void *dh_ctx;
dh_ctx = dh5_init(&priv, &pub);
if (dh_ctx == NULL)
return -1;
pub = wpabuf_zeropad(pub, 192);
if (pub == NULL) {
wpabuf_free(priv);
return -1;
}
wpa_hexdump_buf(MSG_DEBUG, "WPS: Generated new DH pubkey", pub);
dh5_free(dh_ctx);
wpabuf_free(*pubkey);
*pubkey = pub;
wpabuf_free(*privkey);
*privkey = priv;
return 0;
}
struct wpabuf * wps_nfc_token_gen(int ndef, int *id, struct wpabuf **pubkey, struct wpabuf * wps_nfc_token_gen(int ndef, int *id, struct wpabuf **pubkey,
struct wpabuf **privkey, struct wpabuf **privkey,
struct wpabuf **dev_pw) struct wpabuf **dev_pw)
{ {
struct wpabuf *priv = NULL, *pub = NULL, *pw; struct wpabuf *pw;
void *dh_ctx;
u16 val; u16 val;
pw = wpabuf_alloc(WPS_OOB_DEVICE_PASSWORD_LEN); pw = wpabuf_alloc(WPS_OOB_DEVICE_PASSWORD_LEN);
@ -653,18 +677,12 @@ struct wpabuf * wps_nfc_token_gen(int ndef, int *id, struct wpabuf **pubkey,
return NULL; return NULL;
} }
dh_ctx = dh5_init(&priv, &pub); if (wps_nfc_gen_dh(pubkey, privkey) < 0) {
if (dh_ctx == NULL) {
wpabuf_free(pw); wpabuf_free(pw);
return NULL; return NULL;
} }
dh5_free(dh_ctx);
*id = 0x10 + val % 0xfff0; *id = 0x10 + val % 0xfff0;
wpabuf_free(*pubkey);
*pubkey = pub;
wpabuf_free(*privkey);
*privkey = priv;
wpabuf_free(*dev_pw); wpabuf_free(*dev_pw);
*dev_pw = pw; *dev_pw = pw;