WPS NFC: Split DH key generation to a separate function
This allows DH key generation to be shared for other purposes than just the case of OOB Device Password building. In addition, force the DH public key buffer to be full 192 octets with zero padding to avoid issues with the buffer being used in messages sent to a peer device. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
This commit is contained in:
parent
975491793b
commit
3f1639da57
2 changed files with 28 additions and 9 deletions
|
@ -856,6 +856,7 @@ struct wpabuf * wps_build_nfc_pw_token(u16 dev_pw_id,
|
||||||
const struct wpabuf *dev_pw);
|
const struct wpabuf *dev_pw);
|
||||||
struct wpabuf * wps_nfc_token_build(int ndef, int id, struct wpabuf *pubkey,
|
struct wpabuf * wps_nfc_token_build(int ndef, int id, struct wpabuf *pubkey,
|
||||||
struct wpabuf *dev_pw);
|
struct wpabuf *dev_pw);
|
||||||
|
int wps_nfc_gen_dh(struct wpabuf **pubkey, struct wpabuf **privkey);
|
||||||
struct wpabuf * wps_nfc_token_gen(int ndef, int *id, struct wpabuf **pubkey,
|
struct wpabuf * wps_nfc_token_gen(int ndef, int *id, struct wpabuf **pubkey,
|
||||||
struct wpabuf **privkey,
|
struct wpabuf **privkey,
|
||||||
struct wpabuf **dev_pw);
|
struct wpabuf **dev_pw);
|
||||||
|
|
|
@ -634,12 +634,36 @@ struct wpabuf * wps_nfc_token_build(int ndef, int id, struct wpabuf *pubkey,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
int wps_nfc_gen_dh(struct wpabuf **pubkey, struct wpabuf **privkey)
|
||||||
|
{
|
||||||
|
struct wpabuf *priv = NULL, *pub = NULL;
|
||||||
|
void *dh_ctx;
|
||||||
|
|
||||||
|
dh_ctx = dh5_init(&priv, &pub);
|
||||||
|
if (dh_ctx == NULL)
|
||||||
|
return -1;
|
||||||
|
pub = wpabuf_zeropad(pub, 192);
|
||||||
|
if (pub == NULL) {
|
||||||
|
wpabuf_free(priv);
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
wpa_hexdump_buf(MSG_DEBUG, "WPS: Generated new DH pubkey", pub);
|
||||||
|
dh5_free(dh_ctx);
|
||||||
|
|
||||||
|
wpabuf_free(*pubkey);
|
||||||
|
*pubkey = pub;
|
||||||
|
wpabuf_free(*privkey);
|
||||||
|
*privkey = priv;
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
struct wpabuf * wps_nfc_token_gen(int ndef, int *id, struct wpabuf **pubkey,
|
struct wpabuf * wps_nfc_token_gen(int ndef, int *id, struct wpabuf **pubkey,
|
||||||
struct wpabuf **privkey,
|
struct wpabuf **privkey,
|
||||||
struct wpabuf **dev_pw)
|
struct wpabuf **dev_pw)
|
||||||
{
|
{
|
||||||
struct wpabuf *priv = NULL, *pub = NULL, *pw;
|
struct wpabuf *pw;
|
||||||
void *dh_ctx;
|
|
||||||
u16 val;
|
u16 val;
|
||||||
|
|
||||||
pw = wpabuf_alloc(WPS_OOB_DEVICE_PASSWORD_LEN);
|
pw = wpabuf_alloc(WPS_OOB_DEVICE_PASSWORD_LEN);
|
||||||
|
@ -653,18 +677,12 @@ struct wpabuf * wps_nfc_token_gen(int ndef, int *id, struct wpabuf **pubkey,
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
dh_ctx = dh5_init(&priv, &pub);
|
if (wps_nfc_gen_dh(pubkey, privkey) < 0) {
|
||||||
if (dh_ctx == NULL) {
|
|
||||||
wpabuf_free(pw);
|
wpabuf_free(pw);
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
dh5_free(dh_ctx);
|
|
||||||
|
|
||||||
*id = 0x10 + val % 0xfff0;
|
*id = 0x10 + val % 0xfff0;
|
||||||
wpabuf_free(*pubkey);
|
|
||||||
*pubkey = pub;
|
|
||||||
wpabuf_free(*privkey);
|
|
||||||
*privkey = priv;
|
|
||||||
wpabuf_free(*dev_pw);
|
wpabuf_free(*dev_pw);
|
||||||
*dev_pw = pw;
|
*dev_pw = pw;
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue