SAE: Remove now unused password identifier argument from non-H2E case
IEEE Std 802.11-2020 mandates H2E to be used whenever an SAE password identifier is used. While this was already covered in the implementation, the sae_prepare_commit() function still included an argument for specifying the password identifier since that was used in an old test vector. Now that that test vector has been updated, there is no more need for this argument anymore. Simplify the older non-H2E case to not pass through a pointer to the (not really used) password identifier. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit is contained in:
Jouni Malinen
Jouni Malinen
parent
79f87f4734
commit
663e190b72
6 changed files with 20 additions and 43 deletions
|
|
@ -572,7 +572,7 @@ static struct wpabuf * auth_build_sae_commit(struct hostapd_data *hapd,
|
||||||
|
|
||||||
if (update && !use_pt &&
|
if (update && !use_pt &&
|
||||||
sae_prepare_commit(hapd->own_addr, sta->addr,
|
sae_prepare_commit(hapd->own_addr, sta->addr,
|
||||||
(u8 *) password, os_strlen(password), rx_id,
|
(u8 *) password, os_strlen(password),
|
||||||
sta->sae) < 0) {
|
sta->sae) < 0) {
|
||||||
wpa_printf(MSG_DEBUG, "SAE: Could not pick PWE");
|
wpa_printf(MSG_DEBUG, "SAE: Could not pick PWE");
|
||||||
return NULL;
|
return NULL;
|
||||||
|
|
|
||||||
|
|
@ -394,7 +394,7 @@ static int sae_tests(void)
|
||||||
if (!buf ||
|
if (!buf ||
|
||||||
sae_set_group(&sae, 19) < 0 ||
|
sae_set_group(&sae, 19) < 0 ||
|
||||||
sae_prepare_commit(addr1, addr2, (const u8 *) pw, os_strlen(pw),
|
sae_prepare_commit(addr1, addr2, (const u8 *) pw, os_strlen(pw),
|
||||||
NULL, &sae) < 0)
|
&sae) < 0)
|
||||||
goto fail;
|
goto fail;
|
||||||
|
|
||||||
/* Override local values based on SAE test vector */
|
/* Override local values based on SAE test vector */
|
||||||
|
|
|
||||||
|
|
@ -280,13 +280,12 @@ fail:
|
||||||
|
|
||||||
static int sae_derive_pwe_ecc(struct sae_data *sae, const u8 *addr1,
|
static int sae_derive_pwe_ecc(struct sae_data *sae, const u8 *addr1,
|
||||||
const u8 *addr2, const u8 *password,
|
const u8 *addr2, const u8 *password,
|
||||||
size_t password_len, const char *identifier)
|
size_t password_len)
|
||||||
{
|
{
|
||||||
u8 counter, k;
|
u8 counter, k;
|
||||||
u8 addrs[2 * ETH_ALEN];
|
u8 addrs[2 * ETH_ALEN];
|
||||||
const u8 *addr[3];
|
const u8 *addr[2];
|
||||||
size_t len[3];
|
size_t len[2];
|
||||||
size_t num_elem;
|
|
||||||
u8 *dummy_password, *tmp_password;
|
u8 *dummy_password, *tmp_password;
|
||||||
int pwd_seed_odd = 0;
|
int pwd_seed_odd = 0;
|
||||||
u8 prime[SAE_MAX_ECC_PRIME_LEN];
|
u8 prime[SAE_MAX_ECC_PRIME_LEN];
|
||||||
|
|
@ -324,13 +323,10 @@ static int sae_derive_pwe_ecc(struct sae_data *sae, const u8 *addr1,
|
||||||
|
|
||||||
wpa_hexdump_ascii_key(MSG_DEBUG, "SAE: password",
|
wpa_hexdump_ascii_key(MSG_DEBUG, "SAE: password",
|
||||||
password, password_len);
|
password, password_len);
|
||||||
if (identifier)
|
|
||||||
wpa_printf(MSG_DEBUG, "SAE: password identifier: %s",
|
|
||||||
identifier);
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* H(salt, ikm) = HMAC-SHA256(salt, ikm)
|
* H(salt, ikm) = HMAC-SHA256(salt, ikm)
|
||||||
* base = password [|| identifier]
|
* base = password
|
||||||
* pwd-seed = H(MAX(STA-A-MAC, STA-B-MAC) || MIN(STA-A-MAC, STA-B-MAC),
|
* pwd-seed = H(MAX(STA-A-MAC, STA-B-MAC) || MIN(STA-A-MAC, STA-B-MAC),
|
||||||
* base || counter)
|
* base || counter)
|
||||||
*/
|
*/
|
||||||
|
|
@ -338,15 +334,8 @@ static int sae_derive_pwe_ecc(struct sae_data *sae, const u8 *addr1,
|
||||||
|
|
||||||
addr[0] = tmp_password;
|
addr[0] = tmp_password;
|
||||||
len[0] = password_len;
|
len[0] = password_len;
|
||||||
num_elem = 1;
|
addr[1] = &counter;
|
||||||
if (identifier) {
|
len[1] = sizeof(counter);
|
||||||
addr[num_elem] = (const u8 *) identifier;
|
|
||||||
len[num_elem] = os_strlen(identifier);
|
|
||||||
num_elem++;
|
|
||||||
}
|
|
||||||
addr[num_elem] = &counter;
|
|
||||||
len[num_elem] = sizeof(counter);
|
|
||||||
num_elem++;
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Continue for at least k iterations to protect against side-channel
|
* Continue for at least k iterations to protect against side-channel
|
||||||
|
|
@ -367,7 +356,7 @@ static int sae_derive_pwe_ecc(struct sae_data *sae, const u8 *addr1,
|
||||||
wpa_printf(MSG_DEBUG, "SAE: counter = %03u", counter);
|
wpa_printf(MSG_DEBUG, "SAE: counter = %03u", counter);
|
||||||
const_time_select_bin(found, dummy_password, password,
|
const_time_select_bin(found, dummy_password, password,
|
||||||
password_len, tmp_password);
|
password_len, tmp_password);
|
||||||
if (hmac_sha256_vector(addrs, sizeof(addrs), num_elem,
|
if (hmac_sha256_vector(addrs, sizeof(addrs), 2,
|
||||||
addr, len, pwd_seed) < 0)
|
addr, len, pwd_seed) < 0)
|
||||||
break;
|
break;
|
||||||
|
|
||||||
|
|
@ -438,13 +427,12 @@ fail:
|
||||||
|
|
||||||
static int sae_derive_pwe_ffc(struct sae_data *sae, const u8 *addr1,
|
static int sae_derive_pwe_ffc(struct sae_data *sae, const u8 *addr1,
|
||||||
const u8 *addr2, const u8 *password,
|
const u8 *addr2, const u8 *password,
|
||||||
size_t password_len, const char *identifier)
|
size_t password_len)
|
||||||
{
|
{
|
||||||
u8 counter, k, sel_counter = 0;
|
u8 counter, k, sel_counter = 0;
|
||||||
u8 addrs[2 * ETH_ALEN];
|
u8 addrs[2 * ETH_ALEN];
|
||||||
const u8 *addr[3];
|
const u8 *addr[2];
|
||||||
size_t len[3];
|
size_t len[2];
|
||||||
size_t num_elem;
|
|
||||||
u8 found = 0; /* 0 (false) or 0xff (true) to be used as const_time_*
|
u8 found = 0; /* 0 (false) or 0xff (true) to be used as const_time_*
|
||||||
* mask */
|
* mask */
|
||||||
u8 mask;
|
u8 mask;
|
||||||
|
|
@ -468,21 +456,14 @@ static int sae_derive_pwe_ffc(struct sae_data *sae, const u8 *addr1,
|
||||||
/*
|
/*
|
||||||
* H(salt, ikm) = HMAC-SHA256(salt, ikm)
|
* H(salt, ikm) = HMAC-SHA256(salt, ikm)
|
||||||
* pwd-seed = H(MAX(STA-A-MAC, STA-B-MAC) || MIN(STA-A-MAC, STA-B-MAC),
|
* pwd-seed = H(MAX(STA-A-MAC, STA-B-MAC) || MIN(STA-A-MAC, STA-B-MAC),
|
||||||
* password [|| identifier] || counter)
|
* password || counter)
|
||||||
*/
|
*/
|
||||||
sae_pwd_seed_key(addr1, addr2, addrs);
|
sae_pwd_seed_key(addr1, addr2, addrs);
|
||||||
|
|
||||||
addr[0] = password;
|
addr[0] = password;
|
||||||
len[0] = password_len;
|
len[0] = password_len;
|
||||||
num_elem = 1;
|
addr[1] = &counter;
|
||||||
if (identifier) {
|
len[1] = sizeof(counter);
|
||||||
addr[num_elem] = (const u8 *) identifier;
|
|
||||||
len[num_elem] = os_strlen(identifier);
|
|
||||||
num_elem++;
|
|
||||||
}
|
|
||||||
addr[num_elem] = &counter;
|
|
||||||
len[num_elem] = sizeof(counter);
|
|
||||||
num_elem++;
|
|
||||||
|
|
||||||
k = dragonfly_min_pwe_loop_iter(sae->group);
|
k = dragonfly_min_pwe_loop_iter(sae->group);
|
||||||
|
|
||||||
|
|
@ -497,7 +478,7 @@ static int sae_derive_pwe_ffc(struct sae_data *sae, const u8 *addr1,
|
||||||
}
|
}
|
||||||
|
|
||||||
wpa_printf(MSG_DEBUG, "SAE: counter = %02u", counter);
|
wpa_printf(MSG_DEBUG, "SAE: counter = %02u", counter);
|
||||||
if (hmac_sha256_vector(addrs, sizeof(addrs), num_elem,
|
if (hmac_sha256_vector(addrs, sizeof(addrs), 2,
|
||||||
addr, len, pwd_seed) < 0)
|
addr, len, pwd_seed) < 0)
|
||||||
break;
|
break;
|
||||||
res = sae_test_pwd_seed_ffc(sae, pwd_seed, pwe);
|
res = sae_test_pwd_seed_ffc(sae, pwd_seed, pwe);
|
||||||
|
|
@ -1354,15 +1335,13 @@ static int sae_derive_commit(struct sae_data *sae)
|
||||||
|
|
||||||
int sae_prepare_commit(const u8 *addr1, const u8 *addr2,
|
int sae_prepare_commit(const u8 *addr1, const u8 *addr2,
|
||||||
const u8 *password, size_t password_len,
|
const u8 *password, size_t password_len,
|
||||||
const char *identifier, struct sae_data *sae)
|
struct sae_data *sae)
|
||||||
{
|
{
|
||||||
if (sae->tmp == NULL ||
|
if (sae->tmp == NULL ||
|
||||||
(sae->tmp->ec && sae_derive_pwe_ecc(sae, addr1, addr2, password,
|
(sae->tmp->ec && sae_derive_pwe_ecc(sae, addr1, addr2, password,
|
||||||
password_len,
|
password_len) < 0) ||
|
||||||
identifier) < 0) ||
|
|
||||||
(sae->tmp->dh && sae_derive_pwe_ffc(sae, addr1, addr2, password,
|
(sae->tmp->dh && sae_derive_pwe_ffc(sae, addr1, addr2, password,
|
||||||
password_len,
|
password_len) < 0))
|
||||||
identifier) < 0))
|
|
||||||
return -1;
|
return -1;
|
||||||
|
|
||||||
sae->h2e = 0;
|
sae->h2e = 0;
|
||||||
|
|
|
||||||
|
|
@ -122,7 +122,7 @@ void sae_clear_data(struct sae_data *sae);
|
||||||
|
|
||||||
int sae_prepare_commit(const u8 *addr1, const u8 *addr2,
|
int sae_prepare_commit(const u8 *addr1, const u8 *addr2,
|
||||||
const u8 *password, size_t password_len,
|
const u8 *password, size_t password_len,
|
||||||
const char *identifier, struct sae_data *sae);
|
struct sae_data *sae);
|
||||||
int sae_prepare_commit_pt(struct sae_data *sae, const struct sae_pt *pt,
|
int sae_prepare_commit_pt(struct sae_data *sae, const struct sae_pt *pt,
|
||||||
const u8 *addr1, const u8 *addr2,
|
const u8 *addr1, const u8 *addr2,
|
||||||
int *rejected_groups, const struct sae_pk *pk);
|
int *rejected_groups, const struct sae_pk *pk);
|
||||||
|
|
|
||||||
|
|
@ -344,7 +344,6 @@ static int mesh_rsn_build_sae_commit(struct wpa_supplicant *wpa_s,
|
||||||
}
|
}
|
||||||
return sae_prepare_commit(wpa_s->own_addr, sta->addr,
|
return sae_prepare_commit(wpa_s->own_addr, sta->addr,
|
||||||
(u8 *) password, os_strlen(password),
|
(u8 *) password, os_strlen(password),
|
||||||
ssid->sae_password_id,
|
|
||||||
sta->sae);
|
sta->sae);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -186,7 +186,6 @@ static struct wpabuf * sme_auth_build_sae_commit(struct wpa_supplicant *wpa_s,
|
||||||
if (!use_pt &&
|
if (!use_pt &&
|
||||||
sae_prepare_commit(wpa_s->own_addr, bssid,
|
sae_prepare_commit(wpa_s->own_addr, bssid,
|
||||||
(u8 *) password, os_strlen(password),
|
(u8 *) password, os_strlen(password),
|
||||||
ssid->sae_password_id,
|
|
||||||
&wpa_s->sme.sae) < 0) {
|
&wpa_s->sme.sae) < 0) {
|
||||||
wpa_printf(MSG_DEBUG, "SAE: Could not pick PWE");
|
wpa_printf(MSG_DEBUG, "SAE: Could not pick PWE");
|
||||||
return NULL;
|
return NULL;
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue