SAE: Remove now unused password identifier argument from non-H2E case

IEEE Std 802.11-2020 mandates H2E to be used whenever an SAE password
identifier is used. While this was already covered in the
implementation, the sae_prepare_commit() function still included an
argument for specifying the password identifier since that was used in
an old test vector. Now that that test vector has been updated, there is
no more need for this argument anymore. Simplify the older non-H2E case
to not pass through a pointer to the (not really used) password
identifier.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit is contained in:
Jouni Malinen 2021-04-09 22:17:29 +03:00 committed by Jouni Malinen
parent 79f87f4734
commit 663e190b72
6 changed files with 20 additions and 43 deletions

View file

@ -572,7 +572,7 @@ static struct wpabuf * auth_build_sae_commit(struct hostapd_data *hapd,
if (update && !use_pt && if (update && !use_pt &&
sae_prepare_commit(hapd->own_addr, sta->addr, sae_prepare_commit(hapd->own_addr, sta->addr,
(u8 *) password, os_strlen(password), rx_id, (u8 *) password, os_strlen(password),
sta->sae) < 0) { sta->sae) < 0) {
wpa_printf(MSG_DEBUG, "SAE: Could not pick PWE"); wpa_printf(MSG_DEBUG, "SAE: Could not pick PWE");
return NULL; return NULL;

View file

@ -394,7 +394,7 @@ static int sae_tests(void)
if (!buf || if (!buf ||
sae_set_group(&sae, 19) < 0 || sae_set_group(&sae, 19) < 0 ||
sae_prepare_commit(addr1, addr2, (const u8 *) pw, os_strlen(pw), sae_prepare_commit(addr1, addr2, (const u8 *) pw, os_strlen(pw),
NULL, &sae) < 0) &sae) < 0)
goto fail; goto fail;
/* Override local values based on SAE test vector */ /* Override local values based on SAE test vector */

View file

@ -280,13 +280,12 @@ fail:
static int sae_derive_pwe_ecc(struct sae_data *sae, const u8 *addr1, static int sae_derive_pwe_ecc(struct sae_data *sae, const u8 *addr1,
const u8 *addr2, const u8 *password, const u8 *addr2, const u8 *password,
size_t password_len, const char *identifier) size_t password_len)
{ {
u8 counter, k; u8 counter, k;
u8 addrs[2 * ETH_ALEN]; u8 addrs[2 * ETH_ALEN];
const u8 *addr[3]; const u8 *addr[2];
size_t len[3]; size_t len[2];
size_t num_elem;
u8 *dummy_password, *tmp_password; u8 *dummy_password, *tmp_password;
int pwd_seed_odd = 0; int pwd_seed_odd = 0;
u8 prime[SAE_MAX_ECC_PRIME_LEN]; u8 prime[SAE_MAX_ECC_PRIME_LEN];
@ -324,13 +323,10 @@ static int sae_derive_pwe_ecc(struct sae_data *sae, const u8 *addr1,
wpa_hexdump_ascii_key(MSG_DEBUG, "SAE: password", wpa_hexdump_ascii_key(MSG_DEBUG, "SAE: password",
password, password_len); password, password_len);
if (identifier)
wpa_printf(MSG_DEBUG, "SAE: password identifier: %s",
identifier);
/* /*
* H(salt, ikm) = HMAC-SHA256(salt, ikm) * H(salt, ikm) = HMAC-SHA256(salt, ikm)
* base = password [|| identifier] * base = password
* pwd-seed = H(MAX(STA-A-MAC, STA-B-MAC) || MIN(STA-A-MAC, STA-B-MAC), * pwd-seed = H(MAX(STA-A-MAC, STA-B-MAC) || MIN(STA-A-MAC, STA-B-MAC),
* base || counter) * base || counter)
*/ */
@ -338,15 +334,8 @@ static int sae_derive_pwe_ecc(struct sae_data *sae, const u8 *addr1,
addr[0] = tmp_password; addr[0] = tmp_password;
len[0] = password_len; len[0] = password_len;
num_elem = 1; addr[1] = &counter;
if (identifier) { len[1] = sizeof(counter);
addr[num_elem] = (const u8 *) identifier;
len[num_elem] = os_strlen(identifier);
num_elem++;
}
addr[num_elem] = &counter;
len[num_elem] = sizeof(counter);
num_elem++;
/* /*
* Continue for at least k iterations to protect against side-channel * Continue for at least k iterations to protect against side-channel
@ -367,7 +356,7 @@ static int sae_derive_pwe_ecc(struct sae_data *sae, const u8 *addr1,
wpa_printf(MSG_DEBUG, "SAE: counter = %03u", counter); wpa_printf(MSG_DEBUG, "SAE: counter = %03u", counter);
const_time_select_bin(found, dummy_password, password, const_time_select_bin(found, dummy_password, password,
password_len, tmp_password); password_len, tmp_password);
if (hmac_sha256_vector(addrs, sizeof(addrs), num_elem, if (hmac_sha256_vector(addrs, sizeof(addrs), 2,
addr, len, pwd_seed) < 0) addr, len, pwd_seed) < 0)
break; break;
@ -438,13 +427,12 @@ fail:
static int sae_derive_pwe_ffc(struct sae_data *sae, const u8 *addr1, static int sae_derive_pwe_ffc(struct sae_data *sae, const u8 *addr1,
const u8 *addr2, const u8 *password, const u8 *addr2, const u8 *password,
size_t password_len, const char *identifier) size_t password_len)
{ {
u8 counter, k, sel_counter = 0; u8 counter, k, sel_counter = 0;
u8 addrs[2 * ETH_ALEN]; u8 addrs[2 * ETH_ALEN];
const u8 *addr[3]; const u8 *addr[2];
size_t len[3]; size_t len[2];
size_t num_elem;
u8 found = 0; /* 0 (false) or 0xff (true) to be used as const_time_* u8 found = 0; /* 0 (false) or 0xff (true) to be used as const_time_*
* mask */ * mask */
u8 mask; u8 mask;
@ -468,21 +456,14 @@ static int sae_derive_pwe_ffc(struct sae_data *sae, const u8 *addr1,
/* /*
* H(salt, ikm) = HMAC-SHA256(salt, ikm) * H(salt, ikm) = HMAC-SHA256(salt, ikm)
* pwd-seed = H(MAX(STA-A-MAC, STA-B-MAC) || MIN(STA-A-MAC, STA-B-MAC), * pwd-seed = H(MAX(STA-A-MAC, STA-B-MAC) || MIN(STA-A-MAC, STA-B-MAC),
* password [|| identifier] || counter) * password || counter)
*/ */
sae_pwd_seed_key(addr1, addr2, addrs); sae_pwd_seed_key(addr1, addr2, addrs);
addr[0] = password; addr[0] = password;
len[0] = password_len; len[0] = password_len;
num_elem = 1; addr[1] = &counter;
if (identifier) { len[1] = sizeof(counter);
addr[num_elem] = (const u8 *) identifier;
len[num_elem] = os_strlen(identifier);
num_elem++;
}
addr[num_elem] = &counter;
len[num_elem] = sizeof(counter);
num_elem++;
k = dragonfly_min_pwe_loop_iter(sae->group); k = dragonfly_min_pwe_loop_iter(sae->group);
@ -497,7 +478,7 @@ static int sae_derive_pwe_ffc(struct sae_data *sae, const u8 *addr1,
} }
wpa_printf(MSG_DEBUG, "SAE: counter = %02u", counter); wpa_printf(MSG_DEBUG, "SAE: counter = %02u", counter);
if (hmac_sha256_vector(addrs, sizeof(addrs), num_elem, if (hmac_sha256_vector(addrs, sizeof(addrs), 2,
addr, len, pwd_seed) < 0) addr, len, pwd_seed) < 0)
break; break;
res = sae_test_pwd_seed_ffc(sae, pwd_seed, pwe); res = sae_test_pwd_seed_ffc(sae, pwd_seed, pwe);
@ -1354,15 +1335,13 @@ static int sae_derive_commit(struct sae_data *sae)
int sae_prepare_commit(const u8 *addr1, const u8 *addr2, int sae_prepare_commit(const u8 *addr1, const u8 *addr2,
const u8 *password, size_t password_len, const u8 *password, size_t password_len,
const char *identifier, struct sae_data *sae) struct sae_data *sae)
{ {
if (sae->tmp == NULL || if (sae->tmp == NULL ||
(sae->tmp->ec && sae_derive_pwe_ecc(sae, addr1, addr2, password, (sae->tmp->ec && sae_derive_pwe_ecc(sae, addr1, addr2, password,
password_len, password_len) < 0) ||
identifier) < 0) ||
(sae->tmp->dh && sae_derive_pwe_ffc(sae, addr1, addr2, password, (sae->tmp->dh && sae_derive_pwe_ffc(sae, addr1, addr2, password,
password_len, password_len) < 0))
identifier) < 0))
return -1; return -1;
sae->h2e = 0; sae->h2e = 0;

View file

@ -122,7 +122,7 @@ void sae_clear_data(struct sae_data *sae);
int sae_prepare_commit(const u8 *addr1, const u8 *addr2, int sae_prepare_commit(const u8 *addr1, const u8 *addr2,
const u8 *password, size_t password_len, const u8 *password, size_t password_len,
const char *identifier, struct sae_data *sae); struct sae_data *sae);
int sae_prepare_commit_pt(struct sae_data *sae, const struct sae_pt *pt, int sae_prepare_commit_pt(struct sae_data *sae, const struct sae_pt *pt,
const u8 *addr1, const u8 *addr2, const u8 *addr1, const u8 *addr2,
int *rejected_groups, const struct sae_pk *pk); int *rejected_groups, const struct sae_pk *pk);

View file

@ -344,7 +344,6 @@ static int mesh_rsn_build_sae_commit(struct wpa_supplicant *wpa_s,
} }
return sae_prepare_commit(wpa_s->own_addr, sta->addr, return sae_prepare_commit(wpa_s->own_addr, sta->addr,
(u8 *) password, os_strlen(password), (u8 *) password, os_strlen(password),
ssid->sae_password_id,
sta->sae); sta->sae);
} }

View file

@ -186,7 +186,6 @@ static struct wpabuf * sme_auth_build_sae_commit(struct wpa_supplicant *wpa_s,
if (!use_pt && if (!use_pt &&
sae_prepare_commit(wpa_s->own_addr, bssid, sae_prepare_commit(wpa_s->own_addr, bssid,
(u8 *) password, os_strlen(password), (u8 *) password, os_strlen(password),
ssid->sae_password_id,
&wpa_s->sme.sae) < 0) { &wpa_s->sme.sae) < 0) {
wpa_printf(MSG_DEBUG, "SAE: Could not pick PWE"); wpa_printf(MSG_DEBUG, "SAE: Could not pick PWE");
return NULL; return NULL;