WPS: Use random_get_bytes() for NFC password id
os_random() may not be seeded properly, so use stronger mechanism for generating the password id for NFC password tokens. Signed-hostap: Jouni Malinen <j@w1.fi>
This commit is contained in:
parent
ffdaa05a6b
commit
72df0cd28c
2 changed files with 8 additions and 4 deletions
|
@ -1629,13 +1629,15 @@ struct wpabuf * hostapd_wps_nfc_token_gen(struct hostapd_data *hapd, int ndef)
|
||||||
struct wpabuf *priv = NULL, *pub = NULL, *pw;
|
struct wpabuf *priv = NULL, *pub = NULL, *pw;
|
||||||
void *dh_ctx;
|
void *dh_ctx;
|
||||||
struct wpabuf *ret;
|
struct wpabuf *ret;
|
||||||
|
u16 val;
|
||||||
|
|
||||||
pw = wpabuf_alloc(WPS_OOB_DEVICE_PASSWORD_LEN);
|
pw = wpabuf_alloc(WPS_OOB_DEVICE_PASSWORD_LEN);
|
||||||
if (pw == NULL)
|
if (pw == NULL)
|
||||||
return NULL;
|
return NULL;
|
||||||
|
|
||||||
if (random_get_bytes(wpabuf_put(pw, WPS_OOB_DEVICE_PASSWORD_LEN),
|
if (random_get_bytes(wpabuf_put(pw, WPS_OOB_DEVICE_PASSWORD_LEN),
|
||||||
WPS_OOB_DEVICE_PASSWORD_LEN)) {
|
WPS_OOB_DEVICE_PASSWORD_LEN) ||
|
||||||
|
random_get_bytes((u8 *) &val, sizeof(val))) {
|
||||||
wpabuf_free(pw);
|
wpabuf_free(pw);
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
@ -1647,7 +1649,7 @@ struct wpabuf * hostapd_wps_nfc_token_gen(struct hostapd_data *hapd, int ndef)
|
||||||
}
|
}
|
||||||
dh5_free(dh_ctx);
|
dh5_free(dh_ctx);
|
||||||
|
|
||||||
hapd->conf->wps_nfc_dev_pw_id = 0x10 + os_random() % 0xfff0;
|
hapd->conf->wps_nfc_dev_pw_id = 0x10 + val % 0xfff0;
|
||||||
wpabuf_free(hapd->conf->wps_nfc_dh_pubkey);
|
wpabuf_free(hapd->conf->wps_nfc_dh_pubkey);
|
||||||
hapd->conf->wps_nfc_dh_pubkey = pub;
|
hapd->conf->wps_nfc_dh_pubkey = pub;
|
||||||
wpabuf_free(hapd->conf->wps_nfc_dh_privkey);
|
wpabuf_free(hapd->conf->wps_nfc_dh_privkey);
|
||||||
|
|
|
@ -1799,13 +1799,15 @@ struct wpabuf * wpas_wps_nfc_token(struct wpa_supplicant *wpa_s, int ndef)
|
||||||
struct wpabuf *priv = NULL, *pub = NULL, *pw;
|
struct wpabuf *priv = NULL, *pub = NULL, *pw;
|
||||||
void *dh_ctx;
|
void *dh_ctx;
|
||||||
struct wpabuf *ret;
|
struct wpabuf *ret;
|
||||||
|
u16 val;
|
||||||
|
|
||||||
pw = wpabuf_alloc(WPS_OOB_DEVICE_PASSWORD_LEN);
|
pw = wpabuf_alloc(WPS_OOB_DEVICE_PASSWORD_LEN);
|
||||||
if (pw == NULL)
|
if (pw == NULL)
|
||||||
return NULL;
|
return NULL;
|
||||||
|
|
||||||
if (random_get_bytes(wpabuf_put(pw, WPS_OOB_DEVICE_PASSWORD_LEN),
|
if (random_get_bytes(wpabuf_put(pw, WPS_OOB_DEVICE_PASSWORD_LEN),
|
||||||
WPS_OOB_DEVICE_PASSWORD_LEN)) {
|
WPS_OOB_DEVICE_PASSWORD_LEN) ||
|
||||||
|
random_get_bytes((u8 *) &val, sizeof(val))) {
|
||||||
wpabuf_free(pw);
|
wpabuf_free(pw);
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
@ -1817,7 +1819,7 @@ struct wpabuf * wpas_wps_nfc_token(struct wpa_supplicant *wpa_s, int ndef)
|
||||||
}
|
}
|
||||||
dh5_free(dh_ctx);
|
dh5_free(dh_ctx);
|
||||||
|
|
||||||
wpa_s->conf->wps_nfc_dev_pw_id = 0x10 + os_random() % 0xfff0;
|
wpa_s->conf->wps_nfc_dev_pw_id = 0x10 + val % 0xfff0;
|
||||||
wpabuf_free(wpa_s->conf->wps_nfc_dh_pubkey);
|
wpabuf_free(wpa_s->conf->wps_nfc_dh_pubkey);
|
||||||
wpa_s->conf->wps_nfc_dh_pubkey = pub;
|
wpa_s->conf->wps_nfc_dh_pubkey = pub;
|
||||||
wpabuf_free(wpa_s->conf->wps_nfc_dh_privkey);
|
wpabuf_free(wpa_s->conf->wps_nfc_dh_privkey);
|
||||||
|
|
Loading…
Reference in a new issue