EAP-pwd peer: Add SHA512 hash based salt mechanism
Signed-off-by: Dan Harkins <dharkins@lounge.org>
This commit is contained in:
Dan Harkins
Jouni Malinen
parent
fb3675848c
commit
b8acd50114
|
|
@ -11,6 +11,7 @@
|
|||
#include "common.h"
|
||||
#include "crypto/sha1.h"
|
||||
#include "crypto/sha256.h"
|
||||
#include "crypto/sha512.h"
|
||||
#include "crypto/ms_funcs.h"
|
||||
#include "crypto/crypto.h"
|
||||
#include "eap_peer/eap_i.h"
|
||||
|
|
@ -237,7 +238,8 @@ eap_pwd_perform_id_exchange(struct eap_sm *sm, struct eap_pwd_data *data,
|
|||
if (id->prep != EAP_PWD_PREP_NONE &&
|
||||
id->prep != EAP_PWD_PREP_MS &&
|
||||
id->prep != EAP_PWD_PREP_SSHA1 &&
|
||||
id->prep != EAP_PWD_PREP_SSHA256) {
|
||||
id->prep != EAP_PWD_PREP_SSHA256 &&
|
||||
id->prep != EAP_PWD_PREP_SSHA512) {
|
||||
wpa_printf(MSG_DEBUG,
|
||||
"EAP-PWD: Unsupported password pre-processing technique (Prep=%u)",
|
||||
id->prep);
|
||||
|
|
@ -443,6 +445,42 @@ eap_pwd_perform_commit_exchange(struct eap_sm *sm, struct eap_pwd_data *data,
|
|||
wpa_hexdump_key(MSG_DEBUG, "EAP-pwd: Salted password",
|
||||
password, password_len);
|
||||
break;
|
||||
#ifdef CONFIG_SHA512
|
||||
case EAP_PWD_PREP_SSHA512:
|
||||
wpa_printf(MSG_DEBUG,
|
||||
"EAP-pwd commit request, password prep is salted sha512");
|
||||
if (payload_len < 1 || *ptr == 0) {
|
||||
wpa_printf(MSG_DEBUG, "EAP-pwd: Invalid Salt-len");
|
||||
goto fin;
|
||||
}
|
||||
salt_len = *ptr++;
|
||||
exp_len = 1 + salt_len + 2 * prime_len + order_len;
|
||||
if (payload_len != exp_len) {
|
||||
wpa_printf(MSG_INFO,
|
||||
"EAP-pwd: Unexpected Commit payload length %u (expected %u)",
|
||||
(unsigned int) payload_len,
|
||||
(unsigned int) exp_len);
|
||||
goto fin;
|
||||
}
|
||||
|
||||
/* salted-password = Hash(password | salt) */
|
||||
wpa_hexdump_key(MSG_DEBUG, "EAP-pwd: Unsalted password",
|
||||
data->password, data->password_len);
|
||||
wpa_hexdump(MSG_DEBUG, "EAP-pwd: Salt", ptr, salt_len);
|
||||
salt_pwd[0] = data->password;
|
||||
salt_pwd[1] = ptr;
|
||||
salt_pwd_len[0] = data->password_len;
|
||||
salt_pwd_len[1] = salt_len;
|
||||
if (sha512_vector(2, salt_pwd, salt_pwd_len, salthashpwd) < 0)
|
||||
goto fin;
|
||||
|
||||
ptr += salt_len;
|
||||
password = salthashpwd;
|
||||
password_len = SHA512_MAC_LEN;
|
||||
wpa_hexdump_key(MSG_DEBUG, "EAP-pwd: Salted password",
|
||||
password, password_len);
|
||||
break;
|
||||
#endif /* CONFIG_SHA512 */
|
||||
case EAP_PWD_PREP_NONE:
|
||||
wpa_printf(MSG_DEBUG,
|
||||
"EAP-pwd commit request, password prep is NONE");
|
||||
|
|
|
|||
Loading…
Reference in a new issue