From c98db9f1f83d1759a1f278da50b6b3d8bf521820 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Wed, 17 Jun 2020 12:22:08 +0300 Subject: [PATCH] DPP2: Add challengePassword into CSR Derive challengePassword from bk and add it into the CSR. Signed-off-by: Jouni Malinen --- src/common/dpp.h | 1 + src/common/dpp_crypto.c | 24 ++++++++++++++++++++++++ 2 files changed, 25 insertions(+) diff --git a/src/common/dpp.h b/src/common/dpp.h index a84cdc656..a43b85fc2 100644 --- a/src/common/dpp.h +++ b/src/common/dpp.h @@ -120,6 +120,7 @@ enum dpp_connector_key { #define DPP_MAX_NONCE_LEN 32 #define DPP_MAX_HASH_LEN 64 #define DPP_MAX_SHARED_SECRET_LEN 66 +#define DPP_CP_LEN 64 struct dpp_curve_params { const char *name; diff --git a/src/common/dpp_crypto.c b/src/common/dpp_crypto.c index 1990b82ff..744f099ce 100644 --- a/src/common/dpp_crypto.c +++ b/src/common/dpp_crypto.c @@ -2677,6 +2677,10 @@ struct wpabuf * dpp_build_csr(struct dpp_authentication *auth) unsigned int hash_len = auth->curve->hash_len; EC_KEY *eckey; BIO *out = NULL; + u8 cp[DPP_CP_LEN]; + char *password; + size_t password_len; + int res; /* TODO: use auth->csrattrs */ @@ -2701,6 +2705,26 @@ struct wpabuf * dpp_build_csr(struct dpp_authentication *auth) if (!req || !X509_REQ_set_pubkey(req, key)) goto fail; + /* cp = HKDF-Expand(bk, "CSR challengePassword", 64) */ + if (dpp_hkdf_expand(hash_len, auth->bk, hash_len, + "CSR challengePassword", cp, DPP_CP_LEN) < 0) + goto fail; + wpa_hexdump_key(MSG_DEBUG, + "DPP: cp = HKDF-Expand(bk, \"CSR challengePassword\", 64)", + cp, DPP_CP_LEN); + password = base64_encode_no_lf(cp, DPP_CP_LEN, &password_len); + forced_memzero(cp, DPP_CP_LEN); + if (!password) + goto fail; + + res = X509_REQ_add1_attr_by_NID(req, NID_pkcs9_challengePassword, + V_ASN1_UTF8STRING, + (const unsigned char *) password, + password_len); + bin_clear_free(password, password_len); + if (!res) + goto fail; + /* TODO */ /* TODO: hash func selection based on csrAttrs */