SAE: Return result from confirm CN() operation to the caller
These functions could fail in theory, so report the result to the caller. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit is contained in:
parent
a8bfc6fff2
commit
d842e00bd6
1 changed files with 56 additions and 50 deletions
106
src/common/sae.c
106
src/common/sae.c
|
@ -1157,12 +1157,12 @@ u16 sae_parse_commit(struct sae_data *sae, const u8 *data, size_t len,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
static void sae_cn_confirm(struct sae_data *sae, const u8 *sc,
|
static int sae_cn_confirm(struct sae_data *sae, const u8 *sc,
|
||||||
const struct crypto_bignum *scalar1,
|
const struct crypto_bignum *scalar1,
|
||||||
const u8 *element1, size_t element1_len,
|
const u8 *element1, size_t element1_len,
|
||||||
const struct crypto_bignum *scalar2,
|
const struct crypto_bignum *scalar2,
|
||||||
const u8 *element2, size_t element2_len,
|
const u8 *element2, size_t element2_len,
|
||||||
u8 *confirm)
|
u8 *confirm)
|
||||||
{
|
{
|
||||||
const u8 *addr[5];
|
const u8 *addr[5];
|
||||||
size_t len[5];
|
size_t len[5];
|
||||||
|
@ -1176,62 +1176,68 @@ static void sae_cn_confirm(struct sae_data *sae, const u8 *sc,
|
||||||
* verifier = CN(KCK, peer-send-confirm, peer-commit-scalar,
|
* verifier = CN(KCK, peer-send-confirm, peer-commit-scalar,
|
||||||
* PEER-COMMIT-ELEMENT, commit-scalar, COMMIT-ELEMENT)
|
* PEER-COMMIT-ELEMENT, commit-scalar, COMMIT-ELEMENT)
|
||||||
*/
|
*/
|
||||||
|
if (crypto_bignum_to_bin(scalar1, scalar_b1, sizeof(scalar_b1),
|
||||||
|
sae->tmp->prime_len) < 0 ||
|
||||||
|
crypto_bignum_to_bin(scalar2, scalar_b2, sizeof(scalar_b2),
|
||||||
|
sae->tmp->prime_len) < 0)
|
||||||
|
return -1;
|
||||||
addr[0] = sc;
|
addr[0] = sc;
|
||||||
len[0] = 2;
|
len[0] = 2;
|
||||||
crypto_bignum_to_bin(scalar1, scalar_b1, sizeof(scalar_b1),
|
|
||||||
sae->tmp->prime_len);
|
|
||||||
addr[1] = scalar_b1;
|
addr[1] = scalar_b1;
|
||||||
len[1] = sae->tmp->prime_len;
|
len[1] = sae->tmp->prime_len;
|
||||||
addr[2] = element1;
|
addr[2] = element1;
|
||||||
len[2] = element1_len;
|
len[2] = element1_len;
|
||||||
crypto_bignum_to_bin(scalar2, scalar_b2, sizeof(scalar_b2),
|
|
||||||
sae->tmp->prime_len);
|
|
||||||
addr[3] = scalar_b2;
|
addr[3] = scalar_b2;
|
||||||
len[3] = sae->tmp->prime_len;
|
len[3] = sae->tmp->prime_len;
|
||||||
addr[4] = element2;
|
addr[4] = element2;
|
||||||
len[4] = element2_len;
|
len[4] = element2_len;
|
||||||
hmac_sha256_vector(sae->tmp->kck, sizeof(sae->tmp->kck), 5, addr, len,
|
return hmac_sha256_vector(sae->tmp->kck, sizeof(sae->tmp->kck),
|
||||||
confirm);
|
5, addr, len, confirm);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
static void sae_cn_confirm_ecc(struct sae_data *sae, const u8 *sc,
|
static int sae_cn_confirm_ecc(struct sae_data *sae, const u8 *sc,
|
||||||
const struct crypto_bignum *scalar1,
|
const struct crypto_bignum *scalar1,
|
||||||
const struct crypto_ec_point *element1,
|
const struct crypto_ec_point *element1,
|
||||||
const struct crypto_bignum *scalar2,
|
const struct crypto_bignum *scalar2,
|
||||||
const struct crypto_ec_point *element2,
|
const struct crypto_ec_point *element2,
|
||||||
u8 *confirm)
|
u8 *confirm)
|
||||||
{
|
{
|
||||||
u8 element_b1[2 * SAE_MAX_ECC_PRIME_LEN];
|
u8 element_b1[2 * SAE_MAX_ECC_PRIME_LEN];
|
||||||
u8 element_b2[2 * SAE_MAX_ECC_PRIME_LEN];
|
u8 element_b2[2 * SAE_MAX_ECC_PRIME_LEN];
|
||||||
|
|
||||||
crypto_ec_point_to_bin(sae->tmp->ec, element1, element_b1,
|
if (crypto_ec_point_to_bin(sae->tmp->ec, element1, element_b1,
|
||||||
element_b1 + sae->tmp->prime_len);
|
element_b1 + sae->tmp->prime_len) < 0 ||
|
||||||
crypto_ec_point_to_bin(sae->tmp->ec, element2, element_b2,
|
crypto_ec_point_to_bin(sae->tmp->ec, element2, element_b2,
|
||||||
element_b2 + sae->tmp->prime_len);
|
element_b2 + sae->tmp->prime_len) < 0 ||
|
||||||
|
sae_cn_confirm(sae, sc, scalar1, element_b1,
|
||||||
sae_cn_confirm(sae, sc, scalar1, element_b1, 2 * sae->tmp->prime_len,
|
2 * sae->tmp->prime_len,
|
||||||
scalar2, element_b2, 2 * sae->tmp->prime_len, confirm);
|
scalar2, element_b2, 2 * sae->tmp->prime_len,
|
||||||
|
confirm) < 0)
|
||||||
|
return -1;
|
||||||
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
static void sae_cn_confirm_ffc(struct sae_data *sae, const u8 *sc,
|
static int sae_cn_confirm_ffc(struct sae_data *sae, const u8 *sc,
|
||||||
const struct crypto_bignum *scalar1,
|
const struct crypto_bignum *scalar1,
|
||||||
const struct crypto_bignum *element1,
|
const struct crypto_bignum *element1,
|
||||||
const struct crypto_bignum *scalar2,
|
const struct crypto_bignum *scalar2,
|
||||||
const struct crypto_bignum *element2,
|
const struct crypto_bignum *element2,
|
||||||
u8 *confirm)
|
u8 *confirm)
|
||||||
{
|
{
|
||||||
u8 element_b1[SAE_MAX_PRIME_LEN];
|
u8 element_b1[SAE_MAX_PRIME_LEN];
|
||||||
u8 element_b2[SAE_MAX_PRIME_LEN];
|
u8 element_b2[SAE_MAX_PRIME_LEN];
|
||||||
|
|
||||||
crypto_bignum_to_bin(element1, element_b1, sizeof(element_b1),
|
if (crypto_bignum_to_bin(element1, element_b1, sizeof(element_b1),
|
||||||
sae->tmp->prime_len);
|
sae->tmp->prime_len) < 0 ||
|
||||||
crypto_bignum_to_bin(element2, element_b2, sizeof(element_b2),
|
crypto_bignum_to_bin(element2, element_b2, sizeof(element_b2),
|
||||||
sae->tmp->prime_len);
|
sae->tmp->prime_len) < 0 ||
|
||||||
|
sae_cn_confirm(sae, sc, scalar1, element_b1, sae->tmp->prime_len,
|
||||||
sae_cn_confirm(sae, sc, scalar1, element_b1, sae->tmp->prime_len,
|
scalar2, element_b2, sae->tmp->prime_len,
|
||||||
scalar2, element_b2, sae->tmp->prime_len, confirm);
|
confirm) < 0)
|
||||||
|
return -1;
|
||||||
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -1282,22 +1288,22 @@ int sae_check_confirm(struct sae_data *sae, const u8 *data, size_t len)
|
||||||
|
|
||||||
if (sae->tmp->ec) {
|
if (sae->tmp->ec) {
|
||||||
if (!sae->tmp->peer_commit_element_ecc ||
|
if (!sae->tmp->peer_commit_element_ecc ||
|
||||||
!sae->tmp->own_commit_element_ecc)
|
!sae->tmp->own_commit_element_ecc ||
|
||||||
|
sae_cn_confirm_ecc(sae, data, sae->peer_commit_scalar,
|
||||||
|
sae->tmp->peer_commit_element_ecc,
|
||||||
|
sae->tmp->own_commit_scalar,
|
||||||
|
sae->tmp->own_commit_element_ecc,
|
||||||
|
verifier) < 0)
|
||||||
return -1;
|
return -1;
|
||||||
sae_cn_confirm_ecc(sae, data, sae->peer_commit_scalar,
|
|
||||||
sae->tmp->peer_commit_element_ecc,
|
|
||||||
sae->tmp->own_commit_scalar,
|
|
||||||
sae->tmp->own_commit_element_ecc,
|
|
||||||
verifier);
|
|
||||||
} else {
|
} else {
|
||||||
if (!sae->tmp->peer_commit_element_ffc ||
|
if (!sae->tmp->peer_commit_element_ffc ||
|
||||||
!sae->tmp->own_commit_element_ffc)
|
!sae->tmp->own_commit_element_ffc ||
|
||||||
|
sae_cn_confirm_ffc(sae, data, sae->peer_commit_scalar,
|
||||||
|
sae->tmp->peer_commit_element_ffc,
|
||||||
|
sae->tmp->own_commit_scalar,
|
||||||
|
sae->tmp->own_commit_element_ffc,
|
||||||
|
verifier) < 0)
|
||||||
return -1;
|
return -1;
|
||||||
sae_cn_confirm_ffc(sae, data, sae->peer_commit_scalar,
|
|
||||||
sae->tmp->peer_commit_element_ffc,
|
|
||||||
sae->tmp->own_commit_scalar,
|
|
||||||
sae->tmp->own_commit_element_ffc,
|
|
||||||
verifier);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if (os_memcmp_const(verifier, data + 2, SHA256_MAC_LEN) != 0) {
|
if (os_memcmp_const(verifier, data + 2, SHA256_MAC_LEN) != 0) {
|
||||||
|
|
Loading…
Reference in a new issue