if (dpp_derive_auth_i(auth, auth_i) < 0)
goto fail;
- clear_len += 4 + auth->new_curve->hash_len;
+ clear_len += 4 + auth->curve->hash_len;
}
#endif /* CONFIG_DPP3 */
clear = wpabuf_alloc(clear_len);
wpabuf_put_le16(clear, wpabuf_len(pe));
wpabuf_put_buf(clear, pe);
}
- if (auth->waiting_new_key && auth->new_curve) {
+ if (auth->waiting_new_key) {
wpa_printf(MSG_DEBUG, "DPP: Initiator Authentication Tag");
wpabuf_put_le16(clear, DPP_ATTR_I_AUTH_TAG);
- wpabuf_put_le16(clear, auth->new_curve->hash_len);
- wpabuf_put_data(clear, auth_i, auth->new_curve->hash_len);
+ wpabuf_put_le16(clear, auth->curve->hash_len);
+ wpabuf_put_data(clear, auth_i, auth->curve->hash_len);
}
#endif /* CONFIG_DPP3 */
"Missing Initiator Authentication Tag");
goto fail;
}
- if (rx_auth_i_len != auth->new_curve->hash_len ||
- os_memcmp(rx_auth_i, auth_i,
- auth->new_curve->hash_len) != 0) {
+ if (rx_auth_i_len != auth->curve->hash_len ||
+ os_memcmp(rx_auth_i, auth_i, auth->curve->hash_len) != 0) {
dpp_auth_fail(auth,
"Mismatch in Initiator Authenticating Tag");
wpa_hexdump(MSG_DEBUG, "DPP: Received Auth-I",
rx_auth_i, rx_auth_i_len);
wpa_hexdump(MSG_DEBUG, "DPP: Derived Auth-I'",
- auth_i, auth->new_curve->hash_len);
+ auth_i, auth->curve->hash_len);
goto fail;
}
}
size_t Sx_len;
unsigned int hash_len;
const char *info = "New DPP Protocol Key";
- const u8 *addr[4];
- size_t len[4];
+ const u8 *addr[3];
+ size_t len[3];
u8 tmp[DPP_MAX_HASH_LEN], k[DPP_MAX_HASH_LEN];
struct wpabuf *pcx = NULL, *pex = NULL;
- if (!auth->new_curve)
- return -1;
-
- hash_len = auth->new_curve->hash_len;
+ hash_len = auth->curve->hash_len;
/*
* Configurator: S = pc * Pe
* k = HKDF(bk, "New DPP Protocol Key", S.x)
* = HKDF-Expand(HKDF-Extract(bk, S.X), "New DPP Protocol Key",
* len(new-curve-hash-out))
- * Auth-I = H(k, E-nonce | Pc.x | Pe.x)
- * Note: Assume this H(k, ..) is actually H(k | ..)
+ * Auth-I = HMAC(k, E-nonce | Pc.x | Pe.x)
*
- * auth->own_protocol_key, auth->peer_protocol_key, and auth->curve have
- * already been updated to use the new keys and curve.
+ * auth->own_protocol_key and auth->peer_protocol_key have already been
+ * updated to use the new keys. The new curve determines the size of
+ * the (new) protocol keys and S.x. The other parameters (bk, hash
+ * algorithm, k) are determined based on the initially determined curve
+ * during the (re)authentication exchange.
*/
if (dpp_ecdh(auth->own_protocol_key, auth->peer_protocol_key,
/* tmp = HKDF-Extract(bk, S.x) */
addr[0] = Sx;
len[0] = Sx_len;
- res = dpp_hmac_vector(hash_len, auth->bk, auth->new_curve->hash_len,
- 1, addr, len, tmp);
+ res = dpp_hmac_vector(hash_len, auth->bk, hash_len, 1, addr, len, tmp);
if (res < 0)
goto fail;
wpa_hexdump_key(MSG_DEBUG, "DPP: HKDF-Extract(bk, S.x)",
tmp, hash_len);
- /* k = HKDF-Expand(tmp, "New DPP Protocol Key", len(new-curve-hash-out))
+ /* k = HKDF-Expand(tmp, "New DPP Protocol Key", len(hash-output))
*/
res = dpp_hkdf_expand(hash_len, tmp, hash_len, info, k, hash_len);
if (res < 0)
"DPP: k = HKDF-Expand(\"New DPP Protocol Key\")",
k, hash_len);
- /* Auth-I = H(k | E-nonce | Pc.x | Pe.x) */
- addr[0] = k;
- len[0] = hash_len;
- addr[1] = auth->e_nonce;
- len[1] = auth->new_curve->nonce_len;
+ /* Auth-I = HMAC(k, E-nonce | Pc.x | Pe.x) */
+ addr[0] = auth->e_nonce;
+ len[0] = auth->curve->nonce_len;
if (auth->configurator) {
pcx = crypto_ec_key_get_pubkey_point(auth->own_protocol_key, 0);
}
if (!pcx || !pex)
goto fail;
- addr[2] = wpabuf_head(pcx);
- len[2] = wpabuf_len(pcx) / 2;
- addr[3] = wpabuf_head(pex);
- len[3] = wpabuf_len(pex) / 2;
+ addr[1] = wpabuf_head(pcx);
+ len[1] = wpabuf_len(pcx) / 2;
+ addr[2] = wpabuf_head(pex);
+ len[2] = wpabuf_len(pex) / 2;
- if (dpp_hash_vector(auth->new_curve, 4, addr, len, auth_i) < 0)
+ if (dpp_hmac_vector(hash_len, k, hash_len, 3, addr, len, auth_i) < 0)
goto fail;
- wpa_hexdump_key(MSG_DEBUG, "DPP: Auth-I = H(k | E-nonce | Pc.x | Pe.x)",
+ wpa_hexdump_key(MSG_DEBUG,
+ "DPP: Auth-I = HMAC(k, E-nonce | Pc.x | Pe.x)",
auth_i, hash_len);
ret = 0;
fail:
projects / thirdparty / hostap.git / commitdiff
