u8 mk[SHA256_DIGEST_LENGTH], *cruft;
u8 session_id[SHA256_DIGEST_LENGTH + 1];
u8 msk_emsk[EAP_MSK_LEN + EAP_EMSK_LEN];
+ int offset;
if ((cruft = os_malloc(BN_num_bytes(grp->prime))) == NULL)
return -1;
session_id[0] = EAP_TYPE_PWD;
H_Init(&ctx);
H_Update(&ctx, (u8 *)ciphersuite, sizeof(u32));
- BN_bn2bin(peer_scalar, cruft);
+ offset = BN_num_bytes(grp->order) - BN_num_bytes(peer_scalar);
+ os_memset(cruft, 0, BN_num_bytes(grp->prime));
+ BN_bn2bin(peer_scalar, cruft + offset);
H_Update(&ctx, cruft, BN_num_bytes(grp->order));
- BN_bn2bin(server_scalar, cruft);
+ offset = BN_num_bytes(grp->order) - BN_num_bytes(server_scalar);
+ os_memset(cruft, 0, BN_num_bytes(grp->prime));
+ BN_bn2bin(server_scalar, cruft + offset);
H_Update(&ctx, cruft, BN_num_bytes(grp->order));
H_Final(&ctx, &session_id[1]);
/* then compute MK = H(k | commit-peer | commit-server) */
H_Init(&ctx);
+ offset = BN_num_bytes(grp->prime) - BN_num_bytes(k);
os_memset(cruft, 0, BN_num_bytes(grp->prime));
- BN_bn2bin(k, cruft);
+ BN_bn2bin(k, cruft + offset);
H_Update(&ctx, cruft, BN_num_bytes(grp->prime));
H_Update(&ctx, commit_peer, SHA256_DIGEST_LENGTH);
H_Update(&ctx, commit_server, SHA256_DIGEST_LENGTH);
u32 cs;
u16 grp;
u8 conf[SHA256_DIGEST_LENGTH], *cruft = NULL, *ptr;
+ int offset;
/*
* first build up the ciphersuite which is group | random_function |
* value may start with a few zeros and the previous one did not.
*/
os_memset(cruft, 0, BN_num_bytes(data->grp->prime));
- BN_bn2bin(data->k, cruft);
+ offset = BN_num_bytes(data->grp->prime) - BN_num_bytes(data->k);
+ BN_bn2bin(data->k, cruft + offset);
H_Update(&ctx, cruft, BN_num_bytes(data->grp->prime));
/* server element: x, y */
goto fin;
}
os_memset(cruft, 0, BN_num_bytes(data->grp->prime));
- BN_bn2bin(x, cruft);
+ offset = BN_num_bytes(data->grp->prime) - BN_num_bytes(x);
+ BN_bn2bin(x, cruft + offset);
H_Update(&ctx, cruft, BN_num_bytes(data->grp->prime));
os_memset(cruft, 0, BN_num_bytes(data->grp->prime));
- BN_bn2bin(y, cruft);
+ offset = BN_num_bytes(data->grp->prime) - BN_num_bytes(y);
+ BN_bn2bin(y, cruft + offset);
H_Update(&ctx, cruft, BN_num_bytes(data->grp->prime));
/* server scalar */
os_memset(cruft, 0, BN_num_bytes(data->grp->prime));
- BN_bn2bin(data->server_scalar, cruft);
+ offset = BN_num_bytes(data->grp->order) -
+ BN_num_bytes(data->server_scalar);
+ BN_bn2bin(data->server_scalar, cruft + offset);
H_Update(&ctx, cruft, BN_num_bytes(data->grp->order));
/* my element: x, y */
}
os_memset(cruft, 0, BN_num_bytes(data->grp->prime));
- BN_bn2bin(x, cruft);
+ offset = BN_num_bytes(data->grp->prime) - BN_num_bytes(x);
+ BN_bn2bin(x, cruft + offset);
H_Update(&ctx, cruft, BN_num_bytes(data->grp->prime));
os_memset(cruft, 0, BN_num_bytes(data->grp->prime));
- BN_bn2bin(y, cruft);
+ offset = BN_num_bytes(data->grp->prime) - BN_num_bytes(y);
+ BN_bn2bin(y, cruft + offset);
H_Update(&ctx, cruft, BN_num_bytes(data->grp->prime));
/* my scalar */
os_memset(cruft, 0, BN_num_bytes(data->grp->prime));
- BN_bn2bin(data->my_scalar, cruft);
+ offset = BN_num_bytes(data->grp->order) -
+ BN_num_bytes(data->my_scalar);
+ BN_bn2bin(data->my_scalar, cruft + offset);
H_Update(&ctx, cruft, BN_num_bytes(data->grp->order));
/* the ciphersuite */
/* k */
os_memset(cruft, 0, BN_num_bytes(data->grp->prime));
- BN_bn2bin(data->k, cruft);
+ offset = BN_num_bytes(data->grp->prime) - BN_num_bytes(data->k);
+ BN_bn2bin(data->k, cruft + offset);
H_Update(&ctx, cruft, BN_num_bytes(data->grp->prime));
/* my element */
goto fin;
}
os_memset(cruft, 0, BN_num_bytes(data->grp->prime));
- BN_bn2bin(x, cruft);
+ offset = BN_num_bytes(data->grp->prime) - BN_num_bytes(x);
+ BN_bn2bin(x, cruft + offset);
H_Update(&ctx, cruft, BN_num_bytes(data->grp->prime));
os_memset(cruft, 0, BN_num_bytes(data->grp->prime));
- BN_bn2bin(y, cruft);
+ offset = BN_num_bytes(data->grp->prime) - BN_num_bytes(y);
+ BN_bn2bin(y, cruft + offset);
H_Update(&ctx, cruft, BN_num_bytes(data->grp->prime));
/* my scalar */
os_memset(cruft, 0, BN_num_bytes(data->grp->prime));
- BN_bn2bin(data->my_scalar, cruft);
+ offset = BN_num_bytes(data->grp->order) -
+ BN_num_bytes(data->my_scalar);
+ BN_bn2bin(data->my_scalar, cruft + offset);
H_Update(&ctx, cruft, BN_num_bytes(data->grp->order));
/* server element: x, y */
goto fin;
}
os_memset(cruft, 0, BN_num_bytes(data->grp->prime));
- BN_bn2bin(x, cruft);
+ offset = BN_num_bytes(data->grp->prime) - BN_num_bytes(x);
+ BN_bn2bin(x, cruft + offset);
H_Update(&ctx, cruft, BN_num_bytes(data->grp->prime));
os_memset(cruft, 0, BN_num_bytes(data->grp->prime));
- BN_bn2bin(y, cruft);
+ offset = BN_num_bytes(data->grp->prime) - BN_num_bytes(y);
+ BN_bn2bin(y, cruft + offset);
H_Update(&ctx, cruft, BN_num_bytes(data->grp->prime));
/* server scalar */
os_memset(cruft, 0, BN_num_bytes(data->grp->prime));
- BN_bn2bin(data->server_scalar, cruft);
+ offset = BN_num_bytes(data->grp->order) -
+ BN_num_bytes(data->server_scalar);
+ BN_bn2bin(data->server_scalar, cruft + offset);
H_Update(&ctx, cruft, BN_num_bytes(data->grp->order));
/* the ciphersuite */
HMAC_CTX ctx;
u8 conf[SHA256_DIGEST_LENGTH], *cruft = NULL, *ptr;
u16 grp;
+ int offset;
wpa_printf(MSG_DEBUG, "EAP-pwd: Confirm/Request");
* First is k
*/
os_memset(cruft, 0, BN_num_bytes(data->grp->prime));
- BN_bn2bin(data->k, cruft);
+ offset = BN_num_bytes(data->grp->prime) - BN_num_bytes(data->k);
+ BN_bn2bin(data->k, cruft + offset);
H_Update(&ctx, cruft, BN_num_bytes(data->grp->prime));
/* server element: x, y */
}
os_memset(cruft, 0, BN_num_bytes(data->grp->prime));
- BN_bn2bin(x, cruft);
+ offset = BN_num_bytes(data->grp->prime) - BN_num_bytes(x);
+ BN_bn2bin(x, cruft + offset);
H_Update(&ctx, cruft, BN_num_bytes(data->grp->prime));
os_memset(cruft, 0, BN_num_bytes(data->grp->prime));
- BN_bn2bin(y, cruft);
+ offset = BN_num_bytes(data->grp->prime) - BN_num_bytes(y);
+ BN_bn2bin(y, cruft + offset);
H_Update(&ctx, cruft, BN_num_bytes(data->grp->prime));
/* server scalar */
os_memset(cruft, 0, BN_num_bytes(data->grp->prime));
- BN_bn2bin(data->my_scalar, cruft);
+ offset = BN_num_bytes(data->grp->order) -
+ BN_num_bytes(data->my_scalar);
+ BN_bn2bin(data->my_scalar, cruft + offset);
H_Update(&ctx, cruft, BN_num_bytes(data->grp->order));
/* peer element: x, y */
}
os_memset(cruft, 0, BN_num_bytes(data->grp->prime));
- BN_bn2bin(x, cruft);
+ offset = BN_num_bytes(data->grp->prime) - BN_num_bytes(x);
+ BN_bn2bin(x, cruft + offset);
H_Update(&ctx, cruft, BN_num_bytes(data->grp->prime));
os_memset(cruft, 0, BN_num_bytes(data->grp->prime));
- BN_bn2bin(y, cruft);
+ offset = BN_num_bytes(data->grp->prime) - BN_num_bytes(y);
+ BN_bn2bin(y, cruft + offset);
H_Update(&ctx, cruft, BN_num_bytes(data->grp->prime));
/* peer scalar */
os_memset(cruft, 0, BN_num_bytes(data->grp->prime));
- BN_bn2bin(data->peer_scalar, cruft);
+ offset = BN_num_bytes(data->grp->order) -
+ BN_num_bytes(data->peer_scalar);
+ BN_bn2bin(data->peer_scalar, cruft + offset);
H_Update(&ctx, cruft, BN_num_bytes(data->grp->order));
/* ciphersuite */
u32 cs;
u16 grp;
u8 conf[SHA256_DIGEST_LENGTH], *cruft = NULL, *ptr;
+ int offset;
/* build up the ciphersuite: group | random_function | prf */
grp = htons(data->group_num);
/* k */
os_memset(cruft, 0, BN_num_bytes(data->grp->prime));
- BN_bn2bin(data->k, cruft);
+ offset = BN_num_bytes(data->grp->prime) - BN_num_bytes(data->k);
+ BN_bn2bin(data->k, cruft + offset);
H_Update(&ctx, cruft, BN_num_bytes(data->grp->prime));
/* peer element: x, y */
goto fin;
}
os_memset(cruft, 0, BN_num_bytes(data->grp->prime));
- BN_bn2bin(x, cruft);
+ offset = BN_num_bytes(data->grp->prime) - BN_num_bytes(x);
+ BN_bn2bin(x, cruft + offset);
H_Update(&ctx, cruft, BN_num_bytes(data->grp->prime));
os_memset(cruft, 0, BN_num_bytes(data->grp->prime));
- BN_bn2bin(y, cruft);
+ offset = BN_num_bytes(data->grp->prime) - BN_num_bytes(y);
+ BN_bn2bin(y, cruft + offset);
H_Update(&ctx, cruft, BN_num_bytes(data->grp->prime));
/* peer scalar */
os_memset(cruft, 0, BN_num_bytes(data->grp->prime));
- BN_bn2bin(data->peer_scalar, cruft);
+ offset = BN_num_bytes(data->grp->order) -
+ BN_num_bytes(data->peer_scalar);
+ BN_bn2bin(data->peer_scalar, cruft + offset);
H_Update(&ctx, cruft, BN_num_bytes(data->grp->order));
/* server element: x, y */
}
os_memset(cruft, 0, BN_num_bytes(data->grp->prime));
- BN_bn2bin(x, cruft);
+ offset = BN_num_bytes(data->grp->prime) - BN_num_bytes(x);
+ BN_bn2bin(x, cruft + offset);
H_Update(&ctx, cruft, BN_num_bytes(data->grp->prime));
os_memset(cruft, 0, BN_num_bytes(data->grp->prime));
- BN_bn2bin(y, cruft);
+ offset = BN_num_bytes(data->grp->prime) - BN_num_bytes(y);
+ BN_bn2bin(y, cruft + offset);
H_Update(&ctx, cruft, BN_num_bytes(data->grp->prime));
/* server scalar */
os_memset(cruft, 0, BN_num_bytes(data->grp->prime));
- BN_bn2bin(data->my_scalar, cruft);
+ offset = BN_num_bytes(data->grp->order) -
+ BN_num_bytes(data->my_scalar);
+ BN_bn2bin(data->my_scalar, cruft + offset);
H_Update(&ctx, cruft, BN_num_bytes(data->grp->order));
/* ciphersuite */
projects / thirdparty / hostap.git / commitdiff
