DGNum/hostapd
6
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

Fix internal DH implementation not to pad shared key

Browse source 
The returned buffer length was hardcoded to be the prime length
which resulted in shorter results being padded in the end. However,
the results from DH code are supposed to be unpadded (and when used
with WPS, the padding is done in WPS code and it is added to the
beginning of the buffer). This fixes WPS key derivation errors
in about 1/256 of runs ("WPS: Incorrect Authenticator") when using
the internal crypto code.
This commit is contained in:
Jouni Malinen 2010-04-12 12:25:21 +03:00 committed by Jouni Malinen
parent 20e26395c8
commit 0cb445a472
1 changed files with 2 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
src/crypto/dh_groups.c
View file

@ -619,11 +619,12 @@ struct wpabuf * dh_derive_shared(const struct wpabuf *peer_public,
if (crypto_mod_exp(wpabuf_head(peer_public), wpabuf_len(peer_public),
wpabuf_head(own_private), wpabuf_len(own_private),
dh->prime, dh->prime_len,
wpabuf_put(shared, shared_len), &shared_len) < 0) {
wpabuf_mhead(shared), &shared_len) < 0) {
wpabuf_free(shared);
wpa_printf(MSG_INFO, "DH: crypto_mod_exp failed");
return NULL;
}
wpabuf_put(shared, shared_len);
wpa_hexdump_buf_key(MSG_DEBUG, "DH: shared key", shared);
return shared;