DPP: Rename PKEX secret element from Z to K
This matches the change in the DPP tech spec to make this less likely to be confused with the shared secret z. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit is contained in:
parent
6573171792
commit
0e6709a4ea
1 changed files with 24 additions and 24 deletions
|
@ -5303,7 +5303,7 @@ static int dpp_pkex_derive_z(const u8 *mac_init, const u8 *mac_resp,
|
||||||
const u8 *Mx, size_t Mx_len,
|
const u8 *Mx, size_t Mx_len,
|
||||||
const u8 *Nx, size_t Nx_len,
|
const u8 *Nx, size_t Nx_len,
|
||||||
const char *code,
|
const char *code,
|
||||||
const u8 *Zx, size_t Zx_len,
|
const u8 *Kx, size_t Kx_len,
|
||||||
u8 *z, unsigned int hash_len)
|
u8 *z, unsigned int hash_len)
|
||||||
{
|
{
|
||||||
u8 salt[DPP_MAX_HASH_LEN], prk[DPP_MAX_HASH_LEN];
|
u8 salt[DPP_MAX_HASH_LEN], prk[DPP_MAX_HASH_LEN];
|
||||||
|
@ -5311,12 +5311,12 @@ static int dpp_pkex_derive_z(const u8 *mac_init, const u8 *mac_resp,
|
||||||
u8 *info, *pos;
|
u8 *info, *pos;
|
||||||
size_t info_len;
|
size_t info_len;
|
||||||
|
|
||||||
/* z = HKDF(<>, MAC-Initiator | MAC-Responder | M.x | N.x | code, Z.x)
|
/* z = HKDF(<>, MAC-Initiator | MAC-Responder | M.x | N.x | code, K.x)
|
||||||
*/
|
*/
|
||||||
|
|
||||||
/* HKDF-Extract(<>, IKM=Z.x) */
|
/* HKDF-Extract(<>, IKM=K.x) */
|
||||||
os_memset(salt, 0, hash_len);
|
os_memset(salt, 0, hash_len);
|
||||||
if (dpp_hmac(hash_len, salt, hash_len, Zx, Zx_len, prk) < 0)
|
if (dpp_hmac(hash_len, salt, hash_len, Kx, Kx_len, prk) < 0)
|
||||||
return -1;
|
return -1;
|
||||||
wpa_hexdump_key(MSG_DEBUG, "DPP: PRK = HKDF-Extract(<>, IKM)",
|
wpa_hexdump_key(MSG_DEBUG, "DPP: PRK = HKDF-Extract(<>, IKM)",
|
||||||
prk, hash_len);
|
prk, hash_len);
|
||||||
|
@ -5374,8 +5374,8 @@ struct wpabuf * dpp_pkex_rx_exchange_resp(struct dpp_pkex *pkex,
|
||||||
BIGNUM *Nx = NULL, *Ny = NULL;
|
BIGNUM *Nx = NULL, *Ny = NULL;
|
||||||
EVP_PKEY_CTX *ctx = NULL;
|
EVP_PKEY_CTX *ctx = NULL;
|
||||||
EC_KEY *Y_ec = NULL;
|
EC_KEY *Y_ec = NULL;
|
||||||
size_t Jx_len, Zx_len;
|
size_t Jx_len, Kx_len;
|
||||||
u8 Jx[DPP_MAX_SHARED_SECRET_LEN], Zx[DPP_MAX_SHARED_SECRET_LEN];
|
u8 Jx[DPP_MAX_SHARED_SECRET_LEN], Kx[DPP_MAX_SHARED_SECRET_LEN];
|
||||||
const u8 *addr[4];
|
const u8 *addr[4];
|
||||||
size_t len[4];
|
size_t len[4];
|
||||||
u8 u[DPP_MAX_HASH_LEN];
|
u8 u[DPP_MAX_HASH_LEN];
|
||||||
|
@ -5485,30 +5485,30 @@ struct wpabuf * dpp_pkex_rx_exchange_resp(struct dpp_pkex *pkex,
|
||||||
goto fail;
|
goto fail;
|
||||||
wpa_hexdump(MSG_DEBUG, "DPP: u", u, curve->hash_len);
|
wpa_hexdump(MSG_DEBUG, "DPP: u", u, curve->hash_len);
|
||||||
|
|
||||||
/* Z = x * Y’ */
|
/* K = x * Y’ */
|
||||||
EVP_PKEY_CTX_free(ctx);
|
EVP_PKEY_CTX_free(ctx);
|
||||||
ctx = EVP_PKEY_CTX_new(pkex->x, NULL);
|
ctx = EVP_PKEY_CTX_new(pkex->x, NULL);
|
||||||
if (!ctx ||
|
if (!ctx ||
|
||||||
EVP_PKEY_derive_init(ctx) != 1 ||
|
EVP_PKEY_derive_init(ctx) != 1 ||
|
||||||
EVP_PKEY_derive_set_peer(ctx, pkex->y) != 1 ||
|
EVP_PKEY_derive_set_peer(ctx, pkex->y) != 1 ||
|
||||||
EVP_PKEY_derive(ctx, NULL, &Zx_len) != 1 ||
|
EVP_PKEY_derive(ctx, NULL, &Kx_len) != 1 ||
|
||||||
Zx_len > DPP_MAX_SHARED_SECRET_LEN ||
|
Kx_len > DPP_MAX_SHARED_SECRET_LEN ||
|
||||||
EVP_PKEY_derive(ctx, Zx, &Zx_len) != 1) {
|
EVP_PKEY_derive(ctx, Kx, &Kx_len) != 1) {
|
||||||
wpa_printf(MSG_ERROR,
|
wpa_printf(MSG_ERROR,
|
||||||
"DPP: Failed to derive ECDH shared secret: %s",
|
"DPP: Failed to derive ECDH shared secret: %s",
|
||||||
ERR_error_string(ERR_get_error(), NULL));
|
ERR_error_string(ERR_get_error(), NULL));
|
||||||
goto fail;
|
goto fail;
|
||||||
}
|
}
|
||||||
|
|
||||||
wpa_hexdump_key(MSG_DEBUG, "DPP: ECDH shared secret (Z.x)",
|
wpa_hexdump_key(MSG_DEBUG, "DPP: ECDH shared secret (K.x)",
|
||||||
Zx, Zx_len);
|
Kx, Kx_len);
|
||||||
|
|
||||||
/* z = HKDF(<>, MAC-Initiator | MAC-Responder | M.x | N.x | code, Z.x)
|
/* z = HKDF(<>, MAC-Initiator | MAC-Responder | M.x | N.x | code, K.x)
|
||||||
*/
|
*/
|
||||||
if (dpp_pkex_derive_z(pkex->own_mac, pkex->peer_mac,
|
if (dpp_pkex_derive_z(pkex->own_mac, pkex->peer_mac,
|
||||||
pkex->Mx, curve->prime_len,
|
pkex->Mx, curve->prime_len,
|
||||||
attr_key /* N.x */, attr_key_len / 2, pkex->code,
|
attr_key /* N.x */, attr_key_len / 2, pkex->code,
|
||||||
Zx, Zx_len, pkex->z, curve->hash_len) < 0)
|
Kx, Kx_len, pkex->z, curve->hash_len) < 0)
|
||||||
goto fail;
|
goto fail;
|
||||||
|
|
||||||
/* {A, u, [bootstrapping info]}z */
|
/* {A, u, [bootstrapping info]}z */
|
||||||
|
@ -5573,8 +5573,8 @@ struct wpabuf * dpp_pkex_rx_commit_reveal_req(struct dpp_pkex *pkex,
|
||||||
{
|
{
|
||||||
const struct dpp_curve_params *curve = pkex->own_bi->curve;
|
const struct dpp_curve_params *curve = pkex->own_bi->curve;
|
||||||
EVP_PKEY_CTX *ctx;
|
EVP_PKEY_CTX *ctx;
|
||||||
size_t Jx_len, Zx_len, Lx_len;
|
size_t Jx_len, Kx_len, Lx_len;
|
||||||
u8 Jx[DPP_MAX_SHARED_SECRET_LEN], Zx[DPP_MAX_SHARED_SECRET_LEN];
|
u8 Jx[DPP_MAX_SHARED_SECRET_LEN], Kx[DPP_MAX_SHARED_SECRET_LEN];
|
||||||
u8 Lx[DPP_MAX_SHARED_SECRET_LEN];
|
u8 Lx[DPP_MAX_SHARED_SECRET_LEN];
|
||||||
const u8 *wrapped_data, *b_key, *peer_u;
|
const u8 *wrapped_data, *b_key, *peer_u;
|
||||||
u16 wrapped_data_len, b_key_len, peer_u_len = 0;
|
u16 wrapped_data_len, b_key_len, peer_u_len = 0;
|
||||||
|
@ -5590,29 +5590,29 @@ struct wpabuf * dpp_pkex_rx_commit_reveal_req(struct dpp_pkex *pkex,
|
||||||
struct wpabuf *clear = NULL;
|
struct wpabuf *clear = NULL;
|
||||||
u8 *wrapped;
|
u8 *wrapped;
|
||||||
|
|
||||||
/* Z = y * X' */
|
/* K = y * X' */
|
||||||
ctx = EVP_PKEY_CTX_new(pkex->y, NULL);
|
ctx = EVP_PKEY_CTX_new(pkex->y, NULL);
|
||||||
if (!ctx ||
|
if (!ctx ||
|
||||||
EVP_PKEY_derive_init(ctx) != 1 ||
|
EVP_PKEY_derive_init(ctx) != 1 ||
|
||||||
EVP_PKEY_derive_set_peer(ctx, pkex->x) != 1 ||
|
EVP_PKEY_derive_set_peer(ctx, pkex->x) != 1 ||
|
||||||
EVP_PKEY_derive(ctx, NULL, &Zx_len) != 1 ||
|
EVP_PKEY_derive(ctx, NULL, &Kx_len) != 1 ||
|
||||||
Zx_len > DPP_MAX_SHARED_SECRET_LEN ||
|
Kx_len > DPP_MAX_SHARED_SECRET_LEN ||
|
||||||
EVP_PKEY_derive(ctx, Zx, &Zx_len) != 1) {
|
EVP_PKEY_derive(ctx, Kx, &Kx_len) != 1) {
|
||||||
wpa_printf(MSG_ERROR,
|
wpa_printf(MSG_ERROR,
|
||||||
"DPP: Failed to derive ECDH shared secret: %s",
|
"DPP: Failed to derive ECDH shared secret: %s",
|
||||||
ERR_error_string(ERR_get_error(), NULL));
|
ERR_error_string(ERR_get_error(), NULL));
|
||||||
goto fail;
|
goto fail;
|
||||||
}
|
}
|
||||||
|
|
||||||
wpa_hexdump_key(MSG_DEBUG, "DPP: ECDH shared secret (Z.x)",
|
wpa_hexdump_key(MSG_DEBUG, "DPP: ECDH shared secret (K.x)",
|
||||||
Zx, Zx_len);
|
Kx, Kx_len);
|
||||||
|
|
||||||
/* z = HKDF(<>, MAC-Initiator | MAC-Responder | M.x | N.x | code, Z.x)
|
/* z = HKDF(<>, MAC-Initiator | MAC-Responder | M.x | N.x | code, K.x)
|
||||||
*/
|
*/
|
||||||
if (dpp_pkex_derive_z(pkex->peer_mac, pkex->own_mac,
|
if (dpp_pkex_derive_z(pkex->peer_mac, pkex->own_mac,
|
||||||
pkex->Mx, curve->prime_len,
|
pkex->Mx, curve->prime_len,
|
||||||
pkex->Nx, curve->prime_len, pkex->code,
|
pkex->Nx, curve->prime_len, pkex->code,
|
||||||
Zx, Zx_len, pkex->z, curve->hash_len) < 0)
|
Kx, Kx_len, pkex->z, curve->hash_len) < 0)
|
||||||
goto fail;
|
goto fail;
|
||||||
|
|
||||||
wrapped_data = dpp_get_attr(buf, buflen, DPP_ATTR_WRAPPED_DATA,
|
wrapped_data = dpp_get_attr(buf, buflen, DPP_ATTR_WRAPPED_DATA,
|
||||||
|
|
Loading…
Reference in a new issue