Annotate places depending on strong random numbers
This commit adds a new wrapper, random_get_bytes(), that is currently defined to use os_get_random() as is. The places using random_get_bytes() depend on the returned value being strong random number, i.e., something that is infeasible for external device to figure out. These values are used either directly as a key or as nonces/challenges that are used as input for key derivation or authentication. The remaining direct uses of os_get_random() do not need as strong random numbers to function correctly.
This commit is contained in:
parent
1bdb7ab3af
commit
3642c4313a
38 changed files with 123 additions and 63 deletions
|
@ -48,6 +48,7 @@
|
||||||
|
|
||||||
#include "common.h"
|
#include "common.h"
|
||||||
#include "crypto/milenage.h"
|
#include "crypto/milenage.h"
|
||||||
|
#include "crypto/random.h"
|
||||||
|
|
||||||
static const char *default_socket_path = "/tmp/hlr_auc_gw.sock";
|
static const char *default_socket_path = "/tmp/hlr_auc_gw.sock";
|
||||||
static const char *socket_path;
|
static const char *socket_path;
|
||||||
|
@ -418,7 +419,7 @@ static void sim_req_auth(int s, struct sockaddr_un *from, socklen_t fromlen,
|
||||||
if (m) {
|
if (m) {
|
||||||
u8 _rand[16], sres[4], kc[8];
|
u8 _rand[16], sres[4], kc[8];
|
||||||
for (count = 0; count < max_chal; count++) {
|
for (count = 0; count < max_chal; count++) {
|
||||||
if (os_get_random(_rand, 16) < 0)
|
if (random_get_bytes(_rand, 16) < 0)
|
||||||
return;
|
return;
|
||||||
gsm_milenage(m->opc, m->ki, _rand, sres, kc);
|
gsm_milenage(m->opc, m->ki, _rand, sres, kc);
|
||||||
*rpos++ = ' ';
|
*rpos++ = ' ';
|
||||||
|
@ -481,7 +482,7 @@ static void aka_req_auth(int s, struct sockaddr_un *from, socklen_t fromlen,
|
||||||
|
|
||||||
m = get_milenage(imsi);
|
m = get_milenage(imsi);
|
||||||
if (m) {
|
if (m) {
|
||||||
if (os_get_random(_rand, EAP_AKA_RAND_LEN) < 0)
|
if (random_get_bytes(_rand, EAP_AKA_RAND_LEN) < 0)
|
||||||
return;
|
return;
|
||||||
res_len = EAP_AKA_RES_MAX_LEN;
|
res_len = EAP_AKA_RES_MAX_LEN;
|
||||||
inc_byte_array(m->sqn, 6);
|
inc_byte_array(m->sqn, 6);
|
||||||
|
|
|
@ -18,6 +18,7 @@
|
||||||
#include "utils/eloop.h"
|
#include "utils/eloop.h"
|
||||||
#include "crypto/md5.h"
|
#include "crypto/md5.h"
|
||||||
#include "crypto/crypto.h"
|
#include "crypto/crypto.h"
|
||||||
|
#include "crypto/random.h"
|
||||||
#include "common/ieee802_11_defs.h"
|
#include "common/ieee802_11_defs.h"
|
||||||
#include "common/wpa_ctrl.h"
|
#include "common/wpa_ctrl.h"
|
||||||
#include "radius/radius.h"
|
#include "radius/radius.h"
|
||||||
|
@ -140,7 +141,7 @@ static void ieee802_1x_tx_key_one(struct hostapd_data *hapd,
|
||||||
key->key_length = htons(key_len);
|
key->key_length = htons(key_len);
|
||||||
wpa_get_ntp_timestamp(key->replay_counter);
|
wpa_get_ntp_timestamp(key->replay_counter);
|
||||||
|
|
||||||
if (os_get_random(key->key_iv, sizeof(key->key_iv))) {
|
if (random_get_bytes(key->key_iv, sizeof(key->key_iv))) {
|
||||||
wpa_printf(MSG_ERROR, "Could not get random numbers");
|
wpa_printf(MSG_ERROR, "Could not get random numbers");
|
||||||
os_free(buf);
|
os_free(buf);
|
||||||
return;
|
return;
|
||||||
|
@ -215,7 +216,7 @@ ieee802_1x_group_alloc(struct hostapd_data *hapd, const char *ifname)
|
||||||
if (!key->key[key->idx])
|
if (!key->key[key->idx])
|
||||||
key->key[key->idx] = os_malloc(key->default_len);
|
key->key[key->idx] = os_malloc(key->default_len);
|
||||||
if (key->key[key->idx] == NULL ||
|
if (key->key[key->idx] == NULL ||
|
||||||
os_get_random(key->key[key->idx], key->default_len)) {
|
random_get_bytes(key->key[key->idx], key->default_len)) {
|
||||||
printf("Could not generate random WEP key (dynamic VLAN).\n");
|
printf("Could not generate random WEP key (dynamic VLAN).\n");
|
||||||
os_free(key->key[key->idx]);
|
os_free(key->key[key->idx]);
|
||||||
key->key[key->idx] = NULL;
|
key->key[key->idx] = NULL;
|
||||||
|
@ -330,7 +331,8 @@ void ieee802_1x_tx_key(struct hostapd_data *hapd, struct sta_info *sta)
|
||||||
u8 *ikey;
|
u8 *ikey;
|
||||||
ikey = os_malloc(hapd->conf->individual_wep_key_len);
|
ikey = os_malloc(hapd->conf->individual_wep_key_len);
|
||||||
if (ikey == NULL ||
|
if (ikey == NULL ||
|
||||||
os_get_random(ikey, hapd->conf->individual_wep_key_len)) {
|
random_get_bytes(ikey, hapd->conf->individual_wep_key_len))
|
||||||
|
{
|
||||||
wpa_printf(MSG_ERROR, "Could not generate random "
|
wpa_printf(MSG_ERROR, "Could not generate random "
|
||||||
"individual WEP key.");
|
"individual WEP key.");
|
||||||
os_free(ikey);
|
os_free(ikey);
|
||||||
|
@ -1382,8 +1384,8 @@ static int ieee802_1x_rekey_broadcast(struct hostapd_data *hapd)
|
||||||
os_free(eapol->default_wep_key);
|
os_free(eapol->default_wep_key);
|
||||||
eapol->default_wep_key = os_malloc(hapd->conf->default_wep_key_len);
|
eapol->default_wep_key = os_malloc(hapd->conf->default_wep_key_len);
|
||||||
if (eapol->default_wep_key == NULL ||
|
if (eapol->default_wep_key == NULL ||
|
||||||
os_get_random(eapol->default_wep_key,
|
random_get_bytes(eapol->default_wep_key,
|
||||||
hapd->conf->default_wep_key_len)) {
|
hapd->conf->default_wep_key_len)) {
|
||||||
printf("Could not generate random WEP key.\n");
|
printf("Could not generate random WEP key.\n");
|
||||||
os_free(eapol->default_wep_key);
|
os_free(eapol->default_wep_key);
|
||||||
eapol->default_wep_key = NULL;
|
eapol->default_wep_key = NULL;
|
||||||
|
|
|
@ -18,6 +18,7 @@
|
||||||
#include "utils/eloop.h"
|
#include "utils/eloop.h"
|
||||||
#include "crypto/sha1.h"
|
#include "crypto/sha1.h"
|
||||||
#include "crypto/sha256.h"
|
#include "crypto/sha256.h"
|
||||||
|
#include "crypto/random.h"
|
||||||
#include "wpa_auth.h"
|
#include "wpa_auth.h"
|
||||||
#include "wpa_auth_i.h"
|
#include "wpa_auth_i.h"
|
||||||
#include "wpa_auth_ie.h"
|
#include "wpa_auth_ie.h"
|
||||||
|
@ -294,7 +295,7 @@ void wpa_smk_m3(struct wpa_authenticator *wpa_auth,
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (os_get_random(smk, PMK_LEN)) {
|
if (random_get_bytes(smk, PMK_LEN)) {
|
||||||
wpa_printf(MSG_DEBUG, "RSN: Failed to generate SMK");
|
wpa_printf(MSG_DEBUG, "RSN: Failed to generate SMK");
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
|
@ -22,6 +22,7 @@
|
||||||
#include "crypto/crypto.h"
|
#include "crypto/crypto.h"
|
||||||
#include "crypto/sha1.h"
|
#include "crypto/sha1.h"
|
||||||
#include "crypto/sha256.h"
|
#include "crypto/sha256.h"
|
||||||
|
#include "crypto/random.h"
|
||||||
#include "eapol_auth/eapol_auth_sm.h"
|
#include "eapol_auth/eapol_auth_sm.h"
|
||||||
#include "ap_config.h"
|
#include "ap_config.h"
|
||||||
#include "ieee802_11.h"
|
#include "ieee802_11.h"
|
||||||
|
@ -217,7 +218,7 @@ static void wpa_rekey_gmk(void *eloop_ctx, void *timeout_ctx)
|
||||||
{
|
{
|
||||||
struct wpa_authenticator *wpa_auth = eloop_ctx;
|
struct wpa_authenticator *wpa_auth = eloop_ctx;
|
||||||
|
|
||||||
if (os_get_random(wpa_auth->group->GMK, WPA_GMK_LEN)) {
|
if (random_get_bytes(wpa_auth->group->GMK, WPA_GMK_LEN)) {
|
||||||
wpa_printf(MSG_ERROR, "Failed to get random data for WPA "
|
wpa_printf(MSG_ERROR, "Failed to get random data for WPA "
|
||||||
"initialization.");
|
"initialization.");
|
||||||
} else {
|
} else {
|
||||||
|
@ -306,7 +307,7 @@ static int wpa_group_init_gmk_and_counter(struct wpa_authenticator *wpa_auth,
|
||||||
u8 buf[ETH_ALEN + 8 + sizeof(group)];
|
u8 buf[ETH_ALEN + 8 + sizeof(group)];
|
||||||
u8 rkey[32];
|
u8 rkey[32];
|
||||||
|
|
||||||
if (os_get_random(group->GMK, WPA_GMK_LEN) < 0)
|
if (random_get_bytes(group->GMK, WPA_GMK_LEN) < 0)
|
||||||
return -1;
|
return -1;
|
||||||
wpa_hexdump_key(MSG_DEBUG, "GMK", group->GMK, WPA_GMK_LEN);
|
wpa_hexdump_key(MSG_DEBUG, "GMK", group->GMK, WPA_GMK_LEN);
|
||||||
|
|
||||||
|
@ -317,7 +318,7 @@ static int wpa_group_init_gmk_and_counter(struct wpa_authenticator *wpa_auth,
|
||||||
os_memcpy(buf, wpa_auth->addr, ETH_ALEN);
|
os_memcpy(buf, wpa_auth->addr, ETH_ALEN);
|
||||||
wpa_get_ntp_timestamp(buf + ETH_ALEN);
|
wpa_get_ntp_timestamp(buf + ETH_ALEN);
|
||||||
os_memcpy(buf + ETH_ALEN + 8, &group, sizeof(group));
|
os_memcpy(buf + ETH_ALEN + 8, &group, sizeof(group));
|
||||||
if (os_get_random(rkey, sizeof(rkey)) < 0)
|
if (random_get_bytes(rkey, sizeof(rkey)) < 0)
|
||||||
return -1;
|
return -1;
|
||||||
|
|
||||||
if (sha1_prf(rkey, sizeof(rkey), "Init Counter", buf, sizeof(buf),
|
if (sha1_prf(rkey, sizeof(rkey), "Init Counter", buf, sizeof(buf),
|
||||||
|
@ -1042,7 +1043,7 @@ static int wpa_gmk_to_gtk(const u8 *gmk, const char *label, const u8 *addr,
|
||||||
pos = data + ETH_ALEN + WPA_NONCE_LEN;
|
pos = data + ETH_ALEN + WPA_NONCE_LEN;
|
||||||
wpa_get_ntp_timestamp(pos);
|
wpa_get_ntp_timestamp(pos);
|
||||||
pos += 8;
|
pos += 8;
|
||||||
if (os_get_random(pos, 16) < 0)
|
if (random_get_bytes(pos, 16) < 0)
|
||||||
ret = -1;
|
ret = -1;
|
||||||
|
|
||||||
#ifdef CONFIG_IEEE80211W
|
#ifdef CONFIG_IEEE80211W
|
||||||
|
|
|
@ -18,6 +18,7 @@
|
||||||
#include "common/ieee802_11_defs.h"
|
#include "common/ieee802_11_defs.h"
|
||||||
#include "common/ieee802_11_common.h"
|
#include "common/ieee802_11_common.h"
|
||||||
#include "crypto/aes_wrap.h"
|
#include "crypto/aes_wrap.h"
|
||||||
|
#include "crypto/random.h"
|
||||||
#include "ap_config.h"
|
#include "ap_config.h"
|
||||||
#include "ieee802_11.h"
|
#include "ieee802_11.h"
|
||||||
#include "wmm.h"
|
#include "wmm.h"
|
||||||
|
@ -334,7 +335,7 @@ static int wpa_ft_pull_pmk_r1(struct wpa_authenticator *wpa_auth,
|
||||||
|
|
||||||
/* aes_wrap() does not support inplace encryption, so use a temporary
|
/* aes_wrap() does not support inplace encryption, so use a temporary
|
||||||
* buffer for the data. */
|
* buffer for the data. */
|
||||||
if (os_get_random(f.nonce, sizeof(f.nonce))) {
|
if (random_get_bytes(f.nonce, sizeof(f.nonce))) {
|
||||||
wpa_printf(MSG_DEBUG, "FT: Failed to get random data for "
|
wpa_printf(MSG_DEBUG, "FT: Failed to get random data for "
|
||||||
"nonce");
|
"nonce");
|
||||||
return -1;
|
return -1;
|
||||||
|
@ -997,7 +998,7 @@ static u16 wpa_ft_process_auth_req(struct wpa_state_machine *sm,
|
||||||
sm->pmk_r1_name_valid = 1;
|
sm->pmk_r1_name_valid = 1;
|
||||||
os_memcpy(sm->pmk_r1_name, pmk_r1_name, WPA_PMK_NAME_LEN);
|
os_memcpy(sm->pmk_r1_name, pmk_r1_name, WPA_PMK_NAME_LEN);
|
||||||
|
|
||||||
if (os_get_random(sm->ANonce, WPA_NONCE_LEN)) {
|
if (random_get_bytes(sm->ANonce, WPA_NONCE_LEN)) {
|
||||||
wpa_printf(MSG_DEBUG, "FT: Failed to get random data for "
|
wpa_printf(MSG_DEBUG, "FT: Failed to get random data for "
|
||||||
"ANonce");
|
"ANonce");
|
||||||
return WLAN_STATUS_UNSPECIFIED_FAILURE;
|
return WLAN_STATUS_UNSPECIFIED_FAILURE;
|
||||||
|
|
|
@ -16,6 +16,7 @@
|
||||||
|
|
||||||
#include "common.h"
|
#include "common.h"
|
||||||
#include "crypto.h"
|
#include "crypto.h"
|
||||||
|
#include "random.h"
|
||||||
#include "dh_groups.h"
|
#include "dh_groups.h"
|
||||||
|
|
||||||
|
|
||||||
|
@ -564,7 +565,8 @@ struct wpabuf * dh_init(const struct dh_group *dh, struct wpabuf **priv)
|
||||||
if (*priv == NULL)
|
if (*priv == NULL)
|
||||||
return NULL;
|
return NULL;
|
||||||
|
|
||||||
if (os_get_random(wpabuf_put(*priv, dh->prime_len), dh->prime_len)) {
|
if (random_get_bytes(wpabuf_put(*priv, dh->prime_len), dh->prime_len))
|
||||||
|
{
|
||||||
wpabuf_free(*priv);
|
wpabuf_free(*priv);
|
||||||
*priv = NULL;
|
*priv = NULL;
|
||||||
return NULL;
|
return NULL;
|
||||||
|
|
20
src/crypto/random.h
Normal file
20
src/crypto/random.h
Normal file
|
@ -0,0 +1,20 @@
|
||||||
|
/*
|
||||||
|
* Random number generator
|
||||||
|
* Copyright (c) 2010, Jouni Malinen <j@w1.fi>
|
||||||
|
*
|
||||||
|
* This program is free software; you can redistribute it and/or modify
|
||||||
|
* it under the terms of the GNU General Public License version 2 as
|
||||||
|
* published by the Free Software Foundation.
|
||||||
|
*
|
||||||
|
* Alternatively, this software may be distributed under the terms of BSD
|
||||||
|
* license.
|
||||||
|
*
|
||||||
|
* See README and COPYING for more details.
|
||||||
|
*/
|
||||||
|
|
||||||
|
#ifndef RANDOM_H
|
||||||
|
#define RANDOM_H
|
||||||
|
|
||||||
|
#define random_get_bytes(b, l) os_get_random((b), (l))
|
||||||
|
|
||||||
|
#endif /* RANDOM_H */
|
|
@ -20,6 +20,7 @@
|
||||||
#include "crypto/crypto.h"
|
#include "crypto/crypto.h"
|
||||||
#include "crypto/sha1.h"
|
#include "crypto/sha1.h"
|
||||||
#include "crypto/sha256.h"
|
#include "crypto/sha256.h"
|
||||||
|
#include "crypto/random.h"
|
||||||
#include "eap_common/eap_defs.h"
|
#include "eap_common/eap_defs.h"
|
||||||
#include "eap_common/eap_sim_common.h"
|
#include "eap_common/eap_sim_common.h"
|
||||||
|
|
||||||
|
@ -1121,8 +1122,8 @@ int eap_sim_msg_add_encr_start(struct eap_sim_msg *msg, u8 attr_iv,
|
||||||
if (pos == NULL)
|
if (pos == NULL)
|
||||||
return -1;
|
return -1;
|
||||||
msg->iv = (pos - wpabuf_head_u8(msg->buf)) + 4;
|
msg->iv = (pos - wpabuf_head_u8(msg->buf)) + 4;
|
||||||
if (os_get_random(wpabuf_mhead_u8(msg->buf) + msg->iv,
|
if (random_get_bytes(wpabuf_mhead_u8(msg->buf) + msg->iv,
|
||||||
EAP_SIM_IV_LEN)) {
|
EAP_SIM_IV_LEN)) {
|
||||||
msg->iv = 0;
|
msg->iv = 0;
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
|
@ -18,6 +18,7 @@
|
||||||
#include "crypto/crypto.h"
|
#include "crypto/crypto.h"
|
||||||
#include "crypto/md5.h"
|
#include "crypto/md5.h"
|
||||||
#include "crypto/sha1.h"
|
#include "crypto/sha1.h"
|
||||||
|
#include "crypto/random.h"
|
||||||
#include "ikev2_common.h"
|
#include "ikev2_common.h"
|
||||||
|
|
||||||
|
|
||||||
|
@ -639,7 +640,7 @@ int ikev2_build_encrypted(int encr_id, int integ_id, struct ikev2_keys *keys,
|
||||||
phdr->flags = 0;
|
phdr->flags = 0;
|
||||||
|
|
||||||
iv = wpabuf_put(msg, iv_len);
|
iv = wpabuf_put(msg, iv_len);
|
||||||
if (os_get_random(iv, iv_len)) {
|
if (random_get_bytes(iv, iv_len)) {
|
||||||
wpa_printf(MSG_INFO, "IKEV2: Could not generate IV");
|
wpa_printf(MSG_INFO, "IKEV2: Could not generate IV");
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
|
@ -15,6 +15,7 @@
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
|
|
||||||
#include "common.h"
|
#include "common.h"
|
||||||
|
#include "crypto/random.h"
|
||||||
#include "eap_peer/eap_i.h"
|
#include "eap_peer/eap_i.h"
|
||||||
#include "eap_common/eap_gpsk_common.h"
|
#include "eap_common/eap_gpsk_common.h"
|
||||||
|
|
||||||
|
@ -326,7 +327,7 @@ static struct wpabuf * eap_gpsk_send_gpsk_2(struct eap_gpsk_data *data,
|
||||||
wpabuf_put_be16(resp, data->id_server_len);
|
wpabuf_put_be16(resp, data->id_server_len);
|
||||||
wpabuf_put_data(resp, data->id_server, data->id_server_len);
|
wpabuf_put_data(resp, data->id_server, data->id_server_len);
|
||||||
|
|
||||||
if (os_get_random(data->rand_peer, EAP_GPSK_RAND_LEN)) {
|
if (random_get_bytes(data->rand_peer, EAP_GPSK_RAND_LEN)) {
|
||||||
wpa_printf(MSG_DEBUG, "EAP-GPSK: Failed to get random data "
|
wpa_printf(MSG_DEBUG, "EAP-GPSK: Failed to get random data "
|
||||||
"for RAND_Peer");
|
"for RAND_Peer");
|
||||||
eap_gpsk_state(data, FAILURE);
|
eap_gpsk_state(data, FAILURE);
|
||||||
|
|
|
@ -17,6 +17,7 @@
|
||||||
#include "common.h"
|
#include "common.h"
|
||||||
#include "crypto/ms_funcs.h"
|
#include "crypto/ms_funcs.h"
|
||||||
#include "crypto/crypto.h"
|
#include "crypto/crypto.h"
|
||||||
|
#include "crypto/random.h"
|
||||||
#include "eap_i.h"
|
#include "eap_i.h"
|
||||||
|
|
||||||
#define LEAP_VERSION 1
|
#define LEAP_VERSION 1
|
||||||
|
@ -167,7 +168,7 @@ static struct wpabuf * eap_leap_process_success(struct eap_sm *sm, void *priv,
|
||||||
wpabuf_put_u8(resp, 0); /* unused */
|
wpabuf_put_u8(resp, 0); /* unused */
|
||||||
wpabuf_put_u8(resp, LEAP_CHALLENGE_LEN);
|
wpabuf_put_u8(resp, LEAP_CHALLENGE_LEN);
|
||||||
pos = wpabuf_put(resp, LEAP_CHALLENGE_LEN);
|
pos = wpabuf_put(resp, LEAP_CHALLENGE_LEN);
|
||||||
if (os_get_random(pos, LEAP_CHALLENGE_LEN)) {
|
if (random_get_bytes(pos, LEAP_CHALLENGE_LEN)) {
|
||||||
wpa_printf(MSG_WARNING, "EAP-LEAP: Failed to read random data "
|
wpa_printf(MSG_WARNING, "EAP-LEAP: Failed to read random data "
|
||||||
"for challenge");
|
"for challenge");
|
||||||
wpabuf_free(resp);
|
wpabuf_free(resp);
|
||||||
|
|
|
@ -23,6 +23,7 @@
|
||||||
|
|
||||||
#include "common.h"
|
#include "common.h"
|
||||||
#include "crypto/ms_funcs.h"
|
#include "crypto/ms_funcs.h"
|
||||||
|
#include "crypto/random.h"
|
||||||
#include "common/wpa_ctrl.h"
|
#include "common/wpa_ctrl.h"
|
||||||
#include "mschapv2.h"
|
#include "mschapv2.h"
|
||||||
#include "eap_i.h"
|
#include "eap_i.h"
|
||||||
|
@ -199,7 +200,7 @@ static struct wpabuf * eap_mschapv2_challenge_reply(
|
||||||
"in Phase 1");
|
"in Phase 1");
|
||||||
peer_challenge = data->peer_challenge;
|
peer_challenge = data->peer_challenge;
|
||||||
os_memset(r->peer_challenge, 0, MSCHAPV2_CHAL_LEN);
|
os_memset(r->peer_challenge, 0, MSCHAPV2_CHAL_LEN);
|
||||||
} else if (os_get_random(peer_challenge, MSCHAPV2_CHAL_LEN)) {
|
} else if (random_get_bytes(peer_challenge, MSCHAPV2_CHAL_LEN)) {
|
||||||
wpabuf_free(resp);
|
wpabuf_free(resp);
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
@ -564,7 +565,7 @@ static struct wpabuf * eap_mschapv2_change_password(
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Peer-Challenge */
|
/* Peer-Challenge */
|
||||||
if (os_get_random(cp->peer_challenge, MSCHAPV2_CHAL_LEN))
|
if (random_get_bytes(cp->peer_challenge, MSCHAPV2_CHAL_LEN))
|
||||||
goto fail;
|
goto fail;
|
||||||
|
|
||||||
/* Reserved, must be zero */
|
/* Reserved, must be zero */
|
||||||
|
|
|
@ -15,6 +15,7 @@
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
|
|
||||||
#include "common.h"
|
#include "common.h"
|
||||||
|
#include "crypto/random.h"
|
||||||
#include "eap_common/eap_pax_common.h"
|
#include "eap_common/eap_pax_common.h"
|
||||||
#include "eap_i.h"
|
#include "eap_i.h"
|
||||||
|
|
||||||
|
@ -174,7 +175,7 @@ static struct wpabuf * eap_pax_process_std_1(struct eap_pax_data *data,
|
||||||
pos, left);
|
pos, left);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (os_get_random(data->rand.r.y, EAP_PAX_RAND_LEN)) {
|
if (random_get_bytes(data->rand.r.y, EAP_PAX_RAND_LEN)) {
|
||||||
wpa_printf(MSG_ERROR, "EAP-PAX: Failed to get random data");
|
wpa_printf(MSG_ERROR, "EAP-PAX: Failed to get random data");
|
||||||
ret->ignore = TRUE;
|
ret->ignore = TRUE;
|
||||||
return NULL;
|
return NULL;
|
||||||
|
|
|
@ -19,6 +19,7 @@
|
||||||
|
|
||||||
#include "common.h"
|
#include "common.h"
|
||||||
#include "crypto/aes_wrap.h"
|
#include "crypto/aes_wrap.h"
|
||||||
|
#include "crypto/random.h"
|
||||||
#include "eap_common/eap_psk_common.h"
|
#include "eap_common/eap_psk_common.h"
|
||||||
#include "eap_i.h"
|
#include "eap_i.h"
|
||||||
|
|
||||||
|
@ -130,7 +131,7 @@ static struct wpabuf * eap_psk_process_1(struct eap_psk_data *data,
|
||||||
wpa_hexdump_ascii(MSG_DEBUG, "EAP-PSK: ID_S",
|
wpa_hexdump_ascii(MSG_DEBUG, "EAP-PSK: ID_S",
|
||||||
data->id_s, data->id_s_len);
|
data->id_s, data->id_s_len);
|
||||||
|
|
||||||
if (os_get_random(data->rand_p, EAP_PSK_RAND_LEN)) {
|
if (random_get_bytes(data->rand_p, EAP_PSK_RAND_LEN)) {
|
||||||
wpa_printf(MSG_ERROR, "EAP-PSK: Failed to get random data");
|
wpa_printf(MSG_ERROR, "EAP-PSK: Failed to get random data");
|
||||||
ret->ignore = TRUE;
|
ret->ignore = TRUE;
|
||||||
return NULL;
|
return NULL;
|
||||||
|
|
|
@ -15,6 +15,7 @@
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
|
|
||||||
#include "common.h"
|
#include "common.h"
|
||||||
|
#include "crypto/random.h"
|
||||||
#include "eap_peer/eap_i.h"
|
#include "eap_peer/eap_i.h"
|
||||||
#include "eap_common/eap_sake_common.h"
|
#include "eap_common/eap_sake_common.h"
|
||||||
|
|
||||||
|
@ -223,7 +224,7 @@ static struct wpabuf * eap_sake_process_challenge(struct eap_sm *sm,
|
||||||
wpa_hexdump(MSG_MSGDUMP, "EAP-SAKE: RAND_S (server rand)",
|
wpa_hexdump(MSG_MSGDUMP, "EAP-SAKE: RAND_S (server rand)",
|
||||||
data->rand_s, EAP_SAKE_RAND_LEN);
|
data->rand_s, EAP_SAKE_RAND_LEN);
|
||||||
|
|
||||||
if (os_get_random(data->rand_p, EAP_SAKE_RAND_LEN)) {
|
if (random_get_bytes(data->rand_p, EAP_SAKE_RAND_LEN)) {
|
||||||
wpa_printf(MSG_ERROR, "EAP-SAKE: Failed to get random data");
|
wpa_printf(MSG_ERROR, "EAP-SAKE: Failed to get random data");
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
|
@ -17,6 +17,7 @@
|
||||||
#include "common.h"
|
#include "common.h"
|
||||||
#include "pcsc_funcs.h"
|
#include "pcsc_funcs.h"
|
||||||
#include "crypto/milenage.h"
|
#include "crypto/milenage.h"
|
||||||
|
#include "crypto/random.h"
|
||||||
#include "eap_peer/eap_i.h"
|
#include "eap_peer/eap_i.h"
|
||||||
#include "eap_config.h"
|
#include "eap_config.h"
|
||||||
#include "eap_common/eap_sim_common.h"
|
#include "eap_common/eap_sim_common.h"
|
||||||
|
@ -93,7 +94,7 @@ static void * eap_sim_init(struct eap_sm *sm)
|
||||||
if (data == NULL)
|
if (data == NULL)
|
||||||
return NULL;
|
return NULL;
|
||||||
|
|
||||||
if (os_get_random(data->nonce_mt, EAP_SIM_NONCE_MT_LEN)) {
|
if (random_get_bytes(data->nonce_mt, EAP_SIM_NONCE_MT_LEN)) {
|
||||||
wpa_printf(MSG_WARNING, "EAP-SIM: Failed to get random data "
|
wpa_printf(MSG_WARNING, "EAP-SIM: Failed to get random data "
|
||||||
"for NONCE_MT");
|
"for NONCE_MT");
|
||||||
os_free(data);
|
os_free(data);
|
||||||
|
@ -995,7 +996,7 @@ static void eap_sim_deinit_for_reauth(struct eap_sm *sm, void *priv)
|
||||||
static void * eap_sim_init_for_reauth(struct eap_sm *sm, void *priv)
|
static void * eap_sim_init_for_reauth(struct eap_sm *sm, void *priv)
|
||||||
{
|
{
|
||||||
struct eap_sim_data *data = priv;
|
struct eap_sim_data *data = priv;
|
||||||
if (os_get_random(data->nonce_mt, EAP_SIM_NONCE_MT_LEN)) {
|
if (random_get_bytes(data->nonce_mt, EAP_SIM_NONCE_MT_LEN)) {
|
||||||
wpa_printf(MSG_WARNING, "EAP-SIM: Failed to get random data "
|
wpa_printf(MSG_WARNING, "EAP-SIM: Failed to get random data "
|
||||||
"for NONCE_MT");
|
"for NONCE_MT");
|
||||||
os_free(data);
|
os_free(data);
|
||||||
|
|
|
@ -16,6 +16,7 @@
|
||||||
|
|
||||||
#include "common.h"
|
#include "common.h"
|
||||||
#include "crypto/dh_groups.h"
|
#include "crypto/dh_groups.h"
|
||||||
|
#include "crypto/random.h"
|
||||||
#include "ikev2.h"
|
#include "ikev2.h"
|
||||||
|
|
||||||
|
|
||||||
|
@ -1133,7 +1134,7 @@ static struct wpabuf * ikev2_build_sa_init(struct ikev2_responder_data *data)
|
||||||
data->r_spi, IKEV2_SPI_LEN);
|
data->r_spi, IKEV2_SPI_LEN);
|
||||||
|
|
||||||
data->r_nonce_len = IKEV2_NONCE_MIN_LEN;
|
data->r_nonce_len = IKEV2_NONCE_MIN_LEN;
|
||||||
if (os_get_random(data->r_nonce, data->r_nonce_len))
|
if (random_get_bytes(data->r_nonce, data->r_nonce_len))
|
||||||
return NULL;
|
return NULL;
|
||||||
#ifdef CCNS_PL
|
#ifdef CCNS_PL
|
||||||
/* Zeros are removed incorrectly from the beginning of the nonces in
|
/* Zeros are removed incorrectly from the beginning of the nonces in
|
||||||
|
|
|
@ -17,6 +17,7 @@
|
||||||
#include "common.h"
|
#include "common.h"
|
||||||
#include "crypto/sha256.h"
|
#include "crypto/sha256.h"
|
||||||
#include "crypto/crypto.h"
|
#include "crypto/crypto.h"
|
||||||
|
#include "crypto/random.h"
|
||||||
#include "eap_common/eap_sim_common.h"
|
#include "eap_common/eap_sim_common.h"
|
||||||
#include "eap_server/eap_i.h"
|
#include "eap_server/eap_i.h"
|
||||||
#include "eap_server/eap_sim_db.h"
|
#include "eap_server/eap_sim_db.h"
|
||||||
|
@ -440,7 +441,7 @@ static struct wpabuf * eap_aka_build_reauth(struct eap_sm *sm,
|
||||||
|
|
||||||
wpa_printf(MSG_DEBUG, "EAP-AKA: Generating Re-authentication");
|
wpa_printf(MSG_DEBUG, "EAP-AKA: Generating Re-authentication");
|
||||||
|
|
||||||
if (os_get_random(data->nonce_s, EAP_SIM_NONCE_S_LEN))
|
if (random_get_bytes(data->nonce_s, EAP_SIM_NONCE_S_LEN))
|
||||||
return NULL;
|
return NULL;
|
||||||
wpa_hexdump_key(MSG_MSGDUMP, "EAP-AKA: NONCE_S",
|
wpa_hexdump_key(MSG_MSGDUMP, "EAP-AKA: NONCE_S",
|
||||||
data->nonce_s, EAP_SIM_NONCE_S_LEN);
|
data->nonce_s, EAP_SIM_NONCE_S_LEN);
|
||||||
|
|
|
@ -18,6 +18,7 @@
|
||||||
#include "crypto/aes_wrap.h"
|
#include "crypto/aes_wrap.h"
|
||||||
#include "crypto/sha1.h"
|
#include "crypto/sha1.h"
|
||||||
#include "crypto/tls.h"
|
#include "crypto/tls.h"
|
||||||
|
#include "crypto/random.h"
|
||||||
#include "eap_common/eap_tlv_common.h"
|
#include "eap_common/eap_tlv_common.h"
|
||||||
#include "eap_common/eap_fast_common.h"
|
#include "eap_common/eap_fast_common.h"
|
||||||
#include "eap_i.h"
|
#include "eap_i.h"
|
||||||
|
@ -642,7 +643,7 @@ static struct wpabuf * eap_fast_build_crypto_binding(
|
||||||
binding->version = EAP_FAST_VERSION;
|
binding->version = EAP_FAST_VERSION;
|
||||||
binding->received_version = data->peer_version;
|
binding->received_version = data->peer_version;
|
||||||
binding->subtype = EAP_TLV_CRYPTO_BINDING_SUBTYPE_REQUEST;
|
binding->subtype = EAP_TLV_CRYPTO_BINDING_SUBTYPE_REQUEST;
|
||||||
if (os_get_random(binding->nonce, sizeof(binding->nonce)) < 0) {
|
if (random_get_bytes(binding->nonce, sizeof(binding->nonce)) < 0) {
|
||||||
wpabuf_free(buf);
|
wpabuf_free(buf);
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
@ -692,7 +693,7 @@ static struct wpabuf * eap_fast_build_pac(struct eap_sm *sm,
|
||||||
struct eap_tlv_result_tlv *result;
|
struct eap_tlv_result_tlv *result;
|
||||||
struct os_time now;
|
struct os_time now;
|
||||||
|
|
||||||
if (os_get_random(pac_key, EAP_FAST_PAC_KEY_LEN) < 0 ||
|
if (random_get_bytes(pac_key, EAP_FAST_PAC_KEY_LEN) < 0 ||
|
||||||
os_get_time(&now) < 0)
|
os_get_time(&now) < 0)
|
||||||
return NULL;
|
return NULL;
|
||||||
wpa_hexdump_key(MSG_DEBUG, "EAP-FAST: Generated PAC-Key",
|
wpa_hexdump_key(MSG_DEBUG, "EAP-FAST: Generated PAC-Key",
|
||||||
|
|
|
@ -15,6 +15,7 @@
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
|
|
||||||
#include "common.h"
|
#include "common.h"
|
||||||
|
#include "crypto/random.h"
|
||||||
#include "eap_server/eap_i.h"
|
#include "eap_server/eap_i.h"
|
||||||
#include "eap_common/eap_gpsk_common.h"
|
#include "eap_common/eap_gpsk_common.h"
|
||||||
|
|
||||||
|
@ -120,7 +121,7 @@ static struct wpabuf * eap_gpsk_build_gpsk_1(struct eap_sm *sm,
|
||||||
|
|
||||||
wpa_printf(MSG_DEBUG, "EAP-GPSK: Request/GPSK-1");
|
wpa_printf(MSG_DEBUG, "EAP-GPSK: Request/GPSK-1");
|
||||||
|
|
||||||
if (os_get_random(data->rand_server, EAP_GPSK_RAND_LEN)) {
|
if (random_get_bytes(data->rand_server, EAP_GPSK_RAND_LEN)) {
|
||||||
wpa_printf(MSG_ERROR, "EAP-GPSK: Failed to get random data");
|
wpa_printf(MSG_ERROR, "EAP-GPSK: Failed to get random data");
|
||||||
eap_gpsk_state(data, FAILURE);
|
eap_gpsk_state(data, FAILURE);
|
||||||
return NULL;
|
return NULL;
|
||||||
|
|
|
@ -15,6 +15,7 @@
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
|
|
||||||
#include "common.h"
|
#include "common.h"
|
||||||
|
#include "crypto/random.h"
|
||||||
#include "eap_i.h"
|
#include "eap_i.h"
|
||||||
#include "eap_common/chap.h"
|
#include "eap_common/chap.h"
|
||||||
|
|
||||||
|
@ -52,7 +53,7 @@ static struct wpabuf * eap_md5_buildReq(struct eap_sm *sm, void *priv, u8 id)
|
||||||
struct eap_md5_data *data = priv;
|
struct eap_md5_data *data = priv;
|
||||||
struct wpabuf *req;
|
struct wpabuf *req;
|
||||||
|
|
||||||
if (os_get_random(data->challenge, CHALLENGE_LEN)) {
|
if (random_get_bytes(data->challenge, CHALLENGE_LEN)) {
|
||||||
wpa_printf(MSG_ERROR, "EAP-MD5: Failed to get random data");
|
wpa_printf(MSG_ERROR, "EAP-MD5: Failed to get random data");
|
||||||
data->state = FAILURE;
|
data->state = FAILURE;
|
||||||
return NULL;
|
return NULL;
|
||||||
|
|
|
@ -16,6 +16,7 @@
|
||||||
|
|
||||||
#include "common.h"
|
#include "common.h"
|
||||||
#include "crypto/ms_funcs.h"
|
#include "crypto/ms_funcs.h"
|
||||||
|
#include "crypto/random.h"
|
||||||
#include "eap_i.h"
|
#include "eap_i.h"
|
||||||
|
|
||||||
|
|
||||||
|
@ -109,7 +110,7 @@ static struct wpabuf * eap_mschapv2_build_challenge(
|
||||||
size_t ms_len;
|
size_t ms_len;
|
||||||
|
|
||||||
if (!data->auth_challenge_from_tls &&
|
if (!data->auth_challenge_from_tls &&
|
||||||
os_get_random(data->auth_challenge, CHALLENGE_LEN)) {
|
random_get_bytes(data->auth_challenge, CHALLENGE_LEN)) {
|
||||||
wpa_printf(MSG_ERROR, "EAP-MSCHAPV2: Failed to get random "
|
wpa_printf(MSG_ERROR, "EAP-MSCHAPV2: Failed to get random "
|
||||||
"data");
|
"data");
|
||||||
data->state = FAILURE;
|
data->state = FAILURE;
|
||||||
|
|
|
@ -15,6 +15,7 @@
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
|
|
||||||
#include "common.h"
|
#include "common.h"
|
||||||
|
#include "crypto/random.h"
|
||||||
#include "eap_server/eap_i.h"
|
#include "eap_server/eap_i.h"
|
||||||
#include "eap_common/eap_pax_common.h"
|
#include "eap_common/eap_pax_common.h"
|
||||||
|
|
||||||
|
@ -82,7 +83,7 @@ static struct wpabuf * eap_pax_build_std_1(struct eap_sm *sm,
|
||||||
|
|
||||||
wpa_printf(MSG_DEBUG, "EAP-PAX: PAX_STD-1 (sending)");
|
wpa_printf(MSG_DEBUG, "EAP-PAX: PAX_STD-1 (sending)");
|
||||||
|
|
||||||
if (os_get_random(data->rand.r.x, EAP_PAX_RAND_LEN)) {
|
if (random_get_bytes(data->rand.r.x, EAP_PAX_RAND_LEN)) {
|
||||||
wpa_printf(MSG_ERROR, "EAP-PAX: Failed to get random data");
|
wpa_printf(MSG_ERROR, "EAP-PAX: Failed to get random data");
|
||||||
data->state = FAILURE;
|
data->state = FAILURE;
|
||||||
return NULL;
|
return NULL;
|
||||||
|
|
|
@ -17,6 +17,7 @@
|
||||||
#include "common.h"
|
#include "common.h"
|
||||||
#include "crypto/sha1.h"
|
#include "crypto/sha1.h"
|
||||||
#include "crypto/tls.h"
|
#include "crypto/tls.h"
|
||||||
|
#include "crypto/random.h"
|
||||||
#include "eap_i.h"
|
#include "eap_i.h"
|
||||||
#include "eap_tls_common.h"
|
#include "eap_tls_common.h"
|
||||||
#include "eap_common/eap_tlv_common.h"
|
#include "eap_common/eap_tlv_common.h"
|
||||||
|
@ -414,7 +415,7 @@ static struct wpabuf * eap_peap_build_phase2_tlv(struct eap_sm *sm,
|
||||||
#endif /* EAP_SERVER_TNC */
|
#endif /* EAP_SERVER_TNC */
|
||||||
|
|
||||||
if (eap_peap_derive_cmk(sm, data) < 0 ||
|
if (eap_peap_derive_cmk(sm, data) < 0 ||
|
||||||
os_get_random(data->binding_nonce, 32)) {
|
random_get_bytes(data->binding_nonce, 32)) {
|
||||||
wpabuf_free(buf);
|
wpabuf_free(buf);
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
|
@ -19,6 +19,7 @@
|
||||||
|
|
||||||
#include "common.h"
|
#include "common.h"
|
||||||
#include "crypto/aes_wrap.h"
|
#include "crypto/aes_wrap.h"
|
||||||
|
#include "crypto/random.h"
|
||||||
#include "eap_common/eap_psk_common.h"
|
#include "eap_common/eap_psk_common.h"
|
||||||
#include "eap_server/eap_i.h"
|
#include "eap_server/eap_i.h"
|
||||||
|
|
||||||
|
@ -66,7 +67,7 @@ static struct wpabuf * eap_psk_build_1(struct eap_sm *sm,
|
||||||
|
|
||||||
wpa_printf(MSG_DEBUG, "EAP-PSK: PSK-1 (sending)");
|
wpa_printf(MSG_DEBUG, "EAP-PSK: PSK-1 (sending)");
|
||||||
|
|
||||||
if (os_get_random(data->rand_s, EAP_PSK_RAND_LEN)) {
|
if (random_get_bytes(data->rand_s, EAP_PSK_RAND_LEN)) {
|
||||||
wpa_printf(MSG_ERROR, "EAP-PSK: Failed to get random data");
|
wpa_printf(MSG_ERROR, "EAP-PSK: Failed to get random data");
|
||||||
data->state = FAILURE;
|
data->state = FAILURE;
|
||||||
return NULL;
|
return NULL;
|
||||||
|
|
|
@ -15,6 +15,7 @@
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
|
|
||||||
#include "common.h"
|
#include "common.h"
|
||||||
|
#include "crypto/random.h"
|
||||||
#include "eap_server/eap_i.h"
|
#include "eap_server/eap_i.h"
|
||||||
#include "eap_common/eap_sake_common.h"
|
#include "eap_common/eap_sake_common.h"
|
||||||
|
|
||||||
|
@ -166,7 +167,7 @@ static struct wpabuf * eap_sake_build_challenge(struct eap_sm *sm,
|
||||||
|
|
||||||
wpa_printf(MSG_DEBUG, "EAP-SAKE: Request/Challenge");
|
wpa_printf(MSG_DEBUG, "EAP-SAKE: Request/Challenge");
|
||||||
|
|
||||||
if (os_get_random(data->rand_s, EAP_SAKE_RAND_LEN)) {
|
if (random_get_bytes(data->rand_s, EAP_SAKE_RAND_LEN)) {
|
||||||
wpa_printf(MSG_ERROR, "EAP-SAKE: Failed to get random data");
|
wpa_printf(MSG_ERROR, "EAP-SAKE: Failed to get random data");
|
||||||
data->state = FAILURE;
|
data->state = FAILURE;
|
||||||
return NULL;
|
return NULL;
|
||||||
|
|
|
@ -15,6 +15,7 @@
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
|
|
||||||
#include "common.h"
|
#include "common.h"
|
||||||
|
#include "crypto/random.h"
|
||||||
#include "eap_server/eap_i.h"
|
#include "eap_server/eap_i.h"
|
||||||
#include "eap_common/eap_sim_common.h"
|
#include "eap_common/eap_sim_common.h"
|
||||||
#include "eap_server/eap_sim_db.h"
|
#include "eap_server/eap_sim_db.h"
|
||||||
|
@ -232,7 +233,7 @@ static struct wpabuf * eap_sim_build_reauth(struct eap_sm *sm,
|
||||||
|
|
||||||
wpa_printf(MSG_DEBUG, "EAP-SIM: Generating Re-authentication");
|
wpa_printf(MSG_DEBUG, "EAP-SIM: Generating Re-authentication");
|
||||||
|
|
||||||
if (os_get_random(data->nonce_s, EAP_SIM_NONCE_S_LEN))
|
if (random_get_bytes(data->nonce_s, EAP_SIM_NONCE_S_LEN))
|
||||||
return NULL;
|
return NULL;
|
||||||
wpa_hexdump_key(MSG_MSGDUMP, "EAP-SIM: NONCE_S",
|
wpa_hexdump_key(MSG_MSGDUMP, "EAP-SIM: NONCE_S",
|
||||||
data->nonce_s, EAP_SIM_NONCE_S_LEN);
|
data->nonce_s, EAP_SIM_NONCE_S_LEN);
|
||||||
|
|
|
@ -25,6 +25,7 @@
|
||||||
#include <sys/un.h>
|
#include <sys/un.h>
|
||||||
|
|
||||||
#include "common.h"
|
#include "common.h"
|
||||||
|
#include "crypto/random.h"
|
||||||
#include "eap_common/eap_sim_common.h"
|
#include "eap_common/eap_sim_common.h"
|
||||||
#include "eap_server/eap_sim_db.h"
|
#include "eap_server/eap_sim_db.h"
|
||||||
#include "eloop.h"
|
#include "eloop.h"
|
||||||
|
@ -830,7 +831,7 @@ static char * eap_sim_db_get_next(struct eap_sim_db_data *data, char prefix)
|
||||||
char *id, *pos, *end;
|
char *id, *pos, *end;
|
||||||
u8 buf[10];
|
u8 buf[10];
|
||||||
|
|
||||||
if (os_get_random(buf, sizeof(buf)))
|
if (random_get_bytes(buf, sizeof(buf)))
|
||||||
return NULL;
|
return NULL;
|
||||||
id = os_malloc(sizeof(buf) * 2 + 2);
|
id = os_malloc(sizeof(buf) * 2 + 2);
|
||||||
if (id == NULL)
|
if (id == NULL)
|
||||||
|
|
|
@ -16,6 +16,7 @@
|
||||||
|
|
||||||
#include "common.h"
|
#include "common.h"
|
||||||
#include "crypto/dh_groups.h"
|
#include "crypto/dh_groups.h"
|
||||||
|
#include "crypto/random.h"
|
||||||
#include "ikev2.h"
|
#include "ikev2.h"
|
||||||
|
|
||||||
|
|
||||||
|
@ -1100,7 +1101,7 @@ static struct wpabuf * ikev2_build_sa_init(struct ikev2_initiator_data *data)
|
||||||
data->i_spi, IKEV2_SPI_LEN);
|
data->i_spi, IKEV2_SPI_LEN);
|
||||||
|
|
||||||
data->i_nonce_len = IKEV2_NONCE_MIN_LEN;
|
data->i_nonce_len = IKEV2_NONCE_MIN_LEN;
|
||||||
if (os_get_random(data->i_nonce, data->i_nonce_len))
|
if (random_get_bytes(data->i_nonce, data->i_nonce_len))
|
||||||
return NULL;
|
return NULL;
|
||||||
wpa_hexdump(MSG_DEBUG, "IKEV2: Ni", data->i_nonce, data->i_nonce_len);
|
wpa_hexdump(MSG_DEBUG, "IKEV2: Ni", data->i_nonce, data->i_nonce_len);
|
||||||
|
|
||||||
|
@ -1148,7 +1149,7 @@ static struct wpabuf * ikev2_build_sa_auth(struct ikev2_initiator_data *data)
|
||||||
if (data->shared_secret == NULL)
|
if (data->shared_secret == NULL)
|
||||||
return NULL;
|
return NULL;
|
||||||
data->shared_secret_len = 16;
|
data->shared_secret_len = 16;
|
||||||
if (os_get_random(data->shared_secret, 16))
|
if (random_get_bytes(data->shared_secret, 16))
|
||||||
return NULL;
|
return NULL;
|
||||||
} else {
|
} else {
|
||||||
os_free(data->shared_secret);
|
os_free(data->shared_secret);
|
||||||
|
|
|
@ -20,6 +20,7 @@
|
||||||
#include "eloop.h"
|
#include "eloop.h"
|
||||||
#include "crypto/sha1.h"
|
#include "crypto/sha1.h"
|
||||||
#include "crypto/sha256.h"
|
#include "crypto/sha256.h"
|
||||||
|
#include "crypto/random.h"
|
||||||
#include "common/ieee802_11_defs.h"
|
#include "common/ieee802_11_defs.h"
|
||||||
#include "wpa.h"
|
#include "wpa.h"
|
||||||
#include "wpa_i.h"
|
#include "wpa_i.h"
|
||||||
|
@ -254,7 +255,7 @@ static int wpa_supplicant_process_smk_m2(
|
||||||
peerkey->use_sha256 = 1;
|
peerkey->use_sha256 = 1;
|
||||||
#endif /* CONFIG_IEEE80211W */
|
#endif /* CONFIG_IEEE80211W */
|
||||||
|
|
||||||
if (os_get_random(peerkey->pnonce, WPA_NONCE_LEN)) {
|
if (random_get_bytes(peerkey->pnonce, WPA_NONCE_LEN)) {
|
||||||
wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
|
wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
|
||||||
"WPA: Failed to get random data for PNonce");
|
"WPA: Failed to get random data for PNonce");
|
||||||
wpa_supplicant_peerkey_free(sm, peerkey);
|
wpa_supplicant_peerkey_free(sm, peerkey);
|
||||||
|
@ -370,7 +371,7 @@ static void wpa_supplicant_send_stk_1_of_4(struct wpa_sm *sm,
|
||||||
wpa_add_kde((u8 *) (msg + 1), RSN_KEY_DATA_PMKID,
|
wpa_add_kde((u8 *) (msg + 1), RSN_KEY_DATA_PMKID,
|
||||||
peerkey->smkid, PMKID_LEN);
|
peerkey->smkid, PMKID_LEN);
|
||||||
|
|
||||||
if (os_get_random(peerkey->inonce, WPA_NONCE_LEN)) {
|
if (random_get_bytes(peerkey->inonce, WPA_NONCE_LEN)) {
|
||||||
wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
|
wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
|
||||||
"RSN: Failed to get random data for INonce (STK)");
|
"RSN: Failed to get random data for INonce (STK)");
|
||||||
os_free(mbuf);
|
os_free(mbuf);
|
||||||
|
@ -697,7 +698,7 @@ static void wpa_supplicant_process_stk_1_of_4(struct wpa_sm *sm,
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (os_get_random(peerkey->pnonce, WPA_NONCE_LEN)) {
|
if (random_get_bytes(peerkey->pnonce, WPA_NONCE_LEN)) {
|
||||||
wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
|
wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
|
||||||
"RSN: Failed to get random data for PNonce");
|
"RSN: Failed to get random data for PNonce");
|
||||||
return;
|
return;
|
||||||
|
@ -1097,7 +1098,7 @@ int wpa_sm_stkstart(struct wpa_sm *sm, const u8 *peer)
|
||||||
WPA_REPLAY_COUNTER_LEN);
|
WPA_REPLAY_COUNTER_LEN);
|
||||||
inc_byte_array(sm->request_counter, WPA_REPLAY_COUNTER_LEN);
|
inc_byte_array(sm->request_counter, WPA_REPLAY_COUNTER_LEN);
|
||||||
|
|
||||||
if (os_get_random(peerkey->inonce, WPA_NONCE_LEN)) {
|
if (random_get_bytes(peerkey->inonce, WPA_NONCE_LEN)) {
|
||||||
wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
|
wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
|
||||||
"WPA: Failed to get random data for INonce");
|
"WPA: Failed to get random data for INonce");
|
||||||
os_free(rbuf);
|
os_free(rbuf);
|
||||||
|
|
|
@ -17,6 +17,7 @@
|
||||||
#include "common.h"
|
#include "common.h"
|
||||||
#include "crypto/aes_wrap.h"
|
#include "crypto/aes_wrap.h"
|
||||||
#include "crypto/crypto.h"
|
#include "crypto/crypto.h"
|
||||||
|
#include "crypto/random.h"
|
||||||
#include "common/ieee802_11_defs.h"
|
#include "common/ieee802_11_defs.h"
|
||||||
#include "eapol_supp/eapol_supp_sm.h"
|
#include "eapol_supp/eapol_supp_sm.h"
|
||||||
#include "wpa.h"
|
#include "wpa.h"
|
||||||
|
@ -400,7 +401,7 @@ static void wpa_supplicant_process_1_of_4(struct wpa_sm *sm,
|
||||||
goto failed;
|
goto failed;
|
||||||
|
|
||||||
if (sm->renew_snonce) {
|
if (sm->renew_snonce) {
|
||||||
if (os_get_random(sm->snonce, WPA_NONCE_LEN)) {
|
if (random_get_bytes(sm->snonce, WPA_NONCE_LEN)) {
|
||||||
wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
|
wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
|
||||||
"WPA: Failed to get random data for SNonce");
|
"WPA: Failed to get random data for SNonce");
|
||||||
goto failed;
|
goto failed;
|
||||||
|
|
|
@ -16,6 +16,7 @@
|
||||||
|
|
||||||
#include "common.h"
|
#include "common.h"
|
||||||
#include "crypto/aes_wrap.h"
|
#include "crypto/aes_wrap.h"
|
||||||
|
#include "crypto/random.h"
|
||||||
#include "common/ieee802_11_defs.h"
|
#include "common/ieee802_11_defs.h"
|
||||||
#include "common/ieee802_11_common.h"
|
#include "common/ieee802_11_common.h"
|
||||||
#include "wpa.h"
|
#include "wpa.h"
|
||||||
|
@ -540,7 +541,7 @@ int wpa_ft_prepare_auth_request(struct wpa_sm *sm, const u8 *mdie)
|
||||||
size_t ft_ies_len;
|
size_t ft_ies_len;
|
||||||
|
|
||||||
/* Generate a new SNonce */
|
/* Generate a new SNonce */
|
||||||
if (os_get_random(sm->snonce, WPA_NONCE_LEN)) {
|
if (random_get_bytes(sm->snonce, WPA_NONCE_LEN)) {
|
||||||
wpa_printf(MSG_INFO, "FT: Failed to generate a new SNonce");
|
wpa_printf(MSG_INFO, "FT: Failed to generate a new SNonce");
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
@ -1020,7 +1021,7 @@ int wpa_ft_start_over_ds(struct wpa_sm *sm, const u8 *target_ap,
|
||||||
MAC2STR(target_ap));
|
MAC2STR(target_ap));
|
||||||
|
|
||||||
/* Generate a new SNonce */
|
/* Generate a new SNonce */
|
||||||
if (os_get_random(sm->snonce, WPA_NONCE_LEN)) {
|
if (random_get_bytes(sm->snonce, WPA_NONCE_LEN)) {
|
||||||
wpa_printf(MSG_INFO, "FT: Failed to generate a new SNonce");
|
wpa_printf(MSG_INFO, "FT: Failed to generate a new SNonce");
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
|
@ -18,6 +18,7 @@
|
||||||
#include "crypto/md5.h"
|
#include "crypto/md5.h"
|
||||||
#include "crypto/sha1.h"
|
#include "crypto/sha1.h"
|
||||||
#include "crypto/tls.h"
|
#include "crypto/tls.h"
|
||||||
|
#include "crypto/random.h"
|
||||||
#include "x509v3.h"
|
#include "x509v3.h"
|
||||||
#include "tlsv1_common.h"
|
#include "tlsv1_common.h"
|
||||||
#include "tlsv1_record.h"
|
#include "tlsv1_record.h"
|
||||||
|
@ -57,7 +58,7 @@ u8 * tls_send_client_hello(struct tlsv1_client *conn, size_t *out_len)
|
||||||
|
|
||||||
os_get_time(&now);
|
os_get_time(&now);
|
||||||
WPA_PUT_BE32(conn->client_random, now.sec);
|
WPA_PUT_BE32(conn->client_random, now.sec);
|
||||||
if (os_get_random(conn->client_random + 4, TLS_RANDOM_LEN - 4)) {
|
if (random_get_bytes(conn->client_random + 4, TLS_RANDOM_LEN - 4)) {
|
||||||
wpa_printf(MSG_ERROR, "TLSv1: Could not generate "
|
wpa_printf(MSG_ERROR, "TLSv1: Could not generate "
|
||||||
"client_random");
|
"client_random");
|
||||||
return NULL;
|
return NULL;
|
||||||
|
@ -222,7 +223,7 @@ static int tlsv1_key_x_anon_dh(struct tlsv1_client *conn, u8 **pos, u8 *end)
|
||||||
TLS_ALERT_INTERNAL_ERROR);
|
TLS_ALERT_INTERNAL_ERROR);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
if (os_get_random(csecret, csecret_len)) {
|
if (random_get_bytes(csecret, csecret_len)) {
|
||||||
wpa_printf(MSG_DEBUG, "TLSv1: Failed to get random "
|
wpa_printf(MSG_DEBUG, "TLSv1: Failed to get random "
|
||||||
"data for Diffie-Hellman");
|
"data for Diffie-Hellman");
|
||||||
tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
|
tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
|
||||||
|
|
|
@ -18,6 +18,7 @@
|
||||||
#include "crypto/md5.h"
|
#include "crypto/md5.h"
|
||||||
#include "crypto/sha1.h"
|
#include "crypto/sha1.h"
|
||||||
#include "crypto/tls.h"
|
#include "crypto/tls.h"
|
||||||
|
#include "crypto/random.h"
|
||||||
#include "x509v3.h"
|
#include "x509v3.h"
|
||||||
#include "tlsv1_common.h"
|
#include "tlsv1_common.h"
|
||||||
#include "tlsv1_record.h"
|
#include "tlsv1_record.h"
|
||||||
|
@ -58,7 +59,7 @@ static int tls_write_server_hello(struct tlsv1_server *conn,
|
||||||
|
|
||||||
os_get_time(&now);
|
os_get_time(&now);
|
||||||
WPA_PUT_BE32(conn->server_random, now.sec);
|
WPA_PUT_BE32(conn->server_random, now.sec);
|
||||||
if (os_get_random(conn->server_random + 4, TLS_RANDOM_LEN - 4)) {
|
if (random_get_bytes(conn->server_random + 4, TLS_RANDOM_LEN - 4)) {
|
||||||
wpa_printf(MSG_ERROR, "TLSv1: Could not generate "
|
wpa_printf(MSG_ERROR, "TLSv1: Could not generate "
|
||||||
"server_random");
|
"server_random");
|
||||||
return -1;
|
return -1;
|
||||||
|
@ -67,7 +68,7 @@ static int tls_write_server_hello(struct tlsv1_server *conn,
|
||||||
conn->server_random, TLS_RANDOM_LEN);
|
conn->server_random, TLS_RANDOM_LEN);
|
||||||
|
|
||||||
conn->session_id_len = TLS_SESSION_ID_MAX_LEN;
|
conn->session_id_len = TLS_SESSION_ID_MAX_LEN;
|
||||||
if (os_get_random(conn->session_id, conn->session_id_len)) {
|
if (random_get_bytes(conn->session_id, conn->session_id_len)) {
|
||||||
wpa_printf(MSG_ERROR, "TLSv1: Could not generate "
|
wpa_printf(MSG_ERROR, "TLSv1: Could not generate "
|
||||||
"session_id");
|
"session_id");
|
||||||
return -1;
|
return -1;
|
||||||
|
@ -287,7 +288,7 @@ static int tls_write_server_key_exchange(struct tlsv1_server *conn,
|
||||||
TLS_ALERT_INTERNAL_ERROR);
|
TLS_ALERT_INTERNAL_ERROR);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
if (os_get_random(conn->dh_secret, conn->dh_secret_len)) {
|
if (random_get_bytes(conn->dh_secret, conn->dh_secret_len)) {
|
||||||
wpa_printf(MSG_DEBUG, "TLSv1: Failed to get random "
|
wpa_printf(MSG_DEBUG, "TLSv1: Failed to get random "
|
||||||
"data for Diffie-Hellman");
|
"data for Diffie-Hellman");
|
||||||
tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
|
tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
|
||||||
|
|
|
@ -19,6 +19,7 @@
|
||||||
#include "crypto/crypto.h"
|
#include "crypto/crypto.h"
|
||||||
#include "crypto/dh_group5.h"
|
#include "crypto/dh_group5.h"
|
||||||
#include "crypto/sha256.h"
|
#include "crypto/sha256.h"
|
||||||
|
#include "crypto/random.h"
|
||||||
#include "common/ieee802_11_defs.h"
|
#include "common/ieee802_11_defs.h"
|
||||||
#include "wps_i.h"
|
#include "wps_i.h"
|
||||||
|
|
||||||
|
@ -332,7 +333,7 @@ int wps_build_encr_settings(struct wps_data *wps, struct wpabuf *msg,
|
||||||
wpabuf_put_be16(msg, block_size + wpabuf_len(plain));
|
wpabuf_put_be16(msg, block_size + wpabuf_len(plain));
|
||||||
|
|
||||||
iv = wpabuf_put(msg, block_size);
|
iv = wpabuf_put(msg, block_size);
|
||||||
if (os_get_random(iv, block_size) < 0)
|
if (random_get_bytes(iv, block_size) < 0)
|
||||||
return -1;
|
return -1;
|
||||||
|
|
||||||
data = wpabuf_put(msg, 0);
|
data = wpabuf_put(msg, 0);
|
||||||
|
@ -365,7 +366,8 @@ int wps_build_oob_dev_password(struct wpabuf *msg, struct wps_context *wps)
|
||||||
}
|
}
|
||||||
wps->oob_dev_pw_id |= 0x0010;
|
wps->oob_dev_pw_id |= 0x0010;
|
||||||
|
|
||||||
if (os_get_random(dev_password_bin, WPS_OOB_DEVICE_PASSWORD_LEN) < 0) {
|
if (random_get_bytes(dev_password_bin, WPS_OOB_DEVICE_PASSWORD_LEN) <
|
||||||
|
0) {
|
||||||
wpa_printf(MSG_ERROR, "WPS: OOB device password "
|
wpa_printf(MSG_ERROR, "WPS: OOB device password "
|
||||||
"generation error");
|
"generation error");
|
||||||
return -1;
|
return -1;
|
||||||
|
|
|
@ -20,6 +20,7 @@
|
||||||
#include "crypto/dh_group5.h"
|
#include "crypto/dh_group5.h"
|
||||||
#include "crypto/sha1.h"
|
#include "crypto/sha1.h"
|
||||||
#include "crypto/sha256.h"
|
#include "crypto/sha256.h"
|
||||||
|
#include "crypto/random.h"
|
||||||
#include "wps_i.h"
|
#include "wps_i.h"
|
||||||
#include "wps_dev_attr.h"
|
#include "wps_dev_attr.h"
|
||||||
|
|
||||||
|
@ -243,7 +244,7 @@ unsigned int wps_generate_pin(void)
|
||||||
unsigned int val;
|
unsigned int val;
|
||||||
|
|
||||||
/* Generate seven random digits for the PIN */
|
/* Generate seven random digits for the PIN */
|
||||||
if (os_get_random((unsigned char *) &val, sizeof(val)) < 0) {
|
if (random_get_bytes((unsigned char *) &val, sizeof(val)) < 0) {
|
||||||
struct os_time now;
|
struct os_time now;
|
||||||
os_get_time(&now);
|
os_get_time(&now);
|
||||||
val = os_random() ^ now.sec ^ now.usec;
|
val = os_random() ^ now.sec ^ now.usec;
|
||||||
|
|
|
@ -17,6 +17,7 @@
|
||||||
#include "common.h"
|
#include "common.h"
|
||||||
#include "crypto/crypto.h"
|
#include "crypto/crypto.h"
|
||||||
#include "crypto/sha256.h"
|
#include "crypto/sha256.h"
|
||||||
|
#include "crypto/random.h"
|
||||||
#include "wps_i.h"
|
#include "wps_i.h"
|
||||||
#include "wps_dev_attr.h"
|
#include "wps_dev_attr.h"
|
||||||
|
|
||||||
|
@ -53,7 +54,7 @@ static int wps_build_e_hash(struct wps_data *wps, struct wpabuf *msg)
|
||||||
const u8 *addr[4];
|
const u8 *addr[4];
|
||||||
size_t len[4];
|
size_t len[4];
|
||||||
|
|
||||||
if (os_get_random(wps->snonce, 2 * WPS_SECRET_NONCE_LEN) < 0)
|
if (random_get_bytes(wps->snonce, 2 * WPS_SECRET_NONCE_LEN) < 0)
|
||||||
return -1;
|
return -1;
|
||||||
wpa_hexdump(MSG_DEBUG, "WPS: E-S1", wps->snonce, WPS_SECRET_NONCE_LEN);
|
wpa_hexdump(MSG_DEBUG, "WPS: E-S1", wps->snonce, WPS_SECRET_NONCE_LEN);
|
||||||
wpa_hexdump(MSG_DEBUG, "WPS: E-S2",
|
wpa_hexdump(MSG_DEBUG, "WPS: E-S2",
|
||||||
|
@ -121,7 +122,7 @@ static struct wpabuf * wps_build_m1(struct wps_data *wps)
|
||||||
struct wpabuf *msg;
|
struct wpabuf *msg;
|
||||||
u16 config_methods;
|
u16 config_methods;
|
||||||
|
|
||||||
if (os_get_random(wps->nonce_e, WPS_NONCE_LEN) < 0)
|
if (random_get_bytes(wps->nonce_e, WPS_NONCE_LEN) < 0)
|
||||||
return NULL;
|
return NULL;
|
||||||
wpa_hexdump(MSG_DEBUG, "WPS: Enrollee Nonce",
|
wpa_hexdump(MSG_DEBUG, "WPS: Enrollee Nonce",
|
||||||
wps->nonce_e, WPS_NONCE_LEN);
|
wps->nonce_e, WPS_NONCE_LEN);
|
||||||
|
|
|
@ -21,6 +21,7 @@
|
||||||
#include "utils/list.h"
|
#include "utils/list.h"
|
||||||
#include "crypto/crypto.h"
|
#include "crypto/crypto.h"
|
||||||
#include "crypto/sha256.h"
|
#include "crypto/sha256.h"
|
||||||
|
#include "crypto/random.h"
|
||||||
#include "common/ieee802_11_defs.h"
|
#include "common/ieee802_11_defs.h"
|
||||||
#include "wps_i.h"
|
#include "wps_i.h"
|
||||||
#include "wps_dev_attr.h"
|
#include "wps_dev_attr.h"
|
||||||
|
@ -1212,7 +1213,7 @@ static int wps_build_r_hash(struct wps_data *wps, struct wpabuf *msg)
|
||||||
const u8 *addr[4];
|
const u8 *addr[4];
|
||||||
size_t len[4];
|
size_t len[4];
|
||||||
|
|
||||||
if (os_get_random(wps->snonce, 2 * WPS_SECRET_NONCE_LEN) < 0)
|
if (random_get_bytes(wps->snonce, 2 * WPS_SECRET_NONCE_LEN) < 0)
|
||||||
return -1;
|
return -1;
|
||||||
wpa_hexdump(MSG_DEBUG, "WPS: R-S1", wps->snonce, WPS_SECRET_NONCE_LEN);
|
wpa_hexdump(MSG_DEBUG, "WPS: R-S1", wps->snonce, WPS_SECRET_NONCE_LEN);
|
||||||
wpa_hexdump(MSG_DEBUG, "WPS: R-S2",
|
wpa_hexdump(MSG_DEBUG, "WPS: R-S2",
|
||||||
|
@ -1428,7 +1429,7 @@ int wps_build_cred(struct wps_data *wps, struct wpabuf *msg)
|
||||||
!wps->wps->registrar->disable_auto_conf) {
|
!wps->wps->registrar->disable_auto_conf) {
|
||||||
u8 r[16];
|
u8 r[16];
|
||||||
/* Generate a random passphrase */
|
/* Generate a random passphrase */
|
||||||
if (os_get_random(r, sizeof(r)) < 0)
|
if (random_get_bytes(r, sizeof(r)) < 0)
|
||||||
return -1;
|
return -1;
|
||||||
os_free(wps->new_psk);
|
os_free(wps->new_psk);
|
||||||
wps->new_psk = base64_encode(r, sizeof(r), &wps->new_psk_len);
|
wps->new_psk = base64_encode(r, sizeof(r), &wps->new_psk_len);
|
||||||
|
@ -1460,7 +1461,7 @@ int wps_build_cred(struct wps_data *wps, struct wpabuf *msg)
|
||||||
wps->new_psk = os_malloc(wps->new_psk_len);
|
wps->new_psk = os_malloc(wps->new_psk_len);
|
||||||
if (wps->new_psk == NULL)
|
if (wps->new_psk == NULL)
|
||||||
return -1;
|
return -1;
|
||||||
if (os_get_random(wps->new_psk, wps->new_psk_len) < 0) {
|
if (random_get_bytes(wps->new_psk, wps->new_psk_len) < 0) {
|
||||||
os_free(wps->new_psk);
|
os_free(wps->new_psk);
|
||||||
wps->new_psk = NULL;
|
wps->new_psk = NULL;
|
||||||
return -1;
|
return -1;
|
||||||
|
@ -1540,7 +1541,7 @@ static struct wpabuf * wps_build_m2(struct wps_data *wps)
|
||||||
{
|
{
|
||||||
struct wpabuf *msg;
|
struct wpabuf *msg;
|
||||||
|
|
||||||
if (os_get_random(wps->nonce_r, WPS_NONCE_LEN) < 0)
|
if (random_get_bytes(wps->nonce_r, WPS_NONCE_LEN) < 0)
|
||||||
return NULL;
|
return NULL;
|
||||||
wpa_hexdump(MSG_DEBUG, "WPS: Registrar Nonce",
|
wpa_hexdump(MSG_DEBUG, "WPS: Registrar Nonce",
|
||||||
wps->nonce_r, WPS_NONCE_LEN);
|
wps->nonce_r, WPS_NONCE_LEN);
|
||||||
|
|
Loading…
Reference in a new issue