DPP: Remove direct call to OpenSSL in dpp_test_gen_invalid_key()
Instead of generating EC point with random coordinates, generate a valid EC point and then corrupt the coordinates after exporting them in binary format. Signed-off-by: Cedric Izoard <cedric.izoard@ceva-dsp.com>
This commit is contained in:
parent
c88b7fcaef
commit
87f2fb8863
2 changed files with 28 additions and 61 deletions
|
@ -297,20 +297,6 @@ int dpp_pbkdf2(size_t hash_len, const u8 *password, size_t password_len,
|
||||||
#endif /* CONFIG_DPP2 */
|
#endif /* CONFIG_DPP2 */
|
||||||
|
|
||||||
|
|
||||||
int dpp_bn2bin_pad(const BIGNUM *bn, u8 *pos, size_t len)
|
|
||||||
{
|
|
||||||
int num_bytes, offset;
|
|
||||||
|
|
||||||
num_bytes = BN_num_bytes(bn);
|
|
||||||
if ((size_t) num_bytes > len)
|
|
||||||
return -1;
|
|
||||||
offset = len - num_bytes;
|
|
||||||
os_memset(pos, 0, offset);
|
|
||||||
BN_bn2bin(bn, pos + offset);
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
struct crypto_ec_key * dpp_set_pubkey_point(struct crypto_ec_key *group_key,
|
struct crypto_ec_key * dpp_set_pubkey_point(struct crypto_ec_key *group_key,
|
||||||
const u8 *buf, size_t len)
|
const u8 *buf, size_t len)
|
||||||
{
|
{
|
||||||
|
@ -2705,64 +2691,46 @@ fail:
|
||||||
int dpp_test_gen_invalid_key(struct wpabuf *msg,
|
int dpp_test_gen_invalid_key(struct wpabuf *msg,
|
||||||
const struct dpp_curve_params *curve)
|
const struct dpp_curve_params *curve)
|
||||||
{
|
{
|
||||||
BN_CTX *ctx;
|
struct crypto_ec *ec;
|
||||||
BIGNUM *x, *y;
|
struct crypto_ec_key *key = NULL;
|
||||||
|
const struct crypto_ec_point *pub_key;
|
||||||
|
struct crypto_ec_point *p = NULL;
|
||||||
|
u8 *x, *y;
|
||||||
int ret = -1;
|
int ret = -1;
|
||||||
EC_GROUP *group;
|
|
||||||
EC_POINT *point;
|
|
||||||
|
|
||||||
group = EC_GROUP_new_by_curve_name(OBJ_txt2nid(curve->name));
|
ec = crypto_ec_init(curve->ike_group);
|
||||||
if (!group)
|
x = wpabuf_put(msg, curve->prime_len);
|
||||||
return -1;
|
y = wpabuf_put(msg, curve->prime_len);
|
||||||
|
if (!ec)
|
||||||
ctx = BN_CTX_new();
|
|
||||||
point = EC_POINT_new(group);
|
|
||||||
x = BN_new();
|
|
||||||
y = BN_new();
|
|
||||||
if (!ctx || !point || !x || !y)
|
|
||||||
goto fail;
|
goto fail;
|
||||||
|
|
||||||
if (BN_rand(x, curve->prime_len * 8, 0, 0) != 1)
|
retry:
|
||||||
|
/* Generate valid key pair */
|
||||||
|
key = crypto_ec_key_gen(curve->ike_group);
|
||||||
|
if (!key)
|
||||||
goto fail;
|
goto fail;
|
||||||
|
|
||||||
/* Generate a random y coordinate that results in a point that is not
|
/* Retrieve public key coordinates */
|
||||||
* on the curve. */
|
pub_key = crypto_ec_key_get_public_key(key);
|
||||||
for (;;) {
|
if (!pub_key)
|
||||||
if (BN_rand(y, curve->prime_len * 8, 0, 0) != 1)
|
goto fail;
|
||||||
goto fail;
|
|
||||||
|
|
||||||
if (EC_POINT_set_affine_coordinates_GFp(group, point, x, y,
|
crypto_ec_point_to_bin(ec, pub_key, x, y);
|
||||||
ctx) != 1) {
|
|
||||||
#if OPENSSL_VERSION_NUMBER >= 0x10100000L || defined(OPENSSL_IS_BORINGSSL)
|
|
||||||
/* Unlike older OpenSSL versions, OpenSSL 1.1.1 and BoringSSL
|
|
||||||
* return an error from EC_POINT_set_affine_coordinates_GFp()
|
|
||||||
* when the point is not on the curve. */
|
|
||||||
break;
|
|
||||||
#else /* >=1.1.0 or OPENSSL_IS_BORINGSSL */
|
|
||||||
goto fail;
|
|
||||||
#endif /* >= 1.1.0 or OPENSSL_IS_BORINGSSL */
|
|
||||||
}
|
|
||||||
|
|
||||||
if (!EC_POINT_is_on_curve(group, point, ctx))
|
/* And corrupt them */
|
||||||
break;
|
y[curve->prime_len - 1] ^= 0x01;
|
||||||
|
p = crypto_ec_point_from_bin(ec, x);
|
||||||
|
if (p && crypto_ec_point_is_on_curve(ec, p)) {
|
||||||
|
crypto_ec_point_deinit(p, 0);
|
||||||
|
p = NULL;
|
||||||
|
goto retry;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (dpp_bn2bin_pad(x, wpabuf_put(msg, curve->prime_len),
|
|
||||||
curve->prime_len) < 0 ||
|
|
||||||
dpp_bn2bin_pad(y, wpabuf_put(msg, curve->prime_len),
|
|
||||||
curve->prime_len) < 0)
|
|
||||||
goto fail;
|
|
||||||
|
|
||||||
ret = 0;
|
ret = 0;
|
||||||
fail:
|
fail:
|
||||||
if (ret < 0)
|
crypto_ec_point_deinit(p, 0);
|
||||||
wpa_printf(MSG_INFO, "DPP: Failed to generate invalid key");
|
crypto_ec_key_deinit(key);
|
||||||
BN_free(x);
|
crypto_ec_deinit(ec);
|
||||||
BN_free(y);
|
|
||||||
EC_POINT_free(point);
|
|
||||||
BN_CTX_free(ctx);
|
|
||||||
EC_GROUP_free(group);
|
|
||||||
|
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -79,7 +79,6 @@ int dpp_bi_pubkey_hash(struct dpp_bootstrap_info *bi,
|
||||||
const u8 *data, size_t data_len);
|
const u8 *data, size_t data_len);
|
||||||
struct crypto_ec_key * dpp_set_pubkey_point(struct crypto_ec_key *group_key,
|
struct crypto_ec_key * dpp_set_pubkey_point(struct crypto_ec_key *group_key,
|
||||||
const u8 *buf, size_t len);
|
const u8 *buf, size_t len);
|
||||||
int dpp_bn2bin_pad(const BIGNUM *bn, u8 *pos, size_t len);
|
|
||||||
int dpp_hkdf_expand(size_t hash_len, const u8 *secret, size_t secret_len,
|
int dpp_hkdf_expand(size_t hash_len, const u8 *secret, size_t secret_len,
|
||||||
const char *label, u8 *out, size_t outlen);
|
const char *label, u8 *out, size_t outlen);
|
||||||
int dpp_hmac_vector(size_t hash_len, const u8 *key, size_t key_len,
|
int dpp_hmac_vector(size_t hash_len, const u8 *key, size_t key_len,
|
||||||
|
|
Loading…
Reference in a new issue