DPP2: Add challengePassword into CSR
Derive challengePassword from bk and add it into the CSR. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit is contained in:
parent
dbbb0d5b82
commit
c98db9f1f8
2 changed files with 25 additions and 0 deletions
|
@ -120,6 +120,7 @@ enum dpp_connector_key {
|
||||||
#define DPP_MAX_NONCE_LEN 32
|
#define DPP_MAX_NONCE_LEN 32
|
||||||
#define DPP_MAX_HASH_LEN 64
|
#define DPP_MAX_HASH_LEN 64
|
||||||
#define DPP_MAX_SHARED_SECRET_LEN 66
|
#define DPP_MAX_SHARED_SECRET_LEN 66
|
||||||
|
#define DPP_CP_LEN 64
|
||||||
|
|
||||||
struct dpp_curve_params {
|
struct dpp_curve_params {
|
||||||
const char *name;
|
const char *name;
|
||||||
|
|
|
@ -2677,6 +2677,10 @@ struct wpabuf * dpp_build_csr(struct dpp_authentication *auth)
|
||||||
unsigned int hash_len = auth->curve->hash_len;
|
unsigned int hash_len = auth->curve->hash_len;
|
||||||
EC_KEY *eckey;
|
EC_KEY *eckey;
|
||||||
BIO *out = NULL;
|
BIO *out = NULL;
|
||||||
|
u8 cp[DPP_CP_LEN];
|
||||||
|
char *password;
|
||||||
|
size_t password_len;
|
||||||
|
int res;
|
||||||
|
|
||||||
/* TODO: use auth->csrattrs */
|
/* TODO: use auth->csrattrs */
|
||||||
|
|
||||||
|
@ -2701,6 +2705,26 @@ struct wpabuf * dpp_build_csr(struct dpp_authentication *auth)
|
||||||
if (!req || !X509_REQ_set_pubkey(req, key))
|
if (!req || !X509_REQ_set_pubkey(req, key))
|
||||||
goto fail;
|
goto fail;
|
||||||
|
|
||||||
|
/* cp = HKDF-Expand(bk, "CSR challengePassword", 64) */
|
||||||
|
if (dpp_hkdf_expand(hash_len, auth->bk, hash_len,
|
||||||
|
"CSR challengePassword", cp, DPP_CP_LEN) < 0)
|
||||||
|
goto fail;
|
||||||
|
wpa_hexdump_key(MSG_DEBUG,
|
||||||
|
"DPP: cp = HKDF-Expand(bk, \"CSR challengePassword\", 64)",
|
||||||
|
cp, DPP_CP_LEN);
|
||||||
|
password = base64_encode_no_lf(cp, DPP_CP_LEN, &password_len);
|
||||||
|
forced_memzero(cp, DPP_CP_LEN);
|
||||||
|
if (!password)
|
||||||
|
goto fail;
|
||||||
|
|
||||||
|
res = X509_REQ_add1_attr_by_NID(req, NID_pkcs9_challengePassword,
|
||||||
|
V_ASN1_UTF8STRING,
|
||||||
|
(const unsigned char *) password,
|
||||||
|
password_len);
|
||||||
|
bin_clear_free(password, password_len);
|
||||||
|
if (!res)
|
||||||
|
goto fail;
|
||||||
|
|
||||||
/* TODO */
|
/* TODO */
|
||||||
|
|
||||||
/* TODO: hash func selection based on csrAttrs */
|
/* TODO: hash func selection based on csrAttrs */
|
||||||
|
|
Loading…
Add table
Add a link
Reference in a new issue