SAE: Add support for ECC group 21 (521-bit random ECP group)
In addition to the trivial change in adding the new group ientifier, this required changes to KDF and random number generation to support cases where the length of the prime in bits is not a multiple of eight. The binary presentation of the value needs to be shifted so that the unused most significant bits are the zero padding rather than the extra bits in the end of the array. Signed-hostap: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen
parent
bf14657b9f
commit
cd9c2714e7
6 changed files with 88 additions and 14 deletions
|
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
* SHA256-based PRF (IEEE 802.11r)
|
||||
* Copyright (c) 2003-2007, Jouni Malinen <j@w1.fi>
|
||||
* Copyright (c) 2003-2013, Jouni Malinen <j@w1.fi>
|
||||
*
|
||||
* This software may be distributed under the terms of the BSD license.
|
||||
* See README for more details.
|
||||
|
|
@ -28,6 +28,29 @@
|
|||
*/
|
||||
void sha256_prf(const u8 *key, size_t key_len, const char *label,
|
||||
const u8 *data, size_t data_len, u8 *buf, size_t buf_len)
|
||||
{
|
||||
sha256_prf_bits(key, key_len, label, data, data_len, buf, buf_len * 8);
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* sha256_prf_bits - IEEE Std 802.11-2012, 11.6.1.7.2 Key derivation function
|
||||
* @key: Key for KDF
|
||||
* @key_len: Length of the key in bytes
|
||||
* @label: A unique label for each purpose of the PRF
|
||||
* @data: Extra data to bind into the key
|
||||
* @data_len: Length of the data
|
||||
* @buf: Buffer for the generated pseudo-random key
|
||||
* @buf_len: Number of bits of key to generate
|
||||
*
|
||||
* This function is used to derive new, cryptographically separate keys from a
|
||||
* given key. If the requested buf_len is not divisible by eight, the least
|
||||
* significant 1-7 bits of the last octet in the output are not part of the
|
||||
* requested output.
|
||||
*/
|
||||
void sha256_prf_bits(const u8 *key, size_t key_len, const char *label,
|
||||
const u8 *data, size_t data_len, u8 *buf,
|
||||
size_t buf_len_bits)
|
||||
{
|
||||
u16 counter = 1;
|
||||
size_t pos, plen;
|
||||
|
|
@ -35,6 +58,7 @@ void sha256_prf(const u8 *key, size_t key_len, const char *label,
|
|||
const u8 *addr[4];
|
||||
size_t len[4];
|
||||
u8 counter_le[2], length_le[2];
|
||||
size_t buf_len = (buf_len_bits + 7) / 8;
|
||||
|
||||
addr[0] = counter_le;
|
||||
len[0] = 2;
|
||||
|
|
@ -45,7 +69,7 @@ void sha256_prf(const u8 *key, size_t key_len, const char *label,
|
|||
addr[3] = length_le;
|
||||
len[3] = sizeof(length_le);
|
||||
|
||||
WPA_PUT_LE16(length_le, buf_len * 8);
|
||||
WPA_PUT_LE16(length_le, buf_len_bits);
|
||||
pos = 0;
|
||||
while (pos < buf_len) {
|
||||
plen = buf_len - pos;
|
||||
|
|
@ -57,8 +81,18 @@ void sha256_prf(const u8 *key, size_t key_len, const char *label,
|
|||
} else {
|
||||
hmac_sha256_vector(key, key_len, 4, addr, len, hash);
|
||||
os_memcpy(&buf[pos], hash, plen);
|
||||
pos += plen;
|
||||
break;
|
||||
}
|
||||
counter++;
|
||||
}
|
||||
|
||||
/*
|
||||
* Mask out unused bits in the last octet if it does not use all the
|
||||
* bits.
|
||||
*/
|
||||
if (buf_len_bits % 8) {
|
||||
u8 mask = 0xff << (8 - buf_len_bits % 8);
|
||||
buf[pos - 1] &= mask;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue