EAP-pwd: Fix zero-padding of input to H()
Another niceness of OpenSSL is that if the high-order bit of a 521-bit big num is not set then BN_bn2bin() will just return 65 bytes instead of 66 bytes with the 1st (big endian, after all) being all zero. When this happens the wrong number of octets are mixed into function H(). So there's a whole bunch of "offset" computations and BN_bn2bin() dumps the big number into a buffer + offset. That should be obvious in the patch too.
This commit is contained in:
Dan Harkins
Jouni Malinen
parent
18f5f3de03
commit
e547e071e1
3 changed files with 76 additions and 31 deletions
|
|
@ -284,6 +284,7 @@ int compute_keys(EAP_PWD_group *grp, BN_CTX *bnctx, BIGNUM *k,
|
||||||
u8 mk[SHA256_DIGEST_LENGTH], *cruft;
|
u8 mk[SHA256_DIGEST_LENGTH], *cruft;
|
||||||
u8 session_id[SHA256_DIGEST_LENGTH + 1];
|
u8 session_id[SHA256_DIGEST_LENGTH + 1];
|
||||||
u8 msk_emsk[EAP_MSK_LEN + EAP_EMSK_LEN];
|
u8 msk_emsk[EAP_MSK_LEN + EAP_EMSK_LEN];
|
||||||
|
int offset;
|
||||||
|
|
||||||
if ((cruft = os_malloc(BN_num_bytes(grp->prime))) == NULL)
|
if ((cruft = os_malloc(BN_num_bytes(grp->prime))) == NULL)
|
||||||
return -1;
|
return -1;
|
||||||
|
|
@ -295,16 +296,21 @@ int compute_keys(EAP_PWD_group *grp, BN_CTX *bnctx, BIGNUM *k,
|
||||||
session_id[0] = EAP_TYPE_PWD;
|
session_id[0] = EAP_TYPE_PWD;
|
||||||
H_Init(&ctx);
|
H_Init(&ctx);
|
||||||
H_Update(&ctx, (u8 *)ciphersuite, sizeof(u32));
|
H_Update(&ctx, (u8 *)ciphersuite, sizeof(u32));
|
||||||
BN_bn2bin(peer_scalar, cruft);
|
offset = BN_num_bytes(grp->order) - BN_num_bytes(peer_scalar);
|
||||||
|
os_memset(cruft, 0, BN_num_bytes(grp->prime));
|
||||||
|
BN_bn2bin(peer_scalar, cruft + offset);
|
||||||
H_Update(&ctx, cruft, BN_num_bytes(grp->order));
|
H_Update(&ctx, cruft, BN_num_bytes(grp->order));
|
||||||
BN_bn2bin(server_scalar, cruft);
|
offset = BN_num_bytes(grp->order) - BN_num_bytes(server_scalar);
|
||||||
|
os_memset(cruft, 0, BN_num_bytes(grp->prime));
|
||||||
|
BN_bn2bin(server_scalar, cruft + offset);
|
||||||
H_Update(&ctx, cruft, BN_num_bytes(grp->order));
|
H_Update(&ctx, cruft, BN_num_bytes(grp->order));
|
||||||
H_Final(&ctx, &session_id[1]);
|
H_Final(&ctx, &session_id[1]);
|
||||||
|
|
||||||
/* then compute MK = H(k | commit-peer | commit-server) */
|
/* then compute MK = H(k | commit-peer | commit-server) */
|
||||||
H_Init(&ctx);
|
H_Init(&ctx);
|
||||||
|
offset = BN_num_bytes(grp->prime) - BN_num_bytes(k);
|
||||||
os_memset(cruft, 0, BN_num_bytes(grp->prime));
|
os_memset(cruft, 0, BN_num_bytes(grp->prime));
|
||||||
BN_bn2bin(k, cruft);
|
BN_bn2bin(k, cruft + offset);
|
||||||
H_Update(&ctx, cruft, BN_num_bytes(grp->prime));
|
H_Update(&ctx, cruft, BN_num_bytes(grp->prime));
|
||||||
H_Update(&ctx, commit_peer, SHA256_DIGEST_LENGTH);
|
H_Update(&ctx, commit_peer, SHA256_DIGEST_LENGTH);
|
||||||
H_Update(&ctx, commit_server, SHA256_DIGEST_LENGTH);
|
H_Update(&ctx, commit_server, SHA256_DIGEST_LENGTH);
|
||||||
|
|
|
||||||
|
|
@ -465,6 +465,7 @@ eap_pwd_perform_confirm_exchange(struct eap_sm *sm, struct eap_pwd_data *data,
|
||||||
u32 cs;
|
u32 cs;
|
||||||
u16 grp;
|
u16 grp;
|
||||||
u8 conf[SHA256_DIGEST_LENGTH], *cruft = NULL, *ptr;
|
u8 conf[SHA256_DIGEST_LENGTH], *cruft = NULL, *ptr;
|
||||||
|
int offset;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* first build up the ciphersuite which is group | random_function |
|
* first build up the ciphersuite which is group | random_function |
|
||||||
|
|
@ -497,7 +498,8 @@ eap_pwd_perform_confirm_exchange(struct eap_sm *sm, struct eap_pwd_data *data,
|
||||||
* value may start with a few zeros and the previous one did not.
|
* value may start with a few zeros and the previous one did not.
|
||||||
*/
|
*/
|
||||||
os_memset(cruft, 0, BN_num_bytes(data->grp->prime));
|
os_memset(cruft, 0, BN_num_bytes(data->grp->prime));
|
||||||
BN_bn2bin(data->k, cruft);
|
offset = BN_num_bytes(data->grp->prime) - BN_num_bytes(data->k);
|
||||||
|
BN_bn2bin(data->k, cruft + offset);
|
||||||
H_Update(&ctx, cruft, BN_num_bytes(data->grp->prime));
|
H_Update(&ctx, cruft, BN_num_bytes(data->grp->prime));
|
||||||
|
|
||||||
/* server element: x, y */
|
/* server element: x, y */
|
||||||
|
|
@ -509,15 +511,19 @@ eap_pwd_perform_confirm_exchange(struct eap_sm *sm, struct eap_pwd_data *data,
|
||||||
goto fin;
|
goto fin;
|
||||||
}
|
}
|
||||||
os_memset(cruft, 0, BN_num_bytes(data->grp->prime));
|
os_memset(cruft, 0, BN_num_bytes(data->grp->prime));
|
||||||
BN_bn2bin(x, cruft);
|
offset = BN_num_bytes(data->grp->prime) - BN_num_bytes(x);
|
||||||
|
BN_bn2bin(x, cruft + offset);
|
||||||
H_Update(&ctx, cruft, BN_num_bytes(data->grp->prime));
|
H_Update(&ctx, cruft, BN_num_bytes(data->grp->prime));
|
||||||
os_memset(cruft, 0, BN_num_bytes(data->grp->prime));
|
os_memset(cruft, 0, BN_num_bytes(data->grp->prime));
|
||||||
BN_bn2bin(y, cruft);
|
offset = BN_num_bytes(data->grp->prime) - BN_num_bytes(y);
|
||||||
|
BN_bn2bin(y, cruft + offset);
|
||||||
H_Update(&ctx, cruft, BN_num_bytes(data->grp->prime));
|
H_Update(&ctx, cruft, BN_num_bytes(data->grp->prime));
|
||||||
|
|
||||||
/* server scalar */
|
/* server scalar */
|
||||||
os_memset(cruft, 0, BN_num_bytes(data->grp->prime));
|
os_memset(cruft, 0, BN_num_bytes(data->grp->prime));
|
||||||
BN_bn2bin(data->server_scalar, cruft);
|
offset = BN_num_bytes(data->grp->order) -
|
||||||
|
BN_num_bytes(data->server_scalar);
|
||||||
|
BN_bn2bin(data->server_scalar, cruft + offset);
|
||||||
H_Update(&ctx, cruft, BN_num_bytes(data->grp->order));
|
H_Update(&ctx, cruft, BN_num_bytes(data->grp->order));
|
||||||
|
|
||||||
/* my element: x, y */
|
/* my element: x, y */
|
||||||
|
|
@ -530,15 +536,19 @@ eap_pwd_perform_confirm_exchange(struct eap_sm *sm, struct eap_pwd_data *data,
|
||||||
}
|
}
|
||||||
|
|
||||||
os_memset(cruft, 0, BN_num_bytes(data->grp->prime));
|
os_memset(cruft, 0, BN_num_bytes(data->grp->prime));
|
||||||
BN_bn2bin(x, cruft);
|
offset = BN_num_bytes(data->grp->prime) - BN_num_bytes(x);
|
||||||
|
BN_bn2bin(x, cruft + offset);
|
||||||
H_Update(&ctx, cruft, BN_num_bytes(data->grp->prime));
|
H_Update(&ctx, cruft, BN_num_bytes(data->grp->prime));
|
||||||
os_memset(cruft, 0, BN_num_bytes(data->grp->prime));
|
os_memset(cruft, 0, BN_num_bytes(data->grp->prime));
|
||||||
BN_bn2bin(y, cruft);
|
offset = BN_num_bytes(data->grp->prime) - BN_num_bytes(y);
|
||||||
|
BN_bn2bin(y, cruft + offset);
|
||||||
H_Update(&ctx, cruft, BN_num_bytes(data->grp->prime));
|
H_Update(&ctx, cruft, BN_num_bytes(data->grp->prime));
|
||||||
|
|
||||||
/* my scalar */
|
/* my scalar */
|
||||||
os_memset(cruft, 0, BN_num_bytes(data->grp->prime));
|
os_memset(cruft, 0, BN_num_bytes(data->grp->prime));
|
||||||
BN_bn2bin(data->my_scalar, cruft);
|
offset = BN_num_bytes(data->grp->order) -
|
||||||
|
BN_num_bytes(data->my_scalar);
|
||||||
|
BN_bn2bin(data->my_scalar, cruft + offset);
|
||||||
H_Update(&ctx, cruft, BN_num_bytes(data->grp->order));
|
H_Update(&ctx, cruft, BN_num_bytes(data->grp->order));
|
||||||
|
|
||||||
/* the ciphersuite */
|
/* the ciphersuite */
|
||||||
|
|
@ -564,7 +574,8 @@ eap_pwd_perform_confirm_exchange(struct eap_sm *sm, struct eap_pwd_data *data,
|
||||||
|
|
||||||
/* k */
|
/* k */
|
||||||
os_memset(cruft, 0, BN_num_bytes(data->grp->prime));
|
os_memset(cruft, 0, BN_num_bytes(data->grp->prime));
|
||||||
BN_bn2bin(data->k, cruft);
|
offset = BN_num_bytes(data->grp->prime) - BN_num_bytes(data->k);
|
||||||
|
BN_bn2bin(data->k, cruft + offset);
|
||||||
H_Update(&ctx, cruft, BN_num_bytes(data->grp->prime));
|
H_Update(&ctx, cruft, BN_num_bytes(data->grp->prime));
|
||||||
|
|
||||||
/* my element */
|
/* my element */
|
||||||
|
|
@ -576,15 +587,19 @@ eap_pwd_perform_confirm_exchange(struct eap_sm *sm, struct eap_pwd_data *data,
|
||||||
goto fin;
|
goto fin;
|
||||||
}
|
}
|
||||||
os_memset(cruft, 0, BN_num_bytes(data->grp->prime));
|
os_memset(cruft, 0, BN_num_bytes(data->grp->prime));
|
||||||
BN_bn2bin(x, cruft);
|
offset = BN_num_bytes(data->grp->prime) - BN_num_bytes(x);
|
||||||
|
BN_bn2bin(x, cruft + offset);
|
||||||
H_Update(&ctx, cruft, BN_num_bytes(data->grp->prime));
|
H_Update(&ctx, cruft, BN_num_bytes(data->grp->prime));
|
||||||
os_memset(cruft, 0, BN_num_bytes(data->grp->prime));
|
os_memset(cruft, 0, BN_num_bytes(data->grp->prime));
|
||||||
BN_bn2bin(y, cruft);
|
offset = BN_num_bytes(data->grp->prime) - BN_num_bytes(y);
|
||||||
|
BN_bn2bin(y, cruft + offset);
|
||||||
H_Update(&ctx, cruft, BN_num_bytes(data->grp->prime));
|
H_Update(&ctx, cruft, BN_num_bytes(data->grp->prime));
|
||||||
|
|
||||||
/* my scalar */
|
/* my scalar */
|
||||||
os_memset(cruft, 0, BN_num_bytes(data->grp->prime));
|
os_memset(cruft, 0, BN_num_bytes(data->grp->prime));
|
||||||
BN_bn2bin(data->my_scalar, cruft);
|
offset = BN_num_bytes(data->grp->order) -
|
||||||
|
BN_num_bytes(data->my_scalar);
|
||||||
|
BN_bn2bin(data->my_scalar, cruft + offset);
|
||||||
H_Update(&ctx, cruft, BN_num_bytes(data->grp->order));
|
H_Update(&ctx, cruft, BN_num_bytes(data->grp->order));
|
||||||
|
|
||||||
/* server element: x, y */
|
/* server element: x, y */
|
||||||
|
|
@ -596,15 +611,19 @@ eap_pwd_perform_confirm_exchange(struct eap_sm *sm, struct eap_pwd_data *data,
|
||||||
goto fin;
|
goto fin;
|
||||||
}
|
}
|
||||||
os_memset(cruft, 0, BN_num_bytes(data->grp->prime));
|
os_memset(cruft, 0, BN_num_bytes(data->grp->prime));
|
||||||
BN_bn2bin(x, cruft);
|
offset = BN_num_bytes(data->grp->prime) - BN_num_bytes(x);
|
||||||
|
BN_bn2bin(x, cruft + offset);
|
||||||
H_Update(&ctx, cruft, BN_num_bytes(data->grp->prime));
|
H_Update(&ctx, cruft, BN_num_bytes(data->grp->prime));
|
||||||
os_memset(cruft, 0, BN_num_bytes(data->grp->prime));
|
os_memset(cruft, 0, BN_num_bytes(data->grp->prime));
|
||||||
BN_bn2bin(y, cruft);
|
offset = BN_num_bytes(data->grp->prime) - BN_num_bytes(y);
|
||||||
|
BN_bn2bin(y, cruft + offset);
|
||||||
H_Update(&ctx, cruft, BN_num_bytes(data->grp->prime));
|
H_Update(&ctx, cruft, BN_num_bytes(data->grp->prime));
|
||||||
|
|
||||||
/* server scalar */
|
/* server scalar */
|
||||||
os_memset(cruft, 0, BN_num_bytes(data->grp->prime));
|
os_memset(cruft, 0, BN_num_bytes(data->grp->prime));
|
||||||
BN_bn2bin(data->server_scalar, cruft);
|
offset = BN_num_bytes(data->grp->order) -
|
||||||
|
BN_num_bytes(data->server_scalar);
|
||||||
|
BN_bn2bin(data->server_scalar, cruft + offset);
|
||||||
H_Update(&ctx, cruft, BN_num_bytes(data->grp->order));
|
H_Update(&ctx, cruft, BN_num_bytes(data->grp->order));
|
||||||
|
|
||||||
/* the ciphersuite */
|
/* the ciphersuite */
|
||||||
|
|
|
||||||
|
|
@ -289,6 +289,7 @@ eap_pwd_build_confirm_req(struct eap_sm *sm, struct eap_pwd_data *data, u8 id)
|
||||||
HMAC_CTX ctx;
|
HMAC_CTX ctx;
|
||||||
u8 conf[SHA256_DIGEST_LENGTH], *cruft = NULL, *ptr;
|
u8 conf[SHA256_DIGEST_LENGTH], *cruft = NULL, *ptr;
|
||||||
u16 grp;
|
u16 grp;
|
||||||
|
int offset;
|
||||||
|
|
||||||
wpa_printf(MSG_DEBUG, "EAP-pwd: Confirm/Request");
|
wpa_printf(MSG_DEBUG, "EAP-pwd: Confirm/Request");
|
||||||
|
|
||||||
|
|
@ -313,7 +314,8 @@ eap_pwd_build_confirm_req(struct eap_sm *sm, struct eap_pwd_data *data, u8 id)
|
||||||
* First is k
|
* First is k
|
||||||
*/
|
*/
|
||||||
os_memset(cruft, 0, BN_num_bytes(data->grp->prime));
|
os_memset(cruft, 0, BN_num_bytes(data->grp->prime));
|
||||||
BN_bn2bin(data->k, cruft);
|
offset = BN_num_bytes(data->grp->prime) - BN_num_bytes(data->k);
|
||||||
|
BN_bn2bin(data->k, cruft + offset);
|
||||||
H_Update(&ctx, cruft, BN_num_bytes(data->grp->prime));
|
H_Update(&ctx, cruft, BN_num_bytes(data->grp->prime));
|
||||||
|
|
||||||
/* server element: x, y */
|
/* server element: x, y */
|
||||||
|
|
@ -326,15 +328,19 @@ eap_pwd_build_confirm_req(struct eap_sm *sm, struct eap_pwd_data *data, u8 id)
|
||||||
}
|
}
|
||||||
|
|
||||||
os_memset(cruft, 0, BN_num_bytes(data->grp->prime));
|
os_memset(cruft, 0, BN_num_bytes(data->grp->prime));
|
||||||
BN_bn2bin(x, cruft);
|
offset = BN_num_bytes(data->grp->prime) - BN_num_bytes(x);
|
||||||
|
BN_bn2bin(x, cruft + offset);
|
||||||
H_Update(&ctx, cruft, BN_num_bytes(data->grp->prime));
|
H_Update(&ctx, cruft, BN_num_bytes(data->grp->prime));
|
||||||
os_memset(cruft, 0, BN_num_bytes(data->grp->prime));
|
os_memset(cruft, 0, BN_num_bytes(data->grp->prime));
|
||||||
BN_bn2bin(y, cruft);
|
offset = BN_num_bytes(data->grp->prime) - BN_num_bytes(y);
|
||||||
|
BN_bn2bin(y, cruft + offset);
|
||||||
H_Update(&ctx, cruft, BN_num_bytes(data->grp->prime));
|
H_Update(&ctx, cruft, BN_num_bytes(data->grp->prime));
|
||||||
|
|
||||||
/* server scalar */
|
/* server scalar */
|
||||||
os_memset(cruft, 0, BN_num_bytes(data->grp->prime));
|
os_memset(cruft, 0, BN_num_bytes(data->grp->prime));
|
||||||
BN_bn2bin(data->my_scalar, cruft);
|
offset = BN_num_bytes(data->grp->order) -
|
||||||
|
BN_num_bytes(data->my_scalar);
|
||||||
|
BN_bn2bin(data->my_scalar, cruft + offset);
|
||||||
H_Update(&ctx, cruft, BN_num_bytes(data->grp->order));
|
H_Update(&ctx, cruft, BN_num_bytes(data->grp->order));
|
||||||
|
|
||||||
/* peer element: x, y */
|
/* peer element: x, y */
|
||||||
|
|
@ -347,15 +353,19 @@ eap_pwd_build_confirm_req(struct eap_sm *sm, struct eap_pwd_data *data, u8 id)
|
||||||
}
|
}
|
||||||
|
|
||||||
os_memset(cruft, 0, BN_num_bytes(data->grp->prime));
|
os_memset(cruft, 0, BN_num_bytes(data->grp->prime));
|
||||||
BN_bn2bin(x, cruft);
|
offset = BN_num_bytes(data->grp->prime) - BN_num_bytes(x);
|
||||||
|
BN_bn2bin(x, cruft + offset);
|
||||||
H_Update(&ctx, cruft, BN_num_bytes(data->grp->prime));
|
H_Update(&ctx, cruft, BN_num_bytes(data->grp->prime));
|
||||||
os_memset(cruft, 0, BN_num_bytes(data->grp->prime));
|
os_memset(cruft, 0, BN_num_bytes(data->grp->prime));
|
||||||
BN_bn2bin(y, cruft);
|
offset = BN_num_bytes(data->grp->prime) - BN_num_bytes(y);
|
||||||
|
BN_bn2bin(y, cruft + offset);
|
||||||
H_Update(&ctx, cruft, BN_num_bytes(data->grp->prime));
|
H_Update(&ctx, cruft, BN_num_bytes(data->grp->prime));
|
||||||
|
|
||||||
/* peer scalar */
|
/* peer scalar */
|
||||||
os_memset(cruft, 0, BN_num_bytes(data->grp->prime));
|
os_memset(cruft, 0, BN_num_bytes(data->grp->prime));
|
||||||
BN_bn2bin(data->peer_scalar, cruft);
|
offset = BN_num_bytes(data->grp->order) -
|
||||||
|
BN_num_bytes(data->peer_scalar);
|
||||||
|
BN_bn2bin(data->peer_scalar, cruft + offset);
|
||||||
H_Update(&ctx, cruft, BN_num_bytes(data->grp->order));
|
H_Update(&ctx, cruft, BN_num_bytes(data->grp->order));
|
||||||
|
|
||||||
/* ciphersuite */
|
/* ciphersuite */
|
||||||
|
|
@ -624,6 +634,7 @@ eap_pwd_process_confirm_resp(struct eap_sm *sm, struct eap_pwd_data *data,
|
||||||
u32 cs;
|
u32 cs;
|
||||||
u16 grp;
|
u16 grp;
|
||||||
u8 conf[SHA256_DIGEST_LENGTH], *cruft = NULL, *ptr;
|
u8 conf[SHA256_DIGEST_LENGTH], *cruft = NULL, *ptr;
|
||||||
|
int offset;
|
||||||
|
|
||||||
/* build up the ciphersuite: group | random_function | prf */
|
/* build up the ciphersuite: group | random_function | prf */
|
||||||
grp = htons(data->group_num);
|
grp = htons(data->group_num);
|
||||||
|
|
@ -649,7 +660,8 @@ eap_pwd_process_confirm_resp(struct eap_sm *sm, struct eap_pwd_data *data,
|
||||||
|
|
||||||
/* k */
|
/* k */
|
||||||
os_memset(cruft, 0, BN_num_bytes(data->grp->prime));
|
os_memset(cruft, 0, BN_num_bytes(data->grp->prime));
|
||||||
BN_bn2bin(data->k, cruft);
|
offset = BN_num_bytes(data->grp->prime) - BN_num_bytes(data->k);
|
||||||
|
BN_bn2bin(data->k, cruft + offset);
|
||||||
H_Update(&ctx, cruft, BN_num_bytes(data->grp->prime));
|
H_Update(&ctx, cruft, BN_num_bytes(data->grp->prime));
|
||||||
|
|
||||||
/* peer element: x, y */
|
/* peer element: x, y */
|
||||||
|
|
@ -661,15 +673,19 @@ eap_pwd_process_confirm_resp(struct eap_sm *sm, struct eap_pwd_data *data,
|
||||||
goto fin;
|
goto fin;
|
||||||
}
|
}
|
||||||
os_memset(cruft, 0, BN_num_bytes(data->grp->prime));
|
os_memset(cruft, 0, BN_num_bytes(data->grp->prime));
|
||||||
BN_bn2bin(x, cruft);
|
offset = BN_num_bytes(data->grp->prime) - BN_num_bytes(x);
|
||||||
|
BN_bn2bin(x, cruft + offset);
|
||||||
H_Update(&ctx, cruft, BN_num_bytes(data->grp->prime));
|
H_Update(&ctx, cruft, BN_num_bytes(data->grp->prime));
|
||||||
os_memset(cruft, 0, BN_num_bytes(data->grp->prime));
|
os_memset(cruft, 0, BN_num_bytes(data->grp->prime));
|
||||||
BN_bn2bin(y, cruft);
|
offset = BN_num_bytes(data->grp->prime) - BN_num_bytes(y);
|
||||||
|
BN_bn2bin(y, cruft + offset);
|
||||||
H_Update(&ctx, cruft, BN_num_bytes(data->grp->prime));
|
H_Update(&ctx, cruft, BN_num_bytes(data->grp->prime));
|
||||||
|
|
||||||
/* peer scalar */
|
/* peer scalar */
|
||||||
os_memset(cruft, 0, BN_num_bytes(data->grp->prime));
|
os_memset(cruft, 0, BN_num_bytes(data->grp->prime));
|
||||||
BN_bn2bin(data->peer_scalar, cruft);
|
offset = BN_num_bytes(data->grp->order) -
|
||||||
|
BN_num_bytes(data->peer_scalar);
|
||||||
|
BN_bn2bin(data->peer_scalar, cruft + offset);
|
||||||
H_Update(&ctx, cruft, BN_num_bytes(data->grp->order));
|
H_Update(&ctx, cruft, BN_num_bytes(data->grp->order));
|
||||||
|
|
||||||
/* server element: x, y */
|
/* server element: x, y */
|
||||||
|
|
@ -682,15 +698,19 @@ eap_pwd_process_confirm_resp(struct eap_sm *sm, struct eap_pwd_data *data,
|
||||||
}
|
}
|
||||||
|
|
||||||
os_memset(cruft, 0, BN_num_bytes(data->grp->prime));
|
os_memset(cruft, 0, BN_num_bytes(data->grp->prime));
|
||||||
BN_bn2bin(x, cruft);
|
offset = BN_num_bytes(data->grp->prime) - BN_num_bytes(x);
|
||||||
|
BN_bn2bin(x, cruft + offset);
|
||||||
H_Update(&ctx, cruft, BN_num_bytes(data->grp->prime));
|
H_Update(&ctx, cruft, BN_num_bytes(data->grp->prime));
|
||||||
os_memset(cruft, 0, BN_num_bytes(data->grp->prime));
|
os_memset(cruft, 0, BN_num_bytes(data->grp->prime));
|
||||||
BN_bn2bin(y, cruft);
|
offset = BN_num_bytes(data->grp->prime) - BN_num_bytes(y);
|
||||||
|
BN_bn2bin(y, cruft + offset);
|
||||||
H_Update(&ctx, cruft, BN_num_bytes(data->grp->prime));
|
H_Update(&ctx, cruft, BN_num_bytes(data->grp->prime));
|
||||||
|
|
||||||
/* server scalar */
|
/* server scalar */
|
||||||
os_memset(cruft, 0, BN_num_bytes(data->grp->prime));
|
os_memset(cruft, 0, BN_num_bytes(data->grp->prime));
|
||||||
BN_bn2bin(data->my_scalar, cruft);
|
offset = BN_num_bytes(data->grp->order) -
|
||||||
|
BN_num_bytes(data->my_scalar);
|
||||||
|
BN_bn2bin(data->my_scalar, cruft + offset);
|
||||||
H_Update(&ctx, cruft, BN_num_bytes(data->grp->order));
|
H_Update(&ctx, cruft, BN_num_bytes(data->grp->order));
|
||||||
|
|
||||||
/* ciphersuite */
|
/* ciphersuite */
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue