Accueil Explorer Aide
S'inscrire Connexion
wareck
/
krackattacks
1
0
Fork 0
Fichiers Tickets 0 Pull Requests 0 Wiki
Parcourir la source

DPP: Use dpp_bn2bin_pad() helper to simplify code

Number of places writing BIGNUM values with left-padding were open
coding this helper functionality unnecessarily.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen il y a 7 ans
Parent
dab5642089
commit
fc0efa2a1e
1 fichiers modifiés avec 30 ajouts et 95 suppressions
Vue séparée Afficher les stats Diff
  1. 30 95
      src/common/dpp.c

+ 30 - 95
src/common/dpp.c
Voir le fichier 

@@ -339,6 +339,20 @@ static int dpp_hmac(size_t hash_len, const u8 *key, size_t key_len,
 
 }
 
 
 
+static int dpp_bn2bin_pad(const BIGNUM *bn, u8 *pos, size_t len)
 
+{
 
+	int num_bytes, offset;
 
+
 
+	num_bytes = BN_num_bytes(bn);
 
+	if ((size_t) num_bytes > len)
 
+		return -1;
 
+	offset = len - num_bytes;
 
+	os_memset(pos, 0, offset);
 
+	BN_bn2bin(bn, pos + offset);
 
+	return 0;
 
+}
 
+
 
+
 
 static struct wpabuf * dpp_get_pubkey_point(EVP_PKEY *pkey, int prefix)
 
 {
 
 	int len, res;
 
@@ -2050,7 +2064,6 @@ static int dpp_auth_derive_l_responder(struct dpp_authentication *auth)
 
 	BIGNUM *lx, *sum, *q;
 
 	const BIGNUM *bR_bn, *pR_bn;
 
 	int ret = -1;
 
-	int num_bytes, offset;
 
 
 	/* L = ((bR + pR) modulo q) * BI */
 
 
@@ -2090,16 +2103,8 @@ static int dpp_auth_derive_l_responder(struct dpp_authentication *auth)
 
 		goto fail;
 
 	}
 
 
-	num_bytes = BN_num_bytes(lx);
 
-	if ((size_t) num_bytes > auth->secret_len)
 
+	if (dpp_bn2bin_pad(lx, auth->Lx, auth->secret_len) < 0)
 
 		goto fail;
 
-	if (auth->secret_len > (size_t) num_bytes)
 
-		offset = auth->secret_len - num_bytes;
 
-	else
 
-		offset = 0;
 
-
 
-	os_memset(auth->Lx, 0, offset);
 
-	BN_bn2bin(lx, auth->Lx + offset);
 
 	wpa_hexdump_key(MSG_DEBUG, "DPP: L.x", auth->Lx, auth->secret_len);
 
 	ret = 0;
 
 fail:
 
@@ -2125,7 +2130,6 @@ static int dpp_auth_derive_l_initiator(struct dpp_authentication *auth)
 
 	BIGNUM *lx;
 
 	const BIGNUM *bI_bn;
 
 	int ret = -1;
 
-	int num_bytes, offset;
 
 
 	/* L = bI * (BR + PR) */
 
 
@@ -2160,16 +2164,8 @@ static int dpp_auth_derive_l_initiator(struct dpp_authentication *auth)
 
 		goto fail;
 
 	}
 
 
-	num_bytes = BN_num_bytes(lx);
 
-	if ((size_t) num_bytes > auth->secret_len)
 
+	if (dpp_bn2bin_pad(lx, auth->Lx, auth->secret_len) < 0)
 
 		goto fail;
 
-	if (auth->secret_len > (size_t) num_bytes)
 
-		offset = auth->secret_len - num_bytes;
 
-	else
 
-		offset = 0;
 
-
 
-	os_memset(auth->Lx, 0, offset);
 
-	BN_bn2bin(lx, auth->Lx + offset);
 
 	wpa_hexdump_key(MSG_DEBUG, "DPP: L.x", auth->Lx, auth->secret_len);
 
 	ret = 0;
 
 fail:
 
@@ -3441,20 +3437,6 @@ dpp_build_conf_start(struct dpp_authentication *auth,
 
 }
 
 
 
-static int dpp_bn2bin_pad(const BIGNUM *bn, u8 *pos, size_t len)
 
-{
 
-	int num_bytes, offset;
 
-
 
-	num_bytes = BN_num_bytes(bn);
 
-	if ((size_t) num_bytes > len)
 
-		return -1;
 
-	offset = len - num_bytes;
 
-	os_memset(pos, 0, offset);
 
-	BN_bn2bin(bn, pos + offset);
 
-	return 0;
 
-}
 
-
 
-
 
 static int dpp_build_jwk(struct wpabuf *buf, const char *name, EVP_PKEY *key,
 
 			 const char *kid, const struct dpp_curve_params *curve)
 
 {
 
@@ -5472,7 +5454,6 @@ static int dpp_test_gen_invalid_key(struct wpabuf *msg,
 
 {
 
 	BN_CTX *ctx;
 
 	BIGNUM *x, *y;
 
-	int num_bytes, offset;
 
 	int ret = -1;
 
 	EC_GROUP *group;
 
 	EC_POINT *point;
 
@@ -5505,25 +5486,11 @@ static int dpp_test_gen_invalid_key(struct wpabuf *msg,
 
 			break;
 
 	}
 
 
-	num_bytes = BN_num_bytes(x);
 
-	if ((size_t) num_bytes > curve->prime_len)
 
-		goto fail;
 
-	if (curve->prime_len > (size_t) num_bytes)
 
-		offset = curve->prime_len - num_bytes;
 
-	else
 
-		offset = 0;
 
-	os_memset(wpabuf_put(msg, offset), 0, offset);
 
-	BN_bn2bin(x, wpabuf_put(msg, num_bytes));
 
-
 
-	num_bytes = BN_num_bytes(y);
 
-	if ((size_t) num_bytes > curve->prime_len)
 
+	if (dpp_bn2bin_pad(x, wpabuf_put(msg, curve->prime_len),
 
+			   curve->prime_len) < 0 ||
 
+	    dpp_bn2bin_pad(y, wpabuf_put(msg, curve->prime_len),
 
+			   curve->prime_len) < 0)
 
 		goto fail;
 
-	if (curve->prime_len > (size_t) num_bytes)
 
-		offset = curve->prime_len - num_bytes;
 
-	else
 
-		offset = 0;
 
-	os_memset(wpabuf_put(msg, offset), 0, offset);
 
-	BN_bn2bin(y, wpabuf_put(msg, num_bytes));
 
 
 	ret = 0;
 
 fail:
 
@@ -5549,7 +5516,6 @@ static struct wpabuf * dpp_pkex_build_exchange_req(struct dpp_pkex *pkex)
 
 	struct wpabuf *msg = NULL;
 
 	size_t attr_len;
 
 	const struct dpp_curve_params *curve = pkex->own_bi->curve;
 
-	int num_bytes, offset;
 
 
 	wpa_printf(MSG_DEBUG, "DPP: Build PKEX Exchange Request");
 
 
@@ -5634,27 +5600,12 @@ skip_finite_cyclic_group:
 
 	}
 
 #endif /* CONFIG_TESTING_OPTIONS */
 
 
-	num_bytes = BN_num_bytes(Mx);
 
-	if ((size_t) num_bytes > curve->prime_len)
 
-		goto fail;
 
-	if (curve->prime_len > (size_t) num_bytes)
 
-		offset = curve->prime_len - num_bytes;
 
-	else
 
-		offset = 0;
 
-	os_memset(wpabuf_put(msg, offset), 0, offset);
 
-	BN_bn2bin(Mx, wpabuf_put(msg, num_bytes));
 
-	os_memset(pkex->Mx, 0, offset);
 
-	BN_bn2bin(Mx, pkex->Mx + offset);
 
-
 
-	num_bytes = BN_num_bytes(My);
 
-	if ((size_t) num_bytes > curve->prime_len)
 
+	if (dpp_bn2bin_pad(Mx, wpabuf_put(msg, curve->prime_len),
 
+			   curve->prime_len) < 0 ||
 
+	    dpp_bn2bin_pad(Mx, pkex->Mx, curve->prime_len) < 0 ||
 
+	    dpp_bn2bin_pad(My, wpabuf_put(msg, curve->prime_len),
 
+			   curve->prime_len) < 0)
 
 		goto fail;
 
-	if (curve->prime_len > (size_t) num_bytes)
 
-		offset = curve->prime_len - num_bytes;
 
-	else
 
-		offset = 0;
 
-	os_memset(wpabuf_put(msg, offset), 0, offset);
 
-	BN_bn2bin(My, wpabuf_put(msg, num_bytes));
 
 
 out:
 
 	wpabuf_free(M_buf);
 
@@ -5718,7 +5669,6 @@ dpp_pkex_build_exchange_resp(struct dpp_pkex *pkex,
 
 {
 
 	struct wpabuf *msg = NULL;
 
 	size_t attr_len;
 
-	int num_bytes, offset;
 
 	const struct dpp_curve_params *curve = pkex->own_bi->curve;
 
 
 	/* Initiator -> Responder: DPP Status, [identifier,] N */
 
@@ -5776,27 +5726,12 @@ skip_status:
 
 	}
 
 #endif /* CONFIG_TESTING_OPTIONS */
 
 
-	num_bytes = BN_num_bytes(Nx);
 
-	if ((size_t) num_bytes > curve->prime_len)
 
-		goto fail;
 
-	if (curve->prime_len > (size_t) num_bytes)
 
-		offset = curve->prime_len - num_bytes;
 
-	else
 
-		offset = 0;
 
-	os_memset(wpabuf_put(msg, offset), 0, offset);
 
-	BN_bn2bin(Nx, wpabuf_put(msg, num_bytes));
 
-	os_memset(pkex->Nx, 0, offset);
 
-	BN_bn2bin(Nx, pkex->Nx + offset);
 
-
 
-	num_bytes = BN_num_bytes(Ny);
 
-	if ((size_t) num_bytes > curve->prime_len)
 
+	if (dpp_bn2bin_pad(Nx, wpabuf_put(msg, curve->prime_len),
 
+			   curve->prime_len) < 0 ||
 
+	    dpp_bn2bin_pad(Nx, pkex->Nx, curve->prime_len) < 0 ||
 
+	    dpp_bn2bin_pad(Ny, wpabuf_put(msg, curve->prime_len),
 
+			   curve->prime_len) < 0)
 
 		goto fail;
 
-	if (curve->prime_len > (size_t) num_bytes)
 
-		offset = curve->prime_len - num_bytes;
 
-	else
 
-		offset = 0;
 
-	os_memset(wpabuf_put(msg, offset), 0, offset);
 
-	BN_bn2bin(Ny, wpabuf_put(msg, num_bytes));
 
 
 skip_encrypted_key:
 
 	if (status == DPP_STATUS_BAD_GROUP) {