projects / openwrt / openwrt.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
hostapd: adjust patches to work with git am
[openwrt/openwrt.git] / package / network / services / hostapd / patches / 135-mbedtls-fix-owe-association.patch
1 From: David Bauer <mail@david-bauer.net>
2 Date: Tue, 24 Oct 2023 03:07:48 +0200
3 Subject: [PATCH] hostapd: fix OWE association with mbedtls
4
5 The code for hostapd-mbedtls did not work when used for OWE association.
6
7 When handling association requests, the buffer offsets and length
8 assumptions were incorrect, leading to never calculating the y point,
9 thus denying association.
10
11 Also when crafting the association response, the buffer contained the
12 trailing key-type.
13
14 Fix up both issues to adhere to the specification and make
15 hostapd-mbedtls work with the OWE security type.
16
17 --- a/src/crypto/crypto_mbedtls.c
18 +++ b/src/crypto/crypto_mbedtls.c
19 @@ -2299,25 +2299,30 @@ struct crypto_ecdh * crypto_ecdh_init2(i
20 struct wpabuf * crypto_ecdh_get_pubkey(struct crypto_ecdh *ecdh, int inc_y)
21 {
22 mbedtls_ecp_group *grp = &ecdh->grp;
23 - size_t len = CRYPTO_EC_plen(grp);
24 + size_t prime_len = CRYPTO_EC_plen(grp);
25 + size_t output_len = prime_len;
26 + u8 output_offset = 0;
27 + u8 buf[256];
28 +
29 #ifdef MBEDTLS_ECP_MONTGOMERY_ENABLED
30 /* len */
31 #endif
32 #ifdef MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED
33 - if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS)
34 - len = inc_y ? len*2+1 : len+1;
35 + if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS) {
36 + output_len = inc_y ? prime_len * 2 + 1 : prime_len + 1;
37 + output_offset = 1;
38 + }
39 #endif
40 - struct wpabuf *buf = wpabuf_alloc(len);
41 - if (buf == NULL)
42 +
43 + if (output_len > sizeof(buf))
44 return NULL;
45 +
46 inc_y = inc_y ? MBEDTLS_ECP_PF_UNCOMPRESSED : MBEDTLS_ECP_PF_COMPRESSED;
47 - if (mbedtls_ecp_point_write_binary(grp, &ecdh->Q, inc_y, &len,
48 - wpabuf_mhead_u8(buf), len) == 0) {
49 - wpabuf_put(buf, len);
50 - return buf;
51 + if (mbedtls_ecp_point_write_binary(grp, &ecdh->Q, inc_y, &output_len,
52 + buf, output_len) == 0) {
53 + return wpabuf_alloc_copy(buf + output_offset, output_len - output_offset);
54 }
55
56 - wpabuf_free(buf);
57 return NULL;
58 }
59
60 @@ -2379,10 +2384,7 @@ struct wpabuf * crypto_ecdh_set_peerkey(
61 os_memcpy(buf+2, key, len);
62 }
63 len >>= 1; /*(repurpose len to prime_len)*/
64 - }
65 - else if (key[0] == 0x02 || key[0] == 0x03) { /* (inc_y == 0) */
66 - --len; /*(repurpose len to prime_len)*/
67 -
68 + } else { /* (inc_y == 0) */
69 /* mbedtls_ecp_point_read_binary() does not currently support
70 * MBEDTLS_ECP_PF_COMPRESSED format (buf[1] = 0x02 or 0x03)
71 * (returns MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE) */
72 @@ -2390,22 +2392,21 @@ struct wpabuf * crypto_ecdh_set_peerkey(
73 /* derive y, amend buf[] with y for UNCOMPRESSED format */
74 if (sizeof(buf)-2 < len*2 || len == 0)
75 return NULL;
76 +
77 buf[0] = (u8)(1+len*2);
78 buf[1] = 0x04;
79 + os_memcpy(buf+2, key, len);
80 +
81 mbedtls_mpi bn;
82 mbedtls_mpi_init(&bn);
83 - int ret = mbedtls_mpi_read_binary(&bn, key+1, len)
84 - || crypto_mbedtls_short_weierstrass_derive_y(grp, &bn,
85 - key[0] & 1)
86 + int ret = mbedtls_mpi_read_binary(&bn, key, len)
87 + || crypto_mbedtls_short_weierstrass_derive_y(grp, &bn, 0)
88 || mbedtls_mpi_write_binary(&bn, buf+2+len, len);
89 mbedtls_mpi_free(&bn);
90 if (ret != 0)
91 return NULL;
92 }
93
94 - if (key[0] == 0) /*(repurpose len to prime_len)*/
95 - len = CRYPTO_EC_plen(grp);
96 -
97 if (mbedtls_ecdh_read_public(&ecdh->ctx, buf, buf[0]+1))
98 return NULL;
99 }
OpenWrt Source Repository