Lines Matching +full:25 +full:- +full:18
2 * SAE-PK
28 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31,
30 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 16,
32 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 16, 17,
34 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 16, 17, 18,
36 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 16, 17, 18, 19,
38 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 16, 17, 18, 19, 20,
40 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 16, 17, 18, 19, 20, 21,
42 23, 24, 25, 26, 27, 28, 29, 30, 31, 16, 17, 18, 19, 20, 21, 22,
44 24, 25, 26, 27, 28, 29, 30, 31, 16, 17, 18, 19, 20, 21, 22, 23,
46 25, 26, 27, 28, 29, 30, 31, 16, 17, 18, 19, 20, 21, 22, 23, 24,
48 26, 27, 28, 29, 30, 31, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25,
50 27, 28, 29, 30, 31, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26,
52 28, 29, 30, 31, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27,
54 29, 30, 31, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28,
56 30, 31, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29,
58 31, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30,
59 16, 31, 30, 29, 28, 27, 26, 25, 24, 23, 22, 21, 20, 19, 18, 17,
61 17, 16, 31, 30, 29, 28, 27, 26, 25, 24, 23, 22, 21, 20, 19, 18,
63 18, 17, 16, 31, 30, 29, 28, 27, 26, 25, 24, 23, 22, 21, 20, 19,
65 19, 18, 17, 16, 31, 30, 29, 28, 27, 26, 25, 24, 23, 22, 21, 20,
67 20, 19, 18, 17, 16, 31, 30, 29, 28, 27, 26, 25, 24, 23, 22, 21,
69 21, 20, 19, 18, 17, 16, 31, 30, 29, 28, 27, 26, 25, 24, 23, 22,
71 22, 21, 20, 19, 18, 17, 16, 31, 30, 29, 28, 27, 26, 25, 24, 23,
73 23, 22, 21, 20, 19, 18, 17, 16, 31, 30, 29, 28, 27, 26, 25, 24,
75 24, 23, 22, 21, 20, 19, 18, 17, 16, 31, 30, 29, 28, 27, 26, 25,
77 25, 24, 23, 22, 21, 20, 19, 18, 17, 16, 31, 30, 29, 28, 27, 26,
79 26, 25, 24, 23, 22, 21, 20, 19, 18, 17, 16, 31, 30, 29, 28, 27,
81 27, 26, 25, 24, 23, 22, 21, 20, 19, 18, 17, 16, 31, 30, 29, 28,
83 28, 27, 26, 25, 24, 23, 22, 21, 20, 19, 18, 17, 16, 31, 30, 29,
85 29, 28, 27, 26, 25, 24, 23, 22, 21, 20, 19, 18, 17, 16, 31, 30,
87 30, 29, 28, 27, 26, 25, 24, 23, 22, 21, 20, 19, 18, 17, 16, 31,
89 31, 30, 29, 28, 27, 26, 25, 24, 23, 22, 21, 20, 19, 18, 17, 16,
95 22, 3, 24, 0, 23, 25, 12, 9, 28, 14, 4, 15, 17, 18, 19, 26
103 return d_permute(d_perm_table[val], iter - 1); in d_permute()
110 return 16 - val; in d_invert()
127 for (j = len - 1; j >= 0; j--) { in d_check_char()
153 /* SAE-PK password has at least three four character components in sae_pk_valid_password()
156 wpa_printf(MSG_DEBUG, "SAE-PK: Not a valid password (length)"); in sae_pk_valid_password()
162 if (pw[pos] != '-') { in sae_pk_valid_password()
164 "SAE-PK: Not a valid password (separator)"); in sae_pk_valid_password()
171 "SAE-PK: Not a valid password (character)"); in sae_pk_valid_password()
177 if (pw[pw_len - 1] != d_check_char(pw, pw_len - 1)) { in sae_pk_valid_password()
179 "SAE-PK: Not a valid password (checksum)"); in sae_pk_valid_password()
188 "SAE-PK: Not a valid password (Sec_1b)"); in sae_pk_valid_password()
201 *bits -= 5; in add_char()
205 if ((pos - start) % 5 == 4) in add_char()
206 *pos++ = '-'; in add_char()
231 extra_pad = (5 - len % 5) % 5; in sae_pk_base32_encode()
237 for (j = 7; j >= 0; j--) in sae_pk_base32_encode()
271 extra_pad = (8 - count % 8) % 8; in sae_pk_base32_decode()
306 pos -= pad * 5 / 8; in sae_pk_base32_decode()
312 *out_len = pos - out; in sae_pk_base32_decode()
361 struct sae_temporary_data *tmp = sae->tmp; in sae_pk_set_password()
369 return -1; in sae_pk_set_password()
371 os_memset(tmp->fingerprint, 0, sizeof(tmp->fingerprint)); in sae_pk_set_password()
372 tmp->fingerprint_bytes = tmp->fingerprint_bits = 0; in sae_pk_set_password()
376 return -1; in sae_pk_set_password()
380 return -1; in sae_pk_set_password()
382 tmp->sec = (pw[0] & BIT(7)) ? 3 : 5; in sae_pk_set_password()
383 tmp->lambda = len - len / 5; in sae_pk_set_password()
384 tmp->fingerprint_bits = 8 * tmp->sec + 19 * tmp->lambda / 4 - 5; in sae_pk_set_password()
385 wpa_printf(MSG_DEBUG, "SAE-PK: Sec=%u Lambda=%zu fingerprint_bits=%zu", in sae_pk_set_password()
386 tmp->sec, tmp->lambda, tmp->fingerprint_bits); in sae_pk_set_password()
390 pos = &tmp->fingerprint[tmp->sec]; in sae_pk_set_password()
391 bits = tmp->fingerprint_bits - 8 * tmp->sec; in sae_pk_set_password()
392 wpa_hexdump_key(MSG_DEBUG, "SAE-PK: PasswordBase", pw, pw_len); in sae_pk_set_password()
404 *pos++ = (val >> (val_bits - 8)) & 0xff; in sae_pk_set_password()
405 val_bits -= 8; in sae_pk_set_password()
406 bits -= 8; in sae_pk_set_password()
410 val >>= val_bits - bits; in sae_pk_set_password()
411 *pos++ = val << (8 - bits); in sae_pk_set_password()
413 tmp->fingerprint_bytes = pos - tmp->fingerprint; in sae_pk_set_password()
414 wpa_hexdump_key(MSG_DEBUG, "SAE-PK: Fingerprint", in sae_pk_set_password()
415 tmp->fingerprint, tmp->fingerprint_bytes); in sae_pk_set_password()
439 wpabuf_free(pk->m); in sae_deinit_pk()
440 crypto_ec_key_deinit(pk->key); in sae_deinit_pk()
442 crypto_ec_key_deinit(pk->sign_key_override); in sae_deinit_pk()
444 wpabuf_free(pk->pubkey); in sae_deinit_pk()
461 /* <m-as-hexdump>:<base64-encoded-DER-encoded-key> */ in sae_parse_pk()
464 if (!pos || (pos - val) & 0x01) in sae_parse_pk()
466 len = (pos - val) / 2; in sae_parse_pk()
476 pk->m = wpabuf_alloc(len); in sae_parse_pk()
477 if (!pk->m || hexstr2bin(val, wpabuf_put(pk->m, len), len)) { in sae_parse_pk()
487 b_len = pos2 - pos; in sae_parse_pk()
497 pk->key = crypto_ec_key_parse_priv(der, der_len); in sae_parse_pk()
499 if (!pk->key) in sae_parse_pk()
501 pk->group = crypto_ec_key_group(pk->key); in sae_parse_pk()
502 pk->pubkey = crypto_ec_key_get_subject_public_key(pk->key); in sae_parse_pk()
503 if (!pk->pubkey) in sae_parse_pk()
515 pk->sign_key_override = crypto_ec_key_parse_priv(der, der_len); in sae_parse_pk()
517 if (!pk->sign_key_override) in sae_parse_pk()
541 return -1; in sae_hash()
549 struct sae_temporary_data *tmp = sae->tmp; in sae_pk_hash_sig_data()
552 int ret = -1; in sae_pk_hash_sig_data()
555 * M || K_AP || AP-BSSID || STA-MAC */ in sae_pk_hash_sig_data()
556 sig_data = wpabuf_alloc(tmp->prime_len * 6 + m_len + pubkey_len + in sae_pk_hash_sig_data()
560 pos = wpabuf_put(sig_data, 2 * tmp->prime_len); in sae_pk_hash_sig_data()
561 if (crypto_ec_point_to_bin(tmp->ec, ap ? tmp->own_commit_element_ecc : in sae_pk_hash_sig_data()
562 tmp->peer_commit_element_ecc, in sae_pk_hash_sig_data()
563 pos, pos + tmp->prime_len) < 0) in sae_pk_hash_sig_data()
565 pos = wpabuf_put(sig_data, 2 * tmp->prime_len); in sae_pk_hash_sig_data()
566 if (crypto_ec_point_to_bin(tmp->ec, ap ? tmp->peer_commit_element_ecc : in sae_pk_hash_sig_data()
567 tmp->own_commit_element_ecc, in sae_pk_hash_sig_data()
568 pos, pos + tmp->prime_len) < 0) in sae_pk_hash_sig_data()
570 if (crypto_bignum_to_bin(ap ? tmp->own_commit_scalar : in sae_pk_hash_sig_data()
571 sae->peer_commit_scalar, in sae_pk_hash_sig_data()
572 wpabuf_put(sig_data, tmp->prime_len), in sae_pk_hash_sig_data()
573 tmp->prime_len, tmp->prime_len) < 0 || in sae_pk_hash_sig_data()
574 crypto_bignum_to_bin(ap ? sae->peer_commit_scalar : in sae_pk_hash_sig_data()
575 tmp->own_commit_scalar, in sae_pk_hash_sig_data()
576 wpabuf_put(sig_data, tmp->prime_len), in sae_pk_hash_sig_data()
577 tmp->prime_len, tmp->prime_len) < 0) in sae_pk_hash_sig_data()
581 wpabuf_put_data(sig_data, ap ? tmp->own_addr : tmp->peer_addr, in sae_pk_hash_sig_data()
583 wpabuf_put_data(sig_data, ap ? tmp->peer_addr : tmp->own_addr, in sae_pk_hash_sig_data()
585 wpa_hexdump_buf_key(MSG_DEBUG, "SAE-PK: Data to be signed for KeyAuth", in sae_pk_hash_sig_data()
590 wpa_hexdump(MSG_DEBUG, "SAE-PK: hash(data to be signed)", in sae_pk_hash_sig_data()
601 struct sae_temporary_data *tmp = sae->tmp; in sae_write_confirm_pk()
604 int ret = -1; in sae_write_confirm_pk()
613 return -1; in sae_write_confirm_pk()
615 pk = tmp->ap_pk; in sae_write_confirm_pk()
616 if (!sae->pk || !pk) in sae_write_confirm_pk()
619 key = pk->key; in sae_write_confirm_pk()
621 if (tmp->omit_pk_elem) in sae_write_confirm_pk()
623 if (pk->sign_key_override) { in sae_write_confirm_pk()
624 wpa_printf(MSG_INFO, "TESTING: Override SAE-PK signing key"); in sae_write_confirm_pk()
625 key = pk->sign_key_override; in sae_write_confirm_pk()
629 if (tmp->kek_len != 32 && tmp->kek_len != 48 && tmp->kek_len != 64) { in sae_write_confirm_pk()
631 "SAE-PK: No KEK available for writing confirm"); in sae_write_confirm_pk()
632 return -1; in sae_write_confirm_pk()
635 if (!tmp->ec) { in sae_write_confirm_pk()
636 /* Only ECC groups are supported for SAE-PK in the current in sae_write_confirm_pk()
639 "SAE-PK: SAE commit did not use an ECC group"); in sae_write_confirm_pk()
640 return -1; in sae_write_confirm_pk()
643 hash_len = sae_group_2_hash_len(pk->group); in sae_write_confirm_pk()
644 if (sae_pk_hash_sig_data(sae, hash_len, true, wpabuf_head(pk->m), in sae_write_confirm_pk()
645 wpabuf_len(pk->m), wpabuf_head(pk->pubkey), in sae_write_confirm_pk()
646 wpabuf_len(pk->pubkey), hash) < 0) in sae_write_confirm_pk()
651 wpa_hexdump_buf(MSG_DEBUG, "SAE-PK: KeyAuth = Sig_AP()", sig); in sae_write_confirm_pk()
657 encr_mod_len = wpabuf_len(pk->m) + AES_BLOCK_SIZE; in sae_write_confirm_pk()
658 need = 4 + wpabuf_len(pk->pubkey) + 3 + wpabuf_len(sig) + in sae_write_confirm_pk()
662 "SAE-PK: No room in message buffer for SAE-PK elements (%zu < %zu)", in sae_write_confirm_pk()
669 wpabuf_put_u8(buf, 2 + wpabuf_len(pk->pubkey)); in sae_write_confirm_pk()
672 wpabuf_put_buf(buf, pk->pubkey); in sae_write_confirm_pk()
679 * AP-BSSID || STA-MAC) */ in sae_write_confirm_pk()
682 /* SAE-PK element */ in sae_write_confirm_pk()
686 /* EncryptedModifier = AES-SIV-Q(M); no AAD */ in sae_write_confirm_pk()
688 if (aes_siv_encrypt(tmp->kek, tmp->kek_len, in sae_write_confirm_pk()
689 wpabuf_head(pk->m), wpabuf_len(pk->m), in sae_write_confirm_pk()
692 wpa_hexdump(MSG_DEBUG, "SAE-PK: EncryptedModifier", in sae_write_confirm_pk()
707 struct sae_temporary_data *tmp = sae->tmp; in sae_pk_valid_fingerprint()
713 if (!tmp->fingerprint_bytes) { in sae_pk_valid_fingerprint()
715 "SAE-PK: No PW available for K_AP fingerprint check"); in sae_pk_valid_fingerprint()
719 /* Fingerprint = L(Hash(SSID || M || K_AP), 0, 8*Sec + 19*Lambda/4 - 5) in sae_pk_valid_fingerprint()
723 hash_data_len = tmp->ssid_len + m_len + k_ap_len; in sae_pk_valid_fingerprint()
728 os_memcpy(pos, tmp->ssid, tmp->ssid_len); in sae_pk_valid_fingerprint()
729 pos += tmp->ssid_len; in sae_pk_valid_fingerprint()
734 wpa_hexdump_key(MSG_DEBUG, "SAE-PK: SSID || M || K_AP", in sae_pk_valid_fingerprint()
740 wpa_hexdump(MSG_DEBUG, "SAE-PK: Hash(SSID || M || K_AP)", in sae_pk_valid_fingerprint()
743 if (tmp->fingerprint_bits > hash_len * 8) { in sae_pk_valid_fingerprint()
745 "SAE-PK: Not enough hash output bits for the fingerprint"); in sae_pk_valid_fingerprint()
748 if (tmp->fingerprint_bits % 8) { in sae_pk_valid_fingerprint()
752 extra = 8 - tmp->fingerprint_bits % 8; in sae_pk_valid_fingerprint()
753 pos = &hash[tmp->fingerprint_bits / 8]; in sae_pk_valid_fingerprint()
756 wpa_hexdump(MSG_DEBUG, "SAE-PK: Fingerprint", hash, in sae_pk_valid_fingerprint()
757 tmp->fingerprint_bytes); in sae_pk_valid_fingerprint()
758 res = os_memcmp_const(hash, tmp->fingerprint, tmp->fingerprint_bytes); in sae_pk_valid_fingerprint()
760 wpa_printf(MSG_DEBUG, "SAE-PK: K_AP fingerprint mismatch"); in sae_pk_valid_fingerprint()
761 wpa_hexdump(MSG_DEBUG, "SAE-PK: Expected fingerprint", in sae_pk_valid_fingerprint()
762 tmp->fingerprint, tmp->fingerprint_bytes); in sae_pk_valid_fingerprint()
766 wpa_printf(MSG_DEBUG, "SAE-PK: Valid K_AP fingerprint"); in sae_pk_valid_fingerprint()
773 struct sae_temporary_data *tmp = sae->tmp; in sae_check_confirm_pk()
785 return -1; in sae_check_confirm_pk()
786 if (!sae->pk || tmp->ap_pk) in sae_check_confirm_pk()
789 if (tmp->kek_len != 32 && tmp->kek_len != 48 && tmp->kek_len != 64) { in sae_check_confirm_pk()
791 "SAE-PK: No KEK available for checking confirm"); in sae_check_confirm_pk()
792 return -1; in sae_check_confirm_pk()
795 if (!tmp->ec) { in sae_check_confirm_pk()
796 /* Only ECC groups are supported for SAE-PK in the current in sae_check_confirm_pk()
799 "SAE-PK: SAE commit did not use an ECC group"); in sae_check_confirm_pk()
800 return -1; in sae_check_confirm_pk()
803 wpa_hexdump(MSG_DEBUG, "SAE-PK: Received confirm IEs", ies, ies_len); in sae_check_confirm_pk()
805 wpa_printf(MSG_INFO, "SAE-PK: Failed to parse confirm IEs"); in sae_check_confirm_pk()
806 return -1; in sae_check_confirm_pk()
810 "SAE-PK: Not all mandatory IEs included in confirm"); in sae_check_confirm_pk()
811 return -1; in sae_check_confirm_pk()
818 "SAE-PK: No room for EncryptedModifier in SAE-PK element"); in sae_check_confirm_pk()
819 return -1; in sae_check_confirm_pk()
822 wpa_hexdump(MSG_DEBUG, "SAE-PK: EncryptedModifier", in sae_check_confirm_pk()
825 if (aes_siv_decrypt(tmp->kek, tmp->kek_len, in sae_check_confirm_pk()
829 "SAE-PK: Failed to decrypt EncryptedModifier"); in sae_check_confirm_pk()
830 return -1; in sae_check_confirm_pk()
832 wpa_hexdump_key(MSG_DEBUG, "SAE-PK: Modifier M", m, SAE_PK_M_LEN); in sae_check_confirm_pk()
835 wpa_printf(MSG_INFO, "SAE-PK: Unsupported public key type %u", in sae_check_confirm_pk()
837 return -1; in sae_check_confirm_pk()
839 k_ap_len = elems.fils_pk_len - 1; in sae_check_confirm_pk()
841 wpa_hexdump(MSG_DEBUG, "SAE-PK: Received K_AP", k_ap, k_ap_len); in sae_check_confirm_pk()
847 wpa_printf(MSG_INFO, "SAE-PK: Failed to parse K_AP"); in sae_check_confirm_pk()
848 return -1; in sae_check_confirm_pk()
855 return -1; in sae_check_confirm_pk()
858 wpa_hexdump(MSG_DEBUG, "SAE-PK: Received KeyAuth", in sae_check_confirm_pk()
865 return -1; in sae_check_confirm_pk()
875 "SAE-PK: Invalid or incorrect signature in KeyAuth"); in sae_check_confirm_pk()
876 return -1; in sae_check_confirm_pk()
879 wpa_printf(MSG_DEBUG, "SAE-PK: Valid KeyAuth signature received"); in sae_check_confirm_pk()