12 years ago · 4925b303db
--- a/src/common/sae.c
+++ b/src/common/sae.c
@@ -115,10 +115,10 @@ static int sae_test_pwd_seed(struct sae_data *sae, const u8 *pwd_seed,
 
				 	struct crypto_bignum *x;
			
 
				 	int y_bit;
			
 
				 
			
 
				-	wpa_hexdump_key(MSG_DEBUG, "SAE: pwd-seed", pwd_seed, 32);
			
 
				+	wpa_hexdump_key(MSG_DEBUG, "SAE: pwd-seed", pwd_seed, SHA256_MAC_LEN);
			
 
				 
			
 
				 	/* pwd-value = KDF-z(pwd-seed, "SAE Hunting and Pecking", p) */
			
 
				-	sha256_prf(pwd_seed, 32, "SAE Hunting and Pecking",
			
 
				+	sha256_prf(pwd_seed, SHA256_MAC_LEN, "SAE Hunting and Pecking",
			
 
				 		   group19_prime, sizeof(group19_prime),
			
 
				 		   pwd_value, sizeof(pwd_value));
			
 
				 	wpa_hexdump_key(MSG_DEBUG, "SAE: pwd-value",
			
@@ -375,9 +375,9 @@ fail:
 
				 
			
 
				 static int sae_derive_keys(struct sae_data *sae, const u8 *k)
			
 
				 {
			
 
				-	u8 null_key[32], val[SAE_MAX_PRIME_LEN];
			
 
				+	u8 null_key[SAE_KEYSEED_KEY_LEN], val[SAE_MAX_PRIME_LEN];
			
 
				 	u8 keyseed[SHA256_MAC_LEN];
			
 
				-	u8 keys[32 + 32];
			
 
				+	u8 keys[SAE_KCK_LEN + SAE_PMK_LEN];
			
 
				 	struct crypto_bignum *order, *own_scalar, *peer_scalar, *tmp;
			
 
				 	int ret = -1;
			
 
				 
			
@@ -404,13 +404,13 @@ static int sae_derive_keys(struct sae_data *sae, const u8 *k)
 
				 	crypto_bignum_add(own_scalar, peer_scalar, tmp);
			
 
				 	crypto_bignum_mod(tmp, order, tmp);
			
 
				 	crypto_bignum_to_bin(tmp, val, sizeof(val), sae->prime_len);
			
 
				-	wpa_hexdump(MSG_DEBUG, "SAE: PMKID", val, 16);
			
 
				+	wpa_hexdump(MSG_DEBUG, "SAE: PMKID", val, SAE_PMKID_LEN);
			
 
				 	sha256_prf(keyseed, sizeof(keyseed), "SAE KCK and PMK",
			
 
				 		   val, sae->prime_len, keys, sizeof(keys));
			
 
				-	os_memcpy(sae->kck, keys, 32);
			
 
				-	os_memcpy(sae->pmk, keys + 32, 32);
			
 
				-	wpa_hexdump_key(MSG_DEBUG, "SAE: KCK", sae->kck, 32);
			
 
				-	wpa_hexdump_key(MSG_DEBUG, "SAE: PMK", sae->pmk, 32);
			
 
				+	os_memcpy(sae->kck, keys, SAE_KCK_LEN);
			
 
				+	os_memcpy(sae->pmk, keys + SAE_KCK_LEN, SAE_PMK_LEN);
			
 
				+	wpa_hexdump_key(MSG_DEBUG, "SAE: KCK", sae->kck, SAE_KCK_LEN);
			
 
				+	wpa_hexdump_key(MSG_DEBUG, "SAE: PMK", sae->pmk, SAE_PMK_LEN);
			
 
				 
			
 
				 	ret = 0;
			
 
				 fail:
			
--- a/src/common/sae.h
+++ b/src/common/sae.h
@@ -9,6 +9,10 @@
 
				 #ifndef SAE_H
			
 
				 #define SAE_H
			
 
				 
			
 
				+#define SAE_KCK_LEN 32
			
 
				+#define SAE_PMK_LEN 32
			
 
				+#define SAE_PMKID_LEN 16
			
 
				+#define SAE_KEYSEED_KEY_LEN 32
			
 
				 #define SAE_MAX_PRIME_LEN 32
			
 
				 #define SAE_COMMIT_MAX_LEN (2 + 3 * SAE_MAX_PRIME_LEN)
			
 
				 #define SAE_CONFIRM_MAX_LEN (2 + SAE_MAX_PRIME_LEN)
			
@@ -16,8 +20,8 @@
 
				 struct sae_data {
			
 
				 	enum { SAE_NOTHING, SAE_COMMITTED, SAE_CONFIRMED, SAE_ACCEPTED } state;
			
 
				 	u16 send_confirm;
			
 
				-	u8 kck[32];
			
 
				-	u8 pmk[32];
			
 
				+	u8 kck[SAE_KCK_LEN];
			
 
				+	u8 pmk[SAE_PMK_LEN];
			
 
				 	u8 own_commit_scalar[SAE_MAX_PRIME_LEN];
			
 
				 	u8 own_commit_element[2 * SAE_MAX_PRIME_LEN];
			
 
				 	u8 peer_commit_scalar[SAE_MAX_PRIME_LEN];