From: Denis Kenzior <denkenz@gmail.com>
To: James Prestwood <prestwoj@gmail.com>, iwd@lists.linux.dev
Subject: Re: [PATCH 12/21] dpp-util: add crypto for PKEX
Date: Thu, 19 Oct 2023 10:13:16 -0500 [thread overview]
Message-ID: <856ccaf4-64fb-437c-9ba2-72702111f320@gmail.com> (raw)
In-Reply-To: <20231012200150.338401-13-prestwoj@gmail.com>
Hi James,
On 10/12/23 15:01, James Prestwood wrote:
> ---
> src/dpp-util.c | 208 +++++++++++++++++++++++++++++++++++++++++++++++++
> src/dpp-util.h | 32 ++++++++
> 2 files changed, 240 insertions(+)
>
You may want to add some references to the code? i.e. which part corresponds to
what section in the spec.
> diff --git a/src/dpp-util.c b/src/dpp-util.c
> index 0406a4dc..b0556917 100644
> --- a/src/dpp-util.c
> +++ b/src/dpp-util.c
> @@ -39,6 +39,32 @@
> #include "ell/asn1-private.h"
> #include "src/ie.h"
>
<snip>
> +
> +struct l_ecc_point *dpp_derive_q(const struct l_ecc_curve *curve,
> + bool responder,
> + const char *key,
> + const char *identifier,
> + const uint8_t *mac)
Should this use the [static 6] syntax? Or I guess not since mac can be NULL.
Why can mac be NULL?
We have derive_l_responder and derive_l_initiator, but derive_q has a boolean
parameter? Lets be consistent.
> +{
> + _auto_(l_ecc_scalar_free) struct l_ecc_scalar *scalar = NULL;
> + _auto_(l_ecc_point_free) struct l_ecc_point *ret = NULL;
> + uint8_t hash[L_ECC_SCALAR_MAX_BYTES];
> + unsigned int bytes = l_ecc_curve_get_scalar_bytes(curve);
> + enum l_checksum_type type = dpp_sha_from_key_len(bytes);
> + _auto_(l_ecc_point_free) struct l_ecc_point *p = NULL;
> + const uint8_t *p_data = responder ? dpp_pkex_responder_p256 :
> + dpp_pkex_initiator_p256;
> + struct l_checksum *sha = l_checksum_new(type);
> +
> + if (mac)
> + l_checksum_update(sha, mac, 6);
> +
> + if (identifier)
> + l_checksum_update(sha, identifier, strlen(identifier));
> +
> + l_checksum_update(sha, key, strlen(key));
> + l_checksum_get_digest(sha, hash, bytes);
> + l_checksum_free(sha);
> +
> + /* Unlikely but can happen */
> + scalar = l_ecc_scalar_new(curve, hash, bytes);
> + if (!scalar)
> + return NULL;
> +
> + p = l_ecc_point_from_data(curve, L_ECC_POINT_TYPE_FULL,
> + p_data, bytes * 2);
> + if (!p)
> + return NULL;
> +
> + ret = l_ecc_point_new(curve);
> +
> + if (!l_ecc_point_multiply(ret, scalar, p))
> + return NULL;
> +
> + return l_steal_ptr(ret);
> +}
> +
> +bool dpp_derive_z(const uint8_t *mac_i, const uint8_t *mac_r,
[static 6]?
> + const struct l_ecc_point *n,
> + const struct l_ecc_point *m,
> + const struct l_ecc_point *k,
> + const char *key,
> + const char *identifier,
> + void *z_out, size_t *z_len)
> +{
> + const struct l_ecc_curve *curve = l_ecc_point_get_curve(n);
> + size_t bytes = l_ecc_curve_get_scalar_bytes(curve);
> + enum l_checksum_type sha = dpp_sha_from_key_len(bytes);
> + uint8_t k_x[L_ECC_SCALAR_MAX_BYTES];
> + uint8_t m_x[L_ECC_SCALAR_MAX_BYTES];
> + uint8_t n_x[L_ECC_SCALAR_MAX_BYTES];
> + uint8_t prk[L_ECC_SCALAR_MAX_BYTES];
> +
> + l_ecc_point_get_x(k, k_x, sizeof(k_x));
> + l_ecc_point_get_x(m, m_x, sizeof(m_x));
> + l_ecc_point_get_x(n, n_x, sizeof(n_x));
> +
> + hkdf_extract(sha, NULL, 0, 1, prk, k_x, bytes);
> +
> + /* HKDF-Extract (since it doesn't take non-string arguments)*/
> + prf_plus(sha, prk, bytes, z_out, bytes, 5, mac_i, 6, mac_r, 6, m_x,
> + bytes, n_x, bytes, key, strlen(key));
> +
> + *z_len = bytes;
> +
> + return true;
> +}
> +
> +bool dpp_derive_u(const struct l_ecc_point *j,
> + const uint8_t *mac_i,
[static 6]?
> + const struct l_ecc_point *a,
> + const struct l_ecc_point *y,
> + const struct l_ecc_point *x,
> + void *u_out, size_t *u_len)
> +{
> + const struct l_ecc_curve *curve = l_ecc_point_get_curve(y);
> + uint8_t j_x[L_ECC_SCALAR_MAX_BYTES];
> + uint8_t a_x[L_ECC_SCALAR_MAX_BYTES];
> + uint8_t y_x[L_ECC_SCALAR_MAX_BYTES];
> + uint8_t x_x[L_ECC_SCALAR_MAX_BYTES];
> + size_t bytes = l_ecc_curve_get_scalar_bytes(curve);
> + enum l_checksum_type sha = dpp_sha_from_key_len(bytes);
> + struct l_checksum *hmac;
> +
> + l_ecc_point_get_x(j, j_x, bytes);
> + l_ecc_point_get_x(a, a_x, bytes);
> + l_ecc_point_get_x(y, y_x, bytes);
> + l_ecc_point_get_x(x, x_x, bytes);
> +
> + /* u = HMAC(J.x, MAC-Initiator | A.x | Y'.x | X.x)*/
> + hmac = l_checksum_new_hmac(sha, j_x, bytes);
> + l_checksum_update(hmac, mac_i, 6);
> + l_checksum_update(hmac, a_x, bytes);
> + l_checksum_update(hmac, y_x, bytes);
> + l_checksum_update(hmac, x_x, bytes);
> + l_checksum_get_digest(hmac, u_out, bytes);
> + l_checksum_free(hmac);
> +
> + *u_len = bytes;
> +
> + return true;
> +}
> +
> +bool dpp_derive_v(const struct l_ecc_point *l, const uint8_t *mac,
And here?
> + const struct l_ecc_point *b,
> + const struct l_ecc_point *x,
> + const struct l_ecc_point *y,
> + uint8_t *v_out, size_t *v_len)
> +{
> + const struct l_ecc_curve *curve = l_ecc_point_get_curve(l);
> + uint8_t l_x[L_ECC_SCALAR_MAX_BYTES];
> + uint8_t b_x[L_ECC_SCALAR_MAX_BYTES];
> + uint8_t x_x[L_ECC_SCALAR_MAX_BYTES];
> + uint8_t y_x[L_ECC_SCALAR_MAX_BYTES];
> + size_t bytes = l_ecc_curve_get_scalar_bytes(curve);
> + enum l_checksum_type sha = dpp_sha_from_key_len(bytes);
> + struct l_checksum *hmac;
> +
> + l_ecc_point_get_x(l, l_x, sizeof(l_x));
> + l_ecc_point_get_x(b, b_x, sizeof(b_x));
> + l_ecc_point_get_x(x, x_x, sizeof(x_x));
> + l_ecc_point_get_x(y, y_x, sizeof(y_x));
> +
> + hmac = l_checksum_new_hmac(sha, l_x, bytes);
> +
> + if (mac)
> + l_checksum_update(hmac, mac, 6);
> +
> + l_checksum_update(hmac, b_x, bytes);
> + l_checksum_update(hmac, x_x, bytes);
> + l_checksum_update(hmac, y_x, bytes);
> + l_checksum_get_digest(hmac, v_out, bytes);
> + l_checksum_free(hmac);
> +
> + *v_len = bytes;
> +
> + return true;
> +}
<snip>
Unit tests?
Regards,
-Denis
next prev parent reply other threads:[~2023-10-19 15:13 UTC|newest]
Thread overview: 57+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-10-12 20:01 [PATCH 00/21] DPP PKEX Changes James Prestwood
2023-10-12 20:01 ` [PATCH 01/21] crypto: remove label from prf_plus, instead use va_args James Prestwood
2023-10-17 15:18 ` Denis Kenzior
2023-10-12 20:01 ` [PATCH 02/21] dpp-util: fix typo "COMMIT_REVEAP_RESPONSE" James Prestwood
2023-10-17 15:19 ` Denis Kenzior
2023-10-12 20:01 ` [PATCH 03/21] dpp: rename auth_addr to peer_addr James Prestwood
2023-10-17 15:21 ` Denis Kenzior
2023-10-12 20:01 ` [PATCH 04/21] dpp: rename dpp_presence_timeout to be generic James Prestwood
2023-10-17 15:31 ` Denis Kenzior
2023-10-12 20:01 ` [PATCH 05/21] dpp: move/store max_roc setting into dpp_create James Prestwood
2023-10-17 15:32 ` Denis Kenzior
2023-10-12 20:01 ` [PATCH 06/21] dpp: fix retransmits if on operating channel James Prestwood
2023-10-17 15:36 ` Denis Kenzior
2023-10-12 20:01 ` [PATCH 07/21] dpp-util: allow for mutual authentication in i/r_auth James Prestwood
2023-10-19 14:34 ` Denis Kenzior
2023-10-12 20:01 ` [PATCH 08/21] dpp-util: allow mutual auth in dpp_derive_ke James Prestwood
2023-10-12 20:01 ` [PATCH 09/21] unit: update test-dpp with API changes James Prestwood
2023-10-12 20:01 ` [PATCH 10/21] offchannel: add support to issue multiple offchannel requests James Prestwood
2023-10-19 14:51 ` Denis Kenzior
2023-10-19 19:35 ` James Prestwood
2023-10-19 19:55 ` Denis Kenzior
2023-10-19 20:05 ` James Prestwood
2023-10-19 21:42 ` Denis Kenzior
2023-10-19 21:47 ` James Prestwood
2023-10-20 19:10 ` James Prestwood
2023-10-12 20:01 ` [PATCH 11/21] doc: PKEX support for DPP James Prestwood
2023-10-19 14:59 ` Denis Kenzior
2023-10-19 15:23 ` James Prestwood
2023-10-19 15:36 ` Denis Kenzior
2023-10-19 15:45 ` James Prestwood
2023-10-19 16:17 ` Denis Kenzior
2023-10-19 16:42 ` James Prestwood
2023-10-19 18:56 ` Denis Kenzior
2023-10-19 20:00 ` James Prestwood
2023-10-19 21:47 ` Denis Kenzior
2023-10-19 22:22 ` James Prestwood
2023-10-19 23:12 ` Denis Kenzior
2023-10-23 13:49 ` James Prestwood
2023-10-24 14:40 ` Denis Kenzior
2023-10-24 12:05 ` James Prestwood
2023-10-24 15:03 ` Denis Kenzior
2023-10-24 15:19 ` James Prestwood
2023-10-25 2:46 ` Denis Kenzior
2023-10-12 20:01 ` [PATCH 12/21] dpp-util: add crypto for PKEX James Prestwood
2023-10-19 15:13 ` Denis Kenzior [this message]
2023-10-19 15:27 ` James Prestwood
2023-10-12 20:01 ` [PATCH 13/21] dpp-util: add __DPP_STATUS_MAX James Prestwood
2023-10-19 15:16 ` Denis Kenzior
2023-10-23 12:35 ` James Prestwood
2023-10-12 20:01 ` [PATCH 14/21] dpp: support mutual authentication James Prestwood
2023-10-12 20:01 ` [PATCH 15/21] dpp: allow enrollee to be authentication initiator James Prestwood
2023-10-12 20:01 ` [PATCH 16/21] dbus: add SharedCodeDeviceProvisioning interface definition James Prestwood
2023-10-12 20:01 ` [PATCH 17/21] dpp: initial version of PKEX enrollee support James Prestwood
2023-10-12 20:01 ` [PATCH 18/21] dpp: initial version of PKEX configurator support James Prestwood
2023-10-12 20:01 ` [PATCH 19/21] auto-t: add utils for wpa_supplicant PKEX James Prestwood
2023-10-12 20:01 ` [PATCH 20/21] auto-t: add APIs for PKEX James Prestwood
2023-10-12 20:01 ` [PATCH 21/21] auto-t: add DPP PKEX tests James Prestwood
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=856ccaf4-64fb-437c-9ba2-72702111f320@gmail.com \
--to=denkenz@gmail.com \
--cc=iwd@lists.linux.dev \
--cc=prestwoj@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox