WPS: Remove derivation of management keys

MgmtAuthKey and MgmtEncKey were not used for anything and are unlikely
to ever be used, so better remove the code to reduce binary size.

diff --git a/src/wps/wps_common.c b/src/wps/wps_common.c
index b96af79..400d911 100644 (file)
--- a/src/wps/wps_common.c
+++ b/src/wps/wps_common.c
@@ -129,56 +129,6 @@ int wps_derive_keys(struct wps_data *wps)
 }
 
 
-int wps_derive_mgmt_keys(struct wps_data *wps)
-{
-       u8 nonces[2 * WPS_NONCE_LEN];
-       u8 keys[WPS_MGMTAUTHKEY_LEN + WPS_MGMTENCKEY_LEN];
-       u8 hash[SHA256_MAC_LEN];
-       const u8 *addr[2];
-       size_t len[2];
-       const char *auth_label = "WFA-WLAN-Management-MgmtAuthKey";
-       const char *enc_label = "WFA-WLAN-Management-MgmtEncKey";
-
-       /* MgmtAuthKey || MgmtEncKey =
-        * kdf(EMSK, N1 || N2 || "WFA-WLAN-Management-Keys", 384) */
-       os_memcpy(nonces, wps->nonce_e, WPS_NONCE_LEN);
-       os_memcpy(nonces + WPS_NONCE_LEN, wps->nonce_r, WPS_NONCE_LEN);
-       wps_kdf(wps->emsk, nonces, sizeof(nonces), "WFA-WLAN-Management-Keys",
-               keys, sizeof(keys));
-       os_memcpy(wps->mgmt_auth_key, keys, WPS_MGMTAUTHKEY_LEN);
-       os_memcpy(wps->mgmt_enc_key, keys + WPS_MGMTAUTHKEY_LEN,
-                 WPS_MGMTENCKEY_LEN);
-
-       addr[0] = nonces;
-       len[0] = sizeof(nonces);
-
-       /* MgmtEncKeyID = first 128 bits of
-        * SHA-256(N1 || N2 || "WFA-WLAN-Management-MgmtAuthKey") */
-       addr[1] = (const u8 *) auth_label;
-       len[1] = os_strlen(auth_label);
-       sha256_vector(2, addr, len, hash);
-       os_memcpy(wps->mgmt_auth_key_id, hash, WPS_MGMT_KEY_ID_LEN);
-
-       /* MgmtEncKeyID = first 128 bits of
-        * SHA-256(N1 || N2 || "WFA-WLAN-Management-MgmtEncKey") */
-       addr[1] = (const u8 *) enc_label;
-       len[1] = os_strlen(enc_label);
-       sha256_vector(2, addr, len, hash);
-       os_memcpy(wps->mgmt_enc_key_id, hash, WPS_MGMT_KEY_ID_LEN);
-
-       wpa_hexdump_key(MSG_DEBUG, "WPS: MgmtAuthKey",
-                       wps->mgmt_auth_key, WPS_MGMTAUTHKEY_LEN);
-       wpa_hexdump(MSG_DEBUG, "WPS: MgmtAuthKeyID",
-                   wps->mgmt_auth_key_id, WPS_MGMT_KEY_ID_LEN);
-       wpa_hexdump_key(MSG_DEBUG, "WPS: MgmtEncKey",
-                       wps->mgmt_enc_key, WPS_MGMTENCKEY_LEN);
-       wpa_hexdump(MSG_DEBUG, "WPS: MgmtEncKeyID",
-                   wps->mgmt_enc_key_id, WPS_MGMT_KEY_ID_LEN);
-
-       return 0;
-}
-
-
 void wps_derive_psk(struct wps_data *wps, const u8 *dev_passwd,
                    size_t dev_passwd_len)
 {

diff --git a/src/wps/wps_enrollee.c b/src/wps/wps_enrollee.c
index 89d229e..9b479a6 100644 (file)
--- a/src/wps/wps_enrollee.c
+++ b/src/wps/wps_enrollee.c
@@ -555,10 +555,6 @@ static int wps_process_pubkey(struct wps_data *wps, const u8 *pk,
        if (wps_derive_keys(wps) < 0)
                return -1;
 
-       if (wps->request_type == WPS_REQ_WLAN_MANAGER_REGISTRAR &&
-           wps_derive_mgmt_keys(wps) < 0)
-               return -1;
-
        return 0;
 }
 

diff --git a/src/wps/wps_i.h b/src/wps/wps_i.h
index 66e49dc..2d8c7b7 100644 (file)
--- a/src/wps/wps_i.h
+++ b/src/wps/wps_i.h
@@ -62,10 +62,6 @@ struct wps_data {
        u8 authkey[WPS_AUTHKEY_LEN];
        u8 keywrapkey[WPS_KEYWRAPKEY_LEN];
        u8 emsk[WPS_EMSK_LEN];
-       u8 mgmt_auth_key[WPS_MGMTAUTHKEY_LEN];
-       u8 mgmt_auth_key_id[WPS_MGMT_KEY_ID_LEN];
-       u8 mgmt_enc_key[WPS_MGMTENCKEY_LEN];
-       u8 mgmt_enc_key_id[WPS_MGMT_KEY_ID_LEN];
 
        struct wpabuf *last_msg;
 
@@ -189,7 +185,6 @@ struct wps_parse_attr {
 void wps_kdf(const u8 *key, const u8 *label_prefix, size_t label_prefix_len,
             const char *label, u8 *res, size_t res_len);
 int wps_derive_keys(struct wps_data *wps);
-int wps_derive_mgmt_keys(struct wps_data *wps);
 void wps_derive_psk(struct wps_data *wps, const u8 *dev_passwd,
                    size_t dev_passwd_len);
 struct wpabuf * wps_decrypt_encr_settings(struct wps_data *wps, const u8 *encr,