WPS: Use random_get_bytes() for NFC password id

os_random() may not be seeded properly, so use stronger mechanism for
generating the password id for NFC password tokens.

Signed-hostap: Jouni Malinen <j@w1.fi>

diff --git a/src/ap/wps_hostapd.c b/src/ap/wps_hostapd.c
index 0b1fa30..fbff90f 100644 (file)
--- a/src/ap/wps_hostapd.c
+++ b/src/ap/wps_hostapd.c
@@ -1629,13 +1629,15 @@ struct wpabuf * hostapd_wps_nfc_token_gen(struct hostapd_data *hapd, int ndef)
        struct wpabuf *priv = NULL, *pub = NULL, *pw;
        void *dh_ctx;
        struct wpabuf *ret;
+       u16 val;
 
        pw = wpabuf_alloc(WPS_OOB_DEVICE_PASSWORD_LEN);
        if (pw == NULL)
                return NULL;
 
        if (random_get_bytes(wpabuf_put(pw, WPS_OOB_DEVICE_PASSWORD_LEN),
-                            WPS_OOB_DEVICE_PASSWORD_LEN)) {
+                            WPS_OOB_DEVICE_PASSWORD_LEN) ||
+           random_get_bytes((u8 *) &val, sizeof(val))) {
                wpabuf_free(pw);
                return NULL;
        }
@@ -1647,7 +1649,7 @@ struct wpabuf * hostapd_wps_nfc_token_gen(struct hostapd_data *hapd, int ndef)
        }
        dh5_free(dh_ctx);
 
-       hapd->conf->wps_nfc_dev_pw_id = 0x10 + os_random() % 0xfff0;
+       hapd->conf->wps_nfc_dev_pw_id = 0x10 + val % 0xfff0;
        wpabuf_free(hapd->conf->wps_nfc_dh_pubkey);
        hapd->conf->wps_nfc_dh_pubkey = pub;
        wpabuf_free(hapd->conf->wps_nfc_dh_privkey);

diff --git a/wpa_supplicant/wps_supplicant.c b/wpa_supplicant/wps_supplicant.c
index 393c395..4314bb0 100644 (file)
--- a/wpa_supplicant/wps_supplicant.c
+++ b/wpa_supplicant/wps_supplicant.c
@@ -1799,13 +1799,15 @@ struct wpabuf * wpas_wps_nfc_token(struct wpa_supplicant *wpa_s, int ndef)
        struct wpabuf *priv = NULL, *pub = NULL, *pw;
        void *dh_ctx;
        struct wpabuf *ret;
+       u16 val;
 
        pw = wpabuf_alloc(WPS_OOB_DEVICE_PASSWORD_LEN);
        if (pw == NULL)
                return NULL;
 
        if (random_get_bytes(wpabuf_put(pw, WPS_OOB_DEVICE_PASSWORD_LEN),
-                            WPS_OOB_DEVICE_PASSWORD_LEN)) {
+                            WPS_OOB_DEVICE_PASSWORD_LEN) ||
+           random_get_bytes((u8 *) &val, sizeof(val))) {
                wpabuf_free(pw);
                return NULL;
        }
@@ -1817,7 +1819,7 @@ struct wpabuf * wpas_wps_nfc_token(struct wpa_supplicant *wpa_s, int ndef)
        }
        dh5_free(dh_ctx);
 
-       wpa_s->conf->wps_nfc_dev_pw_id = 0x10 + os_random() % 0xfff0;
+       wpa_s->conf->wps_nfc_dev_pw_id = 0x10 + val % 0xfff0;
        wpabuf_free(wpa_s->conf->wps_nfc_dh_pubkey);
        wpa_s->conf->wps_nfc_dh_pubkey = pub;
        wpabuf_free(wpa_s->conf->wps_nfc_dh_privkey);