Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / system / netd / 986d097bcacf51ec71f3b6905185e830a98df8ca^! / . / server / SoftapController.cpp
commit986d097bcacf51ec71f3b6905185e830a98df8ca[log] [tgz]
authorAdam Langley <agl@google.com>Wed Nov 04 14:35:25 2015 -0800
committerKenny Root <kroot@google.com>Thu Nov 05 11:27:03 2015 -0800
treecd7dee01a326f11f64f4303f8aa74f82260220d4
parent8a55a1b087de5882808495e1a85e5ca52ef470a1 [diff] [blame]
system/netd: check return value of PKCS5_PBKDF2_HMAC_SHA1.

The function PKCS5_PBKDF2_HMAC_SHA1 can fail for a number of reasons and
thus its return value should be checked and handled.

Change-Id: I63bd1378e78926372309072c3fa821666cac1b01

diff --git a/server/SoftapController.cpp b/server/SoftapController.cpp
index d9e40a4..1bafab6 100644
--- a/server/SoftapController.cpp
+++ b/server/SoftapController.cpp

@@ -154,10 +154,14 @@
     if (argc > 7) {
         char psk_str[2*SHA256_DIGEST_LENGTH+1];
         if (!strcmp(argv[6], "wpa-psk")) {
-            generatePsk(argv[3], argv[7], psk_str);
+            if (!generatePsk(argv[3], argv[7], psk_str)) {
+                return ResponseCode::OperationFailed;
+            }
             fbuf = StringPrintf("%swpa=3\nwpa_pairwise=TKIP CCMP\nwpa_psk=%s\n", wbuf.c_str(), psk_str);
         } else if (!strcmp(argv[6], "wpa2-psk")) {
-            generatePsk(argv[3], argv[7], psk_str);
+            if (!generatePsk(argv[3], argv[7], psk_str)) {
+                return ResponseCode::OperationFailed;
+            }
             fbuf = StringPrintf("%swpa=2\nrsn_pairwise=CCMP\nwpa_psk=%s\n", wbuf.c_str(), psk_str);
         } else if (!strcmp(argv[6], "open")) {
             fbuf = wbuf;
@@ -210,14 +214,21 @@
     return ResponseCode::SoftapStatusResult;
 }
 
-void SoftapController::generatePsk(char *ssid, char *passphrase, char *psk_str) {
+bool SoftapController::generatePsk(char *ssid, char *passphrase, char *psk_str) {
     unsigned char psk[SHA256_DIGEST_LENGTH];
-    int j;
+
     // Use the PKCS#5 PBKDF2 with 4096 iterations
-    PKCS5_PBKDF2_HMAC_SHA1(passphrase, strlen(passphrase),
-            reinterpret_cast<const unsigned char *>(ssid), strlen(ssid),
-            4096, SHA256_DIGEST_LENGTH, psk);
-    for (j=0; j < SHA256_DIGEST_LENGTH; j++) {
+    if (PKCS5_PBKDF2_HMAC_SHA1(passphrase, strlen(passphrase),
+                               reinterpret_cast<const unsigned char *>(ssid),
+                               strlen(ssid), 4096, SHA256_DIGEST_LENGTH,
+                               psk) != 1) {
+        ALOGE("Cannot generate PSK using PKCS#5 PBKDF2");
+        return false;
+    }
+
+    for (int j=0; j < SHA256_DIGEST_LENGTH; j++) {
         sprintf(&psk_str[j*2], "%02x", psk[j]);
     }
+
+    return true;
 }