SAE: Move commit element validation steps into single location

It is clearer to keep all the validation steps described in IEEE 802.11
11.3.5.4 in a single location instead of splitting this between the
parsing and processing functions.

Signed-hostap: Jouni Malinen <j@w1.fi>

diff --git a/src/common/sae.c b/src/common/sae.c
index 44ffcd09f8fceb3453d18f07bac99a8d873f624a..900702a59321c48a3804d33ff1b332d85e91765f 100644 (file)
--- a/src/common/sae.c
+++ b/src/common/sae.c
@@ -524,12 +524,6 @@ static int sae_derive_k_ecc(struct sae_data *sae, u8 *k)
        if (K == NULL)
                goto fail;
 
-       if (!crypto_ec_point_is_on_curve(sae->tmp->ec,
-                                        sae->tmp->peer_commit_element_ecc)) {
-               wpa_printf(MSG_DEBUG, "SAE: Peer element is not on curve");
-               goto fail;
-       }
-
        /*
         * K = scalar-op(rand, (elem-op(scalar-op(peer-commit-scalar, PWE),
         *                                        PEER-COMMIT-ELEMENT)))
@@ -821,6 +815,12 @@ static u16 sae_parse_commit_element_ecc(struct sae_data *sae, const u8 *pos,
        if (sae->tmp->peer_commit_element_ecc == NULL)
                return WLAN_STATUS_UNSPECIFIED_FAILURE;
 
+       if (!crypto_ec_point_is_on_curve(sae->tmp->ec,
+                                        sae->tmp->peer_commit_element_ecc)) {
+               wpa_printf(MSG_DEBUG, "SAE: Peer element is not on curve");
+               return WLAN_STATUS_UNSPECIFIED_FAILURE;
+       }
+
        return WLAN_STATUS_SUCCESS;
 }