u8 found = 0; /* 0 (false) or 0xff (true) to be used as const_time_*
* mask */
size_t primebytelen = 0, primebitlen;
- struct crypto_bignum *x_candidate = NULL, *cofactor = NULL;
+ struct crypto_bignum *x_candidate = NULL;
const struct crypto_bignum *prime;
u8 mask, found_ctr = 0, is_odd = 0;
os_memset(x_bin, 0, sizeof(x_bin));
prime = crypto_ec_get_prime(grp->group);
- cofactor = crypto_bignum_init();
grp->pwe = crypto_ec_point_init(grp->group);
tmp1 = crypto_bignum_init();
pm1 = crypto_bignum_init();
one = crypto_bignum_init_set((const u8 *) "\x01", 1);
- if (!cofactor || !grp->pwe || !tmp1 || !pm1 || !one) {
+ if (!grp->pwe || !tmp1 || !pm1 || !one) {
wpa_printf(MSG_INFO, "EAP-pwd: unable to create bignums");
goto fail;
}
- if (crypto_ec_cofactor(grp->group, cofactor) < 0) {
- wpa_printf(MSG_INFO, "EAP-pwd: unable to get cofactor for "
- "curve");
- goto fail;
- }
primebitlen = crypto_ec_prime_len_bits(grp->group);
primebytelen = crypto_ec_prime_len(grp->group);
if ((prfbuf = os_malloc(primebytelen)) == NULL) {
goto fail;
}
- if (!crypto_bignum_is_one(cofactor)) {
- /* make sure the point is not in a small sub-group */
- if (crypto_ec_point_mul(grp->group, grp->pwe, cofactor,
- grp->pwe) != 0) {
- wpa_printf(MSG_INFO,
- "EAP-pwd: cannot multiply generator by order");
- goto fail;
- }
- if (crypto_ec_point_is_at_infinity(grp->group, grp->pwe)) {
- wpa_printf(MSG_INFO, "EAP-pwd: point is at infinity");
- goto fail;
- }
- }
wpa_printf(MSG_DEBUG, "EAP-pwd: found a PWE in %02d tries", found_ctr);
if (0) {
ret = 1;
}
/* cleanliness and order.... */
- crypto_bignum_deinit(cofactor, 1);
crypto_bignum_deinit(x_candidate, 1);
crypto_bignum_deinit(pm1, 0);
crypto_bignum_deinit(tmp1, 1);
struct crypto_ec_point *element;
const struct crypto_bignum *prime;
size_t prime_len;
- struct crypto_bignum *cofactor = NULL;
prime = crypto_ec_get_prime(group->group);
prime_len = crypto_ec_prime_len(group->group);
goto fail;
}
- cofactor = crypto_bignum_init();
- if (!cofactor || crypto_ec_cofactor(group->group, cofactor) < 0) {
- wpa_printf(MSG_INFO,
- "EAP-pwd: Unable to get cofactor for curve");
- goto fail;
- }
-
- if (!crypto_bignum_is_one(cofactor)) {
- struct crypto_ec_point *point;
- int ok = 1;
-
- /* check to ensure peer's element is not in a small sub-group */
- point = crypto_ec_point_init(group->group);
- if (!point ||
- crypto_ec_point_mul(group->group, element,
- cofactor, point) != 0 ||
- crypto_ec_point_is_at_infinity(group->group, point))
- ok = 0;
- crypto_ec_point_deinit(point, 0);
-
- if (!ok) {
- wpa_printf(MSG_INFO,
- "EAP-pwd: Small sub-group check on peer element failed");
- goto fail;
- }
- }
-
out:
- crypto_bignum_deinit(cofactor, 0);
return element;
fail:
crypto_ec_point_deinit(element, 0);
const u8 *payload, size_t payload_len)
{
struct crypto_ec_point *K = NULL;
- struct crypto_bignum *mask = NULL, *cofactor = NULL;
+ struct crypto_bignum *mask = NULL;
const u8 *ptr = payload;
u8 *scalar, *element;
size_t prime_len, order_len;
data->private_value = crypto_bignum_init();
data->my_element = crypto_ec_point_init(data->grp->group);
- cofactor = crypto_bignum_init();
data->my_scalar = crypto_bignum_init();
mask = crypto_bignum_init();
- if (!data->private_value || !data->my_element || !cofactor ||
+ if (!data->private_value || !data->my_element ||
!data->my_scalar || !mask) {
wpa_printf(MSG_INFO, "EAP-PWD (peer): scalar allocation fail");
goto fin;
}
- if (crypto_ec_cofactor(data->grp->group, cofactor) < 0) {
- wpa_printf(MSG_INFO, "EAP-pwd (peer): unable to get cofactor "
- "for curve");
- goto fin;
- }
-
if (eap_pwd_get_rand_mask(data->grp, data->private_value, mask,
data->my_scalar) < 0)
goto fin;
goto fin;
}
- /* ensure that the shared key isn't in a small sub-group */
- if (!crypto_bignum_is_one(cofactor)) {
- if (crypto_ec_point_mul(data->grp->group, K, cofactor, K) < 0) {
- wpa_printf(MSG_INFO, "EAP-PWD (peer): cannot multiply "
- "shared key point by order");
- goto fin;
- }
- }
-
/*
- * This check is strictly speaking just for the case above where
+ * This check is strictly speaking just for the case where
* co-factor > 1 but it was suggested that even though this is probably
* never going to happen it is a simple and safe check "just to be
* sure" so let's be safe.
fin:
crypto_bignum_deinit(mask, 1);
- crypto_bignum_deinit(cofactor, 1);
crypto_ec_point_deinit(K, 1);
if (data->outbuf == NULL)
eap_pwd_state(data, FAILURE);
const u8 *payload, size_t payload_len)
{
const u8 *ptr;
- struct crypto_bignum *cofactor = NULL;
struct crypto_ec_point *K = NULL;
int res = 0;
size_t prime_len, order_len;
}
data->k = crypto_bignum_init();
- cofactor = crypto_bignum_init();
K = crypto_ec_point_init(data->grp->group);
- if (!data->k || !cofactor || !K) {
+ if (!data->k || !K) {
wpa_printf(MSG_INFO, "EAP-PWD (server): peer data allocation "
"fail");
goto fin;
}
- if (crypto_ec_cofactor(data->grp->group, cofactor) < 0) {
- wpa_printf(MSG_INFO, "EAP-PWD (server): unable to get "
- "cofactor for curve");
- goto fin;
- }
-
/* element, x then y, followed by scalar */
ptr = payload;
data->peer_element = eap_pwd_get_element(data->grp, ptr);
goto fin;
}
- /* ensure that the shared key isn't in a small sub-group */
- if (!crypto_bignum_is_one(cofactor)) {
- if (crypto_ec_point_mul(data->grp->group, K, cofactor,
- K) != 0) {
- wpa_printf(MSG_INFO, "EAP-PWD (server): cannot "
- "multiply shared key point by order!\n");
- goto fin;
- }
- }
-
/*
- * This check is strictly speaking just for the case above where
+ * This check is strictly speaking just for the case where
* co-factor > 1 but it was suggested that even though this is probably
* never going to happen it is a simple and safe check "just to be
* sure" so let's be safe.
fin:
crypto_ec_point_deinit(K, 1);
- crypto_bignum_deinit(cofactor, 1);
if (res)
eap_pwd_state(data, PWD_Confirm_Req);
projects / thirdparty / hostap.git / commitdiff
