SAE: Reject unsuitable groups based on REVmd changes

The rules defining which DH groups are suitable for SAE use were
accepted into IEEE 802.11 REVmd based on this document:
https://mentor.ieee.org/802.11/dcn/19/11-19-0387-02-000m-addressing-some-sae-comments.docx

Enforce those rules in production builds of wpa_supplicant and hostapd.
CONFIG_TESTING_OPTIONS=y builds can still be used to select any o the
implemented groups to maintain testing coverage.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>

diff --git a/src/common/sae.c b/src/common/sae.c
index 981e788dc7518cc7986fc58e3646fc80f0688b82..8129a7c156da5cf221d2662613f5ae85e0741bc1 100644 (file)
--- a/src/common/sae.c
+++ b/src/common/sae.c
@@ -17,10 +17,33 @@
 #include "sae.h"
 
 
+static int sae_suitable_group(int group)
+{
+#ifdef CONFIG_TESTING_OPTIONS
+       /* Allow all groups for testing purposes in non-production builds. */
+       return 1;
+#else /* CONFIG_TESTING_OPTIONS */
+       /* Enforce REVmd rules on which SAE groups are suitable for production
+        * purposes: FFC groups whose prime is >= 3072 bits and ECC groups
+        * defined over a prime field whose prime is >= 256 bits. Furthermore,
+        * ECC groups defined over a characteristic 2 finite field and ECC
+        * groups with a co-factor greater than 1 are not suitable. */
+       return group == 19 || group == 20 || group == 21 ||
+               group == 28 || group == 29 || group == 30 ||
+               group == 15 || group == 16 || group == 17 || group == 18;
+#endif /* CONFIG_TESTING_OPTIONS */
+}
+
+
 int sae_set_group(struct sae_data *sae, int group)
 {
        struct sae_temporary_data *tmp;
 
+       if (!sae_suitable_group(group)) {
+               wpa_printf(MSG_DEBUG, "SAE: Reject unsuitable group %d", group);
+               return -1;
+       }
+
        sae_clear_data(sae);
        tmp = sae->tmp = os_zalloc(sizeof(*tmp));
        if (tmp == NULL)