SAE: Increase security parameter k to 40 based on Dragonfly recommendation

draft-irtf-cfrg-dragonfly recommends implementation to set the security
parameter, k, to a value of at least 40. This will make PWE generation
take significantly more resources, but makes it more likely to hide
timing differences due to different number of loops needed to find a
suitable PWE.

Signed-off-by: Jouni Malinen <j@w1.fi>

diff --git a/src/common/sae.c b/src/common/sae.c
index 9d25b2b34cee6352091e882e7b9828861d4ab805..2fec4b3b8b1f7eed812df0654a077d2628b2b6b2 100644 (file)
--- a/src/common/sae.c
+++ b/src/common/sae.c
@@ -290,7 +290,7 @@ static int sae_derive_pwe_ecc(struct sae_data *sae, const u8 *addr1,
                              const u8 *addr2, const u8 *password,
                              size_t password_len)
 {
-       u8 counter, k = 4;
+       u8 counter, k = 40;
        u8 addrs[2 * ETH_ALEN];
        const u8 *addr[2];
        size_t len[2];