#include "utils/includes.h"
#include "utils/common.h"
+#include "crypto/crypto.h"
#include "dragonfly.h"
(!ecc_only &&
(group == 15 || group == 16 || group == 17 || group == 18));
}
+
+
+int dragonfly_get_random_qr_qnr(const struct crypto_bignum *prime,
+ struct crypto_bignum **qr,
+ struct crypto_bignum **qnr)
+{
+ *qr = *qnr = NULL;
+
+ while (!(*qr) || !(*qnr)) {
+ struct crypto_bignum *tmp;
+ int res;
+
+ tmp = crypto_bignum_init();
+ if (!tmp || crypto_bignum_rand(tmp, prime) < 0)
+ break;
+
+ res = crypto_bignum_legendre(tmp, prime);
+ if (res == 1 && !(*qr))
+ *qr = tmp;
+ else if (res == -1 && !(*qnr))
+ *qnr = tmp;
+ else
+ crypto_bignum_deinit(tmp, 0);
+ }
+
+ if (*qr && *qnr)
+ return 0;
+ crypto_bignum_deinit(*qr, 0);
+ crypto_bignum_deinit(*qnr, 0);
+ *qr = *qnr = NULL;
+ return -1;
+}
}
-static int get_random_qr_qnr(const u8 *prime, size_t prime_len,
- const struct crypto_bignum *prime_bn,
- size_t prime_bits, struct crypto_bignum **qr,
- struct crypto_bignum **qnr)
-{
- *qr = NULL;
- *qnr = NULL;
-
- while (!(*qr) || !(*qnr)) {
- u8 tmp[SAE_MAX_ECC_PRIME_LEN];
- struct crypto_bignum *q;
- int res;
-
- if (random_get_bytes(tmp, prime_len) < 0)
- break;
- if (prime_bits % 8)
- buf_shift_right(tmp, prime_len, 8 - prime_bits % 8);
- if (os_memcmp(tmp, prime, prime_len) >= 0)
- continue;
- q = crypto_bignum_init_set(tmp, prime_len);
- if (!q)
- break;
- res = crypto_bignum_legendre(q, prime_bn);
-
- if (res == 1 && !(*qr))
- *qr = q;
- else if (res == -1 && !(*qnr))
- *qnr = q;
- else
- crypto_bignum_deinit(q, 0);
- }
-
- return (*qr && *qnr) ? 0 : -1;
-}
-
-
static int sae_derive_pwe_ecc(struct sae_data *sae, const u8 *addr1,
const u8 *addr2, const u8 *password,
size_t password_len, const char *identifier)
u8 x_cand_bin[SAE_MAX_ECC_PRIME_LEN];
u8 qr_bin[SAE_MAX_ECC_PRIME_LEN];
u8 qnr_bin[SAE_MAX_ECC_PRIME_LEN];
- size_t bits;
int res = -1;
u8 found = 0; /* 0 (false) or 0xff (true) to be used as const_time_*
* mask */
if (crypto_bignum_to_bin(sae->tmp->prime, prime, sizeof(prime),
prime_len) < 0)
goto fail;
- bits = crypto_ec_prime_len_bits(sae->tmp->ec);
/*
* Create a random quadratic residue (qr) and quadratic non-residue
* (qnr) modulo p for blinding purposes during the loop.
*/
- if (get_random_qr_qnr(prime, prime_len, sae->tmp->prime, bits,
- &qr, &qnr) < 0 ||
+ if (dragonfly_get_random_qr_qnr(sae->tmp->prime, &qr, &qnr) < 0 ||
crypto_bignum_to_bin(qr, qr_bin, sizeof(qr_bin), prime_len) < 0 ||
crypto_bignum_to_bin(qnr, qnr_bin, sizeof(qnr_bin), prime_len) < 0)
goto fail;
goto fail;
/* get a random quadratic residue and nonresidue */
- while (!qr || !qnr) {
- if (crypto_bignum_rand(tmp1, prime) < 0)
- goto fail;
- res = crypto_bignum_legendre(tmp1, prime);
- if (!qr && res == 1) {
- qr = tmp1;
- tmp1 = crypto_bignum_init();
- } else if (!qnr && res == -1) {
- qnr = tmp1;
- tmp1 = crypto_bignum_init();
- }
- if (!tmp1)
- goto fail;
- }
- if (crypto_bignum_to_bin(qr, qr_bin, sizeof(qr_bin),
+ if (dragonfly_get_random_qr_qnr(prime, &qr, &qnr) < 0 ||
+ crypto_bignum_to_bin(qr, qr_bin, sizeof(qr_bin),
primebytelen) < 0 ||
crypto_bignum_to_bin(qnr, qnr_bin, sizeof(qnr_bin),
primebytelen) < 0)
projects / thirdparty / hostap.git / commitdiff
