SAE: Replace comparison to one with crypto_bignum wrapper

Signed-hostap: Jouni Malinen <j@w1.fi>

diff --git a/src/common/sae.c b/src/common/sae.c
index 2b290193df3b49435e40c565573ae50b36c2104d..6dacedc5567bd9bdf662ca5316bc770c4b603f70 100644 (file)
--- a/src/common/sae.c
+++ b/src/common/sae.c
@@ -85,32 +85,6 @@ void sae_clear_data(struct sae_data *sae)
 }
 
 
-static int val_one(const u8 *val, size_t len)
-{
-       size_t i;
-
-       for (i = 0; i < len - 1; i++) {
-               if (val[i])
-                       return 0;
-       }
-
-       return val[len - 1] == 1;
-}
-
-
-static int val_zero_or_one(const u8 *val, size_t len)
-{
-       size_t i;
-
-       for (i = 0; i < len - 1; i++) {
-               if (val[i])
-                       return 0;
-       }
-
-       return val[len - 1] <= 1;
-}
-
-
 static void buf_shift_right(u8 *buf, size_t len, size_t bits)
 {
        size_t i;
@@ -138,12 +112,12 @@ static struct crypto_bignum * sae_get_rand(struct sae_data *sae)
                        return NULL;
                if (order_len_bits % 8)
                        buf_shift_right(val, order_len, 8 - order_len_bits % 8);
-               if (val_zero_or_one(val, order_len))
-                       continue;
                bn = crypto_bignum_init_set(val, order_len);
                if (bn == NULL)
                        return NULL;
-               if (crypto_bignum_cmp(bn, sae->order) >= 0)
+               if (crypto_bignum_is_zero(bn) ||
+                   crypto_bignum_is_one(bn) ||
+                   crypto_bignum_cmp(bn, sae->order) >= 0)
                        continue;
                break;
        }
@@ -224,7 +198,7 @@ static int sae_test_pwd_seed_ecc(struct sae_data *sae, const u8 *pwd_seed,
 static int sae_test_pwd_seed_ffc(struct sae_data *sae, const u8 *pwd_seed,
                                 struct crypto_bignum *pwe)
 {
-       u8 pwd_value[SAE_MAX_PRIME_LEN], pwe_bin[SAE_MAX_PRIME_LEN];
+       u8 pwd_value[SAE_MAX_PRIME_LEN];
        size_t bits = sae->prime_len * 8;
        u8 exp[1];
        struct crypto_bignum *a, *b;
@@ -282,16 +256,8 @@ static int sae_test_pwd_seed_ffc(struct sae_data *sae, const u8 *pwd_seed,
                return -1;
        }
 
-       res = crypto_bignum_to_bin(pwe, pwe_bin, sizeof(pwe_bin),
-                                  sae->prime_len);
-       if (res < 0) {
-               wpa_printf(MSG_DEBUG, "SAE: Not room for PWE");
-               return -1;
-       }
-       wpa_hexdump_key(MSG_DEBUG, "SAE: PWE candidate", pwe_bin, res);
-
        /* if (PWE > 1) --> found */
-       if (val_zero_or_one(pwe_bin, sae->prime_len)) {
+       if (crypto_bignum_is_zero(pwe) || crypto_bignum_is_one(pwe)) {
                wpa_printf(MSG_DEBUG, "SAE: PWE <= 1");
                return 0;
        }
@@ -604,8 +570,8 @@ static int sae_derive_k_ffc(struct sae_data *sae, u8 *k)
            crypto_bignum_mulmod(K, sae->peer_commit_element_ffc, sae->prime, K)
            < 0 ||
            crypto_bignum_exptmod(K, sae->sae_rand, sae->prime, K) < 0 ||
-           crypto_bignum_to_bin(K, k, SAE_MAX_PRIME_LEN, sae->prime_len) < 0 ||
-           val_one(k, sae->prime_len)) {
+           crypto_bignum_is_one(K) ||
+           crypto_bignum_to_bin(K, k, SAE_MAX_PRIME_LEN, sae->prime_len) < 0) {
                wpa_printf(MSG_DEBUG, "SAE: Failed to calculate K and k");
                goto fail;
        }
@@ -858,17 +824,14 @@ static u16 sae_parse_commit_element_ffc(struct sae_data *sae, const u8 *pos,
        }
        wpa_hexdump(MSG_DEBUG, "SAE: Peer commit-element", pos, sae->prime_len);
 
-       if (val_zero_or_one(pos, sae->prime_len)) {
-               wpa_printf(MSG_DEBUG, "SAE: Invalid peer element");
-               return WLAN_STATUS_UNSPECIFIED_FAILURE;
-       }
-
        crypto_bignum_deinit(sae->peer_commit_element_ffc, 0);
        sae->peer_commit_element_ffc = crypto_bignum_init_set(pos,
                                                              sae->prime_len);
        if (sae->peer_commit_element_ffc == NULL)
                return WLAN_STATUS_UNSPECIFIED_FAILURE;
-       if (crypto_bignum_cmp(sae->peer_commit_element_ffc, sae->prime) >= 0) {
+       if (crypto_bignum_is_zero(sae->peer_commit_element_ffc) ||
+           crypto_bignum_is_one(sae->peer_commit_element_ffc) ||
+           crypto_bignum_cmp(sae->peer_commit_element_ffc, sae->prime) >= 0) {
                wpa_printf(MSG_DEBUG, "SAE: Invalid peer element");
                return WLAN_STATUS_UNSPECIFIED_FAILURE;
        }

diff --git a/src/crypto/crypto.h b/src/crypto/crypto.h
index f0ab83cbf994b81ecffe0f76308ce2d02afb8f3c..9bccaaa8f864aa4b39371cdae57953ba95562b91 100644 (file)
--- a/src/crypto/crypto.h
+++ b/src/crypto/crypto.h
@@ -612,6 +612,13 @@ int crypto_bignum_bits(const struct crypto_bignum *a);
  */
 int crypto_bignum_is_zero(const struct crypto_bignum *a);
 
+/**
+ * crypto_bignum_is_one - Is the given bignum one
+ * @a: Bignum
+ * Returns: 1 if @a is one or 0 if not
+ */
+int crypto_bignum_is_one(const struct crypto_bignum *a);
+
 /**
  * struct crypto_ec - Elliptic curve context
  *

diff --git a/src/crypto/crypto_openssl.c b/src/crypto/crypto_openssl.c
index a18a43ee208e0a296cb712e564c29354b605cba3..5215c00f1732632b8a1c5686979d55220d14a44c 100644 (file)
--- a/src/crypto/crypto_openssl.c
+++ b/src/crypto/crypto_openssl.c
@@ -1006,6 +1006,12 @@ int crypto_bignum_is_zero(const struct crypto_bignum *a)
 }
 
 
+int crypto_bignum_is_one(const struct crypto_bignum *a)
+{
+       return BN_is_one((const BIGNUM *) a);
+}
+
+
 #ifdef CONFIG_ECC
 
 struct crypto_ec {