From: Jouni Malinen <j@w1.fi>
Date: Sat, 13 Apr 2019 14:20:57 +0000 (+0300)
Subject: EAP-pwd: Disallow ECC groups with a prime under 256 bits
X-Git-Tag: hostap_2_8~81
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=92e1b96c26a84e503847bdd22ebadf697c4031ad;p=thirdparty%2Fhostap.git

EAP-pwd: Disallow ECC groups with a prime under 256 bits

Based on the SAE implementation guidance update to not allow ECC groups
with a prime that is under 256 bits, reject groups 25, 26, and 27 in
EAP-pwd.

Signed-off-by: Jouni Malinen <j@w1.fi>
---

diff --git a/src/eap_common/eap_pwd_common.c b/src/eap_common/eap_pwd_common.c
index 4288b5299..00f85a390 100644
--- a/src/eap_common/eap_pwd_common.c
+++ b/src/eap_common/eap_pwd_common.c
@@ -85,10 +85,23 @@ static int eap_pwd_kdf(const u8 *key, size_t keylen, const u8 *label,
 }
 
 
+static int eap_pwd_suitable_group(u16 num)
+{
+	/* Do not allow ECC groups with prime under 256 bits based on guidance
+	 * for the similar design in SAE. */
+	return num == 19 || num == 20 || num == 21 ||
+		num == 28 || num == 29 || num == 30;
+}
+
+
 EAP_PWD_group * get_eap_pwd_group(u16 num)
 {
 	EAP_PWD_group *grp;
 
+	if (!eap_pwd_suitable_group(num)) {
+		wpa_printf(MSG_INFO, "EAP-pwd: unsuitable group %u", num);
+		return NULL;
+	}
 	grp = os_zalloc(sizeof(EAP_PWD_group));
 	if (!grp)
 		return NULL;