Share common SAE and EAP-pwd functionality: random qr/qnr creation
Use a shared helper function to create random qr/qnr values. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit is contained in:
Jouni Malinen
Jouni Malinen
parent
2b84ca4dd9
commit
6c9543fcb7
4 changed files with 41 additions and 55 deletions
|
|
@ -10,6 +10,7 @@
|
|||
#include "utils/includes.h"
|
||||
|
||||
#include "utils/common.h"
|
||||
#include "crypto/crypto.h"
|
||||
#include "dragonfly.h"
|
||||
|
||||
|
||||
|
|
@ -25,3 +26,35 @@ int dragonfly_suitable_group(int group, int ecc_only)
|
|||
(!ecc_only &&
|
||||
(group == 15 || group == 16 || group == 17 || group == 18));
|
||||
}
|
||||
|
||||
|
||||
int dragonfly_get_random_qr_qnr(const struct crypto_bignum *prime,
|
||||
struct crypto_bignum **qr,
|
||||
struct crypto_bignum **qnr)
|
||||
{
|
||||
*qr = *qnr = NULL;
|
||||
|
||||
while (!(*qr) || !(*qnr)) {
|
||||
struct crypto_bignum *tmp;
|
||||
int res;
|
||||
|
||||
tmp = crypto_bignum_init();
|
||||
if (!tmp || crypto_bignum_rand(tmp, prime) < 0)
|
||||
break;
|
||||
|
||||
res = crypto_bignum_legendre(tmp, prime);
|
||||
if (res == 1 && !(*qr))
|
||||
*qr = tmp;
|
||||
else if (res == -1 && !(*qnr))
|
||||
*qnr = tmp;
|
||||
else
|
||||
crypto_bignum_deinit(tmp, 0);
|
||||
}
|
||||
|
||||
if (*qr && *qnr)
|
||||
return 0;
|
||||
crypto_bignum_deinit(*qr, 0);
|
||||
crypto_bignum_deinit(*qnr, 0);
|
||||
*qr = *qnr = NULL;
|
||||
return -1;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -10,6 +10,11 @@
|
|||
#ifndef DRAGONFLY_H
|
||||
#define DRAGONFLY_H
|
||||
|
||||
struct crypto_bignum;
|
||||
|
||||
int dragonfly_suitable_group(int group, int ecc_only);
|
||||
int dragonfly_get_random_qr_qnr(const struct crypto_bignum *prime,
|
||||
struct crypto_bignum **qr,
|
||||
struct crypto_bignum **qnr);
|
||||
|
||||
#endif /* DRAGONFLY_H */
|
||||
|
|
|
|||
|
|
@ -401,42 +401,6 @@ fail:
|
|||
}
|
||||
|
||||
|
||||
static int get_random_qr_qnr(const u8 *prime, size_t prime_len,
|
||||
const struct crypto_bignum *prime_bn,
|
||||
size_t prime_bits, struct crypto_bignum **qr,
|
||||
struct crypto_bignum **qnr)
|
||||
{
|
||||
*qr = NULL;
|
||||
*qnr = NULL;
|
||||
|
||||
while (!(*qr) || !(*qnr)) {
|
||||
u8 tmp[SAE_MAX_ECC_PRIME_LEN];
|
||||
struct crypto_bignum *q;
|
||||
int res;
|
||||
|
||||
if (random_get_bytes(tmp, prime_len) < 0)
|
||||
break;
|
||||
if (prime_bits % 8)
|
||||
buf_shift_right(tmp, prime_len, 8 - prime_bits % 8);
|
||||
if (os_memcmp(tmp, prime, prime_len) >= 0)
|
||||
continue;
|
||||
q = crypto_bignum_init_set(tmp, prime_len);
|
||||
if (!q)
|
||||
break;
|
||||
res = crypto_bignum_legendre(q, prime_bn);
|
||||
|
||||
if (res == 1 && !(*qr))
|
||||
*qr = q;
|
||||
else if (res == -1 && !(*qnr))
|
||||
*qnr = q;
|
||||
else
|
||||
crypto_bignum_deinit(q, 0);
|
||||
}
|
||||
|
||||
return (*qr && *qnr) ? 0 : -1;
|
||||
}
|
||||
|
||||
|
||||
static int sae_derive_pwe_ecc(struct sae_data *sae, const u8 *addr1,
|
||||
const u8 *addr2, const u8 *password,
|
||||
size_t password_len, const char *identifier)
|
||||
|
|
@ -455,7 +419,6 @@ static int sae_derive_pwe_ecc(struct sae_data *sae, const u8 *addr1,
|
|||
u8 x_cand_bin[SAE_MAX_ECC_PRIME_LEN];
|
||||
u8 qr_bin[SAE_MAX_ECC_PRIME_LEN];
|
||||
u8 qnr_bin[SAE_MAX_ECC_PRIME_LEN];
|
||||
size_t bits;
|
||||
int res = -1;
|
||||
u8 found = 0; /* 0 (false) or 0xff (true) to be used as const_time_*
|
||||
* mask */
|
||||
|
|
@ -472,14 +435,12 @@ static int sae_derive_pwe_ecc(struct sae_data *sae, const u8 *addr1,
|
|||
if (crypto_bignum_to_bin(sae->tmp->prime, prime, sizeof(prime),
|
||||
prime_len) < 0)
|
||||
goto fail;
|
||||
bits = crypto_ec_prime_len_bits(sae->tmp->ec);
|
||||
|
||||
/*
|
||||
* Create a random quadratic residue (qr) and quadratic non-residue
|
||||
* (qnr) modulo p for blinding purposes during the loop.
|
||||
*/
|
||||
if (get_random_qr_qnr(prime, prime_len, sae->tmp->prime, bits,
|
||||
&qr, &qnr) < 0 ||
|
||||
if (dragonfly_get_random_qr_qnr(sae->tmp->prime, &qr, &qnr) < 0 ||
|
||||
crypto_bignum_to_bin(qr, qr_bin, sizeof(qr_bin), prime_len) < 0 ||
|
||||
crypto_bignum_to_bin(qnr, qnr_bin, sizeof(qnr_bin), prime_len) < 0)
|
||||
goto fail;
|
||||
|
|
|
|||
|
|
@ -168,21 +168,8 @@ int compute_password_element(EAP_PWD_group *grp, u16 num,
|
|||
goto fail;
|
||||
|
||||
/* get a random quadratic residue and nonresidue */
|
||||
while (!qr || !qnr) {
|
||||
if (crypto_bignum_rand(tmp1, prime) < 0)
|
||||
goto fail;
|
||||
res = crypto_bignum_legendre(tmp1, prime);
|
||||
if (!qr && res == 1) {
|
||||
qr = tmp1;
|
||||
tmp1 = crypto_bignum_init();
|
||||
} else if (!qnr && res == -1) {
|
||||
qnr = tmp1;
|
||||
tmp1 = crypto_bignum_init();
|
||||
}
|
||||
if (!tmp1)
|
||||
goto fail;
|
||||
}
|
||||
if (crypto_bignum_to_bin(qr, qr_bin, sizeof(qr_bin),
|
||||
if (dragonfly_get_random_qr_qnr(prime, &qr, &qnr) < 0 ||
|
||||
crypto_bignum_to_bin(qr, qr_bin, sizeof(qr_bin),
|
||||
primebytelen) < 0 ||
|
||||
crypto_bignum_to_bin(qnr, qnr_bin, sizeof(qnr_bin),
|
||||
primebytelen) < 0)
|
||||
|
|
|
|||
Loading…
Reference in a new issue