SAE: Replace comparison to one with crypto_bignum wrapper

Signed-hostap: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2013-01-06 18:38:17 +02:00
parent 3b0ffebcda
commit 75870c933f
3 changed files with 23 additions and 47 deletions

View file

@ -85,32 +85,6 @@ void sae_clear_data(struct sae_data *sae)
} }
static int val_one(const u8 *val, size_t len)
{
size_t i;
for (i = 0; i < len - 1; i++) {
if (val[i])
return 0;
}
return val[len - 1] == 1;
}
static int val_zero_or_one(const u8 *val, size_t len)
{
size_t i;
for (i = 0; i < len - 1; i++) {
if (val[i])
return 0;
}
return val[len - 1] <= 1;
}
static void buf_shift_right(u8 *buf, size_t len, size_t bits) static void buf_shift_right(u8 *buf, size_t len, size_t bits)
{ {
size_t i; size_t i;
@ -138,12 +112,12 @@ static struct crypto_bignum * sae_get_rand(struct sae_data *sae)
return NULL; return NULL;
if (order_len_bits % 8) if (order_len_bits % 8)
buf_shift_right(val, order_len, 8 - order_len_bits % 8); buf_shift_right(val, order_len, 8 - order_len_bits % 8);
if (val_zero_or_one(val, order_len))
continue;
bn = crypto_bignum_init_set(val, order_len); bn = crypto_bignum_init_set(val, order_len);
if (bn == NULL) if (bn == NULL)
return NULL; return NULL;
if (crypto_bignum_cmp(bn, sae->order) >= 0) if (crypto_bignum_is_zero(bn) ||
crypto_bignum_is_one(bn) ||
crypto_bignum_cmp(bn, sae->order) >= 0)
continue; continue;
break; break;
} }
@ -224,7 +198,7 @@ static int sae_test_pwd_seed_ecc(struct sae_data *sae, const u8 *pwd_seed,
static int sae_test_pwd_seed_ffc(struct sae_data *sae, const u8 *pwd_seed, static int sae_test_pwd_seed_ffc(struct sae_data *sae, const u8 *pwd_seed,
struct crypto_bignum *pwe) struct crypto_bignum *pwe)
{ {
u8 pwd_value[SAE_MAX_PRIME_LEN], pwe_bin[SAE_MAX_PRIME_LEN]; u8 pwd_value[SAE_MAX_PRIME_LEN];
size_t bits = sae->prime_len * 8; size_t bits = sae->prime_len * 8;
u8 exp[1]; u8 exp[1];
struct crypto_bignum *a, *b; struct crypto_bignum *a, *b;
@ -282,16 +256,8 @@ static int sae_test_pwd_seed_ffc(struct sae_data *sae, const u8 *pwd_seed,
return -1; return -1;
} }
res = crypto_bignum_to_bin(pwe, pwe_bin, sizeof(pwe_bin),
sae->prime_len);
if (res < 0) {
wpa_printf(MSG_DEBUG, "SAE: Not room for PWE");
return -1;
}
wpa_hexdump_key(MSG_DEBUG, "SAE: PWE candidate", pwe_bin, res);
/* if (PWE > 1) --> found */ /* if (PWE > 1) --> found */
if (val_zero_or_one(pwe_bin, sae->prime_len)) { if (crypto_bignum_is_zero(pwe) || crypto_bignum_is_one(pwe)) {
wpa_printf(MSG_DEBUG, "SAE: PWE <= 1"); wpa_printf(MSG_DEBUG, "SAE: PWE <= 1");
return 0; return 0;
} }
@ -604,8 +570,8 @@ static int sae_derive_k_ffc(struct sae_data *sae, u8 *k)
crypto_bignum_mulmod(K, sae->peer_commit_element_ffc, sae->prime, K) crypto_bignum_mulmod(K, sae->peer_commit_element_ffc, sae->prime, K)
< 0 || < 0 ||
crypto_bignum_exptmod(K, sae->sae_rand, sae->prime, K) < 0 || crypto_bignum_exptmod(K, sae->sae_rand, sae->prime, K) < 0 ||
crypto_bignum_to_bin(K, k, SAE_MAX_PRIME_LEN, sae->prime_len) < 0 || crypto_bignum_is_one(K) ||
val_one(k, sae->prime_len)) { crypto_bignum_to_bin(K, k, SAE_MAX_PRIME_LEN, sae->prime_len) < 0) {
wpa_printf(MSG_DEBUG, "SAE: Failed to calculate K and k"); wpa_printf(MSG_DEBUG, "SAE: Failed to calculate K and k");
goto fail; goto fail;
} }
@ -858,17 +824,14 @@ static u16 sae_parse_commit_element_ffc(struct sae_data *sae, const u8 *pos,
} }
wpa_hexdump(MSG_DEBUG, "SAE: Peer commit-element", pos, sae->prime_len); wpa_hexdump(MSG_DEBUG, "SAE: Peer commit-element", pos, sae->prime_len);
if (val_zero_or_one(pos, sae->prime_len)) {
wpa_printf(MSG_DEBUG, "SAE: Invalid peer element");
return WLAN_STATUS_UNSPECIFIED_FAILURE;
}
crypto_bignum_deinit(sae->peer_commit_element_ffc, 0); crypto_bignum_deinit(sae->peer_commit_element_ffc, 0);
sae->peer_commit_element_ffc = crypto_bignum_init_set(pos, sae->peer_commit_element_ffc = crypto_bignum_init_set(pos,
sae->prime_len); sae->prime_len);
if (sae->peer_commit_element_ffc == NULL) if (sae->peer_commit_element_ffc == NULL)
return WLAN_STATUS_UNSPECIFIED_FAILURE; return WLAN_STATUS_UNSPECIFIED_FAILURE;
if (crypto_bignum_cmp(sae->peer_commit_element_ffc, sae->prime) >= 0) { if (crypto_bignum_is_zero(sae->peer_commit_element_ffc) ||
crypto_bignum_is_one(sae->peer_commit_element_ffc) ||
crypto_bignum_cmp(sae->peer_commit_element_ffc, sae->prime) >= 0) {
wpa_printf(MSG_DEBUG, "SAE: Invalid peer element"); wpa_printf(MSG_DEBUG, "SAE: Invalid peer element");
return WLAN_STATUS_UNSPECIFIED_FAILURE; return WLAN_STATUS_UNSPECIFIED_FAILURE;
} }

View file

@ -612,6 +612,13 @@ int crypto_bignum_bits(const struct crypto_bignum *a);
*/ */
int crypto_bignum_is_zero(const struct crypto_bignum *a); int crypto_bignum_is_zero(const struct crypto_bignum *a);
/**
* crypto_bignum_is_one - Is the given bignum one
* @a: Bignum
* Returns: 1 if @a is one or 0 if not
*/
int crypto_bignum_is_one(const struct crypto_bignum *a);
/** /**
* struct crypto_ec - Elliptic curve context * struct crypto_ec - Elliptic curve context
* *

View file

@ -1006,6 +1006,12 @@ int crypto_bignum_is_zero(const struct crypto_bignum *a)
} }
int crypto_bignum_is_one(const struct crypto_bignum *a)
{
return BN_is_one((const BIGNUM *) a);
}
#ifdef CONFIG_ECC #ifdef CONFIG_ECC
struct crypto_ec { struct crypto_ec {