From 876c5eaa6dae1a87a17603fc489a44c29eedc2e3 Mon Sep 17 00:00:00 2001
From: Jouni Malinen <j@w1.fi>
Date: Sat, 27 Jul 2019 23:19:17 +0300
Subject: [PATCH] dragonfly: Disable use of groups using Brainpool curves

Disable groups that use Brainpool curves for now since they leak more
timing information due to the prime not being close to a power of two.
This removes use of groups 28, 29, and 30 from SAE and EAP-pwd.

Signed-off-by: Jouni Malinen <j@w1.fi>
---
 src/common/dragonfly.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/common/dragonfly.c b/src/common/dragonfly.c
index 233ae68a7..547be66f1 100644
--- a/src/common/dragonfly.c
+++ b/src/common/dragonfly.c
@@ -21,9 +21,11 @@ int dragonfly_suitable_group(int group, int ecc_only)
 	 * purposes: FFC groups whose prime is >= 3072 bits and ECC groups
 	 * defined over a prime field whose prime is >= 256 bits. Furthermore,
 	 * ECC groups defined over a characteristic 2 finite field and ECC
-	 * groups with a co-factor greater than 1 are not suitable. */
+	 * groups with a co-factor greater than 1 are not suitable. Disable
+	 * groups that use Brainpool curves as well for now since they leak more
+	 * timing information due to the prime not being close to a power of
+	 * two. */
 	return group == 19 || group == 20 || group == 21 ||
-		group == 28 || group == 29 || group == 30 ||
 		(!ecc_only &&
 		 (group == 15 || group == 16 || group == 17 || group == 18));
 }