jeltz/hostap
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

dragonfly: Disable use of groups using Brainpool curves

Browse source 
Disable groups that use Brainpool curves for now since they leak more
timing information due to the prime not being close to a power of two.
This removes use of groups 28, 29, and 30 from SAE and EAP-pwd.

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2019-07-27 23:19:17 +03:00
parent 14b408c04c
commit 876c5eaa6d
1 changed files with 4 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
src/common/dragonfly.c
View file

@ -21,9 +21,11 @@ int dragonfly_suitable_group(int group, int ecc_only)
* purposes: FFC groups whose prime is >= 3072 bits and ECC groups
* defined over a prime field whose prime is >= 256 bits. Furthermore,
* ECC groups defined over a characteristic 2 finite field and ECC
* groups with a co-factor greater than 1 are not suitable. */
* groups with a co-factor greater than 1 are not suitable. Disable
* groups that use Brainpool curves as well for now since they leak more
* timing information due to the prime not being close to a power of
* two. */
return group == 19 || group == 20 || group == 21 ||
group == 28 || group == 29 || group == 30 ||
(!ecc_only &&
(group == 15 || group == 16 || group == 17 || group == 18));
}