dragonfly: SAE/EAP-pwd min PWE derivation iteration count to shared code
Use a shared function to determine the k parameter, i.e., the minimum number of iterations of the PWE derivation loop, for SAE and EAP-pwd. This makes it easier to fine-tune the parameter based on the negotiated group, if desired. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit is contained in:
		
							parent
							
								
									036fc6bdbd
								
							
						
					
					
						commit
						bfb6a482f6
					
				
					 3 changed files with 24 additions and 9 deletions
				
			
		|  | @ -29,6 +29,25 @@ int dragonfly_suitable_group(int group, int ecc_only) | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| 
 | 
 | ||||||
|  | unsigned int dragonfly_min_pwe_loop_iter(int group) | ||||||
|  | { | ||||||
|  | 	if (group == 22 || group == 23 || group == 24) { | ||||||
|  | 		/* FFC groups for which pwd-value is likely to be >= p
 | ||||||
|  | 		 * frequently */ | ||||||
|  | 		return 40; | ||||||
|  | 	} | ||||||
|  | 
 | ||||||
|  | 	if (group == 1 || group == 2 || group == 5 || group == 14 || | ||||||
|  | 	    group == 15 || group == 16 || group == 17 || group == 18) { | ||||||
|  | 		/* FFC groups that have prime that is close to a power of two */ | ||||||
|  | 		return 1; | ||||||
|  | 	} | ||||||
|  | 
 | ||||||
|  | 	/* Default to 40 (this covers most ECC groups) */ | ||||||
|  | 	return 40; | ||||||
|  | } | ||||||
|  | 
 | ||||||
|  | 
 | ||||||
| int dragonfly_get_random_qr_qnr(const struct crypto_bignum *prime, | int dragonfly_get_random_qr_qnr(const struct crypto_bignum *prime, | ||||||
| 				struct crypto_bignum **qr, | 				struct crypto_bignum **qr, | ||||||
| 				struct crypto_bignum **qnr) | 				struct crypto_bignum **qnr) | ||||||
|  |  | ||||||
|  | @ -16,6 +16,7 @@ struct crypto_bignum; | ||||||
| struct crypto_ec; | struct crypto_ec; | ||||||
| 
 | 
 | ||||||
| int dragonfly_suitable_group(int group, int ecc_only); | int dragonfly_suitable_group(int group, int ecc_only); | ||||||
|  | unsigned int dragonfly_min_pwe_loop_iter(int group); | ||||||
| int dragonfly_get_random_qr_qnr(const struct crypto_bignum *prime, | int dragonfly_get_random_qr_qnr(const struct crypto_bignum *prime, | ||||||
| 				struct crypto_bignum **qr, | 				struct crypto_bignum **qr, | ||||||
| 				struct crypto_bignum **qnr); | 				struct crypto_bignum **qnr); | ||||||
|  |  | ||||||
|  | @ -275,7 +275,7 @@ static int sae_derive_pwe_ecc(struct sae_data *sae, const u8 *addr1, | ||||||
| 			      const u8 *addr2, const u8 *password, | 			      const u8 *addr2, const u8 *password, | ||||||
| 			      size_t password_len, const char *identifier) | 			      size_t password_len, const char *identifier) | ||||||
| { | { | ||||||
| 	u8 counter, k = 40; | 	u8 counter, k; | ||||||
| 	u8 addrs[2 * ETH_ALEN]; | 	u8 addrs[2 * ETH_ALEN]; | ||||||
| 	const u8 *addr[3]; | 	const u8 *addr[3]; | ||||||
| 	size_t len[3]; | 	size_t len[3]; | ||||||
|  | @ -346,6 +346,8 @@ static int sae_derive_pwe_ecc(struct sae_data *sae, const u8 *addr1, | ||||||
| 	 * attacks that attempt to determine the number of iterations required | 	 * attacks that attempt to determine the number of iterations required | ||||||
| 	 * in the loop. | 	 * in the loop. | ||||||
| 	 */ | 	 */ | ||||||
|  | 	k = dragonfly_min_pwe_loop_iter(sae->group); | ||||||
|  | 
 | ||||||
| 	for (counter = 1; counter <= k || !found; counter++) { | 	for (counter = 1; counter <= k || !found; counter++) { | ||||||
| 		u8 pwd_seed[SHA256_MAC_LEN]; | 		u8 pwd_seed[SHA256_MAC_LEN]; | ||||||
| 
 | 
 | ||||||
|  | @ -427,13 +429,6 @@ fail: | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| 
 | 
 | ||||||
| static int sae_modp_group_require_masking(int group) |  | ||||||
| { |  | ||||||
| 	/* Groups for which pwd-value is likely to be >= p frequently */ |  | ||||||
| 	return group == 22 || group == 23 || group == 24; |  | ||||||
| } |  | ||||||
| 
 |  | ||||||
| 
 |  | ||||||
| static int sae_derive_pwe_ffc(struct sae_data *sae, const u8 *addr1, | static int sae_derive_pwe_ffc(struct sae_data *sae, const u8 *addr1, | ||||||
| 			      const u8 *addr2, const u8 *password, | 			      const u8 *addr2, const u8 *password, | ||||||
| 			      size_t password_len, const char *identifier) | 			      size_t password_len, const char *identifier) | ||||||
|  | @ -482,7 +477,7 @@ static int sae_derive_pwe_ffc(struct sae_data *sae, const u8 *addr1, | ||||||
| 	len[num_elem] = sizeof(counter); | 	len[num_elem] = sizeof(counter); | ||||||
| 	num_elem++; | 	num_elem++; | ||||||
| 
 | 
 | ||||||
| 	k = sae_modp_group_require_masking(sae->group) ? 40 : 1; | 	k = dragonfly_min_pwe_loop_iter(sae->group); | ||||||
| 
 | 
 | ||||||
| 	for (counter = 1; counter <= k || !found; counter++) { | 	for (counter = 1; counter <= k || !found; counter++) { | ||||||
| 		u8 pwd_seed[SHA256_MAC_LEN]; | 		u8 pwd_seed[SHA256_MAC_LEN]; | ||||||
|  |  | ||||||
		Loading…
	
		Reference in a new issue
	
	 Jouni Malinen
						Jouni Malinen