Amazing-Mirror/fragattacks
1
0
Fork 0
mirror of https://github.com/vanhoefm/fragattacks.git synced 2025-01-17 18:34:03 -05:00
Code Issues Projects Releases Wiki Activity

SAE: Share more commit value derivation between FFC and ECC cases

Browse Source 
The rand/mask values and commit scalar are derived using the exact same
operations, so only use a separate function for deriving the commit
element.

Signed-hostap: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2013-01-06 18:47:52 +02:00
parent 75870c933f
commit 66fc91ab11
1 changed files with 52 additions and 67 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

119
src/common/sae.c
View File

@ -400,82 +400,75 @@ static int sae_derive_pwe_ffc(struct sae_data *sae, const u8 *addr1,
} }
static int sae_derive_commit_ecc(struct sae_data *sae) static int sae_derive_commit_element_ecc(struct sae_data *sae,
struct crypto_bignum *mask)
{ {
struct crypto_bignum *mask;
int ret = -1;
mask = sae_get_rand_and_mask(sae);
if (mask == NULL) {
wpa_printf(MSG_DEBUG, "SAE: Could not get rand/mask");
return -1;
}
/* commit-scalar = (rand + mask) modulo r */
if (!sae->own_commit_scalar) {
sae->own_commit_scalar = crypto_bignum_init();
if (!sae->own_commit_scalar)
goto fail;
}
crypto_bignum_add(sae->sae_rand, mask, sae->own_commit_scalar);
crypto_bignum_mod(sae->own_commit_scalar, sae->order,
sae->own_commit_scalar);
/* COMMIT-ELEMENT = inverse(scalar-op(mask, PWE)) */ /* COMMIT-ELEMENT = inverse(scalar-op(mask, PWE)) */
if (!sae->own_commit_element_ecc) { if (!sae->own_commit_element_ecc) {
sae->own_commit_element_ecc = crypto_ec_point_init(sae->ec); sae->own_commit_element_ecc = crypto_ec_point_init(sae->ec);
if (!sae->own_commit_element_ecc) if (!sae->own_commit_element_ecc)
goto fail; return -1;
} }
if (crypto_ec_point_mul(sae->ec, sae->pwe_ecc, mask, if (crypto_ec_point_mul(sae->ec, sae->pwe_ecc, mask,
sae->own_commit_element_ecc) < 0 || sae->own_commit_element_ecc) < 0 ||
crypto_ec_point_invert(sae->ec, sae->own_commit_element_ecc) < 0) { crypto_ec_point_invert(sae->ec, sae->own_commit_element_ecc) < 0) {
wpa_printf(MSG_DEBUG, "SAE: Could not compute commit-element"); wpa_printf(MSG_DEBUG, "SAE: Could not compute commit-element");
goto fail;
}
ret = 0;
fail:
crypto_bignum_deinit(mask, 1);
return ret;
}
static int sae_derive_commit_ffc(struct sae_data *sae)
{
struct crypto_bignum *mask;
int ret = -1;
mask = sae_get_rand_and_mask(sae);
if (mask == NULL) {
wpa_printf(MSG_DEBUG, "SAE: Could not get rand/mask");
return -1; return -1;
} }
/* commit-scalar = (rand + mask) modulo r */ return 0;
if (!sae->own_commit_scalar) { }
sae->own_commit_scalar = crypto_bignum_init();
if (!sae->own_commit_scalar)
goto fail;
}
crypto_bignum_add(sae->sae_rand, mask, sae->own_commit_scalar);
crypto_bignum_mod(sae->own_commit_scalar, sae->order,
sae->own_commit_scalar);
static int sae_derive_commit_element_ffc(struct sae_data *sae,
struct crypto_bignum *mask)
{
/* COMMIT-ELEMENT = inverse(scalar-op(mask, PWE)) */ /* COMMIT-ELEMENT = inverse(scalar-op(mask, PWE)) */
if (!sae->own_commit_element_ffc) { if (!sae->own_commit_element_ffc) {
sae->own_commit_element_ffc = crypto_bignum_init(); sae->own_commit_element_ffc = crypto_bignum_init();
if (!sae->own_commit_element_ffc) if (!sae->own_commit_element_ffc)
goto fail; return -1;
} }
if (crypto_bignum_exptmod(sae->pwe_ffc, mask, sae->prime, if (crypto_bignum_exptmod(sae->pwe_ffc, mask, sae->prime,
sae->own_commit_element_ffc) < 0 || sae->own_commit_element_ffc) < 0 ||
crypto_bignum_inverse(sae->own_commit_element_ffc, sae->prime, crypto_bignum_inverse(sae->own_commit_element_ffc, sae->prime,
sae->own_commit_element_ffc) < 0) { sae->own_commit_element_ffc) < 0) {
wpa_printf(MSG_DEBUG, "SAE: Could not compute commit-element"); wpa_printf(MSG_DEBUG, "SAE: Could not compute commit-element");
goto fail; return -1;
} }
return 0;
}
static int sae_derive_commit(struct sae_data *sae)
{
struct crypto_bignum *mask;
int ret = -1;
mask = sae_get_rand_and_mask(sae);
if (mask == NULL) {
wpa_printf(MSG_DEBUG, "SAE: Could not get rand/mask");
return -1;
}
/* commit-scalar = (rand + mask) modulo r */
if (!sae->own_commit_scalar) {
sae->own_commit_scalar = crypto_bignum_init();
if (!sae->own_commit_scalar)
goto fail;
}
crypto_bignum_add(sae->sae_rand, mask, sae->own_commit_scalar);
crypto_bignum_mod(sae->own_commit_scalar, sae->order,
sae->own_commit_scalar);
if (sae->ec && sae_derive_commit_element_ecc(sae, mask) < 0)
goto fail;
if (sae->dh && sae_derive_commit_element_ffc(sae, mask) < 0)
goto fail;
ret = 0; ret = 0;
fail: fail:
crypto_bignum_deinit(mask, 1); crypto_bignum_deinit(mask, 1);
@ -487,23 +480,15 @@ int sae_prepare_commit(const u8 *addr1, const u8 *addr2,
const u8 *password, size_t password_len, const u8 *password, size_t password_len,
struct sae_data *sae) struct sae_data *sae)
{ {
if (sae->ec) { if (sae->ec && sae_derive_pwe_ecc(sae, addr1, addr2, password,
if (sae_derive_pwe_ecc(sae, addr1, addr2, password, password_len) < 0)
password_len) < 0 || return -1;
sae_derive_commit_ecc(sae) < 0) if (sae->dh && sae_derive_pwe_ffc(sae, addr1, addr2, password,
return -1; password_len) < 0)
return 0; return -1;
} if (sae_derive_commit(sae) < 0)
return -1;
if (sae->dh) { return 0;
if (sae_derive_pwe_ffc(sae, addr1, addr2, password,
password_len) < 0 ||
sae_derive_commit_ffc(sae) < 0)
return -1;
return 0;
}
return -1;
} }