Amazing-Mirror/fragattacks
1
0
Fork 0
mirror of https://github.com/vanhoefm/fragattacks.git synced 2025-01-19 03:14:05 -05:00
Code Issues Projects Releases Wiki Activity

EAP-pwd: Disallow ECC groups with a prime under 256 bits

Browse Source 
Based on the SAE implementation guidance update to not allow ECC groups
with a prime that is under 256 bits, reject groups 25, 26, and 27 in
EAP-pwd.

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2019-04-13 17:20:57 +03:00
parent caf4d1c979
commit 92e1b96c26
1 changed files with 13 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
src/eap_common/eap_pwd_common.c
View File

@ -85,10 +85,23 @@ static int eap_pwd_kdf(const u8 *key, size_t keylen, const u8 *label,
} }
static int eap_pwd_suitable_group(u16 num)
{
/* Do not allow ECC groups with prime under 256 bits based on guidance
* for the similar design in SAE. */
return num == 19 || num == 20 || num == 21 ||
num == 28 || num == 29 || num == 30;
}
EAP_PWD_group * get_eap_pwd_group(u16 num) EAP_PWD_group * get_eap_pwd_group(u16 num)
{ {
EAP_PWD_group *grp; EAP_PWD_group *grp;
if (!eap_pwd_suitable_group(num)) {
wpa_printf(MSG_INFO, "EAP-pwd: unsuitable group %u", num);
return NULL;
}
grp = os_zalloc(sizeof(EAP_PWD_group)); grp = os_zalloc(sizeof(EAP_PWD_group));
if (!grp) if (!grp)
return NULL; return NULL;