mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2024-11-25 00:38:24 -05:00
SAE: Add forgotten commit element validation step for FFC groups
The peer commit element needs to be validated to pass one of the steps listed in IEEE 802.11, 11.3.5.4: scalar-op(r, ELEMENT) = 1 modulo p Similar step was present for ECC groups, but was missing for FFC groups. This is needed to avoid dictionary attacks. Thanks to Michael Roßberg and Sascha Grau for reporting this. Signed-hostap: Jouni Malinen <j@w1.fi>
This commit is contained in:
parent
0bb229a6e8
commit
bb0122f3e8
@ -828,6 +828,8 @@ static u16 sae_parse_commit_element_ecc(struct sae_data *sae, const u8 *pos,
|
||||
static u16 sae_parse_commit_element_ffc(struct sae_data *sae, const u8 *pos,
|
||||
const u8 *end)
|
||||
{
|
||||
struct crypto_bignum *res;
|
||||
|
||||
if (pos + sae->tmp->prime_len > end) {
|
||||
wpa_printf(MSG_DEBUG, "SAE: Not enough data for "
|
||||
"commit-element");
|
||||
@ -849,6 +851,18 @@ static u16 sae_parse_commit_element_ffc(struct sae_data *sae, const u8 *pos,
|
||||
return WLAN_STATUS_UNSPECIFIED_FAILURE;
|
||||
}
|
||||
|
||||
/* scalar-op(r, ELEMENT) = 1 modulo p */
|
||||
res = crypto_bignum_init();
|
||||
if (res == NULL ||
|
||||
crypto_bignum_exptmod(sae->tmp->peer_commit_element_ffc,
|
||||
sae->tmp->order, sae->tmp->prime, res) < 0 ||
|
||||
!crypto_bignum_is_one(res)) {
|
||||
wpa_printf(MSG_DEBUG, "SAE: Invalid peer element (scalar-op)");
|
||||
crypto_bignum_deinit(res, 0);
|
||||
return WLAN_STATUS_UNSPECIFIED_FAILURE;
|
||||
}
|
||||
crypto_bignum_deinit(res, 0);
|
||||
|
||||
return WLAN_STATUS_SUCCESS;
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user