41 lines
		
	
	
		
			1.1 KiB
		
	
	
	
		
			Diff
		
	
	
	
	
	
			
		
		
	
	
			41 lines
		
	
	
		
			1.1 KiB
		
	
	
	
		
			Diff
		
	
	
	
	
	
| From 92e1b96c26a84e503847bdd22ebadf697c4031ad Mon Sep 17 00:00:00 2001
 | |
| From: Jouni Malinen <j@w1.fi>
 | |
| Date: Sat, 13 Apr 2019 17:20:57 +0300
 | |
| Subject: EAP-pwd: Disallow ECC groups with a prime under 256 bits
 | |
| 
 | |
| Based on the SAE implementation guidance update to not allow ECC groups
 | |
| with a prime that is under 256 bits, reject groups 25, 26, and 27 in
 | |
| EAP-pwd.
 | |
| 
 | |
| Signed-off-by: Jouni Malinen <j@w1.fi>
 | |
| ---
 | |
|  src/eap_common/eap_pwd_common.c | 13 +++++++++++++
 | |
|  1 file changed, 13 insertions(+)
 | |
| 
 | |
| --- a/src/eap_common/eap_pwd_common.c
 | |
| +++ b/src/eap_common/eap_pwd_common.c
 | |
| @@ -85,10 +85,23 @@ static int eap_pwd_kdf(const u8 *key, si
 | |
|  }
 | |
|  
 | |
|  
 | |
| +static int eap_pwd_suitable_group(u16 num)
 | |
| +{
 | |
| +	/* Do not allow ECC groups with prime under 256 bits based on guidance
 | |
| +	 * for the similar design in SAE. */
 | |
| +	return num == 19 || num == 20 || num == 21 ||
 | |
| +		num == 28 || num == 29 || num == 30;
 | |
| +}
 | |
| +
 | |
| +
 | |
|  EAP_PWD_group * get_eap_pwd_group(u16 num)
 | |
|  {
 | |
|  	EAP_PWD_group *grp;
 | |
|  
 | |
| +	if (!eap_pwd_suitable_group(num)) {
 | |
| +		wpa_printf(MSG_INFO, "EAP-pwd: unsuitable group %u", num);
 | |
| +		return NULL;
 | |
| +	}
 | |
|  	grp = os_zalloc(sizeof(EAP_PWD_group));
 | |
|  	if (!grp)
 | |
|  		return NULL;
 | 
