Kernel
/
iwd
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git
3
0
Fork 0
Code Releases Activity

sae: Make sae_compute_pwe independent of sae_sm 

sae_compute_pwe doesn't really depend on the state of sae_sm.  Only the
curve to be used for the PWE calculation is needed.  Rework the function
signature to reflect that and remove unneeded member of struct sae_sm.
This commit is contained in:
Denis Kenzior 2021-07-09 23:04:39 -05:00
parent 8de07357fd
commit 7d67192493
1 changed files with 17 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
src/sae.c
View File

@ -268,8 +268,10 @@ static uint8_t sae_is_quadradic_residue(const struct l_ecc_curve *curve,
* IEEE 802.11-2016 Section 12.4.4.2.2 * IEEE 802.11-2016 Section 12.4.4.2.2
* Generation of the password element with ECC groups * Generation of the password element with ECC groups
*/ */
static bool sae_compute_pwe(struct sae_sm *sm, char *password, static struct l_ecc_point *sae_compute_pwe(const struct l_ecc_curve *curve,
const uint8_t *addr1, const uint8_t *addr2) const char *password,
const uint8_t *addr1,
const uint8_t *addr2)
{ {
uint8_t found = 0; uint8_t found = 0;
uint8_t is_residue; uint8_t is_residue;
@ -285,10 +287,11 @@ static bool sae_compute_pwe(struct sae_sm *sm, char *password,
struct l_ecc_scalar *qr; struct l_ecc_scalar *qr;
struct l_ecc_scalar *qnr; struct l_ecc_scalar *qnr;
uint8_t qnr_bin[L_ECC_SCALAR_MAX_BYTES] = {0}; uint8_t qnr_bin[L_ECC_SCALAR_MAX_BYTES] = {0};
struct l_ecc_point *pwe;
/* create qr/qnr prior to beginning hunting-and-pecking loop */ /* create qr/qnr prior to beginning hunting-and-pecking loop */
qr = sae_new_residue(sm->curve, true); qr = sae_new_residue(curve, true);
qnr = sae_new_residue(sm->curve, false); qnr = sae_new_residue(curve, false);
l_ecc_scalar_get_data(qnr, qnr_bin, sizeof(qnr_bin)); l_ecc_scalar_get_data(qnr, qnr_bin, sizeof(qnr_bin));
/* /*
@ -326,13 +329,13 @@ static bool sae_compute_pwe(struct sae_sm *sm, char *password,
* execution can continue whatever the result is, without * execution can continue whatever the result is, without
* changing the outcome. * changing the outcome.
*/ */
pwd_value = sae_pwd_value(sm->curve, pwd_seed, qnr_bin); pwd_value = sae_pwd_value(curve, pwd_seed, qnr_bin);
/* /*
* Check if the candidate is a valid x-coordinate on our curve, * Check if the candidate is a valid x-coordinate on our curve,
* and convert it from scalar to binary. * and convert it from scalar to binary.
*/ */
is_residue = sae_is_quadradic_residue(sm->curve, pwd_value, is_residue = sae_is_quadradic_residue(curve, pwd_value,
qr, qnr); qr, qnr);
l_ecc_scalar_get_data(pwd_value, x_cand, sizeof(x_cand)); l_ecc_scalar_get_data(pwd_value, x_cand, sizeof(x_cand));
@ -362,16 +365,14 @@ static bool sae_compute_pwe(struct sae_sm *sm, char *password,
if (!found) { if (!found) {
l_error("max PWE iterations reached!"); l_error("max PWE iterations reached!");
return false; return NULL;
} }
sm->pwe = l_ecc_point_from_data(sm->curve, !is_odd + 2, x, sizeof(x)); pwe = l_ecc_point_from_data(curve, !is_odd + 2, x, sizeof(x));
if (!sm->pwe) { if (!pwe)
l_error("computing y failed, was x quadratic residue?"); l_error("computing y failed, was x quadratic residue?");
return false;
}
return true; return pwe;
} }
static bool sae_build_commit(struct sae_sm *sm, const uint8_t *addr1, static bool sae_build_commit(struct sae_sm *sm, const uint8_t *addr1,
@ -390,7 +391,10 @@ static bool sae_build_commit(struct sae_sm *sm, const uint8_t *addr1,
return false; return false;
} }
if (!sae_compute_pwe(sm, sm->handshake->passphrase, addr1, addr2)) { sm->pwe = sae_compute_pwe(sm->curve, sm->handshake->passphrase,
addr1, addr2);
if (!sm->pwe) {
l_error("could not compute PWE"); l_error("could not compute PWE");
return false; return false;
} }