aboutsummaryrefslogtreecommitdiffstats
path: root/main/wpa_supplicant/0006-dragonfly-Disable-use-of-groups-using-Brainpool-curv.patch
blob: 8dce92fffc4eecd724190509f1de584edf5533a3 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
From 558518ed63202e5358116ab7e0afd5e85490f2ef Mon Sep 17 00:00:00 2001
From: Jouni Malinen <j@w1.fi>
Date: Sat, 27 Jul 2019 23:19:17 +0300
Subject: [PATCH 6/6] dragonfly: Disable use of groups using Brainpool curves

Disable groups that use Brainpool curves for now since they leak more
timing information due to the prime not being close to a power of two.
This removes use of groups 28, 29, and 30 from SAE and EAP-pwd.

Signed-off-by: Jouni Malinen <j@w1.fi>
(cherry picked from commit 876c5eaa6dae1a87a17603fc489a44c29eedc2e3)
---
 src/common/sae.c                | 6 ++++--
 src/eap_common/eap_pwd_common.c | 3 +--
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/src/common/sae.c b/src/common/sae.c
index 759e48e22..2dbc251a4 100644
--- a/src/common/sae.c
+++ b/src/common/sae.c
@@ -28,9 +28,11 @@ static int sae_suitable_group(int group)
 	 * purposes: FFC groups whose prime is >= 3072 bits and ECC groups
 	 * defined over a prime field whose prime is >= 256 bits. Furthermore,
 	 * ECC groups defined over a characteristic 2 finite field and ECC
-	 * groups with a co-factor greater than 1 are not suitable. */
+	 * groups with a co-factor greater than 1 are not suitable. Disable
+	 * groups that use Brainpool curves as well for now since they leak more
+	 * timing information due to the prime not being close to a power of
+	 * two. */
 	return group == 19 || group == 20 || group == 21 ||
-		group == 28 || group == 29 || group == 30 ||
 		group == 15 || group == 16 || group == 17 || group == 18;
 #endif /* CONFIG_TESTING_OPTIONS */
 }
diff --git a/src/eap_common/eap_pwd_common.c b/src/eap_common/eap_pwd_common.c
index fec251472..4a5eb2599 100644
--- a/src/eap_common/eap_pwd_common.c
+++ b/src/eap_common/eap_pwd_common.c
@@ -89,8 +89,7 @@ static int eap_pwd_suitable_group(u16 num)
 {
 	/* Do not allow ECC groups with prime under 256 bits based on guidance
 	 * for the similar design in SAE. */
-	return num == 19 || num == 20 || num == 21 ||
-		num == 28 || num == 29 || num == 30;
+	return num == 19 || num == 20 || num == 21;
 }
 
 
-- 
2.20.1