You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
66 lines
2.4 KiB
Diff
66 lines
2.4 KiB
Diff
From 20d7bd83c43fb24c4cf84d3045254d3ee1957166 Mon Sep 17 00:00:00 2001
|
|
From: Jouni Malinen <jouni@codeaurora.org>
|
|
Date: Thu, 25 Apr 2019 19:07:05 +0300
|
|
Subject: [PATCH 2/6] EAP-pwd: Use const_time_memcmp() for pwd_value >= prime
|
|
comparison
|
|
|
|
This reduces timing and memory access pattern differences for an
|
|
operation that could depend on the used password.
|
|
|
|
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
|
|
(cherry picked from commit 7958223fdcfe82479e6ed71019a84f6d4cbf799c)
|
|
---
|
|
src/eap_common/eap_pwd_common.c | 13 ++++++++-----
|
|
1 file changed, 8 insertions(+), 5 deletions(-)
|
|
|
|
--- a/src/eap_common/eap_pwd_common.c
|
|
+++ b/src/eap_common/eap_pwd_common.c
|
|
@@ -144,6 +144,7 @@ int compute_password_element(EAP_PWD_gro
|
|
u8 qnr_bin[MAX_ECC_PRIME_LEN];
|
|
u8 qr_or_qnr_bin[MAX_ECC_PRIME_LEN];
|
|
u8 x_bin[MAX_ECC_PRIME_LEN];
|
|
+ u8 prime_bin[MAX_ECC_PRIME_LEN];
|
|
struct crypto_bignum *tmp1 = NULL, *tmp2 = NULL, *pm1 = NULL;
|
|
struct crypto_hash *hash;
|
|
unsigned char pwe_digest[SHA256_MAC_LEN], *prfbuf = NULL, ctr;
|
|
@@ -161,6 +162,11 @@ int compute_password_element(EAP_PWD_gro
|
|
os_memset(x_bin, 0, sizeof(x_bin));
|
|
|
|
prime = crypto_ec_get_prime(grp->group);
|
|
+ primebitlen = crypto_ec_prime_len_bits(grp->group);
|
|
+ primebytelen = crypto_ec_prime_len(grp->group);
|
|
+ if (crypto_bignum_to_bin(prime, prime_bin, sizeof(prime_bin),
|
|
+ primebytelen) < 0)
|
|
+ return -1;
|
|
grp->pwe = crypto_ec_point_init(grp->group);
|
|
tmp1 = crypto_bignum_init();
|
|
pm1 = crypto_bignum_init();
|
|
@@ -170,8 +176,6 @@ int compute_password_element(EAP_PWD_gro
|
|
goto fail;
|
|
}
|
|
|
|
- primebitlen = crypto_ec_prime_len_bits(grp->group);
|
|
- primebytelen = crypto_ec_prime_len(grp->group);
|
|
if ((prfbuf = os_malloc(primebytelen)) == NULL) {
|
|
wpa_printf(MSG_INFO, "EAP-pwd: unable to malloc space for prf "
|
|
"buffer");
|
|
@@ -237,6 +241,8 @@ int compute_password_element(EAP_PWD_gro
|
|
if (primebitlen % 8)
|
|
buf_shift_right(prfbuf, primebytelen,
|
|
8 - primebitlen % 8);
|
|
+ if (const_time_memcmp(prfbuf, prime_bin, primebytelen) >= 0)
|
|
+ continue;
|
|
|
|
crypto_bignum_deinit(x_candidate, 1);
|
|
x_candidate = crypto_bignum_init_set(prfbuf, primebytelen);
|
|
@@ -246,9 +252,6 @@ int compute_password_element(EAP_PWD_gro
|
|
goto fail;
|
|
}
|
|
|
|
- if (crypto_bignum_cmp(x_candidate, prime) >= 0)
|
|
- continue;
|
|
-
|
|
wpa_hexdump_key(MSG_DEBUG, "EAP-pwd: x_candidate",
|
|
prfbuf, primebytelen);
|
|
const_time_select_bin(found, x_bin, prfbuf, primebytelen,
|