From 558518ed63202e5358116ab7e0afd5e85490f2ef Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Sat, 27 Jul 2019 23:19:17 +0300 Subject: [PATCH 6/6] dragonfly: Disable use of groups using Brainpool curves Disable groups that use Brainpool curves for now since they leak more timing information due to the prime not being close to a power of two. This removes use of groups 28, 29, and 30 from SAE and EAP-pwd. Signed-off-by: Jouni Malinen (cherry picked from commit 876c5eaa6dae1a87a17603fc489a44c29eedc2e3) --- src/common/sae.c | 7 +++++-- src/eap_common/eap_pwd_common.c | 3 +-- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/src/common/sae.c b/src/common/sae.c index 91b6b41..5ef6c4c 100644 --- a/src/common/sae.c +++ b/src/common/sae.c @@ -27,9 +27,12 @@ static int sae_suitable_group(int group) * purposes: FFC groups whose prime is >= 3072 bits and ECC groups * defined over a prime field whose prime is >= 256 bits. Furthermore, * ECC groups defined over a characteristic 2 finite field and ECC - * groups with a co-factor greater than 1 are not suitable. */ + * groups with a co-factor greater than 1 are not suitable. Disable + * groups that use Brainpool curves as well for now since they leak more + * timing information due to the prime not being close to a power of + * two. */ + return group == 19 || group == 20 || group == 21 || - group == 28 || group == 29 || group == 30 || group == 15 || group == 16 || group == 17 || group == 18; #endif /* CONFIG_TESTING_OPTIONS */ } diff --git a/src/eap_common/eap_pwd_common.c b/src/eap_common/eap_pwd_common.c index 8e7966e..bac2796 100644 --- a/src/eap_common/eap_pwd_common.c +++ b/src/eap_common/eap_pwd_common.c @@ -88,8 +88,7 @@ static int eap_pwd_suitable_group(u16 num) { /* Do not allow ECC groups with prime under 256 bits based on guidance * for the similar design in SAE. */ - return num == 19 || num == 20 || num == 21 || - num == 28 || num == 29 || num == 30; + return num == 19 || num == 20 || num == 21; } EAP_PWD_group * get_eap_pwd_group(u16 num) { -- 2.23.0