aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDan Harkins <dharkins@lounge.org>2018-05-25 18:40:04 (GMT)
committerJouni Malinen <j@w1.fi>2018-05-28 14:15:07 (GMT)
commit2a5c291881fa819325d0287d0763776edfcb1943 (patch)
tree064950cf1ab1cbad10e7140b1bdcd8d0c03c2793
parentb829e4b69456ebdcf70485c0ecdbf590d67ec5b9 (diff)
downloadhostap-2a5c291881fa819325d0287d0763776edfcb1943.zip
hostap-2a5c291881fa819325d0287d0763776edfcb1943.tar.gz
hostap-2a5c291881fa819325d0287d0763776edfcb1943.tar.bz2
EAP-pwd: Move EC group initialization to earlier step
This is needed for adding support for salted passwords. Signed-off-by: Dan Harkins <dharkins@lounge.org>
-rw-r--r--src/eap_common/eap_pwd_common.c32
-rw-r--r--src/eap_common/eap_pwd_common.h1
-rw-r--r--src/eap_peer/eap_pwd.c2
-rw-r--r--src/eap_server/eap_server_pwd.c2
4 files changed, 26 insertions, 11 deletions
diff --git a/src/eap_common/eap_pwd_common.c b/src/eap_common/eap_pwd_common.c
index 5e98682..f371687 100644
--- a/src/eap_common/eap_pwd_common.c
+++ b/src/eap_common/eap_pwd_common.c
@@ -81,6 +81,27 @@ static int eap_pwd_kdf(const u8 *key, size_t keylen, const u8 *label,
}
+EAP_PWD_group * get_eap_pwd_group(u16 num)
+{
+ EAP_PWD_group *grp;
+
+ grp = os_zalloc(sizeof(EAP_PWD_group));
+ if (!grp)
+ return NULL;
+ grp->group = crypto_ec_init(num);
+ if (!grp->group) {
+ wpa_printf(MSG_INFO, "EAP-pwd: unable to create EC group");
+ os_free(grp);
+ return NULL;
+ }
+
+ grp->group_num = num;
+ wpa_printf(MSG_INFO, "EAP-pwd: provisioned group %d", num);
+
+ return grp;
+}
+
+
/*
* compute a "random" secret point on an elliptic curve based
* on the password and identities.
@@ -97,12 +118,8 @@ int compute_password_element(EAP_PWD_group *grp, u16 num,
size_t primebytelen, primebitlen;
struct crypto_bignum *x_candidate = NULL, *rnd = NULL, *cofactor = NULL;
- grp->pwe = NULL;
- grp->group = crypto_ec_init(num);
- if (!grp->group) {
- wpa_printf(MSG_INFO, "EAP-pwd: unable to create EC group");
- goto fail;
- }
+ if (grp->pwe)
+ return -1;
cofactor = crypto_bignum_init();
grp->pwe = crypto_ec_point_init(grp->group);
@@ -234,11 +251,8 @@ int compute_password_element(EAP_PWD_group *grp, u16 num,
break;
}
wpa_printf(MSG_DEBUG, "EAP-pwd: found a PWE in %d tries", ctr);
- grp->group_num = num;
if (0) {
fail:
- crypto_ec_deinit(grp->group);
- grp->group = NULL;
crypto_ec_point_deinit(grp->pwe, 1);
grp->pwe = NULL;
ret = 1;
diff --git a/src/eap_common/eap_pwd_common.h b/src/eap_common/eap_pwd_common.h
index 7ac7b6a..03e18d4 100644
--- a/src/eap_common/eap_pwd_common.h
+++ b/src/eap_common/eap_pwd_common.h
@@ -50,6 +50,7 @@ struct eap_pwd_id {
} STRUCT_PACKED;
/* common routines */
+EAP_PWD_group * get_eap_pwd_group(u16 num);
int compute_password_element(EAP_PWD_group *grp, u16 num,
const u8 *password, size_t password_len,
const u8 *id_server, size_t id_server_len,
diff --git a/src/eap_peer/eap_pwd.c b/src/eap_peer/eap_pwd.c
index d62defe..ae0f9a4 100644
--- a/src/eap_peer/eap_pwd.c
+++ b/src/eap_peer/eap_pwd.c
@@ -265,7 +265,7 @@ eap_pwd_perform_id_exchange(struct eap_sm *sm, struct eap_pwd_data *data,
wpa_hexdump_ascii(MSG_INFO, "EAP-PWD (peer): server sent id of",
data->id_server, data->id_server_len);
- data->grp = os_zalloc(sizeof(EAP_PWD_group));
+ data->grp = get_eap_pwd_group(data->group_num);
if (data->grp == NULL) {
wpa_printf(MSG_INFO, "EAP-PWD: failed to allocate memory for "
"group");
diff --git a/src/eap_server/eap_server_pwd.c b/src/eap_server/eap_server_pwd.c
index 835ea09..12a549e 100644
--- a/src/eap_server/eap_server_pwd.c
+++ b/src/eap_server/eap_server_pwd.c
@@ -562,7 +562,7 @@ static void eap_pwd_process_id_resp(struct eap_sm *sm,
wpa_hexdump_ascii(MSG_DEBUG, "EAP-PWD (server): peer sent id of",
data->id_peer, data->id_peer_len);
- data->grp = os_zalloc(sizeof(EAP_PWD_group));
+ data->grp = get_eap_pwd_group(data->group_num);
if (data->grp == NULL) {
wpa_printf(MSG_INFO, "EAP-PWD: failed to allocate memory for "
"group");