aboutsummaryrefslogtreecommitdiffstats
path: root/src/common/dragonfly.c
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2019-07-27 20:19:17 (GMT)
committerJouni Malinen <j@w1.fi>2019-07-27 20:36:27 (GMT)
commit876c5eaa6dae1a87a17603fc489a44c29eedc2e3 (patch)
tree866c40aa24dd2dd40ae9e528d82a7bc5fe8befb8 /src/common/dragonfly.c
parent14b408c04cac4a95c28a3b8d3192c2983fa56549 (diff)
downloadhostap-876c5eaa6dae1a87a17603fc489a44c29eedc2e3.zip
hostap-876c5eaa6dae1a87a17603fc489a44c29eedc2e3.tar.gz
hostap-876c5eaa6dae1a87a17603fc489a44c29eedc2e3.tar.bz2
dragonfly: Disable use of groups using Brainpool curves
Disable groups that use Brainpool curves for now since they leak more timing information due to the prime not being close to a power of two. This removes use of groups 28, 29, and 30 from SAE and EAP-pwd. Signed-off-by: Jouni Malinen <j@w1.fi>
Diffstat (limited to 'src/common/dragonfly.c')
-rw-r--r--src/common/dragonfly.c6
1 files changed, 4 insertions, 2 deletions
diff --git a/src/common/dragonfly.c b/src/common/dragonfly.c
index 233ae68..547be66 100644
--- a/src/common/dragonfly.c
+++ b/src/common/dragonfly.c
@@ -21,9 +21,11 @@ int dragonfly_suitable_group(int group, int ecc_only)
* purposes: FFC groups whose prime is >= 3072 bits and ECC groups
* defined over a prime field whose prime is >= 256 bits. Furthermore,
* ECC groups defined over a characteristic 2 finite field and ECC
- * groups with a co-factor greater than 1 are not suitable. */
+ * groups with a co-factor greater than 1 are not suitable. Disable
+ * groups that use Brainpool curves as well for now since they leak more
+ * timing information due to the prime not being close to a power of
+ * two. */
return group == 19 || group == 20 || group == 21 ||
- group == 28 || group == 29 || group == 30 ||
(!ecc_only &&
(group == 15 || group == 16 || group == 17 || group == 18));
}