**diff options**

author | Jouni Malinen <j@w1.fi> | 2019-07-27 20:19:17 (GMT) |
---|---|---|

committer | Jouni Malinen <j@w1.fi> | 2019-07-27 20:36:27 (GMT) |

commit | 876c5eaa6dae1a87a17603fc489a44c29eedc2e3 (patch) | |

tree | 866c40aa24dd2dd40ae9e528d82a7bc5fe8befb8 /src/common/dragonfly.c | |

parent | 14b408c04cac4a95c28a3b8d3192c2983fa56549 (diff) | |

download | hostap-876c5eaa6dae1a87a17603fc489a44c29eedc2e3.zip hostap-876c5eaa6dae1a87a17603fc489a44c29eedc2e3.tar.gz hostap-876c5eaa6dae1a87a17603fc489a44c29eedc2e3.tar.bz2 |

dragonfly: Disable use of groups using Brainpool curves

Disable groups that use Brainpool curves for now since they leak more
timing information due to the prime not being close to a power of two.
This removes use of groups 28, 29, and 30 from SAE and EAP-pwd.
Signed-off-by: Jouni Malinen <j@w1.fi>

Diffstat (limited to 'src/common/dragonfly.c')

-rw-r--r-- | src/common/dragonfly.c | 6 |

1 files changed, 4 insertions, 2 deletions

diff --git a/src/common/dragonfly.c b/src/common/dragonfly.c index 233ae68..547be66 100644 --- a/src/common/dragonfly.c +++ b/src/common/dragonfly.c @@ -21,9 +21,11 @@ int dragonfly_suitable_group(int group, int ecc_only) * purposes: FFC groups whose prime is >= 3072 bits and ECC groups * defined over a prime field whose prime is >= 256 bits. Furthermore, * ECC groups defined over a characteristic 2 finite field and ECC - * groups with a co-factor greater than 1 are not suitable. */ + * groups with a co-factor greater than 1 are not suitable. Disable + * groups that use Brainpool curves as well for now since they leak more + * timing information due to the prime not being close to a power of + * two. */ return group == 19 || group == 20 || group == 21 || - group == 28 || group == 29 || group == 30 || (!ecc_only && (group == 15 || group == 16 || group == 17 || group == 18)); } |