EAP-pwd: Move EC group initialization to earlier step

This is needed for adding support for salted passwords. Signed-off-by: Dan Harkins <dharkins@lounge.org>
2018-05-25 21:40:04 +03:00 · 2018-05-25 21:40:04 +03:00 · 2a5c291881
commit 2a5c291881
parent b829e4b694
4 changed files with 26 additions and 11 deletions
--- a/src/eap_common/eap_pwd_common.c
+++ b/src/eap_common/eap_pwd_common.c
@ -81,6 +81,27 @@ static int eap_pwd_kdf(const u8 *key, size_t keylen, const u8 *label,
 }
 EAP_PWD_group * get_eap_pwd_group(u16 num)
 {
 	EAP_PWD_group *grp;
 	grp = os_zalloc(sizeof(EAP_PWD_group));
 	if (!grp)
 		return NULL;
 	grp->group = crypto_ec_init(num);
 	if (!grp->group) {
 		wpa_printf(MSG_INFO, "EAP-pwd: unable to create EC group");
 		os_free(grp);
 		return NULL;
 	}
 	grp->group_num = num;
 	wpa_printf(MSG_INFO, "EAP-pwd: provisioned group %d", num);
 	return grp;
 }
 /*
 * compute a "random" secret point on an elliptic curve based
 * on the password and identities.
@ -97,12 +118,8 @@ int compute_password_element(EAP_PWD_group *grp, u16 num,
 	size_t primebytelen, primebitlen;
 	struct crypto_bignum *x_candidate = NULL, *rnd = NULL, *cofactor = NULL;
-	grp->pwe = NULL;
+	if (grp->pwe)
-	grp->group = crypto_ec_init(num);
+		return -1;
 	if (!grp->group) {
 		wpa_printf(MSG_INFO, "EAP-pwd: unable to create EC group");
 		goto fail;
 	}
 	cofactor = crypto_bignum_init();
 	grp->pwe = crypto_ec_point_init(grp->group);
@ -234,11 +251,8 @@ int compute_password_element(EAP_PWD_group *grp, u16 num,
 		break;
 	}
 	wpa_printf(MSG_DEBUG, "EAP-pwd: found a PWE in %d tries", ctr);
 	grp->group_num = num;
 	if (0) {
 fail:
 		crypto_ec_deinit(grp->group);
 		grp->group = NULL;
 		crypto_ec_point_deinit(grp->pwe, 1);
 		grp->pwe = NULL;
 		ret = 1;
--- a/src/eap_common/eap_pwd_common.h
+++ b/src/eap_common/eap_pwd_common.h
@ -50,6 +50,7 @@ struct eap_pwd_id {
 } STRUCT_PACKED;
 /* common routines */
 EAP_PWD_group * get_eap_pwd_group(u16 num);
 int compute_password_element(EAP_PWD_group *grp, u16 num,
 			     const u8 *password, size_t password_len,
 			     const u8 *id_server, size_t id_server_len,
--- a/src/eap_peer/eap_pwd.c
+++ b/src/eap_peer/eap_pwd.c
@ -265,7 +265,7 @@ eap_pwd_perform_id_exchange(struct eap_sm *sm, struct eap_pwd_data *data,
 	wpa_hexdump_ascii(MSG_INFO, "EAP-PWD (peer): server sent id of",
 			  data->id_server, data->id_server_len);
-	data->grp = os_zalloc(sizeof(EAP_PWD_group));
+	data->grp = get_eap_pwd_group(data->group_num);
 	if (data->grp == NULL) {
 		wpa_printf(MSG_INFO, "EAP-PWD: failed to allocate memory for "
 			   "group");
--- a/src/eap_server/eap_server_pwd.c
+++ b/src/eap_server/eap_server_pwd.c
@ -562,7 +562,7 @@ static void eap_pwd_process_id_resp(struct eap_sm *sm,
 	wpa_hexdump_ascii(MSG_DEBUG, "EAP-PWD (server): peer sent id of",
 			  data->id_peer, data->id_peer_len);
-	data->grp = os_zalloc(sizeof(EAP_PWD_group));
+	data->grp = get_eap_pwd_group(data->group_num);
 	if (data->grp == NULL) {
 		wpa_printf(MSG_INFO, "EAP-PWD: failed to allocate memory for "
 			   "group");