Lines Matching refs:tmp
24 struct sae_temporary_data *tmp; in sae_set_group() local
36 tmp = sae->tmp = os_zalloc(sizeof(*tmp)); in sae_set_group()
37 if (tmp == NULL) in sae_set_group()
41 tmp->ec = crypto_ec_init(group); in sae_set_group()
42 if (tmp->ec) { in sae_set_group()
46 tmp->prime_len = crypto_ec_prime_len(tmp->ec); in sae_set_group()
47 tmp->prime = crypto_ec_get_prime(tmp->ec); in sae_set_group()
48 tmp->order_len = crypto_ec_order_len(tmp->ec); in sae_set_group()
49 tmp->order = crypto_ec_get_order(tmp->ec); in sae_set_group()
54 tmp->dh = dh_groups_get(group); in sae_set_group()
55 if (tmp->dh) { in sae_set_group()
59 tmp->prime_len = tmp->dh->prime_len; in sae_set_group()
60 if (tmp->prime_len > SAE_MAX_PRIME_LEN) { in sae_set_group()
65 tmp->prime_buf = crypto_bignum_init_set(tmp->dh->prime, in sae_set_group()
66 tmp->prime_len); in sae_set_group()
67 if (tmp->prime_buf == NULL) { in sae_set_group()
71 tmp->prime = tmp->prime_buf; in sae_set_group()
73 tmp->order_len = tmp->dh->order_len; in sae_set_group()
74 tmp->order_buf = crypto_bignum_init_set(tmp->dh->order, in sae_set_group()
75 tmp->dh->order_len); in sae_set_group()
76 if (tmp->order_buf == NULL) { in sae_set_group()
80 tmp->order = tmp->order_buf; in sae_set_group()
94 struct sae_temporary_data *tmp; in sae_clear_temp_data() local
95 if (sae == NULL || sae->tmp == NULL) in sae_clear_temp_data()
97 tmp = sae->tmp; in sae_clear_temp_data()
98 crypto_ec_deinit(tmp->ec); in sae_clear_temp_data()
99 crypto_bignum_deinit(tmp->prime_buf, 0); in sae_clear_temp_data()
100 crypto_bignum_deinit(tmp->order_buf, 0); in sae_clear_temp_data()
101 crypto_bignum_deinit(tmp->sae_rand, 1); in sae_clear_temp_data()
102 crypto_bignum_deinit(tmp->pwe_ffc, 1); in sae_clear_temp_data()
103 crypto_bignum_deinit(tmp->own_commit_scalar, 0); in sae_clear_temp_data()
104 crypto_bignum_deinit(tmp->own_commit_element_ffc, 0); in sae_clear_temp_data()
105 crypto_bignum_deinit(tmp->peer_commit_element_ffc, 0); in sae_clear_temp_data()
106 crypto_ec_point_deinit(tmp->pwe_ecc, 1); in sae_clear_temp_data()
107 crypto_ec_point_deinit(tmp->own_commit_element_ecc, 0); in sae_clear_temp_data()
108 crypto_ec_point_deinit(tmp->peer_commit_element_ecc, 0); in sae_clear_temp_data()
109 wpabuf_free(tmp->anti_clogging_token); in sae_clear_temp_data()
110 os_free(tmp->pw_id); in sae_clear_temp_data()
111 bin_clear_free(tmp, sizeof(*tmp)); in sae_clear_temp_data()
112 sae->tmp = NULL; in sae_clear_temp_data()
153 bits = crypto_ec_prime_len_bits(sae->tmp->ec); in sae_test_pwd_seed_ecc()
155 prime, sae->tmp->prime_len, pwd_value, bits) < 0) in sae_test_pwd_seed_ecc()
158 buf_shift_right(pwd_value, sae->tmp->prime_len, 8 - bits % 8); in sae_test_pwd_seed_ecc()
160 pwd_value, sae->tmp->prime_len); in sae_test_pwd_seed_ecc()
162 cmp_prime = const_time_memcmp(pwd_value, prime, sae->tmp->prime_len); in sae_test_pwd_seed_ecc()
170 x_cand = crypto_bignum_init_set(pwd_value, sae->tmp->prime_len); in sae_test_pwd_seed_ecc()
173 y_sqr = crypto_ec_point_compute_y_sqr(sae->tmp->ec, x_cand); in sae_test_pwd_seed_ecc()
178 res = dragonfly_is_quadratic_residue_blind(sae->tmp->ec, qr, qnr, in sae_test_pwd_seed_ecc()
193 size_t bits = sae->tmp->prime_len * 8; in sae_test_pwd_seed_ffc()
203 sae->tmp->dh->prime, sae->tmp->prime_len, pwd_value, in sae_test_pwd_seed_ffc()
207 sae->tmp->prime_len); in sae_test_pwd_seed_ffc()
210 res = const_time_memcmp(pwd_value, sae->tmp->dh->prime, in sae_test_pwd_seed_ffc()
211 sae->tmp->prime_len); in sae_test_pwd_seed_ffc()
225 a = crypto_bignum_init_set(pwd_value, sae->tmp->prime_len); in sae_test_pwd_seed_ffc()
232 if (sae->tmp->dh->safe_prime) { in sae_test_pwd_seed_ffc()
244 crypto_bignum_sub(sae->tmp->prime, b, b) < 0 || in sae_test_pwd_seed_ffc()
245 crypto_bignum_div(b, sae->tmp->order, b) < 0) in sae_test_pwd_seed_ffc()
252 res = crypto_bignum_exptmod(a, b, sae->tmp->prime, pwe); in sae_test_pwd_seed_ffc()
306 prime_len = sae->tmp->prime_len; in sae_derive_pwe_ecc()
307 if (crypto_bignum_to_bin(sae->tmp->prime, prime, sizeof(prime), in sae_derive_pwe_ecc()
315 if (dragonfly_get_random_qr_qnr(sae->tmp->prime, &qr, &qnr) < 0 || in sae_derive_pwe_ecc()
405 if (!sae->tmp->pwe_ecc) in sae_derive_pwe_ecc()
406 sae->tmp->pwe_ecc = crypto_ec_point_init(sae->tmp->ec); in sae_derive_pwe_ecc()
407 if (!sae->tmp->pwe_ecc) in sae_derive_pwe_ecc()
410 res = crypto_ec_point_solve_y_coord(sae->tmp->ec, in sae_derive_pwe_ecc()
411 sae->tmp->pwe_ecc, x, in sae_derive_pwe_ecc()
447 size_t prime_len = sae->tmp->prime_len * 8; in sae_derive_pwe_ffc()
450 crypto_bignum_deinit(sae->tmp->pwe_ffc, 1); in sae_derive_pwe_ffc()
451 sae->tmp->pwe_ffc = NULL; in sae_derive_pwe_ffc()
520 sae->tmp->pwe_ffc = crypto_bignum_init_set(pwe_buf, prime_len); in sae_derive_pwe_ffc()
524 return sae->tmp->pwe_ffc ? 0 : -1; in sae_derive_pwe_ffc()
532 if (!sae->tmp->own_commit_element_ecc) { in sae_derive_commit_element_ecc()
533 sae->tmp->own_commit_element_ecc = in sae_derive_commit_element_ecc()
534 crypto_ec_point_init(sae->tmp->ec); in sae_derive_commit_element_ecc()
535 if (!sae->tmp->own_commit_element_ecc) in sae_derive_commit_element_ecc()
539 if (crypto_ec_point_mul(sae->tmp->ec, sae->tmp->pwe_ecc, mask, in sae_derive_commit_element_ecc()
540 sae->tmp->own_commit_element_ecc) < 0 || in sae_derive_commit_element_ecc()
541 crypto_ec_point_invert(sae->tmp->ec, in sae_derive_commit_element_ecc()
542 sae->tmp->own_commit_element_ecc) < 0) { in sae_derive_commit_element_ecc()
555 if (!sae->tmp->own_commit_element_ffc) { in sae_derive_commit_element_ffc()
556 sae->tmp->own_commit_element_ffc = crypto_bignum_init(); in sae_derive_commit_element_ffc()
557 if (!sae->tmp->own_commit_element_ffc) in sae_derive_commit_element_ffc()
561 if (crypto_bignum_exptmod(sae->tmp->pwe_ffc, mask, sae->tmp->prime, in sae_derive_commit_element_ffc()
562 sae->tmp->own_commit_element_ffc) < 0 || in sae_derive_commit_element_ffc()
563 crypto_bignum_inverse(sae->tmp->own_commit_element_ffc, in sae_derive_commit_element_ffc()
564 sae->tmp->prime, in sae_derive_commit_element_ffc()
565 sae->tmp->own_commit_element_ffc) < 0) { in sae_derive_commit_element_ffc()
580 if (!sae->tmp->sae_rand) in sae_derive_commit()
581 sae->tmp->sae_rand = crypto_bignum_init(); in sae_derive_commit()
582 if (!sae->tmp->own_commit_scalar) in sae_derive_commit()
583 sae->tmp->own_commit_scalar = crypto_bignum_init(); in sae_derive_commit()
584 ret = !mask || !sae->tmp->sae_rand || !sae->tmp->own_commit_scalar || in sae_derive_commit()
585 dragonfly_generate_scalar(sae->tmp->order, sae->tmp->sae_rand, in sae_derive_commit()
587 sae->tmp->own_commit_scalar) < 0 || in sae_derive_commit()
588 (sae->tmp->ec && in sae_derive_commit()
590 (sae->tmp->dh && in sae_derive_commit()
601 if (sae->tmp == NULL || in sae_prepare_commit()
602 (sae->tmp->ec && sae_derive_pwe_ecc(sae, addr1, addr2, password, in sae_prepare_commit()
605 (sae->tmp->dh && sae_derive_pwe_ffc(sae, addr1, addr2, password, in sae_prepare_commit()
619 K = crypto_ec_point_init(sae->tmp->ec); in sae_derive_k_ecc()
630 if (crypto_ec_point_mul(sae->tmp->ec, sae->tmp->pwe_ecc, in sae_derive_k_ecc()
632 crypto_ec_point_add(sae->tmp->ec, K, in sae_derive_k_ecc()
633 sae->tmp->peer_commit_element_ecc, K) < 0 || in sae_derive_k_ecc()
634 crypto_ec_point_mul(sae->tmp->ec, K, sae->tmp->sae_rand, K) < 0 || in sae_derive_k_ecc()
635 crypto_ec_point_is_at_infinity(sae->tmp->ec, K) || in sae_derive_k_ecc()
636 crypto_ec_point_to_bin(sae->tmp->ec, K, k, NULL) < 0) { in sae_derive_k_ecc()
641 wpa_hexdump_key(MSG_DEBUG, "SAE: k", k, sae->tmp->prime_len); in sae_derive_k_ecc()
666 if (crypto_bignum_exptmod(sae->tmp->pwe_ffc, sae->peer_commit_scalar, in sae_derive_k_ffc()
667 sae->tmp->prime, K) < 0 || in sae_derive_k_ffc()
668 crypto_bignum_mulmod(K, sae->tmp->peer_commit_element_ffc, in sae_derive_k_ffc()
669 sae->tmp->prime, K) < 0 || in sae_derive_k_ffc()
670 crypto_bignum_exptmod(K, sae->tmp->sae_rand, sae->tmp->prime, K) < 0 in sae_derive_k_ffc()
673 crypto_bignum_to_bin(K, k, SAE_MAX_PRIME_LEN, sae->tmp->prime_len) < in sae_derive_k_ffc()
679 wpa_hexdump_key(MSG_DEBUG, "SAE: k", k, sae->tmp->prime_len); in sae_derive_k_ffc()
693 struct crypto_bignum *tmp; in sae_derive_keys() local
696 tmp = crypto_bignum_init(); in sae_derive_keys()
697 if (tmp == NULL) in sae_derive_keys()
707 hmac_sha256(null_key, sizeof(null_key), k, sae->tmp->prime_len, in sae_derive_keys()
711 crypto_bignum_add(sae->tmp->own_commit_scalar, sae->peer_commit_scalar, in sae_derive_keys()
712 tmp); in sae_derive_keys()
713 crypto_bignum_mod(tmp, sae->tmp->order, tmp); in sae_derive_keys()
720 crypto_bignum_to_bin(tmp, val, sizeof(val), sae->tmp->order_len); in sae_derive_keys()
723 val, sae->tmp->order_len, keys, sizeof(keys)) < 0) in sae_derive_keys()
726 os_memcpy(sae->tmp->kck, keys, SAE_KCK_LEN); in sae_derive_keys()
730 wpa_hexdump_key(MSG_DEBUG, "SAE: KCK", sae->tmp->kck, SAE_KCK_LEN); in sae_derive_keys()
735 crypto_bignum_deinit(tmp, 0); in sae_derive_keys()
743 if (sae->tmp == NULL || in sae_process_commit()
744 (sae->tmp->ec && sae_derive_k_ecc(sae, k) < 0) || in sae_process_commit()
745 (sae->tmp->dh && sae_derive_k_ffc(sae, k) < 0) || in sae_process_commit()
757 if (sae->tmp == NULL) in sae_write_commit()
766 pos = wpabuf_put(buf, sae->tmp->prime_len); in sae_write_commit()
767 crypto_bignum_to_bin(sae->tmp->own_commit_scalar, pos, in sae_write_commit()
768 sae->tmp->prime_len, sae->tmp->prime_len); in sae_write_commit()
770 pos, sae->tmp->prime_len); in sae_write_commit()
771 if (sae->tmp->ec) { in sae_write_commit()
772 pos = wpabuf_put(buf, 2 * sae->tmp->prime_len); in sae_write_commit()
773 crypto_ec_point_to_bin(sae->tmp->ec, in sae_write_commit()
774 sae->tmp->own_commit_element_ecc, in sae_write_commit()
775 pos, pos + sae->tmp->prime_len); in sae_write_commit()
777 pos, sae->tmp->prime_len); in sae_write_commit()
779 pos + sae->tmp->prime_len, sae->tmp->prime_len); in sae_write_commit()
781 pos = wpabuf_put(buf, sae->tmp->prime_len); in sae_write_commit()
782 crypto_bignum_to_bin(sae->tmp->own_commit_element_ffc, pos, in sae_write_commit()
783 sae->tmp->prime_len, sae->tmp->prime_len); in sae_write_commit()
785 pos, sae->tmp->prime_len); in sae_write_commit()
827 if (sae->tmp == NULL) { in sae_group_allowed()
832 if (sae->tmp->dh && !allowed_groups) { in sae_group_allowed()
864 scalar_elem_len = (sae->tmp->ec ? 3 : 2) * sae->tmp->prime_len; in sae_parse_commit_token()
914 if (sae->tmp->prime_len > end - *pos) { in sae_parse_commit_scalar()
919 peer_scalar = crypto_bignum_init_set(*pos, sae->tmp->prime_len); in sae_parse_commit_scalar()
940 crypto_bignum_cmp(peer_scalar, sae->tmp->order) >= 0) { in sae_parse_commit_scalar()
950 *pos, sae->tmp->prime_len); in sae_parse_commit_scalar()
951 *pos += sae->tmp->prime_len; in sae_parse_commit_scalar()
962 if (2 * sae->tmp->prime_len > end - *pos) { in sae_parse_commit_element_ecc()
968 if (crypto_bignum_to_bin(sae->tmp->prime, prime, sizeof(prime), in sae_parse_commit_element_ecc()
969 sae->tmp->prime_len) < 0) in sae_parse_commit_element_ecc()
973 if (os_memcmp(*pos, prime, sae->tmp->prime_len) >= 0 || in sae_parse_commit_element_ecc()
974 os_memcmp(*pos + sae->tmp->prime_len, prime, in sae_parse_commit_element_ecc()
975 sae->tmp->prime_len) >= 0) { in sae_parse_commit_element_ecc()
982 *pos, sae->tmp->prime_len); in sae_parse_commit_element_ecc()
984 *pos + sae->tmp->prime_len, sae->tmp->prime_len); in sae_parse_commit_element_ecc()
986 crypto_ec_point_deinit(sae->tmp->peer_commit_element_ecc, 0); in sae_parse_commit_element_ecc()
987 sae->tmp->peer_commit_element_ecc = in sae_parse_commit_element_ecc()
988 crypto_ec_point_from_bin(sae->tmp->ec, *pos); in sae_parse_commit_element_ecc()
989 if (sae->tmp->peer_commit_element_ecc == NULL) in sae_parse_commit_element_ecc()
992 if (!crypto_ec_point_is_on_curve(sae->tmp->ec, in sae_parse_commit_element_ecc()
993 sae->tmp->peer_commit_element_ecc)) { in sae_parse_commit_element_ecc()
998 *pos += 2 * sae->tmp->prime_len; in sae_parse_commit_element_ecc()
1010 if (sae->tmp->prime_len > end - *pos) { in sae_parse_commit_element_ffc()
1016 sae->tmp->prime_len); in sae_parse_commit_element_ffc()
1018 crypto_bignum_deinit(sae->tmp->peer_commit_element_ffc, 0); in sae_parse_commit_element_ffc()
1019 sae->tmp->peer_commit_element_ffc = in sae_parse_commit_element_ffc()
1020 crypto_bignum_init_set(*pos, sae->tmp->prime_len); in sae_parse_commit_element_ffc()
1021 if (sae->tmp->peer_commit_element_ffc == NULL) in sae_parse_commit_element_ffc()
1027 crypto_bignum_sub(sae->tmp->prime, one, res) || in sae_parse_commit_element_ffc()
1028 crypto_bignum_is_zero(sae->tmp->peer_commit_element_ffc) || in sae_parse_commit_element_ffc()
1029 crypto_bignum_is_one(sae->tmp->peer_commit_element_ffc) || in sae_parse_commit_element_ffc()
1030 crypto_bignum_cmp(sae->tmp->peer_commit_element_ffc, res) >= 0) { in sae_parse_commit_element_ffc()
1039 if (crypto_bignum_exptmod(sae->tmp->peer_commit_element_ffc, in sae_parse_commit_element_ffc()
1040 sae->tmp->order, sae->tmp->prime, res) < 0 || in sae_parse_commit_element_ffc()
1048 *pos += sae->tmp->prime_len; in sae_parse_commit_element_ffc()
1057 if (sae->tmp->dh) in sae_parse_commit_element()
1069 if (sae->tmp->pw_id) { in sae_parse_password_identifier()
1072 sae->tmp->pw_id); in sae_parse_password_identifier()
1075 os_free(sae->tmp->pw_id); in sae_parse_password_identifier()
1076 sae->tmp->pw_id = NULL; in sae_parse_password_identifier()
1080 if (sae->tmp->pw_id && in sae_parse_password_identifier()
1081 (pos[1] - 1 != (int) os_strlen(sae->tmp->pw_id) || in sae_parse_password_identifier()
1082 os_memcmp(sae->tmp->pw_id, pos + 3, pos[1] - 1) != 0)) { in sae_parse_password_identifier()
1085 sae->tmp->pw_id); in sae_parse_password_identifier()
1089 os_free(sae->tmp->pw_id); in sae_parse_password_identifier()
1090 sae->tmp->pw_id = os_malloc(pos[1]); in sae_parse_password_identifier()
1091 if (!sae->tmp->pw_id) in sae_parse_password_identifier()
1093 os_memcpy(sae->tmp->pw_id, pos + 3, pos[1] - 1); in sae_parse_password_identifier()
1094 sae->tmp->pw_id[pos[1] - 1] = '\0'; in sae_parse_password_identifier()
1096 sae->tmp->pw_id, pos[1] - 1); in sae_parse_password_identifier()
1137 if (!sae->tmp->own_commit_scalar || in sae_parse_commit()
1138 crypto_bignum_cmp(sae->tmp->own_commit_scalar, in sae_parse_commit()
1140 (sae->tmp->dh && in sae_parse_commit()
1141 (!sae->tmp->own_commit_element_ffc || in sae_parse_commit()
1142 crypto_bignum_cmp(sae->tmp->own_commit_element_ffc, in sae_parse_commit()
1143 sae->tmp->peer_commit_element_ffc) != 0)) || in sae_parse_commit()
1144 (sae->tmp->ec && in sae_parse_commit()
1145 (!sae->tmp->own_commit_element_ecc || in sae_parse_commit()
1146 crypto_ec_point_cmp(sae->tmp->ec, in sae_parse_commit()
1147 sae->tmp->own_commit_element_ecc, in sae_parse_commit()
1148 sae->tmp->peer_commit_element_ecc) != 0))) in sae_parse_commit()
1182 sae->tmp->prime_len); in sae_cn_confirm()
1184 len[1] = sae->tmp->prime_len; in sae_cn_confirm()
1188 sae->tmp->prime_len); in sae_cn_confirm()
1190 len[3] = sae->tmp->prime_len; in sae_cn_confirm()
1193 hmac_sha256_vector(sae->tmp->kck, sizeof(sae->tmp->kck), 5, addr, len, in sae_cn_confirm()
1208 crypto_ec_point_to_bin(sae->tmp->ec, element1, element_b1, in sae_cn_confirm_ecc()
1209 element_b1 + sae->tmp->prime_len); in sae_cn_confirm_ecc()
1210 crypto_ec_point_to_bin(sae->tmp->ec, element2, element_b2, in sae_cn_confirm_ecc()
1211 element_b2 + sae->tmp->prime_len); in sae_cn_confirm_ecc()
1213 sae_cn_confirm(sae, sc, scalar1, element_b1, 2 * sae->tmp->prime_len, in sae_cn_confirm_ecc()
1214 scalar2, element_b2, 2 * sae->tmp->prime_len, confirm); in sae_cn_confirm_ecc()
1229 sae->tmp->prime_len); in sae_cn_confirm_ffc()
1231 sae->tmp->prime_len); in sae_cn_confirm_ffc()
1233 sae_cn_confirm(sae, sc, scalar1, element_b1, sae->tmp->prime_len, in sae_cn_confirm_ffc()
1234 scalar2, element_b2, sae->tmp->prime_len, confirm); in sae_cn_confirm_ffc()
1242 if (sae->tmp == NULL) in sae_write_confirm()
1251 if (sae->tmp->ec) in sae_write_confirm()
1252 sae_cn_confirm_ecc(sae, sc, sae->tmp->own_commit_scalar, in sae_write_confirm()
1253 sae->tmp->own_commit_element_ecc, in sae_write_confirm()
1255 sae->tmp->peer_commit_element_ecc, in sae_write_confirm()
1258 sae_cn_confirm_ffc(sae, sc, sae->tmp->own_commit_scalar, in sae_write_confirm()
1259 sae->tmp->own_commit_element_ffc, in sae_write_confirm()
1261 sae->tmp->peer_commit_element_ffc, in sae_write_confirm()
1277 if (!sae->tmp || !sae->peer_commit_scalar || in sae_check_confirm()
1278 !sae->tmp->own_commit_scalar) { in sae_check_confirm()
1283 if (sae->tmp->ec) { in sae_check_confirm()
1284 if (!sae->tmp->peer_commit_element_ecc || in sae_check_confirm()
1285 !sae->tmp->own_commit_element_ecc) in sae_check_confirm()
1288 sae->tmp->peer_commit_element_ecc, in sae_check_confirm()
1289 sae->tmp->own_commit_scalar, in sae_check_confirm()
1290 sae->tmp->own_commit_element_ecc, in sae_check_confirm()
1293 if (!sae->tmp->peer_commit_element_ffc || in sae_check_confirm()
1294 !sae->tmp->own_commit_element_ffc) in sae_check_confirm()
1297 sae->tmp->peer_commit_element_ffc, in sae_check_confirm()
1298 sae->tmp->own_commit_scalar, in sae_check_confirm()
1299 sae->tmp->own_commit_element_ffc, in sae_check_confirm()