Lines Matching refs:sae
22 int sae_set_group(struct sae_data *sae, int group) in sae_set_group() argument
35 sae_clear_data(sae); in sae_set_group()
36 tmp = sae->tmp = os_zalloc(sizeof(*tmp)); in sae_set_group()
45 sae->group = group; in sae_set_group()
58 sae->group = group; in sae_set_group()
61 sae_clear_data(sae); in sae_set_group()
68 sae_clear_data(sae); in sae_set_group()
77 sae_clear_data(sae); in sae_set_group()
92 void sae_clear_temp_data(struct sae_data *sae) in sae_clear_temp_data() argument
95 if (sae == NULL || sae->tmp == NULL) in sae_clear_temp_data()
97 tmp = sae->tmp; in sae_clear_temp_data()
112 sae->tmp = NULL; in sae_clear_temp_data()
116 void sae_clear_data(struct sae_data *sae) in sae_clear_data() argument
118 if (sae == NULL) in sae_clear_data()
120 sae_clear_temp_data(sae); in sae_clear_data()
121 crypto_bignum_deinit(sae->peer_commit_scalar, 0); in sae_clear_data()
122 os_memset(sae, 0, sizeof(*sae)); in sae_clear_data()
140 static int sae_test_pwd_seed_ecc(struct sae_data *sae, const u8 *pwd_seed, in sae_test_pwd_seed_ecc() argument
153 bits = crypto_ec_prime_len_bits(sae->tmp->ec); in sae_test_pwd_seed_ecc()
155 prime, sae->tmp->prime_len, pwd_value, bits) < 0) in sae_test_pwd_seed_ecc()
158 buf_shift_right(pwd_value, sae->tmp->prime_len, 8 - bits % 8); in sae_test_pwd_seed_ecc()
160 pwd_value, sae->tmp->prime_len); in sae_test_pwd_seed_ecc()
162 cmp_prime = const_time_memcmp(pwd_value, prime, sae->tmp->prime_len); in sae_test_pwd_seed_ecc()
170 x_cand = crypto_bignum_init_set(pwd_value, sae->tmp->prime_len); in sae_test_pwd_seed_ecc()
173 y_sqr = crypto_ec_point_compute_y_sqr(sae->tmp->ec, x_cand); in sae_test_pwd_seed_ecc()
178 res = dragonfly_is_quadratic_residue_blind(sae->tmp->ec, qr, qnr, in sae_test_pwd_seed_ecc()
189 static int sae_test_pwd_seed_ffc(struct sae_data *sae, const u8 *pwd_seed, in sae_test_pwd_seed_ffc() argument
193 size_t bits = sae->tmp->prime_len * 8; in sae_test_pwd_seed_ffc()
203 sae->tmp->dh->prime, sae->tmp->prime_len, pwd_value, in sae_test_pwd_seed_ffc()
207 sae->tmp->prime_len); in sae_test_pwd_seed_ffc()
210 res = const_time_memcmp(pwd_value, sae->tmp->dh->prime, in sae_test_pwd_seed_ffc()
211 sae->tmp->prime_len); in sae_test_pwd_seed_ffc()
225 a = crypto_bignum_init_set(pwd_value, sae->tmp->prime_len); in sae_test_pwd_seed_ffc()
232 if (sae->tmp->dh->safe_prime) { in sae_test_pwd_seed_ffc()
244 crypto_bignum_sub(sae->tmp->prime, b, b) < 0 || in sae_test_pwd_seed_ffc()
245 crypto_bignum_div(b, sae->tmp->order, b) < 0) in sae_test_pwd_seed_ffc()
252 res = crypto_bignum_exptmod(a, b, sae->tmp->prime, pwe); in sae_test_pwd_seed_ffc()
276 static int sae_derive_pwe_ecc(struct sae_data *sae, const u8 *addr1, in sae_derive_pwe_ecc() argument
308 prime_len = sae->tmp->prime_len; in sae_derive_pwe_ecc()
309 if (crypto_bignum_to_bin(sae->tmp->prime, prime, sizeof(prime), in sae_derive_pwe_ecc()
317 if (dragonfly_get_random_qr_qnr(sae->tmp->prime, &qr, &qnr) < 0 || in sae_derive_pwe_ecc()
353 k = dragonfly_min_pwe_loop_iter(sae->group); in sae_derive_pwe_ecc()
371 res = sae_test_pwd_seed_ecc(sae, pwd_seed, in sae_derive_pwe_ecc()
414 y = crypto_ec_point_compute_y_sqr(sae->tmp->ec, x); in sae_derive_pwe_ecc()
416 dragonfly_sqrt(sae->tmp->ec, y, y) < 0 || in sae_derive_pwe_ecc()
419 crypto_bignum_sub(sae->tmp->prime, y, y) < 0 || in sae_derive_pwe_ecc()
431 crypto_ec_point_deinit(sae->tmp->pwe_ecc, 1); in sae_derive_pwe_ecc()
432 sae->tmp->pwe_ecc = crypto_ec_point_from_bin(sae->tmp->ec, x_y); in sae_derive_pwe_ecc()
433 if (!sae->tmp->pwe_ecc) { in sae_derive_pwe_ecc()
453 static int sae_derive_pwe_ffc(struct sae_data *sae, const u8 *addr1, in sae_derive_pwe_ffc() argument
466 size_t prime_len = sae->tmp->prime_len * 8; in sae_derive_pwe_ffc()
469 crypto_bignum_deinit(sae->tmp->pwe_ffc, 1); in sae_derive_pwe_ffc()
470 sae->tmp->pwe_ffc = NULL; in sae_derive_pwe_ffc()
501 k = dragonfly_min_pwe_loop_iter(sae->group); in sae_derive_pwe_ffc()
517 res = sae_test_pwd_seed_ffc(sae, pwd_seed, pwe); in sae_derive_pwe_ffc()
539 sae->tmp->pwe_ffc = crypto_bignum_init_set(pwe_buf, prime_len); in sae_derive_pwe_ffc()
543 return sae->tmp->pwe_ffc ? 0 : -1; in sae_derive_pwe_ffc()
547 static int sae_derive_commit_element_ecc(struct sae_data *sae, in sae_derive_commit_element_ecc() argument
551 if (!sae->tmp->own_commit_element_ecc) { in sae_derive_commit_element_ecc()
552 sae->tmp->own_commit_element_ecc = in sae_derive_commit_element_ecc()
553 crypto_ec_point_init(sae->tmp->ec); in sae_derive_commit_element_ecc()
554 if (!sae->tmp->own_commit_element_ecc) in sae_derive_commit_element_ecc()
558 if (crypto_ec_point_mul(sae->tmp->ec, sae->tmp->pwe_ecc, mask, in sae_derive_commit_element_ecc()
559 sae->tmp->own_commit_element_ecc) < 0 || in sae_derive_commit_element_ecc()
560 crypto_ec_point_invert(sae->tmp->ec, in sae_derive_commit_element_ecc()
561 sae->tmp->own_commit_element_ecc) < 0) { in sae_derive_commit_element_ecc()
570 static int sae_derive_commit_element_ffc(struct sae_data *sae, in sae_derive_commit_element_ffc() argument
574 if (!sae->tmp->own_commit_element_ffc) { in sae_derive_commit_element_ffc()
575 sae->tmp->own_commit_element_ffc = crypto_bignum_init(); in sae_derive_commit_element_ffc()
576 if (!sae->tmp->own_commit_element_ffc) in sae_derive_commit_element_ffc()
580 if (crypto_bignum_exptmod(sae->tmp->pwe_ffc, mask, sae->tmp->prime, in sae_derive_commit_element_ffc()
581 sae->tmp->own_commit_element_ffc) < 0 || in sae_derive_commit_element_ffc()
582 crypto_bignum_inverse(sae->tmp->own_commit_element_ffc, in sae_derive_commit_element_ffc()
583 sae->tmp->prime, in sae_derive_commit_element_ffc()
584 sae->tmp->own_commit_element_ffc) < 0) { in sae_derive_commit_element_ffc()
593 static int sae_derive_commit(struct sae_data *sae) in sae_derive_commit() argument
599 if (!sae->tmp->sae_rand) in sae_derive_commit()
600 sae->tmp->sae_rand = crypto_bignum_init(); in sae_derive_commit()
601 if (!sae->tmp->own_commit_scalar) in sae_derive_commit()
602 sae->tmp->own_commit_scalar = crypto_bignum_init(); in sae_derive_commit()
603 ret = !mask || !sae->tmp->sae_rand || !sae->tmp->own_commit_scalar || in sae_derive_commit()
604 dragonfly_generate_scalar(sae->tmp->order, sae->tmp->sae_rand, in sae_derive_commit()
606 sae->tmp->own_commit_scalar) < 0 || in sae_derive_commit()
607 (sae->tmp->ec && in sae_derive_commit()
608 sae_derive_commit_element_ecc(sae, mask) < 0) || in sae_derive_commit()
609 (sae->tmp->dh && in sae_derive_commit()
610 sae_derive_commit_element_ffc(sae, mask) < 0); in sae_derive_commit()
618 const char *identifier, struct sae_data *sae) in sae_prepare_commit() argument
620 if (sae->tmp == NULL || in sae_prepare_commit()
621 (sae->tmp->ec && sae_derive_pwe_ecc(sae, addr1, addr2, password, in sae_prepare_commit()
624 (sae->tmp->dh && sae_derive_pwe_ffc(sae, addr1, addr2, password, in sae_prepare_commit()
627 sae_derive_commit(sae) < 0) in sae_prepare_commit()
633 static int sae_derive_k_ecc(struct sae_data *sae, u8 *k) in sae_derive_k_ecc() argument
638 K = crypto_ec_point_init(sae->tmp->ec); in sae_derive_k_ecc()
649 if (crypto_ec_point_mul(sae->tmp->ec, sae->tmp->pwe_ecc, in sae_derive_k_ecc()
650 sae->peer_commit_scalar, K) < 0 || in sae_derive_k_ecc()
651 crypto_ec_point_add(sae->tmp->ec, K, in sae_derive_k_ecc()
652 sae->tmp->peer_commit_element_ecc, K) < 0 || in sae_derive_k_ecc()
653 crypto_ec_point_mul(sae->tmp->ec, K, sae->tmp->sae_rand, K) < 0 || in sae_derive_k_ecc()
654 crypto_ec_point_is_at_infinity(sae->tmp->ec, K) || in sae_derive_k_ecc()
655 crypto_ec_point_to_bin(sae->tmp->ec, K, k, NULL) < 0) { in sae_derive_k_ecc()
660 wpa_hexdump_key(MSG_DEBUG, "SAE: k", k, sae->tmp->prime_len); in sae_derive_k_ecc()
669 static int sae_derive_k_ffc(struct sae_data *sae, u8 *k) in sae_derive_k_ffc() argument
685 if (crypto_bignum_exptmod(sae->tmp->pwe_ffc, sae->peer_commit_scalar, in sae_derive_k_ffc()
686 sae->tmp->prime, K) < 0 || in sae_derive_k_ffc()
687 crypto_bignum_mulmod(K, sae->tmp->peer_commit_element_ffc, in sae_derive_k_ffc()
688 sae->tmp->prime, K) < 0 || in sae_derive_k_ffc()
689 crypto_bignum_exptmod(K, sae->tmp->sae_rand, sae->tmp->prime, K) < 0 in sae_derive_k_ffc()
692 crypto_bignum_to_bin(K, k, SAE_MAX_PRIME_LEN, sae->tmp->prime_len) < in sae_derive_k_ffc()
698 wpa_hexdump_key(MSG_DEBUG, "SAE: k", k, sae->tmp->prime_len); in sae_derive_k_ffc()
707 static int sae_derive_keys(struct sae_data *sae, const u8 *k) in sae_derive_keys() argument
726 hmac_sha256(null_key, sizeof(null_key), k, sae->tmp->prime_len, in sae_derive_keys()
730 crypto_bignum_add(sae->tmp->own_commit_scalar, sae->peer_commit_scalar, in sae_derive_keys()
732 crypto_bignum_mod(tmp, sae->tmp->order, tmp); in sae_derive_keys()
739 crypto_bignum_to_bin(tmp, val, sizeof(val), sae->tmp->order_len); in sae_derive_keys()
742 val, sae->tmp->order_len, keys, sizeof(keys)) < 0) in sae_derive_keys()
745 os_memcpy(sae->tmp->kck, keys, SAE_KCK_LEN); in sae_derive_keys()
746 os_memcpy(sae->pmk, keys + SAE_KCK_LEN, SAE_PMK_LEN); in sae_derive_keys()
747 os_memcpy(sae->pmkid, val, SAE_PMKID_LEN); in sae_derive_keys()
749 wpa_hexdump_key(MSG_DEBUG, "SAE: KCK", sae->tmp->kck, SAE_KCK_LEN); in sae_derive_keys()
750 wpa_hexdump_key(MSG_DEBUG, "SAE: PMK", sae->pmk, SAE_PMK_LEN); in sae_derive_keys()
759 int sae_process_commit(struct sae_data *sae) in sae_process_commit() argument
762 if (sae->tmp == NULL || in sae_process_commit()
763 (sae->tmp->ec && sae_derive_k_ecc(sae, k) < 0) || in sae_process_commit()
764 (sae->tmp->dh && sae_derive_k_ffc(sae, k) < 0) || in sae_process_commit()
765 sae_derive_keys(sae, k) < 0) in sae_process_commit()
771 void sae_write_commit(struct sae_data *sae, struct wpabuf *buf, in sae_write_commit() argument
776 if (sae->tmp == NULL) in sae_write_commit()
779 wpabuf_put_le16(buf, sae->group); /* Finite Cyclic Group */ in sae_write_commit()
785 pos = wpabuf_put(buf, sae->tmp->prime_len); in sae_write_commit()
786 crypto_bignum_to_bin(sae->tmp->own_commit_scalar, pos, in sae_write_commit()
787 sae->tmp->prime_len, sae->tmp->prime_len); in sae_write_commit()
789 pos, sae->tmp->prime_len); in sae_write_commit()
790 if (sae->tmp->ec) { in sae_write_commit()
791 pos = wpabuf_put(buf, 2 * sae->tmp->prime_len); in sae_write_commit()
792 crypto_ec_point_to_bin(sae->tmp->ec, in sae_write_commit()
793 sae->tmp->own_commit_element_ecc, in sae_write_commit()
794 pos, pos + sae->tmp->prime_len); in sae_write_commit()
796 pos, sae->tmp->prime_len); in sae_write_commit()
798 pos + sae->tmp->prime_len, sae->tmp->prime_len); in sae_write_commit()
800 pos = wpabuf_put(buf, sae->tmp->prime_len); in sae_write_commit()
801 crypto_bignum_to_bin(sae->tmp->own_commit_element_ffc, pos, in sae_write_commit()
802 sae->tmp->prime_len, sae->tmp->prime_len); in sae_write_commit()
804 pos, sae->tmp->prime_len); in sae_write_commit()
819 u16 sae_group_allowed(struct sae_data *sae, int *allowed_groups, u16 group) in sae_group_allowed() argument
835 if (sae->state == SAE_COMMITTED && group != sae->group) { in sae_group_allowed()
840 if (group != sae->group && sae_set_group(sae, group) < 0) { in sae_group_allowed()
846 if (sae->tmp == NULL) { in sae_group_allowed()
851 if (sae->tmp->dh && !allowed_groups) { in sae_group_allowed()
871 static void sae_parse_commit_token(struct sae_data *sae, const u8 **pos, in sae_parse_commit_token() argument
883 scalar_elem_len = (sae->tmp->ec ? 3 : 2) * sae->tmp->prime_len; in sae_parse_commit_token()
928 static u16 sae_parse_commit_scalar(struct sae_data *sae, const u8 **pos, in sae_parse_commit_scalar() argument
933 if (sae->tmp->prime_len > end - *pos) { in sae_parse_commit_scalar()
938 peer_scalar = crypto_bignum_init_set(*pos, sae->tmp->prime_len); in sae_parse_commit_scalar()
948 if (sae->state == SAE_ACCEPTED && sae->peer_commit_scalar && in sae_parse_commit_scalar()
949 crypto_bignum_cmp(sae->peer_commit_scalar, peer_scalar) == 0) { in sae_parse_commit_scalar()
959 crypto_bignum_cmp(peer_scalar, sae->tmp->order) >= 0) { in sae_parse_commit_scalar()
966 crypto_bignum_deinit(sae->peer_commit_scalar, 0); in sae_parse_commit_scalar()
967 sae->peer_commit_scalar = peer_scalar; in sae_parse_commit_scalar()
969 *pos, sae->tmp->prime_len); in sae_parse_commit_scalar()
970 *pos += sae->tmp->prime_len; in sae_parse_commit_scalar()
976 static u16 sae_parse_commit_element_ecc(struct sae_data *sae, const u8 **pos, in sae_parse_commit_element_ecc() argument
981 if (2 * sae->tmp->prime_len > end - *pos) { in sae_parse_commit_element_ecc()
987 if (crypto_bignum_to_bin(sae->tmp->prime, prime, sizeof(prime), in sae_parse_commit_element_ecc()
988 sae->tmp->prime_len) < 0) in sae_parse_commit_element_ecc()
992 if (os_memcmp(*pos, prime, sae->tmp->prime_len) >= 0 || in sae_parse_commit_element_ecc()
993 os_memcmp(*pos + sae->tmp->prime_len, prime, in sae_parse_commit_element_ecc()
994 sae->tmp->prime_len) >= 0) { in sae_parse_commit_element_ecc()
1001 *pos, sae->tmp->prime_len); in sae_parse_commit_element_ecc()
1003 *pos + sae->tmp->prime_len, sae->tmp->prime_len); in sae_parse_commit_element_ecc()
1005 crypto_ec_point_deinit(sae->tmp->peer_commit_element_ecc, 0); in sae_parse_commit_element_ecc()
1006 sae->tmp->peer_commit_element_ecc = in sae_parse_commit_element_ecc()
1007 crypto_ec_point_from_bin(sae->tmp->ec, *pos); in sae_parse_commit_element_ecc()
1008 if (sae->tmp->peer_commit_element_ecc == NULL) in sae_parse_commit_element_ecc()
1011 if (!crypto_ec_point_is_on_curve(sae->tmp->ec, in sae_parse_commit_element_ecc()
1012 sae->tmp->peer_commit_element_ecc)) { in sae_parse_commit_element_ecc()
1017 *pos += 2 * sae->tmp->prime_len; in sae_parse_commit_element_ecc()
1023 static u16 sae_parse_commit_element_ffc(struct sae_data *sae, const u8 **pos, in sae_parse_commit_element_ffc() argument
1029 if (sae->tmp->prime_len > end - *pos) { in sae_parse_commit_element_ffc()
1035 sae->tmp->prime_len); in sae_parse_commit_element_ffc()
1037 crypto_bignum_deinit(sae->tmp->peer_commit_element_ffc, 0); in sae_parse_commit_element_ffc()
1038 sae->tmp->peer_commit_element_ffc = in sae_parse_commit_element_ffc()
1039 crypto_bignum_init_set(*pos, sae->tmp->prime_len); in sae_parse_commit_element_ffc()
1040 if (sae->tmp->peer_commit_element_ffc == NULL) in sae_parse_commit_element_ffc()
1046 crypto_bignum_sub(sae->tmp->prime, one, res) || in sae_parse_commit_element_ffc()
1047 crypto_bignum_is_zero(sae->tmp->peer_commit_element_ffc) || in sae_parse_commit_element_ffc()
1048 crypto_bignum_is_one(sae->tmp->peer_commit_element_ffc) || in sae_parse_commit_element_ffc()
1049 crypto_bignum_cmp(sae->tmp->peer_commit_element_ffc, res) >= 0) { in sae_parse_commit_element_ffc()
1058 if (crypto_bignum_exptmod(sae->tmp->peer_commit_element_ffc, in sae_parse_commit_element_ffc()
1059 sae->tmp->order, sae->tmp->prime, res) < 0 || in sae_parse_commit_element_ffc()
1067 *pos += sae->tmp->prime_len; in sae_parse_commit_element_ffc()
1073 static u16 sae_parse_commit_element(struct sae_data *sae, const u8 **pos, in sae_parse_commit_element() argument
1076 if (sae->tmp->dh) in sae_parse_commit_element()
1077 return sae_parse_commit_element_ffc(sae, pos, end); in sae_parse_commit_element()
1078 return sae_parse_commit_element_ecc(sae, pos, end); in sae_parse_commit_element()
1082 static int sae_parse_password_identifier(struct sae_data *sae, in sae_parse_password_identifier() argument
1088 if (sae->tmp->pw_id) { in sae_parse_password_identifier()
1091 sae->tmp->pw_id); in sae_parse_password_identifier()
1094 os_free(sae->tmp->pw_id); in sae_parse_password_identifier()
1095 sae->tmp->pw_id = NULL; in sae_parse_password_identifier()
1099 if (sae->tmp->pw_id && in sae_parse_password_identifier()
1100 (pos[1] - 1 != (int) os_strlen(sae->tmp->pw_id) || in sae_parse_password_identifier()
1101 os_memcmp(sae->tmp->pw_id, pos + 3, pos[1] - 1) != 0)) { in sae_parse_password_identifier()
1104 sae->tmp->pw_id); in sae_parse_password_identifier()
1108 os_free(sae->tmp->pw_id); in sae_parse_password_identifier()
1109 sae->tmp->pw_id = os_malloc(pos[1]); in sae_parse_password_identifier()
1110 if (!sae->tmp->pw_id) in sae_parse_password_identifier()
1112 os_memcpy(sae->tmp->pw_id, pos + 3, pos[1] - 1); in sae_parse_password_identifier()
1113 sae->tmp->pw_id[pos[1] - 1] = '\0'; in sae_parse_password_identifier()
1115 sae->tmp->pw_id, pos[1] - 1); in sae_parse_password_identifier()
1120 u16 sae_parse_commit(struct sae_data *sae, const u8 *data, size_t len, in sae_parse_commit() argument
1129 res = sae_group_allowed(sae, allowed_groups, WPA_GET_LE16(pos)); in sae_parse_commit()
1135 sae_parse_commit_token(sae, &pos, end, token, token_len); in sae_parse_commit()
1138 res = sae_parse_commit_scalar(sae, &pos, end); in sae_parse_commit()
1143 res = sae_parse_commit_element(sae, &pos, end); in sae_parse_commit()
1148 res = sae_parse_password_identifier(sae, pos, end); in sae_parse_commit()
1156 if (!sae->tmp->own_commit_scalar || in sae_parse_commit()
1157 crypto_bignum_cmp(sae->tmp->own_commit_scalar, in sae_parse_commit()
1158 sae->peer_commit_scalar) != 0 || in sae_parse_commit()
1159 (sae->tmp->dh && in sae_parse_commit()
1160 (!sae->tmp->own_commit_element_ffc || in sae_parse_commit()
1161 crypto_bignum_cmp(sae->tmp->own_commit_element_ffc, in sae_parse_commit()
1162 sae->tmp->peer_commit_element_ffc) != 0)) || in sae_parse_commit()
1163 (sae->tmp->ec && in sae_parse_commit()
1164 (!sae->tmp->own_commit_element_ecc || in sae_parse_commit()
1165 crypto_ec_point_cmp(sae->tmp->ec, in sae_parse_commit()
1166 sae->tmp->own_commit_element_ecc, in sae_parse_commit()
1167 sae->tmp->peer_commit_element_ecc) != 0))) in sae_parse_commit()
1179 static void sae_cn_confirm(struct sae_data *sae, const u8 *sc, in sae_cn_confirm() argument
1201 sae->tmp->prime_len); in sae_cn_confirm()
1203 len[1] = sae->tmp->prime_len; in sae_cn_confirm()
1207 sae->tmp->prime_len); in sae_cn_confirm()
1209 len[3] = sae->tmp->prime_len; in sae_cn_confirm()
1212 hmac_sha256_vector(sae->tmp->kck, sizeof(sae->tmp->kck), 5, addr, len, in sae_cn_confirm()
1217 static void sae_cn_confirm_ecc(struct sae_data *sae, const u8 *sc, in sae_cn_confirm_ecc() argument
1227 crypto_ec_point_to_bin(sae->tmp->ec, element1, element_b1, in sae_cn_confirm_ecc()
1228 element_b1 + sae->tmp->prime_len); in sae_cn_confirm_ecc()
1229 crypto_ec_point_to_bin(sae->tmp->ec, element2, element_b2, in sae_cn_confirm_ecc()
1230 element_b2 + sae->tmp->prime_len); in sae_cn_confirm_ecc()
1232 sae_cn_confirm(sae, sc, scalar1, element_b1, 2 * sae->tmp->prime_len, in sae_cn_confirm_ecc()
1233 scalar2, element_b2, 2 * sae->tmp->prime_len, confirm); in sae_cn_confirm_ecc()
1237 static void sae_cn_confirm_ffc(struct sae_data *sae, const u8 *sc, in sae_cn_confirm_ffc() argument
1248 sae->tmp->prime_len); in sae_cn_confirm_ffc()
1250 sae->tmp->prime_len); in sae_cn_confirm_ffc()
1252 sae_cn_confirm(sae, sc, scalar1, element_b1, sae->tmp->prime_len, in sae_cn_confirm_ffc()
1253 scalar2, element_b2, sae->tmp->prime_len, confirm); in sae_cn_confirm_ffc()
1257 void sae_write_confirm(struct sae_data *sae, struct wpabuf *buf) in sae_write_confirm() argument
1261 if (sae->tmp == NULL) in sae_write_confirm()
1266 wpabuf_put_le16(buf, sae->send_confirm); in sae_write_confirm()
1267 if (sae->send_confirm < 0xffff) in sae_write_confirm()
1268 sae->send_confirm++; in sae_write_confirm()
1270 if (sae->tmp->ec) in sae_write_confirm()
1271 sae_cn_confirm_ecc(sae, sc, sae->tmp->own_commit_scalar, in sae_write_confirm()
1272 sae->tmp->own_commit_element_ecc, in sae_write_confirm()
1273 sae->peer_commit_scalar, in sae_write_confirm()
1274 sae->tmp->peer_commit_element_ecc, in sae_write_confirm()
1277 sae_cn_confirm_ffc(sae, sc, sae->tmp->own_commit_scalar, in sae_write_confirm()
1278 sae->tmp->own_commit_element_ffc, in sae_write_confirm()
1279 sae->peer_commit_scalar, in sae_write_confirm()
1280 sae->tmp->peer_commit_element_ffc, in sae_write_confirm()
1285 int sae_check_confirm(struct sae_data *sae, const u8 *data, size_t len) in sae_check_confirm() argument
1296 if (!sae->tmp || !sae->peer_commit_scalar || in sae_check_confirm()
1297 !sae->tmp->own_commit_scalar) { in sae_check_confirm()
1302 if (sae->tmp->ec) { in sae_check_confirm()
1303 if (!sae->tmp->peer_commit_element_ecc || in sae_check_confirm()
1304 !sae->tmp->own_commit_element_ecc) in sae_check_confirm()
1306 sae_cn_confirm_ecc(sae, data, sae->peer_commit_scalar, in sae_check_confirm()
1307 sae->tmp->peer_commit_element_ecc, in sae_check_confirm()
1308 sae->tmp->own_commit_scalar, in sae_check_confirm()
1309 sae->tmp->own_commit_element_ecc, in sae_check_confirm()
1312 if (!sae->tmp->peer_commit_element_ffc || in sae_check_confirm()
1313 !sae->tmp->own_commit_element_ffc) in sae_check_confirm()
1315 sae_cn_confirm_ffc(sae, data, sae->peer_commit_scalar, in sae_check_confirm()
1316 sae->tmp->peer_commit_element_ffc, in sae_check_confirm()
1317 sae->tmp->own_commit_scalar, in sae_check_confirm()
1318 sae->tmp->own_commit_element_ffc, in sae_check_confirm()