Lines Matching refs:tmp
24 struct sae_temporary_data *tmp; in sae_set_group() local
36 tmp = sae->tmp = os_zalloc(sizeof(*tmp)); in sae_set_group()
37 if (tmp == NULL) in sae_set_group()
41 tmp->ec = crypto_ec_init(group); in sae_set_group()
42 if (tmp->ec) { in sae_set_group()
46 tmp->prime_len = crypto_ec_prime_len(tmp->ec); in sae_set_group()
47 tmp->prime = crypto_ec_get_prime(tmp->ec); in sae_set_group()
48 tmp->order_len = crypto_ec_order_len(tmp->ec); in sae_set_group()
49 tmp->order = crypto_ec_get_order(tmp->ec); in sae_set_group()
54 tmp->dh = dh_groups_get(group); in sae_set_group()
55 if (tmp->dh) { in sae_set_group()
59 tmp->prime_len = tmp->dh->prime_len; in sae_set_group()
60 if (tmp->prime_len > SAE_MAX_PRIME_LEN) { in sae_set_group()
65 tmp->prime_buf = crypto_bignum_init_set(tmp->dh->prime, in sae_set_group()
66 tmp->prime_len); in sae_set_group()
67 if (tmp->prime_buf == NULL) { in sae_set_group()
71 tmp->prime = tmp->prime_buf; in sae_set_group()
73 tmp->order_len = tmp->dh->order_len; in sae_set_group()
74 tmp->order_buf = crypto_bignum_init_set(tmp->dh->order, in sae_set_group()
75 tmp->dh->order_len); in sae_set_group()
76 if (tmp->order_buf == NULL) { in sae_set_group()
80 tmp->order = tmp->order_buf; in sae_set_group()
94 struct sae_temporary_data *tmp; in sae_clear_temp_data() local
95 if (sae == NULL || sae->tmp == NULL) in sae_clear_temp_data()
97 tmp = sae->tmp; in sae_clear_temp_data()
98 crypto_ec_deinit(tmp->ec); in sae_clear_temp_data()
99 crypto_bignum_deinit(tmp->prime_buf, 0); in sae_clear_temp_data()
100 crypto_bignum_deinit(tmp->order_buf, 0); in sae_clear_temp_data()
101 crypto_bignum_deinit(tmp->sae_rand, 1); in sae_clear_temp_data()
102 crypto_bignum_deinit(tmp->pwe_ffc, 1); in sae_clear_temp_data()
103 crypto_bignum_deinit(tmp->own_commit_scalar, 0); in sae_clear_temp_data()
104 crypto_bignum_deinit(tmp->own_commit_element_ffc, 0); in sae_clear_temp_data()
105 crypto_bignum_deinit(tmp->peer_commit_element_ffc, 0); in sae_clear_temp_data()
106 crypto_ec_point_deinit(tmp->pwe_ecc, 1); in sae_clear_temp_data()
107 crypto_ec_point_deinit(tmp->own_commit_element_ecc, 0); in sae_clear_temp_data()
108 crypto_ec_point_deinit(tmp->peer_commit_element_ecc, 0); in sae_clear_temp_data()
109 wpabuf_free(tmp->anti_clogging_token); in sae_clear_temp_data()
110 os_free(tmp->pw_id); in sae_clear_temp_data()
111 bin_clear_free(tmp, sizeof(*tmp)); in sae_clear_temp_data()
112 sae->tmp = NULL; in sae_clear_temp_data()
153 bits = crypto_ec_prime_len_bits(sae->tmp->ec); in sae_test_pwd_seed_ecc()
155 prime, sae->tmp->prime_len, pwd_value, bits) < 0) in sae_test_pwd_seed_ecc()
158 buf_shift_right(pwd_value, sae->tmp->prime_len, 8 - bits % 8); in sae_test_pwd_seed_ecc()
160 pwd_value, sae->tmp->prime_len); in sae_test_pwd_seed_ecc()
162 cmp_prime = const_time_memcmp(pwd_value, prime, sae->tmp->prime_len); in sae_test_pwd_seed_ecc()
170 x_cand = crypto_bignum_init_set(pwd_value, sae->tmp->prime_len); in sae_test_pwd_seed_ecc()
173 y_sqr = crypto_ec_point_compute_y_sqr(sae->tmp->ec, x_cand); in sae_test_pwd_seed_ecc()
178 res = dragonfly_is_quadratic_residue_blind(sae->tmp->ec, qr, qnr, in sae_test_pwd_seed_ecc()
193 size_t bits = sae->tmp->prime_len * 8; in sae_test_pwd_seed_ffc()
203 sae->tmp->dh->prime, sae->tmp->prime_len, pwd_value, in sae_test_pwd_seed_ffc()
207 sae->tmp->prime_len); in sae_test_pwd_seed_ffc()
210 res = const_time_memcmp(pwd_value, sae->tmp->dh->prime, in sae_test_pwd_seed_ffc()
211 sae->tmp->prime_len); in sae_test_pwd_seed_ffc()
225 a = crypto_bignum_init_set(pwd_value, sae->tmp->prime_len); in sae_test_pwd_seed_ffc()
232 if (sae->tmp->dh->safe_prime) { in sae_test_pwd_seed_ffc()
244 crypto_bignum_sub(sae->tmp->prime, b, b) < 0 || in sae_test_pwd_seed_ffc()
245 crypto_bignum_div(b, sae->tmp->order, b) < 0) in sae_test_pwd_seed_ffc()
252 res = crypto_bignum_exptmod(a, b, sae->tmp->prime, pwe); in sae_test_pwd_seed_ffc()
308 prime_len = sae->tmp->prime_len; in sae_derive_pwe_ecc()
309 if (crypto_bignum_to_bin(sae->tmp->prime, prime, sizeof(prime), in sae_derive_pwe_ecc()
317 if (dragonfly_get_random_qr_qnr(sae->tmp->prime, &qr, &qnr) < 0 || in sae_derive_pwe_ecc()
414 y = crypto_ec_point_compute_y_sqr(sae->tmp->ec, x); in sae_derive_pwe_ecc()
416 dragonfly_sqrt(sae->tmp->ec, y, y) < 0 || in sae_derive_pwe_ecc()
419 crypto_bignum_sub(sae->tmp->prime, y, y) < 0 || in sae_derive_pwe_ecc()
431 crypto_ec_point_deinit(sae->tmp->pwe_ecc, 1); in sae_derive_pwe_ecc()
432 sae->tmp->pwe_ecc = crypto_ec_point_from_bin(sae->tmp->ec, x_y); in sae_derive_pwe_ecc()
433 if (!sae->tmp->pwe_ecc) { in sae_derive_pwe_ecc()
466 size_t prime_len = sae->tmp->prime_len * 8; in sae_derive_pwe_ffc()
469 crypto_bignum_deinit(sae->tmp->pwe_ffc, 1); in sae_derive_pwe_ffc()
470 sae->tmp->pwe_ffc = NULL; in sae_derive_pwe_ffc()
539 sae->tmp->pwe_ffc = crypto_bignum_init_set(pwe_buf, prime_len); in sae_derive_pwe_ffc()
543 return sae->tmp->pwe_ffc ? 0 : -1; in sae_derive_pwe_ffc()
551 if (!sae->tmp->own_commit_element_ecc) { in sae_derive_commit_element_ecc()
552 sae->tmp->own_commit_element_ecc = in sae_derive_commit_element_ecc()
553 crypto_ec_point_init(sae->tmp->ec); in sae_derive_commit_element_ecc()
554 if (!sae->tmp->own_commit_element_ecc) in sae_derive_commit_element_ecc()
558 if (crypto_ec_point_mul(sae->tmp->ec, sae->tmp->pwe_ecc, mask, in sae_derive_commit_element_ecc()
559 sae->tmp->own_commit_element_ecc) < 0 || in sae_derive_commit_element_ecc()
560 crypto_ec_point_invert(sae->tmp->ec, in sae_derive_commit_element_ecc()
561 sae->tmp->own_commit_element_ecc) < 0) { in sae_derive_commit_element_ecc()
574 if (!sae->tmp->own_commit_element_ffc) { in sae_derive_commit_element_ffc()
575 sae->tmp->own_commit_element_ffc = crypto_bignum_init(); in sae_derive_commit_element_ffc()
576 if (!sae->tmp->own_commit_element_ffc) in sae_derive_commit_element_ffc()
580 if (crypto_bignum_exptmod(sae->tmp->pwe_ffc, mask, sae->tmp->prime, in sae_derive_commit_element_ffc()
581 sae->tmp->own_commit_element_ffc) < 0 || in sae_derive_commit_element_ffc()
582 crypto_bignum_inverse(sae->tmp->own_commit_element_ffc, in sae_derive_commit_element_ffc()
583 sae->tmp->prime, in sae_derive_commit_element_ffc()
584 sae->tmp->own_commit_element_ffc) < 0) { in sae_derive_commit_element_ffc()
599 if (!sae->tmp->sae_rand) in sae_derive_commit()
600 sae->tmp->sae_rand = crypto_bignum_init(); in sae_derive_commit()
601 if (!sae->tmp->own_commit_scalar) in sae_derive_commit()
602 sae->tmp->own_commit_scalar = crypto_bignum_init(); in sae_derive_commit()
603 ret = !mask || !sae->tmp->sae_rand || !sae->tmp->own_commit_scalar || in sae_derive_commit()
604 dragonfly_generate_scalar(sae->tmp->order, sae->tmp->sae_rand, in sae_derive_commit()
606 sae->tmp->own_commit_scalar) < 0 || in sae_derive_commit()
607 (sae->tmp->ec && in sae_derive_commit()
609 (sae->tmp->dh && in sae_derive_commit()
620 if (sae->tmp == NULL || in sae_prepare_commit()
621 (sae->tmp->ec && sae_derive_pwe_ecc(sae, addr1, addr2, password, in sae_prepare_commit()
624 (sae->tmp->dh && sae_derive_pwe_ffc(sae, addr1, addr2, password, in sae_prepare_commit()
638 K = crypto_ec_point_init(sae->tmp->ec); in sae_derive_k_ecc()
649 if (crypto_ec_point_mul(sae->tmp->ec, sae->tmp->pwe_ecc, in sae_derive_k_ecc()
651 crypto_ec_point_add(sae->tmp->ec, K, in sae_derive_k_ecc()
652 sae->tmp->peer_commit_element_ecc, K) < 0 || in sae_derive_k_ecc()
653 crypto_ec_point_mul(sae->tmp->ec, K, sae->tmp->sae_rand, K) < 0 || in sae_derive_k_ecc()
654 crypto_ec_point_is_at_infinity(sae->tmp->ec, K) || in sae_derive_k_ecc()
655 crypto_ec_point_to_bin(sae->tmp->ec, K, k, NULL) < 0) { in sae_derive_k_ecc()
660 wpa_hexdump_key(MSG_DEBUG, "SAE: k", k, sae->tmp->prime_len); in sae_derive_k_ecc()
685 if (crypto_bignum_exptmod(sae->tmp->pwe_ffc, sae->peer_commit_scalar, in sae_derive_k_ffc()
686 sae->tmp->prime, K) < 0 || in sae_derive_k_ffc()
687 crypto_bignum_mulmod(K, sae->tmp->peer_commit_element_ffc, in sae_derive_k_ffc()
688 sae->tmp->prime, K) < 0 || in sae_derive_k_ffc()
689 crypto_bignum_exptmod(K, sae->tmp->sae_rand, sae->tmp->prime, K) < 0 in sae_derive_k_ffc()
692 crypto_bignum_to_bin(K, k, SAE_MAX_PRIME_LEN, sae->tmp->prime_len) < in sae_derive_k_ffc()
698 wpa_hexdump_key(MSG_DEBUG, "SAE: k", k, sae->tmp->prime_len); in sae_derive_k_ffc()
712 struct crypto_bignum *tmp; in sae_derive_keys() local
715 tmp = crypto_bignum_init(); in sae_derive_keys()
716 if (tmp == NULL) in sae_derive_keys()
726 hmac_sha256(null_key, sizeof(null_key), k, sae->tmp->prime_len, in sae_derive_keys()
730 crypto_bignum_add(sae->tmp->own_commit_scalar, sae->peer_commit_scalar, in sae_derive_keys()
731 tmp); in sae_derive_keys()
732 crypto_bignum_mod(tmp, sae->tmp->order, tmp); in sae_derive_keys()
739 crypto_bignum_to_bin(tmp, val, sizeof(val), sae->tmp->order_len); in sae_derive_keys()
742 val, sae->tmp->order_len, keys, sizeof(keys)) < 0) in sae_derive_keys()
745 os_memcpy(sae->tmp->kck, keys, SAE_KCK_LEN); in sae_derive_keys()
749 wpa_hexdump_key(MSG_DEBUG, "SAE: KCK", sae->tmp->kck, SAE_KCK_LEN); in sae_derive_keys()
754 crypto_bignum_deinit(tmp, 0); in sae_derive_keys()
762 if (sae->tmp == NULL || in sae_process_commit()
763 (sae->tmp->ec && sae_derive_k_ecc(sae, k) < 0) || in sae_process_commit()
764 (sae->tmp->dh && sae_derive_k_ffc(sae, k) < 0) || in sae_process_commit()
776 if (sae->tmp == NULL) in sae_write_commit()
785 pos = wpabuf_put(buf, sae->tmp->prime_len); in sae_write_commit()
786 crypto_bignum_to_bin(sae->tmp->own_commit_scalar, pos, in sae_write_commit()
787 sae->tmp->prime_len, sae->tmp->prime_len); in sae_write_commit()
789 pos, sae->tmp->prime_len); in sae_write_commit()
790 if (sae->tmp->ec) { in sae_write_commit()
791 pos = wpabuf_put(buf, 2 * sae->tmp->prime_len); in sae_write_commit()
792 crypto_ec_point_to_bin(sae->tmp->ec, in sae_write_commit()
793 sae->tmp->own_commit_element_ecc, in sae_write_commit()
794 pos, pos + sae->tmp->prime_len); in sae_write_commit()
796 pos, sae->tmp->prime_len); in sae_write_commit()
798 pos + sae->tmp->prime_len, sae->tmp->prime_len); in sae_write_commit()
800 pos = wpabuf_put(buf, sae->tmp->prime_len); in sae_write_commit()
801 crypto_bignum_to_bin(sae->tmp->own_commit_element_ffc, pos, in sae_write_commit()
802 sae->tmp->prime_len, sae->tmp->prime_len); in sae_write_commit()
804 pos, sae->tmp->prime_len); in sae_write_commit()
846 if (sae->tmp == NULL) { in sae_group_allowed()
851 if (sae->tmp->dh && !allowed_groups) { in sae_group_allowed()
883 scalar_elem_len = (sae->tmp->ec ? 3 : 2) * sae->tmp->prime_len; in sae_parse_commit_token()
933 if (sae->tmp->prime_len > end - *pos) { in sae_parse_commit_scalar()
938 peer_scalar = crypto_bignum_init_set(*pos, sae->tmp->prime_len); in sae_parse_commit_scalar()
959 crypto_bignum_cmp(peer_scalar, sae->tmp->order) >= 0) { in sae_parse_commit_scalar()
969 *pos, sae->tmp->prime_len); in sae_parse_commit_scalar()
970 *pos += sae->tmp->prime_len; in sae_parse_commit_scalar()
981 if (2 * sae->tmp->prime_len > end - *pos) { in sae_parse_commit_element_ecc()
987 if (crypto_bignum_to_bin(sae->tmp->prime, prime, sizeof(prime), in sae_parse_commit_element_ecc()
988 sae->tmp->prime_len) < 0) in sae_parse_commit_element_ecc()
992 if (os_memcmp(*pos, prime, sae->tmp->prime_len) >= 0 || in sae_parse_commit_element_ecc()
993 os_memcmp(*pos + sae->tmp->prime_len, prime, in sae_parse_commit_element_ecc()
994 sae->tmp->prime_len) >= 0) { in sae_parse_commit_element_ecc()
1001 *pos, sae->tmp->prime_len); in sae_parse_commit_element_ecc()
1003 *pos + sae->tmp->prime_len, sae->tmp->prime_len); in sae_parse_commit_element_ecc()
1005 crypto_ec_point_deinit(sae->tmp->peer_commit_element_ecc, 0); in sae_parse_commit_element_ecc()
1006 sae->tmp->peer_commit_element_ecc = in sae_parse_commit_element_ecc()
1007 crypto_ec_point_from_bin(sae->tmp->ec, *pos); in sae_parse_commit_element_ecc()
1008 if (sae->tmp->peer_commit_element_ecc == NULL) in sae_parse_commit_element_ecc()
1011 if (!crypto_ec_point_is_on_curve(sae->tmp->ec, in sae_parse_commit_element_ecc()
1012 sae->tmp->peer_commit_element_ecc)) { in sae_parse_commit_element_ecc()
1017 *pos += 2 * sae->tmp->prime_len; in sae_parse_commit_element_ecc()
1029 if (sae->tmp->prime_len > end - *pos) { in sae_parse_commit_element_ffc()
1035 sae->tmp->prime_len); in sae_parse_commit_element_ffc()
1037 crypto_bignum_deinit(sae->tmp->peer_commit_element_ffc, 0); in sae_parse_commit_element_ffc()
1038 sae->tmp->peer_commit_element_ffc = in sae_parse_commit_element_ffc()
1039 crypto_bignum_init_set(*pos, sae->tmp->prime_len); in sae_parse_commit_element_ffc()
1040 if (sae->tmp->peer_commit_element_ffc == NULL) in sae_parse_commit_element_ffc()
1046 crypto_bignum_sub(sae->tmp->prime, one, res) || in sae_parse_commit_element_ffc()
1047 crypto_bignum_is_zero(sae->tmp->peer_commit_element_ffc) || in sae_parse_commit_element_ffc()
1048 crypto_bignum_is_one(sae->tmp->peer_commit_element_ffc) || in sae_parse_commit_element_ffc()
1049 crypto_bignum_cmp(sae->tmp->peer_commit_element_ffc, res) >= 0) { in sae_parse_commit_element_ffc()
1058 if (crypto_bignum_exptmod(sae->tmp->peer_commit_element_ffc, in sae_parse_commit_element_ffc()
1059 sae->tmp->order, sae->tmp->prime, res) < 0 || in sae_parse_commit_element_ffc()
1067 *pos += sae->tmp->prime_len; in sae_parse_commit_element_ffc()
1076 if (sae->tmp->dh) in sae_parse_commit_element()
1088 if (sae->tmp->pw_id) { in sae_parse_password_identifier()
1091 sae->tmp->pw_id); in sae_parse_password_identifier()
1094 os_free(sae->tmp->pw_id); in sae_parse_password_identifier()
1095 sae->tmp->pw_id = NULL; in sae_parse_password_identifier()
1099 if (sae->tmp->pw_id && in sae_parse_password_identifier()
1100 (pos[1] - 1 != (int) os_strlen(sae->tmp->pw_id) || in sae_parse_password_identifier()
1101 os_memcmp(sae->tmp->pw_id, pos + 3, pos[1] - 1) != 0)) { in sae_parse_password_identifier()
1104 sae->tmp->pw_id); in sae_parse_password_identifier()
1108 os_free(sae->tmp->pw_id); in sae_parse_password_identifier()
1109 sae->tmp->pw_id = os_malloc(pos[1]); in sae_parse_password_identifier()
1110 if (!sae->tmp->pw_id) in sae_parse_password_identifier()
1112 os_memcpy(sae->tmp->pw_id, pos + 3, pos[1] - 1); in sae_parse_password_identifier()
1113 sae->tmp->pw_id[pos[1] - 1] = '\0'; in sae_parse_password_identifier()
1115 sae->tmp->pw_id, pos[1] - 1); in sae_parse_password_identifier()
1156 if (!sae->tmp->own_commit_scalar || in sae_parse_commit()
1157 crypto_bignum_cmp(sae->tmp->own_commit_scalar, in sae_parse_commit()
1159 (sae->tmp->dh && in sae_parse_commit()
1160 (!sae->tmp->own_commit_element_ffc || in sae_parse_commit()
1161 crypto_bignum_cmp(sae->tmp->own_commit_element_ffc, in sae_parse_commit()
1162 sae->tmp->peer_commit_element_ffc) != 0)) || in sae_parse_commit()
1163 (sae->tmp->ec && in sae_parse_commit()
1164 (!sae->tmp->own_commit_element_ecc || in sae_parse_commit()
1165 crypto_ec_point_cmp(sae->tmp->ec, in sae_parse_commit()
1166 sae->tmp->own_commit_element_ecc, in sae_parse_commit()
1167 sae->tmp->peer_commit_element_ecc) != 0))) in sae_parse_commit()
1201 sae->tmp->prime_len); in sae_cn_confirm()
1203 len[1] = sae->tmp->prime_len; in sae_cn_confirm()
1207 sae->tmp->prime_len); in sae_cn_confirm()
1209 len[3] = sae->tmp->prime_len; in sae_cn_confirm()
1212 hmac_sha256_vector(sae->tmp->kck, sizeof(sae->tmp->kck), 5, addr, len, in sae_cn_confirm()
1227 crypto_ec_point_to_bin(sae->tmp->ec, element1, element_b1, in sae_cn_confirm_ecc()
1228 element_b1 + sae->tmp->prime_len); in sae_cn_confirm_ecc()
1229 crypto_ec_point_to_bin(sae->tmp->ec, element2, element_b2, in sae_cn_confirm_ecc()
1230 element_b2 + sae->tmp->prime_len); in sae_cn_confirm_ecc()
1232 sae_cn_confirm(sae, sc, scalar1, element_b1, 2 * sae->tmp->prime_len, in sae_cn_confirm_ecc()
1233 scalar2, element_b2, 2 * sae->tmp->prime_len, confirm); in sae_cn_confirm_ecc()
1248 sae->tmp->prime_len); in sae_cn_confirm_ffc()
1250 sae->tmp->prime_len); in sae_cn_confirm_ffc()
1252 sae_cn_confirm(sae, sc, scalar1, element_b1, sae->tmp->prime_len, in sae_cn_confirm_ffc()
1253 scalar2, element_b2, sae->tmp->prime_len, confirm); in sae_cn_confirm_ffc()
1261 if (sae->tmp == NULL) in sae_write_confirm()
1270 if (sae->tmp->ec) in sae_write_confirm()
1271 sae_cn_confirm_ecc(sae, sc, sae->tmp->own_commit_scalar, in sae_write_confirm()
1272 sae->tmp->own_commit_element_ecc, in sae_write_confirm()
1274 sae->tmp->peer_commit_element_ecc, in sae_write_confirm()
1277 sae_cn_confirm_ffc(sae, sc, sae->tmp->own_commit_scalar, in sae_write_confirm()
1278 sae->tmp->own_commit_element_ffc, in sae_write_confirm()
1280 sae->tmp->peer_commit_element_ffc, in sae_write_confirm()
1296 if (!sae->tmp || !sae->peer_commit_scalar || in sae_check_confirm()
1297 !sae->tmp->own_commit_scalar) { in sae_check_confirm()
1302 if (sae->tmp->ec) { in sae_check_confirm()
1303 if (!sae->tmp->peer_commit_element_ecc || in sae_check_confirm()
1304 !sae->tmp->own_commit_element_ecc) in sae_check_confirm()
1307 sae->tmp->peer_commit_element_ecc, in sae_check_confirm()
1308 sae->tmp->own_commit_scalar, in sae_check_confirm()
1309 sae->tmp->own_commit_element_ecc, in sae_check_confirm()
1312 if (!sae->tmp->peer_commit_element_ffc || in sae_check_confirm()
1313 !sae->tmp->own_commit_element_ffc) in sae_check_confirm()
1316 sae->tmp->peer_commit_element_ffc, in sae_check_confirm()
1317 sae->tmp->own_commit_scalar, in sae_check_confirm()
1318 sae->tmp->own_commit_element_ffc, in sae_check_confirm()