From e8c5e6177d39c7db7eb90534edc5b259628aca98 Mon Sep 17 00:00:00 2001
From: Hauke Mehrtens <hauke@hauke-m.de>
Date: Sun, 8 Sep 2019 23:53:18 +0200
Subject: hostapd: SAE/EAP-pwd side-channel attack update

Fixes this security problem:
* SAE/EAP-pwd side-channel attack update
https://w1.fi/security/2019-6/sae-eap-pwd-side-channel-attack-update.txt

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 7bed9bf10fc8d05df34c7efc66e8b4ade37a1a0c)
---
 ...allow-ECC-groups-with-a-prime-under-256-b.patch | 40 ++++++++++++++++++++++
 1 file changed, 40 insertions(+)
 create mode 100644 package/network/services/hostapd/patches/066-0000-EAP-pwd-Disallow-ECC-groups-with-a-prime-under-256-b.patch

(limited to 'package/network/services/hostapd/patches/066-0000-EAP-pwd-Disallow-ECC-groups-with-a-prime-under-256-b.patch')

diff --git a/package/network/services/hostapd/patches/066-0000-EAP-pwd-Disallow-ECC-groups-with-a-prime-under-256-b.patch b/package/network/services/hostapd/patches/066-0000-EAP-pwd-Disallow-ECC-groups-with-a-prime-under-256-b.patch
new file mode 100644
index 0000000000..2d40516c7c
--- /dev/null
+++ b/package/network/services/hostapd/patches/066-0000-EAP-pwd-Disallow-ECC-groups-with-a-prime-under-256-b.patch
@@ -0,0 +1,40 @@
+From 92e1b96c26a84e503847bdd22ebadf697c4031ad Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <j@w1.fi>
+Date: Sat, 13 Apr 2019 17:20:57 +0300
+Subject: EAP-pwd: Disallow ECC groups with a prime under 256 bits
+
+Based on the SAE implementation guidance update to not allow ECC groups
+with a prime that is under 256 bits, reject groups 25, 26, and 27 in
+EAP-pwd.
+
+Signed-off-by: Jouni Malinen <j@w1.fi>
+---
+ src/eap_common/eap_pwd_common.c | 13 +++++++++++++
+ 1 file changed, 13 insertions(+)
+
+--- a/src/eap_common/eap_pwd_common.c
++++ b/src/eap_common/eap_pwd_common.c
+@@ -85,10 +85,23 @@ static int eap_pwd_kdf(const u8 *key, si
+ }
+ 
+ 
++static int eap_pwd_suitable_group(u16 num)
++{
++	/* Do not allow ECC groups with prime under 256 bits based on guidance
++	 * for the similar design in SAE. */
++	return num == 19 || num == 20 || num == 21 ||
++		num == 28 || num == 29 || num == 30;
++}
++
++
+ EAP_PWD_group * get_eap_pwd_group(u16 num)
+ {
+ 	EAP_PWD_group *grp;
+ 
++	if (!eap_pwd_suitable_group(num)) {
++		wpa_printf(MSG_INFO, "EAP-pwd: unsuitable group %u", num);
++		return NULL;
++	}
+ 	grp = os_zalloc(sizeof(EAP_PWD_group));
+ 	if (!grp)
+ 		return NULL;
-- 
cgit v1.2.3