Lines Matching refs:tmp
22 struct sae_temporary_data *tmp; in sae_set_group() local
25 tmp = sae->tmp = os_zalloc(sizeof(*tmp)); in sae_set_group()
26 if (tmp == NULL) in sae_set_group()
30 tmp->ec = crypto_ec_init(group); in sae_set_group()
31 if (tmp->ec) { in sae_set_group()
33 tmp->prime_len = crypto_ec_prime_len(tmp->ec); in sae_set_group()
34 tmp->prime = crypto_ec_get_prime(tmp->ec); in sae_set_group()
35 tmp->order = crypto_ec_get_order(tmp->ec); in sae_set_group()
40 tmp->dh = dh_groups_get(group); in sae_set_group()
41 if (tmp->dh) { in sae_set_group()
43 tmp->prime_len = tmp->dh->prime_len; in sae_set_group()
44 if (tmp->prime_len > SAE_MAX_PRIME_LEN) { in sae_set_group()
49 tmp->prime_buf = crypto_bignum_init_set(tmp->dh->prime, in sae_set_group()
50 tmp->prime_len); in sae_set_group()
51 if (tmp->prime_buf == NULL) { in sae_set_group()
55 tmp->prime = tmp->prime_buf; in sae_set_group()
57 tmp->order_buf = crypto_bignum_init_set(tmp->dh->order, in sae_set_group()
58 tmp->dh->order_len); in sae_set_group()
59 if (tmp->order_buf == NULL) { in sae_set_group()
63 tmp->order = tmp->order_buf; in sae_set_group()
75 struct sae_temporary_data *tmp; in sae_clear_temp_data() local
76 if (sae == NULL || sae->tmp == NULL) in sae_clear_temp_data()
78 tmp = sae->tmp; in sae_clear_temp_data()
79 crypto_ec_deinit(tmp->ec); in sae_clear_temp_data()
80 crypto_bignum_deinit(tmp->prime_buf, 0); in sae_clear_temp_data()
81 crypto_bignum_deinit(tmp->order_buf, 0); in sae_clear_temp_data()
82 crypto_bignum_deinit(tmp->sae_rand, 1); in sae_clear_temp_data()
83 crypto_bignum_deinit(tmp->pwe_ffc, 1); in sae_clear_temp_data()
84 crypto_bignum_deinit(tmp->own_commit_scalar, 0); in sae_clear_temp_data()
85 crypto_bignum_deinit(tmp->own_commit_element_ffc, 0); in sae_clear_temp_data()
86 crypto_bignum_deinit(tmp->peer_commit_element_ffc, 0); in sae_clear_temp_data()
87 crypto_ec_point_deinit(tmp->pwe_ecc, 1); in sae_clear_temp_data()
88 crypto_ec_point_deinit(tmp->own_commit_element_ecc, 0); in sae_clear_temp_data()
89 crypto_ec_point_deinit(tmp->peer_commit_element_ecc, 0); in sae_clear_temp_data()
90 wpabuf_free(tmp->anti_clogging_token); in sae_clear_temp_data()
91 bin_clear_free(tmp, sizeof(*tmp)); in sae_clear_temp_data()
92 sae->tmp = NULL; in sae_clear_temp_data()
120 int order_len_bits = crypto_bignum_bits(sae->tmp->order); in sae_get_rand()
136 crypto_bignum_cmp(bn, sae->tmp->order) >= 0) { in sae_get_rand()
150 crypto_bignum_deinit(sae->tmp->sae_rand, 1); in sae_get_rand_and_mask()
151 sae->tmp->sae_rand = sae_get_rand(sae); in sae_get_rand_and_mask()
152 if (sae->tmp->sae_rand == NULL) in sae_get_rand_and_mask()
178 u8 tmp[SAE_MAX_ECC_PRIME_LEN]; in get_rand_1_to_p_1() local
180 if (random_get_bytes(tmp, prime_len) < 0) in get_rand_1_to_p_1()
183 buf_shift_right(tmp, prime_len, 8 - prime_bits % 8); in get_rand_1_to_p_1()
184 if (os_memcmp(tmp, prime, prime_len) >= 0) in get_rand_1_to_p_1()
186 r = crypto_bignum_init_set(tmp, prime_len); in get_rand_1_to_p_1()
194 *r_odd = tmp[prime_len - 1] & 0x01; in get_rand_1_to_p_1()
220 r = get_rand_1_to_p_1(prime, sae->tmp->prime_len, bits, &r_odd); in is_quadratic_residue_blind()
226 crypto_bignum_mulmod(y_sqr, r, sae->tmp->prime, num) < 0 || in is_quadratic_residue_blind()
227 crypto_bignum_mulmod(num, r, sae->tmp->prime, num) < 0) in is_quadratic_residue_blind()
235 if (crypto_bignum_mulmod(num, qr, sae->tmp->prime, num) < 0) in is_quadratic_residue_blind()
243 if (crypto_bignum_mulmod(num, qnr, sae->tmp->prime, num) < 0) in is_quadratic_residue_blind()
248 res = crypto_bignum_legendre(num, sae->tmp->prime); in is_quadratic_residue_blind()
277 bits = crypto_ec_prime_len_bits(sae->tmp->ec); in sae_test_pwd_seed_ecc()
279 prime, sae->tmp->prime_len, pwd_value, bits) < 0) in sae_test_pwd_seed_ecc()
284 pwd_value, sae->tmp->prime_len); in sae_test_pwd_seed_ecc()
286 if (os_memcmp(pwd_value, prime, sae->tmp->prime_len) >= 0) in sae_test_pwd_seed_ecc()
289 x_cand = crypto_bignum_init_set(pwd_value, sae->tmp->prime_len); in sae_test_pwd_seed_ecc()
292 y_sqr = crypto_ec_point_compute_y_sqr(sae->tmp->ec, x_cand); in sae_test_pwd_seed_ecc()
314 size_t bits = sae->tmp->prime_len * 8; in sae_test_pwd_seed_ffc()
323 sae->tmp->dh->prime, sae->tmp->prime_len, pwd_value, in sae_test_pwd_seed_ffc()
327 sae->tmp->prime_len); in sae_test_pwd_seed_ffc()
329 if (os_memcmp(pwd_value, sae->tmp->dh->prime, sae->tmp->prime_len) >= 0) in sae_test_pwd_seed_ffc()
337 a = crypto_bignum_init_set(pwd_value, sae->tmp->prime_len); in sae_test_pwd_seed_ffc()
339 if (sae->tmp->dh->safe_prime) { in sae_test_pwd_seed_ffc()
351 crypto_bignum_sub(sae->tmp->prime, b, b) < 0 || in sae_test_pwd_seed_ffc()
352 crypto_bignum_div(b, sae->tmp->order, b) < 0) { in sae_test_pwd_seed_ffc()
361 res = crypto_bignum_exptmod(a, b, sae->tmp->prime, pwe); in sae_test_pwd_seed_ffc()
391 u8 tmp[SAE_MAX_ECC_PRIME_LEN]; in get_random_qr_qnr() local
395 if (random_get_bytes(tmp, prime_len) < 0) in get_random_qr_qnr()
398 buf_shift_right(tmp, prime_len, 8 - prime_bits % 8); in get_random_qr_qnr()
399 if (os_memcmp(tmp, prime, prime_len) >= 0) in get_random_qr_qnr()
401 q = crypto_bignum_init_set(tmp, prime_len); in get_random_qr_qnr()
441 prime_len = sae->tmp->prime_len; in sae_derive_pwe_ecc()
442 if (crypto_bignum_to_bin(sae->tmp->prime, prime, sizeof(prime), in sae_derive_pwe_ecc()
445 bits = crypto_ec_prime_len_bits(sae->tmp->ec); in sae_derive_pwe_ecc()
451 if (get_random_qr_qnr(prime, prime_len, sae->tmp->prime, bits, in sae_derive_pwe_ecc()
520 if (!sae->tmp->pwe_ecc) in sae_derive_pwe_ecc()
521 sae->tmp->pwe_ecc = crypto_ec_point_init(sae->tmp->ec); in sae_derive_pwe_ecc()
522 if (!sae->tmp->pwe_ecc) in sae_derive_pwe_ecc()
525 res = crypto_ec_point_solve_y_coord(sae->tmp->ec, in sae_derive_pwe_ecc()
526 sae->tmp->pwe_ecc, x, in sae_derive_pwe_ecc()
555 if (sae->tmp->pwe_ffc == NULL) { in sae_derive_pwe_ffc()
556 sae->tmp->pwe_ffc = crypto_bignum_init(); in sae_derive_pwe_ffc()
557 if (sae->tmp->pwe_ffc == NULL) in sae_derive_pwe_ffc()
590 res = sae_test_pwd_seed_ffc(sae, pwd_seed, sae->tmp->pwe_ffc); in sae_derive_pwe_ffc()
607 if (!sae->tmp->own_commit_element_ecc) { in sae_derive_commit_element_ecc()
608 sae->tmp->own_commit_element_ecc = in sae_derive_commit_element_ecc()
609 crypto_ec_point_init(sae->tmp->ec); in sae_derive_commit_element_ecc()
610 if (!sae->tmp->own_commit_element_ecc) in sae_derive_commit_element_ecc()
614 if (crypto_ec_point_mul(sae->tmp->ec, sae->tmp->pwe_ecc, mask, in sae_derive_commit_element_ecc()
615 sae->tmp->own_commit_element_ecc) < 0 || in sae_derive_commit_element_ecc()
616 crypto_ec_point_invert(sae->tmp->ec, in sae_derive_commit_element_ecc()
617 sae->tmp->own_commit_element_ecc) < 0) { in sae_derive_commit_element_ecc()
630 if (!sae->tmp->own_commit_element_ffc) { in sae_derive_commit_element_ffc()
631 sae->tmp->own_commit_element_ffc = crypto_bignum_init(); in sae_derive_commit_element_ffc()
632 if (!sae->tmp->own_commit_element_ffc) in sae_derive_commit_element_ffc()
636 if (crypto_bignum_exptmod(sae->tmp->pwe_ffc, mask, sae->tmp->prime, in sae_derive_commit_element_ffc()
637 sae->tmp->own_commit_element_ffc) < 0 || in sae_derive_commit_element_ffc()
638 crypto_bignum_inverse(sae->tmp->own_commit_element_ffc, in sae_derive_commit_element_ffc()
639 sae->tmp->prime, in sae_derive_commit_element_ffc()
640 sae->tmp->own_commit_element_ffc) < 0) { in sae_derive_commit_element_ffc()
674 if (!sae->tmp->own_commit_scalar) { in sae_derive_commit()
675 sae->tmp->own_commit_scalar = crypto_bignum_init(); in sae_derive_commit()
676 if (!sae->tmp->own_commit_scalar) in sae_derive_commit()
679 crypto_bignum_add(sae->tmp->sae_rand, mask, in sae_derive_commit()
680 sae->tmp->own_commit_scalar); in sae_derive_commit()
681 crypto_bignum_mod(sae->tmp->own_commit_scalar, sae->tmp->order, in sae_derive_commit()
682 sae->tmp->own_commit_scalar); in sae_derive_commit()
683 } while (crypto_bignum_is_zero(sae->tmp->own_commit_scalar) || in sae_derive_commit()
684 crypto_bignum_is_one(sae->tmp->own_commit_scalar)); in sae_derive_commit()
686 if ((sae->tmp->ec && sae_derive_commit_element_ecc(sae, mask) < 0) || in sae_derive_commit()
687 (sae->tmp->dh && sae_derive_commit_element_ffc(sae, mask) < 0)) in sae_derive_commit()
701 if (sae->tmp == NULL || in sae_prepare_commit()
702 (sae->tmp->ec && sae_derive_pwe_ecc(sae, addr1, addr2, password, in sae_prepare_commit()
704 (sae->tmp->dh && sae_derive_pwe_ffc(sae, addr1, addr2, password, in sae_prepare_commit()
717 K = crypto_ec_point_init(sae->tmp->ec); in sae_derive_k_ecc()
728 if (crypto_ec_point_mul(sae->tmp->ec, sae->tmp->pwe_ecc, in sae_derive_k_ecc()
730 crypto_ec_point_add(sae->tmp->ec, K, in sae_derive_k_ecc()
731 sae->tmp->peer_commit_element_ecc, K) < 0 || in sae_derive_k_ecc()
732 crypto_ec_point_mul(sae->tmp->ec, K, sae->tmp->sae_rand, K) < 0 || in sae_derive_k_ecc()
733 crypto_ec_point_is_at_infinity(sae->tmp->ec, K) || in sae_derive_k_ecc()
734 crypto_ec_point_to_bin(sae->tmp->ec, K, k, NULL) < 0) { in sae_derive_k_ecc()
739 wpa_hexdump_key(MSG_DEBUG, "SAE: k", k, sae->tmp->prime_len); in sae_derive_k_ecc()
764 if (crypto_bignum_exptmod(sae->tmp->pwe_ffc, sae->peer_commit_scalar, in sae_derive_k_ffc()
765 sae->tmp->prime, K) < 0 || in sae_derive_k_ffc()
766 crypto_bignum_mulmod(K, sae->tmp->peer_commit_element_ffc, in sae_derive_k_ffc()
767 sae->tmp->prime, K) < 0 || in sae_derive_k_ffc()
768 crypto_bignum_exptmod(K, sae->tmp->sae_rand, sae->tmp->prime, K) < 0 in sae_derive_k_ffc()
771 crypto_bignum_to_bin(K, k, SAE_MAX_PRIME_LEN, sae->tmp->prime_len) < in sae_derive_k_ffc()
777 wpa_hexdump_key(MSG_DEBUG, "SAE: k", k, sae->tmp->prime_len); in sae_derive_k_ffc()
791 struct crypto_bignum *tmp; in sae_derive_keys() local
794 tmp = crypto_bignum_init(); in sae_derive_keys()
795 if (tmp == NULL) in sae_derive_keys()
805 hmac_sha256(null_key, sizeof(null_key), k, sae->tmp->prime_len, in sae_derive_keys()
809 crypto_bignum_add(sae->tmp->own_commit_scalar, sae->peer_commit_scalar, in sae_derive_keys()
810 tmp); in sae_derive_keys()
811 crypto_bignum_mod(tmp, sae->tmp->order, tmp); in sae_derive_keys()
812 crypto_bignum_to_bin(tmp, val, sizeof(val), sae->tmp->prime_len); in sae_derive_keys()
815 val, sae->tmp->prime_len, keys, sizeof(keys)) < 0) in sae_derive_keys()
818 os_memcpy(sae->tmp->kck, keys, SAE_KCK_LEN); in sae_derive_keys()
822 wpa_hexdump_key(MSG_DEBUG, "SAE: KCK", sae->tmp->kck, SAE_KCK_LEN); in sae_derive_keys()
827 crypto_bignum_deinit(tmp, 0); in sae_derive_keys()
835 if (sae->tmp == NULL || in sae_process_commit()
836 (sae->tmp->ec && sae_derive_k_ecc(sae, k) < 0) || in sae_process_commit()
837 (sae->tmp->dh && sae_derive_k_ffc(sae, k) < 0) || in sae_process_commit()
849 if (sae->tmp == NULL) in sae_write_commit()
858 pos = wpabuf_put(buf, sae->tmp->prime_len); in sae_write_commit()
859 crypto_bignum_to_bin(sae->tmp->own_commit_scalar, pos, in sae_write_commit()
860 sae->tmp->prime_len, sae->tmp->prime_len); in sae_write_commit()
862 pos, sae->tmp->prime_len); in sae_write_commit()
863 if (sae->tmp->ec) { in sae_write_commit()
864 pos = wpabuf_put(buf, 2 * sae->tmp->prime_len); in sae_write_commit()
865 crypto_ec_point_to_bin(sae->tmp->ec, in sae_write_commit()
866 sae->tmp->own_commit_element_ecc, in sae_write_commit()
867 pos, pos + sae->tmp->prime_len); in sae_write_commit()
869 pos, sae->tmp->prime_len); in sae_write_commit()
871 pos + sae->tmp->prime_len, sae->tmp->prime_len); in sae_write_commit()
873 pos = wpabuf_put(buf, sae->tmp->prime_len); in sae_write_commit()
874 crypto_bignum_to_bin(sae->tmp->own_commit_element_ffc, pos, in sae_write_commit()
875 sae->tmp->prime_len, sae->tmp->prime_len); in sae_write_commit()
877 pos, sae->tmp->prime_len); in sae_write_commit()
909 if (sae->tmp == NULL) { in sae_group_allowed()
914 if (sae->tmp->dh && !allowed_groups) { in sae_group_allowed()
928 if ((sae->tmp->ec ? 3 : 2) * sae->tmp->prime_len < end - *pos) { in sae_parse_commit_token()
929 size_t tlen = end - (*pos + (sae->tmp->ec ? 3 : 2) * in sae_parse_commit_token()
930 sae->tmp->prime_len); in sae_parse_commit_token()
951 if (sae->tmp->prime_len > end - *pos) { in sae_parse_commit_scalar()
956 peer_scalar = crypto_bignum_init_set(*pos, sae->tmp->prime_len); in sae_parse_commit_scalar()
977 crypto_bignum_cmp(peer_scalar, sae->tmp->order) >= 0) { in sae_parse_commit_scalar()
987 *pos, sae->tmp->prime_len); in sae_parse_commit_scalar()
988 *pos += sae->tmp->prime_len; in sae_parse_commit_scalar()
999 if (2 * sae->tmp->prime_len > end - pos) { in sae_parse_commit_element_ecc()
1005 if (crypto_bignum_to_bin(sae->tmp->prime, prime, sizeof(prime), in sae_parse_commit_element_ecc()
1006 sae->tmp->prime_len) < 0) in sae_parse_commit_element_ecc()
1010 if (os_memcmp(pos, prime, sae->tmp->prime_len) >= 0 || in sae_parse_commit_element_ecc()
1011 os_memcmp(pos + sae->tmp->prime_len, prime, in sae_parse_commit_element_ecc()
1012 sae->tmp->prime_len) >= 0) { in sae_parse_commit_element_ecc()
1019 pos, sae->tmp->prime_len); in sae_parse_commit_element_ecc()
1021 pos + sae->tmp->prime_len, sae->tmp->prime_len); in sae_parse_commit_element_ecc()
1023 crypto_ec_point_deinit(sae->tmp->peer_commit_element_ecc, 0); in sae_parse_commit_element_ecc()
1024 sae->tmp->peer_commit_element_ecc = in sae_parse_commit_element_ecc()
1025 crypto_ec_point_from_bin(sae->tmp->ec, pos); in sae_parse_commit_element_ecc()
1026 if (sae->tmp->peer_commit_element_ecc == NULL) in sae_parse_commit_element_ecc()
1029 if (!crypto_ec_point_is_on_curve(sae->tmp->ec, in sae_parse_commit_element_ecc()
1030 sae->tmp->peer_commit_element_ecc)) { in sae_parse_commit_element_ecc()
1045 if (sae->tmp->prime_len > end - pos) { in sae_parse_commit_element_ffc()
1051 sae->tmp->prime_len); in sae_parse_commit_element_ffc()
1053 crypto_bignum_deinit(sae->tmp->peer_commit_element_ffc, 0); in sae_parse_commit_element_ffc()
1054 sae->tmp->peer_commit_element_ffc = in sae_parse_commit_element_ffc()
1055 crypto_bignum_init_set(pos, sae->tmp->prime_len); in sae_parse_commit_element_ffc()
1056 if (sae->tmp->peer_commit_element_ffc == NULL) in sae_parse_commit_element_ffc()
1062 crypto_bignum_sub(sae->tmp->prime, one, res) || in sae_parse_commit_element_ffc()
1063 crypto_bignum_is_zero(sae->tmp->peer_commit_element_ffc) || in sae_parse_commit_element_ffc()
1064 crypto_bignum_is_one(sae->tmp->peer_commit_element_ffc) || in sae_parse_commit_element_ffc()
1065 crypto_bignum_cmp(sae->tmp->peer_commit_element_ffc, res) >= 0) { in sae_parse_commit_element_ffc()
1074 if (crypto_bignum_exptmod(sae->tmp->peer_commit_element_ffc, in sae_parse_commit_element_ffc()
1075 sae->tmp->order, sae->tmp->prime, res) < 0 || in sae_parse_commit_element_ffc()
1090 if (sae->tmp->dh) in sae_parse_commit_element()
1127 if (!sae->tmp->own_commit_scalar || in sae_parse_commit()
1128 crypto_bignum_cmp(sae->tmp->own_commit_scalar, in sae_parse_commit()
1130 (sae->tmp->dh && in sae_parse_commit()
1131 (!sae->tmp->own_commit_element_ffc || in sae_parse_commit()
1132 crypto_bignum_cmp(sae->tmp->own_commit_element_ffc, in sae_parse_commit()
1133 sae->tmp->peer_commit_element_ffc) != 0)) || in sae_parse_commit()
1134 (sae->tmp->ec && in sae_parse_commit()
1135 (!sae->tmp->own_commit_element_ecc || in sae_parse_commit()
1136 crypto_ec_point_cmp(sae->tmp->ec, in sae_parse_commit()
1137 sae->tmp->own_commit_element_ecc, in sae_parse_commit()
1138 sae->tmp->peer_commit_element_ecc) != 0))) in sae_parse_commit()
1172 sae->tmp->prime_len); in sae_cn_confirm()
1174 len[1] = sae->tmp->prime_len; in sae_cn_confirm()
1178 sae->tmp->prime_len); in sae_cn_confirm()
1180 len[3] = sae->tmp->prime_len; in sae_cn_confirm()
1183 hmac_sha256_vector(sae->tmp->kck, sizeof(sae->tmp->kck), 5, addr, len, in sae_cn_confirm()
1198 crypto_ec_point_to_bin(sae->tmp->ec, element1, element_b1, in sae_cn_confirm_ecc()
1199 element_b1 + sae->tmp->prime_len); in sae_cn_confirm_ecc()
1200 crypto_ec_point_to_bin(sae->tmp->ec, element2, element_b2, in sae_cn_confirm_ecc()
1201 element_b2 + sae->tmp->prime_len); in sae_cn_confirm_ecc()
1203 sae_cn_confirm(sae, sc, scalar1, element_b1, 2 * sae->tmp->prime_len, in sae_cn_confirm_ecc()
1204 scalar2, element_b2, 2 * sae->tmp->prime_len, confirm); in sae_cn_confirm_ecc()
1219 sae->tmp->prime_len); in sae_cn_confirm_ffc()
1221 sae->tmp->prime_len); in sae_cn_confirm_ffc()
1223 sae_cn_confirm(sae, sc, scalar1, element_b1, sae->tmp->prime_len, in sae_cn_confirm_ffc()
1224 scalar2, element_b2, sae->tmp->prime_len, confirm); in sae_cn_confirm_ffc()
1232 if (sae->tmp == NULL) in sae_write_confirm()
1240 if (sae->tmp->ec) in sae_write_confirm()
1241 sae_cn_confirm_ecc(sae, sc, sae->tmp->own_commit_scalar, in sae_write_confirm()
1242 sae->tmp->own_commit_element_ecc, in sae_write_confirm()
1244 sae->tmp->peer_commit_element_ecc, in sae_write_confirm()
1247 sae_cn_confirm_ffc(sae, sc, sae->tmp->own_commit_scalar, in sae_write_confirm()
1248 sae->tmp->own_commit_element_ffc, in sae_write_confirm()
1250 sae->tmp->peer_commit_element_ffc, in sae_write_confirm()
1266 if (sae->tmp == NULL) { in sae_check_confirm()
1271 if (sae->tmp->ec) in sae_check_confirm()
1273 sae->tmp->peer_commit_element_ecc, in sae_check_confirm()
1274 sae->tmp->own_commit_scalar, in sae_check_confirm()
1275 sae->tmp->own_commit_element_ecc, in sae_check_confirm()
1279 sae->tmp->peer_commit_element_ffc, in sae_check_confirm()
1280 sae->tmp->own_commit_scalar, in sae_check_confirm()
1281 sae->tmp->own_commit_element_ffc, in sae_check_confirm()