On Thu, Nov 08, 2018 at 09:54:48AM -0800, James Prestwood wrote: > I am most likely missing something here since OWE appears to work > reliably between wpa_supplicant and hostapd, but I am confused in how > either sides compute the full public key using only the X coordinate > sent in the associate frame. Did you go through the OWE RFC and the RFCs it references for ECC? > It is my understanding that compressed coordinates also require the Y > sign bit in order to uncompress into a full X/Y coordinates (the full > public key). In both wpa_s/hostapd only the X coordinate is sent, and > not including the Y sign bit. I see that openSSL is used to uncompress > the point to regain the full public key, but when this is done "y_bit" > is hard coded to zero. See: > > hostapd/src/crypto/crypto_openssl.c:crypto_ecdh_set_peerkey > > I am by no means an ECC expert, but from what I have researched I don't > see how you can reliably choose the correct Y coordinate without > knowing the original Y sign bit. Hard coding this to zero *shouldn't* > work (yet it appears to). > > Again, I must be missing something here otherwise OWE would only work > ~50% of the time. Could someone clarify how this works? RFC 6090, Appendix C (Why Compact Representation Works) -- Jouni Malinen PGP id EFC895FA _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap
