OWE: Fix PTK derivation workaround for interoperability
The initial implementation of the PTK derivation workaround for interoperability with older OWE implementations forced WPA_KEY_MGMT_PSK_SHA256 to be used for all of PTK derivation. While that is needed for selecting which hash algorithm to use, this was also changing the length of the PTK components and by doing so, did not actually address the backwards compatibility issue. Fix this by forcing SHA256 as the hash algorithm in PTK derivation without changing the PTK length calculation for OWE when owe_ptk_workaround is enabled. Fixes:65a44e849a
("OWE: PTK derivation workaround in AP mode") Fixes:8b138d2826
("OWE: PTK derivation workaround in STA mode") Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit is contained in:
parent
b27c7ac0eb
commit
0a76a0b965
3 changed files with 12 additions and 3 deletions
|
@ -2286,7 +2286,7 @@ static int wpa_derive_ptk(struct wpa_state_machine *sm, const u8 *snonce,
|
|||
|
||||
akmp = sm->wpa_key_mgmt;
|
||||
if (force_sha256)
|
||||
akmp = WPA_KEY_MGMT_PSK_SHA256;
|
||||
akmp |= WPA_KEY_MGMT_PSK_SHA256;
|
||||
return wpa_pmk_to_ptk(pmk, pmk_len, "Pairwise key expansion",
|
||||
sm->wpa_auth->addr, sm->addr, sm->ANonce, snonce,
|
||||
ptk, akmp, sm->pairwise, z, z_len);
|
||||
|
|
|
@ -355,6 +355,14 @@ int wpa_pmk_to_ptk(const u8 *pmk, size_t pmk_len, const char *label,
|
|||
size_t data_len = 2 * ETH_ALEN + 2 * WPA_NONCE_LEN;
|
||||
u8 tmp[WPA_KCK_MAX_LEN + WPA_KEK_MAX_LEN + WPA_TK_MAX_LEN];
|
||||
size_t ptk_len;
|
||||
#ifdef CONFIG_OWE
|
||||
int owe_ptk_workaround = 0;
|
||||
|
||||
if (akmp == (WPA_KEY_MGMT_OWE | WPA_KEY_MGMT_PSK_SHA256)) {
|
||||
owe_ptk_workaround = 1;
|
||||
akmp = WPA_KEY_MGMT_OWE;
|
||||
}
|
||||
#endif /* CONFIG_OWE */
|
||||
|
||||
if (pmk_len == 0) {
|
||||
wpa_printf(MSG_ERROR, "WPA: No PMK set for PTK derivation");
|
||||
|
@ -413,7 +421,8 @@ int wpa_pmk_to_ptk(const u8 *pmk, size_t pmk_len, const char *label,
|
|||
tmp, ptk_len) < 0)
|
||||
return -1;
|
||||
#ifdef CONFIG_OWE
|
||||
} else if (akmp == WPA_KEY_MGMT_OWE && pmk_len == 32) {
|
||||
} else if (akmp == WPA_KEY_MGMT_OWE && (pmk_len == 32 ||
|
||||
owe_ptk_workaround)) {
|
||||
wpa_printf(MSG_DEBUG, "WPA: PTK derivation using PRF(SHA256)");
|
||||
if (sha256_prf(pmk, pmk_len, label, data, data_len,
|
||||
tmp, ptk_len) < 0)
|
||||
|
|
|
@ -598,7 +598,7 @@ static int wpa_derive_ptk(struct wpa_sm *sm, const unsigned char *src_addr,
|
|||
sm->pmk_len > 32) {
|
||||
wpa_printf(MSG_DEBUG,
|
||||
"OWE: Force SHA256 for PTK derivation");
|
||||
akmp = WPA_KEY_MGMT_PSK_SHA256;
|
||||
akmp |= WPA_KEY_MGMT_PSK_SHA256;
|
||||
}
|
||||
#endif /* CONFIG_OWE */
|
||||
return wpa_pmk_to_ptk(sm->pmk, sm->pmk_len, "Pairwise key expansion",
|
||||
|
|
Loading…
Reference in a new issue