FILS: Fix hashed realm name derivation
P802.11ai/D7.0 changed from CRC32 to SHA256 as the hash algorithm for the FILS realm name. Update the implementation to match that change. Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
parent
29062f2932
commit
42b847ac1e
3 changed files with 10 additions and 10 deletions
|
@ -639,10 +639,7 @@ u8 * hostapd_eid_fils_indic(struct hostapd_data *hapd, u8 *eid, int hessid)
|
||||||
pos += ETH_ALEN;
|
pos += ETH_ALEN;
|
||||||
}
|
}
|
||||||
if (hapd->conf->erp_domain) {
|
if (hapd->conf->erp_domain) {
|
||||||
u16 hash;
|
fils_domain_name_hash(hapd->conf->erp_domain, pos);
|
||||||
|
|
||||||
hash = fils_domain_name_hash(hapd->conf->erp_domain);
|
|
||||||
WPA_PUT_LE16(pos, hash);
|
|
||||||
pos += 2;
|
pos += 2;
|
||||||
}
|
}
|
||||||
*len = pos - len - 1;
|
*len = pos - len - 1;
|
||||||
|
|
|
@ -9,7 +9,6 @@
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
|
|
||||||
#include "common.h"
|
#include "common.h"
|
||||||
#include "utils/crc32.h"
|
|
||||||
#include "crypto/md5.h"
|
#include "crypto/md5.h"
|
||||||
#include "crypto/sha1.h"
|
#include "crypto/sha1.h"
|
||||||
#include "crypto/sha256.h"
|
#include "crypto/sha256.h"
|
||||||
|
@ -1908,12 +1907,13 @@ int wpa_select_ap_group_cipher(int wpa, int wpa_pairwise, int rsn_pairwise)
|
||||||
|
|
||||||
|
|
||||||
#ifdef CONFIG_FILS
|
#ifdef CONFIG_FILS
|
||||||
u16 fils_domain_name_hash(const char *domain)
|
int fils_domain_name_hash(const char *domain, u8 *hash)
|
||||||
{
|
{
|
||||||
char buf[255], *wpos = buf;
|
char buf[255], *wpos = buf;
|
||||||
const char *pos = domain;
|
const char *pos = domain;
|
||||||
size_t len;
|
size_t len;
|
||||||
u32 crc;
|
const u8 *addr[1];
|
||||||
|
u8 mac[SHA256_MAC_LEN];
|
||||||
|
|
||||||
for (len = 0; len < sizeof(buf) && *pos; len++) {
|
for (len = 0; len < sizeof(buf) && *pos; len++) {
|
||||||
if (isalpha(*pos) && isupper(*pos))
|
if (isalpha(*pos) && isupper(*pos))
|
||||||
|
@ -1923,7 +1923,10 @@ u16 fils_domain_name_hash(const char *domain)
|
||||||
pos++;
|
pos++;
|
||||||
}
|
}
|
||||||
|
|
||||||
crc = crc32((const u8 *) buf, len);
|
addr[0] = (const u8 *) buf;
|
||||||
return crc & 0xffff;
|
if (sha256_vector(1, addr, &len, mac) < 0)
|
||||||
|
return -1;
|
||||||
|
os_memcpy(hash, mac, 2);
|
||||||
|
return 0;
|
||||||
}
|
}
|
||||||
#endif /* CONFIG_FILS */
|
#endif /* CONFIG_FILS */
|
||||||
|
|
|
@ -450,6 +450,6 @@ int wpa_parse_cipher(const char *value);
|
||||||
int wpa_write_ciphers(char *start, char *end, int ciphers, const char *delim);
|
int wpa_write_ciphers(char *start, char *end, int ciphers, const char *delim);
|
||||||
int wpa_select_ap_group_cipher(int wpa, int wpa_pairwise, int rsn_pairwise);
|
int wpa_select_ap_group_cipher(int wpa, int wpa_pairwise, int rsn_pairwise);
|
||||||
unsigned int wpa_mic_len(int akmp);
|
unsigned int wpa_mic_len(int akmp);
|
||||||
u16 fils_domain_name_hash(const char *domain);
|
int fils_domain_name_hash(const char *domain, u8 *hash);
|
||||||
|
|
||||||
#endif /* WPA_COMMON_H */
|
#endif /* WPA_COMMON_H */
|
||||||
|
|
Loading…
Reference in a new issue