OWE: PTK derivation workaround in AP mode
Initial OWE implementation used SHA256 when deriving the PTK for all OWE groups. This was supposed to change to SHA384 for group 20 and SHA512 for group 21. The new owe_ptk_workaround parameter can be used to enable workaround for interoperability with stations that use SHA256 with groups 20 and 21. By default, only the appropriate hash function is accepted. When workaround is enabled (owe_ptk_workaround=1), the appropriate hash function is tried first and if that fails, SHA256-based PTK derivation is attempted. This workaround can result in reduced security for groups 20 and 21, but is required for interoperability with older implementations. There is no impact to group 19 behavior. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit is contained in:
Jouni Malinen
Jouni Malinen
parent
bd50805e40
commit
65a44e849a
6 changed files with 42 additions and 5 deletions
|
|
@ -237,6 +237,7 @@ struct wpa_auth_config {
|
|||
u8 fils_cache_id[FILS_CACHE_ID_LEN];
|
||||
#endif /* CONFIG_FILS */
|
||||
int sae_pwe;
|
||||
int owe_ptk_workaround;
|
||||
};
|
||||
|
||||
typedef enum {
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue