OWE: Select KDF hash algorithm based on the length of the prime
Previous implementation was hardcoding use of SHA256 PMK-to-PTK derivation for all groups. Replace that with hash algorithm selection based on the length of the prime similarly to the way this was done for other derivation steps in OWE. This breaks backwards compatibility when using group 20 or 21; group 19 behavior remains same. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit is contained in:
parent
10bdce692d
commit
bd50805e40
1 changed files with 22 additions and 1 deletions
|
@ -407,11 +407,32 @@ int wpa_pmk_to_ptk(const u8 *pmk, size_t pmk_len, const char *label,
|
||||||
#else /* CONFIG_SUITEB192 || CONFIG_FILS */
|
#else /* CONFIG_SUITEB192 || CONFIG_FILS */
|
||||||
return -1;
|
return -1;
|
||||||
#endif /* CONFIG_SUITEB192 || CONFIG_FILS */
|
#endif /* CONFIG_SUITEB192 || CONFIG_FILS */
|
||||||
} else if (wpa_key_mgmt_sha256(akmp) || akmp == WPA_KEY_MGMT_OWE) {
|
} else if (wpa_key_mgmt_sha256(akmp)) {
|
||||||
wpa_printf(MSG_DEBUG, "WPA: PTK derivation using PRF(SHA256)");
|
wpa_printf(MSG_DEBUG, "WPA: PTK derivation using PRF(SHA256)");
|
||||||
if (sha256_prf(pmk, pmk_len, label, data, data_len,
|
if (sha256_prf(pmk, pmk_len, label, data, data_len,
|
||||||
tmp, ptk_len) < 0)
|
tmp, ptk_len) < 0)
|
||||||
return -1;
|
return -1;
|
||||||
|
#ifdef CONFIG_OWE
|
||||||
|
} else if (akmp == WPA_KEY_MGMT_OWE && pmk_len == 32) {
|
||||||
|
wpa_printf(MSG_DEBUG, "WPA: PTK derivation using PRF(SHA256)");
|
||||||
|
if (sha256_prf(pmk, pmk_len, label, data, data_len,
|
||||||
|
tmp, ptk_len) < 0)
|
||||||
|
return -1;
|
||||||
|
} else if (akmp == WPA_KEY_MGMT_OWE && pmk_len == 48) {
|
||||||
|
wpa_printf(MSG_DEBUG, "WPA: PTK derivation using PRF(SHA384)");
|
||||||
|
if (sha384_prf(pmk, pmk_len, label, data, data_len,
|
||||||
|
tmp, ptk_len) < 0)
|
||||||
|
return -1;
|
||||||
|
} else if (akmp == WPA_KEY_MGMT_OWE && pmk_len == 64) {
|
||||||
|
wpa_printf(MSG_DEBUG, "WPA: PTK derivation using PRF(SHA512)");
|
||||||
|
if (sha512_prf(pmk, pmk_len, label, data, data_len,
|
||||||
|
tmp, ptk_len) < 0)
|
||||||
|
return -1;
|
||||||
|
} else if (akmp == WPA_KEY_MGMT_OWE) {
|
||||||
|
wpa_printf(MSG_INFO, "OWE: Unknown PMK length %u",
|
||||||
|
(unsigned int) pmk_len);
|
||||||
|
return -1;
|
||||||
|
#endif /* CONFIG_OWE */
|
||||||
#ifdef CONFIG_DPP
|
#ifdef CONFIG_DPP
|
||||||
} else if (akmp == WPA_KEY_MGMT_DPP && pmk_len == 32) {
|
} else if (akmp == WPA_KEY_MGMT_DPP && pmk_len == 32) {
|
||||||
wpa_printf(MSG_DEBUG, "WPA: PTK derivation using PRF(SHA256)");
|
wpa_printf(MSG_DEBUG, "WPA: PTK derivation using PRF(SHA256)");
|
||||||
|
|
Loading…
Reference in a new issue