FT: SHA384-based AKM in RSNE processing
This defines key lengths for SHA384-based FT AKM and handles writing and parsing for RSNE AKMs with the new value. Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
parent
3a11c69e0d
commit
c22bb5bba6
7 changed files with 51 additions and 9 deletions
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
* hostapd - IEEE 802.11r - Fast BSS Transition
|
||||
* Copyright (c) 2004-2015, Jouni Malinen <j@w1.fi>
|
||||
* Copyright (c) 2004-2018, Jouni Malinen <j@w1.fi>
|
||||
*
|
||||
* This software may be distributed under the terms of the BSD license.
|
||||
* See README for more details.
|
||||
|
@ -2563,6 +2563,10 @@ static int wpa_ft_set_key_mgmt(struct wpa_state_machine *sm,
|
|||
}
|
||||
if (key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X)
|
||||
sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_IEEE8021X;
|
||||
#ifdef CONFIG_SHA384
|
||||
else if (key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X_SHA384)
|
||||
sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_IEEE8021X_SHA384;
|
||||
#endif /* CONFIG_SHA384 */
|
||||
else if (key_mgmt & WPA_KEY_MGMT_FT_PSK)
|
||||
sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_PSK;
|
||||
#ifdef CONFIG_FILS
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
* hostapd - WPA/RSN IE and KDE definitions
|
||||
* Copyright (c) 2004-2015, Jouni Malinen <j@w1.fi>
|
||||
* Copyright (c) 2004-2018, Jouni Malinen <j@w1.fi>
|
||||
*
|
||||
* This software may be distributed under the terms of the BSD license.
|
||||
* See README for more details.
|
||||
|
@ -170,6 +170,13 @@ int wpa_write_rsn_ie(struct wpa_auth_config *conf, u8 *buf, size_t len,
|
|||
pos += RSN_SELECTOR_LEN;
|
||||
num_suites++;
|
||||
}
|
||||
#ifdef CONFIG_SHA384
|
||||
if (conf->wpa_key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X_SHA384) {
|
||||
RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_802_1X_SHA384);
|
||||
pos += RSN_SELECTOR_LEN;
|
||||
num_suites++;
|
||||
}
|
||||
#endif /* CONFIG_SHA384 */
|
||||
if (conf->wpa_key_mgmt & WPA_KEY_MGMT_FT_PSK) {
|
||||
RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_PSK);
|
||||
pos += RSN_SELECTOR_LEN;
|
||||
|
@ -566,6 +573,10 @@ int wpa_validate_wpa_ie(struct wpa_authenticator *wpa_auth,
|
|||
selector = RSN_AUTH_KEY_MGMT_FILS_SHA256;
|
||||
#endif /* CONFIG_FILS */
|
||||
#ifdef CONFIG_IEEE80211R_AP
|
||||
#ifdef CONFIG_SHA384
|
||||
else if (data.key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X_SHA384)
|
||||
selector = RSN_AUTH_KEY_MGMT_FT_802_1X_SHA384;
|
||||
#endif /* CONFIG_SHA384 */
|
||||
else if (data.key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X)
|
||||
selector = RSN_AUTH_KEY_MGMT_FT_802_1X;
|
||||
else if (data.key_mgmt & WPA_KEY_MGMT_FT_PSK)
|
||||
|
@ -672,6 +683,10 @@ int wpa_validate_wpa_ie(struct wpa_authenticator *wpa_auth,
|
|||
sm->wpa_key_mgmt = WPA_KEY_MGMT_FILS_SHA256;
|
||||
#endif /* CONFIG_FILS */
|
||||
#ifdef CONFIG_IEEE80211R_AP
|
||||
#ifdef CONFIG_SHA384
|
||||
else if (key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X_SHA384)
|
||||
sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_IEEE8021X_SHA384;
|
||||
#endif /* CONFIG_SHA384 */
|
||||
else if (key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X)
|
||||
sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_IEEE8021X;
|
||||
else if (key_mgmt & WPA_KEY_MGMT_FT_PSK)
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
* WPA Supplicant - Common definitions
|
||||
* Copyright (c) 2004-2015, Jouni Malinen <j@w1.fi>
|
||||
* Copyright (c) 2004-2018, Jouni Malinen <j@w1.fi>
|
||||
*
|
||||
* This software may be distributed under the terms of the BSD license.
|
||||
* See README for more details.
|
||||
|
@ -57,11 +57,13 @@ typedef enum { FALSE = 0, TRUE = 1 } Boolean;
|
|||
#define WPA_KEY_MGMT_FT_FILS_SHA384 BIT(21)
|
||||
#define WPA_KEY_MGMT_OWE BIT(22)
|
||||
#define WPA_KEY_MGMT_DPP BIT(23)
|
||||
#define WPA_KEY_MGMT_FT_IEEE8021X_SHA384 BIT(24)
|
||||
|
||||
static inline int wpa_key_mgmt_wpa_ieee8021x(int akm)
|
||||
{
|
||||
return !!(akm & (WPA_KEY_MGMT_IEEE8021X |
|
||||
WPA_KEY_MGMT_FT_IEEE8021X |
|
||||
WPA_KEY_MGMT_FT_IEEE8021X_SHA384 |
|
||||
WPA_KEY_MGMT_CCKM |
|
||||
WPA_KEY_MGMT_OSEN |
|
||||
WPA_KEY_MGMT_IEEE8021X_SHA256 |
|
||||
|
@ -86,6 +88,7 @@ static inline int wpa_key_mgmt_ft(int akm)
|
|||
{
|
||||
return !!(akm & (WPA_KEY_MGMT_FT_PSK |
|
||||
WPA_KEY_MGMT_FT_IEEE8021X |
|
||||
WPA_KEY_MGMT_FT_IEEE8021X_SHA384 |
|
||||
WPA_KEY_MGMT_FT_SAE |
|
||||
WPA_KEY_MGMT_FT_FILS_SHA256 |
|
||||
WPA_KEY_MGMT_FT_FILS_SHA384));
|
||||
|
@ -125,6 +128,7 @@ static inline int wpa_key_mgmt_sha256(int akm)
|
|||
static inline int wpa_key_mgmt_sha384(int akm)
|
||||
{
|
||||
return !!(akm & (WPA_KEY_MGMT_IEEE8021X_SUITE_B_192 |
|
||||
WPA_KEY_MGMT_FT_IEEE8021X_SHA384 |
|
||||
WPA_KEY_MGMT_FILS_SHA384 |
|
||||
WPA_KEY_MGMT_FT_FILS_SHA384));
|
||||
}
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
* WPA/RSN - Shared functions for supplicant and authenticator
|
||||
* Copyright (c) 2002-2015, Jouni Malinen <j@w1.fi>
|
||||
* Copyright (c) 2002-2018, Jouni Malinen <j@w1.fi>
|
||||
*
|
||||
* This software may be distributed under the terms of the BSD license.
|
||||
* See README for more details.
|
||||
|
@ -25,6 +25,7 @@ static unsigned int wpa_kck_len(int akmp, size_t pmk_len)
|
|||
{
|
||||
switch (akmp) {
|
||||
case WPA_KEY_MGMT_IEEE8021X_SUITE_B_192:
|
||||
case WPA_KEY_MGMT_FT_IEEE8021X_SHA384:
|
||||
return 24;
|
||||
case WPA_KEY_MGMT_FILS_SHA256:
|
||||
case WPA_KEY_MGMT_FT_FILS_SHA256:
|
||||
|
@ -65,6 +66,7 @@ static unsigned int wpa_kek_len(int akmp, size_t pmk_len)
|
|||
case WPA_KEY_MGMT_IEEE8021X_SUITE_B_192:
|
||||
case WPA_KEY_MGMT_FILS_SHA256:
|
||||
case WPA_KEY_MGMT_FT_FILS_SHA256:
|
||||
case WPA_KEY_MGMT_FT_IEEE8021X_SHA384:
|
||||
return 32;
|
||||
case WPA_KEY_MGMT_DPP:
|
||||
return pmk_len <= 32 ? 16 : 32;
|
||||
|
@ -95,6 +97,7 @@ unsigned int wpa_mic_len(int akmp, size_t pmk_len)
|
|||
{
|
||||
switch (akmp) {
|
||||
case WPA_KEY_MGMT_IEEE8021X_SUITE_B_192:
|
||||
case WPA_KEY_MGMT_FT_IEEE8021X_SHA384:
|
||||
return 24;
|
||||
case WPA_KEY_MGMT_FILS_SHA256:
|
||||
case WPA_KEY_MGMT_FILS_SHA384:
|
||||
|
@ -121,6 +124,7 @@ int wpa_use_akm_defined(int akmp)
|
|||
return akmp == WPA_KEY_MGMT_OSEN ||
|
||||
akmp == WPA_KEY_MGMT_OWE ||
|
||||
akmp == WPA_KEY_MGMT_DPP ||
|
||||
akmp == WPA_KEY_MGMT_FT_IEEE8021X_SHA384 ||
|
||||
wpa_key_mgmt_sae(akmp) ||
|
||||
wpa_key_mgmt_suite_b(akmp) ||
|
||||
wpa_key_mgmt_fils(akmp);
|
||||
|
@ -1009,6 +1013,10 @@ static int rsn_key_mgmt_to_bitfield(const u8 *s)
|
|||
return WPA_KEY_MGMT_FT_IEEE8021X;
|
||||
if (RSN_SELECTOR_GET(s) == RSN_AUTH_KEY_MGMT_FT_PSK)
|
||||
return WPA_KEY_MGMT_FT_PSK;
|
||||
#ifdef CONFIG_SHA384
|
||||
if (RSN_SELECTOR_GET(s) == RSN_AUTH_KEY_MGMT_FT_802_1X_SHA384)
|
||||
return WPA_KEY_MGMT_FT_IEEE8021X_SHA384;
|
||||
#endif /* CONFIG_SHA384 */
|
||||
#endif /* CONFIG_IEEE80211R */
|
||||
#ifdef CONFIG_IEEE80211W
|
||||
if (RSN_SELECTOR_GET(s) == RSN_AUTH_KEY_MGMT_802_1X_SHA256)
|
||||
|
@ -1776,6 +1784,8 @@ const char * wpa_key_mgmt_txt(int key_mgmt, int proto)
|
|||
#ifdef CONFIG_IEEE80211R
|
||||
case WPA_KEY_MGMT_FT_IEEE8021X:
|
||||
return "FT-EAP";
|
||||
case WPA_KEY_MGMT_FT_IEEE8021X_SHA384:
|
||||
return "FT-EAP-SHA384";
|
||||
case WPA_KEY_MGMT_FT_PSK:
|
||||
return "FT-PSK";
|
||||
#endif /* CONFIG_IEEE80211R */
|
||||
|
@ -1817,6 +1827,8 @@ const char * wpa_key_mgmt_txt(int key_mgmt, int proto)
|
|||
|
||||
u32 wpa_akm_to_suite(int akm)
|
||||
{
|
||||
if (akm & WPA_KEY_MGMT_FT_IEEE8021X_SHA384)
|
||||
return RSN_AUTH_KEY_MGMT_FT_802_1X_SHA384;
|
||||
if (akm & WPA_KEY_MGMT_FT_IEEE8021X)
|
||||
return RSN_AUTH_KEY_MGMT_FT_802_1X;
|
||||
if (akm & WPA_KEY_MGMT_FT_PSK)
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
* WPA definitions shared between hostapd and wpa_supplicant
|
||||
* Copyright (c) 2002-2017, Jouni Malinen <j@w1.fi>
|
||||
* Copyright (c) 2002-2018, Jouni Malinen <j@w1.fi>
|
||||
*
|
||||
* This software may be distributed under the terms of the BSD license.
|
||||
* See README for more details.
|
||||
|
@ -62,8 +62,7 @@ WPA_CIPHER_BIP_CMAC_256)
|
|||
#define RSN_AUTH_KEY_MGMT_FT_SAE RSN_SELECTOR(0x00, 0x0f, 0xac, 9)
|
||||
#define RSN_AUTH_KEY_MGMT_802_1X_SUITE_B RSN_SELECTOR(0x00, 0x0f, 0xac, 11)
|
||||
#define RSN_AUTH_KEY_MGMT_802_1X_SUITE_B_192 RSN_SELECTOR(0x00, 0x0f, 0xac, 12)
|
||||
#define RSN_AUTH_KEY_MGMT_FT_802_1X_SUITE_B_192 \
|
||||
RSN_SELECTOR(0x00, 0x0f, 0xac, 13)
|
||||
#define RSN_AUTH_KEY_MGMT_FT_802_1X_SHA384 RSN_SELECTOR(0x00, 0x0f, 0xac, 13)
|
||||
#define RSN_AUTH_KEY_MGMT_FILS_SHA256 RSN_SELECTOR(0x00, 0x0f, 0xac, 14)
|
||||
#define RSN_AUTH_KEY_MGMT_FILS_SHA384 RSN_SELECTOR(0x00, 0x0f, 0xac, 15)
|
||||
#define RSN_AUTH_KEY_MGMT_FT_FILS_SHA256 RSN_SELECTOR(0x00, 0x0f, 0xac, 16)
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
* WPA Supplicant - IEEE 802.11r - Fast BSS Transition
|
||||
* Copyright (c) 2006-2015, Jouni Malinen <j@w1.fi>
|
||||
* Copyright (c) 2006-2018, Jouni Malinen <j@w1.fi>
|
||||
*
|
||||
* This software may be distributed under the terms of the BSD license.
|
||||
* See README for more details.
|
||||
|
@ -202,6 +202,10 @@ static u8 * wpa_ft_gen_req_ies(struct wpa_sm *sm, size_t *len,
|
|||
/* Authenticated Key Management Suite List */
|
||||
if (sm->key_mgmt == WPA_KEY_MGMT_FT_IEEE8021X)
|
||||
RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_802_1X);
|
||||
#ifdef CONFIG_SHA384
|
||||
else if (sm->key_mgmt == WPA_KEY_MGMT_FT_IEEE8021X_SHA384)
|
||||
RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_802_1X_SHA384);
|
||||
#endif /* CONFIG_SHA384 */
|
||||
else if (sm->key_mgmt == WPA_KEY_MGMT_FT_PSK)
|
||||
RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_PSK);
|
||||
else if (sm->key_mgmt == WPA_KEY_MGMT_FT_SAE)
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
* wpa_supplicant - WPA/RSN IE and KDE processing
|
||||
* Copyright (c) 2003-2015, Jouni Malinen <j@w1.fi>
|
||||
* Copyright (c) 2003-2018, Jouni Malinen <j@w1.fi>
|
||||
*
|
||||
* This software may be distributed under the terms of the BSD license.
|
||||
* See README for more details.
|
||||
|
@ -161,6 +161,10 @@ static int wpa_gen_wpa_ie_rsn(u8 *rsn_ie, size_t rsn_ie_len,
|
|||
#ifdef CONFIG_IEEE80211R
|
||||
} else if (key_mgmt == WPA_KEY_MGMT_FT_IEEE8021X) {
|
||||
RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_802_1X);
|
||||
#ifdef CONFIG_SHA384
|
||||
} else if (key_mgmt == WPA_KEY_MGMT_FT_IEEE8021X_SHA384) {
|
||||
RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_802_1X_SHA384);
|
||||
#endif /* CONFIG_SHA384 */
|
||||
} else if (key_mgmt == WPA_KEY_MGMT_FT_PSK) {
|
||||
RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_PSK);
|
||||
#endif /* CONFIG_IEEE80211R */
|
||||
|
|
Loading…
Reference in a new issue