FT: Extend PMKR1Name derivation for FT-SAE-EXT-KEY
Provide key length instead of SHA384/SHA256 selection to the helper function so that the new SHA512 option can be covered for FT-SAE-EXT-KEY. Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This commit is contained in:
parent
9fd2455642
commit
dcd46edf5f
5 changed files with 33 additions and 13 deletions
|
@ -2475,7 +2475,7 @@ int fils_auth_pmk_to_ptk(struct wpa_state_machine *sm, const u8 *pmk,
|
|||
|
||||
res = wpa_derive_pmk_r1_name(pmk_r0_name, conf->r1_key_holder,
|
||||
sm->addr, sm->pmk_r1_name,
|
||||
use_sha384);
|
||||
fils_ft_len);
|
||||
forced_memzero(pmk_r0, PMK_LEN_MAX);
|
||||
if (res < 0)
|
||||
return -1;
|
||||
|
|
|
@ -3205,7 +3205,7 @@ static int wpa_ft_process_auth_req(struct wpa_state_machine *sm,
|
|||
parse.rsn_pmkid, WPA_PMK_NAME_LEN);
|
||||
if (wpa_derive_pmk_r1_name(parse.rsn_pmkid,
|
||||
sm->wpa_auth->conf.r1_key_holder, sm->addr,
|
||||
pmk_r1_name, use_sha384) < 0)
|
||||
pmk_r1_name, pmk_r1_len) < 0)
|
||||
return WLAN_STATUS_UNSPECIFIED_FAILURE;
|
||||
|
||||
if (conf->ft_psk_generate_local &&
|
||||
|
|
|
@ -2084,11 +2084,14 @@ int wpa_derive_pmk_r0(const u8 *xxkey, size_t xxkey_len,
|
|||
* IEEE Std 802.11r-2008 - 8.5.1.5.4
|
||||
*/
|
||||
int wpa_derive_pmk_r1_name(const u8 *pmk_r0_name, const u8 *r1kh_id,
|
||||
const u8 *s1kh_id, u8 *pmk_r1_name, int use_sha384)
|
||||
const u8 *s1kh_id, u8 *pmk_r1_name,
|
||||
size_t pmk_r1_len)
|
||||
{
|
||||
u8 hash[48];
|
||||
u8 hash[64];
|
||||
const u8 *addr[4];
|
||||
size_t len[4];
|
||||
int res;
|
||||
const char *title;
|
||||
|
||||
/*
|
||||
* PMKR1Name = Truncate-128(Hash("FT-R1N" || PMKR0Name ||
|
||||
|
@ -2103,14 +2106,31 @@ int wpa_derive_pmk_r1_name(const u8 *pmk_r0_name, const u8 *r1kh_id,
|
|||
addr[3] = s1kh_id;
|
||||
len[3] = ETH_ALEN;
|
||||
|
||||
res = -1;
|
||||
#ifdef CONFIG_SHA512
|
||||
if (pmk_r1_len == SHA512_MAC_LEN) {
|
||||
title = "FT: PMKR1Name (using SHA512)";
|
||||
res = sha512_vector(4, addr, len, hash);
|
||||
}
|
||||
#endif /* CONFIG_SHA512 */
|
||||
#ifdef CONFIG_SHA384
|
||||
if (use_sha384 && sha384_vector(4, addr, len, hash) < 0)
|
||||
return -1;
|
||||
if (pmk_r1_len == SHA384_MAC_LEN) {
|
||||
title = "FT: PMKR1Name (using SHA384)";
|
||||
res = sha384_vector(4, addr, len, hash);
|
||||
}
|
||||
#endif /* CONFIG_SHA384 */
|
||||
if (!use_sha384 && sha256_vector(4, addr, len, hash) < 0)
|
||||
return -1;
|
||||
if (pmk_r1_len == SHA256_MAC_LEN) {
|
||||
title = "FT: PMKR1Name (using SHA256)";
|
||||
res = sha256_vector(4, addr, len, hash);
|
||||
}
|
||||
if (res < 0) {
|
||||
wpa_printf(MSG_DEBUG,
|
||||
"FT: Failed to derive PMKR1Name (PMK-R1 len %zu)",
|
||||
pmk_r1_len);
|
||||
return res;
|
||||
}
|
||||
os_memcpy(pmk_r1_name, hash, WPA_PMK_NAME_LEN);
|
||||
wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name", pmk_r1_name, WPA_PMK_NAME_LEN);
|
||||
wpa_hexdump(MSG_DEBUG, title, pmk_r1_name, WPA_PMK_NAME_LEN);
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
@ -2158,8 +2178,7 @@ int wpa_derive_pmk_r1(const u8 *pmk_r0, size_t pmk_r0_len,
|
|||
wpa_hexdump_key(MSG_DEBUG, "FT: PMK-R1", pmk_r1, pmk_r0_len);
|
||||
|
||||
return wpa_derive_pmk_r1_name(pmk_r0_name, r1kh_id, s1kh_id,
|
||||
pmk_r1_name,
|
||||
pmk_r0_len == SHA384_MAC_LEN);
|
||||
pmk_r1_name, pmk_r0_len);
|
||||
}
|
||||
|
||||
|
||||
|
|
|
@ -477,7 +477,8 @@ int wpa_derive_pmk_r0(const u8 *xxkey, size_t xxkey_len,
|
|||
const u8 *s0kh_id, u8 *pmk_r0, u8 *pmk_r0_name,
|
||||
int use_sha384);
|
||||
int wpa_derive_pmk_r1_name(const u8 *pmk_r0_name, const u8 *r1kh_id,
|
||||
const u8 *s1kh_id, u8 *pmk_r1_name, int use_sha384);
|
||||
const u8 *s1kh_id, u8 *pmk_r1_name,
|
||||
size_t pmk_r1_len);
|
||||
int wpa_derive_pmk_r1(const u8 *pmk_r0, size_t pmk_r0_len,
|
||||
const u8 *pmk_r0_name,
|
||||
const u8 *r1kh_id, const u8 *s1kh_id,
|
||||
|
|
|
@ -4618,7 +4618,7 @@ static int fils_ft_build_assoc_req_rsne(struct wpa_sm *sm, struct wpabuf *buf)
|
|||
MAC2STR(sm->r1kh_id));
|
||||
pos = wpabuf_put(buf, WPA_PMK_NAME_LEN);
|
||||
if (wpa_derive_pmk_r1_name(sm->pmk_r0_name, sm->r1kh_id, sm->own_addr,
|
||||
sm->pmk_r1_name, use_sha384) < 0) {
|
||||
sm->pmk_r1_name, sm->fils_ft_len) < 0) {
|
||||
wpa_printf(MSG_WARNING, "FILS+FT: Could not derive PMKR1Name");
|
||||
return -1;
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue