From 42b847ac1ed656383f13646db84568fb23cd45c4 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Sat, 17 Dec 2016 21:59:40 +0200 Subject: [PATCH] FILS: Fix hashed realm name derivation P802.11ai/D7.0 changed from CRC32 to SHA256 as the hash algorithm for the FILS realm name. Update the implementation to match that change. Signed-off-by: Jouni Malinen --- src/ap/ieee802_11_shared.c | 5 +---- src/common/wpa_common.c | 13 ++++++++----- src/common/wpa_common.h | 2 +- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/src/ap/ieee802_11_shared.c b/src/ap/ieee802_11_shared.c index 97b1d67ee..d20ddc744 100644 --- a/src/ap/ieee802_11_shared.c +++ b/src/ap/ieee802_11_shared.c @@ -639,10 +639,7 @@ u8 * hostapd_eid_fils_indic(struct hostapd_data *hapd, u8 *eid, int hessid) pos += ETH_ALEN; } if (hapd->conf->erp_domain) { - u16 hash; - - hash = fils_domain_name_hash(hapd->conf->erp_domain); - WPA_PUT_LE16(pos, hash); + fils_domain_name_hash(hapd->conf->erp_domain, pos); pos += 2; } *len = pos - len - 1; diff --git a/src/common/wpa_common.c b/src/common/wpa_common.c index a87210efb..efc8a45f8 100644 --- a/src/common/wpa_common.c +++ b/src/common/wpa_common.c @@ -9,7 +9,6 @@ #include "includes.h" #include "common.h" -#include "utils/crc32.h" #include "crypto/md5.h" #include "crypto/sha1.h" #include "crypto/sha256.h" @@ -1908,12 +1907,13 @@ int wpa_select_ap_group_cipher(int wpa, int wpa_pairwise, int rsn_pairwise) #ifdef CONFIG_FILS -u16 fils_domain_name_hash(const char *domain) +int fils_domain_name_hash(const char *domain, u8 *hash) { char buf[255], *wpos = buf; const char *pos = domain; size_t len; - u32 crc; + const u8 *addr[1]; + u8 mac[SHA256_MAC_LEN]; for (len = 0; len < sizeof(buf) && *pos; len++) { if (isalpha(*pos) && isupper(*pos)) @@ -1923,7 +1923,10 @@ u16 fils_domain_name_hash(const char *domain) pos++; } - crc = crc32((const u8 *) buf, len); - return crc & 0xffff; + addr[0] = (const u8 *) buf; + if (sha256_vector(1, addr, &len, mac) < 0) + return -1; + os_memcpy(hash, mac, 2); + return 0; } #endif /* CONFIG_FILS */ diff --git a/src/common/wpa_common.h b/src/common/wpa_common.h index 6d28417e8..ce7479140 100644 --- a/src/common/wpa_common.h +++ b/src/common/wpa_common.h @@ -450,6 +450,6 @@ int wpa_parse_cipher(const char *value); int wpa_write_ciphers(char *start, char *end, int ciphers, const char *delim); int wpa_select_ap_group_cipher(int wpa, int wpa_pairwise, int rsn_pairwise); unsigned int wpa_mic_len(int akmp); -u16 fils_domain_name_hash(const char *domain); +int fils_domain_name_hash(const char *domain, u8 *hash); #endif /* WPA_COMMON_H */