jeltz
/
hostap
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

OWE: Select KDF hash algorithm based on the length of the prime 

Previous implementation was hardcoding use of SHA256 PMK-to-PTK
derivation for all groups. Replace that with hash algorithm selection
based on the length of the prime similarly to the way this was done for
other derivation steps in OWE.

This breaks backwards compatibility when using group 20 or 21; group 19
behavior remains same.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit is contained in:
Jouni Malinen 2020-01-23 20:04:40 +02:00 committed by Jouni Malinen
parent 10bdce692d
commit bd50805e40
1 changed files with 22 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
src/common/wpa_common.c
View File

@ -407,11 +407,32 @@ int wpa_pmk_to_ptk(const u8 *pmk, size_t pmk_len, const char *label,
#else /* CONFIG_SUITEB192 || CONFIG_FILS */ #else /* CONFIG_SUITEB192 || CONFIG_FILS */
return -1; return -1;
#endif /* CONFIG_SUITEB192 || CONFIG_FILS */ #endif /* CONFIG_SUITEB192 || CONFIG_FILS */
} else if (wpa_key_mgmt_sha256(akmp) || akmp == WPA_KEY_MGMT_OWE) { } else if (wpa_key_mgmt_sha256(akmp)) {
wpa_printf(MSG_DEBUG, "WPA: PTK derivation using PRF(SHA256)"); wpa_printf(MSG_DEBUG, "WPA: PTK derivation using PRF(SHA256)");
if (sha256_prf(pmk, pmk_len, label, data, data_len, if (sha256_prf(pmk, pmk_len, label, data, data_len,
tmp, ptk_len) < 0) tmp, ptk_len) < 0)
return -1; return -1;
#ifdef CONFIG_OWE
} else if (akmp == WPA_KEY_MGMT_OWE && pmk_len == 32) {
wpa_printf(MSG_DEBUG, "WPA: PTK derivation using PRF(SHA256)");
if (sha256_prf(pmk, pmk_len, label, data, data_len,
tmp, ptk_len) < 0)
return -1;
} else if (akmp == WPA_KEY_MGMT_OWE && pmk_len == 48) {
wpa_printf(MSG_DEBUG, "WPA: PTK derivation using PRF(SHA384)");
if (sha384_prf(pmk, pmk_len, label, data, data_len,
tmp, ptk_len) < 0)
return -1;
} else if (akmp == WPA_KEY_MGMT_OWE && pmk_len == 64) {
wpa_printf(MSG_DEBUG, "WPA: PTK derivation using PRF(SHA512)");
if (sha512_prf(pmk, pmk_len, label, data, data_len,
tmp, ptk_len) < 0)
return -1;
} else if (akmp == WPA_KEY_MGMT_OWE) {
wpa_printf(MSG_INFO, "OWE: Unknown PMK length %u",
(unsigned int) pmk_len);
return -1;
#endif /* CONFIG_OWE */
#ifdef CONFIG_DPP #ifdef CONFIG_DPP
} else if (akmp == WPA_KEY_MGMT_DPP && pmk_len == 32) { } else if (akmp == WPA_KEY_MGMT_DPP && pmk_len == 32) {
wpa_printf(MSG_DEBUG, "WPA: PTK derivation using PRF(SHA256)"); wpa_printf(MSG_DEBUG, "WPA: PTK derivation using PRF(SHA256)");