If the build include SHA384, use that to derive GTK from GMK. In
addition, add more random bytes bytes to the PRF-X() context data for
longer GTK to reduce dependency on the randomness of the GMK.
GMK is 256 bits of random data and it was used with SHA256, so the
previous design was likely sufficient for all needs even with 128 bits
of additional randomness in GTK derivation. Anyway, adding up to 256
bits of new randomness and using SHA384 can be helpful extra protection
particularly for the cases using GCMP-256 or CCMP-256 as the group
cipher.
projects / thirdparty / hostap.git / commit
