git.ipfire.org Git - thirdparty/hostap.git/commit

author	Jouni Malinen <quic_jouni@quicinc.com>
	Fri, 25 Nov 2022 07:37:17 +0000 (09:37 +0200)
committer	Jouni Malinen <j@w1.fi>
	Fri, 25 Nov 2022 07:37:17 +0000 (09:37 +0200)
commit	b6d3fd05e309b327fc41555e1a81a017076789c7
tree	3f2f93beca7627bc240d7914f3faaf2e990f5c77	tree
parent	ef70f814a76218ef36ec71756f9b15b9c14718eb	commit \| diff

FT: Use SHA256 to derive PMKID for AKM 00-0F-AC:3 (FT-EAP)

PMKSA caching for the FT initial mobility domain association was fully
defined in IEEE Std 802.11-2020. The state before that was unclear and
there has been interoperability issues in this area, so use of PMKSA
caching with FT-EAP has been disabled in wpa_supplicant by default.

The wpa_supplicant and hostapd implementation of PMKSA caching for FT
ended up using an earlier default mechanism (SHA-1) for deriving the
PMKID when using the FT-EAP. This does not match what got defined in
IEEE Std 802.11-2020, 12.11.2.5.2 (SHA256). It is not really desirable
to use SHA-1 for anything with FT since the initial design of FT was
based on SHA256. Furthermore, it is obviously not good to differ in
behavior against the updated standard. As such, there is sufficient
justification to change the implementation to use SHA256 here even
though this ends up breaking backwards compatibility for PMKSA caching
with FT-EAP.

As noted above, this is still disabled in wpa_supplicant by default and
this change results in PMKSA caching not working only in cases where it
has been enabled explicitly with ft_eap_pmksa_caching=1. Those cases
recover by falling back to full EAP authentication.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>

src/common/defs.h		diff \| blob \| blame \| history
src/common/wpa_common.c		diff \| blob \| blame \| history