git.ipfire.org Git - thirdparty/hostap.git/commit

author	Jouni Malinen <jouni@codeaurora.org>
	Thu, 23 Jan 2020 18:56:51 +0000 (20:56 +0200)
committer	Jouni Malinen <j@w1.fi>
	Thu, 23 Jan 2020 22:47:41 +0000 (00:47 +0200)
commit	65a44e849af99adc9ec215ef447428bd1d7b2c64
tree	530f74c2b927e454396176e125b611ac50af51fa	tree \| snapshot
parent	bd50805e40f603fc4a2298edaf8ef02bc5600afe	commit \| diff

OWE: PTK derivation workaround in AP mode

Initial OWE implementation used SHA256 when deriving the PTK for all OWE
groups. This was supposed to change to SHA384 for group 20 and SHA512
for group 21. The new owe_ptk_workaround parameter can be used to enable
workaround for interoperability with stations that use SHA256 with
groups 20 and 21. By default, only the appropriate hash function is
accepted. When workaround is enabled (owe_ptk_workaround=1), the
appropriate hash function is tried first and if that fails, SHA256-based
PTK derivation is attempted. This workaround can result in reduced
security for groups 20 and 21, but is required for interoperability with
older implementations. There is no impact to group 19 behavior.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>

hostapd/config_file.c		diff \| blob \| blame \| history
hostapd/hostapd.conf		diff \| blob \| blame \| history
src/ap/ap_config.h		diff \| blob \| blame \| history
src/ap/wpa_auth.c		diff \| blob \| blame \| history
src/ap/wpa_auth.h		diff \| blob \| blame \| history
src/ap/wpa_auth_glue.c		diff \| blob \| blame \| history