val |= WPA_KEY_MGMT_FT_IEEE8021X_SHA384;
#endif /* CONFIG_SHA384 */
#endif /* CONFIG_IEEE80211R_AP */
+#ifdef CONFIG_SHA384
+ else if (os_strcmp(start, "WPA-EAP-SHA384") == 0)
+ val |= WPA_KEY_MGMT_IEEE8021X_SHA384;
+#endif /* CONFIG_SHA384 */
else if (os_strcmp(start, "WPA-PSK-SHA256") == 0)
val |= WPA_KEY_MGMT_PSK_SHA256;
else if (os_strcmp(start, "WPA-EAP-SHA256") == 0)
pos += ret;
}
#endif /* CONFIG_DPP */
+#ifdef CONFIG_SHA384
+ if (hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X_SHA384) {
+ ret = os_snprintf(pos, end - pos, "WPA-EAP-SHA384 ");
+ if (os_snprintf_error(end - pos, ret))
+ return pos - buf;
+ pos += ret;
+ }
+#endif /* CONFIG_SHA384 */
if (pos > buf && *(pos - 1) == ' ') {
*(pos - 1) = '\0';
num_suites++;
}
#endif /* CONFIG_IEEE80211R_AP */
+#ifdef CONFIG_SHA384
+ if (conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X_SHA384) {
+ RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_802_1X_SHA384);
+ pos += RSN_SELECTOR_LEN;
+ num_suites++;
+ }
+#endif /* CONFIG_SHA384 */
if (conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X_SHA256) {
RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_802_1X_SHA256);
pos += RSN_SELECTOR_LEN;
else if (data.key_mgmt & WPA_KEY_MGMT_OSEN)
selector = RSN_AUTH_KEY_MGMT_OSEN;
#endif /* CONFIG_HS20 */
+#ifdef CONFIG_SHA384
+ else if (data.key_mgmt & WPA_KEY_MGMT_IEEE8021X_SHA384)
+ selector = RSN_AUTH_KEY_MGMT_802_1X_SHA384;
+#endif /* CONFIG_SHA384 */
wpa_auth->dot11RSNAAuthenticationSuiteSelected = selector;
selector = wpa_cipher_to_suite(WPA_PROTO_RSN,
else if (key_mgmt & WPA_KEY_MGMT_FT_PSK)
sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_PSK;
#endif /* CONFIG_IEEE80211R_AP */
+#ifdef CONFIG_SHA384
+ else if (key_mgmt & WPA_KEY_MGMT_IEEE8021X_SHA384)
+ sm->wpa_key_mgmt = WPA_KEY_MGMT_IEEE8021X_SHA384;
+#endif /* CONFIG_SHA384 */
else if (key_mgmt & WPA_KEY_MGMT_IEEE8021X_SHA256)
sm->wpa_key_mgmt = WPA_KEY_MGMT_IEEE8021X_SHA256;
else if (key_mgmt & WPA_KEY_MGMT_PSK_SHA256)
#define WPA_KEY_MGMT_PASN BIT(25)
#define WPA_KEY_MGMT_SAE_EXT_KEY BIT(26)
#define WPA_KEY_MGMT_FT_SAE_EXT_KEY BIT(27)
+#define WPA_KEY_MGMT_IEEE8021X_SHA384 BIT(28)
#define WPA_KEY_MGMT_FT (WPA_KEY_MGMT_FT_PSK | \
WPA_KEY_MGMT_FILS_SHA256 |
WPA_KEY_MGMT_FILS_SHA384 |
WPA_KEY_MGMT_FT_FILS_SHA256 |
- WPA_KEY_MGMT_FT_FILS_SHA384));
+ WPA_KEY_MGMT_FT_FILS_SHA384 |
+ WPA_KEY_MGMT_IEEE8021X_SHA384));
}
static inline int wpa_key_mgmt_wpa_psk_no_sae(int akm)
return !!(akm & (WPA_KEY_MGMT_IEEE8021X_SUITE_B_192 |
WPA_KEY_MGMT_FT_IEEE8021X_SHA384 |
WPA_KEY_MGMT_FILS_SHA384 |
- WPA_KEY_MGMT_FT_FILS_SHA384));
+ WPA_KEY_MGMT_FT_FILS_SHA384 |
+ WPA_KEY_MGMT_IEEE8021X_SHA384));
}
static inline int wpa_key_mgmt_suite_b(int akm)
{
switch (akmp) {
case WPA_KEY_MGMT_IEEE8021X_SUITE_B_192:
+ case WPA_KEY_MGMT_IEEE8021X_SHA384:
case WPA_KEY_MGMT_FT_IEEE8021X_SHA384:
return 24;
case WPA_KEY_MGMT_FILS_SHA256:
case WPA_KEY_MGMT_FILS_SHA256:
case WPA_KEY_MGMT_FT_FILS_SHA256:
case WPA_KEY_MGMT_FT_IEEE8021X_SHA384:
+ case WPA_KEY_MGMT_IEEE8021X_SHA384:
return 32;
case WPA_KEY_MGMT_DPP:
return pmk_len <= 32 ? 16 : 32;
switch (akmp) {
case WPA_KEY_MGMT_IEEE8021X_SUITE_B_192:
case WPA_KEY_MGMT_FT_IEEE8021X_SHA384:
+ case WPA_KEY_MGMT_IEEE8021X_SHA384:
return 24;
case WPA_KEY_MGMT_FILS_SHA256:
case WPA_KEY_MGMT_FILS_SHA384:
akmp == WPA_KEY_MGMT_OWE ||
akmp == WPA_KEY_MGMT_DPP ||
akmp == WPA_KEY_MGMT_FT_IEEE8021X_SHA384 ||
+ akmp == WPA_KEY_MGMT_IEEE8021X_SHA384 ||
wpa_key_mgmt_sae(akmp) ||
wpa_key_mgmt_suite_b(akmp) ||
wpa_key_mgmt_fils(akmp);
return akmp == WPA_KEY_MGMT_OSEN ||
akmp == WPA_KEY_MGMT_OWE ||
akmp == WPA_KEY_MGMT_DPP ||
+ akmp == WPA_KEY_MGMT_IEEE8021X_SHA384 ||
wpa_key_mgmt_ft(akmp) ||
wpa_key_mgmt_sha256(akmp) ||
wpa_key_mgmt_sae(akmp) ||
os_memcpy(mic, hash, key_len);
break;
#endif /* CONFIG_DPP */
-#if defined(CONFIG_IEEE80211R) && defined(CONFIG_SHA384)
+#ifdef CONFIG_SHA384
+ case WPA_KEY_MGMT_IEEE8021X_SHA384:
+#ifdef CONFIG_IEEE80211R
case WPA_KEY_MGMT_FT_IEEE8021X_SHA384:
+#endif /* CONFIG_IEEE80211R */
wpa_printf(MSG_DEBUG,
- "WPA: EAPOL-Key MIC using HMAC-SHA384 (AKM-defined - FT 802.1X SHA384)");
+ "WPA: EAPOL-Key MIC using HMAC-SHA384 (AKM-defined - 802.1X SHA384)");
if (hmac_sha384(key, key_len, buf, len, hash))
return -1;
os_memcpy(mic, hash, 24);
break;
-#endif /* CONFIG_IEEE80211R && CONFIG_SHA384 */
+#endif /* CONFIG_SHA384 */
default:
wpa_printf(MSG_DEBUG,
"WPA: EAPOL-Key MIC algorithm not known (AKM-defined - akmp=0x%x)",
ptk_len = ptk->kck_len + ptk->kek_len + ptk->tk_len + ptk->kdk_len;
if (wpa_key_mgmt_sha384(akmp)) {
-#if defined(CONFIG_SUITEB192) || defined(CONFIG_FILS)
+#ifdef CONFIG_SHA384
wpa_printf(MSG_DEBUG, "WPA: PTK derivation using PRF(SHA384)");
if (sha384_prf(pmk, pmk_len, label, data, data_len,
tmp, ptk_len) < 0)
return -1;
-#else /* CONFIG_SUITEB192 || CONFIG_FILS */
+#else /* CONFIG_SHA384 */
return -1;
-#endif /* CONFIG_SUITEB192 || CONFIG_FILS */
+#endif /* CONFIG_SHA384 */
} else if (wpa_key_mgmt_sha256(akmp)) {
wpa_printf(MSG_DEBUG, "WPA: PTK derivation using PRF(SHA256)");
if (sha256_prf(pmk, pmk_len, label, data, data_len,
return WPA_KEY_MGMT_FT_IEEE8021X_SHA384;
#endif /* CONFIG_SHA384 */
#endif /* CONFIG_IEEE80211R */
+#ifdef CONFIG_SHA384
+ if (RSN_SELECTOR_GET(s) == RSN_AUTH_KEY_MGMT_802_1X_SHA384)
+ return WPA_KEY_MGMT_IEEE8021X_SHA384;
+#endif /* CONFIG_SHA384 */
if (RSN_SELECTOR_GET(s) == RSN_AUTH_KEY_MGMT_802_1X_SHA256)
return WPA_KEY_MGMT_IEEE8021X_SHA256;
if (RSN_SELECTOR_GET(s) == RSN_AUTH_KEY_MGMT_PSK_SHA256)
return "DPP";
case WPA_KEY_MGMT_PASN:
return "PASN";
+ case WPA_KEY_MGMT_IEEE8021X_SHA384:
+ return "WPA2-EAP-SHA384";
default:
return "UNKNOWN";
}
return RSN_AUTH_KEY_MGMT_FT_802_1X;
if (akm & WPA_KEY_MGMT_FT_PSK)
return RSN_AUTH_KEY_MGMT_FT_PSK;
+ if (akm & WPA_KEY_MGMT_IEEE8021X_SHA384)
+ return RSN_AUTH_KEY_MGMT_802_1X_SHA384;
if (akm & WPA_KEY_MGMT_IEEE8021X_SHA256)
return RSN_AUTH_KEY_MGMT_802_1X_SHA256;
if (akm & WPA_KEY_MGMT_IEEE8021X)
__AKM(OWE, OWE);
__AKM(DPP, DPP);
__AKM(FT_IEEE8021X_SHA384, FT_802_1X_SHA384);
+ __AKM(IEEE8021X_SHA384, 802_1X_SHA384);
#undef __AKM
return num_suites;
if (params->key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X ||
params->key_mgmt_suite == WPA_KEY_MGMT_PSK ||
params->key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SHA256 ||
- params->key_mgmt_suite == WPA_KEY_MGMT_PSK_SHA256) {
+ params->key_mgmt_suite == WPA_KEY_MGMT_PSK_SHA256 ||
+ params->key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SHA384) {
wpa_printf(MSG_DEBUG, " * control port");
if (nla_put_flag(msg, NL80211_ATTR_CONTROL_PORT))
goto fail;
params->key_mgmt_suite == WPA_KEY_MGMT_FT_FILS_SHA256 ||
params->key_mgmt_suite == WPA_KEY_MGMT_FT_FILS_SHA384 ||
params->key_mgmt_suite == WPA_KEY_MGMT_OWE ||
- params->key_mgmt_suite == WPA_KEY_MGMT_DPP) {
+ params->key_mgmt_suite == WPA_KEY_MGMT_DPP ||
+ params->key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SHA384) {
u32 *mgmt;
unsigned int akm_count = 1, i;
case WPA_KEY_MGMT_DPP:
mgmt[0] = RSN_AUTH_KEY_MGMT_DPP;
break;
+ case WPA_KEY_MGMT_IEEE8021X_SHA384:
+ mgmt[0] = RSN_AUTH_KEY_MGMT_802_1X_SHA384;
+ break;
case WPA_KEY_MGMT_PSK:
default:
mgmt[0] = RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X;
return !!(akmp & (WPA_KEY_MGMT_IEEE8021X |
WPA_KEY_MGMT_IEEE8021X_SHA256 |
WPA_KEY_MGMT_IEEE8021X_SUITE_B |
- WPA_KEY_MGMT_IEEE8021X_SUITE_B_192));
+ WPA_KEY_MGMT_IEEE8021X_SUITE_B_192 |
+ WPA_KEY_MGMT_IEEE8021X_SHA384));
}
return RSN_AUTH_KEY_MGMT_802_1X_SUITE_B;
case WPA_KEY_MGMT_IEEE8021X_SUITE_B_192:
return RSN_AUTH_KEY_MGMT_802_1X_SUITE_B_192;
+ case WPA_KEY_MGMT_IEEE8021X_SHA384:
+ return RSN_AUTH_KEY_MGMT_802_1X_SHA384;
default:
return 0;
}
} else if (key_mgmt & WPA_KEY_MGMT_OSEN) {
RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_OSEN);
#endif /* CONFIG_HS20 */
+#ifdef CONFIG_SHA384
+ } else if (key_mgmt == WPA_KEY_MGMT_IEEE8021X_SHA384) {
+ RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_802_1X_SHA384);
+#endif /* CONFIG_SHA384 */
} else {
wpa_printf(MSG_WARNING, "Invalid key management type (%d).",
key_mgmt);
"pairwise=%s%s%s%s%s%s%s"
"group=%s%s%s%s%s%s%s%s%s"
"mgmt_group_cipher=%s%s%s%s%s"
- "key_mgmt=%s%s%s%s%s%s%s%s%s%s%s%s%s%s"
+ "key_mgmt=%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s"
"rsn_capab=%s%s%s%s%s%s%s%s%s%s",
MAC2STR(bss->bssid),
bss->proto == 0 ? "OPEN " : "",
"EAP-SUITE-B " : "",
bss->key_mgmt & WPA_KEY_MGMT_IEEE8021X_SUITE_B_192 ?
"EAP-SUITE-B-192 " : "",
+ bss->key_mgmt & WPA_KEY_MGMT_IEEE8021X_SHA384 ?
+ "EAP-SHA384 " : "",
bss->rsn_capab & WPA_CAPABILITY_PREAUTH ? "PREAUTH " : "",
bss->rsn_capab & WPA_CAPABILITY_NO_PAIRWISE ?
"NO_PAIRWISE " : "",
if (key_mgmt & WPA_KEY_MGMT_IEEE8021X_SUITE_B_192)
pos += os_snprintf(pos, end - pos, "%sEAP-SUITE-B-192",
pos == buf ? "" : " ");
+ if (key_mgmt & WPA_KEY_MGMT_IEEE8021X_SHA384)
+ pos += os_snprintf(pos, end - pos, "%sEAP-SHA384",
+ pos == buf ? "" : " ");
}
wpa_printf(MSG_INFO, "STA " MACSTR
" proto=%s%s%s%s"
"pairwise=%s%s%s%s%s%s%s"
- "key_mgmt=%s%s%s%s%s%s%s%s%s%s%s%s%s%s"
+ "key_mgmt=%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s"
"rsn_capab=%s%s%s%s%s%s%s%s%s%s",
MAC2STR(sta->addr),
sta->proto == 0 ? "OPEN " : "",
"EAP-SUITE-B " : "",
sta->key_mgmt & WPA_KEY_MGMT_IEEE8021X_SUITE_B_192 ?
"EAP-SUITE-B-192 " : "",
+ sta->key_mgmt & WPA_KEY_MGMT_IEEE8021X_SHA384 ?
+ "EAP-SHA384 " : "",
sta->rsn_capab & WPA_CAPABILITY_PREAUTH ? "PREAUTH " : "",
sta->rsn_capab & WPA_CAPABILITY_NO_PAIRWISE ?
"NO_PAIRWISE " : "",
val |= WPA_KEY_MGMT_FT_IEEE8021X_SHA384;
#endif /* CONFIG_SHA384 */
#endif /* CONFIG_IEEE80211R */
+#ifdef CONFIG_SHA384
+ else if (os_strcmp(start, "WPA-EAP-SHA384") == 0)
+ val |= WPA_KEY_MGMT_IEEE8021X_SHA384;
+#endif /* CONFIG_SHA384 */
else if (os_strcmp(start, "WPA-PSK-SHA256") == 0)
val |= WPA_KEY_MGMT_PSK_SHA256;
else if (os_strcmp(start, "WPA-EAP-SHA256") == 0)
#endif /* CONFIG_SHA384 */
#endif /* CONFIG_IEEE80211R */
+#ifdef CONFIG_SHA384
+ if (ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_SHA384) {
+ ret = os_snprintf(pos, end - pos, "%sWPA-EAP-SHA384",
+ pos == buf ? "" : " ");
+ if (os_snprintf_error(end - pos, ret)) {
+ end[-1] = '\0';
+ return buf;
+ }
+ pos += ret;
+ }
+#endif /* CONFIG_SHA384 */
+
if (ssid->key_mgmt & WPA_KEY_MGMT_PSK_SHA256) {
ret = os_snprintf(pos, end - pos, "%sWPA-PSK-SHA256",
pos == buf ? "" : " ");
pos += ret;
}
+#ifdef CONFIG_SHA384
+ if (data.key_mgmt & WPA_KEY_MGMT_IEEE8021X_SHA384) {
+ ret = os_snprintf(pos, end - pos, "%sEAP-SHA384",
+ pos == start ? "" : "+");
+ if (os_snprintf_error(end - pos, ret))
+ return pos;
+ pos += ret;
+ }
+#endif /* CONFIG_SHA384 */
+
pos = wpa_supplicant_cipher_txt(pos, end, data.pairwise_cipher);
if (data.capabilities & WPA_CAPABILITY_PREAUTH) {
DBusMessageIter iter_dict, variant_iter;
const char *group;
const char *pairwise[5]; /* max 5 pairwise ciphers is supported */
- const char *key_mgmt[18]; /* max 18 key managements may be supported */
+ const char *key_mgmt[19]; /* max 19 key managements may be supported */
int n;
if (!dbus_message_iter_open_container(iter, DBUS_TYPE_VARIANT,
#endif /* CONFIG_OWE */
if (ie_data->key_mgmt & WPA_KEY_MGMT_NONE)
key_mgmt[n++] = "wpa-none";
+#ifdef CONFIG_SHA384
+ if (ie_data->key_mgmt & WPA_KEY_MGMT_IEEE8021X_SHA384)
+ key_mgmt[n++] = "wpa-eap-sha384";
+#endif /* CONFIG_SHA384 */
if (!wpa_dbus_dict_append_string_array(&iter_dict, "KeyMgmt",
key_mgmt, n))
ssid->key_mgmt = WPA_KEY_MGMT_IEEE8021X |
WPA_KEY_MGMT_IEEE8021X_SHA256 |
- WPA_KEY_MGMT_IEEE8021X_SHA256;
+ WPA_KEY_MGMT_IEEE8021X_SHA384;
ssid->ieee80211w = MGMT_FRAME_PROTECTION_OPTIONAL;
if (conf->cacert) {
wpa_dbg(wpa_s, MSG_DEBUG,
"WPA: using KEY_MGMT 802.1X with Suite B");
#endif /* CONFIG_SUITEB */
+#ifdef CONFIG_SHA384
+ } else if (sel & WPA_KEY_MGMT_IEEE8021X_SHA384) {
+ wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X_SHA384;
+ wpa_dbg(wpa_s, MSG_DEBUG,
+ "WPA: using KEY_MGMT 802.1X with SHA384");
+#endif /* CONFIG_SHA384 */
#ifdef CONFIG_FILS
#ifdef CONFIG_IEEE80211R
} else if (sel & WPA_KEY_MGMT_FT_FILS_SHA384) {
(params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X ||
params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SHA256 ||
params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SUITE_B ||
- params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SUITE_B_192))
+ params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SUITE_B_192 ||
+ params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SHA384))
params.req_handshake_offload = 1;
if (wpa_s->conf->key_mgmt_offload) {
if (params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X ||
params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SHA256 ||
params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SUITE_B ||
- params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SUITE_B_192)
+ params.key_mgmt_suite ==
+ WPA_KEY_MGMT_IEEE8021X_SUITE_B_192 ||
+ params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SHA384)
params.req_key_mgmt_offload =
ssid->proactive_key_caching < 0 ?
wpa_s->conf->okc : ssid->proactive_key_caching;
wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt) &&
(ssid->key_mgmt & (WPA_KEY_MGMT_IEEE8021X |
WPA_KEY_MGMT_FT_IEEE8021X |
- WPA_KEY_MGMT_IEEE8021X_SHA256)) &&
+ WPA_KEY_MGMT_IEEE8021X_SHA256 |
+ WPA_KEY_MGMT_IEEE8021X_SHA384)) &&
(ssid->ieee80211w != MGMT_FRAME_PROTECTION_REQUIRED ||
(ssid->group_cipher & WPA_CIPHER_TKIP))) {
disable_wpa_wpa2(ssid);
projects / thirdparty / hostap.git / commitdiff
