OWE: Select KDF hash algorithm based on the length of the prime

Previous implementation was hardcoding use of SHA256 PMK-to-PTK
derivation for all groups. Replace that with hash algorithm selection
based on the length of the prime similarly to the way this was done for
other derivation steps in OWE.

This breaks backwards compatibility when using group 20 or 21; group 19
behavior remains same.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>

diff --git a/src/common/wpa_common.c b/src/common/wpa_common.c
index de4b6ecd2993c24ab3144304a2de75382c43487a..5ecb1eceb468b84d837c821cd8fb738e0f514742 100644 (file)
--- a/src/common/wpa_common.c
+++ b/src/common/wpa_common.c
@@ -407,11 +407,32 @@ int wpa_pmk_to_ptk(const u8 *pmk, size_t pmk_len, const char *label,
 #else /* CONFIG_SUITEB192 || CONFIG_FILS */
                return -1;
 #endif /* CONFIG_SUITEB192 || CONFIG_FILS */
-       } else if (wpa_key_mgmt_sha256(akmp) || akmp == WPA_KEY_MGMT_OWE) {
+       } else if (wpa_key_mgmt_sha256(akmp)) {
                wpa_printf(MSG_DEBUG, "WPA: PTK derivation using PRF(SHA256)");
                if (sha256_prf(pmk, pmk_len, label, data, data_len,
                               tmp, ptk_len) < 0)
                        return -1;
+#ifdef CONFIG_OWE
+       } else if (akmp == WPA_KEY_MGMT_OWE && pmk_len == 32) {
+               wpa_printf(MSG_DEBUG, "WPA: PTK derivation using PRF(SHA256)");
+               if (sha256_prf(pmk, pmk_len, label, data, data_len,
+                              tmp, ptk_len) < 0)
+                       return -1;
+       } else if (akmp == WPA_KEY_MGMT_OWE && pmk_len == 48) {
+               wpa_printf(MSG_DEBUG, "WPA: PTK derivation using PRF(SHA384)");
+               if (sha384_prf(pmk, pmk_len, label, data, data_len,
+                              tmp, ptk_len) < 0)
+                       return -1;
+       } else if (akmp == WPA_KEY_MGMT_OWE && pmk_len == 64) {
+               wpa_printf(MSG_DEBUG, "WPA: PTK derivation using PRF(SHA512)");
+               if (sha512_prf(pmk, pmk_len, label, data, data_len,
+                              tmp, ptk_len) < 0)
+                       return -1;
+       } else if (akmp == WPA_KEY_MGMT_OWE) {
+               wpa_printf(MSG_INFO, "OWE: Unknown PMK length %u",
+                          (unsigned int) pmk_len);
+               return -1;
+#endif /* CONFIG_OWE */
 #ifdef CONFIG_DPP
        } else if (akmp == WPA_KEY_MGMT_DPP && pmk_len == 32) {
                wpa_printf(MSG_DEBUG, "WPA: PTK derivation using PRF(SHA256)");