FT: Extend PMKR1Name derivation for FT-SAE-EXT-KEY

Provide key length instead of SHA384/SHA256 selection to the helper
function so that the new SHA512 option can be covered for
FT-SAE-EXT-KEY.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>

diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
index e16d78ead9335f159a632712783e08a271451f87..0806ff0fbea872cd1728fa0763f04e96650aad0f 100644 (file)
--- a/src/ap/wpa_auth.c
+++ b/src/ap/wpa_auth.c
@@ -2475,7 +2475,7 @@ int fils_auth_pmk_to_ptk(struct wpa_state_machine *sm, const u8 *pmk,
 
                res = wpa_derive_pmk_r1_name(pmk_r0_name, conf->r1_key_holder,
                                             sm->addr, sm->pmk_r1_name,
-                                            use_sha384);
+                                            fils_ft_len);
                forced_memzero(pmk_r0, PMK_LEN_MAX);
                if (res < 0)
                        return -1;

diff --git a/src/ap/wpa_auth_ft.c b/src/ap/wpa_auth_ft.c
index 0e522180d5f4be31435244cd30dbb8e511015db2..03376b02faf5aed932678b3424d02101cc2cf9b1 100644 (file)
--- a/src/ap/wpa_auth_ft.c
+++ b/src/ap/wpa_auth_ft.c
@@ -3205,7 +3205,7 @@ static int wpa_ft_process_auth_req(struct wpa_state_machine *sm,
                    parse.rsn_pmkid, WPA_PMK_NAME_LEN);
        if (wpa_derive_pmk_r1_name(parse.rsn_pmkid,
                                   sm->wpa_auth->conf.r1_key_holder, sm->addr,
-                                  pmk_r1_name, use_sha384) < 0)
+                                  pmk_r1_name, pmk_r1_len) < 0)
                return WLAN_STATUS_UNSPECIFIED_FAILURE;
 
        if (conf->ft_psk_generate_local &&

diff --git a/src/common/wpa_common.c b/src/common/wpa_common.c
index 8206ff078b8045bf10d5314e40a4a55ad18f2a4b..f437def505e331432780d07a44e704f43c3211cd 100644 (file)
--- a/src/common/wpa_common.c
+++ b/src/common/wpa_common.c
@@ -2084,11 +2084,14 @@ int wpa_derive_pmk_r0(const u8 *xxkey, size_t xxkey_len,
  * IEEE Std 802.11r-2008 - 8.5.1.5.4
  */
 int wpa_derive_pmk_r1_name(const u8 *pmk_r0_name, const u8 *r1kh_id,
-                          const u8 *s1kh_id, u8 *pmk_r1_name, int use_sha384)
+                          const u8 *s1kh_id, u8 *pmk_r1_name,
+                          size_t pmk_r1_len)
 {
-       u8 hash[48];
+       u8 hash[64];
        const u8 *addr[4];
        size_t len[4];
+       int res;
+       const char *title;
 
        /*
         * PMKR1Name = Truncate-128(Hash("FT-R1N" || PMKR0Name ||
@@ -2103,14 +2106,31 @@ int wpa_derive_pmk_r1_name(const u8 *pmk_r0_name, const u8 *r1kh_id,
        addr[3] = s1kh_id;
        len[3] = ETH_ALEN;
 
+       res = -1;
+#ifdef CONFIG_SHA512
+       if (pmk_r1_len == SHA512_MAC_LEN) {
+               title = "FT: PMKR1Name (using SHA512)";
+               res = sha512_vector(4, addr, len, hash);
+       }
+#endif /* CONFIG_SHA512 */
 #ifdef CONFIG_SHA384
-       if (use_sha384 && sha384_vector(4, addr, len, hash) < 0)
-               return -1;
+       if (pmk_r1_len == SHA384_MAC_LEN) {
+               title = "FT: PMKR1Name (using SHA384)";
+               res = sha384_vector(4, addr, len, hash);
+       }
 #endif /* CONFIG_SHA384 */
-       if (!use_sha384 && sha256_vector(4, addr, len, hash) < 0)
-               return -1;
+       if (pmk_r1_len == SHA256_MAC_LEN) {
+               title = "FT: PMKR1Name (using SHA256)";
+               res = sha256_vector(4, addr, len, hash);
+       }
+       if (res < 0) {
+               wpa_printf(MSG_DEBUG,
+                          "FT: Failed to derive PMKR1Name (PMK-R1 len %zu)",
+                          pmk_r1_len);
+               return res;
+       }
        os_memcpy(pmk_r1_name, hash, WPA_PMK_NAME_LEN);
-       wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name", pmk_r1_name, WPA_PMK_NAME_LEN);
+       wpa_hexdump(MSG_DEBUG, title, pmk_r1_name, WPA_PMK_NAME_LEN);
        return 0;
 }
 
@@ -2158,8 +2178,7 @@ int wpa_derive_pmk_r1(const u8 *pmk_r0, size_t pmk_r0_len,
        wpa_hexdump_key(MSG_DEBUG, "FT: PMK-R1", pmk_r1, pmk_r0_len);
 
        return wpa_derive_pmk_r1_name(pmk_r0_name, r1kh_id, s1kh_id,
-                                     pmk_r1_name,
-                                     pmk_r0_len == SHA384_MAC_LEN);
+                                     pmk_r1_name, pmk_r0_len);
 }
 
 

diff --git a/src/common/wpa_common.h b/src/common/wpa_common.h
index 11faa976007af71baabfe80b6b2863da9011529b..4667284a314081c916749b76ed5d5df167bc2443 100644 (file)
--- a/src/common/wpa_common.h
+++ b/src/common/wpa_common.h
@@ -477,7 +477,8 @@ int wpa_derive_pmk_r0(const u8 *xxkey, size_t xxkey_len,
                      const u8 *s0kh_id, u8 *pmk_r0, u8 *pmk_r0_name,
                      int use_sha384);
 int wpa_derive_pmk_r1_name(const u8 *pmk_r0_name, const u8 *r1kh_id,
-                          const u8 *s1kh_id, u8 *pmk_r1_name, int use_sha384);
+                          const u8 *s1kh_id, u8 *pmk_r1_name,
+                          size_t pmk_r1_len);
 int wpa_derive_pmk_r1(const u8 *pmk_r0, size_t pmk_r0_len,
                      const u8 *pmk_r0_name,
                      const u8 *r1kh_id, const u8 *s1kh_id,

diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
index af79551407a176c1d0ce34ced99117455194c15d..0192ed0901b325dd6f4083843d79d65818490d27 100644 (file)
--- a/src/rsn_supp/wpa.c
+++ b/src/rsn_supp/wpa.c
@@ -4618,7 +4618,7 @@ static int fils_ft_build_assoc_req_rsne(struct wpa_sm *sm, struct wpabuf *buf)
                   MAC2STR(sm->r1kh_id));
        pos = wpabuf_put(buf, WPA_PMK_NAME_LEN);
        if (wpa_derive_pmk_r1_name(sm->pmk_r0_name, sm->r1kh_id, sm->own_addr,
-                                  sm->pmk_r1_name, use_sha384) < 0) {
+                                  sm->pmk_r1_name, sm->fils_ft_len) < 0) {
                wpa_printf(MSG_WARNING, "FILS+FT: Could not derive PMKR1Name");
                return -1;
        }