From: Jouni Malinen Date: Thu, 24 Aug 2017 20:59:44 +0000 (+0300) Subject: DPP: Derive PMKID using SHA256() for all curves X-Git-Tag: hostap_2_7~1152 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c2d4f2eb5dba0b5c5a8c5805823084da958a9b52;p=thirdparty%2Fhostap.git DPP: Derive PMKID using SHA256() for all curves This was previously defined inconsistently (H() vs. SHA256()), but it is now clarified in the draft tech spec to use SHA256(), so update implementation to do that. Signed-off-by: Jouni Malinen --- diff --git a/src/common/dpp.c b/src/common/dpp.c index 5ef700b18..33db67658 100644 --- a/src/common/dpp.c +++ b/src/common/dpp.c @@ -4541,7 +4541,7 @@ static int dpp_derive_pmkid(const struct dpp_curve_params *curve, int ret = -1, res; const u8 *addr[2]; size_t len[2]; - u8 hash[DPP_MAX_HASH_LEN]; + u8 hash[SHA256_MAC_LEN]; /* PMKID = Truncate-128(H(min(NK.x, PK.x) | max(NK.x, PK.x))) */ nkx = dpp_get_pubkey_point(own_key, 0); @@ -4558,15 +4558,12 @@ static int dpp_derive_pmkid(const struct dpp_curve_params *curve, addr[0] = wpabuf_head(pkx); addr[1] = wpabuf_head(nkx); } - wpa_printf(MSG_DEBUG, "DPP: PMKID H=SHA%u", - (unsigned int) curve->hash_len * 8); wpa_hexdump(MSG_DEBUG, "DPP: PMKID hash payload 1", addr[0], len[0]); wpa_hexdump(MSG_DEBUG, "DPP: PMKID hash payload 2", addr[1], len[1]); - res = dpp_hash_vector(curve, 2, addr, len, hash); + res = sha256_vector(2, addr, len, hash); if (res < 0) goto fail; - wpa_hexdump(MSG_DEBUG, "DPP: PMKID hash output", - hash, curve->hash_len); + wpa_hexdump(MSG_DEBUG, "DPP: PMKID hash output", hash, SHA256_MAC_LEN); os_memcpy(pmkid, hash, PMKID_LEN); wpa_hexdump(MSG_DEBUG, "DPP: PMKID", pmkid, PMKID_LEN); ret = 0;