From: Ainy Kumari Date: Thu, 27 Nov 2025 00:16:16 +0000 (+0530) Subject: PASN: Extend hash algorithm selection to cover SAE-EXT-KEY AKMs X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c70705bd8da5a3f3413e328e67f9c1a9fca9469d;p=thirdparty%2Fhostap.git PASN: Extend hash algorithm selection to cover SAE-EXT-KEY AKMs Updates PASN key derivation to support SAE-EXT-KEY AKMs and hash algorithm selection in line with IEEE Std 802.11-2024, 12.13.8, 12.13.9 and 12.4.2. Select the appropriate hash algorithm (SHA-256/SHA-384/SHA-512) for PTK derivation based on the PMK length when using SAE-EXT-KEY so that the longer key length cases with groups 20 and 21 are covered. Signed-off-by: Sai Pratyusha Magam Signed-off-by: Ainy Kumari --- diff --git a/src/common/wpa_common.c b/src/common/wpa_common.c index 908305b63..b4a7cbda6 100644 --- a/src/common/wpa_common.c +++ b/src/common/wpa_common.c @@ -1532,6 +1532,39 @@ static bool pasn_use_sha384(int akmp, int cipher) } +/** + * pasn_select_hash_alg - Select hash algorithm for PTK derivation + * @akmp: Authentication and key management protocol + * @cipher: The cipher suite + * @pmk_len: PMK length in octets + * + * According to IEEE Std 802.11-2024, Table 9-190 (AKM suite selectors), AKMs + * 00-0F-AC:24 and 00-0F-AC:25 have the length of the PMK, the length + * of the SAE key confirmation key, SAE-KCK, and PTK-KCK, and the length of + * PTK-KEK depending on the hash algorithm specified in 12.4.2 (see 12.7.1.3 + * and 12.7.3), i.e, the hash algorithm depends on the prime length associated + * with the selected group per Table 12-1 (Hash algorithm based on length of + * prime). + */ +static enum rsn_hash_alg pasn_select_hash_alg(int akmp, int cipher, + size_t pmk_len) +{ +#ifdef CONFIG_SAE + if (wpa_key_mgmt_sae_ext_key(akmp)) { + if (pmk_len == 64) + return RSN_HASH_SHA512; + if (pmk_len == 48) + return RSN_HASH_SHA384; + } +#endif /* CONFIG_SAE */ + + if (pasn_use_sha384(akmp, cipher)) + return RSN_HASH_SHA384; + + return RSN_HASH_SHA256; +} + + /** * pasn_pmk_to_ptk - Calculate PASN PTK from PMK, addresses, etc. * @pmk: Pairwise master key @@ -1607,21 +1640,38 @@ int pasn_pmk_to_ptk(const u8 *pmk, size_t pmk_len, if (ptk_len > sizeof(tmp)) goto err; - *alg = pasn_use_sha384(akmp, cipher) ? RSN_HASH_SHA384 : - RSN_HASH_SHA256; + *alg = pasn_select_hash_alg(akmp, cipher, pmk_len); - if (pasn_use_sha384(akmp, cipher)) { + switch (*alg) { + case RSN_HASH_SHA512: +#ifdef CONFIG_SHA512 + wpa_printf(MSG_DEBUG, "PASN: PTK derivation using SHA512"); + + if (sha512_prf(pmk, pmk_len, label, data, data_len, tmp, + ptk_len) < 0) + goto err; + break; +#endif + case RSN_HASH_SHA384: +#ifdef CONFIG_SHA384 wpa_printf(MSG_DEBUG, "PASN: PTK derivation using SHA384"); if (sha384_prf(pmk, pmk_len, label, data, data_len, tmp, ptk_len) < 0) goto err; - } else { + break; +#endif + case RSN_HASH_SHA256: wpa_printf(MSG_DEBUG, "PASN: PTK derivation using SHA256"); if (sha256_prf(pmk, pmk_len, label, data, data_len, tmp, ptk_len) < 0) goto err; + break; + default: + wpa_printf(MSG_DEBUG, "PASN: Unsupported hash algorithm %d", + *alg); + goto err; } wpa_printf(MSG_DEBUG,