From: Jouni Malinen <quic_jouni@quicinc.com>
Date: Sun, 16 Oct 2022 13:38:27 +0000 (+0300)
Subject: FT: Extend PMKR1Name derivation for FT-SAE-EXT-KEY
X-Git-Tag: hostap_2_11~1649
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=dcd46edf5f51e7f0ea619a55ff158d74b0eb0c9e;p=thirdparty%2Fhostap.git

FT: Extend PMKR1Name derivation for FT-SAE-EXT-KEY

Provide key length instead of SHA384/SHA256 selection to the helper
function so that the new SHA512 option can be covered for
FT-SAE-EXT-KEY.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
---

diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
index e16d78ead..0806ff0fb 100644
--- a/src/ap/wpa_auth.c
+++ b/src/ap/wpa_auth.c
@@ -2475,7 +2475,7 @@ int fils_auth_pmk_to_ptk(struct wpa_state_machine *sm, const u8 *pmk,
 
 		res = wpa_derive_pmk_r1_name(pmk_r0_name, conf->r1_key_holder,
 					     sm->addr, sm->pmk_r1_name,
-					     use_sha384);
+					     fils_ft_len);
 		forced_memzero(pmk_r0, PMK_LEN_MAX);
 		if (res < 0)
 			return -1;
diff --git a/src/ap/wpa_auth_ft.c b/src/ap/wpa_auth_ft.c
index 0e522180d..03376b02f 100644
--- a/src/ap/wpa_auth_ft.c
+++ b/src/ap/wpa_auth_ft.c
@@ -3205,7 +3205,7 @@ static int wpa_ft_process_auth_req(struct wpa_state_machine *sm,
 		    parse.rsn_pmkid, WPA_PMK_NAME_LEN);
 	if (wpa_derive_pmk_r1_name(parse.rsn_pmkid,
 				   sm->wpa_auth->conf.r1_key_holder, sm->addr,
-				   pmk_r1_name, use_sha384) < 0)
+				   pmk_r1_name, pmk_r1_len) < 0)
 		return WLAN_STATUS_UNSPECIFIED_FAILURE;
 
 	if (conf->ft_psk_generate_local &&
diff --git a/src/common/wpa_common.c b/src/common/wpa_common.c
index 8206ff078..f437def50 100644
--- a/src/common/wpa_common.c
+++ b/src/common/wpa_common.c
@@ -2084,11 +2084,14 @@ int wpa_derive_pmk_r0(const u8 *xxkey, size_t xxkey_len,
  * IEEE Std 802.11r-2008 - 8.5.1.5.4
  */
 int wpa_derive_pmk_r1_name(const u8 *pmk_r0_name, const u8 *r1kh_id,
-			   const u8 *s1kh_id, u8 *pmk_r1_name, int use_sha384)
+			   const u8 *s1kh_id, u8 *pmk_r1_name,
+			   size_t pmk_r1_len)
 {
-	u8 hash[48];
+	u8 hash[64];
 	const u8 *addr[4];
 	size_t len[4];
+	int res;
+	const char *title;
 
 	/*
 	 * PMKR1Name = Truncate-128(Hash("FT-R1N" || PMKR0Name ||
@@ -2103,14 +2106,31 @@ int wpa_derive_pmk_r1_name(const u8 *pmk_r0_name, const u8 *r1kh_id,
 	addr[3] = s1kh_id;
 	len[3] = ETH_ALEN;
 
+	res = -1;
+#ifdef CONFIG_SHA512
+	if (pmk_r1_len == SHA512_MAC_LEN) {
+		title = "FT: PMKR1Name (using SHA512)";
+		res = sha512_vector(4, addr, len, hash);
+	}
+#endif /* CONFIG_SHA512 */
 #ifdef CONFIG_SHA384
-	if (use_sha384 && sha384_vector(4, addr, len, hash) < 0)
-		return -1;
+	if (pmk_r1_len == SHA384_MAC_LEN) {
+		title = "FT: PMKR1Name (using SHA384)";
+		res = sha384_vector(4, addr, len, hash);
+	}
 #endif /* CONFIG_SHA384 */
-	if (!use_sha384 && sha256_vector(4, addr, len, hash) < 0)
-		return -1;
+	if (pmk_r1_len == SHA256_MAC_LEN) {
+		title = "FT: PMKR1Name (using SHA256)";
+		res = sha256_vector(4, addr, len, hash);
+	}
+	if (res < 0) {
+		wpa_printf(MSG_DEBUG,
+			   "FT: Failed to derive PMKR1Name (PMK-R1 len %zu)",
+			   pmk_r1_len);
+		return res;
+	}
 	os_memcpy(pmk_r1_name, hash, WPA_PMK_NAME_LEN);
-	wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name", pmk_r1_name, WPA_PMK_NAME_LEN);
+	wpa_hexdump(MSG_DEBUG, title, pmk_r1_name, WPA_PMK_NAME_LEN);
 	return 0;
 }
 
@@ -2158,8 +2178,7 @@ int wpa_derive_pmk_r1(const u8 *pmk_r0, size_t pmk_r0_len,
 	wpa_hexdump_key(MSG_DEBUG, "FT: PMK-R1", pmk_r1, pmk_r0_len);
 
 	return wpa_derive_pmk_r1_name(pmk_r0_name, r1kh_id, s1kh_id,
-				      pmk_r1_name,
-				      pmk_r0_len == SHA384_MAC_LEN);
+				      pmk_r1_name, pmk_r0_len);
 }
 
 
diff --git a/src/common/wpa_common.h b/src/common/wpa_common.h
index 11faa9760..4667284a3 100644
--- a/src/common/wpa_common.h
+++ b/src/common/wpa_common.h
@@ -477,7 +477,8 @@ int wpa_derive_pmk_r0(const u8 *xxkey, size_t xxkey_len,
 		      const u8 *s0kh_id, u8 *pmk_r0, u8 *pmk_r0_name,
 		      int use_sha384);
 int wpa_derive_pmk_r1_name(const u8 *pmk_r0_name, const u8 *r1kh_id,
-			   const u8 *s1kh_id, u8 *pmk_r1_name, int use_sha384);
+			   const u8 *s1kh_id, u8 *pmk_r1_name,
+			   size_t pmk_r1_len);
 int wpa_derive_pmk_r1(const u8 *pmk_r0, size_t pmk_r0_len,
 		      const u8 *pmk_r0_name,
 		      const u8 *r1kh_id, const u8 *s1kh_id,
diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
index af7955140..0192ed090 100644
--- a/src/rsn_supp/wpa.c
+++ b/src/rsn_supp/wpa.c
@@ -4618,7 +4618,7 @@ static int fils_ft_build_assoc_req_rsne(struct wpa_sm *sm, struct wpabuf *buf)
 		   MAC2STR(sm->r1kh_id));
 	pos = wpabuf_put(buf, WPA_PMK_NAME_LEN);
 	if (wpa_derive_pmk_r1_name(sm->pmk_r0_name, sm->r1kh_id, sm->own_addr,
-				   sm->pmk_r1_name, use_sha384) < 0) {
+				   sm->pmk_r1_name, sm->fils_ft_len) < 0) {
 		wpa_printf(MSG_WARNING, "FILS+FT: Could not derive PMKR1Name");
 		return -1;
 	}