From 3132e9f59581dc619e5a8cfa2d54be4b34ec6744 Mon Sep 17 00:00:00 2001 From: John Brandt Date: Sun, 5 May 2024 17:30:34 -0700 Subject: [PATCH] eapol: support PTK derivation with SHA256 Support PTK derivation in case the negotiated AKM requires SHA256. This is needed to support SAE in AP mode. --- src/eapol.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/eapol.c b/src/eapol.c index 3ce14d5c..a9b4f3ba 100644 --- a/src/eapol.c +++ b/src/eapol.c @@ -1560,6 +1560,7 @@ static void eapol_handle_ptk_2_of_4(struct eapol_sm *sm, size_t ptk_size; const uint8_t *kck; const uint8_t *aa = sm->handshake->aa; + enum l_checksum_type type; l_debug("ifindex=%u", sm->handshake->ifindex); @@ -1571,12 +1572,16 @@ static void eapol_handle_ptk_2_of_4(struct eapol_sm *sm, ptk_size = handshake_state_get_ptk_size(sm->handshake); + type = L_CHECKSUM_SHA1; + if (sm->handshake->akm_suite == IE_RSN_AKM_SUITE_SAE_SHA256) + type = L_CHECKSUM_SHA256; + if (!crypto_derive_pairwise_ptk(sm->handshake->pmk, sm->handshake->pmk_len, sm->handshake->spa, aa, sm->handshake->anonce, ek->key_nonce, sm->handshake->ptk, ptk_size, - L_CHECKSUM_SHA1)) + type)) return; kck = handshake_state_get_kck(sm->handshake);