3
0
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git synced 2024-12-22 21:22:37 +01:00

crypto: allow PTK derivation using SHA384

crypto_derive_pairwise_ptk was taking a boolean to decide whether to
use SHA1 or SHA256, but for FILS SHA384 may also be required for
rekeys depending on the AKM.

crypto_derive_pairwise_ptk was changed to take l_checksum_type instead
of a boolean to allow for all 3 SHA types.
This commit is contained in:
James Prestwood 2019-04-25 12:52:48 -07:00 committed by Denis Kenzior
parent e999aa02a1
commit 62097e7d82
4 changed files with 14 additions and 10 deletions

View File

@ -785,7 +785,7 @@ static bool crypto_derive_ptk(const uint8_t *pmk, size_t pmk_len,
const uint8_t *addr1, const uint8_t *addr2,
const uint8_t *nonce1, const uint8_t *nonce2,
uint8_t *out_ptk, size_t ptk_len,
bool use_sha256)
enum l_checksum_type type)
{
/* Nonce length is 32 */
uint8_t data[ETH_ALEN * 2 + 64];
@ -812,7 +812,10 @@ static bool crypto_derive_ptk(const uint8_t *pmk, size_t pmk_len,
}
pos += 64;
if (use_sha256)
if (type == L_CHECKSUM_SHA384)
return kdf_sha384(pmk, pmk_len, label, strlen(label),
data, sizeof(data), out_ptk, ptk_len);
else if (type == L_CHECKSUM_SHA256)
return kdf_sha256(pmk, pmk_len, label, strlen(label),
data, sizeof(data), out_ptk, ptk_len);
else
@ -824,12 +827,12 @@ bool crypto_derive_pairwise_ptk(const uint8_t *pmk, size_t pmk_len,
const uint8_t *addr1, const uint8_t *addr2,
const uint8_t *nonce1, const uint8_t *nonce2,
uint8_t *out_ptk, size_t ptk_len,
bool use_sha256)
enum l_checksum_type type)
{
return crypto_derive_ptk(pmk, pmk_len, "Pairwise key expansion",
addr1, addr2, nonce1, nonce2,
out_ptk, ptk_len,
use_sha256);
type);
}
/* Defined in 802.11-2012, Section 11.6.1.7.3 PMK-R0 */

View File

@ -114,7 +114,7 @@ bool crypto_derive_pairwise_ptk(const uint8_t *pmk, size_t pmk_len,
const uint8_t *addr1, const uint8_t *addr2,
const uint8_t *nonce1, const uint8_t *nonce2,
uint8_t *out_ptk, size_t ptk_len,
bool use_sha256);
enum l_checksum_type type);
bool crypto_derive_pmk_r0(const uint8_t *xxkey,
const uint8_t *ssid, size_t ssid_len,

View File

@ -1379,7 +1379,8 @@ static void eapol_handle_ptk_2_of_4(struct eapol_sm *sm,
sm->handshake->pmk_len,
sm->handshake->spa, aa,
sm->handshake->anonce, ek->key_nonce,
sm->handshake->ptk, ptk_size, false))
sm->handshake->ptk, ptk_size,
L_CHECKSUM_SHA1))
return;
kck = handshake_state_get_kck(sm->handshake);

View File

@ -375,7 +375,7 @@ static bool handshake_get_key_sizes(struct handshake_state *s, size_t *ptk_size,
bool handshake_state_derive_ptk(struct handshake_state *s)
{
size_t ptk_size;
bool use_sha256;
enum l_checksum_type type;
if (!s->have_snonce || !s->have_pmk)
return false;
@ -393,9 +393,9 @@ bool handshake_state_derive_ptk(struct handshake_state *s)
IE_RSN_AKM_SUITE_SAE_SHA256 |
IE_RSN_AKM_SUITE_FT_OVER_SAE_SHA256 |
IE_RSN_AKM_SUITE_OWE))
use_sha256 = true;
type = L_CHECKSUM_SHA256;
else
use_sha256 = false;
type = L_CHECKSUM_SHA1;
ptk_size = handshake_state_get_ptk_size(s);
@ -439,7 +439,7 @@ bool handshake_state_derive_ptk(struct handshake_state *s)
} else
if (!crypto_derive_pairwise_ptk(s->pmk, s->pmk_len, s->spa,
s->aa, s->anonce, s->snonce,
s->ptk, ptk_size, use_sha256))
s->ptk, ptk_size, type))
return false;
return true;