crypto: modify crypto_derive_pmkid to take the length/checksum type
The existing API was limited to SHA1 or SHA256 and assumed a key length of 32 bytes. Since other AKMs plan to be added update this to take the checksum/length directly for better flexibility.
This commit is contained in:
James Prestwood
Denis Kenzior
parent
d09b106998
commit
ae76fa876f
10
src/crypto.c
10
src/crypto.c
|
|
@ -1116,9 +1116,10 @@ exit:
|
|||
}
|
||||
|
||||
/* Defined in 802.11-2012, Section 11.6.1.3 Pairwise Key Hierarchy */
|
||||
bool crypto_derive_pmkid(const uint8_t *pmk,
|
||||
bool crypto_derive_pmkid(const uint8_t *pmk, size_t key_len,
|
||||
const uint8_t *addr1, const uint8_t *addr2,
|
||||
uint8_t *out_pmkid, bool use_sha256)
|
||||
uint8_t *out_pmkid,
|
||||
enum l_checksum_type checksum)
|
||||
{
|
||||
uint8_t data[20];
|
||||
|
||||
|
|
@ -1126,10 +1127,7 @@ bool crypto_derive_pmkid(const uint8_t *pmk,
|
|||
memcpy(data + 8, addr2, 6);
|
||||
memcpy(data + 14, addr1, 6);
|
||||
|
||||
if (use_sha256)
|
||||
return hmac_sha256(pmk, 32, data, 20, out_pmkid, 16);
|
||||
else
|
||||
return hmac_sha1(pmk, 32, data, 20, out_pmkid, 16);
|
||||
return hmac_common(checksum, pmk, key_len, data, 20, out_pmkid, 16);
|
||||
}
|
||||
|
||||
enum l_checksum_type crypto_sae_hash_from_ecc_prime_len(enum crypto_sae type,
|
||||
|
|
|
|||
|
|
@ -154,9 +154,10 @@ bool crypto_derive_ft_ptk(const uint8_t *pmk_r1, const uint8_t *pmk_r1_name,
|
|||
bool sha384, uint8_t *out_ptk, size_t ptk_len,
|
||||
uint8_t *out_ptk_name);
|
||||
|
||||
bool crypto_derive_pmkid(const uint8_t *pmk,
|
||||
bool crypto_derive_pmkid(const uint8_t *pmk, size_t key_len,
|
||||
const uint8_t *addr1, const uint8_t *addr2,
|
||||
uint8_t *out_pmkid, bool use_sha256);
|
||||
uint8_t *out_pmkid,
|
||||
enum l_checksum_type checksum);
|
||||
|
||||
enum crypto_sae {
|
||||
CRYPTO_SAE_LOOPING,
|
||||
|
|
|
|||
|
|
@ -1112,8 +1112,8 @@ static void eapol_send_ptk_1_of_4(struct eapol_sm *sm)
|
|||
memcpy(ek->key_nonce, sm->handshake->anonce, sizeof(ek->key_nonce));
|
||||
|
||||
/* Write the PMKID KDE into Key Data field unencrypted */
|
||||
crypto_derive_pmkid(sm->handshake->pmk, sm->handshake->spa, aa,
|
||||
pmkid, false);
|
||||
crypto_derive_pmkid(sm->handshake->pmk, 32, sm->handshake->spa, aa,
|
||||
pmkid, L_CHECKSUM_SHA1);
|
||||
|
||||
eapol_key_data_append(ek, sm->mic_len, HANDSHAKE_KDE_PMKID, pmkid, 16);
|
||||
|
||||
|
|
|
|||
|
|
@ -736,7 +736,7 @@ void handshake_state_set_pmkid(struct handshake_state *s, const uint8_t *pmkid)
|
|||
|
||||
bool handshake_state_get_pmkid(struct handshake_state *s, uint8_t *out_pmkid)
|
||||
{
|
||||
bool use_sha256;
|
||||
enum l_checksum_type sha;
|
||||
|
||||
/* SAE exports pmkid */
|
||||
if (s->have_pmkid) {
|
||||
|
|
@ -757,12 +757,11 @@ bool handshake_state_get_pmkid(struct handshake_state *s, uint8_t *out_pmkid)
|
|||
|
||||
if (s->akm_suite & (IE_RSN_AKM_SUITE_8021X_SHA256 |
|
||||
IE_RSN_AKM_SUITE_PSK_SHA256))
|
||||
use_sha256 = true;
|
||||
sha = L_CHECKSUM_SHA256;
|
||||
else
|
||||
use_sha256 = false;
|
||||
sha = L_CHECKSUM_SHA1;
|
||||
|
||||
return crypto_derive_pmkid(s->pmk, s->spa, s->aa, out_pmkid,
|
||||
use_sha256);
|
||||
return crypto_derive_pmkid(s->pmk, 32, s->spa, s->aa, out_pmkid, sha);
|
||||
}
|
||||
|
||||
void handshake_state_set_gtk(struct handshake_state *s, const uint8_t *key,
|
||||
|
|
|
|||
Loading…
Reference in New Issue