mirror of
https://git.kernel.org/pub/scm/network/wireless/iwd.git
synced 2024-12-01 23:59:51 +01:00
crypto: modify crypto_derive_pmkid to take the length/checksum type
The existing API was limited to SHA1 or SHA256 and assumed a key length of 32 bytes. Since other AKMs plan to be added update this to take the checksum/length directly for better flexibility.
This commit is contained in:
parent
d09b106998
commit
ae76fa876f
10
src/crypto.c
10
src/crypto.c
@ -1116,9 +1116,10 @@ exit:
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* Defined in 802.11-2012, Section 11.6.1.3 Pairwise Key Hierarchy */
|
/* Defined in 802.11-2012, Section 11.6.1.3 Pairwise Key Hierarchy */
|
||||||
bool crypto_derive_pmkid(const uint8_t *pmk,
|
bool crypto_derive_pmkid(const uint8_t *pmk, size_t key_len,
|
||||||
const uint8_t *addr1, const uint8_t *addr2,
|
const uint8_t *addr1, const uint8_t *addr2,
|
||||||
uint8_t *out_pmkid, bool use_sha256)
|
uint8_t *out_pmkid,
|
||||||
|
enum l_checksum_type checksum)
|
||||||
{
|
{
|
||||||
uint8_t data[20];
|
uint8_t data[20];
|
||||||
|
|
||||||
@ -1126,10 +1127,7 @@ bool crypto_derive_pmkid(const uint8_t *pmk,
|
|||||||
memcpy(data + 8, addr2, 6);
|
memcpy(data + 8, addr2, 6);
|
||||||
memcpy(data + 14, addr1, 6);
|
memcpy(data + 14, addr1, 6);
|
||||||
|
|
||||||
if (use_sha256)
|
return hmac_common(checksum, pmk, key_len, data, 20, out_pmkid, 16);
|
||||||
return hmac_sha256(pmk, 32, data, 20, out_pmkid, 16);
|
|
||||||
else
|
|
||||||
return hmac_sha1(pmk, 32, data, 20, out_pmkid, 16);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
enum l_checksum_type crypto_sae_hash_from_ecc_prime_len(enum crypto_sae type,
|
enum l_checksum_type crypto_sae_hash_from_ecc_prime_len(enum crypto_sae type,
|
||||||
|
@ -154,9 +154,10 @@ bool crypto_derive_ft_ptk(const uint8_t *pmk_r1, const uint8_t *pmk_r1_name,
|
|||||||
bool sha384, uint8_t *out_ptk, size_t ptk_len,
|
bool sha384, uint8_t *out_ptk, size_t ptk_len,
|
||||||
uint8_t *out_ptk_name);
|
uint8_t *out_ptk_name);
|
||||||
|
|
||||||
bool crypto_derive_pmkid(const uint8_t *pmk,
|
bool crypto_derive_pmkid(const uint8_t *pmk, size_t key_len,
|
||||||
const uint8_t *addr1, const uint8_t *addr2,
|
const uint8_t *addr1, const uint8_t *addr2,
|
||||||
uint8_t *out_pmkid, bool use_sha256);
|
uint8_t *out_pmkid,
|
||||||
|
enum l_checksum_type checksum);
|
||||||
|
|
||||||
enum crypto_sae {
|
enum crypto_sae {
|
||||||
CRYPTO_SAE_LOOPING,
|
CRYPTO_SAE_LOOPING,
|
||||||
|
@ -1112,8 +1112,8 @@ static void eapol_send_ptk_1_of_4(struct eapol_sm *sm)
|
|||||||
memcpy(ek->key_nonce, sm->handshake->anonce, sizeof(ek->key_nonce));
|
memcpy(ek->key_nonce, sm->handshake->anonce, sizeof(ek->key_nonce));
|
||||||
|
|
||||||
/* Write the PMKID KDE into Key Data field unencrypted */
|
/* Write the PMKID KDE into Key Data field unencrypted */
|
||||||
crypto_derive_pmkid(sm->handshake->pmk, sm->handshake->spa, aa,
|
crypto_derive_pmkid(sm->handshake->pmk, 32, sm->handshake->spa, aa,
|
||||||
pmkid, false);
|
pmkid, L_CHECKSUM_SHA1);
|
||||||
|
|
||||||
eapol_key_data_append(ek, sm->mic_len, HANDSHAKE_KDE_PMKID, pmkid, 16);
|
eapol_key_data_append(ek, sm->mic_len, HANDSHAKE_KDE_PMKID, pmkid, 16);
|
||||||
|
|
||||||
|
@ -736,7 +736,7 @@ void handshake_state_set_pmkid(struct handshake_state *s, const uint8_t *pmkid)
|
|||||||
|
|
||||||
bool handshake_state_get_pmkid(struct handshake_state *s, uint8_t *out_pmkid)
|
bool handshake_state_get_pmkid(struct handshake_state *s, uint8_t *out_pmkid)
|
||||||
{
|
{
|
||||||
bool use_sha256;
|
enum l_checksum_type sha;
|
||||||
|
|
||||||
/* SAE exports pmkid */
|
/* SAE exports pmkid */
|
||||||
if (s->have_pmkid) {
|
if (s->have_pmkid) {
|
||||||
@ -757,12 +757,11 @@ bool handshake_state_get_pmkid(struct handshake_state *s, uint8_t *out_pmkid)
|
|||||||
|
|
||||||
if (s->akm_suite & (IE_RSN_AKM_SUITE_8021X_SHA256 |
|
if (s->akm_suite & (IE_RSN_AKM_SUITE_8021X_SHA256 |
|
||||||
IE_RSN_AKM_SUITE_PSK_SHA256))
|
IE_RSN_AKM_SUITE_PSK_SHA256))
|
||||||
use_sha256 = true;
|
sha = L_CHECKSUM_SHA256;
|
||||||
else
|
else
|
||||||
use_sha256 = false;
|
sha = L_CHECKSUM_SHA1;
|
||||||
|
|
||||||
return crypto_derive_pmkid(s->pmk, s->spa, s->aa, out_pmkid,
|
return crypto_derive_pmkid(s->pmk, 32, s->spa, s->aa, out_pmkid, sha);
|
||||||
use_sha256);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
void handshake_state_set_gtk(struct handshake_state *s, const uint8_t *key,
|
void handshake_state_set_gtk(struct handshake_state *s, const uint8_t *key,
|
||||||
|
Loading…
Reference in New Issue
Block a user