From: James Prestwood <prestwoj@gmail.com>
To: iwd@lists.linux.dev
Cc: James Prestwood <prestwoj@gmail.com>
Subject: [PATCH 1/9] crypto: modify crypto_derive_pmkid to take the hash/key length
Date: Mon, 10 Apr 2023 15:01:27 -0700 [thread overview]
Message-ID: <20230410220135.373872-2-prestwoj@gmail.com> (raw)
In-Reply-To: <20230410220135.373872-1-prestwoj@gmail.com>
The existing API was limited to SHA1 or SHA256 and assumed a key
length of 32 bytes. Since other AKMs plan to be added update
this to take the checksum/length directly for better flexibility.
---
src/crypto.c | 18 ++++++++++++------
src/crypto.h | 5 +++--
src/eapol.c | 4 ++--
src/handshake.c | 11 ++++++-----
4 files changed, 23 insertions(+), 15 deletions(-)
diff --git a/src/crypto.c b/src/crypto.c
index 840d9ee4..f8aba7d8 100644
--- a/src/crypto.c
+++ b/src/crypto.c
@@ -1116,9 +1116,10 @@ exit:
}
/* Defined in 802.11-2012, Section 11.6.1.3 Pairwise Key Hierarchy */
-bool crypto_derive_pmkid(const uint8_t *pmk,
+bool crypto_derive_pmkid(const uint8_t *pmk, size_t key_len,
const uint8_t *addr1, const uint8_t *addr2,
- uint8_t *out_pmkid, bool use_sha256)
+ uint8_t *out_pmkid,
+ enum l_checksum_type checksum)
{
uint8_t data[20];
@@ -1126,10 +1127,15 @@ bool crypto_derive_pmkid(const uint8_t *pmk,
memcpy(data + 8, addr2, 6);
memcpy(data + 14, addr1, 6);
- if (use_sha256)
- return hmac_sha256(pmk, 32, data, 20, out_pmkid, 16);
- else
- return hmac_sha1(pmk, 32, data, 20, out_pmkid, 16);
+ switch (checksum) {
+ case L_CHECKSUM_SHA1:
+ return hmac_sha1(pmk, key_len, data, 20, out_pmkid, 16);
+ case L_CHECKSUM_SHA256:
+ return hmac_sha256(pmk, key_len, data, 20, out_pmkid, 16);
+ default:
+ l_error("Checksum type %u is not valid", checksum);
+ return false;
+ }
}
enum l_checksum_type crypto_sae_hash_from_ecc_prime_len(enum crypto_sae type,
diff --git a/src/crypto.h b/src/crypto.h
index ed430abb..d2a96655 100644
--- a/src/crypto.h
+++ b/src/crypto.h
@@ -154,9 +154,10 @@ bool crypto_derive_ft_ptk(const uint8_t *pmk_r1, const uint8_t *pmk_r1_name,
bool sha384, uint8_t *out_ptk, size_t ptk_len,
uint8_t *out_ptk_name);
-bool crypto_derive_pmkid(const uint8_t *pmk,
+bool crypto_derive_pmkid(const uint8_t *pmk, size_t key_len,
const uint8_t *addr1, const uint8_t *addr2,
- uint8_t *out_pmkid, bool use_sha256);
+ uint8_t *out_pmkid,
+ enum l_checksum_type checksum);
enum crypto_sae {
CRYPTO_SAE_LOOPING,
diff --git a/src/eapol.c b/src/eapol.c
index 9471d13e..9e8f7c34 100644
--- a/src/eapol.c
+++ b/src/eapol.c
@@ -1103,8 +1103,8 @@ static void eapol_send_ptk_1_of_4(struct eapol_sm *sm)
memcpy(ek->key_nonce, sm->handshake->anonce, sizeof(ek->key_nonce));
/* Write the PMKID KDE into Key Data field unencrypted */
- crypto_derive_pmkid(sm->handshake->pmk, sm->handshake->spa, aa,
- pmkid, false);
+ crypto_derive_pmkid(sm->handshake->pmk, 32, sm->handshake->spa, aa,
+ pmkid, L_CHECKSUM_SHA1);
eapol_key_data_append(ek, sm->mic_len, HANDSHAKE_KDE_PMKID, pmkid, 16);
diff --git a/src/handshake.c b/src/handshake.c
index 734e997c..39a650c5 100644
--- a/src/handshake.c
+++ b/src/handshake.c
@@ -736,7 +736,8 @@ void handshake_state_set_pmkid(struct handshake_state *s, const uint8_t *pmkid)
bool handshake_state_get_pmkid(struct handshake_state *s, uint8_t *out_pmkid)
{
- bool use_sha256;
+ enum l_checksum_type sha;
+ size_t key_len = 32;
/* SAE exports pmkid */
if (s->have_pmkid) {
@@ -757,12 +758,12 @@ bool handshake_state_get_pmkid(struct handshake_state *s, uint8_t *out_pmkid)
if (s->akm_suite & (IE_RSN_AKM_SUITE_8021X_SHA256 |
IE_RSN_AKM_SUITE_PSK_SHA256))
- use_sha256 = true;
+ sha = L_CHECKSUM_SHA256;
else
- use_sha256 = false;
+ sha = L_CHECKSUM_SHA1;
- return crypto_derive_pmkid(s->pmk, s->spa, s->aa, out_pmkid,
- use_sha256);
+ return crypto_derive_pmkid(s->pmk, key_len, s->spa, s->aa, out_pmkid,
+ sha);
}
void handshake_state_set_gtk(struct handshake_state *s, const uint8_t *key,
--
2.25.1
next prev parent reply other threads:[~2023-04-10 22:01 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-04-10 22:01 [PATCH 0/9] Support FT-8021X-SHA384 James Prestwood
2023-04-10 22:01 ` James Prestwood [this message]
2023-04-16 18:01 ` [PATCH 1/9] crypto: modify crypto_derive_pmkid to take the hash/key length Denis Kenzior
2023-04-10 22:01 ` [PATCH 2/9] handshake: include additional sha256 AKMs for PMKID generation James Prestwood
2023-04-10 22:01 ` [PATCH 3/9] crypto: add hmac_sha384 support for PMKID derivation James Prestwood
2023-04-10 22:01 ` [PATCH 4/9] eapol: add support for FT-8021X-SHA384 James Prestwood
2023-04-10 22:01 ` [PATCH 5/9] handshake: support FT-8021X-SHA384 James Prestwood
2023-04-10 22:01 ` [PATCH 6/9] handshake: remove hardcoded kek_len for FTE decode James Prestwood
2023-04-16 18:01 ` Denis Kenzior
2023-04-10 22:01 ` [PATCH 7/9] common: add FT-8021X-SHA384 to AKM_IS_8021X James Prestwood
2023-04-16 18:01 ` Denis Kenzior
2023-04-10 22:01 ` [PATCH 8/9] wiphy: add FT-8021X-SHA384 to supported AKMs James Prestwood
2023-04-10 22:01 ` [PATCH 9/9] auto-t: update testFT-8021x-roam with SHA384 test James Prestwood
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230410220135.373872-2-prestwoj@gmail.com \
--to=prestwoj@gmail.com \
--cc=iwd@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox