aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2016-12-17 19:59:40 (GMT)
committerJouni Malinen <j@w1.fi>2016-12-17 20:07:57 (GMT)
commit42b847ac1ed656383f13646db84568fb23cd45c4 (patch)
tree793933ecbf298c0f717de667a688d60dba74d354
parent29062f29322a219f9ff56c073635a83fb149612c (diff)
downloadhostap-42b847ac1ed656383f13646db84568fb23cd45c4.zip
hostap-42b847ac1ed656383f13646db84568fb23cd45c4.tar.gz
hostap-42b847ac1ed656383f13646db84568fb23cd45c4.tar.bz2
FILS: Fix hashed realm name derivation
P802.11ai/D7.0 changed from CRC32 to SHA256 as the hash algorithm for the FILS realm name. Update the implementation to match that change. Signed-off-by: Jouni Malinen <j@w1.fi>
-rw-r--r--src/ap/ieee802_11_shared.c5
-rw-r--r--src/common/wpa_common.c13
-rw-r--r--src/common/wpa_common.h2
3 files changed, 10 insertions, 10 deletions
diff --git a/src/ap/ieee802_11_shared.c b/src/ap/ieee802_11_shared.c
index 97b1d67..d20ddc7 100644
--- a/src/ap/ieee802_11_shared.c
+++ b/src/ap/ieee802_11_shared.c
@@ -639,10 +639,7 @@ u8 * hostapd_eid_fils_indic(struct hostapd_data *hapd, u8 *eid, int hessid)
pos += ETH_ALEN;
}
if (hapd->conf->erp_domain) {
- u16 hash;
-
- hash = fils_domain_name_hash(hapd->conf->erp_domain);
- WPA_PUT_LE16(pos, hash);
+ fils_domain_name_hash(hapd->conf->erp_domain, pos);
pos += 2;
}
*len = pos - len - 1;
diff --git a/src/common/wpa_common.c b/src/common/wpa_common.c
index a87210e..efc8a45 100644
--- a/src/common/wpa_common.c
+++ b/src/common/wpa_common.c
@@ -9,7 +9,6 @@
#include "includes.h"
#include "common.h"
-#include "utils/crc32.h"
#include "crypto/md5.h"
#include "crypto/sha1.h"
#include "crypto/sha256.h"
@@ -1908,12 +1907,13 @@ int wpa_select_ap_group_cipher(int wpa, int wpa_pairwise, int rsn_pairwise)
#ifdef CONFIG_FILS
-u16 fils_domain_name_hash(const char *domain)
+int fils_domain_name_hash(const char *domain, u8 *hash)
{
char buf[255], *wpos = buf;
const char *pos = domain;
size_t len;
- u32 crc;
+ const u8 *addr[1];
+ u8 mac[SHA256_MAC_LEN];
for (len = 0; len < sizeof(buf) && *pos; len++) {
if (isalpha(*pos) && isupper(*pos))
@@ -1923,7 +1923,10 @@ u16 fils_domain_name_hash(const char *domain)
pos++;
}
- crc = crc32((const u8 *) buf, len);
- return crc & 0xffff;
+ addr[0] = (const u8 *) buf;
+ if (sha256_vector(1, addr, &len, mac) < 0)
+ return -1;
+ os_memcpy(hash, mac, 2);
+ return 0;
}
#endif /* CONFIG_FILS */
diff --git a/src/common/wpa_common.h b/src/common/wpa_common.h
index 6d28417..ce74791 100644
--- a/src/common/wpa_common.h
+++ b/src/common/wpa_common.h
@@ -450,6 +450,6 @@ int wpa_parse_cipher(const char *value);
int wpa_write_ciphers(char *start, char *end, int ciphers, const char *delim);
int wpa_select_ap_group_cipher(int wpa, int wpa_pairwise, int rsn_pairwise);
unsigned int wpa_mic_len(int akmp);
-u16 fils_domain_name_hash(const char *domain);
+int fils_domain_name_hash(const char *domain, u8 *hash);
#endif /* WPA_COMMON_H */