aboutsummaryrefslogtreecommitdiffstats
path: root/src/common
diff options
context:
space:
mode:
authorHu Wang <huw@codeaurora.org>2020-03-05 11:20:38 (GMT)
committerJouni Malinen <j@w1.fi>2020-03-06 19:44:31 (GMT)
commit0a76a0b96557a129fb11f17f84fdb6d7418dbe32 (patch)
tree19c41e48959cefe9795076cb9a1992c32e0cec47 /src/common
parentb27c7ac0ebb8d814060c0c00b28c5efdb1a32cd1 (diff)
downloadhostap-0a76a0b96557a129fb11f17f84fdb6d7418dbe32.zip
hostap-0a76a0b96557a129fb11f17f84fdb6d7418dbe32.tar.gz
hostap-0a76a0b96557a129fb11f17f84fdb6d7418dbe32.tar.bz2
OWE: Fix PTK derivation workaround for interoperability
The initial implementation of the PTK derivation workaround for interoperability with older OWE implementations forced WPA_KEY_MGMT_PSK_SHA256 to be used for all of PTK derivation. While that is needed for selecting which hash algorithm to use, this was also changing the length of the PTK components and by doing so, did not actually address the backwards compatibility issue. Fix this by forcing SHA256 as the hash algorithm in PTK derivation without changing the PTK length calculation for OWE when owe_ptk_workaround is enabled. Fixes: 65a44e849af9 ("OWE: PTK derivation workaround in AP mode") Fixes: 8b138d28264e ("OWE: PTK derivation workaround in STA mode") Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Diffstat (limited to 'src/common')
-rw-r--r--src/common/wpa_common.c11
1 files changed, 10 insertions, 1 deletions
diff --git a/src/common/wpa_common.c b/src/common/wpa_common.c
index ee306ff..c63d7bc 100644
--- a/src/common/wpa_common.c
+++ b/src/common/wpa_common.c
@@ -355,6 +355,14 @@ int wpa_pmk_to_ptk(const u8 *pmk, size_t pmk_len, const char *label,
size_t data_len = 2 * ETH_ALEN + 2 * WPA_NONCE_LEN;
u8 tmp[WPA_KCK_MAX_LEN + WPA_KEK_MAX_LEN + WPA_TK_MAX_LEN];
size_t ptk_len;
+#ifdef CONFIG_OWE
+ int owe_ptk_workaround = 0;
+
+ if (akmp == (WPA_KEY_MGMT_OWE | WPA_KEY_MGMT_PSK_SHA256)) {
+ owe_ptk_workaround = 1;
+ akmp = WPA_KEY_MGMT_OWE;
+ }
+#endif /* CONFIG_OWE */
if (pmk_len == 0) {
wpa_printf(MSG_ERROR, "WPA: No PMK set for PTK derivation");
@@ -413,7 +421,8 @@ int wpa_pmk_to_ptk(const u8 *pmk, size_t pmk_len, const char *label,
tmp, ptk_len) < 0)
return -1;
#ifdef CONFIG_OWE
- } else if (akmp == WPA_KEY_MGMT_OWE && pmk_len == 32) {
+ } else if (akmp == WPA_KEY_MGMT_OWE && (pmk_len == 32 ||
+ owe_ptk_workaround)) {
wpa_printf(MSG_DEBUG, "WPA: PTK derivation using PRF(SHA256)");
if (sha256_prf(pmk, pmk_len, label, data, data_len,
tmp, ptk_len) < 0)