diff options
author | Jouni Malinen <j@w1.fi> | 2008-08-31 22:57:28 +0300 |
---|---|---|
committer | Jouni Malinen <j@w1.fi> | 2008-08-31 22:57:28 +0300 |
commit | 565861976dc4288e70eea26c9f47c6b24e25beea (patch) | |
tree | dbdbfdfd769b171d4658224191f7faa197673260 /src/common/wpa_common.c | |
parent | 9b71728bba36effcff5c2f7fd915f5bde3753bcb (diff) | |
download | external_wpa_supplicant_8_ti-565861976dc4288e70eea26c9f47c6b24e25beea.zip external_wpa_supplicant_8_ti-565861976dc4288e70eea26c9f47c6b24e25beea.tar.gz external_wpa_supplicant_8_ti-565861976dc4288e70eea26c9f47c6b24e25beea.tar.bz2 |
Added support for using SHA256-based stronger key derivation for WPA2
IEEE 802.11w/D6.0 defines new AKMPs to indicate SHA256-based algorithms for
key derivation (and AES-CMAC for EAPOL-Key MIC). Add support for using new
AKMPs and clean up AKMP processing with helper functions in defs.h.
Diffstat (limited to 'src/common/wpa_common.c')
-rw-r--r-- | src/common/wpa_common.c | 18 |
1 files changed, 16 insertions, 2 deletions
diff --git a/src/common/wpa_common.c b/src/common/wpa_common.c index e1ae894..c9ff319 100644 --- a/src/common/wpa_common.c +++ b/src/common/wpa_common.c @@ -79,6 +79,7 @@ int wpa_eapol_key_mic(const u8 *key, int ver, const u8 *buf, size_t len, * @nonce2: SNonce or ANonce * @ptk: Buffer for pairwise transient key * @ptk_len: Length of PTK + * @use_sha256: Whether to use SHA256-based KDF * * IEEE Std 802.11i-2004 - 8.5.1.2 Pairwise key hierarchy * PTK = PRF-X(PMK, "Pairwise key expansion", @@ -92,7 +93,7 @@ int wpa_eapol_key_mic(const u8 *key, int ver, const u8 *buf, size_t len, void wpa_pmk_to_ptk(const u8 *pmk, size_t pmk_len, const char *label, const u8 *addr1, const u8 *addr2, const u8 *nonce1, const u8 *nonce2, - u8 *ptk, size_t ptk_len) + u8 *ptk, size_t ptk_len, int use_sha256) { u8 data[2 * ETH_ALEN + 2 * WPA_NONCE_LEN]; @@ -114,7 +115,14 @@ void wpa_pmk_to_ptk(const u8 *pmk, size_t pmk_len, const char *label, WPA_NONCE_LEN); } - sha1_prf(pmk, pmk_len, label, data, sizeof(data), ptk, ptk_len); +#ifdef CONFIG_IEEE80211W + if (use_sha256) + sha256_prf(pmk, pmk_len, label, data, sizeof(data), + ptk, ptk_len); + else +#endif /* CONFIG_IEEE80211W */ + sha1_prf(pmk, pmk_len, label, data, sizeof(data), ptk, + ptk_len); wpa_printf(MSG_DEBUG, "WPA: PTK derivation - A1=" MACSTR " A2=" MACSTR, MAC2STR(addr1), MAC2STR(addr2)); @@ -214,6 +222,12 @@ static int rsn_key_mgmt_to_bitfield(const u8 *s) if (RSN_SELECTOR_GET(s) == RSN_AUTH_KEY_MGMT_FT_PSK) return WPA_KEY_MGMT_FT_PSK; #endif /* CONFIG_IEEE80211R */ +#ifdef CONFIG_IEEE80211W + if (RSN_SELECTOR_GET(s) == RSN_AUTH_KEY_MGMT_802_1X_SHA256) + return WPA_KEY_MGMT_IEEE8021X_SHA256; + if (RSN_SELECTOR_GET(s) == RSN_AUTH_KEY_MGMT_PSK_SHA256) + return WPA_KEY_MGMT_PSK_SHA256; +#endif /* CONFIG_IEEE80211W */ return 0; } #endif /* CONFIG_NO_WPA2 */ |