diff mbox series

[1/9] crypto: modify crypto_derive_pmkid to take the hash/key length

Message ID 20230410220135.373872-2-prestwoj@gmail.com (mailing list archive)
State New
Headers show
Series Support FT-8021X-SHA384 | expand

Checks

Context Check Description
tedd_an/pre-ci_am fail error: patch failed: src/crypto.c:1116 error: src/crypto.c: patch does not apply error: patch failed: src/crypto.h:154 error: src/crypto.h: patch does not apply error: patch failed: src/eapol.c:1103 error: src/eapol.c: patch does not apply error: patch failed: src/handshake.c:736 error: src/handshake.c: patch does not apply hint: Use 'git am --show-current-patch' to see the failed patch

Commit Message

James Prestwood April 10, 2023, 10:01 p.m. UTC 
The existing API was limited to SHA1 or SHA256 and assumed a key
length of 32 bytes. Since other AKMs plan to be added update
this to take the checksum/length directly for better flexibility.
---
 src/crypto.c    | 18 ++++++++++++------
 src/crypto.h    |  5 +++--
 src/eapol.c     |  4 ++--
 src/handshake.c | 11 ++++++-----
 4 files changed, 23 insertions(+), 15 deletions(-)

Comments

Denis Kenzior April 16, 2023, 6:01 p.m. UTC | #1 
Hi James,

On 4/10/23 17:01, James Prestwood wrote:
> The existing API was limited to SHA1 or SHA256 and assumed a key
> length of 32 bytes. Since other AKMs plan to be added update
> this to take the checksum/length directly for better flexibility.
> ---
>   src/crypto.c    | 18 ++++++++++++------
>   src/crypto.h    |  5 +++--
>   src/eapol.c     |  4 ++--
>   src/handshake.c | 11 ++++++-----
>   4 files changed, 23 insertions(+), 15 deletions(-)
> 

<snip>

> @@ -1126,10 +1127,15 @@ bool crypto_derive_pmkid(const uint8_t *pmk,
>   	memcpy(data + 8, addr2, 6);
>   	memcpy(data + 14, addr1, 6);
>   
> -	if (use_sha256)
> -		return hmac_sha256(pmk, 32, data, 20, out_pmkid, 16);
> -	else
> -		return hmac_sha1(pmk, 32, data, 20, out_pmkid, 16);
> +	switch (checksum) {
> +	case L_CHECKSUM_SHA1:
> +		return hmac_sha1(pmk, key_len, data, 20, out_pmkid, 16);
> +	case L_CHECKSUM_SHA256:
> +		return hmac_sha256(pmk, key_len, data, 20, out_pmkid, 16);
> +	default:
> +		l_error("Checksum type %u is not valid", checksum);
> +		return false;
> +	}

Just use l_checksum_new_hmac directly and avoid the switch/case.  That way patch 
3 is unnecessary.

Regards,
-Denis
diff mbox series

Patch

diff --git a/src/crypto.c b/src/crypto.c
index 840d9ee4..f8aba7d8 100644
--- a/src/crypto.c
+++ b/src/crypto.c
@@ -1116,9 +1116,10 @@  exit:
 }
 
 /* Defined in 802.11-2012, Section 11.6.1.3 Pairwise Key Hierarchy */
-bool crypto_derive_pmkid(const uint8_t *pmk,
+bool crypto_derive_pmkid(const uint8_t *pmk, size_t key_len,
 				const uint8_t *addr1, const uint8_t *addr2,
-				uint8_t *out_pmkid, bool use_sha256)
+				uint8_t *out_pmkid,
+				enum l_checksum_type checksum)
 {
 	uint8_t data[20];
 
@@ -1126,10 +1127,15 @@  bool crypto_derive_pmkid(const uint8_t *pmk,
 	memcpy(data + 8, addr2, 6);
 	memcpy(data + 14, addr1, 6);
 
-	if (use_sha256)
-		return hmac_sha256(pmk, 32, data, 20, out_pmkid, 16);
-	else
-		return hmac_sha1(pmk, 32, data, 20, out_pmkid, 16);
+	switch (checksum) {
+	case L_CHECKSUM_SHA1:
+		return hmac_sha1(pmk, key_len, data, 20, out_pmkid, 16);
+	case L_CHECKSUM_SHA256:
+		return hmac_sha256(pmk, key_len, data, 20, out_pmkid, 16);
+	default:
+		l_error("Checksum type %u is not valid", checksum);
+		return false;
+	}
 }
 
 enum l_checksum_type crypto_sae_hash_from_ecc_prime_len(enum crypto_sae type,
diff --git a/src/crypto.h b/src/crypto.h
index ed430abb..d2a96655 100644
--- a/src/crypto.h
+++ b/src/crypto.h
@@ -154,9 +154,10 @@  bool crypto_derive_ft_ptk(const uint8_t *pmk_r1, const uint8_t *pmk_r1_name,
 				bool sha384, uint8_t *out_ptk, size_t ptk_len,
 				uint8_t *out_ptk_name);
 
-bool crypto_derive_pmkid(const uint8_t *pmk,
+bool crypto_derive_pmkid(const uint8_t *pmk, size_t key_len,
 				const uint8_t *addr1, const uint8_t *addr2,
-				uint8_t *out_pmkid, bool use_sha256);
+				uint8_t *out_pmkid,
+				enum l_checksum_type checksum);
 
 enum crypto_sae {
 	CRYPTO_SAE_LOOPING,
diff --git a/src/eapol.c b/src/eapol.c
index 9471d13e..9e8f7c34 100644
--- a/src/eapol.c
+++ b/src/eapol.c
@@ -1103,8 +1103,8 @@  static void eapol_send_ptk_1_of_4(struct eapol_sm *sm)
 	memcpy(ek->key_nonce, sm->handshake->anonce, sizeof(ek->key_nonce));
 
 	/* Write the PMKID KDE into Key Data field unencrypted */
-	crypto_derive_pmkid(sm->handshake->pmk, sm->handshake->spa, aa,
-			pmkid, false);
+	crypto_derive_pmkid(sm->handshake->pmk, 32, sm->handshake->spa, aa,
+			pmkid, L_CHECKSUM_SHA1);
 
 	eapol_key_data_append(ek, sm->mic_len, HANDSHAKE_KDE_PMKID, pmkid, 16);
 
diff --git a/src/handshake.c b/src/handshake.c
index 734e997c..39a650c5 100644
--- a/src/handshake.c
+++ b/src/handshake.c
@@ -736,7 +736,8 @@  void handshake_state_set_pmkid(struct handshake_state *s, const uint8_t *pmkid)
 
 bool handshake_state_get_pmkid(struct handshake_state *s, uint8_t *out_pmkid)
 {
-	bool use_sha256;
+	enum l_checksum_type sha;
+	size_t key_len = 32;
 
 	/* SAE exports pmkid */
 	if (s->have_pmkid) {
@@ -757,12 +758,12 @@  bool handshake_state_get_pmkid(struct handshake_state *s, uint8_t *out_pmkid)
 
 	if (s->akm_suite & (IE_RSN_AKM_SUITE_8021X_SHA256 |
 			IE_RSN_AKM_SUITE_PSK_SHA256))
-		use_sha256 = true;
+		sha = L_CHECKSUM_SHA256;
 	else
-		use_sha256 = false;
+		sha = L_CHECKSUM_SHA1;
 
-	return crypto_derive_pmkid(s->pmk, s->spa, s->aa, out_pmkid,
-					use_sha256);
+	return crypto_derive_pmkid(s->pmk, key_len, s->spa, s->aa, out_pmkid,
+					sha);
 }
 
 void handshake_state_set_gtk(struct handshake_state *s, const uint8_t *key,