[2/9] handshake: include additional sha256 AKMs for PMKID generation

Commit Message

James Prestwood April 10, 2023, 10:01 p.m. UTC

The 802.11 spec defines what AKMs should use sha256 to derive the
PMKID. Hostapd commit b6d3fd05e3 changed the PMKID derivation in
accordance with 802.11-2020 which then breaks PMKID validation in
IWD. This breaks FT-PSK/8021x AKMs in IWD if the AP uses this
hostapd version.

Updating IWD to use sha256 in these cases will now break backwards
compatibility with *older* APs, but this will be worked around in
future commits.
---
 src/handshake.c | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

Patch

diff --git a/src/handshake.c b/src/handshake.c
index 39a650c5..82e0c1c2 100644
--- a/src/handshake.c
+++ b/src/handshake.c
@@ -754,10 +754,23 @@  bool handshake_state_get_pmkid(struct handshake_state *s, uint8_t *out_pmkid)
 	 * preauthentication, the AKM has not yet been negotiated. In this
 	 * case, the HMAC-SHA1-128 based derivation is used for the PMKID
 	 * calculation."
+	 *
+	 * 802.11-2020 Table 9-151 defines the hashing algorithm to use
+	 * for various AKM's. SHA256 should be used for the following
+	 * AKM's (for this API context):
+	 *
+	 * 00-0F-AC:3 (FT-8021X)
+	 * 00-0F-AC:4 (FT-PSK)
+	 * 00-0F-AC:5 (8021X-SHA256)
+	 * 00-0F-AC:6 (PSK-SHA256)
+	 *
+	 * (Note SAE/FILS were left out as they generate their own PMKID)
 	 */
 
 	if (s->akm_suite & (IE_RSN_AKM_SUITE_8021X_SHA256 |
-			IE_RSN_AKM_SUITE_PSK_SHA256))
+			IE_RSN_AKM_SUITE_PSK_SHA256 |
+			IE_RSN_AKM_SUITE_FT_OVER_8021X |
+			IE_RSN_AKM_SUITE_FT_USING_PSK))
 		sha = L_CHECKSUM_SHA256;
 	else
 		sha = L_CHECKSUM_SHA1;