diff mbox series

[5/9] handshake: support FT-8021X-SHA384

Message ID 20230410220135.373872-6-prestwoj@gmail.com (mailing list archive)
State New
Headers show
Series Support FT-8021X-SHA384 | expand

Commit Message

James Prestwood April 10, 2023, 10:01 p.m. UTC 
This adds the AKM to various places in handshake.c when deriving
keys to support this AKM.
---
 src/handshake.c | 27 ++++++++++++++++++++++-----
 1 file changed, 22 insertions(+), 5 deletions(-)
diff mbox series

Patch

diff --git a/src/handshake.c b/src/handshake.c
index 82e0c1c2..362ff58a 100644
--- a/src/handshake.c
+++ b/src/handshake.c
@@ -505,6 +505,7 @@  bool handshake_state_derive_ptk(struct handshake_state *s)
 			return false;
 
 	if ((s->akm_suite & (IE_RSN_AKM_SUITE_FT_OVER_8021X |
+				IE_RSN_AKM_SUITE_FT_OVER_8021X_SHA384 |
 				IE_RSN_AKM_SUITE_FT_USING_PSK |
 				IE_RSN_AKM_SUITE_FT_OVER_SAE_SHA256 |
 				IE_RSN_AKM_SUITE_FT_OVER_FILS_SHA256 |
@@ -524,7 +525,8 @@  bool handshake_state_derive_ptk(struct handshake_state *s)
 		else
 			return false;
 	} else if (s->akm_suite & (IE_RSN_AKM_SUITE_FILS_SHA384 |
-			IE_RSN_AKM_SUITE_FT_OVER_FILS_SHA384))
+			IE_RSN_AKM_SUITE_FT_OVER_FILS_SHA384 |
+			IE_RSN_AKM_SUITE_FT_OVER_8021X_SHA384))
 		type = L_CHECKSUM_SHA384;
 	else if (s->akm_suite & (IE_RSN_AKM_SUITE_8021X_SHA256 |
 			IE_RSN_AKM_SUITE_PSK_SHA256 |
@@ -540,6 +542,7 @@  bool handshake_state_derive_ptk(struct handshake_state *s)
 	ptk_size = handshake_state_get_ptk_size(s);
 
 	if (s->akm_suite & (IE_RSN_AKM_SUITE_FT_OVER_8021X |
+				IE_RSN_AKM_SUITE_FT_OVER_8021X_SHA384 |
 				IE_RSN_AKM_SUITE_FT_USING_PSK |
 				IE_RSN_AKM_SUITE_FT_OVER_SAE_SHA256 |
 				IE_RSN_AKM_SUITE_FT_OVER_FILS_SHA256 |
@@ -549,7 +552,8 @@  bool handshake_state_derive_ptk(struct handshake_state *s)
 		const uint8_t *xxkey = s->pmk;
 		size_t xxkey_len = 32;
 		bool sha384 = (s->akm_suite &
-					IE_RSN_AKM_SUITE_FT_OVER_FILS_SHA384);
+					(IE_RSN_AKM_SUITE_FT_OVER_FILS_SHA384 |
+					IE_RSN_AKM_SUITE_FT_OVER_8021X_SHA384));
 
 		/*
 		 * In a Fast Transition initial mobility domain association
@@ -562,7 +566,10 @@  bool handshake_state_derive_ptk(struct handshake_state *s)
 		 */
 		if (s->akm_suite == IE_RSN_AKM_SUITE_FT_OVER_8021X)
 			xxkey = s->pmk + 32;
-		else if (s->akm_suite & (IE_RSN_AKM_SUITE_FT_OVER_FILS_SHA256 |
+		else if (s->akm_suite == IE_RSN_AKM_SUITE_FT_OVER_8021X_SHA384) {
+			xxkey = s->pmk;
+			xxkey_len = s->pmk_len;
+		} else if (s->akm_suite & (IE_RSN_AKM_SUITE_FT_OVER_FILS_SHA256 |
 				IE_RSN_AKM_SUITE_FT_OVER_FILS_SHA384)) {
 			xxkey = s->fils_ft;
 			xxkey_len = s->fils_ft_len;
@@ -626,7 +633,8 @@  const uint8_t *handshake_state_get_kck(struct handshake_state *s)
 
 size_t handshake_state_get_kck_len(struct handshake_state *s)
 {
-	if (s->akm_suite & IE_RSN_AKM_SUITE_FT_OVER_FILS_SHA384)
+	if (s->akm_suite & (IE_RSN_AKM_SUITE_FT_OVER_FILS_SHA384 |
+			IE_RSN_AKM_SUITE_FT_OVER_8021X_SHA384))
 		return 24;
 
 	return 16;
@@ -767,7 +775,16 @@  bool handshake_state_get_pmkid(struct handshake_state *s, uint8_t *out_pmkid)
 	 * (Note SAE/FILS were left out as they generate their own PMKID)
 	 */
 
-	if (s->akm_suite & (IE_RSN_AKM_SUITE_8021X_SHA256 |
+	if (s->akm_suite & IE_RSN_AKM_SUITE_FT_OVER_8021X_SHA384) {
+		sha = L_CHECKSUM_SHA384;
+		/*
+		 * According to 12.7.1.6.3 the key length should be:
+		 * "the first 384 bits of the MSK". Unfortunately hostapd uses
+		 * the PMK length directly which can vary depending on the EAP
+		 * method...
+		 */
+		key_len = s->pmk_len;
+	} else if (s->akm_suite & (IE_RSN_AKM_SUITE_8021X_SHA256 |
 			IE_RSN_AKM_SUITE_PSK_SHA256 |
 			IE_RSN_AKM_SUITE_FT_OVER_8021X |
 			IE_RSN_AKM_SUITE_FT_USING_PSK))