mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2024-12-01 11:48:23 -05:00
OWE: PTK derivation workaround in STA mode
Initial OWE implementation used SHA256 when deriving the PTK for all OWE groups. This was supposed to change to SHA384 for group 20 and SHA512 for group 21. The new owe_ptk_workaround=1 network parameter can be used to enable older behavior mainly for testing purposes. There is no impact to group 19 behavior, but if enabled, this will make group 20 and 21 cases use SHA256-based PTK derivation which will not work with the updated OWE implementation on the AP side. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit is contained in:
parent
65a44e849a
commit
8b138d2826
@ -570,6 +570,7 @@ static int wpa_derive_ptk(struct wpa_sm *sm, const unsigned char *src_addr,
|
|||||||
{
|
{
|
||||||
const u8 *z = NULL;
|
const u8 *z = NULL;
|
||||||
size_t z_len = 0;
|
size_t z_len = 0;
|
||||||
|
int akmp;
|
||||||
|
|
||||||
#ifdef CONFIG_IEEE80211R
|
#ifdef CONFIG_IEEE80211R
|
||||||
if (wpa_key_mgmt_ft(sm->key_mgmt))
|
if (wpa_key_mgmt_ft(sm->key_mgmt))
|
||||||
@ -583,9 +584,18 @@ static int wpa_derive_ptk(struct wpa_sm *sm, const unsigned char *src_addr,
|
|||||||
}
|
}
|
||||||
#endif /* CONFIG_DPP2 */
|
#endif /* CONFIG_DPP2 */
|
||||||
|
|
||||||
|
akmp = sm->key_mgmt;
|
||||||
|
#ifdef CONFIG_OWE
|
||||||
|
if (sm->owe_ptk_workaround && akmp == WPA_KEY_MGMT_OWE &&
|
||||||
|
sm->pmk_len > 32) {
|
||||||
|
wpa_printf(MSG_DEBUG,
|
||||||
|
"OWE: Force SHA256 for PTK derivation");
|
||||||
|
akmp = WPA_KEY_MGMT_PSK_SHA256;
|
||||||
|
}
|
||||||
|
#endif /* CONFIG_OWE */
|
||||||
return wpa_pmk_to_ptk(sm->pmk, sm->pmk_len, "Pairwise key expansion",
|
return wpa_pmk_to_ptk(sm->pmk, sm->pmk_len, "Pairwise key expansion",
|
||||||
sm->own_addr, sm->bssid, sm->snonce,
|
sm->own_addr, sm->bssid, sm->snonce,
|
||||||
key->key_nonce, ptk, sm->key_mgmt,
|
key->key_nonce, ptk, akmp,
|
||||||
sm->pairwise_cipher, z, z_len);
|
sm->pairwise_cipher, z, z_len);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -2940,6 +2950,7 @@ void wpa_sm_set_config(struct wpa_sm *sm, struct rsn_supp_config *config)
|
|||||||
sm->wpa_ptk_rekey = config->wpa_ptk_rekey;
|
sm->wpa_ptk_rekey = config->wpa_ptk_rekey;
|
||||||
sm->p2p = config->p2p;
|
sm->p2p = config->p2p;
|
||||||
sm->wpa_rsc_relaxation = config->wpa_rsc_relaxation;
|
sm->wpa_rsc_relaxation = config->wpa_rsc_relaxation;
|
||||||
|
sm->owe_ptk_workaround = config->owe_ptk_workaround;
|
||||||
#ifdef CONFIG_FILS
|
#ifdef CONFIG_FILS
|
||||||
if (config->fils_cache_id) {
|
if (config->fils_cache_id) {
|
||||||
sm->fils_cache_id_set = 1;
|
sm->fils_cache_id_set = 1;
|
||||||
@ -2959,6 +2970,7 @@ void wpa_sm_set_config(struct wpa_sm *sm, struct rsn_supp_config *config)
|
|||||||
sm->wpa_ptk_rekey = 0;
|
sm->wpa_ptk_rekey = 0;
|
||||||
sm->p2p = 0;
|
sm->p2p = 0;
|
||||||
sm->wpa_rsc_relaxation = 0;
|
sm->wpa_rsc_relaxation = 0;
|
||||||
|
sm->owe_ptk_workaround = 0;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -113,6 +113,7 @@ struct rsn_supp_config {
|
|||||||
int wpa_ptk_rekey;
|
int wpa_ptk_rekey;
|
||||||
int p2p;
|
int p2p;
|
||||||
int wpa_rsc_relaxation;
|
int wpa_rsc_relaxation;
|
||||||
|
int owe_ptk_workaround;
|
||||||
const u8 *fils_cache_id;
|
const u8 *fils_cache_id;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -63,6 +63,7 @@ struct wpa_sm {
|
|||||||
int wpa_ptk_rekey;
|
int wpa_ptk_rekey;
|
||||||
int p2p;
|
int p2p;
|
||||||
int wpa_rsc_relaxation;
|
int wpa_rsc_relaxation;
|
||||||
|
int owe_ptk_workaround;
|
||||||
|
|
||||||
u8 own_addr[ETH_ALEN];
|
u8 own_addr[ETH_ALEN];
|
||||||
const char *ifname;
|
const char *ifname;
|
||||||
|
@ -2566,6 +2566,7 @@ static const struct parse_data ssid_fields[] = {
|
|||||||
#endif /* CONFIG_DPP */
|
#endif /* CONFIG_DPP */
|
||||||
{ INT_RANGE(owe_group, 0, 65535) },
|
{ INT_RANGE(owe_group, 0, 65535) },
|
||||||
{ INT_RANGE(owe_only, 0, 1) },
|
{ INT_RANGE(owe_only, 0, 1) },
|
||||||
|
{ INT_RANGE(owe_ptk_workaround, 0, 1) },
|
||||||
{ INT_RANGE(multi_ap_backhaul_sta, 0, 1) },
|
{ INT_RANGE(multi_ap_backhaul_sta, 0, 1) },
|
||||||
{ INT_RANGE(ft_eap_pmksa_caching, 0, 1) },
|
{ INT_RANGE(ft_eap_pmksa_caching, 0, 1) },
|
||||||
};
|
};
|
||||||
|
@ -910,6 +910,7 @@ static void wpa_config_write_network(FILE *f, struct wpa_ssid *ssid)
|
|||||||
#endif /* CONFIG_DPP */
|
#endif /* CONFIG_DPP */
|
||||||
INT(owe_group);
|
INT(owe_group);
|
||||||
INT(owe_only);
|
INT(owe_only);
|
||||||
|
INT(owe_ptk_workaround);
|
||||||
INT(multi_ap_backhaul_sta);
|
INT(multi_ap_backhaul_sta);
|
||||||
INT(ft_eap_pmksa_caching);
|
INT(ft_eap_pmksa_caching);
|
||||||
#ifdef CONFIG_HT_OVERRIDES
|
#ifdef CONFIG_HT_OVERRIDES
|
||||||
|
@ -1008,6 +1008,19 @@ struct wpa_ssid {
|
|||||||
*/
|
*/
|
||||||
int owe_only;
|
int owe_only;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* owe_ptk_workaround - OWE PTK derivation workaround
|
||||||
|
*
|
||||||
|
* Initial OWE implementation used SHA256 when deriving the PTK for all
|
||||||
|
* OWE groups. This was supposed to change to SHA384 for group 20 and
|
||||||
|
* SHA512 for group 21. This parameter can be used to enable older
|
||||||
|
* behavior mainly for testing purposes. There is no impact to group 19
|
||||||
|
* behavior, but if enabled, this will make group 20 and 21 cases use
|
||||||
|
* SHA256-based PTK derivation which will not work with the updated
|
||||||
|
* OWE implementation on the AP side.
|
||||||
|
*/
|
||||||
|
int owe_ptk_workaround;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* owe_transition_bss_select_count - OWE transition BSS select count
|
* owe_transition_bss_select_count - OWE transition BSS select count
|
||||||
*
|
*
|
||||||
|
@ -1286,6 +1286,7 @@ void wpa_supplicant_rsn_supp_set_config(struct wpa_supplicant *wpa_s,
|
|||||||
conf.ssid = ssid->ssid;
|
conf.ssid = ssid->ssid;
|
||||||
conf.ssid_len = ssid->ssid_len;
|
conf.ssid_len = ssid->ssid_len;
|
||||||
conf.wpa_ptk_rekey = ssid->wpa_ptk_rekey;
|
conf.wpa_ptk_rekey = ssid->wpa_ptk_rekey;
|
||||||
|
conf.owe_ptk_workaround = ssid->owe_ptk_workaround;
|
||||||
#ifdef CONFIG_P2P
|
#ifdef CONFIG_P2P
|
||||||
if (ssid->p2p_group && wpa_s->current_bss &&
|
if (ssid->p2p_group && wpa_s->current_bss &&
|
||||||
!wpa_s->p2p_disable_ip_addr_req) {
|
!wpa_s->p2p_disable_ip_addr_req) {
|
||||||
|
Loading…
Reference in New Issue
Block a user