[4/9] eapol: add support for FT-8021X-SHA384

Message ID	20230410220135.373872-5-prestwoj@gmail.com (mailing list archive)
State	New
Headers	show Received: from mail-pl1-f180.google.com (mail-pl1-f180.google.com [209.85.214.180]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 27C502F3F for <iwd@lists.linux.dev>; Mon, 10 Apr 2023 22:01:44 +0000 (UTC) From: James Prestwood <prestwoj@gmail.com> To: iwd@lists.linux.dev Cc: James Prestwood <prestwoj@gmail.com> Subject: [PATCH 4/9] eapol: add support for FT-8021X-SHA384 Date: Mon, 10 Apr 2023 15:01:30 -0700 Message-Id: <20230410220135.373872-5-prestwoj@gmail.com> In-Reply-To: <20230410220135.373872-1-prestwoj@gmail.com> References: <20230410220135.373872-1-prestwoj@gmail.com> Precedence: bulk MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	Support FT-8021X-SHA384 \| expand [0/9] Support FT-8021X-SHA384 [1/9] crypto: modify crypto_derive_pmkid to take the hash/key length [2/9] handshake: include additional sha256 AKMs for PMKID generation [3/9] crypto: add hmac_sha384 support for PMKID derivation [4/9] eapol: add support for FT-8021X-SHA384 [5/9] handshake: support FT-8021X-SHA384 [6/9] handshake: remove hardcoded kek_len for FTE decode [7/9] common: add FT-8021X-SHA384 to AKM_IS_8021X [8/9] wiphy: add FT-8021X-SHA384 to supported AKMs [9/9] auto-t: update testFT-8021x-roam with SHA384 test

Message ID

20230410220135.373872-5-prestwoj@gmail.com (mailing list archive)

State

New

Headers

From: James Prestwood <prestwoj@gmail.com>
To: iwd@lists.linux.dev
Cc: James Prestwood <prestwoj@gmail.com>
Subject: [PATCH 4/9] eapol: add support for FT-8021X-SHA384
Date: Mon, 10 Apr 2023 15:01:30 -0700
Message-Id: <20230410220135.373872-5-prestwoj@gmail.com>
In-Reply-To: <20230410220135.373872-1-prestwoj@gmail.com>
References: <20230410220135.373872-1-prestwoj@gmail.com>
Precedence: bulk
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

Support FT-8021X-SHA384 | expand

Commit Message

James Prestwood April 10, 2023, 10:01 p.m. UTC

The SHA384 variant was not being checked for in any of the
MIC calculations/verifications or for EAPoL decryption.
---
 src/eapol.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/src/eapol.c b/src/eapol.c
index 9e8f7c34..f290f40a 100644
--- a/src/eapol.c
+++ b/src/eapol.c
@@ -110,6 +110,9 @@  bool eapol_calculate_mic(enum ie_rsn_akm_suite akm, const uint8_t *kck,
 		case IE_RSN_AKM_SUITE_OSEN:
 			return cmac_aes(kck, 16, frame, frame_len,
 						mic, mic_len);
+		case IE_RSN_AKM_SUITE_FT_OVER_8021X_SHA384:
+			return hmac_sha384(kck, 24, frame, frame_len,
+						mic, mic_len);
 		case IE_RSN_AKM_SUITE_OWE:
 			switch (mic_len) {
 			case 16:
@@ -164,6 +167,10 @@  bool eapol_verify_mic(enum ie_rsn_akm_suite akm, const uint8_t *kck,
 		case IE_RSN_AKM_SUITE_OSEN:
 			checksum = l_checksum_new_cmac_aes(kck, 16);
 			break;
+		case IE_RSN_AKM_SUITE_FT_OVER_8021X_SHA384:
+			checksum = l_checksum_new_hmac(L_CHECKSUM_SHA384,
+							kck, 24);
+			break;
 		case IE_RSN_AKM_SUITE_OWE:
 			switch (mic_len) {
 			case 16:
@@ -270,6 +277,7 @@  uint8_t *eapol_decrypt_key_data(enum ie_rsn_akm_suite akm, const uint8_t *kek,
 		case IE_RSN_AKM_SUITE_FT_OVER_SAE_SHA256:
 		case IE_RSN_AKM_SUITE_OWE:
 		case IE_RSN_AKM_SUITE_OSEN:
+		case IE_RSN_AKM_SUITE_FT_OVER_8021X_SHA384:
 			if (key_data_len < 24 || key_data_len % 8)
 				return NULL;
 
@@ -315,6 +323,7 @@  uint8_t *eapol_decrypt_key_data(enum ie_rsn_akm_suite akm, const uint8_t *kek,
 	case EAPOL_KEY_DESCRIPTOR_VERSION_AKM_DEFINED:
 		switch (akm) {
 		case IE_RSN_AKM_SUITE_OWE:
+		case IE_RSN_AKM_SUITE_FT_OVER_8021X_SHA384:
 			switch (mic_len) {
 			case 16:
 				kek_len = 16;

[4/9] eapol: add support for FT-8021X-SHA384

Commit Message

Patch