[1/2] handshake: add support to work around buggy OWE APs

Commit Message

James Prestwood Aug. 5, 2022, 6:20 p.m. UTC

The early OWE implementation for hostapd always used SHA256 to calculate
the PTK, which violates the spec for group 20 and 21. This bug was in
there long enough for the bug to make it into products and now it must
be worked around here.

If the workaround flag is set, always use SHA256 to calculate the PTK.
---
 src/handshake.c | 3 ++-
 src/handshake.h | 1 +
 2 files changed, 3 insertions(+), 1 deletion(-)

Patch

diff --git a/src/handshake.c b/src/handshake.c
index 734e997c..91b20bab 100644
--- a/src/handshake.c
+++ b/src/handshake.c
@@ -515,7 +515,8 @@  bool handshake_state_derive_ptk(struct handshake_state *s)
 	s->ptk_complete = false;
 
 	if (s->akm_suite & IE_RSN_AKM_SUITE_OWE) {
-		if (s->pmk_len == 32)
+		/* Work around buggy APs which always use SHA256 for the PTK */
+		if (s->pmk_len == 32 || s->retry_owe_workaround)
 			type = L_CHECKSUM_SHA256;
 		else if (s->pmk_len == 48)
 			type = L_CHECKSUM_SHA384;
diff --git a/src/handshake.h b/src/handshake.h
index 7f597b06..6f48fa34 100644
--- a/src/handshake.h
+++ b/src/handshake.h
@@ -137,6 +137,7 @@  struct handshake_state {
 	bool authenticator_ocvc : 1;
 	bool supplicant_ocvc : 1;
 	bool ext_key_id_capable : 1;
+	bool retry_owe_workaround : 1;
 	uint8_t ssid[32];
 	size_t ssid_len;
 	char *passphrase;