Incorrect key lengths and SHA algorithms for certain AKMs

James Prestwood prestwoj at
Tue Apr 11 08:06:12 PDT 2023


I noticed a few inconsistencies between hostapd/wpa_supplicant and the 
802.11 spec with respect to the key size and hash algorithm used for 
certain AKMs when generating the PMKID or other keys.

First being that wpa_key_mgmt_sha256() does not include 
WPA_KEY_MGMT_FT_PSK which it should according to

If the negotiated AKM is 00-0F-AC:4, then Q = 256 and
— PMKID = Truncate-128(HMAC-SHA-256(MPMK, “PMK Name” || AA || SPA))

The second issue I noticed had to do with the portion of the PMK used 
for SHA384 AKMs. This code passes the PMK length directly but 802.11 
defines the portion of the PMK used. For example 
WPA_KEY_MGMT_FT_IEEE8021X_SHA384 expects 48 bytes, not the entire PMK 
which could be 64 potentially.

If the negotiated AKM is 00-0F-AC:13, then Q = 384 and
— MPMK = L(MSK, 0, 384), i.e., the first 384 bits of the MSK (which is 
derived from the
IEEE 802.1X authentication)
— PMKID = Truncate-128(HMAC-SHA-384(MPMK, “PMK Name” || AA || SPA))

Its probably not something that can be changed at this point, but I just 
was hoping for an answer either way in order to handle it properly on 
the supplicant side.


More information about the Hostap mailing list