Incorrect key lengths and SHA algorithms for certain AKMs
James Prestwood
prestwoj at gmail.com
Tue Apr 11 08:06:12 PDT 2023
Hi,
I noticed a few inconsistencies between hostapd/wpa_supplicant and the
802.11 spec with respect to the key size and hash algorithm used for
certain AKMs when generating the PMKID or other keys.
First being that wpa_key_mgmt_sha256() does not include
WPA_KEY_MGMT_FT_PSK which it should according to 12.7.1.6.3:
If the negotiated AKM is 00-0F-AC:4, then Q = 256 and
— MPMK = PSK
— PMKID = Truncate-128(HMAC-SHA-256(MPMK, “PMK Name” || AA || SPA))
The second issue I noticed had to do with the portion of the PMK used
for SHA384 AKMs. This code passes the PMK length directly but 802.11
defines the portion of the PMK used. For example
WPA_KEY_MGMT_FT_IEEE8021X_SHA384 expects 48 bytes, not the entire PMK
which could be 64 potentially.
If the negotiated AKM is 00-0F-AC:13, then Q = 384 and
— MPMK = L(MSK, 0, 384), i.e., the first 384 bits of the MSK (which is
derived from the
IEEE 802.1X authentication)
— PMKID = Truncate-128(HMAC-SHA-384(MPMK, “PMK Name” || AA || SPA))
Its probably not something that can be changed at this point, but I just
was hoping for an answer either way in order to handle it properly on
the supplicant side.
Thanks,
James
More information about the Hostap
mailing list