From 07a5fe823e47a7fc5c6eec1e53b068f12e197b5b Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Sun, 12 Mar 2017 20:40:43 +0200 Subject: [PATCH] OWE: Use AKM 00-0F-AC:11 style parameters for EAPOL-Key frames draft-harkins-owe-07.txt does not specify these parameters, so need to pick something sensible to use for the experimental implementation. The Suite B 128-bit level AKM 00-0F-AC:11 has reasonable parameters for the DH group 19 case (i.e., SHA256 hash), so use it for now. This can be updated if the OWE RFC becomes clearer on the appropriate parameters (KEK/KCK/MIC length, PRF/KDF algorithm, and key-wrap algorithm). Signed-off-by: Jouni Malinen --- src/ap/wpa_auth.c | 7 ++++++- src/common/wpa_common.c | 11 ++++++++++- src/rsn_supp/wpa.c | 6 +++++- 3 files changed, 21 insertions(+), 3 deletions(-) diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c index e6ce26d4a..6e59f2d84 100644 --- a/src/ap/wpa_auth.c +++ b/src/ap/wpa_auth.c @@ -1018,6 +1018,7 @@ void wpa_receive(struct wpa_authenticator *wpa_auth, if (!wpa_use_aes_cmac(sm) && !wpa_key_mgmt_fils(sm->wpa_key_mgmt) && + sm->wpa_key_mgmt != WPA_KEY_MGMT_OWE && ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) { wpa_auth_logger(wpa_auth, sm->addr, LOGGER_WARNING, @@ -1028,7 +1029,8 @@ void wpa_receive(struct wpa_authenticator *wpa_auth, } if ((wpa_key_mgmt_suite_b(sm->wpa_key_mgmt) || - wpa_key_mgmt_fils(sm->wpa_key_mgmt)) && + wpa_key_mgmt_fils(sm->wpa_key_mgmt) || + sm->wpa_key_mgmt == WPA_KEY_MGMT_OWE) && ver != WPA_KEY_INFO_TYPE_AKM_DEFINED) { wpa_auth_logger(wpa_auth, sm->addr, LOGGER_WARNING, "did not use EAPOL-Key descriptor version 0 as required for AKM-defined cases"); @@ -1419,6 +1421,7 @@ void __wpa_send_eapol(struct wpa_authenticator *wpa_auth, if (force_version) version = force_version; else if (sm->wpa_key_mgmt == WPA_KEY_MGMT_OSEN || + sm->wpa_key_mgmt == WPA_KEY_MGMT_OWE || wpa_key_mgmt_suite_b(sm->wpa_key_mgmt) || wpa_key_mgmt_fils(sm->wpa_key_mgmt)) version = WPA_KEY_INFO_TYPE_AKM_DEFINED; @@ -1444,6 +1447,7 @@ void __wpa_send_eapol(struct wpa_authenticator *wpa_auth, key_data_len = kde_len; if ((version == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES || + sm->wpa_key_mgmt == WPA_KEY_MGMT_OWE || sm->wpa_key_mgmt == WPA_KEY_MGMT_OSEN || wpa_key_mgmt_suite_b(sm->wpa_key_mgmt) || version == WPA_KEY_INFO_TYPE_AES_128_CMAC) && encr) { @@ -1546,6 +1550,7 @@ void __wpa_send_eapol(struct wpa_authenticator *wpa_auth, wpa_hexdump_key(MSG_DEBUG, "Plaintext EAPOL-Key Key Data", buf, key_data_len); if (version == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES || + sm->wpa_key_mgmt == WPA_KEY_MGMT_OWE || sm->wpa_key_mgmt == WPA_KEY_MGMT_OSEN || wpa_key_mgmt_suite_b(sm->wpa_key_mgmt) || version == WPA_KEY_INFO_TYPE_AES_128_CMAC) { diff --git a/src/common/wpa_common.c b/src/common/wpa_common.c index e3b38a15b..4d5d499f6 100644 --- a/src/common/wpa_common.c +++ b/src/common/wpa_common.c @@ -136,6 +136,15 @@ int wpa_eapol_key_mic(const u8 *key, size_t key_len, int akmp, int ver, os_memcpy(mic, hash, 24); break; #endif /* CONFIG_SUITEB192 */ +#ifdef CONFIG_OWE + case WPA_KEY_MGMT_OWE: + wpa_printf(MSG_DEBUG, + "WPA: EAPOL-Key MIC using HMAC-SHA256 (AKM-defined - OWE)"); + if (hmac_sha256(key, key_len, buf, len, hash)) + return -1; + os_memcpy(mic, hash, MD5_MAC_LEN); + break; +#endif /* CONFIG_OWE */ default: wpa_printf(MSG_DEBUG, "WPA: EAPOL-Key MIC algorithm not known (AKM-defined - akmp=0x%x)", @@ -218,7 +227,7 @@ int wpa_pmk_to_ptk(const u8 *pmk, size_t pmk_len, const char *label, #else /* CONFIG_SUITEB192 || CONFIG_FILS */ return -1; #endif /* CONFIG_SUITEB192 || CONFIG_FILS */ - } else if (wpa_key_mgmt_sha256(akmp)) { + } else if (wpa_key_mgmt_sha256(akmp) || akmp == WPA_KEY_MGMT_OWE) { #ifdef CONFIG_IEEE80211W wpa_printf(MSG_DEBUG, "WPA: PTK derivation using PRF(SHA256)"); if (sha256_prf(pmk, pmk_len, label, data, sizeof(data), diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c index 877706df1..d3fd8ef50 100644 --- a/src/rsn_supp/wpa.c +++ b/src/rsn_supp/wpa.c @@ -1737,6 +1737,7 @@ static int wpa_supplicant_decrypt_key_data(struct wpa_sm *sm, #endif /* CONFIG_NO_RC4 */ } else if (ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES || ver == WPA_KEY_INFO_TYPE_AES_128_CMAC || + sm->key_mgmt == WPA_KEY_MGMT_OWE || sm->key_mgmt == WPA_KEY_MGMT_OSEN || wpa_key_mgmt_suite_b(sm->key_mgmt)) { u8 *buf; @@ -2018,6 +2019,7 @@ int wpa_sm_rx_eapol(struct wpa_sm *sm, const u8 *src_addr, ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES && !wpa_key_mgmt_suite_b(sm->key_mgmt) && !wpa_key_mgmt_fils(sm->key_mgmt) && + sm->key_mgmt != WPA_KEY_MGMT_OWE && sm->key_mgmt != WPA_KEY_MGMT_OSEN) { wpa_msg(sm->ctx->msg_ctx, MSG_INFO, "WPA: Unsupported EAPOL-Key descriptor version %d", @@ -2034,7 +2036,8 @@ int wpa_sm_rx_eapol(struct wpa_sm *sm, const u8 *src_addr, } if ((wpa_key_mgmt_suite_b(sm->key_mgmt) || - wpa_key_mgmt_fils(sm->key_mgmt)) && + wpa_key_mgmt_fils(sm->key_mgmt) || + sm->key_mgmt == WPA_KEY_MGMT_OWE) && ver != WPA_KEY_INFO_TYPE_AKM_DEFINED) { wpa_msg(sm->ctx->msg_ctx, MSG_INFO, "RSN: Unsupported EAPOL-Key descriptor version %d (expected AKM defined = 0)", @@ -2068,6 +2071,7 @@ int wpa_sm_rx_eapol(struct wpa_sm *sm, const u8 *src_addr, if (sm->pairwise_cipher == WPA_CIPHER_CCMP && !wpa_key_mgmt_suite_b(sm->key_mgmt) && !wpa_key_mgmt_fils(sm->key_mgmt) && + sm->key_mgmt != WPA_KEY_MGMT_OWE && ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) { wpa_msg(sm->ctx->msg_ctx, MSG_INFO, "WPA: CCMP is used, but EAPOL-Key "