OWE: Use AKM 00-0F-AC:11 style parameters for EAPOL-Key frames

draft-harkins-owe-07.txt does not specify these parameters, so need to
pick something sensible to use for the experimental implementation. The
Suite B 128-bit level AKM 00-0F-AC:11 has reasonable parameters for the
DH group 19 case (i.e., SHA256 hash), so use it for now. This can be
updated if the OWE RFC becomes clearer on the appropriate parameters
(KEK/KCK/MIC length, PRF/KDF algorithm, and key-wrap algorithm).

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2017-03-12 20:40:43 +02:00
parent ef9627cbc7
commit 07a5fe823e
3 changed files with 21 additions and 3 deletions

View file

@ -1018,6 +1018,7 @@ void wpa_receive(struct wpa_authenticator *wpa_auth,
if (!wpa_use_aes_cmac(sm) && if (!wpa_use_aes_cmac(sm) &&
!wpa_key_mgmt_fils(sm->wpa_key_mgmt) && !wpa_key_mgmt_fils(sm->wpa_key_mgmt) &&
sm->wpa_key_mgmt != WPA_KEY_MGMT_OWE &&
ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) { ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
wpa_auth_logger(wpa_auth, sm->addr, wpa_auth_logger(wpa_auth, sm->addr,
LOGGER_WARNING, LOGGER_WARNING,
@ -1028,7 +1029,8 @@ void wpa_receive(struct wpa_authenticator *wpa_auth,
} }
if ((wpa_key_mgmt_suite_b(sm->wpa_key_mgmt) || if ((wpa_key_mgmt_suite_b(sm->wpa_key_mgmt) ||
wpa_key_mgmt_fils(sm->wpa_key_mgmt)) && wpa_key_mgmt_fils(sm->wpa_key_mgmt) ||
sm->wpa_key_mgmt == WPA_KEY_MGMT_OWE) &&
ver != WPA_KEY_INFO_TYPE_AKM_DEFINED) { ver != WPA_KEY_INFO_TYPE_AKM_DEFINED) {
wpa_auth_logger(wpa_auth, sm->addr, LOGGER_WARNING, wpa_auth_logger(wpa_auth, sm->addr, LOGGER_WARNING,
"did not use EAPOL-Key descriptor version 0 as required for AKM-defined cases"); "did not use EAPOL-Key descriptor version 0 as required for AKM-defined cases");
@ -1419,6 +1421,7 @@ void __wpa_send_eapol(struct wpa_authenticator *wpa_auth,
if (force_version) if (force_version)
version = force_version; version = force_version;
else if (sm->wpa_key_mgmt == WPA_KEY_MGMT_OSEN || else if (sm->wpa_key_mgmt == WPA_KEY_MGMT_OSEN ||
sm->wpa_key_mgmt == WPA_KEY_MGMT_OWE ||
wpa_key_mgmt_suite_b(sm->wpa_key_mgmt) || wpa_key_mgmt_suite_b(sm->wpa_key_mgmt) ||
wpa_key_mgmt_fils(sm->wpa_key_mgmt)) wpa_key_mgmt_fils(sm->wpa_key_mgmt))
version = WPA_KEY_INFO_TYPE_AKM_DEFINED; version = WPA_KEY_INFO_TYPE_AKM_DEFINED;
@ -1444,6 +1447,7 @@ void __wpa_send_eapol(struct wpa_authenticator *wpa_auth,
key_data_len = kde_len; key_data_len = kde_len;
if ((version == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES || if ((version == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES ||
sm->wpa_key_mgmt == WPA_KEY_MGMT_OWE ||
sm->wpa_key_mgmt == WPA_KEY_MGMT_OSEN || sm->wpa_key_mgmt == WPA_KEY_MGMT_OSEN ||
wpa_key_mgmt_suite_b(sm->wpa_key_mgmt) || wpa_key_mgmt_suite_b(sm->wpa_key_mgmt) ||
version == WPA_KEY_INFO_TYPE_AES_128_CMAC) && encr) { version == WPA_KEY_INFO_TYPE_AES_128_CMAC) && encr) {
@ -1546,6 +1550,7 @@ void __wpa_send_eapol(struct wpa_authenticator *wpa_auth,
wpa_hexdump_key(MSG_DEBUG, "Plaintext EAPOL-Key Key Data", wpa_hexdump_key(MSG_DEBUG, "Plaintext EAPOL-Key Key Data",
buf, key_data_len); buf, key_data_len);
if (version == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES || if (version == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES ||
sm->wpa_key_mgmt == WPA_KEY_MGMT_OWE ||
sm->wpa_key_mgmt == WPA_KEY_MGMT_OSEN || sm->wpa_key_mgmt == WPA_KEY_MGMT_OSEN ||
wpa_key_mgmt_suite_b(sm->wpa_key_mgmt) || wpa_key_mgmt_suite_b(sm->wpa_key_mgmt) ||
version == WPA_KEY_INFO_TYPE_AES_128_CMAC) { version == WPA_KEY_INFO_TYPE_AES_128_CMAC) {

View file

@ -136,6 +136,15 @@ int wpa_eapol_key_mic(const u8 *key, size_t key_len, int akmp, int ver,
os_memcpy(mic, hash, 24); os_memcpy(mic, hash, 24);
break; break;
#endif /* CONFIG_SUITEB192 */ #endif /* CONFIG_SUITEB192 */
#ifdef CONFIG_OWE
case WPA_KEY_MGMT_OWE:
wpa_printf(MSG_DEBUG,
"WPA: EAPOL-Key MIC using HMAC-SHA256 (AKM-defined - OWE)");
if (hmac_sha256(key, key_len, buf, len, hash))
return -1;
os_memcpy(mic, hash, MD5_MAC_LEN);
break;
#endif /* CONFIG_OWE */
default: default:
wpa_printf(MSG_DEBUG, wpa_printf(MSG_DEBUG,
"WPA: EAPOL-Key MIC algorithm not known (AKM-defined - akmp=0x%x)", "WPA: EAPOL-Key MIC algorithm not known (AKM-defined - akmp=0x%x)",
@ -218,7 +227,7 @@ int wpa_pmk_to_ptk(const u8 *pmk, size_t pmk_len, const char *label,
#else /* CONFIG_SUITEB192 || CONFIG_FILS */ #else /* CONFIG_SUITEB192 || CONFIG_FILS */
return -1; return -1;
#endif /* CONFIG_SUITEB192 || CONFIG_FILS */ #endif /* CONFIG_SUITEB192 || CONFIG_FILS */
} else if (wpa_key_mgmt_sha256(akmp)) { } else if (wpa_key_mgmt_sha256(akmp) || akmp == WPA_KEY_MGMT_OWE) {
#ifdef CONFIG_IEEE80211W #ifdef CONFIG_IEEE80211W
wpa_printf(MSG_DEBUG, "WPA: PTK derivation using PRF(SHA256)"); wpa_printf(MSG_DEBUG, "WPA: PTK derivation using PRF(SHA256)");
if (sha256_prf(pmk, pmk_len, label, data, sizeof(data), if (sha256_prf(pmk, pmk_len, label, data, sizeof(data),

View file

@ -1737,6 +1737,7 @@ static int wpa_supplicant_decrypt_key_data(struct wpa_sm *sm,
#endif /* CONFIG_NO_RC4 */ #endif /* CONFIG_NO_RC4 */
} else if (ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES || } else if (ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES ||
ver == WPA_KEY_INFO_TYPE_AES_128_CMAC || ver == WPA_KEY_INFO_TYPE_AES_128_CMAC ||
sm->key_mgmt == WPA_KEY_MGMT_OWE ||
sm->key_mgmt == WPA_KEY_MGMT_OSEN || sm->key_mgmt == WPA_KEY_MGMT_OSEN ||
wpa_key_mgmt_suite_b(sm->key_mgmt)) { wpa_key_mgmt_suite_b(sm->key_mgmt)) {
u8 *buf; u8 *buf;
@ -2018,6 +2019,7 @@ int wpa_sm_rx_eapol(struct wpa_sm *sm, const u8 *src_addr,
ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES && ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES &&
!wpa_key_mgmt_suite_b(sm->key_mgmt) && !wpa_key_mgmt_suite_b(sm->key_mgmt) &&
!wpa_key_mgmt_fils(sm->key_mgmt) && !wpa_key_mgmt_fils(sm->key_mgmt) &&
sm->key_mgmt != WPA_KEY_MGMT_OWE &&
sm->key_mgmt != WPA_KEY_MGMT_OSEN) { sm->key_mgmt != WPA_KEY_MGMT_OSEN) {
wpa_msg(sm->ctx->msg_ctx, MSG_INFO, wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
"WPA: Unsupported EAPOL-Key descriptor version %d", "WPA: Unsupported EAPOL-Key descriptor version %d",
@ -2034,7 +2036,8 @@ int wpa_sm_rx_eapol(struct wpa_sm *sm, const u8 *src_addr,
} }
if ((wpa_key_mgmt_suite_b(sm->key_mgmt) || if ((wpa_key_mgmt_suite_b(sm->key_mgmt) ||
wpa_key_mgmt_fils(sm->key_mgmt)) && wpa_key_mgmt_fils(sm->key_mgmt) ||
sm->key_mgmt == WPA_KEY_MGMT_OWE) &&
ver != WPA_KEY_INFO_TYPE_AKM_DEFINED) { ver != WPA_KEY_INFO_TYPE_AKM_DEFINED) {
wpa_msg(sm->ctx->msg_ctx, MSG_INFO, wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
"RSN: Unsupported EAPOL-Key descriptor version %d (expected AKM defined = 0)", "RSN: Unsupported EAPOL-Key descriptor version %d (expected AKM defined = 0)",
@ -2068,6 +2071,7 @@ int wpa_sm_rx_eapol(struct wpa_sm *sm, const u8 *src_addr,
if (sm->pairwise_cipher == WPA_CIPHER_CCMP && if (sm->pairwise_cipher == WPA_CIPHER_CCMP &&
!wpa_key_mgmt_suite_b(sm->key_mgmt) && !wpa_key_mgmt_suite_b(sm->key_mgmt) &&
!wpa_key_mgmt_fils(sm->key_mgmt) && !wpa_key_mgmt_fils(sm->key_mgmt) &&
sm->key_mgmt != WPA_KEY_MGMT_OWE &&
ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) { ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
wpa_msg(sm->ctx->msg_ctx, MSG_INFO, wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
"WPA: CCMP is used, but EAPOL-Key " "WPA: CCMP is used, but EAPOL-Key "