From 6e834db74e55283064c1c52f18d39005df83b07b Mon Sep 17 00:00:00 2001 From: Ilan Peer Date: Wed, 16 Dec 2020 13:00:18 +0200 Subject: [PATCH] FT: Extend the wpa_pmk_r1_to_ptk() function to also derive KDK Extend the wpa_pmk_r1_to_ptk() to also derive Key Derivation Key (KDK), which can later be used for secure LTF measurements. Signed-off-by: Ilan Peer --- src/ap/wpa_auth.c | 4 +++- src/ap/wpa_auth_ft.c | 7 +++++-- src/common/wpa_common.c | 21 ++++++++++++++++++--- src/common/wpa_common.h | 3 ++- src/rsn_supp/wpa_ft.c | 6 ++++-- wlantest/rx_eapol.c | 2 +- wlantest/rx_mgmt.c | 5 +++-- 7 files changed, 36 insertions(+), 12 deletions(-) diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c index ebf35cf30..65da18cbe 100644 --- a/src/ap/wpa_auth.c +++ b/src/ap/wpa_auth.c @@ -2272,7 +2272,9 @@ static int wpa_derive_ptk(struct wpa_state_machine *sm, const u8 *snonce, sm->pmk_r1_name, ptk, ptk_name, sm->wpa_key_mgmt, - sm->pairwise); + sm->pairwise, + sm->wpa_auth->conf.kdk ? + WPA_KDK_MAX_LEN : 0); } return wpa_auth_derive_ptk_ft(sm, ptk); } diff --git a/src/ap/wpa_auth_ft.c b/src/ap/wpa_auth_ft.c index 5aa363eca..9a1922e64 100644 --- a/src/ap/wpa_auth_ft.c +++ b/src/ap/wpa_auth_ft.c @@ -2147,7 +2147,8 @@ int wpa_auth_derive_ptk_ft(struct wpa_state_machine *sm, struct wpa_ptk *ptk) return wpa_pmk_r1_to_ptk(pmk_r1, pmk_r1_len, sm->SNonce, sm->ANonce, sm->addr, sm->wpa_auth->addr, sm->pmk_r1_name, - ptk, ptk_name, sm->wpa_key_mgmt, sm->pairwise); + ptk, ptk_name, sm->wpa_key_mgmt, sm->pairwise, + 0); } @@ -3198,7 +3199,9 @@ pmk_r1_derived: if (wpa_pmk_r1_to_ptk(pmk_r1, pmk_r1_len, sm->SNonce, sm->ANonce, sm->addr, sm->wpa_auth->addr, pmk_r1_name, &sm->PTK, ptk_name, sm->wpa_key_mgmt, - pairwise) < 0) + pairwise, + sm->wpa_auth->conf.kdk ? + WPA_KDK_MAX_LEN : 0) < 0) return WLAN_STATUS_UNSPECIFIED_FAILURE; sm->pairwise = pairwise; diff --git a/src/common/wpa_common.c b/src/common/wpa_common.c index 750a3c8c4..877e4b5b3 100644 --- a/src/common/wpa_common.c +++ b/src/common/wpa_common.c @@ -1750,16 +1750,25 @@ int wpa_pmk_r1_to_ptk(const u8 *pmk_r1, size_t pmk_r1_len, const u8 *snonce, const u8 *anonce, const u8 *sta_addr, const u8 *bssid, const u8 *pmk_r1_name, - struct wpa_ptk *ptk, u8 *ptk_name, int akmp, int cipher) + struct wpa_ptk *ptk, u8 *ptk_name, int akmp, int cipher, + size_t kdk_len) { u8 buf[2 * WPA_NONCE_LEN + 2 * ETH_ALEN]; u8 *pos, hash[32]; const u8 *addr[6]; size_t len[6]; - u8 tmp[2 * WPA_KCK_MAX_LEN + 2 * WPA_KEK_MAX_LEN + WPA_TK_MAX_LEN]; + u8 tmp[2 * WPA_KCK_MAX_LEN + 2 * WPA_KEK_MAX_LEN + WPA_TK_MAX_LEN + + WPA_KDK_MAX_LEN]; size_t ptk_len, offset; int use_sha384 = wpa_key_mgmt_sha384(akmp); + if (kdk_len > WPA_KDK_MAX_LEN) { + wpa_printf(MSG_ERROR, + "FT: KDK len=%zu exceeds max supported len", + kdk_len); + return -1; + } + /* * PTK = KDF-PTKLen(PMK-R1, "FT-PTK", SNonce || ANonce || * BSSID || STA-ADDR) @@ -1786,8 +1795,9 @@ int wpa_pmk_r1_to_ptk(const u8 *pmk_r1, size_t pmk_r1_len, ptk->kek_len = wpa_kek_len(akmp, PMK_LEN); ptk->kek2_len = wpa_kek2_len(akmp); ptk->tk_len = wpa_cipher_key_len(cipher); + ptk->kdk_len = kdk_len; ptk_len = ptk->kck_len + ptk->kek_len + ptk->tk_len + - ptk->kck2_len + ptk->kek2_len; + ptk->kck2_len + ptk->kek2_len + ptk->kdk_len; #ifdef CONFIG_SHA384 if (use_sha384) { @@ -1846,6 +1856,8 @@ int wpa_pmk_r1_to_ptk(const u8 *pmk_r1, size_t pmk_r1_len, os_memcpy(ptk->kck2, tmp + offset, ptk->kck2_len); offset += ptk->kck2_len; os_memcpy(ptk->kek2, tmp + offset, ptk->kek2_len); + offset += ptk->kek2_len; + os_memcpy(ptk->kdk, tmp + offset, ptk->kdk_len); wpa_hexdump_key(MSG_DEBUG, "FT: KCK", ptk->kck, ptk->kck_len); wpa_hexdump_key(MSG_DEBUG, "FT: KEK", ptk->kek, ptk->kek_len); @@ -1855,6 +1867,9 @@ int wpa_pmk_r1_to_ptk(const u8 *pmk_r1, size_t pmk_r1_len, if (ptk->kek2_len) wpa_hexdump_key(MSG_DEBUG, "FT: KEK2", ptk->kek2, ptk->kek2_len); + if (ptk->kdk_len) + wpa_hexdump_key(MSG_DEBUG, "FT: KDK", ptk->kdk, ptk->kdk_len); + wpa_hexdump_key(MSG_DEBUG, "FT: TK", ptk->tk, ptk->tk_len); wpa_hexdump(MSG_DEBUG, "FT: PTKName", ptk_name, WPA_PMK_NAME_LEN); diff --git a/src/common/wpa_common.h b/src/common/wpa_common.h index 44b803e65..193f1d732 100644 --- a/src/common/wpa_common.h +++ b/src/common/wpa_common.h @@ -427,7 +427,8 @@ int wpa_derive_pmk_r1(const u8 *pmk_r0, size_t pmk_r0_len, int wpa_pmk_r1_to_ptk(const u8 *pmk_r1, size_t pmk_r1_len, const u8 *snonce, const u8 *anonce, const u8 *sta_addr, const u8 *bssid, const u8 *pmk_r1_name, - struct wpa_ptk *ptk, u8 *ptk_name, int akmp, int cipher); + struct wpa_ptk *ptk, u8 *ptk_name, int akmp, int cipher, + size_t kdk_len); #endif /* CONFIG_IEEE80211R */ struct wpa_ie_data { diff --git a/src/rsn_supp/wpa_ft.c b/src/rsn_supp/wpa_ft.c index bf73376b6..6ca9cb7ce 100644 --- a/src/rsn_supp/wpa_ft.c +++ b/src/rsn_supp/wpa_ft.c @@ -58,7 +58,8 @@ int wpa_derive_ptk_ft(struct wpa_sm *sm, const unsigned char *src_addr, return -1; return wpa_pmk_r1_to_ptk(sm->pmk_r1, sm->pmk_r1_len, sm->snonce, anonce, sm->own_addr, sm->bssid, sm->pmk_r1_name, ptk, - ptk_name, sm->key_mgmt, sm->pairwise_cipher); + ptk_name, sm->key_mgmt, sm->pairwise_cipher, + sm->kdk ? WPA_KDK_MAX_LEN : 0); } @@ -649,7 +650,8 @@ int wpa_ft_process_response(struct wpa_sm *sm, const u8 *ies, size_t ies_len, if (wpa_pmk_r1_to_ptk(sm->pmk_r1, sm->pmk_r1_len, sm->snonce, anonce, sm->own_addr, bssid, sm->pmk_r1_name, &sm->ptk, ptk_name, sm->key_mgmt, - sm->pairwise_cipher) < 0) + sm->pairwise_cipher, + sm->kdk ? WPA_KDK_MAX_LEN : 0) < 0) return -1; if (wpa_key_mgmt_fils(sm->key_mgmt)) { diff --git a/wlantest/rx_eapol.c b/wlantest/rx_eapol.c index cdc1fff0c..eaf97c3e8 100644 --- a/wlantest/rx_eapol.c +++ b/wlantest/rx_eapol.c @@ -120,7 +120,7 @@ static int try_pmk(struct wlantest *wt, struct wlantest_bss *bss, sta->snonce, sta->anonce, sta->addr, bss->bssid, sta->pmk_r1_name, &ptk, ptk_name, sta->key_mgmt, - sta->pairwise_cipher) < 0 || + sta->pairwise_cipher, 0) < 0 || check_mic(ptk.kck, ptk.kck_len, sta->key_mgmt, ver, data, len) < 0) return -1; diff --git a/wlantest/rx_mgmt.c b/wlantest/rx_mgmt.c index 0bc7eb2b2..f7041b8cb 100644 --- a/wlantest/rx_mgmt.c +++ b/wlantest/rx_mgmt.c @@ -290,7 +290,7 @@ static void process_ft_auth(struct wlantest *wt, struct wlantest_bss *bss, wpa_pmk_r1_to_ptk(sta->pmk_r1, sta->pmk_r1_len, parse.fte_snonce, parse.fte_anonce, sta->addr, bss->bssid, sta->pmk_r1_name, &ptk, ptk_name, sta->key_mgmt, - sta->pairwise_cipher) < 0) + sta->pairwise_cipher, 0) < 0) return; add_note(wt, MSG_DEBUG, "Derived new PTK"); @@ -1779,7 +1779,8 @@ static void rx_mgmt_action_ft_response(struct wlantest *wt, wpa_pmk_r1_to_ptk(sta->pmk_r1, sta->pmk_r1_len, parse.fte_snonce, parse.fte_anonce, new_sta->addr, bss->bssid, sta->pmk_r1_name, &ptk, ptk_name, - new_sta->key_mgmt, new_sta->pairwise_cipher) < 0) + new_sta->key_mgmt, new_sta->pairwise_cipher, + 0) < 0) return; add_note(wt, MSG_DEBUG, "Derived new PTK");