WPA: Extend the wpa_pmk_to_ptk() function to also derive KDK

Extend the wpa_pmk_to_ptk() to also derive Key Derivation
Key (KDK), which can later be used for secure LTF measurements.

Update the wpa_supplicant and hostapd configuration and the
corresponding WPA and WPA Auth state machine, to allow enabling of KDK
derivation. For now, use a testing parameter to control whether KDK is
derived.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>

src/rsn_supp/wpa.c

@@ -606,7 +606,8 @@ static int wpa_derive_ptk(struct wpa_sm *sm, const unsigned char *src_addr,
 	return wpa_pmk_to_ptk(sm->pmk, sm->pmk_len, "Pairwise key expansion",
 			      sm->own_addr, sm->bssid, sm->snonce,
 			      key->key_nonce, ptk, akmp,
-			      sm->pairwise_cipher, z, z_len);
+			      sm->pairwise_cipher, z, z_len,
+			      sm->kdk ? WPA_KDK_MAX_LEN : 0);
 }
 
 
@@ -3184,6 +3185,7 @@ void wpa_sm_set_config(struct wpa_sm *sm, struct rsn_supp_config *config)
 		sm->p2p = config->p2p;
 		sm->wpa_rsc_relaxation = config->wpa_rsc_relaxation;
 		sm->owe_ptk_workaround = config->owe_ptk_workaround;
+		sm->kdk = config->kdk;
 #ifdef CONFIG_FILS
 		if (config->fils_cache_id) {
 			sm->fils_cache_id_set = 1;
@@ -3206,6 +3208,7 @@ void wpa_sm_set_config(struct wpa_sm *sm, struct rsn_supp_config *config)
 		sm->wpa_rsc_relaxation = 0;
 		sm->owe_ptk_workaround = 0;
 		sm->beacon_prot = 0;
+		sm->kdk = false;
 	}
 }
 

src/rsn_supp/wpa.h

@@ -130,6 +130,7 @@ struct rsn_supp_config {
 	int owe_ptk_workaround;
 	const u8 *fils_cache_id;
 	int beacon_prot;
+	bool kdk;
 };
 
 #ifndef CONFIG_NO_WPA

src/rsn_supp/wpa_i.h

@@ -73,6 +73,12 @@ struct wpa_sm {
 			     * to be used */
 	int keyidx_active; /* Key ID for the active TK */
 
+	/*
+	 * If set Key Derivation Key should be derived as part of PMK to
+	 * PTK derivation.
+	 */
+	bool kdk;
+
 	u8 own_addr[ETH_ALEN];
 	const char *ifname;
 	const char *bridge_ifname;