FT: Support variable length keys
This is a step in adding support for SHA384-based FT AKM. Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen
parent
c22bb5bba6
commit
a3e18dbb6a
8 changed files with 106 additions and 66 deletions
|
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
* WPA Supplicant - WPA state machine and EAPOL-Key processing
|
||||
* Copyright (c) 2003-2017, Jouni Malinen <j@w1.fi>
|
||||
* Copyright (c) 2003-2018, Jouni Malinen <j@w1.fi>
|
||||
* Copyright(c) 2015 Intel Deutschland GmbH
|
||||
*
|
||||
* This software may be distributed under the terms of the BSD license.
|
||||
|
|
@ -3151,8 +3151,11 @@ void wpa_sm_drop_sa(struct wpa_sm *sm)
|
|||
#endif /* CONFIG_IEEE80211W */
|
||||
#ifdef CONFIG_IEEE80211R
|
||||
os_memset(sm->xxkey, 0, sizeof(sm->xxkey));
|
||||
sm->xxkey_len = 0;
|
||||
os_memset(sm->pmk_r0, 0, sizeof(sm->pmk_r0));
|
||||
sm->pmk_r0_len = 0;
|
||||
os_memset(sm->pmk_r1, 0, sizeof(sm->pmk_r1));
|
||||
sm->pmk_r1_len = 0;
|
||||
#endif /* CONFIG_IEEE80211R */
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -30,21 +30,26 @@ int wpa_derive_ptk_ft(struct wpa_sm *sm, const unsigned char *src_addr,
|
|||
return -1;
|
||||
}
|
||||
|
||||
wpa_derive_pmk_r0(sm->xxkey, sm->xxkey_len, sm->ssid,
|
||||
sm->ssid_len, sm->mobility_domain,
|
||||
sm->r0kh_id, sm->r0kh_id_len, sm->own_addr,
|
||||
sm->pmk_r0, sm->pmk_r0_name);
|
||||
wpa_hexdump_key(MSG_DEBUG, "FT: PMK-R0", sm->pmk_r0, PMK_LEN);
|
||||
sm->pmk_r0_len = PMK_LEN;
|
||||
if (wpa_derive_pmk_r0(sm->xxkey, sm->xxkey_len, sm->ssid,
|
||||
sm->ssid_len, sm->mobility_domain,
|
||||
sm->r0kh_id, sm->r0kh_id_len, sm->own_addr,
|
||||
sm->pmk_r0, sm->pmk_r0_name) < 0)
|
||||
return -1;
|
||||
wpa_hexdump_key(MSG_DEBUG, "FT: PMK-R0", sm->pmk_r0, sm->pmk_r0_len);
|
||||
wpa_hexdump(MSG_DEBUG, "FT: PMKR0Name",
|
||||
sm->pmk_r0_name, WPA_PMK_NAME_LEN);
|
||||
wpa_derive_pmk_r1(sm->pmk_r0, sm->pmk_r0_name, sm->r1kh_id,
|
||||
sm->own_addr, sm->pmk_r1, sm->pmk_r1_name);
|
||||
wpa_hexdump_key(MSG_DEBUG, "FT: PMK-R1", sm->pmk_r1, PMK_LEN);
|
||||
sm->pmk_r1_len = sm->pmk_r0_len;
|
||||
if (wpa_derive_pmk_r1(sm->pmk_r0, sm->pmk_r0_len, sm->pmk_r0_name,
|
||||
sm->r1kh_id, sm->own_addr, sm->pmk_r1,
|
||||
sm->pmk_r1_name) < 0)
|
||||
return -1;
|
||||
wpa_hexdump_key(MSG_DEBUG, "FT: PMK-R1", sm->pmk_r1, sm->pmk_r1_len);
|
||||
wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name", sm->pmk_r1_name,
|
||||
WPA_PMK_NAME_LEN);
|
||||
return wpa_pmk_r1_to_ptk(sm->pmk_r1, sm->snonce, anonce, sm->own_addr,
|
||||
sm->bssid, sm->pmk_r1_name, ptk, ptk_name,
|
||||
sm->key_mgmt, sm->pairwise_cipher);
|
||||
return wpa_pmk_r1_to_ptk(sm->pmk_r1, sm->pmk_r1_len, sm->snonce, anonce,
|
||||
sm->own_addr, sm->bssid, sm->pmk_r1_name, ptk,
|
||||
ptk_name, sm->key_mgmt, sm->pairwise_cipher);
|
||||
}
|
||||
|
||||
|
||||
|
|
@ -510,16 +515,20 @@ int wpa_ft_process_response(struct wpa_sm *sm, const u8 *ies, size_t ies_len,
|
|||
wpa_hexdump(MSG_DEBUG, "FT: SNonce", sm->snonce, WPA_NONCE_LEN);
|
||||
wpa_hexdump(MSG_DEBUG, "FT: ANonce", ftie->anonce, WPA_NONCE_LEN);
|
||||
os_memcpy(sm->anonce, ftie->anonce, WPA_NONCE_LEN);
|
||||
wpa_derive_pmk_r1(sm->pmk_r0, sm->pmk_r0_name, sm->r1kh_id,
|
||||
sm->own_addr, sm->pmk_r1, sm->pmk_r1_name);
|
||||
wpa_hexdump_key(MSG_DEBUG, "FT: PMK-R1", sm->pmk_r1, PMK_LEN);
|
||||
if (wpa_derive_pmk_r1(sm->pmk_r0, sm->pmk_r0_len, sm->pmk_r0_name,
|
||||
sm->r1kh_id, sm->own_addr, sm->pmk_r1,
|
||||
sm->pmk_r1_name) < 0)
|
||||
return -1;
|
||||
sm->pmk_r1_len = sm->pmk_r0_len;
|
||||
wpa_hexdump_key(MSG_DEBUG, "FT: PMK-R1", sm->pmk_r1, sm->pmk_r1_len);
|
||||
wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name",
|
||||
sm->pmk_r1_name, WPA_PMK_NAME_LEN);
|
||||
|
||||
bssid = target_ap;
|
||||
if (wpa_pmk_r1_to_ptk(sm->pmk_r1, sm->snonce, ftie->anonce,
|
||||
sm->own_addr, bssid, sm->pmk_r1_name, &sm->ptk,
|
||||
ptk_name, sm->key_mgmt, sm->pairwise_cipher) < 0)
|
||||
if (wpa_pmk_r1_to_ptk(sm->pmk_r1, sm->pmk_r1_len, sm->snonce,
|
||||
ftie->anonce, sm->own_addr, bssid,
|
||||
sm->pmk_r1_name, &sm->ptk, ptk_name, sm->key_mgmt,
|
||||
sm->pairwise_cipher) < 0)
|
||||
return -1;
|
||||
|
||||
if (wpa_key_mgmt_fils(sm->key_mgmt)) {
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
* Internal WPA/RSN supplicant state machine definitions
|
||||
* Copyright (c) 2004-2017, Jouni Malinen <j@w1.fi>
|
||||
* Copyright (c) 2004-2018, Jouni Malinen <j@w1.fi>
|
||||
*
|
||||
* This software may be distributed under the terms of the BSD license.
|
||||
* See README for more details.
|
||||
|
|
@ -112,11 +112,14 @@ struct wpa_sm {
|
|||
#endif /* CONFIG_TDLS */
|
||||
|
||||
#ifdef CONFIG_IEEE80211R
|
||||
u8 xxkey[PMK_LEN]; /* PSK or the second 256 bits of MSK */
|
||||
u8 xxkey[PMK_LEN_MAX]; /* PSK or the second 256 bits of MSK, or the
|
||||
* first 384 bits of MSK */
|
||||
size_t xxkey_len;
|
||||
u8 pmk_r0[PMK_LEN];
|
||||
u8 pmk_r0[PMK_LEN_MAX];
|
||||
size_t pmk_r0_len;
|
||||
u8 pmk_r0_name[WPA_PMK_NAME_LEN];
|
||||
u8 pmk_r1[PMK_LEN];
|
||||
u8 pmk_r1[PMK_LEN_MAX];
|
||||
size_t pmk_r1_len;
|
||||
u8 pmk_r1_name[WPA_PMK_NAME_LEN];
|
||||
u8 mobility_domain[MOBILITY_DOMAIN_ID_LEN];
|
||||
u8 r0kh_id[FT_R0KH_ID_MAX_LEN];
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue