From d87f4aea11d87d96b8a0d1ce33e2765574fe6474 Mon Sep 17 00:00:00 2001 From: Ilan Peer Date: Wed, 16 Dec 2020 13:00:19 +0200 Subject: [PATCH] FILS: Extend the fils_pmk_to_ptk() function to also derive KDK Extend the fils_pmk_to_ptk() to also derive Key Derivation Key (KDK) which can later be used for secure LTF measurements. Signed-off-by: Ilan Peer --- src/ap/wpa_auth.c | 3 ++- src/common/wpa_common.c | 37 +++++++++++++++++++++++++++++++------ src/common/wpa_common.h | 2 +- src/rsn_supp/wpa.c | 3 ++- wlantest/rx_mgmt.c | 2 +- 5 files changed, 37 insertions(+), 10 deletions(-) diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c index 65da18cbe..dbba41d31 100644 --- a/src/ap/wpa_auth.c +++ b/src/ap/wpa_auth.c @@ -2314,7 +2314,8 @@ int fils_auth_pmk_to_ptk(struct wpa_state_machine *sm, const u8 *pmk, snonce, anonce, dhss, dhss_len, &sm->PTK, ick, &ick_len, sm->wpa_key_mgmt, sm->pairwise, - fils_ft, &fils_ft_len); + fils_ft, &fils_ft_len, + sm->wpa_auth->conf.kdk ? WPA_KDK_MAX_LEN : 0); if (res < 0) return res; sm->PTK_valid = true; diff --git a/src/common/wpa_common.c b/src/common/wpa_common.c index 877e4b5b3..bf56aa8d5 100644 --- a/src/common/wpa_common.c +++ b/src/common/wpa_common.c @@ -592,15 +592,16 @@ int fils_pmk_to_ptk(const u8 *pmk, size_t pmk_len, const u8 *spa, const u8 *aa, const u8 *snonce, const u8 *anonce, const u8 *dhss, size_t dhss_len, struct wpa_ptk *ptk, u8 *ick, size_t *ick_len, int akmp, int cipher, - u8 *fils_ft, size_t *fils_ft_len) + u8 *fils_ft, size_t *fils_ft_len, size_t kdk_len) { u8 *data, *pos; size_t data_len; u8 tmp[FILS_ICK_MAX_LEN + WPA_KEK_MAX_LEN + WPA_TK_MAX_LEN + - FILS_FT_MAX_LEN]; + FILS_FT_MAX_LEN + WPA_KDK_MAX_LEN]; size_t key_data_len; const char *label = "FILS PTK Derivation"; int ret = -1; + size_t offset; /* * FILS-Key-Data = PRF-X(PMK, "FILS PTK Derivation", @@ -611,6 +612,9 @@ int fils_pmk_to_ptk(const u8 *pmk, size_t pmk_len, const u8 *spa, const u8 *aa, * If doing FT initial mobility domain association: * FILS-FT = L(FILS-Key-Data, ICK_bits + KEK_bits + TK_bits, * FILS-FT_bits) + * When a KDK is derived: + * KDK = L(FILS-Key-Data, ICK_bits + KEK_bits + TK_bits + FILS-FT_bits, + * KDK_bits) */ data_len = 2 * ETH_ALEN + 2 * FILS_NONCE_LEN + dhss_len; data = os_malloc(data_len); @@ -639,6 +643,19 @@ int fils_pmk_to_ptk(const u8 *pmk, size_t pmk_len, const u8 *spa, const u8 *aa, goto err; key_data_len = *ick_len + ptk->kek_len + ptk->tk_len; + if (kdk_len) { + if (kdk_len > WPA_KDK_MAX_LEN) { + wpa_printf(MSG_ERROR, "FILS: KDK len=%zu too big", + kdk_len); + goto err; + } + + ptk->kdk_len = kdk_len; + key_data_len += kdk_len; + } else { + ptk->kdk_len = 0; + } + if (fils_ft && fils_ft_len) { if (akmp == WPA_KEY_MGMT_FT_FILS_SHA256) { *fils_ft_len = 32; @@ -673,19 +690,27 @@ int fils_pmk_to_ptk(const u8 *pmk, size_t pmk_len, const u8 *spa, const u8 *aa, wpa_hexdump_key(MSG_DEBUG, "FILS: FILS-Key-Data", tmp, key_data_len); os_memcpy(ick, tmp, *ick_len); + offset = *ick_len; wpa_hexdump_key(MSG_DEBUG, "FILS: ICK", ick, *ick_len); - os_memcpy(ptk->kek, tmp + *ick_len, ptk->kek_len); + os_memcpy(ptk->kek, tmp + offset, ptk->kek_len); wpa_hexdump_key(MSG_DEBUG, "FILS: KEK", ptk->kek, ptk->kek_len); + offset += ptk->kek_len; - os_memcpy(ptk->tk, tmp + *ick_len + ptk->kek_len, ptk->tk_len); + os_memcpy(ptk->tk, tmp + offset, ptk->tk_len); wpa_hexdump_key(MSG_DEBUG, "FILS: TK", ptk->tk, ptk->tk_len); + offset += ptk->tk_len; if (fils_ft && fils_ft_len) { - os_memcpy(fils_ft, tmp + *ick_len + ptk->kek_len + ptk->tk_len, - *fils_ft_len); + os_memcpy(fils_ft, tmp + offset, *fils_ft_len); wpa_hexdump_key(MSG_DEBUG, "FILS: FILS-FT", fils_ft, *fils_ft_len); + offset += *fils_ft_len; + } + + if (ptk->kdk_len) { + os_memcpy(ptk->kdk, tmp + offset, ptk->kdk_len); + wpa_hexdump_key(MSG_DEBUG, "FILS: KDK", ptk->kdk, ptk->kdk_len); } ptk->kek2_len = 0; diff --git a/src/common/wpa_common.h b/src/common/wpa_common.h index 193f1d732..7c3692849 100644 --- a/src/common/wpa_common.h +++ b/src/common/wpa_common.h @@ -396,7 +396,7 @@ int fils_pmk_to_ptk(const u8 *pmk, size_t pmk_len, const u8 *spa, const u8 *aa, const u8 *snonce, const u8 *anonce, const u8 *dhss, size_t dhss_len, struct wpa_ptk *ptk, u8 *ick, size_t *ick_len, int akmp, int cipher, - u8 *fils_ft, size_t *fils_ft_len); + u8 *fils_ft, size_t *fils_ft_len, size_t kdk_len); int fils_key_auth_sk(const u8 *ick, size_t ick_len, const u8 *snonce, const u8 *anonce, const u8 *sta_addr, const u8 *bssid, const u8 *g_sta, size_t g_sta_len, diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c index 24d7422bf..7f10956a5 100644 --- a/src/rsn_supp/wpa.c +++ b/src/rsn_supp/wpa.c @@ -4350,7 +4350,8 @@ int fils_process_auth(struct wpa_sm *sm, const u8 *bssid, const u8 *data, dh_ss ? wpabuf_len(dh_ss) : 0, &sm->ptk, ick, &ick_len, sm->key_mgmt, sm->pairwise_cipher, - sm->fils_ft, &sm->fils_ft_len) < 0) { + sm->fils_ft, &sm->fils_ft_len, + sm->kdk ? WPA_KDK_MAX_LEN : 0) < 0) { wpa_printf(MSG_DEBUG, "FILS: Failed to derive PTK"); goto fail; } diff --git a/wlantest/rx_mgmt.c b/wlantest/rx_mgmt.c index f7041b8cb..61c7f6a4c 100644 --- a/wlantest/rx_mgmt.c +++ b/wlantest/rx_mgmt.c @@ -494,7 +494,7 @@ static int try_rmsk(struct wlantest *wt, struct wlantest_bss *bss, sta->snonce, sta->anonce, NULL, 0, &ptk, ick, &ick_len, sta->key_mgmt, sta->pairwise_cipher, - NULL, NULL) < 0) + NULL, NULL, 0) < 0) return -1; /* Check AES-SIV decryption with the derived key */