[PATCH 07/40] FT: Extend the wpa_pmk_r1_to_ptk() function to also derive HLTK

Ilan Peer <ilan.peer@xxxxxxxxx> · Sun, 15 Dec 2019 11:34:05 +0200

Extend the wpa_pmk_r1_to_ptk() to also derive High Level
Transient Key (HLTK), which can later be used for secure
LTF measurements.

Signed-off-by: Ilan Peer <ilan.peer@xxxxxxxxx>
---
 src/ap/wpa_auth.c       |  4 +++-
 src/ap/wpa_auth_ft.c    |  7 +++++--
 src/common/wpa_common.c | 23 ++++++++++++++++++++---
 src/common/wpa_common.h |  3 ++-
 src/rsn_supp/wpa_ft.c   |  6 ++++--
 wlantest/rx_eapol.c     |  2 +-
 wlantest/rx_mgmt.c      |  4 ++--
 7 files changed, 37 insertions(+), 12 deletions(-)

diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
index b71caac9c3..f16a2f8a99 100644
--- a/src/ap/wpa_auth.c
+++ b/src/ap/wpa_auth.c
@@ -2223,7 +2223,9 @@ static int wpa_derive_ptk(struct wpa_state_machine *sm, const u8 *snonce,
 						 sm->pmk_r1_name,
 						 ptk, ptk_name,
 						 sm->wpa_key_mgmt,
-						 sm->pairwise);
+						 sm->pairwise,
+						 sm->wpa_auth->conf.hltk ?
+						 WPA_HLTK_MAX_LEN : 0);
 		}
 		return wpa_auth_derive_ptk_ft(sm, ptk);
 	}
diff --git a/src/ap/wpa_auth_ft.c b/src/ap/wpa_auth_ft.c
index a599be2257..aea0197674 100644
--- a/src/ap/wpa_auth_ft.c
+++ b/src/ap/wpa_auth_ft.c
@@ -2149,7 +2149,8 @@ int wpa_auth_derive_ptk_ft(struct wpa_state_machine *sm, struct wpa_ptk *ptk)
 
 	return wpa_pmk_r1_to_ptk(pmk_r1, pmk_r1_len, sm->SNonce, sm->ANonce,
 				 sm->addr, sm->wpa_auth->addr, sm->pmk_r1_name,
-				 ptk, ptk_name, sm->wpa_key_mgmt, sm->pairwise);
+				 ptk, ptk_name, sm->wpa_key_mgmt, sm->pairwise,
+				 0);
 }
 
 
@@ -3016,7 +3017,9 @@ pmk_r1_derived:
 	if (wpa_pmk_r1_to_ptk(pmk_r1, pmk_r1_len, sm->SNonce, sm->ANonce,
 			      sm->addr, sm->wpa_auth->addr, pmk_r1_name,
 			      &sm->PTK, ptk_name, sm->wpa_key_mgmt,
-			      pairwise) < 0)
+			      pairwise,
+			      sm->wpa_auth->conf.hltk ?
+			      WPA_HLTK_MAX_LEN : 0) < 0)
 		return WLAN_STATUS_UNSPECIFIED_FAILURE;
 
 	sm->pairwise = pairwise;
diff --git a/src/common/wpa_common.c b/src/common/wpa_common.c
index 7c289b5423..115cccb09e 100644
--- a/src/common/wpa_common.c
+++ b/src/common/wpa_common.c
@@ -1714,16 +1714,25 @@ int wpa_pmk_r1_to_ptk(const u8 *pmk_r1, size_t pmk_r1_len,
 		      const u8 *snonce, const u8 *anonce,
 		      const u8 *sta_addr, const u8 *bssid,
 		      const u8 *pmk_r1_name,
-		      struct wpa_ptk *ptk, u8 *ptk_name, int akmp, int cipher)
+		      struct wpa_ptk *ptk, u8 *ptk_name, int akmp, int cipher,
+		      size_t hltk_len)
 {
 	u8 buf[2 * WPA_NONCE_LEN + 2 * ETH_ALEN];
 	u8 *pos, hash[32];
 	const u8 *addr[6];
 	size_t len[6];
-	u8 tmp[2 * WPA_KCK_MAX_LEN + 2 * WPA_KEK_MAX_LEN + WPA_TK_MAX_LEN];
+	u8 tmp[2 * WPA_KCK_MAX_LEN + 2 * WPA_KEK_MAX_LEN + WPA_TK_MAX_LEN +
+	       WPA_HLTK_MAX_LEN];
 	size_t ptk_len, offset;
 	int use_sha384 = wpa_key_mgmt_sha384(akmp);
 
+	if (hltk_len > WPA_HLTK_MAX_LEN) {
+		wpa_printf(MSG_ERROR,
+			   "FT: HLTK len=%zu exceeds max supported len",
+			   hltk_len);
+		return -1;
+	}
+
 	/*
 	 * PTK = KDF-PTKLen(PMK-R1, "FT-PTK", SNonce || ANonce ||
 	 *                  BSSID || STA-ADDR)
@@ -1750,8 +1759,9 @@ int wpa_pmk_r1_to_ptk(const u8 *pmk_r1, size_t pmk_r1_len,
 	ptk->kek_len = wpa_kek_len(akmp, PMK_LEN);
 	ptk->kek2_len = wpa_kek2_len(akmp);
 	ptk->tk_len = wpa_cipher_key_len(cipher);
+	ptk->hltk_len = hltk_len;
 	ptk_len = ptk->kck_len + ptk->kek_len + ptk->tk_len +
-		ptk->kck2_len + ptk->kek2_len;
+		ptk->kck2_len + ptk->kek2_len + ptk->hltk_len;
 
 #ifdef CONFIG_SHA384
 	if (use_sha384) {
@@ -1810,6 +1820,9 @@ int wpa_pmk_r1_to_ptk(const u8 *pmk_r1, size_t pmk_r1_len,
 	os_memcpy(ptk->kck2, tmp + offset, ptk->kck2_len);
 	offset += ptk->kck2_len;
 	os_memcpy(ptk->kek2, tmp + offset, ptk->kek2_len);
+	offset += ptk->kek2_len;
+	os_memcpy(ptk->hltk, tmp + offset, ptk->hltk_len);
+	offset += ptk->hltk_len;
 
 	wpa_hexdump_key(MSG_DEBUG, "FT: KCK", ptk->kck, ptk->kck_len);
 	wpa_hexdump_key(MSG_DEBUG, "FT: KEK", ptk->kek, ptk->kek_len);
@@ -1819,6 +1832,10 @@ int wpa_pmk_r1_to_ptk(const u8 *pmk_r1, size_t pmk_r1_len,
 	if (ptk->kek2_len)
 		wpa_hexdump_key(MSG_DEBUG, "FT: KEK2",
 				ptk->kek2, ptk->kek2_len);
+	if (ptk->hltk_len)
+		wpa_hexdump_key(MSG_DEBUG, "FT: HLTK",
+				ptk->hltk, ptk->hltk_len);
+
 	wpa_hexdump_key(MSG_DEBUG, "FT: TK", ptk->tk, ptk->tk_len);
 	wpa_hexdump(MSG_DEBUG, "FT: PTKName", ptk_name, WPA_PMK_NAME_LEN);
 
diff --git a/src/common/wpa_common.h b/src/common/wpa_common.h
index 9a3bacceed..d25f1cb8a0 100644
--- a/src/common/wpa_common.h
+++ b/src/common/wpa_common.h
@@ -384,7 +384,8 @@ int wpa_derive_pmk_r1(const u8 *pmk_r0, size_t pmk_r0_len,
 int wpa_pmk_r1_to_ptk(const u8 *pmk_r1, size_t pmk_r1_len, const u8 *snonce,
 		      const u8 *anonce, const u8 *sta_addr, const u8 *bssid,
 		      const u8 *pmk_r1_name,
-		      struct wpa_ptk *ptk, u8 *ptk_name, int akmp, int cipher);
+		      struct wpa_ptk *ptk, u8 *ptk_name, int akmp, int cipher,
+		      size_t hltk_len);
 #endif /* CONFIG_IEEE80211R */
 
 struct wpa_ie_data {
diff --git a/src/rsn_supp/wpa_ft.c b/src/rsn_supp/wpa_ft.c
index 2b8b41fa58..bf8166036b 100644
--- a/src/rsn_supp/wpa_ft.c
+++ b/src/rsn_supp/wpa_ft.c
@@ -63,7 +63,8 @@ int wpa_derive_ptk_ft(struct wpa_sm *sm, const unsigned char *src_addr,
 		    WPA_PMK_NAME_LEN);
 	return wpa_pmk_r1_to_ptk(sm->pmk_r1, sm->pmk_r1_len, sm->snonce, anonce,
 				 sm->own_addr, sm->bssid, sm->pmk_r1_name, ptk,
-				 ptk_name, sm->key_mgmt, sm->pairwise_cipher);
+				 ptk_name, sm->key_mgmt, sm->pairwise_cipher,
+				 sm->hltk ? WPA_HLTK_MAX_LEN : 0);
 }
 
 
@@ -632,7 +633,8 @@ int wpa_ft_process_response(struct wpa_sm *sm, const u8 *ies, size_t ies_len,
 	if (wpa_pmk_r1_to_ptk(sm->pmk_r1, sm->pmk_r1_len, sm->snonce,
 			      anonce, sm->own_addr, bssid,
 			      sm->pmk_r1_name, &sm->ptk, ptk_name, sm->key_mgmt,
-			      sm->pairwise_cipher) < 0)
+			      sm->pairwise_cipher,
+			      sm->hltk ? WPA_HLTK_MAX_LEN : 0) < 0)
 		return -1;
 
 	if (wpa_key_mgmt_fils(sm->key_mgmt)) {
diff --git a/wlantest/rx_eapol.c b/wlantest/rx_eapol.c
index 05c145ab63..78d4081009 100644
--- a/wlantest/rx_eapol.c
+++ b/wlantest/rx_eapol.c
@@ -124,7 +124,7 @@ static int try_pmk(struct wlantest *wt, struct wlantest_bss *bss,
 				      sta->addr,
 				      bss->bssid, pmk_r1_name, &ptk, ptk_name,
 				      sta->key_mgmt,
-				      sta->pairwise_cipher) < 0 ||
+				      sta->pairwise_cipher, 0) < 0 ||
 		    check_mic(ptk.kck, ptk.kck_len, sta->key_mgmt, ver, data,
 			      len) < 0)
 			return -1;
diff --git a/wlantest/rx_mgmt.c b/wlantest/rx_mgmt.c
index 39b23b27ca..c8cb4cba64 100644
--- a/wlantest/rx_mgmt.c
+++ b/wlantest/rx_mgmt.c
@@ -226,7 +226,7 @@ static void process_ft_auth(struct wlantest *wt, struct wlantest_bss *bss,
 	    wpa_pmk_r1_to_ptk(pmk_r1, PMK_LEN, parse.fte_snonce,
 			      parse.fte_anonce, sta->addr, bss->bssid,
 			      pmk_r1_name, &ptk, ptk_name, sta->key_mgmt,
-			      sta->pairwise_cipher) < 0)
+			      sta->pairwise_cipher, 0) < 0)
 		return;
 
 	add_note(wt, MSG_DEBUG, "Derived new PTK");
@@ -1109,7 +1109,7 @@ static void rx_mgmt_action_ft_response(struct wlantest *wt,
 	    wpa_pmk_r1_to_ptk(pmk_r1, PMK_LEN, parse.fte_snonce,
 			      parse.fte_anonce, new_sta->addr, bss->bssid,
 			      pmk_r1_name, &ptk, ptk_name, new_sta->key_mgmt,
-			      new_sta->pairwise_cipher) < 0)
+			      new_sta->pairwise_cipher, 0) < 0)
 		return;
 
 	add_note(wt, MSG_DEBUG, "Derived new PTK");
-- 
2.17.1


_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap






