mirror of
https://git.kernel.org/pub/scm/network/wireless/iwd.git
synced 2025-01-09 00:12:36 +01:00
handshake: update key getters for FILS-FT
FILS-FT is a special case with respect to the PTK keys. The KCK getter was updated to handle both FT-FILS AKMs, by returning the offset in the PTK to the special KCK generated during FILS. A getter for the KCK length was added, which handles the SHA384 variant. The PTK size was also updated since FILS-FT can generate an additional 56 bytes of PTK
This commit is contained in:
parent
bc381bd8c3
commit
0e9ed03e60
@ -368,8 +368,13 @@ static bool handshake_get_key_sizes(struct handshake_state *s, size_t *ptk_size,
|
||||
break;
|
||||
}
|
||||
|
||||
if (ptk_size)
|
||||
if (ptk_size) {
|
||||
*ptk_size = kck + kek + tk;
|
||||
if (s->akm_suite == IE_RSN_AKM_SUITE_FT_OVER_FILS_SHA256)
|
||||
*ptk_size += 32;
|
||||
else if (s->akm_suite == IE_RSN_AKM_SUITE_FT_OVER_FILS_SHA384)
|
||||
*ptk_size += 56;
|
||||
}
|
||||
|
||||
if (kck_size)
|
||||
*kck_size = kck;
|
||||
@ -469,9 +474,29 @@ size_t handshake_state_get_ptk_size(struct handshake_state *s)
|
||||
|
||||
const uint8_t *handshake_state_get_kck(struct handshake_state *s)
|
||||
{
|
||||
/*
|
||||
* FILS itself does not derive a KCK, but FILS-FT derives additional
|
||||
* key bytes at the end of the PTK, which contains a special KCK used
|
||||
* for fast transition. Since the normal FILS protocol will never call
|
||||
* this, we can assume that its only being called for FILS-FT and is
|
||||
* requesting this special KCK.
|
||||
*/
|
||||
if (s->akm_suite & IE_RSN_AKM_SUITE_FT_OVER_FILS_SHA256)
|
||||
return s->ptk + 48;
|
||||
else if (s->akm_suite & IE_RSN_AKM_SUITE_FT_OVER_FILS_SHA384)
|
||||
return s->ptk + 80;
|
||||
|
||||
return s->ptk;
|
||||
}
|
||||
|
||||
size_t handshake_state_get_kck_len(struct handshake_state *s)
|
||||
{
|
||||
if (s->akm_suite & IE_RSN_AKM_SUITE_FT_OVER_FILS_SHA384)
|
||||
return 24;
|
||||
|
||||
return 16;
|
||||
}
|
||||
|
||||
size_t handshake_state_get_kek_len(struct handshake_state *s)
|
||||
{
|
||||
size_t kek_size;
|
||||
|
@ -91,7 +91,7 @@ struct handshake_state {
|
||||
size_t pmk_len;
|
||||
uint8_t snonce[32];
|
||||
uint8_t anonce[32];
|
||||
uint8_t ptk[80];
|
||||
uint8_t ptk[136];
|
||||
uint8_t pmk_r0[32];
|
||||
uint8_t pmk_r0_name[16];
|
||||
uint8_t pmk_r1[32];
|
||||
@ -177,6 +177,7 @@ void handshake_state_set_anonce(struct handshake_state *s,
|
||||
void handshake_state_set_pmkid(struct handshake_state *s, const uint8_t *pmkid);
|
||||
bool handshake_state_derive_ptk(struct handshake_state *s);
|
||||
size_t handshake_state_get_ptk_size(struct handshake_state *s);
|
||||
size_t handshake_state_get_kck_len(struct handshake_state *s);
|
||||
const uint8_t *handshake_state_get_kck(struct handshake_state *s);
|
||||
size_t handshake_state_get_kek_len(struct handshake_state *s);
|
||||
const uint8_t *handshake_state_get_kek(struct handshake_state *s);
|
||||
|
Loading…
Reference in New Issue
Block a user