RSN: Pass full PTK to wpa_eapol_key_send() instead of KCK only

This will be needed to be able to implement AEAD cipher support from
FILS that will need to use KEK to protect the frame.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

diff --git a/src/rsn_supp/peerkey.c b/src/rsn_supp/peerkey.c
index 33324b1bb1c57ac09947c5e8a9f450e5218b9f88..f06ed040e1ea83010a45527e5d24e036480b8284 100644 (file)
--- a/src/rsn_supp/peerkey.c
+++ b/src/rsn_supp/peerkey.c
@@ -113,8 +113,8 @@ static int wpa_supplicant_send_smk_error(struct wpa_sm *sm, const u8 *dst,
                           "(mui %d error_type %d)", mui, error_type);
        }
 
-       wpa_eapol_key_send(sm, sm->ptk.kck, sm->ptk.kck_len, ver, dst,
-                          ETH_P_EAPOL, rbuf, rlen, mic);
+       wpa_eapol_key_send(sm, &sm->ptk, ver, dst, ETH_P_EAPOL, rbuf, rlen,
+                          mic);
 
        return 0;
 }
@@ -166,8 +166,8 @@ static int wpa_supplicant_send_smk_m3(struct wpa_sm *sm,
        wpa_add_kde(pos, RSN_KEY_DATA_NONCE, peerkey->inonce, WPA_NONCE_LEN);
 
        wpa_printf(MSG_DEBUG, "RSN: Sending EAPOL-Key SMK M3");
-       wpa_eapol_key_send(sm, sm->ptk.kck, sm->ptk.kck_len, ver, src_addr,
-                          ETH_P_EAPOL, rbuf, rlen, mic);
+       wpa_eapol_key_send(sm, &sm->ptk, ver, src_addr, ETH_P_EAPOL, rbuf, rlen,
+                          mic);
 
        return 0;
 }
@@ -370,7 +370,7 @@ static void wpa_supplicant_send_stk_1_of_4(struct wpa_sm *sm,
 
        wpa_printf(MSG_DEBUG, "RSN: Sending EAPOL-Key STK 1/4 to " MACSTR,
                   MAC2STR(peerkey->addr));
-       wpa_eapol_key_send(sm, NULL, 0, ver, peerkey->addr, ETH_P_EAPOL,
+       wpa_eapol_key_send(sm, NULL, ver, peerkey->addr, ETH_P_EAPOL,
                           mbuf, mlen, NULL);
 }
 
@@ -426,8 +426,8 @@ static void wpa_supplicant_send_stk_3_of_4(struct wpa_sm *sm,
 
        wpa_printf(MSG_DEBUG, "RSN: Sending EAPOL-Key STK 3/4 to " MACSTR,
                   MAC2STR(peerkey->addr));
-       wpa_eapol_key_send(sm, peerkey->stk.kck, peerkey->stk.kck_len, ver,
-                          peerkey->addr, ETH_P_EAPOL, mbuf, mlen, mic);
+       wpa_eapol_key_send(sm, &peerkey->stk, ver, peerkey->addr, ETH_P_EAPOL,
+                          mbuf, mlen, mic);
 }
 
 
@@ -1087,8 +1087,8 @@ int wpa_sm_stkstart(struct wpa_sm *sm, const u8 *peer)
 
        wpa_printf(MSG_INFO, "RSN: Sending EAPOL-Key SMK M1 Request (peer "
                   MACSTR ")", MAC2STR(peer));
-       wpa_eapol_key_send(sm, sm->ptk.kck, sm->ptk.kck_len, ver, bssid,
-                          ETH_P_EAPOL, rbuf, rlen, mic);
+       wpa_eapol_key_send(sm, &sm->ptk, ver, bssid, ETH_P_EAPOL, rbuf, rlen,
+                          mic);
 
        peerkey->next = sm->peerkey;
        sm->peerkey = peerkey;

diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
index e3f6a6ba54685624f12e46a33c44d01267ab6df5..2f4c359c5aa0cf11a87131a780ce7c198f697ef2 100644 (file)
--- a/src/rsn_supp/wpa.c
+++ b/src/rsn_supp/wpa.c
@@ -30,8 +30,7 @@ static const u8 null_rsc[8] = { 0, 0, 0, 0, 0, 0, 0, 0 };
 /**
  * wpa_eapol_key_send - Send WPA/RSN EAPOL-Key message
  * @sm: Pointer to WPA state machine data from wpa_sm_init()
- * @kck: Key Confirmation Key (KCK, part of PTK)
- * @kck_len: KCK length in octets
+ * @ptk: PTK for Key Confirmation/Encryption Key
  * @ver: Version field from Key Info
  * @dest: Destination address for the frame
  * @proto: Ethertype (usually ETH_P_EAPOL)
@@ -40,7 +39,7 @@ static const u8 null_rsc[8] = { 0, 0, 0, 0, 0, 0, 0, 0 };
  * @key_mic: Pointer to the buffer to which the EAPOL-Key MIC is written
  * Returns: >= 0 on success, < 0 on failure
  */
-int wpa_eapol_key_send(struct wpa_sm *sm, const u8 *kck, size_t kck_len,
+int wpa_eapol_key_send(struct wpa_sm *sm, struct wpa_ptk *ptk,
                       int ver, const u8 *dest, u16 proto,
                       u8 *msg, size_t msg_len, u8 *key_mic)
 {
@@ -64,15 +63,16 @@ int wpa_eapol_key_send(struct wpa_sm *sm, const u8 *kck, size_t kck_len,
                                MAC2STR(dest));
                }
        }
-       if (key_mic && mic_len &&
-           wpa_eapol_key_mic(kck, kck_len, sm->key_mgmt, ver, msg, msg_len,
-                             key_mic)) {
+       if (key_mic && mic_len && ptk &&
+           wpa_eapol_key_mic(ptk->kck, ptk->kck_len, sm->key_mgmt, ver, msg,
+                             msg_len, key_mic)) {
                wpa_msg(sm->ctx->msg_ctx, MSG_ERROR,
                        "WPA: Failed to generate EAPOL-Key version %d key_mgmt 0x%x MIC",
                        ver, sm->key_mgmt);
                goto out;
        }
-       wpa_hexdump_key(MSG_DEBUG, "WPA: KCK", kck, kck_len);
+       if (ptk)
+               wpa_hexdump_key(MSG_DEBUG, "WPA: KCK", ptk->kck, ptk->kck_len);
        wpa_hexdump(MSG_DEBUG, "WPA: Derived Key MIC", key_mic, mic_len);
        wpa_hexdump(MSG_MSGDUMP, "WPA: TX EAPOL-Key", msg, msg_len);
        ret = wpa_sm_ether_send(sm, dest, proto, msg, msg_len);
@@ -153,8 +153,8 @@ void wpa_sm_key_request(struct wpa_sm *sm, int error, int pairwise)
                "WPA: Sending EAPOL-Key Request (error=%d "
                "pairwise=%d ptk_set=%d len=%lu)",
                error, pairwise, sm->ptk_set, (unsigned long) rlen);
-       wpa_eapol_key_send(sm, sm->ptk.kck, sm->ptk.kck_len, ver, bssid,
-                          ETH_P_EAPOL, rbuf, rlen, key_mic);
+       wpa_eapol_key_send(sm, &sm->ptk, ver, bssid, ETH_P_EAPOL, rbuf, rlen,
+                          key_mic);
 }
 
 
@@ -415,8 +415,8 @@ int wpa_supplicant_send_2_of_4(struct wpa_sm *sm, const unsigned char *dst,
        os_memcpy(reply->key_nonce, nonce, WPA_NONCE_LEN);
 
        wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Sending EAPOL-Key 2/4");
-       return wpa_eapol_key_send(sm, ptk->kck, ptk->kck_len, ver, dst,
-                                 ETH_P_EAPOL, rbuf, rlen, key_mic);
+       return wpa_eapol_key_send(sm, ptk, ver, dst, ETH_P_EAPOL, rbuf, rlen,
+                                 key_mic);
 }
 
 
@@ -1169,8 +1169,8 @@ int wpa_supplicant_send_4_of_4(struct wpa_sm *sm, const unsigned char *dst,
        WPA_PUT_BE16(key_mic + mic_len, 0);
 
        wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Sending EAPOL-Key 4/4");
-       return wpa_eapol_key_send(sm, ptk->kck, ptk->kck_len, ver, dst,
-                                 ETH_P_EAPOL, rbuf, rlen, key_mic);
+       return wpa_eapol_key_send(sm, ptk, ver, dst, ETH_P_EAPOL, rbuf, rlen,
+                                 key_mic);
 }
 
 
@@ -1475,8 +1475,8 @@ static int wpa_supplicant_send_2_of_2(struct wpa_sm *sm,
        WPA_PUT_BE16(key_mic + mic_len, 0);
 
        wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Sending EAPOL-Key 2/2");
-       return wpa_eapol_key_send(sm, sm->ptk.kck, sm->ptk.kck_len, ver,
-                                 sm->bssid, ETH_P_EAPOL, rbuf, rlen, key_mic);
+       return wpa_eapol_key_send(sm, &sm->ptk, ver, sm->bssid, ETH_P_EAPOL,
+                                 rbuf, rlen, key_mic);
 }
 
 

diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h
index f653ba6e041d4a9bbd858e8b12dbe78844a1b74d..6f8bc3feb92cc67d561b6b53eb9ac26f449b85ee 100644 (file)
--- a/src/rsn_supp/wpa_i.h
+++ b/src/rsn_supp/wpa_i.h
@@ -353,7 +353,7 @@ static inline int wpa_sm_key_mgmt_set_pmk(struct wpa_sm *sm,
        return sm->ctx->key_mgmt_set_pmk(sm->ctx->ctx, pmk, pmk_len);
 }
 
-int wpa_eapol_key_send(struct wpa_sm *sm, const u8 *kck, size_t kck_len,
+int wpa_eapol_key_send(struct wpa_sm *sm, struct wpa_ptk *ptk,
                       int ver, const u8 *dest, u16 proto,
                       u8 *msg, size_t msg_len, u8 *key_mic);
 int wpa_supplicant_send_2_of_4(struct wpa_sm *sm, const unsigned char *dst,