Debug print PMK-R0/R1 and PMKR0/R1Name in the helper functions

There is no need to have all callers debug print these separately.

Signed-off-by: Jouni Malinen <j@w1.fi>

diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
index 019e5357eed207c0c88c22642862bd9a54b3e6e6..8e21ee2c41e1a306d651b850928f32cafae4a4cc 100644 (file)
--- a/src/ap/wpa_auth.c
+++ b/src/ap/wpa_auth.c
@@ -2322,7 +2322,6 @@ int fils_auth_pmk_to_ptk(struct wpa_state_machine *sm, const u8 *pmk,
                struct wpa_auth_config *conf = &wpa_auth->conf;
                u8 pmk_r0[PMK_LEN_MAX], pmk_r0_name[WPA_PMK_NAME_LEN];
                int use_sha384 = wpa_key_mgmt_sha384(sm->wpa_key_mgmt);
-               size_t pmk_r0_len = use_sha384 ? SHA384_MAC_LEN : PMK_LEN;
 
                if (wpa_derive_pmk_r0(fils_ft, fils_ft_len,
                                      conf->ssid, conf->ssid_len,
@@ -2333,10 +2332,6 @@ int fils_auth_pmk_to_ptk(struct wpa_state_machine *sm, const u8 *pmk,
                                      use_sha384) < 0)
                        return -1;
 
-               wpa_hexdump_key(MSG_DEBUG, "FILS+FT: PMK-R0",
-                               pmk_r0, pmk_r0_len);
-               wpa_hexdump(MSG_DEBUG, "FILS+FT: PMKR0Name",
-                           pmk_r0_name, WPA_PMK_NAME_LEN);
                wpa_ft_store_pmk_fils(sm, pmk_r0, pmk_r0_name);
                forced_memzero(fils_ft, sizeof(fils_ft));
 

diff --git a/src/ap/wpa_auth_ft.c b/src/ap/wpa_auth_ft.c
index 5af65aad8ab2de498c8bb1f8ab2dd8cf20b4e322..d9a92e15f51611df8dd87efa3d94db09be43ccd0 100644 (file)
--- a/src/ap/wpa_auth_ft.c
+++ b/src/ap/wpa_auth_ft.c
@@ -2128,8 +2128,6 @@ int wpa_auth_derive_ptk_ft(struct wpa_state_machine *sm, struct wpa_ptk *ptk)
                              pmk_r0, pmk_r0_name,
                              wpa_key_mgmt_sha384(sm->wpa_key_mgmt)) < 0)
                return -1;
-       wpa_hexdump_key(MSG_DEBUG, "FT: PMK-R0", pmk_r0, pmk_r0_len);
-       wpa_hexdump(MSG_DEBUG, "FT: PMKR0Name", pmk_r0_name, WPA_PMK_NAME_LEN);
        if (!psk_local || !wpa_key_mgmt_ft_psk(sm->wpa_key_mgmt))
                wpa_ft_store_pmk_r0(sm->wpa_auth, sm->addr, pmk_r0, pmk_r0_len,
                                    pmk_r0_name,
@@ -2140,9 +2138,6 @@ int wpa_auth_derive_ptk_ft(struct wpa_state_machine *sm, struct wpa_ptk *ptk)
        if (wpa_derive_pmk_r1(pmk_r0, pmk_r0_len, pmk_r0_name, r1kh, sm->addr,
                              pmk_r1, sm->pmk_r1_name) < 0)
                return -1;
-       wpa_hexdump_key(MSG_DEBUG, "FT: PMK-R1", pmk_r1, pmk_r1_len);
-       wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name", sm->pmk_r1_name,
-                   WPA_PMK_NAME_LEN);
        if (!psk_local || !wpa_key_mgmt_ft_psk(sm->wpa_key_mgmt))
                wpa_ft_store_pmk_r1(sm->wpa_auth, sm->addr, pmk_r1, pmk_r1_len,
                                    sm->pmk_r1_name, sm->pairwise, &vlan,
@@ -2961,8 +2956,6 @@ static int wpa_ft_local_derive_pmk_r1(struct wpa_authenticator *wpa_auth,
                              conf->r1_key_holder,
                              sm->addr, out_pmk_r1, pmk_r1_name) < 0)
                return -1;
-       wpa_hexdump_key(MSG_DEBUG, "FT: PMK-R1", out_pmk_r1, r0->pmk_r0_len);
-       wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name", pmk_r1_name, WPA_PMK_NAME_LEN);
 
        os_get_reltime(&now);
        if (r0->expiration)
@@ -3091,8 +3084,6 @@ static int wpa_ft_process_auth_req(struct wpa_state_machine *sm,
                                   sm->wpa_auth->conf.r1_key_holder, sm->addr,
                                   pmk_r1_name, use_sha384) < 0)
                return WLAN_STATUS_UNSPECIFIED_FAILURE;
-       wpa_hexdump(MSG_DEBUG, "FT: Derived requested PMKR1Name",
-                   pmk_r1_name, WPA_PMK_NAME_LEN);
 
        if (conf->ft_psk_generate_local &&
            wpa_key_mgmt_ft_psk(sm->wpa_key_mgmt)) {
@@ -3699,14 +3690,11 @@ static int wpa_ft_rrb_build_r0(const u8 *key, const size_t key_len,
                { .type = FT_RRB_LAST_EMPTY, .len = 0, .data = NULL },
        };
 
+       wpa_printf(MSG_DEBUG, "FT: Derive PMK-R1 for peer AP");
        if (wpa_derive_pmk_r1(pmk_r0->pmk_r0, pmk_r0->pmk_r0_len,
                              pmk_r0->pmk_r0_name, r1kh_id,
                              s1kh_id, pmk_r1, pmk_r1_name) < 0)
                return -1;
-       wpa_hexdump_key(MSG_DEBUG, "FT: PMK-R1 (for peer AP)",
-                       pmk_r1, pmk_r1_len);
-       wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name (for peer AP)",
-                   pmk_r1_name, WPA_PMK_NAME_LEN);
        WPA_PUT_LE16(f_pairwise, pmk_r0->pairwise);
 
        os_get_reltime(&now);

diff --git a/src/common/wpa_common.c b/src/common/wpa_common.c
index 1e7498a9eeaa346cc911830206d6826d2dce37f2..82a5a174fefc77a7cfcad5da7432fd600c7f7870 100644 (file)
--- a/src/common/wpa_common.c
+++ b/src/common/wpa_common.c
@@ -1633,7 +1633,8 @@ int wpa_derive_pmk_r0(const u8 *xxkey, size_t xxkey_len,
        if (!use_sha384 && sha256_vector(2, addr, len, hash) < 0)
                return -1;
        os_memcpy(pmk_r0_name, hash, WPA_PMK_NAME_LEN);
-       os_memset(r0_key_data, 0, sizeof(r0_key_data));
+       wpa_hexdump(MSG_DEBUG, "FT: PMKR0Name", pmk_r0_name, WPA_PMK_NAME_LEN);
+       forced_memzero(r0_key_data, sizeof(r0_key_data));
        return 0;
 }
 
@@ -1670,6 +1671,7 @@ int wpa_derive_pmk_r1_name(const u8 *pmk_r0_name, const u8 *r1kh_id,
        if (!use_sha384 && sha256_vector(4, addr, len, hash) < 0)
                return -1;
        os_memcpy(pmk_r1_name, hash, WPA_PMK_NAME_LEN);
+       wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name", pmk_r1_name, WPA_PMK_NAME_LEN);
        return 0;
 }
 
@@ -1839,7 +1841,7 @@ int wpa_pmk_r1_to_ptk(const u8 *pmk_r1, size_t pmk_r1_len,
        wpa_hexdump_key(MSG_DEBUG, "FT: TK", ptk->tk, ptk->tk_len);
        wpa_hexdump(MSG_DEBUG, "FT: PTKName", ptk_name, WPA_PMK_NAME_LEN);
 
-       os_memset(tmp, 0, sizeof(tmp));
+       forced_memzero(tmp, sizeof(tmp));
 
        return 0;
 }

diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
index a9e2e2474b2e58cce01487075f02e9eaa34957c9..28d41760872e4e3ca0967c8fb08251bfb794c989 100644 (file)
--- a/src/rsn_supp/wpa.c
+++ b/src/rsn_supp/wpa.c
@@ -4430,10 +4430,6 @@ static int fils_ft_build_assoc_req_rsne(struct wpa_sm *sm, struct wpabuf *buf)
                return -1;
        }
        sm->pmk_r0_len = use_sha384 ? SHA384_MAC_LEN : PMK_LEN;
-       wpa_hexdump_key(MSG_DEBUG, "FILS+FT: PMK-R0",
-                       sm->pmk_r0, sm->pmk_r0_len);
-       wpa_hexdump(MSG_DEBUG, "FILS+FT: PMKR0Name",
-                   sm->pmk_r0_name, WPA_PMK_NAME_LEN);
        wpa_printf(MSG_DEBUG, "FILS+FT: R1KH-ID: " MACSTR,
                   MAC2STR(sm->r1kh_id));
        pos = wpabuf_put(buf, WPA_PMK_NAME_LEN);
@@ -4442,8 +4438,6 @@ static int fils_ft_build_assoc_req_rsne(struct wpa_sm *sm, struct wpabuf *buf)
                wpa_printf(MSG_WARNING, "FILS+FT: Could not derive PMKR1Name");
                return -1;
        }
-       wpa_hexdump(MSG_DEBUG, "FILS+FT: PMKR1Name", sm->pmk_r1_name,
-                   WPA_PMK_NAME_LEN);
        os_memcpy(pos, sm->pmk_r1_name, WPA_PMK_NAME_LEN);
 
        if (sm->mgmt_group_cipher == WPA_CIPHER_AES_128_CMAC) {

diff --git a/src/rsn_supp/wpa_ft.c b/src/rsn_supp/wpa_ft.c
index 3e51cf2a1d5f83213892ab059878b57da9ece755..63a4175ab4585fcd8cebc2f04a2f7d61ad083eed 100644 (file)
--- a/src/rsn_supp/wpa_ft.c
+++ b/src/rsn_supp/wpa_ft.c
@@ -50,17 +50,11 @@ int wpa_derive_ptk_ft(struct wpa_sm *sm, const unsigned char *src_addr,
                              sm->r0kh_id, sm->r0kh_id_len, sm->own_addr,
                              sm->pmk_r0, sm->pmk_r0_name, use_sha384) < 0)
                return -1;
-       wpa_hexdump_key(MSG_DEBUG, "FT: PMK-R0", sm->pmk_r0, sm->pmk_r0_len);
-       wpa_hexdump(MSG_DEBUG, "FT: PMKR0Name",
-                   sm->pmk_r0_name, WPA_PMK_NAME_LEN);
        sm->pmk_r1_len = sm->pmk_r0_len;
        if (wpa_derive_pmk_r1(sm->pmk_r0, sm->pmk_r0_len, sm->pmk_r0_name,
                              sm->r1kh_id, sm->own_addr, sm->pmk_r1,
                              sm->pmk_r1_name) < 0)
                return -1;
-       wpa_hexdump_key(MSG_DEBUG, "FT: PMK-R1", sm->pmk_r1, sm->pmk_r1_len);
-       wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name", sm->pmk_r1_name,
-                   WPA_PMK_NAME_LEN);
        return wpa_pmk_r1_to_ptk(sm->pmk_r1, sm->pmk_r1_len, sm->snonce, anonce,
                                 sm->own_addr, sm->bssid, sm->pmk_r1_name, ptk,
                                 ptk_name, sm->key_mgmt, sm->pairwise_cipher);
@@ -641,9 +635,6 @@ int wpa_ft_process_response(struct wpa_sm *sm, const u8 *ies, size_t ies_len,
                              sm->pmk_r1_name) < 0)
                return -1;
        sm->pmk_r1_len = sm->pmk_r0_len;
-       wpa_hexdump_key(MSG_DEBUG, "FT: PMK-R1", sm->pmk_r1, sm->pmk_r1_len);
-       wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name",
-                   sm->pmk_r1_name, WPA_PMK_NAME_LEN);
 
        bssid = target_ap;
        if (wpa_pmk_r1_to_ptk(sm->pmk_r1, sm->pmk_r1_len, sm->snonce,