From patchwork Mon May 6 00:30:38 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: John Brandt X-Patchwork-Id: 13654729 Received: from mail-pl1-f177.google.com (mail-pl1-f177.google.com [209.85.214.177]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 05FDCB673 for ; Mon, 6 May 2024 00:50:38 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.177 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714956640; cv=none; b=UfoMJAFUWQSVY7Ni2TY2SwH1UPzF1pukFjz+m6KomJnr33ZyYNmqfdVaJXqBE+ByJCPvuMhaozXsCF6FgoydKmA8qnpNwCs2GXlcmlEE4rQdO5df76g6xrBGmg0IAmDeTByREnleTrdnNwqQv+yJRIHetftYmyh5pR8mzCIdmRY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714956640; c=relaxed/simple; bh=VydOKVJuPBTss2PStFya0mkiAZeXJlVm1B0Smv+bZCA=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=YgtMw7Yr0eAO2bd4bdFXoNIHA1PhtUI4t6uSrKCsrSUi+yL7SL8v20ryIFgQbGoHwLLWDncCuEcwAbHK2D5d0t64Gmnnqy4mEyIsBewJ5Unvof0bOZ4mduFAApAmW1QCygGlOkIEOxKXOjd8s8l+6PfRhKRjf92Jb+9vIHwsAbw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=DVZYoj1s; arc=none smtp.client-ip=209.85.214.177 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="DVZYoj1s" Received: by mail-pl1-f177.google.com with SMTP id d9443c01a7336-1e9ffd3f96eso8487185ad.3 for ; Sun, 05 May 2024 17:50:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1714956638; x=1715561438; darn=lists.linux.dev; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=K5580yddf2aMg8WBhr7IZrzQ4F8u9ZGBSofyZ1Dq2gY=; b=DVZYoj1sJF9Qoz/0ukpCG2E1ft8ga90kaG3fnz2WrU8Mtez2/wXBiueqKNCyVFAhau Vc54wu2esQwqL04aZvk5FLggxTZVhM6yeWt4sU0jykuYO0AKiWDebvaPhpnXSbzaW0nk jArXX8EpRN4PLw1m+6QwW2xTyDVJ8RculH60OmZnZG0+mF6rfOlxUImBfPmvvv2N8apk NFEXbHfxsrgcM5cB57CUQ/RvupNupIt1BmudBKUc8FSbjQj4jP4ZIyuZktJoZwJ36bZe JRxsMEz8oUaLye21xoozQDXFfsrM5HwvuvVFquSB3xu0soaUZb0hDXvdGF/fecnUsPRG DmKg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1714956638; x=1715561438; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=K5580yddf2aMg8WBhr7IZrzQ4F8u9ZGBSofyZ1Dq2gY=; b=ThUr+MD5gxZOfeC6gmMZS5sQvkL5zr8ziHMtSdO1qAq3sLbDr4/58DJ4w5Zcd+9o55 lDYQeZtElSMgPo2MEB3fM08mVk6a7/Uk8+hQBozwzrGAE2jv9F7xZdzUWhR8G4RaRaXI R6vgxOJhDjN9+C7UEtd1r8TucJdYmzlB9DSttZBGN9IaoLfXGhpZTPpHCdI82ZP3vrB5 TB04tbPDn0SR+55efY+yqKso+inDCK7sOOSL6lyX9IxLIYpqK3w3qd96v1nyuOYbnx6O 4HqN3PZCl93WEwwntiVvs+JP8l8lOrS527QCzEyRb3S2wFJrkR7FgyiCGpiQnyPEkdWc MyvA== X-Gm-Message-State: AOJu0YwGKZaGNG0HZDa3hoiPWS/i2hYoAp4zHSusQog+CmnaYZkDXuHR TilnbIHw3ZUUk1ZOFF9yqeyJCBfrinCirlusi6CAZp21EjlU2/9O/VSzew== X-Google-Smtp-Source: AGHT+IHGTTbnJ5sEsjxjA1Yb3rMqJ1pWq8LEOHhVkRhseZ549M9b4ZK/o4hycFWN5jaARTGmcQmEFw== X-Received: by 2002:a17:902:db0a:b0:1eb:acff:63ba with SMTP id m10-20020a170902db0a00b001ebacff63bamr11783239plx.67.1714956637890; Sun, 05 May 2024 17:50:37 -0700 (PDT) Received: from localhost ([192.145.118.41]) by smtp.gmail.com with ESMTPSA id n5-20020a170903110500b001eab26889a7sm7043391plh.136.2024.05.05.17.50.37 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 05 May 2024 17:50:37 -0700 (PDT) From: John Brandt To: iwd@lists.linux.dev Cc: John Brandt Subject: [PATCH v2 15/18] handshake: add functions to save and set IGTK Date: Sun, 5 May 2024 17:30:38 -0700 Message-ID: <20240506003518.320176-16-brandtwjohn@gmail.com> X-Mailer: git-send-email 2.45.0 In-Reply-To: <20240506003518.320176-1-brandtwjohn@gmail.com> References: <20240506003518.320176-1-brandtwjohn@gmail.com> Precedence: bulk X-Mailing-List: iwd@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 To add MFP support in the AP mode, add utility functions to save the IGTK and to add the IGTK to handshake messages. --- src/handshake.c | 34 ++++++++++++++++++++++++++++++++++ src/handshake.h | 8 ++++++++ 2 files changed, 42 insertions(+) diff --git a/src/handshake.c b/src/handshake.c index ee23dbad..fc1978df 100644 --- a/src/handshake.c +++ b/src/handshake.c @@ -838,6 +838,21 @@ void handshake_state_set_gtk(struct handshake_state *s, const uint8_t *key, memcpy(s->gtk_rsc, rsc, 6); } +void handshake_state_set_igtk(struct handshake_state *s, const uint8_t *key, + unsigned int key_index, const uint8_t *rsc) +{ + enum crypto_cipher cipher = + ie_rsn_cipher_suite_to_cipher(s->group_management_cipher); + int key_len = crypto_cipher_key_len(cipher); + + if (!key_len) + return; + + memcpy(s->igtk, key, key_len); + s->igtk_index = key_index; + memcpy(s->igtk_rsc, rsc, 6); +} + /* * This function performs a match of the RSN/WPA IE obtained from the scan * results vs the RSN/WPA IE obtained as part of the 4-way handshake. If they @@ -1027,6 +1042,25 @@ void handshake_util_build_gtk_kde(enum crypto_cipher cipher, const uint8_t *key, memcpy(to, key, key_len); } +void handshake_util_build_igtk_kde(enum crypto_cipher cipher, const uint8_t *key, + unsigned int key_index, uint8_t *to) +{ + size_t key_len = crypto_cipher_key_len(cipher); + + *to++ = IE_TYPE_VENDOR_SPECIFIC; + *to++ = 12 + key_len; + l_put_be32(HANDSHAKE_KDE_IGTK, to); + to += 4; + *to++ = key_index; + *to++ = 0; + + /** Initialize PN to zero **/ + memset(to, 0, 6); + to += 6; + + memcpy(to, key, key_len); +} + static const uint8_t *handshake_state_get_ft_fils_kek(struct handshake_state *s, size_t *len) { diff --git a/src/handshake.h b/src/handshake.h index 62118fe2..8a356e6b 100644 --- a/src/handshake.h +++ b/src/handshake.h @@ -150,8 +150,11 @@ struct handshake_state { uint8_t r1khid[6]; uint8_t gtk[32]; uint8_t gtk_rsc[6]; + uint8_t igtk[32]; + uint8_t igtk_rsc[6]; uint8_t proto_version : 2; unsigned int gtk_index; + unsigned int igtk_index; uint8_t active_tk_index; struct erp_cache_entry *erp_cache; bool support_ip_allocation : 1; @@ -288,6 +291,9 @@ bool handshake_decode_fte_key(struct handshake_state *s, const uint8_t *wrapped, void handshake_state_set_gtk(struct handshake_state *s, const uint8_t *key, unsigned int key_index, const uint8_t *rsc); +void handshake_state_set_igtk(struct handshake_state *s, const uint8_t *key, + unsigned int key_index, const uint8_t *rsc); + void handshake_state_set_chandef(struct handshake_state *s, struct band_chandef *chandef); int handshake_state_verify_oci(struct handshake_state *s, const uint8_t *oci, @@ -307,5 +313,7 @@ const uint8_t *handshake_util_find_pmkid_kde(const uint8_t *data, size_t data_len); void handshake_util_build_gtk_kde(enum crypto_cipher cipher, const uint8_t *key, unsigned int key_index, uint8_t *to); +void handshake_util_build_igtk_kde(enum crypto_cipher cipher, const uint8_t *key, + unsigned int key_index, uint8_t *to); DEFINE_CLEANUP_FUNC(handshake_state_free);