WPA/RSN four handshakes and PTK

WPA/RSN uses 4-way handshake to generate the required key.

Function

The four handshakes generate a PTK (pairwise transient key) from the PMK (pairwise master key) through a series of interactions ). The PMK is derived from the master session key, which is the first 256 bits and 32 bytes.

The main purpose of this article is to talk about PTK, So we temporarily ignore PMK and MSK.

PTK content

PTK consists of three parts: kck (key confirmation key), KEK (key encryption key), and TK (Temporal Key ).

The total length of the PTK varies depending on the encryption method.

When the encryption method is TKIP, the PTK is 512 characters long, with kck accounting for 128 places in sequence, KEK accounting for 128 places, and TK accounting for 256 places.

When the encryption method is CCMP, the PTK is 384 characters long, with kck accounting for 128 places in sequence, KEK accounting for 128 places, and TK accounting for 128 places.

The KEK and kck are used for encryption and Integrity Verification for eapol-key, that is, four handshakes. TK is used for subsequent data encryption.

The four handshakes are based on eapol-key. The eapol-key structure is as follows:

PTK generation

To generate a PTK, five necessary elements are required: PMK, anonce (nonce 1), snonce (nonce 2), authenticate MAC (Mac 1), and supplicant MAC (MAC 2 ). For example:

The two nonce values are random numbers generated by authenticator and supplicant respectively.

The output of this topology contains four parts. In fact, data encr and data mic are combined as the TK mentioned above. The eapol encr/MIC corresponds to the previous KEK and kck respectively.

Interaction Process of four handshakes

The interaction below is just a process, so we will not elaborate on the processing of some internal data.

1/4: authenticator-> supplicant

Authenticator sends anonce to supplicant. After supplicant receives 1/4, it has all the elements that generate the PTK. Because 1/4 also contains the MAC address of the authenticator.

2/4: Supplicant-> authenticator

Supplicant calculates the PTK and sends snonce and its MAC address to authenticator. At the same time, starting from 2/4 packets, each message will have mic. 1/4 No.

3/4: authenticator-> supplicant

Authenticator proves to supplicant that he has been valid and that he has also joined the mic.

4/4: Supplicant-> authenticator

Only one ack for 3/4. It indicates that the PTK has been installed and the subsequent data can be encrypted.