WPA/WPA2四次握手
官方文檔:https://en.wikipedia.org/wiki/IEEE_802.11i-2004
The four-way handshake is designed so that the access point (or authenticator) and wireless client (or supplicant) can independently prove to each other that they know the PSK/PMK, without ever disclosing the key. Instead of disclosing the key, the access point & client each encrypt messages to each other—that can only be decrypted by using the PMK that they already share—and if decryption of the messages was successful, this proves knowledge of the PMK. The four-way handshake is critical for protection of the PMK from malicious access points—for example, an attacker's SSID impersonating a real access point—so that the client never has to tell the access point its PMK.
T The PMK is designed to last the entire session and should be exposed as little as possible; therefore, keys to encrypt the traffic need to be derived. A four-way handshake is used to establish another key called the Pairwise Transient Key (PTK).
WPA/WPA2使用4次握手的方式來產生所需要的密鑰。即通過一系列的交互,從PMK(Pairwise Master Key)生成PTK(Pairwise Transient Key)。
PTK(Pairwise Transient Key)簡介
PTK包含3個部分,KCK(Key Confirmation Key),KEK(Key Encryption Key),TK(Temporal Key)。
PTK的總長度根據加密方式不同而不同。
當加密方式是TKIP時,PTK長512位,按順序分別為KCK占128位,KEK占128位,TK占256位。
當加密方式是CCMP時,PTK長384位,按順序分別為KCK占128位,KEK占128位,TK占128位。
KEK和KCK是給EAPOL-Key,也就是四次握手時,加密和完整性驗證用的。TK用於后續的數據加密。
生成PTK,需要5個必要元素,PMK,ANonce(Nonce 1),SNonce(Nonce 2),Authenticate MAC(MAC 1),Supplicant MAC(MAC 2)。如下圖:
2個Nonce分別是Authenticator和Supplicant生成的隨機數。
這張圖里的輸出包含4個部分,其實Data Encr和Data MIC合起來就是前面提到的TK。而EAPOL Encr/MIC分別對應前面的KEK和KCK。
PMK 簡介(Pairwise Master Key)
密鑰的生成是從主密鑰開始。在成對密鑰體系中,主密鑰成為成對主密鑰(pairwise master key)。
為了得到臨時密鑰,必須使用預先定義好的偽隨機函數來展開PMK。為了使數據更為隨機,此展開過程是根據預主密鑰(pre-master key)、申請者與認證者(supplicant and authenticator)的MAC地址以及兩個座位四次握手的隨機nonce值。
TKIP與CCMP都會使用偽隨機函數將256位的PMK展開為成對臨時密鑰。
PSK簡介(pre-shared key)
四次握手的過程
1. The AP sends a nonce-value to the STA (ANonce). The client now has all the attributes to construct the PTK.因為1/4里同時也包含了Authenticator的MAC地址。
2. The STA sends its own nonce-value (SNonce) to the AP together with a MIC, including authentication, which is really a Message Authentication and Integrity Code (MAIC).Supplicant計算出PTK,把SNonce和自己的MAC地址送給Authenticator。同時,從2/4報文開始,后面的每個報文都會有MIC(消息完整性校驗)。1/4沒有。
3. The AP constructs and sends the GTK and a sequence number together with another MIC. This sequence number will be used in the next multicast or broadcast frame, so that the receiving STA can perform basic replay detection.
4. The STA sends a confirmation to the AP. 僅是對3/4的一個ACK。說明PTK已經裝好,后面的數據可以加密了。
WPA的GTK會在4次握手完成以后進行安裝,而WPA2的GTK則是在4次握手的過程中就進行了安裝;如下圖:
wpa四次握手
WPA:2-way handshake (GTK)
wpa2四次握手
The group key handshake
參考鏈接: