WPA/WPA2四次握手
WPA/WPA2四次握手
官方文档:https://en.wikipedia.org/wiki/IEEE_802.11i-2004
The four-way handshake is designed so that the access point (or authenticator) and wireless client (or supplicant) can independently prove to each other that they know the PSK/PMK, without ever disclosing the key. Instead of disclosing the key, the access point & client each encrypt messages to each other—that can only be decrypted by using the PMK that they already share—and if decryption of the messages was successful, this proves knowledge of the PMK. The four-way handshake is critical for protection of the PMK from malicious access points—for example, an attacker's SSID impersonating a real access point—so that the client never has to tell the access point its PMK.
T The PMK is designed to last the entire session and should be exposed as little as possible; therefore, keys to encrypt the traffic need to be derived. A four-way handshake is used to establish another key called the Pairwise Transient Key (PTK).
WPA/WPA2使用4次握手的方式来产生所需要的密钥。即通过一系列的交互,从PMK(Pairwise Master Key)生成PTK(Pairwise Transient Key)。
PTK(Pairwise Transient Key)简介
PTK包含3个部分,KCK(Key Confirmation Key),KEK(Key Encryption Key),TK(Temporal Key)。
PTK的总长度根据加密方式不同而不同。
当加密方式是TKIP时,PTK长512位,按顺序分别为KCK占128位,KEK占128位,TK占256位。
当加密方式是CCMP时,PTK长384位,按顺序分别为KCK占128位,KEK占128位,TK占128位。
KEK和KCK是给EAPOL-Key,也就是四次握手时,加密和完整性验证用的。TK用于后续的数据加密。
生成PTK,需要5个必要元素,PMK,ANonce(Nonce 1),SNonce(Nonce 2),Authenticate MAC(MAC 1),Supplicant MAC(MAC 2)。如下图:
2个Nonce分别是Authenticator和Supplicant生成的随机数。
这张图里的输出包含4个部分,其实Data Encr和Data MIC合起来就是前面提到的TK。而EAPOL Encr/MIC分别对应前面的KEK和KCK。
PMK 简介(Pairwise Master Key)
密钥的生成是从主密钥开始。在成对密钥体系中,主密钥成为成对主密钥(pairwise master key)。
为了得到临时密钥,必须使用预先定义好的伪随机函数来展开PMK。为了使数据更为随机,此展开过程是根据预主密钥(pre-master key)、申请者与认证者(supplicant and authenticator)的MAC地址以及两个座位四次握手的随机nonce值。
TKIP与CCMP都会使用伪随机函数将256位的PMK展开为成对临时密钥。
PSK简介(pre-shared key)
四次握手的过程
1. The AP sends a nonce-value to the STA (ANonce). The client now has all the attributes to construct the PTK.因为1/4里同时也包含了Authenticator的MAC地址。
2. The STA sends its own nonce-value (SNonce) to the AP together with a MIC, including authentication, which is really a Message Authentication and Integrity Code (MAIC).Supplicant计算出PTK,把SNonce和自己的MAC地址送给Authenticator。同时,从2/4报文开始,后面的每个报文都会有MIC(消息完整性校验)。1/4没有。
3. The AP constructs and sends the GTK and a sequence number together with another MIC. This sequence number will be used in the next multicast or broadcast frame, so that the receiving STA can perform basic replay detection.
4. The STA sends a confirmation to the AP. 仅是对3/4的一个ACK。说明PTK已经装好,后面的数据可以加密了。
WPA的GTK会在4次握手完成以后进行安装,而WPA2的GTK则是在4次握手的过程中就进行了安装;如下图:
wpa四次握手
WPA:2-way handshake (GTK)
wpa2四次握手
The group key handshake
参考链接: