BR EUI-64 is now selected for 4WH using PMKID on 4WH Message 1

When 4WH starts and PMKID is validated the BR EUI-64 used on validation
can be either from previous succesful 4WH authentication with the BR
(PTK EUI-64) or it can be received from EAPOL target during TLS or 4WH.

In case BR EUI-64 has changed since last succesful 4WH, the PMKID
is now validated against both the PTK EUI-64 and the received EUI-64.
If either one matches to PMKID that is used for the 4WH negotiation.

Author: Mika Leppänen

source/Security/protocols/fwh_sec_prot/auth_fwh_sec_prot.c

@@ -234,7 +234,7 @@ static int8_t auth_fwh_sec_prot_message_send(sec_prot_t *prot, fwh_sec_prot_msg_
     switch (msg) {
         case FWH_MESSAGE_1: {
             uint8_t pmkid[PMKID_LEN];
-            if (sec_prot_lib_pmkid_generate(prot, pmkid, true) < 0) {
+            if (sec_prot_lib_pmkid_generate(prot, pmkid, true, false, NULL) < 0) {
                 ns_dyn_mem_free(kde_start);
                 return -1;
             }

source/Security/protocols/fwh_sec_prot/supp_fwh_sec_prot.c

@@ -473,7 +473,7 @@ static int8_t supp_fwh_sec_prot_ptk_generate(sec_prot_t *prot, sec_prot_keys_t *
     fwh_sec_prot_int_t *data = fwh_sec_prot_get(prot);
 
     uint8_t local_eui64[8];
-    prot->addr_get(prot, local_eui64, data->remote_eui64);
+    prot->addr_get(prot, local_eui64, NULL);
 
     uint8_t *remote_nonce = data->recv_eapol_pdu.msg.key.key_nonce;
     if (!remote_nonce) {
@@ -553,11 +553,24 @@ static int8_t supp_fwh_kde_handle(sec_prot_t *prot)
             if (kde_pmkid_read(kde, kde_len, recv_pmkid) < 0) {
                 goto error;
             }
-            if (sec_prot_lib_pmkid_generate(prot, calc_pmkid, false) < 0) {
+            /* Fix the used EUI-64 for the length of the 4WH handshake using the PMKID. Try
+             * first primary BR EUI-64 (e.g. validated by PTK procedure) for PMKID.
+             */
+            if (sec_prot_lib_pmkid_generate(prot, calc_pmkid, false, false, data->remote_eui64) < 0) {
                 goto error;
             }
+            // If PMKID is not valid
             if (memcmp(recv_pmkid, calc_pmkid, PMKID_LEN) != 0) {
-                goto error;
+                tr_info("PMKID mismatch, 1st EUI-64: %s", tr_array(data->remote_eui64, 8));
+                // Try alternate EUI-64 (e.g. received during security handshake)
+                if (sec_prot_lib_pmkid_generate(prot, calc_pmkid, false, true, data->remote_eui64) < 0) {
+                    goto error;
+                }
+                // If PMKID is not valid, fail
+                if (memcmp(recv_pmkid, calc_pmkid, PMKID_LEN) != 0) {
+                    tr_error("PMKID mismatch, 2nd EUI-64: %s", tr_array(data->remote_eui64, 8));
+                    goto error;
+                }
             }
         }
         break;

source/Security/protocols/key_sec_prot/key_sec_prot.c

@@ -171,7 +171,7 @@ static int8_t key_sec_prot_initial_key_send(sec_prot_t *prot, sec_prot_keys_t *s
     uint8_t *pmk = sec_prot_keys_pmk_get(sec_keys);
     uint8_t pmkid[PMKID_LEN];
     if (pmk) {
-        if (sec_prot_lib_pmkid_generate(prot, pmkid, false) >= 0) {
+        if (sec_prot_lib_pmkid_generate(prot, pmkid, false, false, NULL) >= 0) {
             kde_len += KDE_PMKID_LEN;
         } else {
             pmk = NULL;
@@ -270,7 +270,7 @@ static int8_t key_sec_prot_receive(sec_prot_t *prot, void *pdu, uint16_t size)
         if (kde_pmkid_read(kde, kde_len, remote_keyid) >= 0) {
             tr_debug("recv PMKID: %s", trace_array(remote_keyid, 16));
             uint8_t pmkid[PMKID_LEN];
-            if (sec_prot_lib_pmkid_generate(prot, pmkid, true) >= 0) {
+            if (sec_prot_lib_pmkid_generate(prot, pmkid, true, false, NULL) >= 0) {
                 if (memcmp(remote_keyid, pmkid, PMKID_LEN) == 0) {
                     prot->sec_keys->pmk_mismatch = false;
                 }

source/Security/protocols/sec_prot_lib.c

@@ -445,7 +445,7 @@ int8_t sec_prot_lib_mic_validate(uint8_t *ptk, uint8_t *mic, uint8_t *pdu, uint8
     return 0;
 }
 
-int8_t sec_prot_lib_pmkid_generate(sec_prot_t *prot, uint8_t *pmkid, bool is_auth)
+int8_t sec_prot_lib_pmkid_generate(sec_prot_t *prot, uint8_t *pmkid, bool is_auth, bool alt_remote_eui64_use, uint8_t *used_remote_eui64)
 {
     uint8_t *pmk = sec_prot_keys_pmk_get(prot->sec_keys);
     if (!pmk) {
@@ -456,14 +456,22 @@ int8_t sec_prot_lib_pmkid_generate(sec_prot_t *prot, uint8_t *pmkid, bool is_aut
     uint8_t remote_eui64[8];
     // Tries to get the EUI-64 that is validated by PTK procedure or bound to supplicant entry
     uint8_t *remote_eui64_ptr = sec_prot_keys_ptk_eui_64_get(prot->sec_keys);
-    if (remote_eui64_ptr) {
+    if (remote_eui64_ptr && !alt_remote_eui64_use) {
         memcpy(remote_eui64, remote_eui64_ptr, 8);
         prot->addr_get(prot, local_eui64, NULL);
     } else {
+        // If request is for alternative EUI-64, but PTK EUI-64 is not present, returns failure
+        if (alt_remote_eui64_use && !remote_eui64_ptr) {
+            return -1;
+        }
         // If validated EUI-64 is not present, use the remote EUI-64
         prot->addr_get(prot, local_eui64, remote_eui64);
     }
 
+    if (used_remote_eui64 != NULL) {
+        memcpy(used_remote_eui64, remote_eui64, 8);
+    }
+
     if (is_auth) {
         return sec_prot_lib_pmkid_calc(pmk, local_eui64, remote_eui64, pmkid);
     } else {

source/Security/protocols/sec_prot_lib.h

@@ -162,11 +162,13 @@ int8_t sec_prot_lib_mic_validate(uint8_t *ptk, uint8_t *mic, uint8_t *pdu, uint8
  * \param prot security protocol
  * \param pmkid PMK ID
  * \param is_auth set for authenticator
+ * \param alt_remote_eui64_use use alternative remote EUI-64 if available
+ * \param used_remote_eui64 remote EUI-64 used on PMKID generation
  *
  * \return < 0 failure
  * \return >= 0 success
  */
-int8_t sec_prot_lib_pmkid_generate(sec_prot_t *prot, uint8_t *pmkid, bool is_auth);
+int8_t sec_prot_lib_pmkid_generate(sec_prot_t *prot, uint8_t *pmkid, bool is_auth, bool alt_remote_eui64_use, uint8_t *used_remote_eui64);
 
 /**
  *  sec_prot_lib_ptkid_generate generate PTK ID from PTK