wlan_rsn/key/
igtk.rs
1use crate::key::Tk;
6use crate::key_data::kde;
7use crate::Error;
8use mundane::bytes;
9use wlan_common::ie::rsn::cipher::Cipher;
10
11#[derive(Debug)]
13pub struct IgtkProvider {
14 key: Box<[u8]>,
15 tk_bytes: usize,
16 cipher: Cipher,
17}
18
19fn generate_random_igtk(len: usize) -> Box<[u8]> {
22 let mut key = vec![0; len];
23 bytes::rand(&mut key[..]);
24 key.into_boxed_slice()
25}
26
27impl IgtkProvider {
28 pub fn new(cipher: Cipher) -> Result<IgtkProvider, anyhow::Error> {
29 let tk_bytes: usize =
30 cipher.tk_bytes().ok_or(Error::IgtkHierarchyUnsupportedCipherError)?.into();
31 Ok(IgtkProvider { key: generate_random_igtk(tk_bytes), cipher, tk_bytes })
32 }
33
34 pub fn cipher(&self) -> Cipher {
35 self.cipher
36 }
37
38 pub fn rotate_key(&mut self) {
39 self.key = generate_random_igtk(self.tk_bytes);
40 }
41
42 pub fn get_igtk(&self) -> Igtk {
43 Igtk { igtk: self.key.to_vec(), key_id: 0, ipn: [0u8; 6], cipher: self.cipher.clone() }
44 }
45}
46
47#[derive(Debug, Clone, PartialEq, Eq, Hash)]
48pub struct Igtk {
49 pub igtk: Vec<u8>,
50 pub key_id: u16,
51 pub ipn: [u8; 6],
52 pub cipher: Cipher,
53}
54
55impl Igtk {
56 pub fn from_kde(element: kde::Igtk, cipher: Cipher) -> Self {
57 Self { igtk: element.igtk, key_id: element.id, ipn: element.ipn, cipher }
58 }
59}
60
61impl Tk for Igtk {
62 fn tk(&self) -> &[u8] {
63 &self.igtk[..]
64 }
65}
66
67#[cfg(test)]
68mod tests {
69 use super::*;
70 use wlan_common::ie::rsn::suite_filter::DEFAULT_GROUP_MGMT_CIPHER;
71
72 #[test]
73 fn test_igtk_generation() {
74 let mut igtk_provider =
75 IgtkProvider::new(DEFAULT_GROUP_MGMT_CIPHER).expect("failed creating IgtkProvider");
76
77 let first_igtk = igtk_provider.get_igtk().tk().to_vec();
78 for _ in 0..3 {
79 igtk_provider.rotate_key();
80 if first_igtk != igtk_provider.get_igtk().tk().to_vec() {
81 return;
82 }
83 }
84 panic!("IGTK key rotation always generates the same key!");
85 }
86}