I am looking for the equation/function definition for computing the PTK with clear definitions of the function parameters. Attached is the definition given in the 80211-2020 standard document. The algorithm given in the standard has the following equation: HMAC-Hash(K, i || Label || Context || Length), K is pmk, i is iteration/counter, label is "Pairwise key expansion". What is Context in the case of WPA2-PMF (version 3)? I appreciate your help in getting the code given below working correctly.
I tried the following python implementation, but it does not produce the expected results.
import hashlib
import hmac
import struct
from Crypto.SelfTest.st_common import a2b_hex, b2a_hex
from Crypto.Util.py3compat import tobytes, b
from Crypto.Hash import SHA as SHA1, HMAC
from Crypto.Util.strxor import strxor
# IEEE 802.11-specific pseudorandom function.
def custom_prf(key, a, b, l):
i = 0
r = b''
while i < ((l ) / 256):
hmacsha256 = hmac.new(key, bytes(chr(i),'UTF-8') + a + bytes(chr(0x00),'UTF-8')+b+bytes(chr(l),'UTF-8'), hashlib.sha256)
r += hmacsha256.digest()
i += 1
return r[:int(l/8)]
A=bytes("Pairwise key expansion",'utf-8')
AP_addr = bytes.fromhex("6c5ab040a3b3")
STA_addr = bytes.fromhex("3c063034f9e5")
A_nonce = bytes.fromhex("d196e849af3f3730e1a9e62333c8c48e648c3afbe920643d47ea90702a09ce1d")
S_nonce = bytes.fromhex("f79a753694761f54ee35b6479ea9b36194045ef2f094df8f55baacdd9c3976c8")
B = min(AP_addr,STA_addr)+max(AP_addr,STA_addr)+min(A_nonce,S_nonce)+max(A_nonce,S_nonce)
pmk= bytes.fromhex("31b157b3cfef297a7b988d197b442ca891ecf916807bdd5950594183ed6925d3")
ptk = custom_prf(pmk, A, B, 384)
print ("PTK: ", ptk.hex())
#expected results -ptk: "bdbdcc8ada5f50716f3a2379bab6e1c703b74d74d2c6974141527a8c9966107b94ed4c49d916f32095d7cb61aa1e7fbf"
