29 void pasn_set_responder_pmksa(struct pasn_data *pasn,  in pasn_set_responder_pmksa()  argument
32 	if (pasn)  in pasn_set_responder_pmksa()
33 		pasn->pmksa = pmksa;  in pasn_set_responder_pmksa()
40 static int pasn_wd_handle_sae_commit(struct pasn_data *pasn,  in pasn_wd_handle_sae_commit()  argument
47 	int groups[] = { pasn->group, 0 };  in pasn_wd_handle_sae_commit()
75 	sae_clear_data(&pasn->sae);  in pasn_wd_handle_sae_commit()
76 	pasn->sae.state = SAE_NOTHING;  in pasn_wd_handle_sae_commit()
78 	ret = sae_set_group(&pasn->sae, pasn->group);  in pasn_wd_handle_sae_commit()
84 	if (!pasn->password || !pasn->pt) {  in pasn_wd_handle_sae_commit()
89 	ret = sae_prepare_commit_pt(&pasn->sae, pasn->pt, own_addr, peer_addr,  in pasn_wd_handle_sae_commit()
96 	res = sae_parse_commit(&pasn->sae, data + 6, buf_len - 6, NULL, 0,  in pasn_wd_handle_sae_commit()
104 	ret = sae_process_commit(&pasn->sae);  in pasn_wd_handle_sae_commit()
110 	pasn->sae.state = SAE_COMMITTED;  in pasn_wd_handle_sae_commit()
116 static int pasn_wd_handle_sae_confirm(struct pasn_data *pasn,  in pasn_wd_handle_sae_confirm()  argument
147 	res = sae_check_confirm(&pasn->sae, data + 6, buf_len - 6, NULL);  in pasn_wd_handle_sae_confirm()
153 	pasn->sae.state = SAE_ACCEPTED;  in pasn_wd_handle_sae_confirm()
160 	if (pasn->disable_pmksa_caching)  in pasn_wd_handle_sae_confirm()
164 			pasn->sae.pmk, pasn->sae.pmk_len);  in pasn_wd_handle_sae_confirm()
165 	if (!pasn->sae.akmp)  in pasn_wd_handle_sae_confirm()
166 		pasn->sae.akmp = WPA_KEY_MGMT_SAE;  in pasn_wd_handle_sae_confirm()
168 	pmksa_cache_auth_add(pasn->pmksa, pasn->sae.pmk, pasn->sae.pmk_len,  in pasn_wd_handle_sae_confirm()
169 			     pasn->sae.pmkid, NULL, 0, pasn->own_addr,  in pasn_wd_handle_sae_confirm()
170 			     peer_addr, 0, NULL, pasn->sae.akmp);  in pasn_wd_handle_sae_confirm()
175 static struct wpabuf * pasn_get_sae_wd(struct pasn_data *pasn)  in pasn_get_sae_wd()  argument
195 	sae_write_commit(&pasn->sae, buf, NULL, 0);  in pasn_get_sae_wd()
205 	sae_write_confirm(&pasn->sae, buf);  in pasn_get_sae_wd()
208 	pasn->sae.state = SAE_CONFIRMED;  in pasn_get_sae_wd()
218 static struct wpabuf * pasn_get_fils_wd(struct pasn_data *pasn)  in pasn_get_fils_wd()  argument
220 	struct pasn_fils *fils = &pasn->fils;  in pasn_get_fils_wd()
242 	wpa_pasn_add_rsne(buf, NULL, pasn->akmp, pasn->cipher);  in pasn_get_fils_wd()
267 static struct wpabuf * pasn_get_wrapped_data(struct pasn_data *pasn)  in pasn_get_wrapped_data()  argument
269 	switch (pasn->akmp) {  in pasn_get_wrapped_data()
275 		return pasn_get_sae_wd(pasn);  in pasn_get_wrapped_data()
284 		return pasn_get_fils_wd(pasn);  in pasn_get_wrapped_data()
293 			   pasn->akmp);  in pasn_get_wrapped_data()
300 pasn_derive_keys(struct pasn_data *pasn,  in pasn_derive_keys()  argument
318 	if (pasn->akmp == WPA_KEY_MGMT_PASN) {  in pasn_derive_keys()
329 		switch (pasn->akmp) {  in pasn_derive_keys()
332 			if (pasn->sae.state == SAE_COMMITTED) {  in pasn_derive_keys()
334 				os_memcpy(pmk, pasn->sae.pmk, PMK_LEN);  in pasn_derive_keys()
347 	pasn->pmk_len = pmk_len;  in pasn_derive_keys()
348 	os_memcpy(pasn->pmk, pmk, pmk_len);  in pasn_derive_keys()
351 			      &pasn->ptk, pasn->akmp,  in pasn_derive_keys()
352 			      pasn->cipher, pasn->kdk_len);  in pasn_derive_keys()
358 	if (pasn->secure_ltf) {  in pasn_derive_keys()
359 		ret = wpa_ltf_keyseed(&pasn->ptk, pasn->akmp,  in pasn_derive_keys()
360 				      pasn->cipher);  in pasn_derive_keys()
373 static void handle_auth_pasn_comeback(struct pasn_data *pasn,  in handle_auth_pasn_comeback()  argument
382 		   pasn->comeback_after);  in handle_auth_pasn_comeback()
388 	wpa_pasn_build_auth_header(buf, pasn->bssid, own_addr, peer_addr, 2,  in handle_auth_pasn_comeback()
395 	comeback = auth_build_token_req(&pasn->last_comeback_key_update,  in handle_auth_pasn_comeback()
396 					pasn->comeback_key, pasn->comeback_idx,  in handle_auth_pasn_comeback()
397 					pasn->comeback_pending_idx,  in handle_auth_pasn_comeback()
410 				  pasn->comeback_after);  in handle_auth_pasn_comeback()
416 	ret = pasn->send_mgmt(pasn->cb_ctx, wpabuf_head_u8(buf),  in handle_auth_pasn_comeback()
425 int handle_auth_pasn_resp(struct pasn_data *pasn, const u8 *own_addr,  in handle_auth_pasn_resp()  argument
446 	wpa_pasn_build_auth_header(buf, pasn->bssid, own_addr, peer_addr, 2,  in handle_auth_pasn_resp()
452 	if (pmksa && pasn->custom_pmkid_valid)  in handle_auth_pasn_resp()
453 		pmkid = pasn->custom_pmkid;  in handle_auth_pasn_resp()
457 	} else if (pasn->akmp == WPA_KEY_MGMT_SAE) {  in handle_auth_pasn_resp()
459 		pmkid = pasn->sae.pmkid;  in handle_auth_pasn_resp()
462 	} else if (pasn->akmp == WPA_KEY_MGMT_FILS_SHA256 ||  in handle_auth_pasn_resp()
463 		   pasn->akmp == WPA_KEY_MGMT_FILS_SHA384) {  in handle_auth_pasn_resp()
465 		pmkid = pasn->fils.erp_pmkid;  in handle_auth_pasn_resp()
470 			      pasn->akmp, pasn->cipher) < 0)  in handle_auth_pasn_resp()
475 		wrapped_data_buf = pasn_get_wrapped_data(pasn);  in handle_auth_pasn_resp()
477 		pasn->wrapped_data_format = WPA_PASN_WRAPPED_DATA_NO;  in handle_auth_pasn_resp()
480 	pubkey = crypto_ecdh_get_pubkey(pasn->ecdh, 0);  in handle_auth_pasn_resp()
482 				crypto_ecdh_prime_len(pasn->ecdh));  in handle_auth_pasn_resp()
488 	wpa_pasn_add_parameter_ie(buf, pasn->group,  in handle_auth_pasn_resp()
489 				  pasn->wrapped_data_format,  in handle_auth_pasn_resp()
501 	rsnxe_ie = pasn->rsnxe_ie;  in handle_auth_pasn_resp()
505 	wpa_pasn_add_extra_ies(buf, pasn->extra_ies, pasn->extra_ies_len);  in handle_auth_pasn_resp()
508 	mic_len = pasn_mic_len(pasn->akmp, pasn->cipher);  in handle_auth_pasn_resp()
518 	if (pasn->rsn_ie && pasn->rsn_ie_len) {  in handle_auth_pasn_resp()
519 		rsn_ie = pasn->rsn_ie;  in handle_auth_pasn_resp()
533 				      pasn->akmp, pasn->cipher) < 0)  in handle_auth_pasn_resp()
558 	ret = pasn_mic(pasn->ptk.kck, pasn->akmp, pasn->cipher,  in handle_auth_pasn_resp()
568 	if (pasn->corrupt_mic) {  in handle_auth_pasn_resp()
581 	ret = pasn->send_mgmt(pasn->cb_ctx, wpabuf_head_u8(buf),  in handle_auth_pasn_resp()
598 int handle_auth_pasn_1(struct pasn_data *pasn,  in handle_auth_pasn_1()  argument
609 	const int *groups = pasn->pasn_groups;  in handle_auth_pasn_1()
650 	if (!(rsn_data.key_mgmt & pasn->wpa_key_mgmt) ||  in handle_auth_pasn_1()
651 	    !(rsn_data.pairwise_cipher & pasn->rsn_pairwise)) {  in handle_auth_pasn_1()
657 	pasn->akmp = rsn_data.key_mgmt;  in handle_auth_pasn_1()
658 	pasn->cipher = rsn_data.pairwise_cipher;  in handle_auth_pasn_1()
660 	if (pasn->derive_kdk &&  in handle_auth_pasn_1()
663 		pasn->secure_ltf = true;  in handle_auth_pasn_1()
665 	if (pasn->derive_kdk)  in handle_auth_pasn_1()
666 		pasn->kdk_len = WPA_KDK_MAX_LEN;  in handle_auth_pasn_1()
668 		pasn->kdk_len = 0;  in handle_auth_pasn_1()
670 	wpa_printf(MSG_DEBUG, "PASN: kdk_len=%zu", pasn->kdk_len);  in handle_auth_pasn_1()
708 		ret = check_comeback_token(pasn->comeback_key,  in handle_auth_pasn_1()
709 					   pasn->comeback_pending_idx,  in handle_auth_pasn_1()
719 	} else if (pasn->use_anti_clogging) {  in handle_auth_pasn_1()
721 		handle_auth_pasn_comeback(pasn, own_addr, peer_addr,  in handle_auth_pasn_1()
726 	pasn->ecdh = crypto_ecdh_init(pasn_params.group);  in handle_auth_pasn_1()
727 	if (!pasn->ecdh) {  in handle_auth_pasn_1()
733 	pasn->group = pasn_params.group;  in handle_auth_pasn_1()
748 	secret = crypto_ecdh_set_peerkey(pasn->ecdh, inc_y,  in handle_auth_pasn_1()
757 	if (!pasn->noauth && pasn->akmp == WPA_KEY_MGMT_PASN) {  in handle_auth_pasn_1()
774 		if (pasn->akmp == WPA_KEY_MGMT_SAE) {  in handle_auth_pasn_1()
775 			ret = pasn_wd_handle_sae_commit(pasn, own_addr,  in handle_auth_pasn_1()
787 		if (pasn->akmp == WPA_KEY_MGMT_FILS_SHA256 ||  in handle_auth_pasn_1()
788 		    pasn->akmp == WPA_KEY_MGMT_FILS_SHA384) {  in handle_auth_pasn_1()
789 			if (!pasn->fils_wd_valid) {  in handle_auth_pasn_1()
808 	pasn->wrapped_data_format = pasn_params.wrapped_data_format;  in handle_auth_pasn_1()
810 	ret = pasn_auth_frame_hash(pasn->akmp, pasn->cipher,  in handle_auth_pasn_1()
812 				   len - IEEE80211_HDRLEN, pasn->hash);  in handle_auth_pasn_1()
821 		pasn->secret = secret;  in handle_auth_pasn_1()
827 		if (wpa_key_mgmt_ft(pasn->akmp)) {  in handle_auth_pasn_1()
831 			if (!pasn->pmk_r1_len) {  in handle_auth_pasn_1()
837 			cached_pmk = pasn->pmk_r1;  in handle_auth_pasn_1()
838 			cached_pmk_len = pasn->pmk_r1_len;  in handle_auth_pasn_1()
847 			if (pasn->pmksa) {  in handle_auth_pasn_1()
850 				if (pasn->custom_pmkid_valid) {  in handle_auth_pasn_1()
851 					ret = pasn->validate_custom_pmkid(  in handle_auth_pasn_1()
852 						pasn->cb_ctx, peer_addr,  in handle_auth_pasn_1()
864 				pmksa = pmksa_cache_auth_get(pasn->pmksa,  in handle_auth_pasn_1()
877 	ret = pasn_derive_keys(pasn, own_addr, peer_addr,  in handle_auth_pasn_1()
886 	ret = pasn_auth_frame_hash(pasn->akmp, pasn->cipher,  in handle_auth_pasn_1()
888 				   len - IEEE80211_HDRLEN, pasn->hash);  in handle_auth_pasn_1()
895 	ret = handle_auth_pasn_resp(pasn, own_addr, peer_addr, pmksa, status);  in handle_auth_pasn_1()
914 int handle_auth_pasn_3(struct pasn_data *pasn, const u8 *own_addr,  in handle_auth_pasn_3()  argument
937 	mic_len = pasn_mic_len(pasn->akmp, pasn->cipher);  in handle_auth_pasn_3()
976 	ret = pasn_mic(pasn->ptk.kck, pasn->akmp, pasn->cipher,  in handle_auth_pasn_3()
978 		       pasn->hash, mic_len * 2,  in handle_auth_pasn_3()
1000 		if (pasn->akmp == WPA_KEY_MGMT_SAE) {  in handle_auth_pasn_3()
1001 			ret = pasn_wd_handle_sae_confirm(pasn, peer_addr,  in handle_auth_pasn_3()
1012 		if (pasn->akmp == WPA_KEY_MGMT_FILS_SHA256 ||  in handle_auth_pasn_3()
1013 		    pasn->akmp == WPA_KEY_MGMT_FILS_SHA384) {  in handle_auth_pasn_3()