Lines Matching refs:sm
29 static void wpa_ft_pasn_store_r1kh(struct wpa_sm *sm, const u8 *bssid);
31 static void wpa_ft_pasn_store_r1kh(struct wpa_sm *sm, const u8 *bssid) in wpa_ft_pasn_store_r1kh() argument
37 int wpa_derive_ptk_ft(struct wpa_sm *sm, const unsigned char *src_addr, in wpa_derive_ptk_ft() argument
42 int use_sha384 = wpa_key_mgmt_sha384(sm->key_mgmt); in wpa_derive_ptk_ft()
47 if (sm->xxkey_len > 0) { in wpa_derive_ptk_ft()
48 mpmk = sm->xxkey; in wpa_derive_ptk_ft()
49 mpmk_len = sm->xxkey_len; in wpa_derive_ptk_ft()
50 } else if (sm->cur_pmksa) { in wpa_derive_ptk_ft()
51 mpmk = sm->cur_pmksa->pmk; in wpa_derive_ptk_ft()
52 mpmk_len = sm->cur_pmksa->pmk_len; in wpa_derive_ptk_ft()
59 if (wpa_key_mgmt_sae_ext_key(sm->key_mgmt)) in wpa_derive_ptk_ft()
60 sm->pmk_r0_len = mpmk_len; in wpa_derive_ptk_ft()
62 sm->pmk_r0_len = use_sha384 ? SHA384_MAC_LEN : PMK_LEN; in wpa_derive_ptk_ft()
63 if (wpa_derive_pmk_r0(mpmk, mpmk_len, sm->ssid, in wpa_derive_ptk_ft()
64 sm->ssid_len, sm->mobility_domain, in wpa_derive_ptk_ft()
65 sm->r0kh_id, sm->r0kh_id_len, sm->own_addr, in wpa_derive_ptk_ft()
66 sm->pmk_r0, sm->pmk_r0_name, sm->key_mgmt) < 0) in wpa_derive_ptk_ft()
68 sm->pmk_r1_len = sm->pmk_r0_len; in wpa_derive_ptk_ft()
69 if (wpa_derive_pmk_r1(sm->pmk_r0, sm->pmk_r0_len, sm->pmk_r0_name, in wpa_derive_ptk_ft()
70 sm->r1kh_id, sm->own_addr, sm->pmk_r1, in wpa_derive_ptk_ft()
71 sm->pmk_r1_name) < 0) in wpa_derive_ptk_ft()
74 wpa_ft_pasn_store_r1kh(sm, src_addr); in wpa_derive_ptk_ft()
76 if (sm->force_kdk_derivation || in wpa_derive_ptk_ft()
77 (sm->secure_ltf && in wpa_derive_ptk_ft()
78 ieee802_11_rsnx_capab(sm->ap_rsnxe, WLAN_RSNX_CAPAB_SECURE_LTF))) in wpa_derive_ptk_ft()
83 ret = wpa_pmk_r1_to_ptk(sm->pmk_r1, sm->pmk_r1_len, sm->snonce, in wpa_derive_ptk_ft()
84 anonce, sm->own_addr, wpa_sm_get_auth_addr(sm), in wpa_derive_ptk_ft()
85 sm->pmk_r1_name, ptk, ptk_name, sm->key_mgmt, in wpa_derive_ptk_ft()
86 sm->pairwise_cipher, kdk_len); in wpa_derive_ptk_ft()
92 os_memcpy(sm->key_mobility_domain, sm->mobility_domain, in wpa_derive_ptk_ft()
96 if (sm->secure_ltf && in wpa_derive_ptk_ft()
97 ieee802_11_rsnx_capab(sm->ap_rsnxe, WLAN_RSNX_CAPAB_SECURE_LTF)) in wpa_derive_ptk_ft()
98 ret = wpa_ltf_keyseed(ptk, sm->key_mgmt, sm->pairwise_cipher); in wpa_derive_ptk_ft()
112 int wpa_sm_set_ft_params(struct wpa_sm *sm, const u8 *ies, size_t ies_len) in wpa_sm_set_ft_params() argument
116 if (sm == NULL) in wpa_sm_set_ft_params()
120 os_free(sm->assoc_resp_ies); in wpa_sm_set_ft_params()
121 sm->assoc_resp_ies = NULL; in wpa_sm_set_ft_params()
122 sm->assoc_resp_ies_len = 0; in wpa_sm_set_ft_params()
123 os_memset(sm->mobility_domain, 0, MOBILITY_DOMAIN_ID_LEN); in wpa_sm_set_ft_params()
124 os_memset(sm->r0kh_id, 0, FT_R0KH_ID_MAX_LEN); in wpa_sm_set_ft_params()
125 sm->r0kh_id_len = 0; in wpa_sm_set_ft_params()
126 os_memset(sm->r1kh_id, 0, FT_R1KH_ID_LEN); in wpa_sm_set_ft_params()
130 if (wpa_ft_parse_ies(ies, ies_len, &ft, sm->key_mgmt, false) < 0) in wpa_sm_set_ft_params()
140 os_memcpy(sm->mobility_domain, ft.mdie, MOBILITY_DOMAIN_ID_LEN); in wpa_sm_set_ft_params()
141 sm->mdie_ft_capab = ft.mdie[MOBILITY_DOMAIN_ID_LEN]; in wpa_sm_set_ft_params()
143 sm->mdie_ft_capab); in wpa_sm_set_ft_params()
148 os_memcpy(sm->r0kh_id, ft.r0kh_id, ft.r0kh_id_len); in wpa_sm_set_ft_params()
149 sm->r0kh_id_len = ft.r0kh_id_len; in wpa_sm_set_ft_params()
162 os_memcpy(sm->r1kh_id, ft.r1kh_id, FT_R1KH_ID_LEN); in wpa_sm_set_ft_params()
164 os_memset(sm->r1kh_id, 0, FT_R1KH_ID_LEN); in wpa_sm_set_ft_params()
166 os_free(sm->assoc_resp_ies); in wpa_sm_set_ft_params()
167 sm->assoc_resp_ies = os_malloc(ft.mdie_len + 2 + ft.ftie_len + 2); in wpa_sm_set_ft_params()
168 if (sm->assoc_resp_ies) { in wpa_sm_set_ft_params()
169 u8 *pos = sm->assoc_resp_ies; in wpa_sm_set_ft_params()
178 sm->assoc_resp_ies_len = pos - sm->assoc_resp_ies; in wpa_sm_set_ft_params()
181 sm->assoc_resp_ies, sm->assoc_resp_ies_len); in wpa_sm_set_ft_params()
206 static u8 * wpa_ft_gen_req_ies(struct wpa_sm *sm, size_t *len, in wpa_ft_gen_req_ies() argument
224 sm->ft_completed = 0; in wpa_ft_gen_req_ies()
225 sm->ft_reassoc_completed = 0; in wpa_ft_gen_req_ies()
229 2 + sm->r0kh_id_len + ric_ies_len + 100; in wpa_ft_gen_req_ies()
242 if (!wpa_cipher_valid_group(sm->group_cipher)) { in wpa_ft_gen_req_ies()
244 sm->group_cipher); in wpa_ft_gen_req_ies()
249 sm->group_cipher)); in wpa_ft_gen_req_ies()
257 if (!wpa_cipher_valid_pairwise(sm->pairwise_cipher)) { in wpa_ft_gen_req_ies()
259 sm->pairwise_cipher); in wpa_ft_gen_req_ies()
264 sm->pairwise_cipher)); in wpa_ft_gen_req_ies()
272 if (sm->key_mgmt == WPA_KEY_MGMT_FT_IEEE8021X) in wpa_ft_gen_req_ies()
275 else if (sm->key_mgmt == WPA_KEY_MGMT_FT_IEEE8021X_SHA384) in wpa_ft_gen_req_ies()
278 else if (sm->key_mgmt == WPA_KEY_MGMT_FT_PSK) in wpa_ft_gen_req_ies()
280 else if (sm->key_mgmt == WPA_KEY_MGMT_FT_SAE) in wpa_ft_gen_req_ies()
282 else if (sm->key_mgmt == WPA_KEY_MGMT_FT_SAE_EXT_KEY) in wpa_ft_gen_req_ies()
285 else if (sm->key_mgmt == WPA_KEY_MGMT_FT_FILS_SHA256) in wpa_ft_gen_req_ies()
287 else if (sm->key_mgmt == WPA_KEY_MGMT_FT_FILS_SHA384) in wpa_ft_gen_req_ies()
292 sm->key_mgmt); in wpa_ft_gen_req_ies()
299 WPA_PUT_LE16(pos, rsn_supp_capab(sm)); in wpa_ft_gen_req_ies()
311 switch (sm->mgmt_group_cipher) { in wpa_ft_gen_req_ies()
333 mdie_len = wpa_ft_add_mdie(sm, pos, buf_len - (pos - buf), ap_mdie); in wpa_ft_gen_req_ies()
345 rsnxe_used = wpa_key_mgmt_sae(sm->key_mgmt) && anonce && in wpa_ft_gen_req_ies()
346 (sm->sae_pwe == SAE_PWE_HASH_TO_ELEMENT || in wpa_ft_gen_req_ies()
347 sm->sae_pwe == SAE_PWE_BOTH); in wpa_ft_gen_req_ies()
349 if (anonce && sm->ft_rsnxe_used) { in wpa_ft_gen_req_ies()
350 rsnxe_used = sm->ft_rsnxe_used == 1; in wpa_ft_gen_req_ies()
356 if (sm->key_mgmt == WPA_KEY_MGMT_FT_SAE_EXT_KEY && in wpa_ft_gen_req_ies()
357 sm->pmk_r0_len == SHA512_MAC_LEN) { in wpa_ft_gen_req_ies()
366 os_memcpy(ftie->snonce, sm->snonce, WPA_NONCE_LEN); in wpa_ft_gen_req_ies()
369 } else if ((sm->key_mgmt == WPA_KEY_MGMT_FT_SAE_EXT_KEY && in wpa_ft_gen_req_ies()
370 sm->pmk_r0_len == SHA384_MAC_LEN) || in wpa_ft_gen_req_ies()
371 wpa_key_mgmt_sha384(sm->key_mgmt)) { in wpa_ft_gen_req_ies()
380 os_memcpy(ftie->snonce, sm->snonce, WPA_NONCE_LEN); in wpa_ft_gen_req_ies()
392 os_memcpy(ftie->snonce, sm->snonce, WPA_NONCE_LEN); in wpa_ft_gen_req_ies()
400 os_memcpy(pos, sm->r1kh_id, FT_R1KH_ID_LEN); in wpa_ft_gen_req_ies()
405 *pos++ = sm->r0kh_id_len; in wpa_ft_gen_req_ies()
406 os_memcpy(pos, sm->r0kh_id, sm->r0kh_id_len); in wpa_ft_gen_req_ies()
407 pos += sm->r0kh_id_len; in wpa_ft_gen_req_ies()
409 if (kck && wpa_sm_ocv_enabled(sm)) { in wpa_ft_gen_req_ies()
413 if (wpa_sm_channel_info(sm, &ci) != 0) { in wpa_ft_gen_req_ies()
420 if (sm->oci_freq_override_ft_assoc) { in wpa_ft_gen_req_ies()
423 ci.frequency, sm->oci_freq_override_ft_assoc); in wpa_ft_gen_req_ies()
424 ci.frequency = sm->oci_freq_override_ft_assoc; in wpa_ft_gen_req_ies()
447 res = wpa_gen_rsnxe(sm, rsnxe, sizeof(rsnxe)); in wpa_ft_gen_req_ies()
472 if (wpa_ft_mic(sm->key_mgmt, kck, kck_len, in wpa_ft_gen_req_ies()
473 sm->own_addr, target_ap, 5, in wpa_ft_gen_req_ies()
492 static int wpa_ft_install_ptk(struct wpa_sm *sm, const u8 *bssid) in wpa_ft_install_ptk() argument
500 if (!wpa_cipher_valid_pairwise(sm->pairwise_cipher)) { in wpa_ft_install_ptk()
502 sm->pairwise_cipher); in wpa_ft_install_ptk()
506 alg = wpa_cipher_to_alg(sm->pairwise_cipher); in wpa_ft_install_ptk()
507 keylen = wpa_cipher_key_len(sm->pairwise_cipher); in wpa_ft_install_ptk()
510 if (wpa_sm_set_key(sm, -1, alg, bssid, 0, 1, null_rsc, sizeof(null_rsc), in wpa_ft_install_ptk()
511 (u8 *) sm->ptk.tk, keylen, in wpa_ft_install_ptk()
516 sm->tk_set = true; in wpa_ft_install_ptk()
518 wpa_sm_store_ptk(sm, bssid, sm->pairwise_cipher, in wpa_ft_install_ptk()
519 sm->dot11RSNAConfigPMKLifetime, &sm->ptk); in wpa_ft_install_ptk()
530 int wpa_ft_prepare_auth_request(struct wpa_sm *sm, const u8 *mdie) in wpa_ft_prepare_auth_request() argument
536 if (random_get_bytes(sm->snonce, WPA_NONCE_LEN)) { in wpa_ft_prepare_auth_request()
541 ft_ies = wpa_ft_gen_req_ies(sm, &ft_ies_len, NULL, sm->pmk_r0_name, in wpa_ft_prepare_auth_request()
542 NULL, 0, sm->bssid, NULL, 0, mdie, 0); in wpa_ft_prepare_auth_request()
544 wpa_sm_update_ft_ies(sm, sm->mobility_domain, in wpa_ft_prepare_auth_request()
553 int wpa_ft_add_mdie(struct wpa_sm *sm, u8 *buf, size_t buf_len, in wpa_ft_add_mdie() argument
569 os_memcpy(mdie->mobility_domain, sm->mobility_domain, in wpa_ft_add_mdie()
572 sm->mdie_ft_capab; in wpa_ft_add_mdie()
578 const u8 * wpa_sm_get_ft_md(struct wpa_sm *sm) in wpa_sm_get_ft_md() argument
580 return sm->mobility_domain; in wpa_sm_get_ft_md()
584 int wpa_ft_process_response(struct wpa_sm *sm, const u8 *ies, size_t ies_len, in wpa_ft_process_response() argument
604 if (!sm->over_the_ds_in_progress) { in wpa_ft_process_response()
610 if (!ether_addr_equal(target_ap, sm->target_ap)) { in wpa_ft_process_response()
618 if (!wpa_key_mgmt_ft(sm->key_mgmt)) { in wpa_ft_process_response()
624 if (wpa_ft_parse_ies(ies, ies_len, &parse, sm->key_mgmt, in wpa_ft_process_response()
632 os_memcmp(mdie->mobility_domain, sm->mobility_domain, in wpa_ft_process_response()
643 if (os_memcmp(parse.fte_snonce, sm->snonce, WPA_NONCE_LEN) != 0) { in wpa_ft_process_response()
648 sm->snonce, WPA_NONCE_LEN); in wpa_ft_process_response()
657 if (parse.r0kh_id_len != sm->r0kh_id_len || in wpa_ft_process_response()
658 os_memcmp_const(parse.r0kh_id, sm->r0kh_id, parse.r0kh_id_len) != 0) in wpa_ft_process_response()
665 sm->r0kh_id, sm->r0kh_id_len); in wpa_ft_process_response()
675 os_memcmp_const(parse.rsn_pmkid, sm->pmk_r0_name, WPA_PMK_NAME_LEN)) in wpa_ft_process_response()
682 if (sm->mfp == 2 && !(parse.rsn_capab & WPA_CAPABILITY_MFPC)) { in wpa_ft_process_response()
688 os_memcpy(sm->r1kh_id, parse.r1kh_id, FT_R1KH_ID_LEN); in wpa_ft_process_response()
689 wpa_hexdump(MSG_DEBUG, "FT: R1KH-ID", sm->r1kh_id, FT_R1KH_ID_LEN); in wpa_ft_process_response()
690 wpa_hexdump(MSG_DEBUG, "FT: SNonce", sm->snonce, WPA_NONCE_LEN); in wpa_ft_process_response()
692 os_memcpy(sm->anonce, parse.fte_anonce, WPA_NONCE_LEN); in wpa_ft_process_response()
693 if (wpa_derive_pmk_r1(sm->pmk_r0, sm->pmk_r0_len, sm->pmk_r0_name, in wpa_ft_process_response()
694 sm->r1kh_id, sm->own_addr, sm->pmk_r1, in wpa_ft_process_response()
695 sm->pmk_r1_name) < 0) in wpa_ft_process_response()
697 sm->pmk_r1_len = sm->pmk_r0_len; in wpa_ft_process_response()
701 wpa_ft_pasn_store_r1kh(sm, bssid); in wpa_ft_process_response()
703 if (sm->force_kdk_derivation || in wpa_ft_process_response()
704 (sm->secure_ltf && in wpa_ft_process_response()
705 ieee802_11_rsnx_capab(sm->ap_rsnxe, WLAN_RSNX_CAPAB_SECURE_LTF))) in wpa_ft_process_response()
711 if (wpa_pmk_r1_to_ptk(sm->pmk_r1, sm->pmk_r1_len, sm->snonce, in wpa_ft_process_response()
712 parse.fte_anonce, sm->own_addr, bssid, in wpa_ft_process_response()
713 sm->pmk_r1_name, &sm->ptk, ptk_name, sm->key_mgmt, in wpa_ft_process_response()
714 sm->pairwise_cipher, in wpa_ft_process_response()
718 os_memcpy(sm->key_mobility_domain, sm->mobility_domain, in wpa_ft_process_response()
721 os_memcpy(sm->key_mobility_domain, sm->mobility_domain, in wpa_ft_process_response()
725 if (sm->secure_ltf && in wpa_ft_process_response()
726 ieee802_11_rsnx_capab(sm->ap_rsnxe, WLAN_RSNX_CAPAB_SECURE_LTF) && in wpa_ft_process_response()
727 wpa_ltf_keyseed(&sm->ptk, sm->key_mgmt, sm->pairwise_cipher)) { in wpa_ft_process_response()
733 if (wpa_key_mgmt_fils(sm->key_mgmt)) { in wpa_ft_process_response()
734 kck = sm->ptk.kck2; in wpa_ft_process_response()
735 kck_len = sm->ptk.kck2_len; in wpa_ft_process_response()
737 kck = sm->ptk.kck; in wpa_ft_process_response()
738 kck_len = sm->ptk.kck_len; in wpa_ft_process_response()
740 ft_ies = wpa_ft_gen_req_ies(sm, &ft_ies_len, parse.fte_anonce, in wpa_ft_process_response()
741 sm->pmk_r1_name, in wpa_ft_process_response()
745 !sm->ap_rsnxe); in wpa_ft_process_response()
747 wpa_sm_update_ft_ies(sm, sm->mobility_domain, in wpa_ft_process_response()
752 wpa_sm_mark_authenticated(sm, bssid); in wpa_ft_process_response()
753 res = wpa_ft_install_ptk(sm, bssid); in wpa_ft_process_response()
763 sm->set_ptk_after_assoc = 1; in wpa_ft_process_response()
765 sm->set_ptk_after_assoc = 0; in wpa_ft_process_response()
767 sm->ft_completed = 1; in wpa_ft_process_response()
773 os_memcpy(sm->bssid, target_ap, ETH_ALEN); in wpa_ft_process_response()
783 int wpa_ft_is_completed(struct wpa_sm *sm) in wpa_ft_is_completed() argument
785 if (sm == NULL) in wpa_ft_is_completed()
788 if (!wpa_key_mgmt_ft(sm->key_mgmt)) in wpa_ft_is_completed()
791 return sm->ft_completed; in wpa_ft_is_completed()
795 void wpa_reset_ft_completed(struct wpa_sm *sm) in wpa_reset_ft_completed() argument
797 if (sm != NULL) in wpa_reset_ft_completed()
798 sm->ft_completed = 0; in wpa_reset_ft_completed()
802 static int wpa_ft_process_gtk_subelem(struct wpa_sm *sm, const u8 *gtk_elem, in wpa_ft_process_gtk_subelem() argument
812 if (wpa_key_mgmt_fils(sm->key_mgmt)) { in wpa_ft_process_gtk_subelem()
813 kek = sm->ptk.kek2; in wpa_ft_process_gtk_subelem()
814 kek_len = sm->ptk.kek2_len; in wpa_ft_process_gtk_subelem()
816 kek = sm->ptk.kek; in wpa_ft_process_gtk_subelem()
817 kek_len = sm->ptk.kek_len; in wpa_ft_process_gtk_subelem()
841 keylen = wpa_cipher_key_len(sm->group_cipher); in wpa_ft_process_gtk_subelem()
842 rsc_len = wpa_cipher_rsc_len(sm->group_cipher); in wpa_ft_process_gtk_subelem()
843 alg = wpa_cipher_to_alg(sm->group_cipher); in wpa_ft_process_gtk_subelem()
846 sm->group_cipher); in wpa_ft_process_gtk_subelem()
867 if (sm->group_cipher == WPA_CIPHER_TKIP) { in wpa_ft_process_gtk_subelem()
874 if (wpa_sm_set_key(sm, -1, alg, broadcast_ether_addr, keyidx, 0, in wpa_ft_process_gtk_subelem()
886 static int wpa_ft_process_igtk_subelem(struct wpa_sm *sm, const u8 *igtk_elem, in wpa_ft_process_igtk_subelem() argument
895 if (wpa_key_mgmt_fils(sm->key_mgmt)) { in wpa_ft_process_igtk_subelem()
896 kek = sm->ptk.kek2; in wpa_ft_process_igtk_subelem()
897 kek_len = sm->ptk.kek2_len; in wpa_ft_process_igtk_subelem()
899 kek = sm->ptk.kek; in wpa_ft_process_igtk_subelem()
900 kek_len = sm->ptk.kek_len; in wpa_ft_process_igtk_subelem()
903 if (sm->mgmt_group_cipher != WPA_CIPHER_AES_128_CMAC && in wpa_ft_process_igtk_subelem()
904 sm->mgmt_group_cipher != WPA_CIPHER_BIP_GMAC_128 && in wpa_ft_process_igtk_subelem()
905 sm->mgmt_group_cipher != WPA_CIPHER_BIP_GMAC_256 && in wpa_ft_process_igtk_subelem()
906 sm->mgmt_group_cipher != WPA_CIPHER_BIP_CMAC_256) in wpa_ft_process_igtk_subelem()
917 igtk_len = wpa_cipher_key_len(sm->mgmt_group_cipher); in wpa_ft_process_igtk_subelem()
941 if (wpa_sm_set_key(sm, -1, wpa_cipher_to_alg(sm->mgmt_group_cipher), in wpa_ft_process_igtk_subelem()
956 static int wpa_ft_process_bigtk_subelem(struct wpa_sm *sm, const u8 *bigtk_elem, in wpa_ft_process_bigtk_subelem() argument
965 if (!sm->beacon_prot || !bigtk_elem || in wpa_ft_process_bigtk_subelem()
966 (sm->mgmt_group_cipher != WPA_CIPHER_AES_128_CMAC && in wpa_ft_process_bigtk_subelem()
967 sm->mgmt_group_cipher != WPA_CIPHER_BIP_GMAC_128 && in wpa_ft_process_bigtk_subelem()
968 sm->mgmt_group_cipher != WPA_CIPHER_BIP_GMAC_256 && in wpa_ft_process_bigtk_subelem()
969 sm->mgmt_group_cipher != WPA_CIPHER_BIP_CMAC_256)) in wpa_ft_process_bigtk_subelem()
972 if (wpa_key_mgmt_fils(sm->key_mgmt)) { in wpa_ft_process_bigtk_subelem()
973 kek = sm->ptk.kek2; in wpa_ft_process_bigtk_subelem()
974 kek_len = sm->ptk.kek2_len; in wpa_ft_process_bigtk_subelem()
976 kek = sm->ptk.kek; in wpa_ft_process_bigtk_subelem()
977 kek_len = sm->ptk.kek_len; in wpa_ft_process_bigtk_subelem()
983 bigtk_len = wpa_cipher_key_len(sm->mgmt_group_cipher); in wpa_ft_process_bigtk_subelem()
1009 if (wpa_sm_set_key(sm, -1, wpa_cipher_to_alg(sm->mgmt_group_cipher), in wpa_ft_process_bigtk_subelem()
1024 int wpa_ft_validate_reassoc_resp(struct wpa_sm *sm, const u8 *ies, in wpa_ft_validate_reassoc_resp() argument
1041 if (!wpa_key_mgmt_ft(sm->key_mgmt)) { in wpa_ft_validate_reassoc_resp()
1047 if (sm->ft_reassoc_completed) { in wpa_ft_validate_reassoc_resp()
1052 if (wpa_ft_parse_ies(ies, ies_len, &parse, sm->key_mgmt, true) < 0) { in wpa_ft_validate_reassoc_resp()
1059 os_memcmp(mdie->mobility_domain, sm->mobility_domain, in wpa_ft_validate_reassoc_resp()
1065 if (sm->key_mgmt == WPA_KEY_MGMT_FT_SAE_EXT_KEY && in wpa_ft_validate_reassoc_resp()
1066 sm->pmk_r1_len == SHA512_MAC_LEN) in wpa_ft_validate_reassoc_resp()
1068 else if ((sm->key_mgmt == WPA_KEY_MGMT_FT_SAE_EXT_KEY && in wpa_ft_validate_reassoc_resp()
1069 sm->pmk_r1_len == SHA384_MAC_LEN) || in wpa_ft_validate_reassoc_resp()
1070 wpa_key_mgmt_sha384(sm->key_mgmt)) in wpa_ft_validate_reassoc_resp()
1083 if (os_memcmp(parse.fte_snonce, sm->snonce, WPA_NONCE_LEN) != 0) { in wpa_ft_validate_reassoc_resp()
1088 sm->snonce, WPA_NONCE_LEN); in wpa_ft_validate_reassoc_resp()
1092 if (os_memcmp(parse.fte_anonce, sm->anonce, WPA_NONCE_LEN) != 0) { in wpa_ft_validate_reassoc_resp()
1097 sm->anonce, WPA_NONCE_LEN); in wpa_ft_validate_reassoc_resp()
1106 if (parse.r0kh_id_len != sm->r0kh_id_len || in wpa_ft_validate_reassoc_resp()
1107 os_memcmp_const(parse.r0kh_id, sm->r0kh_id, parse.r0kh_id_len) != 0) in wpa_ft_validate_reassoc_resp()
1114 sm->r0kh_id, sm->r0kh_id_len); in wpa_ft_validate_reassoc_resp()
1123 if (os_memcmp_const(parse.r1kh_id, sm->r1kh_id, FT_R1KH_ID_LEN) != 0) { in wpa_ft_validate_reassoc_resp()
1130 os_memcmp_const(parse.rsn_pmkid, sm->pmk_r1_name, WPA_PMK_NAME_LEN)) in wpa_ft_validate_reassoc_resp()
1149 if (wpa_key_mgmt_fils(sm->key_mgmt)) { in wpa_ft_validate_reassoc_resp()
1150 kck = sm->ptk.kck2; in wpa_ft_validate_reassoc_resp()
1151 kck_len = sm->ptk.kck2_len; in wpa_ft_validate_reassoc_resp()
1153 kck = sm->ptk.kck; in wpa_ft_validate_reassoc_resp()
1154 kck_len = sm->ptk.kck_len; in wpa_ft_validate_reassoc_resp()
1157 if (wpa_ft_mic(sm->key_mgmt, kck, kck_len, sm->own_addr, src_addr, 6, in wpa_ft_validate_reassoc_resp()
1178 if (parse.fte_rsnxe_used && !sm->ap_rsnxe) { in wpa_ft_validate_reassoc_resp()
1184 if (!sm->ap_rsn_ie) { in wpa_ft_validate_reassoc_resp()
1185 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, in wpa_ft_validate_reassoc_resp()
1187 if (wpa_sm_get_beacon_ie(sm) < 0) { in wpa_ft_validate_reassoc_resp()
1188 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, in wpa_ft_validate_reassoc_resp()
1192 wpa_msg(sm->ctx->msg_ctx, MSG_DEBUG, in wpa_ft_validate_reassoc_resp()
1196 if (sm->ap_rsn_ie && in wpa_ft_validate_reassoc_resp()
1197 wpa_compare_rsn_ie(wpa_key_mgmt_ft(sm->key_mgmt), in wpa_ft_validate_reassoc_resp()
1198 sm->ap_rsn_ie, sm->ap_rsn_ie_len, in wpa_ft_validate_reassoc_resp()
1200 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, in wpa_ft_validate_reassoc_resp()
1203 sm->ap_rsn_ie, sm->ap_rsn_ie_len); in wpa_ft_validate_reassoc_resp()
1211 own_rsnxe_used = wpa_key_mgmt_sae(sm->key_mgmt) && in wpa_ft_validate_reassoc_resp()
1212 (sm->sae_pwe == SAE_PWE_HASH_TO_ELEMENT || in wpa_ft_validate_reassoc_resp()
1213 sm->sae_pwe == SAE_PWE_BOTH); in wpa_ft_validate_reassoc_resp()
1214 if ((sm->ap_rsnxe && !parse.rsnxe && own_rsnxe_used) || in wpa_ft_validate_reassoc_resp()
1215 (!sm->ap_rsnxe && parse.rsnxe) || in wpa_ft_validate_reassoc_resp()
1216 (sm->ap_rsnxe && parse.rsnxe && in wpa_ft_validate_reassoc_resp()
1217 (sm->ap_rsnxe_len != 2 + parse.rsnxe_len || in wpa_ft_validate_reassoc_resp()
1218 os_memcmp(sm->ap_rsnxe, parse.rsnxe - 2, in wpa_ft_validate_reassoc_resp()
1219 sm->ap_rsnxe_len) != 0))) { in wpa_ft_validate_reassoc_resp()
1220 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, in wpa_ft_validate_reassoc_resp()
1223 sm->ap_rsnxe, sm->ap_rsnxe_len); in wpa_ft_validate_reassoc_resp()
1232 if (wpa_sm_ocv_enabled(sm)) { in wpa_ft_validate_reassoc_resp()
1235 if (wpa_sm_channel_info(sm, &ci) != 0) { in wpa_ft_validate_reassoc_resp()
1244 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, OCV_FAILURE in wpa_ft_validate_reassoc_resp()
1252 sm->ft_reassoc_completed = 1; in wpa_ft_validate_reassoc_resp()
1254 if (wpa_ft_process_gtk_subelem(sm, parse.gtk, parse.gtk_len) < 0 || in wpa_ft_validate_reassoc_resp()
1255 wpa_ft_process_igtk_subelem(sm, parse.igtk, parse.igtk_len) < 0 || in wpa_ft_validate_reassoc_resp()
1256 wpa_ft_process_bigtk_subelem(sm, parse.bigtk, parse.bigtk_len) < 0) in wpa_ft_validate_reassoc_resp()
1259 if (sm->set_ptk_after_assoc) { in wpa_ft_validate_reassoc_resp()
1262 if (wpa_ft_install_ptk(sm, src_addr) < 0) in wpa_ft_validate_reassoc_resp()
1264 sm->set_ptk_after_assoc = 0; in wpa_ft_validate_reassoc_resp()
1292 int wpa_ft_start_over_ds(struct wpa_sm *sm, const u8 *target_ap, in wpa_ft_start_over_ds() argument
1299 (!mdie || mdie[1] < 3 || !wpa_sm_has_ft_keys(sm, mdie + 2))) { in wpa_ft_start_over_ds()
1310 if (random_get_bytes(sm->snonce, WPA_NONCE_LEN)) { in wpa_ft_start_over_ds()
1315 ft_ies = wpa_ft_gen_req_ies(sm, &ft_ies_len, NULL, sm->pmk_r0_name, in wpa_ft_start_over_ds()
1318 sm->over_the_ds_in_progress = 1; in wpa_ft_start_over_ds()
1319 os_memcpy(sm->target_ap, target_ap, ETH_ALEN); in wpa_ft_start_over_ds()
1320 wpa_sm_send_ft_action(sm, 1, target_ap, ft_ies, ft_ies_len); in wpa_ft_start_over_ds()
1330 static struct pasn_ft_r1kh * wpa_ft_pasn_get_r1kh(struct wpa_sm *sm, in wpa_ft_pasn_get_r1kh() argument
1335 for (i = 0; i < sm->n_pasn_r1kh; i++) in wpa_ft_pasn_get_r1kh()
1336 if (ether_addr_equal(sm->pasn_r1kh[i].bssid, bssid)) in wpa_ft_pasn_get_r1kh()
1337 return &sm->pasn_r1kh[i]; in wpa_ft_pasn_get_r1kh()
1343 static void wpa_ft_pasn_store_r1kh(struct wpa_sm *sm, const u8 *bssid) in wpa_ft_pasn_store_r1kh() argument
1345 struct pasn_ft_r1kh *tmp = wpa_ft_pasn_get_r1kh(sm, bssid); in wpa_ft_pasn_store_r1kh()
1350 tmp = os_realloc_array(sm->pasn_r1kh, sm->n_pasn_r1kh + 1, in wpa_ft_pasn_store_r1kh()
1357 sm->pasn_r1kh = tmp; in wpa_ft_pasn_store_r1kh()
1358 tmp = &sm->pasn_r1kh[sm->n_pasn_r1kh]; in wpa_ft_pasn_store_r1kh()
1364 os_memcpy(tmp->r1kh_id, sm->r1kh_id, FT_R1KH_ID_LEN); in wpa_ft_pasn_store_r1kh()
1366 sm->n_pasn_r1kh++; in wpa_ft_pasn_store_r1kh()
1370 int wpa_pasn_ft_derive_pmk_r1(struct wpa_sm *sm, int akmp, const u8 *bssid, in wpa_pasn_ft_derive_pmk_r1() argument
1375 if (sm->key_mgmt != (unsigned int) akmp) { in wpa_pasn_ft_derive_pmk_r1()
1378 sm->key_mgmt, akmp); in wpa_pasn_ft_derive_pmk_r1()
1382 r1kh_entry = wpa_ft_pasn_get_r1kh(sm, bssid); in wpa_pasn_ft_derive_pmk_r1()
1395 if (wpa_derive_pmk_r1(sm->pmk_r0, sm->pmk_r0_len, sm->pmk_r0_name, in wpa_pasn_ft_derive_pmk_r1()
1396 r1kh_entry->r1kh_id, sm->own_addr, pmk_r1, in wpa_pasn_ft_derive_pmk_r1()
1400 *pmk_r1_len = sm->pmk_r0_len; in wpa_pasn_ft_derive_pmk_r1()
1402 wpa_hexdump_key(MSG_DEBUG, "PASN: FT: PMK-R1", pmk_r1, sm->pmk_r0_len); in wpa_pasn_ft_derive_pmk_r1()