1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
|
/*
* PASN info for initiator and responder
*
* Copyright (C) 2019, Intel Corporation
* Copyright (c) 2022, Jouni Malinen <j@w1.fi>
* Copyright (C) 2022, Qualcomm Innovation Center, Inc.
*
* This software may be distributed under the terms of the BSD license.
* See README for more details.
*/
#ifndef PASN_COMMON_H
#define PASN_COMMON_H
#ifdef __cplusplus
extern "C" {
#endif
#ifdef CONFIG_PASN
enum pasn_fils_state {
PASN_FILS_STATE_NONE = 0,
PASN_FILS_STATE_PENDING_AS,
PASN_FILS_STATE_COMPLETE
};
struct pasn_fils {
u8 state;
u8 nonce[FILS_NONCE_LEN];
u8 anonce[FILS_NONCE_LEN];
u8 session[FILS_SESSION_LEN];
u8 erp_pmkid[PMKID_LEN];
bool completed;
struct wpabuf *erp_resp;
};
struct pasn_data {
int akmp;
int cipher;
u16 group;
bool secure_ltf;
int freq;
size_t kdk_len;
u8 trans_seq;
u8 status;
u8 own_addr[ETH_ALEN];
u8 peer_addr[ETH_ALEN];
u8 bssid[ETH_ALEN];
size_t pmk_len;
u8 pmk[PMK_LEN_MAX];
bool using_pmksa;
u8 hash[SHA384_MAC_LEN];
struct wpabuf *beacon_rsne_rsnxe;
struct wpa_ptk ptk;
struct crypto_ecdh *ecdh;
struct wpabuf *comeback;
u16 comeback_after;
#ifdef CONFIG_SAE
struct sae_data sae;
struct sae_pt *pt;
#endif /* CONFIG_SAE */
#ifdef CONFIG_FILS
bool fils_eapol;
bool fils_wd_valid;
struct pasn_fils fils;
#endif /* CONFIG_FILS */
#ifdef CONFIG_IEEE80211R
u8 pmk_r1[PMK_LEN_MAX];
size_t pmk_r1_len;
u8 pmk_r1_name[WPA_PMK_NAME_LEN];
#endif /* CONFIG_IEEE80211R */
/* Note that this pointers to RSN PMKSA cache are actually defined
* differently for the PASN initiator (using RSN Supplicant
* implementation) and PASN responser (using RSN Authenticator
* implementation). Functions cannot be mixed between those cases. */
struct rsn_pmksa_cache *pmksa;
struct rsn_pmksa_cache_entry *pmksa_entry;
struct eapol_sm *eapol;
int fast_reauth;
#ifdef CONFIG_TESTING_OPTIONS
int corrupt_mic;
#endif /* CONFIG_TESTING_OPTIONS */
void *cb_ctx;
u16 rsnxe_capab;
int network_id;
u8 wrapped_data_format;
struct wpabuf *secret;
/* Reponder */
int wpa_key_mgmt;
int rsn_pairwise;
bool derive_kdk;
const char *password;
int disable_pmksa_caching;
int *pasn_groups;
struct wpabuf *wrapped_data;
int use_anti_clogging;
const u8 *rsn_ie;
const u8 *rsnxe_ie;
size_t rsn_ie_len;
u8 *comeback_key;
struct os_reltime last_comeback_key_update;
u16 comeback_idx;
u16 *comeback_pending_idx;
bool custom_pmkid_valid;
u8 custom_pmkid[PMKID_LEN];
/**
* Extra elements to add into Authentication frames. These can be used,
* e.g., for Wi-Fi Aware use cases.
*/
const u8 *extra_ies;
size_t extra_ies_len;
/**
* send_mgmt - Function handler to transmit a Management frame
* @ctx: Callback context from cb_ctx
* @frame_buf : Frame to transmit
* @frame_len: Length of frame to transmit
* @freq: Frequency in MHz for the channel on which to transmit
* @wait_dur: How many milliseconds to wait for a response frame
* Returns: 0 on success, -1 on failure
*/
int (*send_mgmt)(void *ctx, const u8 *data, size_t data_len, int noack,
unsigned int freq, unsigned int wait);
/**
* validate_custom_pmkid - Handler to validate vendor specific PMKID
* @ctx: Callback context from cb_ctx
* @addr : MAC address of the peer
* @pmkid: Custom PMKID
* Returns: 0 on success (valid PMKID), -1 on failure
*/
int (*validate_custom_pmkid)(void *ctx, const u8 *addr,
const u8 *pmkid);
};
/* Initiator */
void wpa_pasn_reset(struct pasn_data *pasn);
int wpas_pasn_start(struct pasn_data *pasn, const u8 *own_addr,
const u8 *peer_addr, const u8 *bssid,
int akmp, int cipher, u16 group,
int freq, const u8 *beacon_rsne, u8 beacon_rsne_len,
const u8 *beacon_rsnxe, u8 beacon_rsnxe_len,
const struct wpabuf *comeback);
int wpa_pasn_verify(struct pasn_data *pasn, const u8 *own_addr,
const u8 *peer_addr, const u8 *bssid,
int akmp, int cipher, u16 group,
int freq, const u8 *beacon_rsne, u8 beacon_rsne_len,
const u8 *beacon_rsnxe, u8 beacon_rsnxe_len,
const struct wpabuf *comeback);
int wpa_pasn_auth_rx(struct pasn_data *pasn, const u8 *data, size_t len,
struct wpa_pasn_params_data *pasn_params);
int wpa_pasn_auth_tx_status(struct pasn_data *pasn,
const u8 *data, size_t data_len, u8 acked);
/* Responder */
int handle_auth_pasn_1(struct pasn_data *pasn,
const u8 *own_addr, const u8 *peer_addr,
const struct ieee80211_mgmt *mgmt, size_t len);
int handle_auth_pasn_3(struct pasn_data *pasn, const u8 *own_addr,
const u8 *peer_addr,
const struct ieee80211_mgmt *mgmt, size_t len);
int handle_auth_pasn_resp(struct pasn_data *pasn, const u8 *own_addr,
const u8 *peer_addr,
struct rsn_pmksa_cache_entry *pmksa, u16 status);
#endif /* CONFIG_PASN */
#ifdef __cplusplus
}
#endif
#endif /* PASN_COMMON_H */
|
