• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * PASN info for initiator and responder
3  *
4  * Copyright (C) 2019, Intel Corporation
5  * Copyright (c) 2022, Jouni Malinen <j@w1.fi>
6  * Copyright (C) 2022, Qualcomm Innovation Center, Inc.
7  *
8  * This software may be distributed under the terms of the BSD license.
9  * See README for more details.
10  */
11 
12 #ifndef PASN_COMMON_H
13 #define PASN_COMMON_H
14 
15 #ifdef __cplusplus
16 extern "C" {
17 #endif
18 
19 #ifdef CONFIG_PASN
20 
21 enum pasn_fils_state {
22 	PASN_FILS_STATE_NONE = 0,
23 	PASN_FILS_STATE_PENDING_AS,
24 	PASN_FILS_STATE_COMPLETE
25 };
26 
27 struct pasn_fils {
28 	u8 state;
29 	u8 nonce[FILS_NONCE_LEN];
30 	u8 anonce[FILS_NONCE_LEN];
31 	u8 session[FILS_SESSION_LEN];
32 	u8 erp_pmkid[PMKID_LEN];
33 	bool completed;
34 	struct wpabuf *erp_resp;
35 };
36 
37 struct pasn_data {
38 	int akmp;
39 	int cipher;
40 	u16 group;
41 	bool secure_ltf;
42 	int freq;
43 	size_t kdk_len;
44 
45 	u8 trans_seq;
46 	u8 status;
47 
48 	u8 own_addr[ETH_ALEN];
49 	u8 peer_addr[ETH_ALEN];
50 	u8 bssid[ETH_ALEN];
51 	size_t pmk_len;
52 	u8 pmk[PMK_LEN_MAX];
53 	bool using_pmksa;
54 
55 	u8 hash[SHA384_MAC_LEN];
56 
57 	struct wpabuf *beacon_rsne_rsnxe;
58 	struct wpa_ptk ptk;
59 	struct crypto_ecdh *ecdh;
60 
61 	struct wpabuf *comeback;
62 	u16 comeback_after;
63 
64 #ifdef CONFIG_SAE
65 	struct sae_data sae;
66 	struct sae_pt *pt;
67 #endif /* CONFIG_SAE */
68 
69 #ifdef CONFIG_FILS
70 	bool fils_eapol;
71 	bool fils_wd_valid;
72 	struct pasn_fils fils;
73 #endif /* CONFIG_FILS */
74 
75 #ifdef CONFIG_IEEE80211R
76 	u8 pmk_r1[PMK_LEN_MAX];
77 	size_t pmk_r1_len;
78 	u8 pmk_r1_name[WPA_PMK_NAME_LEN];
79 #endif /* CONFIG_IEEE80211R */
80 	/* Note that this pointers to RSN PMKSA cache are actually defined
81 	 * differently for the PASN initiator (using RSN Supplicant
82 	 * implementation) and PASN responser (using RSN Authenticator
83 	 * implementation). Functions cannot be mixed between those cases. */
84 	struct rsn_pmksa_cache *pmksa;
85 	struct rsn_pmksa_cache_entry *pmksa_entry;
86 	struct eapol_sm *eapol;
87 	int fast_reauth;
88 #ifdef CONFIG_TESTING_OPTIONS
89 	int corrupt_mic;
90 #endif /* CONFIG_TESTING_OPTIONS */
91 	void *cb_ctx;
92 	u16 rsnxe_capab;
93 	int network_id;
94 
95 	u8 wrapped_data_format;
96 	struct wpabuf *secret;
97 
98 	/* Responder */
99 	bool noauth; /* Whether PASN without mutual authentication is enabled */
100 	int wpa_key_mgmt;
101 	int rsn_pairwise;
102 	bool derive_kdk;
103 	const char *password;
104 	int disable_pmksa_caching;
105 	int *pasn_groups;
106 	struct wpabuf *wrapped_data;
107 	int use_anti_clogging;
108 	const u8 *rsn_ie;
109 	const u8 *rsnxe_ie;
110 	size_t rsn_ie_len;
111 
112 	u8 *comeback_key;
113 	struct os_reltime last_comeback_key_update;
114 	u16 comeback_idx;
115 	u16 *comeback_pending_idx;
116 
117 	bool custom_pmkid_valid;
118 	u8 custom_pmkid[PMKID_LEN];
119 
120 	/**
121 	 * Extra elements to add into Authentication frames. These can be used,
122 	 * e.g., for Wi-Fi Aware use cases.
123 	 */
124 	const u8 *extra_ies;
125 	size_t extra_ies_len;
126 
127 	/**
128 	 * send_mgmt - Function handler to transmit a Management frame
129 	 * @ctx: Callback context from cb_ctx
130 	 * @frame_buf : Frame to transmit
131 	 * @frame_len: Length of frame to transmit
132 	 * @freq: Frequency in MHz for the channel on which to transmit
133 	 * @wait_dur: How many milliseconds to wait for a response frame
134 	 * Returns: 0 on success, -1 on failure
135 	 */
136 	int (*send_mgmt)(void *ctx, const u8 *data, size_t data_len, int noack,
137 			 unsigned int freq, unsigned int wait);
138 	/**
139 	 * validate_custom_pmkid - Handler to validate vendor specific PMKID
140 	 * @ctx: Callback context from cb_ctx
141 	 * @addr : MAC address of the peer
142 	 * @pmkid: Custom PMKID
143 	 * Returns: 0 on success (valid PMKID), -1 on failure
144 	 */
145 	int (*validate_custom_pmkid)(void *ctx, const u8 *addr,
146 				     const u8 *pmkid);
147 };
148 
149 /* Initiator */
150 
151 void wpa_pasn_reset(struct pasn_data *pasn);
152 int wpas_pasn_start(struct pasn_data *pasn, const u8 *own_addr,
153 		    const u8 *peer_addr, const u8 *bssid,
154 		    int akmp, int cipher, u16 group,
155 		    int freq, const u8 *beacon_rsne, u8 beacon_rsne_len,
156 		    const u8 *beacon_rsnxe, u8 beacon_rsnxe_len,
157 		    const struct wpabuf *comeback);
158 int wpa_pasn_verify(struct pasn_data *pasn, const u8 *own_addr,
159 		    const u8 *peer_addr, const u8 *bssid,
160 		    int akmp, int cipher, u16 group,
161 		    int freq, const u8 *beacon_rsne, u8 beacon_rsne_len,
162 		    const u8 *beacon_rsnxe, u8 beacon_rsnxe_len,
163 		    const struct wpabuf *comeback);
164 int wpa_pasn_auth_rx(struct pasn_data *pasn, const u8 *data, size_t len,
165 		     struct wpa_pasn_params_data *pasn_params);
166 int wpa_pasn_auth_tx_status(struct pasn_data *pasn,
167 			    const u8 *data, size_t data_len, u8 acked);
168 
169 /* Responder */
170 int handle_auth_pasn_1(struct pasn_data *pasn,
171 		       const u8 *own_addr, const u8 *peer_addr,
172 		       const struct ieee80211_mgmt *mgmt, size_t len);
173 int handle_auth_pasn_3(struct pasn_data *pasn, const u8 *own_addr,
174 		       const u8 *peer_addr,
175 		       const struct ieee80211_mgmt *mgmt, size_t len);
176 int handle_auth_pasn_resp(struct pasn_data *pasn, const u8 *own_addr,
177 			  const u8 *peer_addr,
178 			  struct rsn_pmksa_cache_entry *pmksa, u16 status);
179 
180 #endif /* CONFIG_PASN */
181 
182 #ifdef __cplusplus
183 }
184 #endif
185 #endif /* PASN_COMMON_H */
186