Lines Matching full:sm
81 * @sm: Pointer to WPA state machine data from wpa_sm_init()
91 int wpa_eapol_key_send(struct wpa_sm *sm, struct wpa_ptk *ptk, in wpa_eapol_key_send() argument
96 size_t mic_len = wpa_mic_len(sm->key_mgmt, sm->pmk_len); in wpa_eapol_key_send()
100 MAC2STR(dest), ver, (int) mic_len, sm->key_mgmt); in wpa_eapol_key_send()
101 if (is_zero_ether_addr(dest) && is_zero_ether_addr(sm->bssid)) { in wpa_eapol_key_send()
106 if (wpa_sm_get_bssid(sm, sm->bssid) < 0) { in wpa_eapol_key_send()
107 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, in wpa_eapol_key_send()
111 dest = sm->bssid; in wpa_eapol_key_send()
112 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, in wpa_eapol_key_send()
124 wpa_eapol_key_mic(ptk->kck, ptk->kck_len, sm->key_mgmt, ver, in wpa_eapol_key_send()
126 wpa_msg(sm->ctx->msg_ctx, MSG_ERROR, in wpa_eapol_key_send()
128 ver, sm->key_mgmt); in wpa_eapol_key_send()
202 ret = wpa_sm_ether_send(sm, dest, proto, msg, msg_len); in wpa_eapol_key_send()
203 eapol_sm_notify_tx_eapol_key(sm->eapol); in wpa_eapol_key_send()
212 * @sm: Pointer to WPA state machine data from wpa_sm_init()
220 void wpa_sm_key_request(struct wpa_sm *sm, int error, int pairwise) in wpa_sm_key_request() argument
227 if (pairwise && sm->wpa_deny_ptk0_rekey && !sm->use_ext_key_id && in wpa_sm_key_request()
228 wpa_sm_get_state(sm) == WPA_COMPLETED && !error) { in wpa_sm_key_request()
229 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, in wpa_sm_key_request()
231 wpa_sm_reconnect(sm); in wpa_sm_key_request()
235 if (!sm->ptk_set) { in wpa_sm_key_request()
241 if (wpa_use_akm_defined(sm->key_mgmt)) in wpa_sm_key_request()
243 else if (wpa_key_mgmt_ft(sm->key_mgmt) || in wpa_sm_key_request()
244 wpa_key_mgmt_sha256(sm->key_mgmt)) in wpa_sm_key_request()
246 else if (sm->pairwise_cipher != WPA_CIPHER_TKIP) in wpa_sm_key_request()
251 mic_len = wpa_mic_len(sm->key_mgmt, sm->pmk_len); in wpa_sm_key_request()
253 rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL, in wpa_sm_key_request()
258 reply->type = (sm->proto == WPA_PROTO_RSN || in wpa_sm_key_request()
259 sm->proto == WPA_PROTO_OSEN) ? in wpa_sm_key_request()
273 os_memcpy(reply->replay_counter, sm->request_counter, in wpa_sm_key_request()
275 inc_byte_array(sm->request_counter, WPA_REPLAY_COUNTER_LEN); in wpa_sm_key_request()
284 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, in wpa_sm_key_request()
287 error, pairwise, sm->ptk_set, (unsigned long) rlen); in wpa_sm_key_request()
288 wpa_eapol_key_send(sm, &sm->ptk, ver, wpa_sm_get_auth_addr(sm), in wpa_sm_key_request()
293 static void wpa_supplicant_key_mgmt_set_pmk(struct wpa_sm *sm) in wpa_supplicant_key_mgmt_set_pmk() argument
296 if (sm->key_mgmt == WPA_KEY_MGMT_FT_IEEE8021X) { in wpa_supplicant_key_mgmt_set_pmk()
297 if (wpa_sm_key_mgmt_set_pmk(sm, sm->xxkey, sm->xxkey_len)) in wpa_supplicant_key_mgmt_set_pmk()
298 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, in wpa_supplicant_key_mgmt_set_pmk()
302 if (wpa_sm_key_mgmt_set_pmk(sm, sm->pmk, sm->pmk_len)) in wpa_supplicant_key_mgmt_set_pmk()
303 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, in wpa_supplicant_key_mgmt_set_pmk()
311 static int wpa_supplicant_get_pmk(struct wpa_sm *sm, in wpa_supplicant_get_pmk() argument
317 if (pmkid && !sm->cur_pmksa) { in wpa_supplicant_get_pmk()
322 sm->cur_pmksa = pmksa_cache_get(sm->pmksa, src_addr, in wpa_supplicant_get_pmk()
323 sm->own_addr, pmkid, in wpa_supplicant_get_pmk()
325 if (sm->cur_pmksa) { in wpa_supplicant_get_pmk()
326 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, in wpa_supplicant_get_pmk()
329 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, in wpa_supplicant_get_pmk()
335 if (pmkid && sm->cur_pmksa && in wpa_supplicant_get_pmk()
336 os_memcmp_const(pmkid, sm->cur_pmksa->pmkid, PMKID_LEN) == 0) { in wpa_supplicant_get_pmk()
338 wpa_sm_set_pmk_from_pmksa(sm); in wpa_supplicant_get_pmk()
340 sm->pmk, sm->pmk_len); in wpa_supplicant_get_pmk()
341 eapol_sm_notify_cached(sm->eapol); in wpa_supplicant_get_pmk()
343 sm->xxkey_len = 0; in wpa_supplicant_get_pmk()
345 if ((sm->key_mgmt == WPA_KEY_MGMT_FT_SAE || in wpa_supplicant_get_pmk()
346 sm->key_mgmt == WPA_KEY_MGMT_FT_SAE_EXT_KEY) && in wpa_supplicant_get_pmk()
347 sm->pmk_len == PMK_LEN) { in wpa_supplicant_get_pmk()
353 os_memcpy(sm->xxkey, sm->pmk, sm->pmk_len); in wpa_supplicant_get_pmk()
354 sm->xxkey_len = sm->pmk_len; in wpa_supplicant_get_pmk()
358 } else if (wpa_key_mgmt_wpa_ieee8021x(sm->key_mgmt) && sm->eapol) { in wpa_supplicant_get_pmk()
364 if (wpa_key_mgmt_sha384(sm->key_mgmt)) in wpa_supplicant_get_pmk()
368 res = eapol_sm_get_key(sm->eapol, sm->pmk, pmk_len); in wpa_supplicant_get_pmk()
375 res = eapol_sm_get_key(sm->eapol, sm->pmk, 16); in wpa_supplicant_get_pmk()
381 eapol_sm_get_key(sm->eapol, buf, 2 * PMK_LEN) == 0) { in wpa_supplicant_get_pmk()
382 if (wpa_key_mgmt_sha384(sm->key_mgmt)) { in wpa_supplicant_get_pmk()
383 os_memcpy(sm->xxkey, buf, SHA384_MAC_LEN); in wpa_supplicant_get_pmk()
384 sm->xxkey_len = SHA384_MAC_LEN; in wpa_supplicant_get_pmk()
386 os_memcpy(sm->xxkey, buf + PMK_LEN, PMK_LEN); in wpa_supplicant_get_pmk()
387 sm->xxkey_len = PMK_LEN; in wpa_supplicant_get_pmk()
390 if (sm->proto == WPA_PROTO_RSN && in wpa_supplicant_get_pmk()
391 wpa_key_mgmt_ft(sm->key_mgmt)) { in wpa_supplicant_get_pmk()
396 if (sm->fils_cache_id_set) in wpa_supplicant_get_pmk()
397 fils_cache_id = sm->fils_cache_id; in wpa_supplicant_get_pmk()
401 sm->xxkey, sm->xxkey_len); in wpa_supplicant_get_pmk()
402 sa = pmksa_cache_add(sm->pmksa, in wpa_supplicant_get_pmk()
403 sm->xxkey, sm->xxkey_len, in wpa_supplicant_get_pmk()
405 src_addr, sm->own_addr, in wpa_supplicant_get_pmk()
406 sm->network_ctx, in wpa_supplicant_get_pmk()
407 sm->key_mgmt, in wpa_supplicant_get_pmk()
409 if (!sm->cur_pmksa) in wpa_supplicant_get_pmk()
410 sm->cur_pmksa = sa; in wpa_supplicant_get_pmk()
419 if (sm->fils_cache_id_set) in wpa_supplicant_get_pmk()
420 fils_cache_id = sm->fils_cache_id; in wpa_supplicant_get_pmk()
424 "machines", sm->pmk, pmk_len); in wpa_supplicant_get_pmk()
425 sm->pmk_len = pmk_len; in wpa_supplicant_get_pmk()
426 wpa_supplicant_key_mgmt_set_pmk(sm); in wpa_supplicant_get_pmk()
427 if (sm->proto == WPA_PROTO_RSN && in wpa_supplicant_get_pmk()
428 !wpa_key_mgmt_suite_b(sm->key_mgmt) && in wpa_supplicant_get_pmk()
429 !wpa_key_mgmt_ft(sm->key_mgmt)) { in wpa_supplicant_get_pmk()
430 sa = pmksa_cache_add(sm->pmksa, in wpa_supplicant_get_pmk()
431 sm->pmk, pmk_len, NULL, in wpa_supplicant_get_pmk()
433 src_addr, sm->own_addr, in wpa_supplicant_get_pmk()
434 sm->network_ctx, in wpa_supplicant_get_pmk()
435 sm->key_mgmt, in wpa_supplicant_get_pmk()
438 if (!sm->cur_pmksa && pmkid && in wpa_supplicant_get_pmk()
439 pmksa_cache_get(sm->pmksa, src_addr, sm->own_addr, in wpa_supplicant_get_pmk()
441 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, in wpa_supplicant_get_pmk()
445 } else if (sa && !sm->cur_pmksa && pmkid) { in wpa_supplicant_get_pmk()
453 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, in wpa_supplicant_get_pmk()
458 if (!sm->cur_pmksa) in wpa_supplicant_get_pmk()
459 sm->cur_pmksa = sa; in wpa_supplicant_get_pmk()
461 } else if (wpa_key_mgmt_ft(sm->key_mgmt) && sm->ft_protocol) { in wpa_supplicant_get_pmk()
466 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, in wpa_supplicant_get_pmk()
470 if (sm->cur_pmksa) { in wpa_supplicant_get_pmk()
471 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, in wpa_supplicant_get_pmk()
474 sm->cur_pmksa = NULL; in wpa_supplicant_get_pmk()
482 if (abort_cached && wpa_key_mgmt_wpa_ieee8021x(sm->key_mgmt) && in wpa_supplicant_get_pmk()
483 !wpa_key_mgmt_suite_b(sm->key_mgmt) && in wpa_supplicant_get_pmk()
484 !wpa_key_mgmt_ft(sm->key_mgmt) && sm->key_mgmt != WPA_KEY_MGMT_OSEN) in wpa_supplicant_get_pmk()
490 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, in wpa_supplicant_get_pmk()
493 buf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_START, in wpa_supplicant_get_pmk()
498 eapol_sm_notify_eap_fail(sm->eapol, true); in wpa_supplicant_get_pmk()
499 eapol_sm_notify_eap_fail(sm->eapol, false); in wpa_supplicant_get_pmk()
500 wpa_sm_ether_send(sm, sm->bssid, ETH_P_EAPOL, in wpa_supplicant_get_pmk()
515 * @sm: Pointer to WPA state machine data from wpa_sm_init()
525 int wpa_supplicant_send_2_of_4(struct wpa_sm *sm, const unsigned char *dst, in wpa_supplicant_send_2_of_4() argument
541 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, "WPA: No wpa_ie set - " in wpa_supplicant_send_2_of_4()
547 if (wpa_key_mgmt_ft(sm->key_mgmt)) { in wpa_supplicant_send_2_of_4()
557 sm->assoc_resp_ies_len); in wpa_supplicant_send_2_of_4()
562 sm->pmk_r1_name, !sm->ft_prepend_pmkid); in wpa_supplicant_send_2_of_4()
571 if (sm->assoc_resp_ies) { in wpa_supplicant_send_2_of_4()
573 sm->assoc_resp_ies, in wpa_supplicant_send_2_of_4()
574 sm->assoc_resp_ies_len); in wpa_supplicant_send_2_of_4()
575 os_memcpy(rsn_ie_buf + wpa_ie_len, sm->assoc_resp_ies, in wpa_supplicant_send_2_of_4()
576 sm->assoc_resp_ies_len); in wpa_supplicant_send_2_of_4()
577 wpa_ie_len += sm->assoc_resp_ies_len; in wpa_supplicant_send_2_of_4()
587 if (sm->test_eapol_m2_elems) in wpa_supplicant_send_2_of_4()
588 extra_len = wpabuf_len(sm->test_eapol_m2_elems); in wpa_supplicant_send_2_of_4()
589 if (sm->encrypt_eapol_m2) { in wpa_supplicant_send_2_of_4()
597 mic_len = wpa_mic_len(sm->key_mgmt, sm->pmk_len); in wpa_supplicant_send_2_of_4()
599 rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, in wpa_supplicant_send_2_of_4()
607 reply->type = (sm->proto == WPA_PROTO_RSN || in wpa_supplicant_send_2_of_4()
608 sm->proto == WPA_PROTO_OSEN) ? in wpa_supplicant_send_2_of_4()
611 if (sm->ptk_set && sm->proto != WPA_PROTO_WPA) in wpa_supplicant_send_2_of_4()
618 if (sm->encrypt_eapol_m2) in wpa_supplicant_send_2_of_4()
622 if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) in wpa_supplicant_send_2_of_4()
637 if (sm->test_eapol_m2_elems) { in wpa_supplicant_send_2_of_4()
639 wpabuf_head(sm->test_eapol_m2_elems), in wpa_supplicant_send_2_of_4()
640 wpabuf_len(sm->test_eapol_m2_elems)); in wpa_supplicant_send_2_of_4()
643 if (sm->encrypt_eapol_m2) { in wpa_supplicant_send_2_of_4()
647 if (sm->test_eapol_m2_elems) in wpa_supplicant_send_2_of_4()
648 extra_len = wpabuf_len(sm->test_eapol_m2_elems); in wpa_supplicant_send_2_of_4()
677 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Sending EAPOL-Key 2/4"); in wpa_supplicant_send_2_of_4()
678 return wpa_eapol_key_send(sm, ptk, ver, dst, ETH_P_EAPOL, rbuf, rlen, in wpa_supplicant_send_2_of_4()
683 static int wpa_derive_ptk(struct wpa_sm *sm, const unsigned char *src_addr, in wpa_derive_ptk() argument
692 if (wpa_key_mgmt_ft(sm->key_mgmt)) in wpa_derive_ptk()
693 return wpa_derive_ptk_ft(sm, src_addr, key, ptk); in wpa_derive_ptk()
697 if (sm->key_mgmt == WPA_KEY_MGMT_DPP && sm->dpp_z) { in wpa_derive_ptk()
698 z = wpabuf_head(sm->dpp_z); in wpa_derive_ptk()
699 z_len = wpabuf_len(sm->dpp_z); in wpa_derive_ptk()
703 akmp = sm->key_mgmt; in wpa_derive_ptk()
705 if (sm->owe_ptk_workaround && akmp == WPA_KEY_MGMT_OWE && in wpa_derive_ptk()
706 sm->pmk_len > 32) { in wpa_derive_ptk()
713 if (sm->force_kdk_derivation || in wpa_derive_ptk()
714 (sm->secure_ltf && in wpa_derive_ptk()
715 ieee802_11_rsnx_capab(sm->ap_rsnxe, WLAN_RSNX_CAPAB_SECURE_LTF))) in wpa_derive_ptk()
720 ret = wpa_pmk_to_ptk(sm->pmk, sm->pmk_len, "Pairwise key expansion", in wpa_derive_ptk()
721 sm->own_addr, wpa_sm_get_auth_addr(sm), sm->snonce, in wpa_derive_ptk()
723 sm->pairwise_cipher, z, z_len, in wpa_derive_ptk()
731 if (sm->secure_ltf && in wpa_derive_ptk()
732 ieee802_11_rsnx_capab(sm->ap_rsnxe, WLAN_RSNX_CAPAB_SECURE_LTF)) in wpa_derive_ptk()
733 ret = wpa_ltf_keyseed(ptk, akmp, sm->pairwise_cipher); in wpa_derive_ptk()
740 static int wpa_handle_ext_key_id(struct wpa_sm *sm, in wpa_handle_ext_key_id() argument
743 if (sm->ext_key_id) { in wpa_handle_ext_key_id()
747 wpa_msg(sm->ctx->msg_ctx, in wpa_handle_ext_key_id()
748 sm->use_ext_key_id ? MSG_INFO : MSG_DEBUG, in wpa_handle_ext_key_id()
750 sm->keyidx_active = 0; in wpa_handle_ext_key_id()
751 return sm->use_ext_key_id ? -1 : 0; in wpa_handle_ext_key_id()
756 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, in wpa_handle_ext_key_id()
760 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, in wpa_handle_ext_key_id()
762 sm->keyidx_active = key_id; in wpa_handle_ext_key_id()
763 sm->use_ext_key_id = 1; in wpa_handle_ext_key_id()
766 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, in wpa_handle_ext_key_id()
774 wpa_msg(sm->ctx->msg_ctx, MSG_DEBUG, in wpa_handle_ext_key_id()
777 sm->keyidx_active = 0; in wpa_handle_ext_key_id()
778 sm->use_ext_key_id = 0; in wpa_handle_ext_key_id()
798 static size_t wpa_mlo_link_kde_len(struct wpa_sm *sm) in wpa_mlo_link_kde_len() argument
803 for_each_link(sm->mlo.req_links, i) { in wpa_mlo_link_kde_len()
804 if (sm->mlo.assoc_link_id != i) in wpa_mlo_link_kde_len()
812 static u8 * wpa_mlo_link_kde(struct wpa_sm *sm, u8 *pos) in wpa_mlo_link_kde() argument
817 for_each_link(sm->mlo.req_links, i) { in wpa_mlo_link_kde()
818 if (sm->mlo.assoc_link_id == i) in wpa_mlo_link_kde()
824 os_memcpy(&hdr[1], sm->mlo.links[i].addr, ETH_ALEN); in wpa_mlo_link_kde()
832 static bool is_valid_ap_mld_mac_kde(struct wpa_sm *sm, const u8 *mac_kde) in is_valid_ap_mld_mac_kde() argument
835 ether_addr_equal(mac_kde, sm->mlo.ap_mld_addr); in is_valid_ap_mld_mac_kde()
851 static void wpa_supplicant_process_1_of_4_wpa(struct wpa_sm *sm, in wpa_supplicant_process_1_of_4_wpa() argument
862 if (wpa_sm_get_network_ctx(sm) == NULL) { in wpa_supplicant_process_1_of_4_wpa()
863 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, in wpa_supplicant_process_1_of_4_wpa()
868 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, in wpa_supplicant_process_1_of_4_wpa()
874 res = wpa_supplicant_get_pmk(sm, src_addr, ie.pmkid); in wpa_supplicant_process_1_of_4_wpa()
876 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, in wpa_supplicant_process_1_of_4_wpa()
883 wpa_sm_set_state(sm, WPA_4WAY_HANDSHAKE); in wpa_supplicant_process_1_of_4_wpa()
885 if (sm->renew_snonce) { in wpa_supplicant_process_1_of_4_wpa()
886 if (random_get_bytes(sm->snonce, WPA_NONCE_LEN)) { in wpa_supplicant_process_1_of_4_wpa()
887 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, in wpa_supplicant_process_1_of_4_wpa()
891 sm->renew_snonce = 0; in wpa_supplicant_process_1_of_4_wpa()
893 sm->snonce, WPA_NONCE_LEN); in wpa_supplicant_process_1_of_4_wpa()
898 ptk = &sm->tptk; in wpa_supplicant_process_1_of_4_wpa()
899 if (wpa_derive_ptk(sm, src_addr, key, ptk) < 0) in wpa_supplicant_process_1_of_4_wpa()
901 if (sm->pairwise_cipher == WPA_CIPHER_TKIP) in wpa_supplicant_process_1_of_4_wpa()
903 sm->tptk_set = 1; in wpa_supplicant_process_1_of_4_wpa()
905 if (wpa_supplicant_send_2_of_4(sm, wpa_sm_get_auth_addr(sm), key, ver, in wpa_supplicant_process_1_of_4_wpa()
906 sm->snonce, sm->assoc_wpa_ie, in wpa_supplicant_process_1_of_4_wpa()
907 sm->assoc_wpa_ie_len, ptk) < 0) in wpa_supplicant_process_1_of_4_wpa()
910 os_memcpy(sm->anonce, key->key_nonce, WPA_NONCE_LEN); in wpa_supplicant_process_1_of_4_wpa()
914 wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED); in wpa_supplicant_process_1_of_4_wpa()
918 static void wpa_supplicant_process_1_of_4(struct wpa_sm *sm, in wpa_supplicant_process_1_of_4() argument
932 if (encrypted == FRAME_NOT_ENCRYPTED && sm->tk_set && in wpa_supplicant_process_1_of_4()
933 wpa_sm_pmf_enabled(sm)) { in wpa_supplicant_process_1_of_4()
939 if (wpa_sm_get_network_ctx(sm) == NULL) { in wpa_supplicant_process_1_of_4()
940 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, "WPA: No SSID info " in wpa_supplicant_process_1_of_4()
945 if (sm->wpa_deny_ptk0_rekey && !sm->use_ext_key_id && in wpa_supplicant_process_1_of_4()
946 wpa_sm_get_state(sm) == WPA_COMPLETED) { in wpa_supplicant_process_1_of_4()
947 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, in wpa_supplicant_process_1_of_4()
949 wpa_sm_reconnect(sm); in wpa_supplicant_process_1_of_4()
953 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: RX message 1 of 4-Way " in wpa_supplicant_process_1_of_4()
970 if (sm->mlo.valid_links && !is_valid_ap_mld_mac_kde(sm, ie.mac_addr)) { in wpa_supplicant_process_1_of_4()
976 res = wpa_supplicant_get_pmk(sm, src_addr, ie.pmkid); in wpa_supplicant_process_1_of_4()
978 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "RSN: Do not reply to " in wpa_supplicant_process_1_of_4()
985 wpa_sm_set_state(sm, WPA_4WAY_HANDSHAKE); in wpa_supplicant_process_1_of_4()
987 if (sm->renew_snonce) { in wpa_supplicant_process_1_of_4()
988 if (random_get_bytes(sm->snonce, WPA_NONCE_LEN)) { in wpa_supplicant_process_1_of_4()
989 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, in wpa_supplicant_process_1_of_4()
993 sm->renew_snonce = 0; in wpa_supplicant_process_1_of_4()
995 sm->snonce, WPA_NONCE_LEN); in wpa_supplicant_process_1_of_4()
1000 ptk = &sm->tptk; in wpa_supplicant_process_1_of_4()
1001 if (wpa_derive_ptk(sm, src_addr, key, ptk) < 0) in wpa_supplicant_process_1_of_4()
1003 if (sm->pairwise_cipher == WPA_CIPHER_TKIP) in wpa_supplicant_process_1_of_4()
1005 sm->tptk_set = 1; in wpa_supplicant_process_1_of_4()
1008 if (sm->mlo.valid_links) in wpa_supplicant_process_1_of_4()
1009 mlo_kde_len = wpa_mlo_link_kde_len(sm) + in wpa_supplicant_process_1_of_4()
1012 kde = sm->assoc_wpa_ie; in wpa_supplicant_process_1_of_4()
1013 kde_len = sm->assoc_wpa_ie_len; in wpa_supplicant_process_1_of_4()
1016 sm->assoc_rsnxe_len + in wpa_supplicant_process_1_of_4()
1026 if (wpa_sm_ocv_enabled(sm)) { in wpa_supplicant_process_1_of_4()
1031 if (wpa_sm_channel_info(sm, &ci) != 0) { in wpa_supplicant_process_1_of_4()
1037 if (sm->oci_freq_override_eapol) { in wpa_supplicant_process_1_of_4()
1040 ci.frequency, sm->oci_freq_override_eapol); in wpa_supplicant_process_1_of_4()
1041 ci.frequency = sm->oci_freq_override_eapol; in wpa_supplicant_process_1_of_4()
1051 if (sm->assoc_rsnxe && sm->assoc_rsnxe_len) { in wpa_supplicant_process_1_of_4()
1052 os_memcpy(kde + kde_len, sm->assoc_rsnxe, sm->assoc_rsnxe_len); in wpa_supplicant_process_1_of_4()
1053 kde_len += sm->assoc_rsnxe_len; in wpa_supplicant_process_1_of_4()
1057 if (sm->p2p) { in wpa_supplicant_process_1_of_4()
1073 if (DPP_VERSION > 1 && sm->key_mgmt == WPA_KEY_MGMT_DPP) { in wpa_supplicant_process_1_of_4()
1084 if (sm->dpp_pfs == 0) in wpa_supplicant_process_1_of_4()
1086 else if (sm->dpp_pfs == 1) in wpa_supplicant_process_1_of_4()
1093 if (sm->mlo.valid_links) { in wpa_supplicant_process_1_of_4()
1099 pos = rsn_add_kde(pos, RSN_KEY_DATA_MAC_ADDR, sm->own_addr, in wpa_supplicant_process_1_of_4()
1104 pos = wpa_mlo_link_kde(sm, pos); in wpa_supplicant_process_1_of_4()
1108 if (wpa_supplicant_send_2_of_4(sm, wpa_sm_get_auth_addr(sm), key, ver, in wpa_supplicant_process_1_of_4()
1109 sm->snonce, kde, kde_len, ptk) < 0) in wpa_supplicant_process_1_of_4()
1113 os_memcpy(sm->anonce, key->key_nonce, WPA_NONCE_LEN); in wpa_supplicant_process_1_of_4()
1118 wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED); in wpa_supplicant_process_1_of_4()
1124 struct wpa_sm *sm = eloop_ctx; in wpa_sm_start_preauth() local
1125 rsn_preauth_candidate_process(sm); in wpa_sm_start_preauth()
1129 static void wpa_supplicant_key_neg_complete(struct wpa_sm *sm, in wpa_supplicant_key_neg_complete() argument
1132 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, in wpa_supplicant_key_neg_complete()
1135 wpa_cipher_txt(sm->pairwise_cipher), in wpa_supplicant_key_neg_complete()
1136 wpa_cipher_txt(sm->group_cipher)); in wpa_supplicant_key_neg_complete()
1137 wpa_sm_cancel_auth_timeout(sm); in wpa_supplicant_key_neg_complete()
1138 wpa_sm_set_state(sm, WPA_COMPLETED); in wpa_supplicant_key_neg_complete()
1142 sm, addr, MLME_SETPROTECTION_PROTECT_TYPE_RX_TX, in wpa_supplicant_key_neg_complete()
1144 eapol_sm_notify_portValid(sm->eapol, true); in wpa_supplicant_key_neg_complete()
1145 if (wpa_key_mgmt_wpa_psk(sm->key_mgmt) || in wpa_supplicant_key_neg_complete()
1146 sm->key_mgmt == WPA_KEY_MGMT_DPP || in wpa_supplicant_key_neg_complete()
1147 sm->key_mgmt == WPA_KEY_MGMT_OWE) in wpa_supplicant_key_neg_complete()
1148 eapol_sm_notify_eap_success(sm->eapol, true); in wpa_supplicant_key_neg_complete()
1156 if (!dl_list_empty(&sm->pmksa_candidates)) in wpa_supplicant_key_neg_complete()
1158 sm, NULL); in wpa_supplicant_key_neg_complete()
1161 if (sm->cur_pmksa && sm->cur_pmksa->opportunistic) { in wpa_supplicant_key_neg_complete()
1162 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, in wpa_supplicant_key_neg_complete()
1165 sm->cur_pmksa->opportunistic = 0; in wpa_supplicant_key_neg_complete()
1169 if (wpa_key_mgmt_ft(sm->key_mgmt)) { in wpa_supplicant_key_neg_complete()
1171 wpa_ft_prepare_auth_request(sm, NULL); in wpa_supplicant_key_neg_complete()
1179 struct wpa_sm *sm = eloop_ctx; in wpa_sm_rekey_ptk() local
1180 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Request PTK rekeying"); in wpa_sm_rekey_ptk()
1181 wpa_sm_key_request(sm, 0, 1); in wpa_sm_rekey_ptk()
1185 static int wpa_supplicant_install_ptk(struct wpa_sm *sm, in wpa_supplicant_install_ptk() argument
1193 if (sm->ptk.installed) { in wpa_supplicant_install_ptk()
1194 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, in wpa_supplicant_install_ptk()
1199 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, in wpa_supplicant_install_ptk()
1202 if (sm->pairwise_cipher == WPA_CIPHER_NONE) { in wpa_supplicant_install_ptk()
1203 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Pairwise Cipher " in wpa_supplicant_install_ptk()
1208 if (!wpa_cipher_valid_pairwise(sm->pairwise_cipher)) { in wpa_supplicant_install_ptk()
1209 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, in wpa_supplicant_install_ptk()
1211 sm->pairwise_cipher); in wpa_supplicant_install_ptk()
1215 alg = wpa_cipher_to_alg(sm->pairwise_cipher); in wpa_supplicant_install_ptk()
1216 keylen = wpa_cipher_key_len(sm->pairwise_cipher); in wpa_supplicant_install_ptk()
1217 if (keylen <= 0 || (unsigned int) keylen != sm->ptk.tk_len) { in wpa_supplicant_install_ptk()
1219 keylen, (long unsigned int) sm->ptk.tk_len); in wpa_supplicant_install_ptk()
1222 rsclen = wpa_cipher_rsc_len(sm->pairwise_cipher); in wpa_supplicant_install_ptk()
1224 if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) { in wpa_supplicant_install_ptk()
1231 if (wpa_sm_set_key(sm, -1, alg, wpa_sm_get_auth_addr(sm), in wpa_supplicant_install_ptk()
1232 sm->keyidx_active, 1, key_rsc, rsclen, sm->ptk.tk, in wpa_supplicant_install_ptk()
1234 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, in wpa_supplicant_install_ptk()
1237 alg, keylen, MAC2STR(wpa_sm_get_auth_addr(sm)), in wpa_supplicant_install_ptk()
1238 sm->keyidx_active, key_flag); in wpa_supplicant_install_ptk()
1243 if (sm->secure_ltf && in wpa_supplicant_install_ptk()
1244 ieee802_11_rsnx_capab(sm->ap_rsnxe, WLAN_RSNX_CAPAB_SECURE_LTF) && in wpa_supplicant_install_ptk()
1245 wpa_sm_set_ltf_keyseed(sm, sm->own_addr, sm->bssid, in wpa_supplicant_install_ptk()
1246 sm->ptk.ltf_keyseed_len, in wpa_supplicant_install_ptk()
1247 sm->ptk.ltf_keyseed) < 0) { in wpa_supplicant_install_ptk()
1248 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, in wpa_supplicant_install_ptk()
1250 MACSTR ")", sm->ptk.ltf_keyseed_len, in wpa_supplicant_install_ptk()
1251 MAC2STR(sm->bssid)); in wpa_supplicant_install_ptk()
1256 wpa_sm_store_ptk(sm, sm->bssid, sm->pairwise_cipher, in wpa_supplicant_install_ptk()
1257 sm->dot11RSNAConfigPMKLifetime, &sm->ptk); in wpa_supplicant_install_ptk()
1260 os_memset(sm->ptk.tk, 0, WPA_TK_MAX_LEN); in wpa_supplicant_install_ptk()
1261 sm->ptk.tk_len = 0; in wpa_supplicant_install_ptk()
1262 sm->ptk.installed = 1; in wpa_supplicant_install_ptk()
1263 sm->tk_set = true; in wpa_supplicant_install_ptk()
1265 if (sm->wpa_ptk_rekey) { in wpa_supplicant_install_ptk()
1266 eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL); in wpa_supplicant_install_ptk()
1267 eloop_register_timeout(sm->wpa_ptk_rekey, 0, wpa_sm_rekey_ptk, in wpa_supplicant_install_ptk()
1268 sm, NULL); in wpa_supplicant_install_ptk()
1274 static int wpa_supplicant_activate_ptk(struct wpa_sm *sm) in wpa_supplicant_activate_ptk() argument
1276 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, in wpa_supplicant_activate_ptk()
1278 sm->keyidx_active, MAC2STR(wpa_sm_get_auth_addr(sm))); in wpa_supplicant_activate_ptk()
1280 if (wpa_sm_set_key(sm, -1, 0, wpa_sm_get_auth_addr(sm), in wpa_supplicant_activate_ptk()
1281 sm->keyidx_active, 0, NULL, 0, NULL, 0, in wpa_supplicant_activate_ptk()
1283 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, in wpa_supplicant_activate_ptk()
1285 MACSTR ")", sm->keyidx_active, in wpa_supplicant_activate_ptk()
1286 MAC2STR(wpa_sm_get_auth_addr(sm))); in wpa_supplicant_activate_ptk()
1293 static int wpa_supplicant_check_group_cipher(struct wpa_sm *sm, in wpa_supplicant_check_group_cipher() argument
1303 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, in wpa_supplicant_check_group_cipher()
1312 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, in wpa_supplicant_check_group_cipher()
1329 static int wpa_supplicant_install_gtk(struct wpa_sm *sm, in wpa_supplicant_install_gtk() argument
1337 if ((sm->gtk.gtk_len == (size_t) gd->gtk_len && in wpa_supplicant_install_gtk()
1338 os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) || in wpa_supplicant_install_gtk()
1339 (sm->gtk_wnm_sleep.gtk_len == (size_t) gd->gtk_len && in wpa_supplicant_install_gtk()
1340 os_memcmp(sm->gtk_wnm_sleep.gtk, gd->gtk, in wpa_supplicant_install_gtk()
1341 sm->gtk_wnm_sleep.gtk_len) == 0)) { in wpa_supplicant_install_gtk()
1342 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, in wpa_supplicant_install_gtk()
1349 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, in wpa_supplicant_install_gtk()
1353 if (sm->group_cipher == WPA_CIPHER_TKIP) { in wpa_supplicant_install_gtk()
1360 if (sm->pairwise_cipher == WPA_CIPHER_NONE) { in wpa_supplicant_install_gtk()
1361 if (wpa_sm_set_key(sm, -1, gd->alg, NULL, in wpa_supplicant_install_gtk()
1365 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, in wpa_supplicant_install_gtk()
1371 } else if (wpa_sm_set_key(sm, -1, gd->alg, broadcast_ether_addr, in wpa_supplicant_install_gtk()
1374 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, in wpa_supplicant_install_gtk()
1384 sm->gtk_wnm_sleep.gtk_len = gd->gtk_len; in wpa_supplicant_install_gtk()
1385 os_memcpy(sm->gtk_wnm_sleep.gtk, gd->gtk, in wpa_supplicant_install_gtk()
1386 sm->gtk_wnm_sleep.gtk_len); in wpa_supplicant_install_gtk()
1388 sm->gtk.gtk_len = gd->gtk_len; in wpa_supplicant_install_gtk()
1389 os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len); in wpa_supplicant_install_gtk()
1396 static int wpa_supplicant_install_mlo_gtk(struct wpa_sm *sm, u8 link_id, in wpa_supplicant_install_mlo_gtk() argument
1404 if ((sm->mlo.links[link_id].gtk.gtk_len == (size_t) gd->gtk_len && in wpa_supplicant_install_mlo_gtk()
1405 os_memcmp(sm->mlo.links[link_id].gtk.gtk, gd->gtk, in wpa_supplicant_install_mlo_gtk()
1406 sm->mlo.links[link_id].gtk.gtk_len) == 0) || in wpa_supplicant_install_mlo_gtk()
1407 (sm->mlo.links[link_id].gtk_wnm_sleep.gtk_len == in wpa_supplicant_install_mlo_gtk()
1409 os_memcmp(sm->mlo.links[link_id].gtk_wnm_sleep.gtk, gd->gtk, in wpa_supplicant_install_mlo_gtk()
1410 sm->mlo.links[link_id].gtk_wnm_sleep.gtk_len) == 0)) { in wpa_supplicant_install_mlo_gtk()
1411 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, in wpa_supplicant_install_mlo_gtk()
1419 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, in wpa_supplicant_install_mlo_gtk()
1424 if (sm->group_cipher == WPA_CIPHER_TKIP) { in wpa_supplicant_install_mlo_gtk()
1431 if (wpa_sm_set_key(sm, link_id, gd->alg, broadcast_ether_addr, in wpa_supplicant_install_mlo_gtk()
1434 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, in wpa_supplicant_install_mlo_gtk()
1443 sm->mlo.links[link_id].gtk_wnm_sleep.gtk_len = gd->gtk_len; in wpa_supplicant_install_mlo_gtk()
1444 os_memcpy(sm->mlo.links[link_id].gtk_wnm_sleep.gtk, gd->gtk, in wpa_supplicant_install_mlo_gtk()
1445 sm->mlo.links[link_id].gtk_wnm_sleep.gtk_len); in wpa_supplicant_install_mlo_gtk()
1447 sm->mlo.links[link_id].gtk.gtk_len = gd->gtk_len; in wpa_supplicant_install_mlo_gtk()
1448 os_memcpy(sm->mlo.links[link_id].gtk.gtk, gd->gtk, in wpa_supplicant_install_mlo_gtk()
1449 sm->mlo.links[link_id].gtk.gtk_len); in wpa_supplicant_install_mlo_gtk()
1456 static int wpa_supplicant_gtk_tx_bit_workaround(const struct wpa_sm *sm, in wpa_supplicant_gtk_tx_bit_workaround() argument
1459 if (tx && sm->pairwise_cipher != WPA_CIPHER_NONE) { in wpa_supplicant_gtk_tx_bit_workaround()
1465 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, in wpa_supplicant_gtk_tx_bit_workaround()
1474 static int wpa_supplicant_rsc_relaxation(const struct wpa_sm *sm, in wpa_supplicant_rsc_relaxation() argument
1479 if (!sm->wpa_rsc_relaxation) in wpa_supplicant_rsc_relaxation()
1482 rsclen = wpa_cipher_rsc_len(sm->group_cipher); in wpa_supplicant_rsc_relaxation()
1492 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, in wpa_supplicant_rsc_relaxation()
1504 static int wpa_supplicant_mlo_gtk(struct wpa_sm *sm, u8 link_id, const u8 *gtk, in wpa_supplicant_mlo_gtk() argument
1539 if (wpa_supplicant_check_group_cipher(sm, sm->group_cipher, gtk_len, in wpa_supplicant_mlo_gtk()
1542 wpa_supplicant_install_mlo_gtk(sm, link_id, &gd, key_rsc, 0)) { in wpa_supplicant_mlo_gtk()
1543 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, in wpa_supplicant_mlo_gtk()
1556 static int wpa_supplicant_pairwise_mlo_gtk(struct wpa_sm *sm, in wpa_supplicant_pairwise_mlo_gtk() argument
1563 for_each_link(sm->mlo.valid_links, i) { in wpa_supplicant_pairwise_mlo_gtk()
1565 wpa_msg(sm->ctx->msg_ctx, MSG_ERROR, in wpa_supplicant_pairwise_mlo_gtk()
1570 if (wpa_supplicant_mlo_gtk(sm, i, ie->mlo_gtk[i], in wpa_supplicant_pairwise_mlo_gtk()
1579 static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm, in wpa_supplicant_pairwise_gtk() argument
1603 gd.tx = wpa_supplicant_gtk_tx_bit_workaround(sm, in wpa_supplicant_pairwise_gtk()
1612 if (wpa_supplicant_rsc_relaxation(sm, key->key_rsc)) in wpa_supplicant_pairwise_gtk()
1615 if (sm->group_cipher != WPA_CIPHER_GTK_NOT_USED && in wpa_supplicant_pairwise_gtk()
1616 (wpa_supplicant_check_group_cipher(sm, sm->group_cipher, in wpa_supplicant_pairwise_gtk()
1619 wpa_supplicant_install_gtk(sm, &gd, key_rsc, 0))) { in wpa_supplicant_pairwise_gtk()
1620 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, in wpa_supplicant_pairwise_gtk()
1631 static int wpa_supplicant_install_igtk(struct wpa_sm *sm, in wpa_supplicant_install_igtk() argument
1635 size_t len = wpa_cipher_key_len(sm->mgmt_group_cipher); in wpa_supplicant_install_igtk()
1639 if ((sm->igtk.igtk_len == len && in wpa_supplicant_install_igtk()
1640 os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) || in wpa_supplicant_install_igtk()
1641 (sm->igtk_wnm_sleep.igtk_len == len && in wpa_supplicant_install_igtk()
1642 os_memcmp(sm->igtk_wnm_sleep.igtk, igtk->igtk, in wpa_supplicant_install_igtk()
1643 sm->igtk_wnm_sleep.igtk_len) == 0)) { in wpa_supplicant_install_igtk()
1644 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, in wpa_supplicant_install_igtk()
1650 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, in wpa_supplicant_install_igtk()
1655 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, in wpa_supplicant_install_igtk()
1659 if (wpa_sm_set_key(sm, -1, wpa_cipher_to_alg(sm->mgmt_group_cipher), in wpa_supplicant_install_igtk()
1677 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, in wpa_supplicant_install_igtk()
1680 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, in wpa_supplicant_install_igtk()
1687 sm->igtk_wnm_sleep.igtk_len = len; in wpa_supplicant_install_igtk()
1688 os_memcpy(sm->igtk_wnm_sleep.igtk, igtk->igtk, in wpa_supplicant_install_igtk()
1689 sm->igtk_wnm_sleep.igtk_len); in wpa_supplicant_install_igtk()
1691 sm->igtk.igtk_len = len; in wpa_supplicant_install_igtk()
1692 os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len); in wpa_supplicant_install_igtk()
1699 static int wpa_supplicant_install_bigtk(struct wpa_sm *sm, in wpa_supplicant_install_bigtk() argument
1703 size_t len = wpa_cipher_key_len(sm->mgmt_group_cipher); in wpa_supplicant_install_bigtk()
1707 if ((sm->bigtk.bigtk_len == len && in wpa_supplicant_install_bigtk()
1708 os_memcmp(sm->bigtk.bigtk, bigtk->bigtk, in wpa_supplicant_install_bigtk()
1709 sm->bigtk.bigtk_len) == 0) || in wpa_supplicant_install_bigtk()
1710 (sm->bigtk_wnm_sleep.bigtk_len == len && in wpa_supplicant_install_bigtk()
1711 os_memcmp(sm->bigtk_wnm_sleep.bigtk, bigtk->bigtk, in wpa_supplicant_install_bigtk()
1712 sm->bigtk_wnm_sleep.bigtk_len) == 0)) { in wpa_supplicant_install_bigtk()
1713 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, in wpa_supplicant_install_bigtk()
1719 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, in wpa_supplicant_install_bigtk()
1724 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, in wpa_supplicant_install_bigtk()
1728 if (wpa_sm_set_key(sm, -1, wpa_cipher_to_alg(sm->mgmt_group_cipher), in wpa_supplicant_install_bigtk()
1732 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, in wpa_supplicant_install_bigtk()
1738 sm->bigtk_wnm_sleep.bigtk_len = len; in wpa_supplicant_install_bigtk()
1739 os_memcpy(sm->bigtk_wnm_sleep.bigtk, bigtk->bigtk, in wpa_supplicant_install_bigtk()
1740 sm->bigtk_wnm_sleep.bigtk_len); in wpa_supplicant_install_bigtk()
1742 sm->bigtk.bigtk_len = len; in wpa_supplicant_install_bigtk()
1743 os_memcpy(sm->bigtk.bigtk, bigtk->bigtk, sm->bigtk.bigtk_len); in wpa_supplicant_install_bigtk()
1750 static int wpa_supplicant_install_mlo_igtk(struct wpa_sm *sm, u8 link_id, in wpa_supplicant_install_mlo_igtk() argument
1754 size_t len = wpa_cipher_key_len(sm->mgmt_group_cipher); in wpa_supplicant_install_mlo_igtk()
1758 if ((sm->mlo.links[link_id].igtk.igtk_len == len && in wpa_supplicant_install_mlo_igtk()
1759 os_memcmp(sm->mlo.links[link_id].igtk.igtk, igtk->igtk, in wpa_supplicant_install_mlo_igtk()
1760 sm->mlo.links[link_id].igtk.igtk_len) == 0) || in wpa_supplicant_install_mlo_igtk()
1761 (sm->mlo.links[link_id].igtk_wnm_sleep.igtk_len == len && in wpa_supplicant_install_mlo_igtk()
1762 os_memcmp(sm->mlo.links[link_id].igtk_wnm_sleep.igtk, igtk->igtk, in wpa_supplicant_install_mlo_igtk()
1763 sm->mlo.links[link_id].igtk_wnm_sleep.igtk_len) == 0)) { in wpa_supplicant_install_mlo_igtk()
1764 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, in wpa_supplicant_install_mlo_igtk()
1770 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, in wpa_supplicant_install_mlo_igtk()
1775 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, in wpa_supplicant_install_mlo_igtk()
1780 if (wpa_sm_set_key(sm, link_id, in wpa_supplicant_install_mlo_igtk()
1781 wpa_cipher_to_alg(sm->mgmt_group_cipher), in wpa_supplicant_install_mlo_igtk()
1785 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, in wpa_supplicant_install_mlo_igtk()
1792 sm->mlo.links[link_id].igtk_wnm_sleep.igtk_len = len; in wpa_supplicant_install_mlo_igtk()
1793 os_memcpy(sm->mlo.links[link_id].igtk_wnm_sleep.igtk, in wpa_supplicant_install_mlo_igtk()
1795 sm->mlo.links[link_id].igtk_wnm_sleep.igtk_len); in wpa_supplicant_install_mlo_igtk()
1797 sm->mlo.links[link_id].igtk.igtk_len = len; in wpa_supplicant_install_mlo_igtk()
1798 os_memcpy(sm->mlo.links[link_id].igtk.igtk, igtk->igtk, in wpa_supplicant_install_mlo_igtk()
1799 sm->mlo.links[link_id].igtk.igtk_len); in wpa_supplicant_install_mlo_igtk()
1807 wpa_supplicant_install_mlo_bigtk(struct wpa_sm *sm, u8 link_id, in wpa_supplicant_install_mlo_bigtk() argument
1811 size_t len = wpa_cipher_key_len(sm->mgmt_group_cipher); in wpa_supplicant_install_mlo_bigtk()
1815 if ((sm->mlo.links[link_id].bigtk.bigtk_len == len && in wpa_supplicant_install_mlo_bigtk()
1816 os_memcmp(sm->mlo.links[link_id].bigtk.bigtk, bigtk->bigtk, in wpa_supplicant_install_mlo_bigtk()
1817 sm->mlo.links[link_id].bigtk.bigtk_len) == 0) || in wpa_supplicant_install_mlo_bigtk()
1818 (sm->mlo.links[link_id].bigtk_wnm_sleep.bigtk_len == len && in wpa_supplicant_install_mlo_bigtk()
1819 os_memcmp(sm->mlo.links[link_id].bigtk_wnm_sleep.bigtk, in wpa_supplicant_install_mlo_bigtk()
1821 sm->mlo.links[link_id].bigtk_wnm_sleep.bigtk_len) == in wpa_supplicant_install_mlo_bigtk()
1823 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, in wpa_supplicant_install_mlo_bigtk()
1829 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, in wpa_supplicant_install_mlo_bigtk()
1835 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, in wpa_supplicant_install_mlo_bigtk()
1840 if (wpa_sm_set_key(sm, link_id, in wpa_supplicant_install_mlo_bigtk()
1841 wpa_cipher_to_alg(sm->mgmt_group_cipher), in wpa_supplicant_install_mlo_bigtk()
1845 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, in wpa_supplicant_install_mlo_bigtk()
1852 sm->mlo.links[link_id].bigtk_wnm_sleep.bigtk_len = len; in wpa_supplicant_install_mlo_bigtk()
1853 os_memcpy(sm->mlo.links[link_id].bigtk_wnm_sleep.bigtk, in wpa_supplicant_install_mlo_bigtk()
1855 sm->mlo.links[link_id].bigtk_wnm_sleep.bigtk_len); in wpa_supplicant_install_mlo_bigtk()
1857 sm->mlo.links[link_id].bigtk.bigtk_len = len; in wpa_supplicant_install_mlo_bigtk()
1858 os_memcpy(sm->mlo.links[link_id].bigtk.bigtk, bigtk->bigtk, in wpa_supplicant_install_mlo_bigtk()
1859 sm->mlo.links[link_id].bigtk.bigtk_len); in wpa_supplicant_install_mlo_bigtk()
1866 static int _mlo_ieee80211w_set_keys(struct wpa_sm *sm, u8 link_id, in _mlo_ieee80211w_set_keys() argument
1872 len = wpa_cipher_key_len(sm->mgmt_group_cipher); in _mlo_ieee80211w_set_keys()
1878 sm, link_id, in _mlo_ieee80211w_set_keys()
1885 if (ie->mlo_bigtk[link_id] && sm->beacon_prot) { in _mlo_ieee80211w_set_keys()
1886 len = wpa_cipher_key_len(sm->mgmt_group_cipher); in _mlo_ieee80211w_set_keys()
1892 sm, link_id, in _mlo_ieee80211w_set_keys()
1903 static int mlo_ieee80211w_set_keys(struct wpa_sm *sm, in mlo_ieee80211w_set_keys() argument
1908 if (!wpa_cipher_valid_mgmt_group(sm->mgmt_group_cipher) || in mlo_ieee80211w_set_keys()
1909 sm->mgmt_group_cipher == WPA_CIPHER_GTK_NOT_USED) in mlo_ieee80211w_set_keys()
1912 for_each_link(sm->mlo.valid_links, i) { in mlo_ieee80211w_set_keys()
1913 if (_mlo_ieee80211w_set_keys(sm, i, ie)) in mlo_ieee80211w_set_keys()
1921 static int ieee80211w_set_keys(struct wpa_sm *sm, in ieee80211w_set_keys() argument
1926 if (!wpa_cipher_valid_mgmt_group(sm->mgmt_group_cipher) || in ieee80211w_set_keys()
1927 sm->mgmt_group_cipher == WPA_CIPHER_GTK_NOT_USED) in ieee80211w_set_keys()
1933 len = wpa_cipher_key_len(sm->mgmt_group_cipher); in ieee80211w_set_keys()
1938 if (wpa_supplicant_install_igtk(sm, igtk, 0) < 0) in ieee80211w_set_keys()
1942 if (ie->bigtk && sm->beacon_prot) { in ieee80211w_set_keys()
1945 len = wpa_cipher_key_len(sm->mgmt_group_cipher); in ieee80211w_set_keys()
1950 if (wpa_supplicant_install_bigtk(sm, bigtk, 0) < 0) in ieee80211w_set_keys()
1958 static void wpa_report_ie_mismatch(struct wpa_sm *sm, in wpa_report_ie_mismatch() argument
1963 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, "WPA: %s (src=" MACSTR ")", in wpa_report_ie_mismatch()
1966 if (sm->ap_wpa_ie) { in wpa_report_ie_mismatch()
1968 sm->ap_wpa_ie, sm->ap_wpa_ie_len); in wpa_report_ie_mismatch()
1971 if (!sm->ap_wpa_ie) { in wpa_report_ie_mismatch()
1972 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, in wpa_report_ie_mismatch()
1979 if (sm->ap_rsn_ie) { in wpa_report_ie_mismatch()
1981 sm->ap_rsn_ie, sm->ap_rsn_ie_len); in wpa_report_ie_mismatch()
1984 if (!sm->ap_rsn_ie) { in wpa_report_ie_mismatch()
1985 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, in wpa_report_ie_mismatch()
1992 wpa_sm_deauthenticate(sm, WLAN_REASON_IE_IN_4WAY_DIFFERS); in wpa_report_ie_mismatch()
1998 static int ft_validate_mdie(struct wpa_sm *sm, in ft_validate_mdie() argument
2007 os_memcmp(mdie->mobility_domain, sm->mobility_domain, in ft_validate_mdie()
2009 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "FT: MDIE in msg 3/4 did " in ft_validate_mdie()
2017 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "FT: MDIE mismatch"); in ft_validate_mdie()
2029 static int ft_validate_ftie(struct wpa_sm *sm, in ft_validate_ftie() argument
2035 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, in ft_validate_ftie()
2045 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "FT: FTIE mismatch"); in ft_validate_ftie()
2057 static int ft_validate_rsnie(struct wpa_sm *sm, in ft_validate_rsnie() argument
2072 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "FT: No PMKR1Name in " in ft_validate_rsnie()
2077 if (os_memcmp_const(rsn.pmkid, sm->pmk_r1_name, WPA_PMK_NAME_LEN) != 0) in ft_validate_rsnie()
2079 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, in ft_validate_rsnie()
2085 sm->pmk_r1_name, WPA_PMK_NAME_LEN); in ft_validate_rsnie()
2093 static int wpa_supplicant_validate_ie_ft(struct wpa_sm *sm, in wpa_supplicant_validate_ie_ft() argument
2099 if (sm->assoc_resp_ies) { in wpa_supplicant_validate_ie_ft()
2100 pos = sm->assoc_resp_ies; in wpa_supplicant_validate_ie_ft()
2101 end = pos + sm->assoc_resp_ies_len; in wpa_supplicant_validate_ie_ft()
2117 if (ft_validate_mdie(sm, src_addr, ie, mdie) < 0 || in wpa_supplicant_validate_ie_ft()
2118 ft_validate_ftie(sm, src_addr, ie, ftie) < 0 || in wpa_supplicant_validate_ie_ft()
2119 ft_validate_rsnie(sm, src_addr, ie) < 0) in wpa_supplicant_validate_ie_ft()
2128 static int wpa_supplicant_validate_ie(struct wpa_sm *sm, in wpa_supplicant_validate_ie() argument
2132 if (sm->ap_wpa_ie == NULL && sm->ap_rsn_ie == NULL) { in wpa_supplicant_validate_ie()
2133 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, in wpa_supplicant_validate_ie()
2136 if (wpa_sm_get_beacon_ie(sm) < 0) { in wpa_supplicant_validate_ie()
2137 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, in wpa_supplicant_validate_ie()
2142 wpa_msg(sm->ctx->msg_ctx, MSG_DEBUG, in wpa_supplicant_validate_ie()
2147 (sm->ap_wpa_ie || sm->ap_rsn_ie)) { in wpa_supplicant_validate_ie()
2148 wpa_report_ie_mismatch(sm, "IE in 3/4 msg does not match " in wpa_supplicant_validate_ie()
2155 if ((ie->wpa_ie && sm->ap_wpa_ie && in wpa_supplicant_validate_ie()
2156 (ie->wpa_ie_len != sm->ap_wpa_ie_len || in wpa_supplicant_validate_ie()
2157 os_memcmp(ie->wpa_ie, sm->ap_wpa_ie, ie->wpa_ie_len) != 0)) || in wpa_supplicant_validate_ie()
2158 (ie->rsn_ie && sm->ap_rsn_ie && in wpa_supplicant_validate_ie()
2159 wpa_compare_rsn_ie(wpa_key_mgmt_ft(sm->key_mgmt), in wpa_supplicant_validate_ie()
2160 sm->ap_rsn_ie, sm->ap_rsn_ie_len, in wpa_supplicant_validate_ie()
2162 wpa_report_ie_mismatch(sm, "IE in 3/4 msg does not match " in wpa_supplicant_validate_ie()
2169 if (sm->proto == WPA_PROTO_WPA && in wpa_supplicant_validate_ie()
2170 ie->rsn_ie && sm->ap_rsn_ie == NULL && sm->rsn_enabled) { in wpa_supplicant_validate_ie()
2171 wpa_report_ie_mismatch(sm, "Possible downgrade attack " in wpa_supplicant_validate_ie()
2180 if (sm->proto == WPA_PROTO_RSN && in wpa_supplicant_validate_ie()
2181 ((sm->ap_rsnxe && !ie->rsnxe) || in wpa_supplicant_validate_ie()
2182 (!sm->ap_rsnxe && ie->rsnxe) || in wpa_supplicant_validate_ie()
2183 (sm->ap_rsnxe && ie->rsnxe && in wpa_supplicant_validate_ie()
2184 (sm->ap_rsnxe_len != ie->rsnxe_len || in wpa_supplicant_validate_ie()
2185 os_memcmp(sm->ap_rsnxe, ie->rsnxe, sm->ap_rsnxe_len) != 0)))) { in wpa_supplicant_validate_ie()
2186 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, in wpa_supplicant_validate_ie()
2189 sm->ap_rsnxe, sm->ap_rsnxe_len); in wpa_supplicant_validate_ie()
2192 wpa_sm_deauthenticate(sm, WLAN_REASON_IE_IN_4WAY_DIFFERS); in wpa_supplicant_validate_ie()
2197 if (wpa_key_mgmt_ft(sm->key_mgmt) && in wpa_supplicant_validate_ie()
2198 wpa_supplicant_validate_ie_ft(sm, src_addr, ie) < 0) in wpa_supplicant_validate_ie()
2208 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2216 int wpa_supplicant_send_4_of_4(struct wpa_sm *sm, const unsigned char *dst, in wpa_supplicant_send_4_of_4() argument
2230 if (sm->mlo.valid_links) { in wpa_supplicant_send_4_of_4()
2240 pos = rsn_add_kde(pos, RSN_KEY_DATA_MAC_ADDR, sm->own_addr, in wpa_supplicant_send_4_of_4()
2246 if (sm->test_eapol_m4_elems) in wpa_supplicant_send_4_of_4()
2247 extra_len = wpabuf_len(sm->test_eapol_m4_elems); in wpa_supplicant_send_4_of_4()
2248 if (sm->encrypt_eapol_m4) { in wpa_supplicant_send_4_of_4()
2256 mic_len = wpa_mic_len(sm->key_mgmt, sm->pmk_len); in wpa_supplicant_send_4_of_4()
2258 rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL, in wpa_supplicant_send_4_of_4()
2266 reply->type = (sm->proto == WPA_PROTO_RSN || in wpa_supplicant_send_4_of_4()
2267 sm->proto == WPA_PROTO_OSEN) ? in wpa_supplicant_send_4_of_4()
2276 if (sm->encrypt_eapol_m4) in wpa_supplicant_send_4_of_4()
2280 if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) in wpa_supplicant_send_4_of_4()
2296 if (sm->test_eapol_m4_elems) { in wpa_supplicant_send_4_of_4()
2298 wpabuf_head(sm->test_eapol_m4_elems), in wpa_supplicant_send_4_of_4()
2299 wpabuf_len(sm->test_eapol_m4_elems)); in wpa_supplicant_send_4_of_4()
2302 if (sm->encrypt_eapol_m4) { in wpa_supplicant_send_4_of_4()
2306 if (sm->test_eapol_m4_elems) in wpa_supplicant_send_4_of_4()
2307 extra_len = wpabuf_len(sm->test_eapol_m4_elems); in wpa_supplicant_send_4_of_4()
2334 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Sending EAPOL-Key 4/4"); in wpa_supplicant_send_4_of_4()
2335 return wpa_eapol_key_send(sm, ptk, ver, dst, ETH_P_EAPOL, rbuf, rlen, in wpa_supplicant_send_4_of_4()
2340 static int wpa_supplicant_validate_link_kde(struct wpa_sm *sm, u8 link_id, in wpa_supplicant_validate_link_kde() argument
2349 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, in wpa_supplicant_validate_link_kde()
2355 if (!ether_addr_equal(sm->mlo.links[link_id].bssid, in wpa_supplicant_validate_link_kde()
2357 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, in wpa_supplicant_validate_link_kde()
2362 MAC2STR(sm->mlo.links[link_id].bssid)); in wpa_supplicant_validate_link_kde()
2371 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, in wpa_supplicant_validate_link_kde()
2381 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, in wpa_supplicant_validate_link_kde()
2392 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, in wpa_supplicant_validate_link_kde()
2401 if (wpa_compare_rsn_ie(wpa_key_mgmt_ft(sm->key_mgmt), in wpa_supplicant_validate_link_kde()
2402 sm->mlo.links[link_id].ap_rsne, in wpa_supplicant_validate_link_kde()
2403 sm->mlo.links[link_id].ap_rsne_len, in wpa_supplicant_validate_link_kde()
2405 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, in wpa_supplicant_validate_link_kde()
2409 sm->mlo.links[link_id].ap_rsne, in wpa_supplicant_validate_link_kde()
2410 sm->mlo.links[link_id].ap_rsne_len); in wpa_supplicant_validate_link_kde()
2416 if ((sm->mlo.links[link_id].ap_rsnxe && !rsnxe) || in wpa_supplicant_validate_link_kde()
2417 (!sm->mlo.links[link_id].ap_rsnxe && rsnxe) || in wpa_supplicant_validate_link_kde()
2418 (sm->mlo.links[link_id].ap_rsnxe && rsnxe && in wpa_supplicant_validate_link_kde()
2419 (sm->mlo.links[link_id].ap_rsnxe_len != rsnxe_len || in wpa_supplicant_validate_link_kde()
2420 os_memcmp(sm->mlo.links[link_id].ap_rsnxe, rsnxe, in wpa_supplicant_validate_link_kde()
2421 sm->mlo.links[link_id].ap_rsnxe_len) != 0))) { in wpa_supplicant_validate_link_kde()
2422 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, in wpa_supplicant_validate_link_kde()
2426 sm->mlo.links[link_id].ap_rsnxe, in wpa_supplicant_validate_link_kde()
2427 sm->mlo.links[link_id].ap_rsnxe_len); in wpa_supplicant_validate_link_kde()
2430 wpa_sm_deauthenticate(sm, WLAN_REASON_IE_IN_4WAY_DIFFERS); in wpa_supplicant_validate_link_kde()
2438 static int wpa_validate_mlo_ieee80211w_kdes(struct wpa_sm *sm, in wpa_validate_mlo_ieee80211w_kdes() argument
2444 (unsigned int) wpa_cipher_key_len(sm->mgmt_group_cipher)) { in wpa_validate_mlo_ieee80211w_kdes()
2445 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, in wpa_validate_mlo_ieee80211w_kdes()
2451 if (!sm->beacon_prot) in wpa_validate_mlo_ieee80211w_kdes()
2456 (unsigned int) wpa_cipher_key_len(sm->mgmt_group_cipher)) { in wpa_validate_mlo_ieee80211w_kdes()
2457 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, in wpa_validate_mlo_ieee80211w_kdes()
2467 static void wpa_supplicant_process_3_of_4_wpa(struct wpa_sm *sm, in wpa_supplicant_process_3_of_4_wpa() argument
2475 wpa_sm_set_state(sm, WPA_4WAY_HANDSHAKE); in wpa_supplicant_process_3_of_4_wpa()
2476 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, in wpa_supplicant_process_3_of_4_wpa()
2478 " (ver=%d)", MAC2STR(sm->bssid), ver); in wpa_supplicant_process_3_of_4_wpa()
2486 if (wpa_supplicant_validate_ie(sm, sm->bssid, &ie) < 0) in wpa_supplicant_process_3_of_4_wpa()
2489 if (os_memcmp(sm->anonce, key->key_nonce, WPA_NONCE_LEN) != 0) { in wpa_supplicant_process_3_of_4_wpa()
2490 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, in wpa_supplicant_process_3_of_4_wpa()
2492 MACSTR ")", MAC2STR(sm->bssid)); in wpa_supplicant_process_3_of_4_wpa()
2497 if (keylen != wpa_cipher_key_len(sm->pairwise_cipher)) { in wpa_supplicant_process_3_of_4_wpa()
2498 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, in wpa_supplicant_process_3_of_4_wpa()
2500 wpa_cipher_txt(sm->pairwise_cipher), keylen, in wpa_supplicant_process_3_of_4_wpa()
2501 MAC2STR(sm->bssid)); in wpa_supplicant_process_3_of_4_wpa()
2505 if (wpa_supplicant_send_4_of_4(sm, wpa_sm_get_auth_addr(sm), key, ver, in wpa_supplicant_process_3_of_4_wpa()
2506 key_info, &sm->ptk) < 0) in wpa_supplicant_process_3_of_4_wpa()
2512 sm->renew_snonce = 1; in wpa_supplicant_process_3_of_4_wpa()
2515 wpa_supplicant_install_ptk(sm, key, KEY_FLAG_RX_TX)) in wpa_supplicant_process_3_of_4_wpa()
2520 sm, sm->bssid, MLME_SETPROTECTION_PROTECT_TYPE_RX, in wpa_supplicant_process_3_of_4_wpa()
2522 eapol_sm_notify_portValid(sm->eapol, true); in wpa_supplicant_process_3_of_4_wpa()
2524 wpa_sm_set_state(sm, WPA_GROUP_HANDSHAKE); in wpa_supplicant_process_3_of_4_wpa()
2526 sm->msg_3_of_4_ok = 1; in wpa_supplicant_process_3_of_4_wpa()
2530 wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED); in wpa_supplicant_process_3_of_4_wpa()
2534 static void wpa_supplicant_process_3_of_4(struct wpa_sm *sm, in wpa_supplicant_process_3_of_4() argument
2541 bool mlo = sm->mlo.valid_links; in wpa_supplicant_process_3_of_4()
2544 wpa_sm_set_state(sm, WPA_4WAY_HANDSHAKE); in wpa_supplicant_process_3_of_4()
2545 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, in wpa_supplicant_process_3_of_4()
2547 " (ver=%d)%s", MAC2STR(sm->bssid), ver, mlo ? " (MLO)" : ""); in wpa_supplicant_process_3_of_4()
2555 if (sm->ssid_protection) { in wpa_supplicant_process_3_of_4()
2557 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, in wpa_supplicant_process_3_of_4()
2562 if (ie.ssid_len != sm->ssid_len || in wpa_supplicant_process_3_of_4()
2563 os_memcmp(ie.ssid, sm->ssid, sm->ssid_len) != 0) { in wpa_supplicant_process_3_of_4()
2564 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, in wpa_supplicant_process_3_of_4()
2569 sm->ssid, sm->ssid_len); in wpa_supplicant_process_3_of_4()
2573 wpa_sm_ssid_verified(sm); in wpa_supplicant_process_3_of_4()
2577 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, in wpa_supplicant_process_3_of_4()
2587 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, in wpa_supplicant_process_3_of_4()
2593 if (mlo && !is_valid_ap_mld_mac_kde(sm, ie.mac_addr)) { in wpa_supplicant_process_3_of_4()
2599 if (!(sm->mlo.req_links & BIT(i))) in wpa_supplicant_process_3_of_4()
2602 if (wpa_supplicant_validate_link_kde(sm, i, ie.mlo_link[i], in wpa_supplicant_process_3_of_4()
2606 if (!(sm->mlo.valid_links & BIT(i))) in wpa_supplicant_process_3_of_4()
2610 wpa_msg(sm->ctx->msg_ctx, MSG_ERROR, in wpa_supplicant_process_3_of_4()
2615 if (sm->mgmt_group_cipher != WPA_CIPHER_GTK_NOT_USED && in wpa_supplicant_process_3_of_4()
2616 wpa_cipher_valid_mgmt_group(sm->mgmt_group_cipher) && in wpa_supplicant_process_3_of_4()
2617 wpa_validate_mlo_ieee80211w_kdes(sm, i, &ie) < 0) in wpa_supplicant_process_3_of_4()
2622 if (mlo && wpa_key_mgmt_ft(sm->key_mgmt) && in wpa_supplicant_process_3_of_4()
2623 wpa_supplicant_validate_ie_ft(sm, sm->bssid, &ie) < 0) in wpa_supplicant_process_3_of_4()
2628 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, in wpa_supplicant_process_3_of_4()
2633 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, in wpa_supplicant_process_3_of_4()
2639 sm->mgmt_group_cipher != WPA_CIPHER_GTK_NOT_USED && in wpa_supplicant_process_3_of_4()
2640 wpa_cipher_valid_mgmt_group(sm->mgmt_group_cipher) && in wpa_supplicant_process_3_of_4()
2642 (unsigned int) wpa_cipher_key_len(sm->mgmt_group_cipher)) { in wpa_supplicant_process_3_of_4()
2643 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, in wpa_supplicant_process_3_of_4()
2649 if (!mlo && wpa_supplicant_validate_ie(sm, sm->bssid, &ie) < 0) in wpa_supplicant_process_3_of_4()
2652 if (wpa_handle_ext_key_id(sm, &ie)) in wpa_supplicant_process_3_of_4()
2655 if (os_memcmp(sm->anonce, key->key_nonce, WPA_NONCE_LEN) != 0) { in wpa_supplicant_process_3_of_4()
2656 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, in wpa_supplicant_process_3_of_4()
2659 MACSTR ")", MAC2STR(sm->bssid)); in wpa_supplicant_process_3_of_4()
2664 if (keylen != wpa_cipher_key_len(sm->pairwise_cipher)) { in wpa_supplicant_process_3_of_4()
2665 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, in wpa_supplicant_process_3_of_4()
2667 ")", wpa_cipher_txt(sm->pairwise_cipher), keylen, in wpa_supplicant_process_3_of_4()
2668 MAC2STR(sm->bssid)); in wpa_supplicant_process_3_of_4()
2674 os_memcpy(sm->p2p_ip_addr, ie.ip_addr_alloc, 3 * 4); in wpa_supplicant_process_3_of_4()
2676 sm->p2p_ip_addr, sizeof(sm->p2p_ip_addr)); in wpa_supplicant_process_3_of_4()
2681 if (wpa_sm_ocv_enabled(sm)) { in wpa_supplicant_process_3_of_4()
2684 if (wpa_sm_channel_info(sm, &ci) != 0) { in wpa_supplicant_process_3_of_4()
2685 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, in wpa_supplicant_process_3_of_4()
2693 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, OCV_FAILURE in wpa_supplicant_process_3_of_4()
2695 MAC2STR(sm->bssid), ocv_errorstr); in wpa_supplicant_process_3_of_4()
2706 if (sm->key_mgmt == WPA_KEY_MGMT_DPP && sm->dpp_pfs != 2 && in wpa_supplicant_process_3_of_4()
2707 (ie.dpp_kde[1] & DPP_KDE_PFS_ALLOWED) && !sm->dpp_z) { in wpa_supplicant_process_3_of_4()
2715 if (sm->use_ext_key_id && in wpa_supplicant_process_3_of_4()
2716 wpa_supplicant_install_ptk(sm, key, KEY_FLAG_RX)) in wpa_supplicant_process_3_of_4()
2719 if (wpa_supplicant_send_4_of_4(sm, wpa_sm_get_auth_addr(sm), key, ver, in wpa_supplicant_process_3_of_4()
2720 key_info, &sm->ptk) < 0) in wpa_supplicant_process_3_of_4()
2726 sm->renew_snonce = 1; in wpa_supplicant_process_3_of_4()
2731 if (sm->use_ext_key_id) in wpa_supplicant_process_3_of_4()
2732 res = wpa_supplicant_activate_ptk(sm); in wpa_supplicant_process_3_of_4()
2734 res = wpa_supplicant_install_ptk(sm, key, in wpa_supplicant_process_3_of_4()
2742 sm, sm->bssid, MLME_SETPROTECTION_PROTECT_TYPE_RX, in wpa_supplicant_process_3_of_4()
2744 eapol_sm_notify_portValid(sm->eapol, true); in wpa_supplicant_process_3_of_4()
2746 wpa_sm_set_state(sm, WPA_GROUP_HANDSHAKE); in wpa_supplicant_process_3_of_4()
2749 if (wpa_supplicant_pairwise_mlo_gtk(sm, key, &ie, in wpa_supplicant_process_3_of_4()
2751 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, in wpa_supplicant_process_3_of_4()
2755 } else if (sm->group_cipher == WPA_CIPHER_GTK_NOT_USED) { in wpa_supplicant_process_3_of_4()
2757 } else if (!ie.gtk && sm->proto == WPA_PROTO_RSN) { in wpa_supplicant_process_3_of_4()
2758 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, in wpa_supplicant_process_3_of_4()
2762 wpa_supplicant_pairwise_gtk(sm, key, in wpa_supplicant_process_3_of_4()
2764 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, in wpa_supplicant_process_3_of_4()
2769 if ((mlo && mlo_ieee80211w_set_keys(sm, &ie) < 0) || in wpa_supplicant_process_3_of_4()
2770 (!mlo && ieee80211w_set_keys(sm, &ie) < 0)) { in wpa_supplicant_process_3_of_4()
2771 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, in wpa_supplicant_process_3_of_4()
2776 if (mlo || sm->group_cipher == WPA_CIPHER_GTK_NOT_USED || ie.gtk) in wpa_supplicant_process_3_of_4()
2777 wpa_supplicant_key_neg_complete(sm, sm->bssid, in wpa_supplicant_process_3_of_4()
2781 wpa_sm_set_rekey_offload(sm); in wpa_supplicant_process_3_of_4()
2788 if (sm->proto == WPA_PROTO_RSN && wpa_key_mgmt_suite_b(sm->key_mgmt) && in wpa_supplicant_process_3_of_4()
2789 !sm->cur_pmksa) { in wpa_supplicant_process_3_of_4()
2792 sa = pmksa_cache_add(sm->pmksa, sm->pmk, sm->pmk_len, NULL, in wpa_supplicant_process_3_of_4()
2793 sm->ptk.kck, sm->ptk.kck_len, in wpa_supplicant_process_3_of_4()
2794 wpa_sm_get_auth_addr(sm), sm->own_addr, in wpa_supplicant_process_3_of_4()
2795 sm->network_ctx, sm->key_mgmt, NULL); in wpa_supplicant_process_3_of_4()
2796 if (!sm->cur_pmksa) in wpa_supplicant_process_3_of_4()
2797 sm->cur_pmksa = sa; in wpa_supplicant_process_3_of_4()
2801 wpa_sm_transition_disable(sm, ie.transition_disable[0]); in wpa_supplicant_process_3_of_4()
2802 sm->msg_3_of_4_ok = 1; in wpa_supplicant_process_3_of_4()
2806 wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED); in wpa_supplicant_process_3_of_4()
2810 static int wpa_supplicant_send_2_of_2(struct wpa_sm *sm, in wpa_supplicant_send_2_of_2() argument
2820 if (sm->disable_eapol_g2_tx) { in wpa_supplicant_send_2_of_2()
2827 if (wpa_sm_ocv_enabled(sm)) in wpa_supplicant_send_2_of_2()
2831 mic_len = wpa_mic_len(sm->key_mgmt, sm->pmk_len); in wpa_supplicant_send_2_of_2()
2833 rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL, in wpa_supplicant_send_2_of_2()
2838 reply->type = (sm->proto == WPA_PROTO_RSN || in wpa_supplicant_send_2_of_2()
2839 sm->proto == WPA_PROTO_OSEN) ? in wpa_supplicant_send_2_of_2()
2848 if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) in wpa_supplicant_send_2_of_2()
2859 if (wpa_sm_ocv_enabled(sm)) { in wpa_supplicant_send_2_of_2()
2863 if (wpa_sm_channel_info(sm, &ci) != 0) { in wpa_supplicant_send_2_of_2()
2870 if (sm->oci_freq_override_eapol_g2) { in wpa_supplicant_send_2_of_2()
2874 sm->oci_freq_override_eapol_g2); in wpa_supplicant_send_2_of_2()
2875 ci.frequency = sm->oci_freq_override_eapol_g2; in wpa_supplicant_send_2_of_2()
2887 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Sending EAPOL-Key 2/2"); in wpa_supplicant_send_2_of_2()
2888 return wpa_eapol_key_send(sm, &sm->ptk, ver, wpa_sm_get_auth_addr(sm), in wpa_supplicant_send_2_of_2()
2893 static void wpa_supplicant_process_mlo_1_of_2(struct wpa_sm *sm, in wpa_supplicant_process_mlo_1_of_2() argument
2903 if (!sm->msg_3_of_4_ok && !wpa_fils_is_completed(sm)) { in wpa_supplicant_process_mlo_1_of_2()
2904 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, in wpa_supplicant_process_mlo_1_of_2()
2909 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "MLO RSN: RX message 1 of Group " in wpa_supplicant_process_mlo_1_of_2()
2915 wpa_sm_set_state(sm, WPA_GROUP_HANDSHAKE); in wpa_supplicant_process_mlo_1_of_2()
2923 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, in wpa_supplicant_process_mlo_1_of_2()
2929 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, in wpa_supplicant_process_mlo_1_of_2()
2935 if (wpa_sm_ocv_enabled(sm)) { in wpa_supplicant_process_mlo_1_of_2()
2938 if (wpa_sm_channel_info(sm, &ci) != 0) { in wpa_supplicant_process_mlo_1_of_2()
2939 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, in wpa_supplicant_process_mlo_1_of_2()
2947 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, OCV_FAILURE in wpa_supplicant_process_mlo_1_of_2()
2949 MAC2STR(sm->bssid), ocv_errorstr); in wpa_supplicant_process_mlo_1_of_2()
2955 if (mlo_ieee80211w_set_keys(sm, &ie) < 0) in wpa_supplicant_process_mlo_1_of_2()
2956 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, in wpa_supplicant_process_mlo_1_of_2()
2959 for_each_link(sm->mlo.valid_links, i) { in wpa_supplicant_process_mlo_1_of_2()
2967 if (wpa_supplicant_mlo_gtk(sm, i, ie.mlo_gtk[i], in wpa_supplicant_process_mlo_1_of_2()
2972 if (wpa_supplicant_send_2_of_2(sm, key, ver, key_info) < 0) in wpa_supplicant_process_mlo_1_of_2()
2975 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, "MLO RSN: Group rekeying completed " in wpa_supplicant_process_mlo_1_of_2()
2976 "with " MACSTR " [GTK=%s]", MAC2STR(sm->mlo.ap_mld_addr), in wpa_supplicant_process_mlo_1_of_2()
2977 wpa_cipher_txt(sm->group_cipher)); in wpa_supplicant_process_mlo_1_of_2()
2978 wpa_sm_cancel_auth_timeout(sm); in wpa_supplicant_process_mlo_1_of_2()
2979 wpa_sm_set_state(sm, WPA_COMPLETED); in wpa_supplicant_process_mlo_1_of_2()
2981 wpa_sm_set_rekey_offload(sm); in wpa_supplicant_process_mlo_1_of_2()
2986 wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED); in wpa_supplicant_process_mlo_1_of_2()
2990 static void wpa_supplicant_process_1_of_2_wpa(struct wpa_sm *sm, in wpa_supplicant_process_1_of_2_wpa() argument
3003 if (!sm->msg_3_of_4_ok) { in wpa_supplicant_process_1_of_2_wpa()
3004 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, in wpa_supplicant_process_1_of_2_wpa()
3011 rekey = wpa_sm_get_state(sm) == WPA_COMPLETED; in wpa_supplicant_process_1_of_2_wpa()
3012 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, in wpa_supplicant_process_1_of_2_wpa()
3022 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, in wpa_supplicant_process_1_of_2_wpa()
3031 wpa_supplicant_check_group_cipher(sm, sm->group_cipher, in wpa_supplicant_process_1_of_2_wpa()
3036 wpa_sm_set_state(sm, WPA_GROUP_HANDSHAKE); in wpa_supplicant_process_1_of_2_wpa()
3041 if (ver == WPA_KEY_INFO_TYPE_HMAC_MD5_RC4 && sm->ptk.kek_len == 16) { in wpa_supplicant_process_1_of_2_wpa()
3043 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, in wpa_supplicant_process_1_of_2_wpa()
3049 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, in wpa_supplicant_process_1_of_2_wpa()
3055 os_memcpy(ek + 16, sm->ptk.kek, sm->ptk.kek_len); in wpa_supplicant_process_1_of_2_wpa()
3059 wpa_msg(sm->ctx->msg_ctx, MSG_ERROR, in wpa_supplicant_process_1_of_2_wpa()
3067 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, in wpa_supplicant_process_1_of_2_wpa()
3073 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, in wpa_supplicant_process_1_of_2_wpa()
3080 if (aes_unwrap(sm->ptk.kek, sm->ptk.kek_len, maxkeylen / 8, in wpa_supplicant_process_1_of_2_wpa()
3082 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, in wpa_supplicant_process_1_of_2_wpa()
3088 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, in wpa_supplicant_process_1_of_2_wpa()
3093 sm, !!(key_info & WPA_KEY_INFO_TXRX)); in wpa_supplicant_process_1_of_2_wpa()
3096 if (wpa_supplicant_rsc_relaxation(sm, key->key_rsc)) in wpa_supplicant_process_1_of_2_wpa()
3099 if (wpa_supplicant_install_gtk(sm, &gd, key_rsc, 0) || in wpa_supplicant_process_1_of_2_wpa()
3100 wpa_supplicant_send_2_of_2(sm, key, ver, key_info) < 0) in wpa_supplicant_process_1_of_2_wpa()
3105 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, in wpa_supplicant_process_1_of_2_wpa()
3108 MAC2STR(sm->bssid), wpa_cipher_txt(sm->group_cipher)); in wpa_supplicant_process_1_of_2_wpa()
3109 wpa_sm_cancel_auth_timeout(sm); in wpa_supplicant_process_1_of_2_wpa()
3110 wpa_sm_set_state(sm, WPA_COMPLETED); in wpa_supplicant_process_1_of_2_wpa()
3112 wpa_supplicant_key_neg_complete(sm, sm->bssid, in wpa_supplicant_process_1_of_2_wpa()
3116 wpa_sm_set_rekey_offload(sm); in wpa_supplicant_process_1_of_2_wpa()
3122 wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED); in wpa_supplicant_process_1_of_2_wpa()
3126 static void wpa_supplicant_process_1_of_2(struct wpa_sm *sm, in wpa_supplicant_process_1_of_2() argument
3139 if (!sm->msg_3_of_4_ok && !wpa_fils_is_completed(sm)) { in wpa_supplicant_process_1_of_2()
3140 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, in wpa_supplicant_process_1_of_2()
3147 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, in wpa_supplicant_process_1_of_2()
3158 wpa_sm_set_state(sm, WPA_GROUP_HANDSHAKE); in wpa_supplicant_process_1_of_2()
3161 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, in wpa_supplicant_process_1_of_2()
3166 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, in wpa_supplicant_process_1_of_2()
3172 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, in wpa_supplicant_process_1_of_2()
3179 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, in wpa_supplicant_process_1_of_2()
3186 if (wpa_sm_ocv_enabled(sm)) { in wpa_supplicant_process_1_of_2()
3189 if (wpa_sm_channel_info(sm, &ci) != 0) { in wpa_supplicant_process_1_of_2()
3190 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, in wpa_supplicant_process_1_of_2()
3198 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, OCV_FAILURE in wpa_supplicant_process_1_of_2()
3200 MAC2STR(sm->bssid), ocv_errorstr); in wpa_supplicant_process_1_of_2()
3206 if (wpa_supplicant_check_group_cipher(sm, sm->group_cipher, in wpa_supplicant_process_1_of_2()
3214 gd.tx = wpa_supplicant_gtk_tx_bit_workaround(sm, in wpa_supplicant_process_1_of_2()
3218 if (ieee80211w_set_keys(sm, &ie) < 0) in wpa_supplicant_process_1_of_2()
3219 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, in wpa_supplicant_process_1_of_2()
3223 if (wpa_supplicant_rsc_relaxation(sm, key->key_rsc)) in wpa_supplicant_process_1_of_2()
3226 if (wpa_supplicant_install_gtk(sm, &gd, key_rsc, 0) || in wpa_supplicant_process_1_of_2()
3227 wpa_supplicant_send_2_of_2(sm, key, ver, key_info) < 0) in wpa_supplicant_process_1_of_2()
3231 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, in wpa_supplicant_process_1_of_2()
3233 MAC2STR(sm->bssid), wpa_cipher_txt(sm->group_cipher)); in wpa_supplicant_process_1_of_2()
3234 wpa_sm_cancel_auth_timeout(sm); in wpa_supplicant_process_1_of_2()
3235 wpa_sm_set_state(sm, WPA_COMPLETED); in wpa_supplicant_process_1_of_2()
3237 wpa_sm_set_rekey_offload(sm); in wpa_supplicant_process_1_of_2()
3243 wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED); in wpa_supplicant_process_1_of_2()
3247 static int wpa_supplicant_verify_eapol_key_mic(struct wpa_sm *sm, in wpa_supplicant_verify_eapol_key_mic() argument
3254 size_t mic_len = wpa_mic_len(sm->key_mgmt, sm->pmk_len); in wpa_supplicant_verify_eapol_key_mic()
3257 if (sm->tptk_set) { in wpa_supplicant_verify_eapol_key_mic()
3259 if (wpa_eapol_key_mic(sm->tptk.kck, sm->tptk.kck_len, in wpa_supplicant_verify_eapol_key_mic()
3260 sm->key_mgmt, in wpa_supplicant_verify_eapol_key_mic()
3263 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, in wpa_supplicant_verify_eapol_key_mic()
3276 sm->tptk_set = 0; in wpa_supplicant_verify_eapol_key_mic()
3277 sm->ptk_set = 1; in wpa_supplicant_verify_eapol_key_mic()
3278 os_memcpy(&sm->ptk, &sm->tptk, sizeof(sm->ptk)); in wpa_supplicant_verify_eapol_key_mic()
3279 os_memset(&sm->tptk, 0, sizeof(sm->tptk)); in wpa_supplicant_verify_eapol_key_mic()
3281 * This assures the same TPTK in sm->tptk can never be in wpa_supplicant_verify_eapol_key_mic()
3282 * copied twice to sm->ptk as the new PTK. In in wpa_supplicant_verify_eapol_key_mic()
3287 sm->renew_snonce = 1; in wpa_supplicant_verify_eapol_key_mic()
3291 if (!ok && sm->ptk_set) { in wpa_supplicant_verify_eapol_key_mic()
3293 if (wpa_eapol_key_mic(sm->ptk.kck, sm->ptk.kck_len, in wpa_supplicant_verify_eapol_key_mic()
3294 sm->key_mgmt, in wpa_supplicant_verify_eapol_key_mic()
3297 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, in wpa_supplicant_verify_eapol_key_mic()
3314 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, in wpa_supplicant_verify_eapol_key_mic()
3320 os_memcpy(sm->rx_replay_counter, key->replay_counter, in wpa_supplicant_verify_eapol_key_mic()
3322 sm->rx_replay_counter_set = 1; in wpa_supplicant_verify_eapol_key_mic()
3328 static int wpa_supplicant_decrypt_key_data(struct wpa_sm *sm, in wpa_supplicant_decrypt_key_data() argument
3335 if (!sm->ptk_set) { in wpa_supplicant_decrypt_key_data()
3336 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, in wpa_supplicant_decrypt_key_data()
3344 if (ver == WPA_KEY_INFO_TYPE_HMAC_MD5_RC4 && sm->ptk.kek_len == 16) { in wpa_supplicant_decrypt_key_data()
3346 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, in wpa_supplicant_decrypt_key_data()
3354 os_memcpy(ek + 16, sm->ptk.kek, sm->ptk.kek_len); in wpa_supplicant_decrypt_key_data()
3357 wpa_msg(sm->ctx->msg_ctx, MSG_ERROR, in wpa_supplicant_decrypt_key_data()
3365 wpa_use_aes_key_wrap(sm->key_mgmt)) { in wpa_supplicant_decrypt_key_data()
3370 (unsigned int) sm->ptk.kek_len); in wpa_supplicant_decrypt_key_data()
3372 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, in wpa_supplicant_decrypt_key_data()
3380 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, in wpa_supplicant_decrypt_key_data()
3387 if (aes_unwrap(sm->ptk.kek, sm->ptk.kek_len, *key_data_len / 8, in wpa_supplicant_decrypt_key_data()
3395 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, in wpa_supplicant_decrypt_key_data()
3407 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, in wpa_supplicant_decrypt_key_data()
3419 * @sm: Pointer to WPA state machine data from wpa_sm_init()
3421 void wpa_sm_aborted_cached(struct wpa_sm *sm) in wpa_sm_aborted_cached() argument
3423 if (sm && sm->cur_pmksa) { in wpa_sm_aborted_cached()
3424 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, in wpa_sm_aborted_cached()
3426 sm->cur_pmksa = NULL; in wpa_sm_aborted_cached()
3431 void wpa_sm_aborted_external_cached(struct wpa_sm *sm) in wpa_sm_aborted_external_cached() argument
3433 if (sm && sm->cur_pmksa && sm->cur_pmksa->external) { in wpa_sm_aborted_external_cached()
3434 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, in wpa_sm_aborted_external_cached()
3436 sm->cur_pmksa = NULL; in wpa_sm_aborted_external_cached()
3441 static void wpa_eapol_key_dump(struct wpa_sm *sm, in wpa_eapol_key_dump() argument
3449 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, " EAPOL-Key type=%d", key->type); in wpa_eapol_key_dump()
3450 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, in wpa_eapol_key_dump()
3464 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, in wpa_eapol_key_dump()
3479 static int wpa_supp_aead_decrypt(struct wpa_sm *sm, u8 *buf, size_t buf_len, in wpa_supp_aead_decrypt() argument
3494 if (sm->tptk_set) in wpa_supp_aead_decrypt()
3495 ptk = &sm->tptk; in wpa_supp_aead_decrypt()
3496 else if (sm->ptk_set) in wpa_supp_aead_decrypt()
3497 ptk = &sm->ptk; in wpa_supp_aead_decrypt()
3532 if (sm->tptk_set) { in wpa_supp_aead_decrypt()
3533 sm->tptk_set = 0; in wpa_supp_aead_decrypt()
3534 sm->ptk_set = 1; in wpa_supp_aead_decrypt()
3535 os_memcpy(&sm->ptk, &sm->tptk, sizeof(sm->ptk)); in wpa_supp_aead_decrypt()
3536 os_memset(&sm->tptk, 0, sizeof(sm->tptk)); in wpa_supp_aead_decrypt()
3539 os_memcpy(sm->rx_replay_counter, key->replay_counter, in wpa_supp_aead_decrypt()
3541 sm->rx_replay_counter_set = 1; in wpa_supp_aead_decrypt()
3548 static int wpa_sm_rx_eapol_wpa(struct wpa_sm *sm, const u8 *src_addr, in wpa_sm_rx_eapol_wpa() argument
3559 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, in wpa_sm_rx_eapol_wpa()
3567 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, in wpa_sm_rx_eapol_wpa()
3573 if (sm->pairwise_cipher == WPA_CIPHER_CCMP && in wpa_sm_rx_eapol_wpa()
3575 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, in wpa_sm_rx_eapol_wpa()
3578 if (sm->group_cipher != WPA_CIPHER_CCMP && in wpa_sm_rx_eapol_wpa()
3584 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, in wpa_sm_rx_eapol_wpa()
3591 wpa_supplicant_verify_eapol_key_mic(sm, key, ver, tmp, data_len)) in wpa_sm_rx_eapol_wpa()
3596 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, in wpa_sm_rx_eapol_wpa()
3603 wpa_supplicant_process_3_of_4_wpa(sm, key, ver, in wpa_sm_rx_eapol_wpa()
3608 wpa_supplicant_process_1_of_4_wpa(sm, src_addr, key, in wpa_sm_rx_eapol_wpa()
3616 wpa_supplicant_process_1_of_2_wpa(sm, src_addr, key, in wpa_sm_rx_eapol_wpa()
3621 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, in wpa_sm_rx_eapol_wpa()
3632 * @sm: Pointer to WPA state machine data from wpa_sm_init()
3647 int wpa_sm_rx_eapol(struct wpa_sm *sm, const u8 *src_addr, in wpa_sm_rx_eapol() argument
3660 sm->ft_completed = 0; in wpa_sm_rx_eapol()
3663 pmk_len = sm->pmk_len; in wpa_sm_rx_eapol()
3664 if (!pmk_len && sm->cur_pmksa) in wpa_sm_rx_eapol()
3665 pmk_len = sm->cur_pmksa->pmk_len; in wpa_sm_rx_eapol()
3666 mic_len = wpa_mic_len(sm->key_mgmt, pmk_len); in wpa_sm_rx_eapol()
3670 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, in wpa_sm_rx_eapol()
3681 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, in wpa_sm_rx_eapol()
3689 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, in wpa_sm_rx_eapol()
3697 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, in wpa_sm_rx_eapol()
3705 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, in wpa_sm_rx_eapol()
3723 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, in wpa_sm_rx_eapol()
3731 wpa_eapol_key_dump(sm, key, key_data_len, mic, mic_len); in wpa_sm_rx_eapol()
3734 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, "WPA: Invalid EAPOL-Key " in wpa_sm_rx_eapol()
3741 if (sm->rx_replay_counter_set && in wpa_sm_rx_eapol()
3742 os_memcmp(key->replay_counter, sm->rx_replay_counter, in wpa_sm_rx_eapol()
3744 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, in wpa_sm_rx_eapol()
3749 eapol_sm_notify_lower_layer_success(sm->eapol, 0); in wpa_sm_rx_eapol()
3754 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, in wpa_sm_rx_eapol()
3760 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, in wpa_sm_rx_eapol()
3766 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, in wpa_sm_rx_eapol()
3771 if (sm->proto == WPA_PROTO_WPA) { in wpa_sm_rx_eapol()
3772 ret = wpa_sm_rx_eapol_wpa(sm, src_addr, key, encrypted, in wpa_sm_rx_eapol()
3779 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, in wpa_sm_rx_eapol()
3788 !wpa_use_akm_defined(sm->key_mgmt)) { in wpa_sm_rx_eapol()
3789 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, in wpa_sm_rx_eapol()
3796 sm->pairwise_cipher != WPA_CIPHER_TKIP) { in wpa_sm_rx_eapol()
3797 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, in wpa_sm_rx_eapol()
3804 (sm->key_mgmt != WPA_KEY_MGMT_IEEE8021X && in wpa_sm_rx_eapol()
3805 sm->key_mgmt != WPA_KEY_MGMT_PSK)) { in wpa_sm_rx_eapol()
3806 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, in wpa_sm_rx_eapol()
3808 ver, sm->key_mgmt); in wpa_sm_rx_eapol()
3812 if (wpa_use_akm_defined(sm->key_mgmt) && in wpa_sm_rx_eapol()
3814 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, in wpa_sm_rx_eapol()
3821 if (wpa_key_mgmt_ft(sm->key_mgmt)) { in wpa_sm_rx_eapol()
3824 !wpa_use_akm_defined(sm->key_mgmt)) { in wpa_sm_rx_eapol()
3825 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, in wpa_sm_rx_eapol()
3831 if (wpa_key_mgmt_sha256(sm->key_mgmt)) { in wpa_sm_rx_eapol()
3833 !wpa_use_akm_defined(sm->key_mgmt)) { in wpa_sm_rx_eapol()
3834 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, in wpa_sm_rx_eapol()
3838 } else if (sm->pairwise_cipher == WPA_CIPHER_CCMP && in wpa_sm_rx_eapol()
3839 !wpa_use_akm_defined(sm->key_mgmt) && in wpa_sm_rx_eapol()
3841 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, in wpa_sm_rx_eapol()
3844 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, in wpa_sm_rx_eapol()
3847 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, in wpa_sm_rx_eapol()
3851 } else if (sm->pairwise_cipher == WPA_CIPHER_GCMP && in wpa_sm_rx_eapol()
3852 !wpa_use_akm_defined(sm->key_mgmt) && in wpa_sm_rx_eapol()
3854 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, in wpa_sm_rx_eapol()
3861 wpa_supplicant_verify_eapol_key_mic(sm, key, ver, tmp, data_len)) in wpa_sm_rx_eapol()
3866 if (wpa_supp_aead_decrypt(sm, tmp, data_len, &key_data_len)) in wpa_sm_rx_eapol()
3871 if ((sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) && in wpa_sm_rx_eapol()
3880 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, in wpa_sm_rx_eapol()
3884 if (wpa_supplicant_decrypt_key_data(sm, key, mic_len, in wpa_sm_rx_eapol()
3892 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, in wpa_sm_rx_eapol()
3899 wpa_supplicant_process_3_of_4(sm, key, ver, key_data, in wpa_sm_rx_eapol()
3903 wpa_supplicant_process_1_of_4(sm, src_addr, key, in wpa_sm_rx_eapol()
3912 if (sm->mlo.valid_links) in wpa_sm_rx_eapol()
3913 wpa_supplicant_process_mlo_1_of_2(sm, src_addr, in wpa_sm_rx_eapol()
3918 wpa_supplicant_process_1_of_2(sm, src_addr, key, in wpa_sm_rx_eapol()
3923 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, in wpa_sm_rx_eapol()
3937 static u32 wpa_key_mgmt_suite(struct wpa_sm *sm) in wpa_key_mgmt_suite() argument
3939 switch (sm->key_mgmt) { in wpa_key_mgmt_suite()
3941 return ((sm->proto == WPA_PROTO_RSN || in wpa_key_mgmt_suite()
3942 sm->proto == WPA_PROTO_OSEN) ? in wpa_key_mgmt_suite()
3946 return (sm->proto == WPA_PROTO_RSN ? in wpa_key_mgmt_suite()
3960 return (sm->proto == WPA_PROTO_RSN ? in wpa_key_mgmt_suite()
3983 * @sm: Pointer to WPA state machine data from wpa_sm_init()
3990 int wpa_sm_get_mib(struct wpa_sm *sm, char *buf, size_t buflen) in wpa_sm_get_mib() argument
3997 if (sm->cur_pmksa) { in wpa_sm_get_mib()
3999 sm->cur_pmksa->pmkid, PMKID_LEN); in wpa_sm_get_mib()
4003 rsna = (wpa_key_mgmt_wpa_psk(sm->key_mgmt) || in wpa_sm_get_mib()
4004 wpa_key_mgmt_wpa_ieee8021x(sm->key_mgmt)) && in wpa_sm_get_mib()
4005 sm->proto == WPA_PROTO_RSN; in wpa_sm_get_mib()
4022 wpa_cipher_key_len(sm->group_cipher) * 8, in wpa_sm_get_mib()
4023 sm->dot11RSNAConfigPMKLifetime, in wpa_sm_get_mib()
4024 sm->dot11RSNAConfigPMKReauthThreshold, in wpa_sm_get_mib()
4025 sm->dot11RSNAConfigSATimeout); in wpa_sm_get_mib()
4041 RSN_SUITE_ARG(wpa_key_mgmt_suite(sm)), in wpa_sm_get_mib()
4042 RSN_SUITE_ARG(wpa_cipher_to_suite(sm->proto, in wpa_sm_get_mib()
4043 sm->pairwise_cipher)), in wpa_sm_get_mib()
4044 RSN_SUITE_ARG(wpa_cipher_to_suite(sm->proto, in wpa_sm_get_mib()
4045 sm->group_cipher)), in wpa_sm_get_mib()
4047 RSN_SUITE_ARG(wpa_key_mgmt_suite(sm)), in wpa_sm_get_mib()
4048 RSN_SUITE_ARG(wpa_cipher_to_suite(sm->proto, in wpa_sm_get_mib()
4049 sm->pairwise_cipher)), in wpa_sm_get_mib()
4050 RSN_SUITE_ARG(wpa_cipher_to_suite(sm->proto, in wpa_sm_get_mib()
4051 sm->group_cipher)), in wpa_sm_get_mib()
4052 sm->dot11RSNA4WayHandshakeFailures); in wpa_sm_get_mib()
4064 struct wpa_sm *sm = ctx; in wpa_sm_pmksa_free_cb() local
4067 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "RSN: PMKSA cache entry free_cb: " in wpa_sm_pmksa_free_cb()
4070 if (sm->cur_pmksa == entry) { in wpa_sm_pmksa_free_cb()
4071 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, in wpa_sm_pmksa_free_cb()
4074 pmksa_cache_clear_current(sm); in wpa_sm_pmksa_free_cb()
4087 (sm->pmk_len == entry->pmk_len && in wpa_sm_pmksa_free_cb()
4088 os_memcmp(sm->pmk, entry->pmk, sm->pmk_len) == 0)) { in wpa_sm_pmksa_free_cb()
4089 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, in wpa_sm_pmksa_free_cb()
4091 pmksa_cache_clear_current(sm); in wpa_sm_pmksa_free_cb()
4096 sm->pmk_len = 0; in wpa_sm_pmksa_free_cb()
4097 os_memset(sm->pmk, 0, sizeof(sm->pmk)); in wpa_sm_pmksa_free_cb()
4098 wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED); in wpa_sm_pmksa_free_cb()
4106 struct wpa_sm *sm = ctx; in wpa_sm_pmksa_is_current_cb() local
4108 return sm->cur_pmksa == entry; in wpa_sm_pmksa_is_current_cb()
4115 struct wpa_sm *sm = ctx; in wpa_sm_pmksa_notify_cb() local
4117 wpa_sm_notify_pmksa_cache_entry(sm, entry); in wpa_sm_pmksa_notify_cb()
4131 struct wpa_sm *sm; in wpa_sm_init() local
4133 sm = os_zalloc(sizeof(*sm)); in wpa_sm_init()
4134 if (sm == NULL) in wpa_sm_init()
4136 dl_list_init(&sm->pmksa_candidates); in wpa_sm_init()
4137 sm->renew_snonce = 1; in wpa_sm_init()
4138 sm->ctx = ctx; in wpa_sm_init()
4140 sm->dot11RSNAConfigPMKLifetime = 43200; in wpa_sm_init()
4141 sm->dot11RSNAConfigPMKReauthThreshold = 70; in wpa_sm_init()
4142 sm->dot11RSNAConfigSATimeout = 60; in wpa_sm_init()
4144 sm->pmksa = pmksa_cache_init(wpa_sm_pmksa_free_cb, in wpa_sm_init()
4146 wpa_sm_pmksa_notify_cb, sm, sm); in wpa_sm_init()
4147 if (sm->pmksa == NULL) { in wpa_sm_init()
4148 wpa_msg(sm->ctx->msg_ctx, MSG_ERROR, in wpa_sm_init()
4150 os_free(sm); in wpa_sm_init()
4154 return sm; in wpa_sm_init()
4160 * @sm: Pointer to WPA state machine data from wpa_sm_init()
4162 void wpa_sm_deinit(struct wpa_sm *sm) in wpa_sm_deinit() argument
4166 if (sm == NULL) in wpa_sm_deinit()
4168 pmksa_cache_deinit(sm->pmksa); in wpa_sm_deinit()
4169 eloop_cancel_timeout(wpa_sm_start_preauth, sm, NULL); in wpa_sm_deinit()
4170 eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL); in wpa_sm_deinit()
4171 os_free(sm->assoc_wpa_ie); in wpa_sm_deinit()
4172 os_free(sm->assoc_rsnxe); in wpa_sm_deinit()
4173 os_free(sm->ap_wpa_ie); in wpa_sm_deinit()
4174 os_free(sm->ap_rsn_ie); in wpa_sm_deinit()
4175 os_free(sm->ap_rsnxe); in wpa_sm_deinit()
4177 os_free(sm->mlo.links[i].ap_rsne); in wpa_sm_deinit()
4178 os_free(sm->mlo.links[i].ap_rsnxe); in wpa_sm_deinit()
4180 wpa_sm_drop_sa(sm); in wpa_sm_deinit()
4181 os_free(sm->ctx); in wpa_sm_deinit()
4183 os_free(sm->assoc_resp_ies); in wpa_sm_deinit()
4186 wpabuf_free(sm->test_assoc_ie); in wpa_sm_deinit()
4187 wpabuf_free(sm->test_eapol_m2_elems); in wpa_sm_deinit()
4188 wpabuf_free(sm->test_eapol_m4_elems); in wpa_sm_deinit()
4191 crypto_ecdh_deinit(sm->fils_ecdh); in wpa_sm_deinit()
4194 wpabuf_free(sm->fils_ft_ies); in wpa_sm_deinit()
4197 crypto_ecdh_deinit(sm->owe_ecdh); in wpa_sm_deinit()
4200 wpabuf_clear_free(sm->dpp_z); in wpa_sm_deinit()
4202 os_free(sm); in wpa_sm_deinit()
4206 static void wpa_sm_clear_ptk(struct wpa_sm *sm) in wpa_sm_clear_ptk() argument
4210 sm->ptk_set = 0; in wpa_sm_clear_ptk()
4211 os_memset(&sm->ptk, 0, sizeof(sm->ptk)); in wpa_sm_clear_ptk()
4212 sm->tptk_set = 0; in wpa_sm_clear_ptk()
4213 os_memset(&sm->tptk, 0, sizeof(sm->tptk)); in wpa_sm_clear_ptk()
4214 os_memset(&sm->gtk, 0, sizeof(sm->gtk)); in wpa_sm_clear_ptk()
4215 os_memset(&sm->gtk_wnm_sleep, 0, sizeof(sm->gtk_wnm_sleep)); in wpa_sm_clear_ptk()
4216 os_memset(&sm->igtk, 0, sizeof(sm->igtk)); in wpa_sm_clear_ptk()
4217 os_memset(&sm->igtk_wnm_sleep, 0, sizeof(sm->igtk_wnm_sleep)); in wpa_sm_clear_ptk()
4218 os_memset(&sm->bigtk, 0, sizeof(sm->bigtk)); in wpa_sm_clear_ptk()
4219 os_memset(&sm->bigtk_wnm_sleep, 0, sizeof(sm->bigtk_wnm_sleep)); in wpa_sm_clear_ptk()
4220 sm->tk_set = false; in wpa_sm_clear_ptk()
4222 os_memset(&sm->mlo.links[i].gtk, 0, in wpa_sm_clear_ptk()
4223 sizeof(sm->mlo.links[i].gtk)); in wpa_sm_clear_ptk()
4224 os_memset(&sm->mlo.links[i].gtk_wnm_sleep, 0, in wpa_sm_clear_ptk()
4225 sizeof(sm->mlo.links[i].gtk_wnm_sleep)); in wpa_sm_clear_ptk()
4226 os_memset(&sm->mlo.links[i].igtk, 0, in wpa_sm_clear_ptk()
4227 sizeof(sm->mlo.links[i].igtk)); in wpa_sm_clear_ptk()
4228 os_memset(&sm->mlo.links[i].igtk_wnm_sleep, 0, in wpa_sm_clear_ptk()
4229 sizeof(sm->mlo.links[i].igtk_wnm_sleep)); in wpa_sm_clear_ptk()
4230 os_memset(&sm->mlo.links[i].bigtk, 0, in wpa_sm_clear_ptk()
4231 sizeof(sm->mlo.links[i].bigtk)); in wpa_sm_clear_ptk()
4232 os_memset(&sm->mlo.links[i].bigtk_wnm_sleep, 0, in wpa_sm_clear_ptk()
4233 sizeof(sm->mlo.links[i].bigtk_wnm_sleep)); in wpa_sm_clear_ptk()
4240 * @sm: Pointer to WPA state machine data from wpa_sm_init()
4246 void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid) in wpa_sm_notify_assoc() argument
4250 if (sm == NULL) in wpa_sm_notify_assoc()
4253 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, in wpa_sm_notify_assoc()
4255 os_memcpy(sm->bssid, bssid, ETH_ALEN); in wpa_sm_notify_assoc()
4256 os_memset(sm->rx_replay_counter, 0, WPA_REPLAY_COUNTER_LEN); in wpa_sm_notify_assoc()
4257 sm->rx_replay_counter_set = 0; in wpa_sm_notify_assoc()
4258 sm->renew_snonce = 1; in wpa_sm_notify_assoc()
4259 if (ether_addr_equal(sm->preauth_bssid, bssid)) in wpa_sm_notify_assoc()
4260 rsn_preauth_deinit(sm); in wpa_sm_notify_assoc()
4263 if (wpa_ft_is_completed(sm)) { in wpa_sm_notify_assoc()
4268 eapol_sm_notify_portValid(sm->eapol, false); in wpa_sm_notify_assoc()
4269 wpa_supplicant_key_neg_complete(sm, sm->bssid, 1); in wpa_sm_notify_assoc()
4272 wpa_ft_prepare_auth_request(sm, NULL); in wpa_sm_notify_assoc()
4275 sm->ft_protocol = 1; in wpa_sm_notify_assoc()
4277 sm->ft_protocol = 0; in wpa_sm_notify_assoc()
4281 if (sm->fils_completed) { in wpa_sm_notify_assoc()
4286 wpa_supplicant_key_neg_complete(sm, sm->bssid, 1); in wpa_sm_notify_assoc()
4296 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Clear old PTK"); in wpa_sm_notify_assoc()
4297 wpa_sm_clear_ptk(sm); in wpa_sm_notify_assoc()
4301 wpa_tdls_assoc(sm); in wpa_sm_notify_assoc()
4305 os_memset(sm->p2p_ip_addr, 0, sizeof(sm->p2p_ip_addr)); in wpa_sm_notify_assoc()
4308 sm->keyidx_active = 0; in wpa_sm_notify_assoc()
4314 * @sm: Pointer to WPA state machine data from wpa_sm_init()
4319 void wpa_sm_notify_disassoc(struct wpa_sm *sm) in wpa_sm_notify_disassoc() argument
4321 eloop_cancel_timeout(wpa_sm_start_preauth, sm, NULL); in wpa_sm_notify_disassoc()
4322 eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL); in wpa_sm_notify_disassoc()
4323 rsn_preauth_deinit(sm); in wpa_sm_notify_disassoc()
4324 pmksa_cache_clear_current(sm); in wpa_sm_notify_disassoc()
4325 if (wpa_sm_get_state(sm) == WPA_4WAY_HANDSHAKE) in wpa_sm_notify_disassoc()
4326 sm->dot11RSNA4WayHandshakeFailures++; in wpa_sm_notify_disassoc()
4328 wpa_tdls_disassoc(sm); in wpa_sm_notify_disassoc()
4331 sm->fils_completed = 0; in wpa_sm_notify_disassoc()
4334 sm->ft_reassoc_completed = 0; in wpa_sm_notify_disassoc()
4335 sm->ft_protocol = 0; in wpa_sm_notify_disassoc()
4339 wpa_sm_drop_sa(sm); in wpa_sm_notify_disassoc()
4340 sm->keyidx_active = 0; in wpa_sm_notify_disassoc()
4342 sm->msg_3_of_4_ok = 0; in wpa_sm_notify_disassoc()
4343 os_memset(sm->bssid, 0, ETH_ALEN); in wpa_sm_notify_disassoc()
4349 * @sm: Pointer to WPA state machine data from wpa_sm_init()
4357 void wpa_sm_set_pmk(struct wpa_sm *sm, const u8 *pmk, size_t pmk_len, in wpa_sm_set_pmk() argument
4360 if (sm == NULL) in wpa_sm_set_pmk()
4365 sm->pmk_len = pmk_len; in wpa_sm_set_pmk()
4366 os_memcpy(sm->pmk, pmk, pmk_len); in wpa_sm_set_pmk()
4370 sm->xxkey_len = pmk_len; in wpa_sm_set_pmk()
4371 os_memcpy(sm->xxkey, pmk, pmk_len); in wpa_sm_set_pmk()
4375 sm->cur_pmksa = pmksa_cache_add(sm->pmksa, pmk, pmk_len, in wpa_sm_set_pmk()
4377 sm->own_addr, in wpa_sm_set_pmk()
4378 sm->network_ctx, sm->key_mgmt, in wpa_sm_set_pmk()
4386 * @sm: Pointer to WPA state machine data from wpa_sm_init()
4391 void wpa_sm_set_pmk_from_pmksa(struct wpa_sm *sm) in wpa_sm_set_pmk_from_pmksa() argument
4393 if (sm == NULL) in wpa_sm_set_pmk_from_pmksa()
4396 if (sm->cur_pmksa) { in wpa_sm_set_pmk_from_pmksa()
4399 sm->cur_pmksa->pmk, sm->cur_pmksa->pmk_len); in wpa_sm_set_pmk_from_pmksa()
4400 sm->pmk_len = sm->cur_pmksa->pmk_len; in wpa_sm_set_pmk_from_pmksa()
4401 os_memcpy(sm->pmk, sm->cur_pmksa->pmk, sm->pmk_len); in wpa_sm_set_pmk_from_pmksa()
4404 sm->pmk_len = 0; in wpa_sm_set_pmk_from_pmksa()
4405 os_memset(sm->pmk, 0, PMK_LEN_MAX); in wpa_sm_set_pmk_from_pmksa()
4412 * @sm: Pointer to WPA state machine data from wpa_sm_init()
4415 void wpa_sm_set_fast_reauth(struct wpa_sm *sm, int fast_reauth) in wpa_sm_set_fast_reauth() argument
4417 if (sm) in wpa_sm_set_fast_reauth()
4418 sm->fast_reauth = fast_reauth; in wpa_sm_set_fast_reauth()
4424 * @sm: Pointer to WPA state machine data from wpa_sm_init()
4427 void wpa_sm_set_scard_ctx(struct wpa_sm *sm, void *scard_ctx) in wpa_sm_set_scard_ctx() argument
4429 if (sm == NULL) in wpa_sm_set_scard_ctx()
4431 sm->scard_ctx = scard_ctx; in wpa_sm_set_scard_ctx()
4432 if (sm->preauth_eapol) in wpa_sm_set_scard_ctx()
4433 eapol_sm_register_scard_ctx(sm->preauth_eapol, scard_ctx); in wpa_sm_set_scard_ctx()
4439 * @sm: Pointer to WPA state machine data from wpa_sm_init()
4446 void wpa_sm_set_config(struct wpa_sm *sm, struct rsn_supp_config *config) in wpa_sm_set_config() argument
4448 if (!sm) in wpa_sm_set_config()
4452 sm->network_ctx = config->network_ctx; in wpa_sm_set_config()
4453 sm->allowed_pairwise_cipher = config->allowed_pairwise_cipher; in wpa_sm_set_config()
4454 sm->proactive_key_caching = config->proactive_key_caching; in wpa_sm_set_config()
4455 sm->eap_workaround = config->eap_workaround; in wpa_sm_set_config()
4456 sm->eap_conf_ctx = config->eap_conf_ctx; in wpa_sm_set_config()
4458 os_memcpy(sm->ssid, config->ssid, config->ssid_len); in wpa_sm_set_config()
4459 sm->ssid_len = config->ssid_len; in wpa_sm_set_config()
4461 sm->ssid_len = 0; in wpa_sm_set_config()
4462 sm->wpa_ptk_rekey = config->wpa_ptk_rekey; in wpa_sm_set_config()
4463 sm->p2p = config->p2p; in wpa_sm_set_config()
4464 sm->wpa_rsc_relaxation = config->wpa_rsc_relaxation; in wpa_sm_set_config()
4465 sm->owe_ptk_workaround = config->owe_ptk_workaround; in wpa_sm_set_config()
4466 sm->force_kdk_derivation = config->force_kdk_derivation; in wpa_sm_set_config()
4469 sm->fils_cache_id_set = 1; in wpa_sm_set_config()
4470 os_memcpy(sm->fils_cache_id, config->fils_cache_id, in wpa_sm_set_config()
4473 sm->fils_cache_id_set = 0; in wpa_sm_set_config()
4476 sm->beacon_prot = config->beacon_prot; in wpa_sm_set_config()
4478 sm->network_ctx = NULL; in wpa_sm_set_config()
4479 sm->allowed_pairwise_cipher = 0; in wpa_sm_set_config()
4480 sm->proactive_key_caching = 0; in wpa_sm_set_config()
4481 sm->eap_workaround = 0; in wpa_sm_set_config()
4482 sm->eap_conf_ctx = NULL; in wpa_sm_set_config()
4483 sm->ssid_len = 0; in wpa_sm_set_config()
4484 sm->wpa_ptk_rekey = 0; in wpa_sm_set_config()
4485 sm->p2p = 0; in wpa_sm_set_config()
4486 sm->wpa_rsc_relaxation = 0; in wpa_sm_set_config()
4487 sm->owe_ptk_workaround = 0; in wpa_sm_set_config()
4488 sm->beacon_prot = 0; in wpa_sm_set_config()
4489 sm->force_kdk_derivation = false; in wpa_sm_set_config()
4494 void wpa_sm_set_ssid(struct wpa_sm *sm, const u8 *ssid, size_t ssid_len) in wpa_sm_set_ssid() argument
4496 if (!sm) in wpa_sm_set_ssid()
4500 os_memcpy(sm->ssid, ssid, ssid_len); in wpa_sm_set_ssid()
4501 sm->ssid_len = ssid_len; in wpa_sm_set_ssid()
4503 sm->ssid_len = 0; in wpa_sm_set_ssid()
4508 int wpa_sm_set_mlo_params(struct wpa_sm *sm, const struct wpa_sm_mlo *mlo) in wpa_sm_set_mlo_params() argument
4512 if (!sm) in wpa_sm_set_mlo_params()
4515 os_memcpy(sm->mlo.ap_mld_addr, mlo->ap_mld_addr, ETH_ALEN); in wpa_sm_set_mlo_params()
4516 sm->mlo.assoc_link_id = mlo->assoc_link_id; in wpa_sm_set_mlo_params()
4517 sm->mlo.valid_links = mlo->valid_links; in wpa_sm_set_mlo_params()
4518 sm->mlo.req_links = mlo->req_links; in wpa_sm_set_mlo_params()
4524 if (sm->mlo.req_links & BIT(i)) { in wpa_sm_set_mlo_params()
4527 wpa_dbg(sm->ctx->msg_ctx, MSG_INFO, in wpa_sm_set_mlo_params()
4534 os_memcpy(sm->mlo.links[i].addr, mlo->links[i].addr, in wpa_sm_set_mlo_params()
4536 os_memcpy(sm->mlo.links[i].bssid, mlo->links[i].bssid, in wpa_sm_set_mlo_params()
4542 os_free(sm->mlo.links[i].ap_rsne); in wpa_sm_set_mlo_params()
4544 if (sm->mlo.links[i].ap_rsne) in wpa_sm_set_mlo_params()
4545 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, in wpa_sm_set_mlo_params()
4548 sm->mlo.links[i].ap_rsne = NULL; in wpa_sm_set_mlo_params()
4549 sm->mlo.links[i].ap_rsne_len = 0; in wpa_sm_set_mlo_params()
4553 sm->mlo.links[i].ap_rsne = os_memdup(ie, len); in wpa_sm_set_mlo_params()
4554 if (!sm->mlo.links[i].ap_rsne) { in wpa_sm_set_mlo_params()
4555 sm->mlo.links[i].ap_rsne_len = 0; in wpa_sm_set_mlo_params()
4558 sm->mlo.links[i].ap_rsne_len = len; in wpa_sm_set_mlo_params()
4563 os_free(sm->mlo.links[i].ap_rsnxe); in wpa_sm_set_mlo_params()
4565 if (sm->mlo.links[i].ap_rsnxe) in wpa_sm_set_mlo_params()
4566 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, in wpa_sm_set_mlo_params()
4569 sm->mlo.links[i].ap_rsnxe = NULL; in wpa_sm_set_mlo_params()
4570 sm->mlo.links[i].ap_rsnxe_len = 0; in wpa_sm_set_mlo_params()
4574 sm->mlo.links[i].ap_rsnxe = os_memdup(ie, len); in wpa_sm_set_mlo_params()
4575 if (!sm->mlo.links[i].ap_rsnxe) { in wpa_sm_set_mlo_params()
4576 sm->mlo.links[i].ap_rsnxe_len = 0; in wpa_sm_set_mlo_params()
4579 sm->mlo.links[i].ap_rsnxe_len = len; in wpa_sm_set_mlo_params()
4589 * @sm: Pointer to WPA state machine data from wpa_sm_init()
4592 void wpa_sm_set_own_addr(struct wpa_sm *sm, const u8 *addr) in wpa_sm_set_own_addr() argument
4594 if (sm) in wpa_sm_set_own_addr()
4595 os_memcpy(sm->own_addr, addr, ETH_ALEN); in wpa_sm_set_own_addr()
4601 * @sm: Pointer to WPA state machine data from wpa_sm_init()
4605 void wpa_sm_set_ifname(struct wpa_sm *sm, const char *ifname, in wpa_sm_set_ifname() argument
4608 if (sm) { in wpa_sm_set_ifname()
4609 sm->ifname = ifname; in wpa_sm_set_ifname()
4610 sm->bridge_ifname = bridge_ifname; in wpa_sm_set_ifname()
4617 * @sm: Pointer to WPA state machine data from wpa_sm_init()
4620 void wpa_sm_set_eapol(struct wpa_sm *sm, struct eapol_sm *eapol) in wpa_sm_set_eapol() argument
4622 if (sm) in wpa_sm_set_eapol()
4623 sm->eapol = eapol; in wpa_sm_set_eapol()
4629 * @sm: Pointer to WPA state machine data from wpa_sm_init()
4634 int wpa_sm_set_param(struct wpa_sm *sm, enum wpa_sm_conf_params param, in wpa_sm_set_param() argument
4639 if (sm == NULL) in wpa_sm_set_param()
4645 sm->dot11RSNAConfigPMKLifetime = value; in wpa_sm_set_param()
4651 sm->dot11RSNAConfigPMKReauthThreshold = value; in wpa_sm_set_param()
4657 sm->dot11RSNAConfigSATimeout = value; in wpa_sm_set_param()
4662 sm->proto = value; in wpa_sm_set_param()
4665 sm->pairwise_cipher = value; in wpa_sm_set_param()
4668 sm->group_cipher = value; in wpa_sm_set_param()
4671 sm->key_mgmt = value; in wpa_sm_set_param()
4674 sm->mgmt_group_cipher = value; in wpa_sm_set_param()
4677 sm->rsn_enabled = value; in wpa_sm_set_param()
4680 sm->mfp = value; in wpa_sm_set_param()
4683 sm->ocv = value; in wpa_sm_set_param()
4686 sm->sae_pwe = value; in wpa_sm_set_param()
4689 sm->sae_pk = value; in wpa_sm_set_param()
4692 sm->wpa_deny_ptk0_rekey = value; in wpa_sm_set_param()
4695 sm->ext_key_id = value; in wpa_sm_set_param()
4698 sm->use_ext_key_id = value; in wpa_sm_set_param()
4702 sm->ft_rsnxe_used = value; in wpa_sm_set_param()
4705 sm->oci_freq_override_eapol = value; in wpa_sm_set_param()
4708 sm->oci_freq_override_eapol_g2 = value; in wpa_sm_set_param()
4711 sm->oci_freq_override_ft_assoc = value; in wpa_sm_set_param()
4714 sm->oci_freq_override_fils_assoc = value; in wpa_sm_set_param()
4717 sm->disable_eapol_g2_tx = value; in wpa_sm_set_param()
4720 sm->encrypt_eapol_m2 = value; in wpa_sm_set_param()
4723 sm->encrypt_eapol_m4 = value; in wpa_sm_set_param()
4728 sm->dpp_pfs = value; in wpa_sm_set_param()
4732 sm->wmm_enabled = value; in wpa_sm_set_param()
4735 sm->ft_prepend_pmkid = value; in wpa_sm_set_param()
4738 sm->ssid_protection = value; in wpa_sm_set_param()
4750 * @sm: Pointer to WPA state machine data from wpa_sm_init()
4760 int wpa_sm_get_status(struct wpa_sm *sm, char *buf, size_t buflen, in wpa_sm_get_status() argument
4770 wpa_cipher_txt(sm->pairwise_cipher), in wpa_sm_get_status()
4771 wpa_cipher_txt(sm->group_cipher), in wpa_sm_get_status()
4772 wpa_key_mgmt_txt(sm->key_mgmt, sm->proto)); in wpa_sm_get_status()
4778 if (sm->key_mgmt == WPA_KEY_MGMT_DPP && sm->dpp_z) { in wpa_sm_get_status()
4786 if (sm->mfp != NO_MGMT_FRAME_PROTECTION && sm->ap_rsn_ie) { in wpa_sm_get_status()
4788 if (wpa_parse_wpa_ie_rsn(sm->ap_rsn_ie, sm->ap_rsn_ie_len, &rsn) in wpa_sm_get_status()
4797 sm->mgmt_group_cipher)); in wpa_sm_get_status()
4808 int wpa_sm_pmf_enabled(struct wpa_sm *sm) in wpa_sm_pmf_enabled() argument
4812 if (sm->mfp == NO_MGMT_FRAME_PROTECTION || !sm->ap_rsn_ie) in wpa_sm_pmf_enabled()
4815 if (wpa_parse_wpa_ie_rsn(sm->ap_rsn_ie, sm->ap_rsn_ie_len, &rsn) >= 0 && in wpa_sm_pmf_enabled()
4823 int wpa_sm_ext_key_id(struct wpa_sm *sm) in wpa_sm_ext_key_id() argument
4825 return sm ? sm->ext_key_id : 0; in wpa_sm_ext_key_id()
4829 int wpa_sm_ext_key_id_active(struct wpa_sm *sm) in wpa_sm_ext_key_id_active() argument
4831 return sm ? sm->use_ext_key_id : 0; in wpa_sm_ext_key_id_active()
4835 int wpa_sm_ocv_enabled(struct wpa_sm *sm) in wpa_sm_ocv_enabled() argument
4839 if (!sm->ocv || !sm->ap_rsn_ie) in wpa_sm_ocv_enabled()
4842 return wpa_parse_wpa_ie_rsn(sm->ap_rsn_ie, sm->ap_rsn_ie_len, in wpa_sm_ocv_enabled()
4850 * @sm: Pointer to WPA state machine data from wpa_sm_init()
4855 int wpa_sm_set_assoc_wpa_ie_default(struct wpa_sm *sm, u8 *wpa_ie, in wpa_sm_set_assoc_wpa_ie_default() argument
4860 if (sm == NULL) in wpa_sm_set_assoc_wpa_ie_default()
4864 if (sm->test_assoc_ie) { in wpa_sm_set_assoc_wpa_ie_default()
4867 if (*wpa_ie_len < wpabuf_len(sm->test_assoc_ie)) in wpa_sm_set_assoc_wpa_ie_default()
4869 os_memcpy(wpa_ie, wpabuf_head(sm->test_assoc_ie), in wpa_sm_set_assoc_wpa_ie_default()
4870 wpabuf_len(sm->test_assoc_ie)); in wpa_sm_set_assoc_wpa_ie_default()
4871 res = wpabuf_len(sm->test_assoc_ie); in wpa_sm_set_assoc_wpa_ie_default()
4874 res = wpa_gen_wpa_ie(sm, wpa_ie, *wpa_ie_len); in wpa_sm_set_assoc_wpa_ie_default()
4882 if (sm->assoc_wpa_ie == NULL) { in wpa_sm_set_assoc_wpa_ie_default()
4888 sm->assoc_wpa_ie = os_memdup(wpa_ie, *wpa_ie_len); in wpa_sm_set_assoc_wpa_ie_default()
4889 if (sm->assoc_wpa_ie == NULL) in wpa_sm_set_assoc_wpa_ie_default()
4892 sm->assoc_wpa_ie_len = *wpa_ie_len; in wpa_sm_set_assoc_wpa_ie_default()
4896 sm->assoc_wpa_ie, sm->assoc_wpa_ie_len); in wpa_sm_set_assoc_wpa_ie_default()
4905 * @sm: Pointer to WPA state machine data from wpa_sm_init()
4914 int wpa_sm_set_assoc_wpa_ie(struct wpa_sm *sm, const u8 *ie, size_t len) in wpa_sm_set_assoc_wpa_ie() argument
4916 if (sm == NULL) in wpa_sm_set_assoc_wpa_ie()
4919 os_free(sm->assoc_wpa_ie); in wpa_sm_set_assoc_wpa_ie()
4921 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, in wpa_sm_set_assoc_wpa_ie()
4923 sm->assoc_wpa_ie = NULL; in wpa_sm_set_assoc_wpa_ie()
4924 sm->assoc_wpa_ie_len = 0; in wpa_sm_set_assoc_wpa_ie()
4927 sm->assoc_wpa_ie = os_memdup(ie, len); in wpa_sm_set_assoc_wpa_ie()
4928 if (sm->assoc_wpa_ie == NULL) in wpa_sm_set_assoc_wpa_ie()
4931 sm->assoc_wpa_ie_len = len; in wpa_sm_set_assoc_wpa_ie()
4940 * @sm: Pointer to WPA state machine data from wpa_sm_init()
4945 int wpa_sm_set_assoc_rsnxe_default(struct wpa_sm *sm, u8 *rsnxe, in wpa_sm_set_assoc_rsnxe_default() argument
4950 if (!sm) in wpa_sm_set_assoc_rsnxe_default()
4953 res = wpa_gen_rsnxe(sm, rsnxe, *rsnxe_len); in wpa_sm_set_assoc_rsnxe_default()
4960 if (sm->assoc_rsnxe) { in wpa_sm_set_assoc_rsnxe_default()
4963 sm->assoc_rsnxe, sm->assoc_rsnxe_len); in wpa_sm_set_assoc_rsnxe_default()
4969 sm->assoc_rsnxe = os_memdup(rsnxe, *rsnxe_len); in wpa_sm_set_assoc_rsnxe_default()
4970 if (!sm->assoc_rsnxe) in wpa_sm_set_assoc_rsnxe_default()
4973 sm->assoc_rsnxe_len = *rsnxe_len; in wpa_sm_set_assoc_rsnxe_default()
4982 * @sm: Pointer to WPA state machine data from wpa_sm_init()
4991 int wpa_sm_set_assoc_rsnxe(struct wpa_sm *sm, const u8 *ie, size_t len) in wpa_sm_set_assoc_rsnxe() argument
4993 if (!sm) in wpa_sm_set_assoc_rsnxe()
4996 os_free(sm->assoc_rsnxe); in wpa_sm_set_assoc_rsnxe()
4998 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, in wpa_sm_set_assoc_rsnxe()
5000 sm->assoc_rsnxe = NULL; in wpa_sm_set_assoc_rsnxe()
5001 sm->assoc_rsnxe_len = 0; in wpa_sm_set_assoc_rsnxe()
5004 sm->assoc_rsnxe = os_memdup(ie, len); in wpa_sm_set_assoc_rsnxe()
5005 if (!sm->assoc_rsnxe) in wpa_sm_set_assoc_rsnxe()
5008 sm->assoc_rsnxe_len = len; in wpa_sm_set_assoc_rsnxe()
5011 if (sm->ssid_protection && in wpa_sm_set_assoc_rsnxe()
5012 !ieee802_11_rsnx_capab(sm->assoc_rsnxe, in wpa_sm_set_assoc_rsnxe()
5014 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, in wpa_sm_set_assoc_rsnxe()
5016 sm->ssid_protection = 0; in wpa_sm_set_assoc_rsnxe()
5025 * @sm: Pointer to WPA state machine data from wpa_sm_init()
5033 int wpa_sm_set_ap_wpa_ie(struct wpa_sm *sm, const u8 *ie, size_t len) in wpa_sm_set_ap_wpa_ie() argument
5035 if (sm == NULL) in wpa_sm_set_ap_wpa_ie()
5038 os_free(sm->ap_wpa_ie); in wpa_sm_set_ap_wpa_ie()
5040 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, in wpa_sm_set_ap_wpa_ie()
5042 sm->ap_wpa_ie = NULL; in wpa_sm_set_ap_wpa_ie()
5043 sm->ap_wpa_ie_len = 0; in wpa_sm_set_ap_wpa_ie()
5046 sm->ap_wpa_ie = os_memdup(ie, len); in wpa_sm_set_ap_wpa_ie()
5047 if (sm->ap_wpa_ie == NULL) in wpa_sm_set_ap_wpa_ie()
5050 sm->ap_wpa_ie_len = len; in wpa_sm_set_ap_wpa_ie()
5059 * @sm: Pointer to WPA state machine data from wpa_sm_init()
5067 int wpa_sm_set_ap_rsn_ie(struct wpa_sm *sm, const u8 *ie, size_t len) in wpa_sm_set_ap_rsn_ie() argument
5069 if (sm == NULL) in wpa_sm_set_ap_rsn_ie()
5072 os_free(sm->ap_rsn_ie); in wpa_sm_set_ap_rsn_ie()
5074 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, in wpa_sm_set_ap_rsn_ie()
5076 sm->ap_rsn_ie = NULL; in wpa_sm_set_ap_rsn_ie()
5077 sm->ap_rsn_ie_len = 0; in wpa_sm_set_ap_rsn_ie()
5080 sm->ap_rsn_ie = os_memdup(ie, len); in wpa_sm_set_ap_rsn_ie()
5081 if (sm->ap_rsn_ie == NULL) in wpa_sm_set_ap_rsn_ie()
5084 sm->ap_rsn_ie_len = len; in wpa_sm_set_ap_rsn_ie()
5093 * @sm: Pointer to WPA state machine data from wpa_sm_init()
5101 int wpa_sm_set_ap_rsnxe(struct wpa_sm *sm, const u8 *ie, size_t len) in wpa_sm_set_ap_rsnxe() argument
5103 if (!sm) in wpa_sm_set_ap_rsnxe()
5106 os_free(sm->ap_rsnxe); in wpa_sm_set_ap_rsnxe()
5108 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: clearing AP RSNXE"); in wpa_sm_set_ap_rsnxe()
5109 sm->ap_rsnxe = NULL; in wpa_sm_set_ap_rsnxe()
5110 sm->ap_rsnxe_len = 0; in wpa_sm_set_ap_rsnxe()
5113 sm->ap_rsnxe = os_memdup(ie, len); in wpa_sm_set_ap_rsnxe()
5114 if (!sm->ap_rsnxe) in wpa_sm_set_ap_rsnxe()
5117 sm->ap_rsnxe_len = len; in wpa_sm_set_ap_rsnxe()
5126 * @sm: Pointer to WPA state machine data from wpa_sm_init()
5133 int wpa_sm_parse_own_wpa_ie(struct wpa_sm *sm, struct wpa_ie_data *data) in wpa_sm_parse_own_wpa_ie() argument
5135 if (sm == NULL) in wpa_sm_parse_own_wpa_ie()
5138 if (sm->assoc_wpa_ie == NULL) { in wpa_sm_parse_own_wpa_ie()
5139 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, in wpa_sm_parse_own_wpa_ie()
5143 if (wpa_parse_wpa_ie(sm->assoc_wpa_ie, sm->assoc_wpa_ie_len, data)) in wpa_sm_parse_own_wpa_ie()
5149 int wpa_sm_pmksa_cache_list(struct wpa_sm *sm, char *buf, size_t len) in wpa_sm_pmksa_cache_list() argument
5151 return pmksa_cache_list(sm->pmksa, buf, len); in wpa_sm_pmksa_cache_list()
5155 struct rsn_pmksa_cache_entry * wpa_sm_pmksa_cache_head(struct wpa_sm *sm) in wpa_sm_pmksa_cache_head() argument
5157 return pmksa_cache_head(sm->pmksa); in wpa_sm_pmksa_cache_head()
5162 wpa_sm_pmksa_cache_add_entry(struct wpa_sm *sm, in wpa_sm_pmksa_cache_add_entry() argument
5165 return pmksa_cache_add_entry(sm->pmksa, entry); in wpa_sm_pmksa_cache_add_entry()
5169 void wpa_sm_pmksa_cache_add(struct wpa_sm *sm, const u8 *pmk, size_t pmk_len, in wpa_sm_pmksa_cache_add() argument
5173 sm->cur_pmksa = pmksa_cache_add(sm->pmksa, pmk, pmk_len, pmkid, NULL, 0, in wpa_sm_pmksa_cache_add()
5174 bssid, sm->own_addr, sm->network_ctx, in wpa_sm_pmksa_cache_add()
5175 sm->key_mgmt, fils_cache_id); in wpa_sm_pmksa_cache_add()
5179 int wpa_sm_pmksa_exists(struct wpa_sm *sm, const u8 *bssid, const u8 *own_addr, in wpa_sm_pmksa_exists() argument
5182 return pmksa_cache_get(sm->pmksa, bssid, own_addr, NULL, network_ctx, in wpa_sm_pmksa_exists()
5187 struct rsn_pmksa_cache_entry * wpa_sm_pmksa_cache_get(struct wpa_sm *sm, in wpa_sm_pmksa_cache_get() argument
5193 return pmksa_cache_get(sm->pmksa, aa, sm->own_addr, pmkid, network_ctx, in wpa_sm_pmksa_cache_get()
5198 void wpa_sm_pmksa_cache_remove(struct wpa_sm *sm, in wpa_sm_pmksa_cache_remove() argument
5201 if (sm && sm->pmksa) in wpa_sm_pmksa_cache_remove()
5202 pmksa_cache_remove(sm->pmksa, entry); in wpa_sm_pmksa_cache_remove()
5206 void wpa_sm_drop_sa(struct wpa_sm *sm) in wpa_sm_drop_sa() argument
5208 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Clear old PMK and PTK"); in wpa_sm_drop_sa()
5209 wpa_sm_clear_ptk(sm); in wpa_sm_drop_sa()
5210 sm->pmk_len = 0; in wpa_sm_drop_sa()
5211 os_memset(sm->pmk, 0, sizeof(sm->pmk)); in wpa_sm_drop_sa()
5213 os_memset(sm->xxkey, 0, sizeof(sm->xxkey)); in wpa_sm_drop_sa()
5214 sm->xxkey_len = 0; in wpa_sm_drop_sa()
5215 os_memset(sm->pmk_r0, 0, sizeof(sm->pmk_r0)); in wpa_sm_drop_sa()
5216 sm->pmk_r0_len = 0; in wpa_sm_drop_sa()
5217 os_memset(sm->pmk_r1, 0, sizeof(sm->pmk_r1)); in wpa_sm_drop_sa()
5218 sm->pmk_r1_len = 0; in wpa_sm_drop_sa()
5220 os_free(sm->pasn_r1kh); in wpa_sm_drop_sa()
5221 sm->pasn_r1kh = NULL; in wpa_sm_drop_sa()
5222 sm->n_pasn_r1kh = 0; in wpa_sm_drop_sa()
5229 bool wpa_sm_has_ft_keys(struct wpa_sm *sm, const u8 *md) in wpa_sm_has_ft_keys() argument
5231 if (!sm) in wpa_sm_has_ft_keys()
5233 if (!wpa_key_mgmt_ft(sm->key_mgmt) || in wpa_sm_has_ft_keys()
5234 os_memcmp(md, sm->key_mobility_domain, in wpa_sm_has_ft_keys()
5240 return sm->ptk_set; in wpa_sm_has_ft_keys()
5245 int wpa_sm_has_ptk_installed(struct wpa_sm *sm) in wpa_sm_has_ptk_installed() argument
5247 if (!sm) in wpa_sm_has_ptk_installed()
5249 return sm->tk_set || sm->ptk.installed; in wpa_sm_has_ptk_installed()
5253 void wpa_sm_update_replay_ctr(struct wpa_sm *sm, const u8 *replay_ctr) in wpa_sm_update_replay_ctr() argument
5255 os_memcpy(sm->rx_replay_counter, replay_ctr, WPA_REPLAY_COUNTER_LEN); in wpa_sm_update_replay_ctr()
5259 void wpa_sm_pmksa_cache_flush(struct wpa_sm *sm, void *network_ctx) in wpa_sm_pmksa_cache_flush() argument
5261 pmksa_cache_flush(sm->pmksa, network_ctx, NULL, 0, false); in wpa_sm_pmksa_cache_flush()
5265 void wpa_sm_external_pmksa_cache_flush(struct wpa_sm *sm, void *network_ctx) in wpa_sm_external_pmksa_cache_flush() argument
5267 pmksa_cache_flush(sm->pmksa, network_ctx, NULL, 0, true); in wpa_sm_external_pmksa_cache_flush()
5272 int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf) in wpa_wnmsleep_install_key() argument
5282 keylen = wpa_cipher_key_len(sm->group_cipher); in wpa_wnmsleep_install_key()
5283 gd.key_rsc_len = wpa_cipher_rsc_len(sm->group_cipher); in wpa_wnmsleep_install_key()
5284 gd.alg = wpa_cipher_to_alg(sm->group_cipher); in wpa_wnmsleep_install_key()
5300 sm, !!(keyinfo & WPA_KEY_INFO_TXRX)); in wpa_wnmsleep_install_key()
5306 if (wpa_supplicant_install_gtk(sm, &gd, key_rsc, 1)) { in wpa_wnmsleep_install_key()
5317 if (wpa_supplicant_install_igtk(sm, igtk, 1) < 0) in wpa_wnmsleep_install_key()
5323 if (sm->beacon_prot && in wpa_wnmsleep_install_key()
5324 wpa_supplicant_install_bigtk(sm, bigtk, 1) < 0) in wpa_wnmsleep_install_key()
5338 int wpa_sm_get_p2p_ip_addr(struct wpa_sm *sm, u8 *buf) in wpa_sm_get_p2p_ip_addr() argument
5340 if (sm == NULL || WPA_GET_BE32(sm->p2p_ip_addr) == 0) in wpa_sm_get_p2p_ip_addr()
5342 os_memcpy(buf, sm->p2p_ip_addr, 3 * 4); in wpa_sm_get_p2p_ip_addr()
5349 void wpa_sm_set_rx_replay_ctr(struct wpa_sm *sm, const u8 *rx_replay_counter) in wpa_sm_set_rx_replay_ctr() argument
5354 os_memcpy(sm->rx_replay_counter, rx_replay_counter, in wpa_sm_set_rx_replay_ctr()
5356 sm->rx_replay_counter_set = 1; in wpa_sm_set_rx_replay_ctr()
5361 void wpa_sm_set_ptk_kck_kek(struct wpa_sm *sm, in wpa_sm_set_ptk_kck_kek() argument
5366 os_memcpy(sm->ptk.kck, ptk_kck, ptk_kck_len); in wpa_sm_set_ptk_kck_kek()
5367 sm->ptk.kck_len = ptk_kck_len; in wpa_sm_set_ptk_kck_kek()
5371 os_memcpy(sm->ptk.kek, ptk_kek, ptk_kek_len); in wpa_sm_set_ptk_kck_kek()
5372 sm->ptk.kek_len = ptk_kek_len; in wpa_sm_set_ptk_kck_kek()
5375 sm->ptk_set = 1; in wpa_sm_set_ptk_kck_kek()
5381 void wpa_sm_set_test_assoc_ie(struct wpa_sm *sm, struct wpabuf *buf) in wpa_sm_set_test_assoc_ie() argument
5383 wpabuf_free(sm->test_assoc_ie); in wpa_sm_set_test_assoc_ie()
5384 sm->test_assoc_ie = buf; in wpa_sm_set_test_assoc_ie()
5388 void wpa_sm_set_test_eapol_m2_elems(struct wpa_sm *sm, struct wpabuf *buf) in wpa_sm_set_test_eapol_m2_elems() argument
5390 wpabuf_free(sm->test_eapol_m2_elems); in wpa_sm_set_test_eapol_m2_elems()
5391 sm->test_eapol_m2_elems = buf; in wpa_sm_set_test_eapol_m2_elems()
5395 void wpa_sm_set_test_eapol_m4_elems(struct wpa_sm *sm, struct wpabuf *buf) in wpa_sm_set_test_eapol_m4_elems() argument
5397 wpabuf_free(sm->test_eapol_m4_elems); in wpa_sm_set_test_eapol_m4_elems()
5398 sm->test_eapol_m4_elems = buf; in wpa_sm_set_test_eapol_m4_elems()
5402 const u8 * wpa_sm_get_anonce(struct wpa_sm *sm) in wpa_sm_get_anonce() argument
5404 return sm->anonce; in wpa_sm_get_anonce()
5410 unsigned int wpa_sm_get_key_mgmt(struct wpa_sm *sm) in wpa_sm_get_key_mgmt() argument
5412 return sm->key_mgmt; in wpa_sm_get_key_mgmt()
5416 const u8 * wpa_sm_get_auth_addr(struct wpa_sm *sm) in wpa_sm_get_auth_addr() argument
5418 return sm->mlo.valid_links ? sm->mlo.ap_mld_addr : sm->bssid; in wpa_sm_get_auth_addr()
5424 struct wpabuf * fils_build_auth(struct wpa_sm *sm, int dh_group, const u8 *md) in fils_build_auth() argument
5430 erp_msg = eapol_sm_build_erp_reauth_start(sm->eapol); in fils_build_auth()
5431 if (!erp_msg && !sm->cur_pmksa) { in fils_build_auth()
5438 erp_msg != NULL, sm->cur_pmksa != NULL); in fils_build_auth()
5440 sm->fils_completed = 0; in fils_build_auth()
5442 if (!sm->assoc_wpa_ie) { in fils_build_auth()
5447 if (random_get_bytes(sm->fils_nonce, FILS_NONCE_LEN) < 0 || in fils_build_auth()
5448 random_get_bytes(sm->fils_session, FILS_SESSION_LEN) < 0) in fils_build_auth()
5452 sm->fils_nonce, FILS_NONCE_LEN); in fils_build_auth()
5454 sm->fils_session, FILS_SESSION_LEN); in fils_build_auth()
5457 sm->fils_dh_group = dh_group; in fils_build_auth()
5459 crypto_ecdh_deinit(sm->fils_ecdh); in fils_build_auth()
5460 sm->fils_ecdh = crypto_ecdh_init(dh_group); in fils_build_auth()
5461 if (!sm->fils_ecdh) { in fils_build_auth()
5467 pub = crypto_ecdh_get_pubkey(sm->fils_ecdh, 1); in fils_build_auth()
5472 sm->fils_dh_elem_len = wpabuf_len(pub); in fils_build_auth()
5476 buf = wpabuf_alloc(1000 + sm->assoc_wpa_ie_len + in fils_build_auth()
5501 sm->assoc_wpa_ie, sm->assoc_wpa_ie_len); in fils_build_auth()
5502 wpabuf_put_data(buf, sm->assoc_wpa_ie, sm->assoc_wpa_ie_len); in fils_build_auth()
5520 wpabuf_put_data(buf, sm->fils_nonce, FILS_NONCE_LEN); in fils_build_auth()
5527 wpabuf_put_data(buf, sm->fils_session, FILS_SESSION_LEN); in fils_build_auth()
5530 sm->fils_erp_pmkid_set = 0; in fils_build_auth()
5539 if (fils_pmkid_erp(sm->key_mgmt, wpabuf_head(erp_msg), in fils_build_auth()
5541 sm->fils_erp_pmkid) == 0) in fils_build_auth()
5542 sm->fils_erp_pmkid_set = 1; in fils_build_auth()
5555 int fils_process_auth(struct wpa_sm *sm, const u8 *bssid, const u8 *data, in fils_process_auth() argument
5577 os_memcpy(sm->bssid, bssid, ETH_ALEN); in fils_process_auth()
5586 if (sm->fils_dh_group) { in fils_process_auth()
5599 if (group != sm->fils_dh_group) { in fils_process_auth()
5602 group, sm->fils_dh_group); in fils_process_auth()
5607 if ((size_t) (end - pos) < sm->fils_dh_elem_len) { in fils_process_auth()
5612 if (!sm->fils_ecdh) { in fils_process_auth()
5616 dh_ss = crypto_ecdh_set_peerkey(sm->fils_ecdh, 1, pos, in fils_process_auth()
5617 sm->fils_dh_elem_len); in fils_process_auth()
5624 g_ap_len = sm->fils_dh_elem_len; in fils_process_auth()
5625 pos += sm->fils_dh_elem_len; in fils_process_auth()
5649 os_memcpy(sm->fils_anonce, elems.fils_nonce, FILS_NONCE_LEN); in fils_process_auth()
5650 wpa_hexdump(MSG_DEBUG, "FILS: ANonce", sm->fils_anonce, FILS_NONCE_LEN); in fils_process_auth()
5653 if (wpa_key_mgmt_ft(sm->key_mgmt)) { in fils_process_auth()
5660 sm->key_mgmt, false) < 0) { in fils_process_auth()
5670 os_memcpy(sm->r0kh_id, parse.r0kh_id, parse.r0kh_id_len); in fils_process_auth()
5671 sm->r0kh_id_len = parse.r0kh_id_len; in fils_process_auth()
5673 sm->r0kh_id, sm->r0kh_id_len); in fils_process_auth()
5680 os_memcpy(sm->r1kh_id, parse.r1kh_id, FT_R1KH_ID_LEN); in fils_process_auth()
5682 sm->r1kh_id, FT_R1KH_ID_LEN); in fils_process_auth()
5686 wpabuf_free(sm->fils_ft_ies); in fils_process_auth()
5687 sm->fils_ft_ies = wpabuf_alloc(2 + elems.mdie_len + in fils_process_auth()
5689 if (!sm->fils_ft_ies) in fils_process_auth()
5691 wpabuf_put_data(sm->fils_ft_ies, elems.mdie - 2, in fils_process_auth()
5693 wpabuf_put_data(sm->fils_ft_ies, elems.ftie - 2, in fils_process_auth()
5696 wpabuf_free(sm->fils_ft_ies); in fils_process_auth()
5697 sm->fils_ft_ies = NULL; in fils_process_auth()
5711 if (os_memcmp(sm->cur_pmksa->pmkid, rsn.pmkid, PMKID_LEN) != 0) in fils_process_auth()
5715 sm->cur_pmksa->pmkid, PMKID_LEN); in fils_process_auth()
5722 if (!pmkid_match && sm->cur_pmksa) { in fils_process_auth()
5725 sm->cur_pmksa = NULL; in fils_process_auth()
5735 if (os_memcmp(sm->fils_session, elems.fils_session, FILS_SESSION_LEN) in fils_process_auth()
5739 sm->fils_session, FILS_SESSION_LEN); in fils_process_auth()
5744 if (!sm->cur_pmksa && elems.wrapped_data) { in fils_process_auth()
5751 eapol_sm_process_erp_finish(sm->eapol, elems.wrapped_data, in fils_process_auth()
5753 if (eapol_sm_failed(sm->eapol)) in fils_process_auth()
5757 res = eapol_sm_get_key(sm->eapol, rmsk, rmsk_len); in fils_process_auth()
5760 res = eapol_sm_get_key(sm->eapol, rmsk, rmsk_len); in fils_process_auth()
5765 res = fils_rmsk_to_pmk(sm->key_mgmt, rmsk, rmsk_len, in fils_process_auth()
5766 sm->fils_nonce, sm->fils_anonce, in fils_process_auth()
5769 sm->pmk, &sm->pmk_len); in fils_process_auth()
5780 if (!sm->fils_erp_pmkid_set) { in fils_process_auth()
5784 wpa_hexdump(MSG_DEBUG, "FILS: PMKID", sm->fils_erp_pmkid, in fils_process_auth()
5787 sm->cur_pmksa = pmksa_cache_add(sm->pmksa, sm->pmk, sm->pmk_len, in fils_process_auth()
5788 sm->fils_erp_pmkid, NULL, 0, in fils_process_auth()
5789 sm->bssid, sm->own_addr, in fils_process_auth()
5790 sm->network_ctx, sm->key_mgmt, in fils_process_auth()
5794 if (!sm->cur_pmksa) { in fils_process_auth()
5800 if (sm->force_kdk_derivation || in fils_process_auth()
5801 (sm->secure_ltf && in fils_process_auth()
5802 ieee802_11_rsnx_capab(sm->ap_rsnxe, WLAN_RSNX_CAPAB_SECURE_LTF))) in fils_process_auth()
5807 if (fils_pmk_to_ptk(sm->pmk, sm->pmk_len, sm->own_addr, in fils_process_auth()
5808 wpa_sm_get_auth_addr(sm), in fils_process_auth()
5809 sm->fils_nonce, sm->fils_anonce, in fils_process_auth()
5812 &sm->ptk, ick, &ick_len, in fils_process_auth()
5813 sm->key_mgmt, sm->pairwise_cipher, in fils_process_auth()
5814 sm->fils_ft, &sm->fils_ft_len, in fils_process_auth()
5821 if (sm->secure_ltf && in fils_process_auth()
5822 ieee802_11_rsnx_capab(sm->ap_rsnxe, WLAN_RSNX_CAPAB_SECURE_LTF) && in fils_process_auth()
5823 wpa_ltf_keyseed(&sm->ptk, sm->key_mgmt, sm->pairwise_cipher)) { in fils_process_auth()
5832 sm->ptk_set = 1; in fils_process_auth()
5833 sm->tptk_set = 0; in fils_process_auth()
5834 os_memset(&sm->tptk, 0, sizeof(sm->tptk)); in fils_process_auth()
5837 if (sm->fils_dh_group) { in fils_process_auth()
5838 if (!sm->fils_ecdh) { in fils_process_auth()
5842 pub = crypto_ecdh_get_pubkey(sm->fils_ecdh, 1); in fils_process_auth()
5856 res = fils_key_auth_sk(ick, ick_len, sm->fils_nonce, in fils_process_auth()
5857 sm->fils_anonce, sm->own_addr, sm->bssid, in fils_process_auth()
5859 sm->key_mgmt, sm->fils_key_auth_sta, in fils_process_auth()
5860 sm->fils_key_auth_ap, in fils_process_auth()
5861 &sm->fils_key_auth_len); in fils_process_auth()
5879 static int fils_ft_build_assoc_req_rsne(struct wpa_sm *sm, struct wpabuf *buf) in fils_ft_build_assoc_req_rsne() argument
5884 int use_sha384 = wpa_key_mgmt_sha384(sm->key_mgmt); in fils_ft_build_assoc_req_rsne()
5892 if (!wpa_cipher_valid_group(sm->group_cipher)) { in fils_ft_build_assoc_req_rsne()
5894 sm->group_cipher); in fils_ft_build_assoc_req_rsne()
5899 sm->group_cipher)); in fils_ft_build_assoc_req_rsne()
5905 if (!wpa_cipher_valid_pairwise(sm->pairwise_cipher)) { in fils_ft_build_assoc_req_rsne()
5907 sm->pairwise_cipher); in fils_ft_build_assoc_req_rsne()
5912 sm->pairwise_cipher)); in fils_ft_build_assoc_req_rsne()
5919 if (sm->key_mgmt == WPA_KEY_MGMT_FT_FILS_SHA256) in fils_ft_build_assoc_req_rsne()
5921 else if (sm->key_mgmt == WPA_KEY_MGMT_FT_FILS_SHA384) in fils_ft_build_assoc_req_rsne()
5926 sm->key_mgmt); in fils_ft_build_assoc_req_rsne()
5932 if (sm->mfp) in fils_ft_build_assoc_req_rsne()
5934 if (sm->mfp == 2) in fils_ft_build_assoc_req_rsne()
5936 if (sm->ocv) in fils_ft_build_assoc_req_rsne()
5938 if (sm->ext_key_id) in fils_ft_build_assoc_req_rsne()
5947 sm->fils_ft, sm->fils_ft_len); in fils_ft_build_assoc_req_rsne()
5948 wpa_hexdump_ascii(MSG_DEBUG, "FILS+FT: SSID", sm->ssid, sm->ssid_len); in fils_ft_build_assoc_req_rsne()
5950 sm->mobility_domain, MOBILITY_DOMAIN_ID_LEN); in fils_ft_build_assoc_req_rsne()
5952 sm->r0kh_id, sm->r0kh_id_len); in fils_ft_build_assoc_req_rsne()
5953 if (wpa_derive_pmk_r0(sm->fils_ft, sm->fils_ft_len, sm->ssid, in fils_ft_build_assoc_req_rsne()
5954 sm->ssid_len, sm->mobility_domain, in fils_ft_build_assoc_req_rsne()
5955 sm->r0kh_id, sm->r0kh_id_len, sm->own_addr, in fils_ft_build_assoc_req_rsne()
5956 sm->pmk_r0, sm->pmk_r0_name, sm->key_mgmt) < 0) { in fils_ft_build_assoc_req_rsne()
5960 if (wpa_key_mgmt_sae_ext_key(sm->key_mgmt)) in fils_ft_build_assoc_req_rsne()
5961 sm->pmk_r0_len = sm->fils_ft_len; in fils_ft_build_assoc_req_rsne()
5963 sm->pmk_r0_len = use_sha384 ? SHA384_MAC_LEN : PMK_LEN; in fils_ft_build_assoc_req_rsne()
5965 MAC2STR(sm->r1kh_id)); in fils_ft_build_assoc_req_rsne()
5967 if (wpa_derive_pmk_r1_name(sm->pmk_r0_name, sm->r1kh_id, sm->own_addr, in fils_ft_build_assoc_req_rsne()
5968 sm->pmk_r1_name, sm->fils_ft_len) < 0) { in fils_ft_build_assoc_req_rsne()
5972 os_memcpy(pos, sm->pmk_r1_name, WPA_PMK_NAME_LEN); in fils_ft_build_assoc_req_rsne()
5974 os_memcpy(sm->key_mobility_domain, sm->mobility_domain, in fils_ft_build_assoc_req_rsne()
5977 if (sm->mgmt_group_cipher == WPA_CIPHER_AES_128_CMAC) { in fils_ft_build_assoc_req_rsne()
5989 struct wpabuf * fils_build_assoc_req(struct wpa_sm *sm, const u8 **kek, in fils_build_assoc_req() argument
6001 if (sm->fils_ft_ies) in fils_build_assoc_req()
6002 len += wpabuf_len(sm->fils_ft_ies); in fils_build_assoc_req()
6003 if (wpa_key_mgmt_ft(sm->key_mgmt)) in fils_build_assoc_req()
6013 if (wpa_key_mgmt_ft(sm->key_mgmt) && sm->fils_ft_ies) { in fils_build_assoc_req()
6015 wpabuf_put_buf(buf, sm->fils_ft_ies); in fils_build_assoc_req()
6017 if (fils_ft_build_assoc_req_rsne(sm, buf) < 0) { in fils_build_assoc_req()
6029 wpabuf_put_data(buf, sm->fils_session, FILS_SESSION_LEN); in fils_build_assoc_req()
6038 wpabuf_put_u8(buf, 1 + sm->fils_key_auth_len); /* Length */ in fils_build_assoc_req()
6041 wpabuf_put_data(buf, sm->fils_key_auth_sta, sm->fils_key_auth_len); in fils_build_assoc_req()
6075 if (wpa_sm_ocv_enabled(sm)) { in fils_build_assoc_req()
6079 if (wpa_sm_channel_info(sm, &ci) != 0) { in fils_build_assoc_req()
6086 if (sm->oci_freq_override_fils_assoc) { in fils_build_assoc_req()
6090 sm->oci_freq_override_fils_assoc); in fils_build_assoc_req()
6091 ci.frequency = sm->oci_freq_override_fils_assoc; in fils_build_assoc_req()
6105 *kek = sm->ptk.kek; in fils_build_assoc_req()
6106 *kek_len = sm->ptk.kek_len; in fils_build_assoc_req()
6108 *snonce = sm->fils_nonce; in fils_build_assoc_req()
6111 *anonce = sm->fils_anonce; in fils_build_assoc_req()
6119 static void fils_process_hlp_resp(struct wpa_sm *sm, const u8 *resp, size_t len) in fils_process_hlp_resp() argument
6131 wpa_sm_fils_hlp_rx(sm, resp, resp + ETH_ALEN, pos, end - pos); in fils_process_hlp_resp()
6135 static void fils_process_hlp_container(struct wpa_sm *sm, const u8 *pos, in fils_process_hlp_container() argument
6177 fils_process_hlp_resp(sm, tmp, tmp_pos - tmp); in fils_process_hlp_container()
6184 int fils_process_assoc_resp(struct wpa_sm *sm, const u8 *resp, size_t len) in fils_process_assoc_resp() argument
6195 if (!sm || !sm->ptk_set) { in fils_process_assoc_resp()
6200 if (!wpa_key_mgmt_fils(sm->key_mgmt)) { in fils_process_assoc_resp()
6205 if (sm->fils_completed) { in fils_process_assoc_resp()
6233 if (os_memcmp(elems.fils_session, sm->fils_session, in fils_process_assoc_resp()
6239 sm->fils_session, FILS_SESSION_LEN); in fils_process_assoc_resp()
6250 } else if (wpa_compare_rsn_ie(wpa_key_mgmt_ft(sm->key_mgmt), in fils_process_assoc_resp()
6251 sm->ap_rsn_ie, sm->ap_rsn_ie_len, in fils_process_assoc_resp()
6253 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, in fils_process_assoc_resp()
6256 sm->ap_rsn_ie, sm->ap_rsn_ie_len); in fils_process_assoc_resp()
6268 if (elems.fils_key_confirm_len != sm->fils_key_auth_len) { in fils_process_assoc_resp()
6272 (int) sm->fils_key_auth_len); in fils_process_assoc_resp()
6275 if (os_memcmp(elems.fils_key_confirm, sm->fils_key_auth_ap, in fils_process_assoc_resp()
6276 sm->fils_key_auth_len) != 0) { in fils_process_assoc_resp()
6282 sm->fils_key_auth_ap, sm->fils_key_auth_len); in fils_process_assoc_resp()
6287 if (wpa_sm_ocv_enabled(sm)) { in fils_process_assoc_resp()
6290 if (wpa_sm_channel_info(sm, &ci) != 0) { in fils_process_assoc_resp()
6299 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, OCV_FAILURE in fils_process_assoc_resp()
6301 MAC2STR(sm->bssid), ocv_errorstr); in fils_process_assoc_resp()
6308 if (wpa_key_mgmt_ft(sm->key_mgmt) && sm->fils_ft_ies) { in fils_process_assoc_resp()
6316 os_memcmp(rsn.pmkid, sm->pmk_r1_name, in fils_process_assoc_resp()
6344 if (wpa_supplicant_check_group_cipher(sm, sm->group_cipher, in fils_process_assoc_resp()
6351 gd.tx = wpa_supplicant_gtk_tx_bit_workaround(sm, in fils_process_assoc_resp()
6361 if (wpa_supplicant_install_gtk(sm, &gd, elems.key_delivery, 0) < 0) { in fils_process_assoc_resp()
6366 if (ieee80211w_set_keys(sm, &kde) < 0) { in fils_process_assoc_resp()
6371 alg = wpa_cipher_to_alg(sm->pairwise_cipher); in fils_process_assoc_resp()
6372 keylen = wpa_cipher_key_len(sm->pairwise_cipher); in fils_process_assoc_resp()
6373 if (keylen <= 0 || (unsigned int) keylen != sm->ptk.tk_len) { in fils_process_assoc_resp()
6375 keylen, (long unsigned int) sm->ptk.tk_len); in fils_process_assoc_resp()
6379 rsclen = wpa_cipher_rsc_len(sm->pairwise_cipher); in fils_process_assoc_resp()
6381 sm->ptk.tk, keylen); in fils_process_assoc_resp()
6382 if (wpa_sm_set_key(sm, -1, alg, wpa_sm_get_auth_addr(sm), 0, 1, in fils_process_assoc_resp()
6384 sm->ptk.tk, keylen, KEY_FLAG_PAIRWISE_RX_TX) < 0) { in fils_process_assoc_resp()
6385 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, in fils_process_assoc_resp()
6388 alg, keylen, MAC2STR(wpa_sm_get_auth_addr(sm))); in fils_process_assoc_resp()
6392 wpa_sm_store_ptk(sm, sm->bssid, sm->pairwise_cipher, in fils_process_assoc_resp()
6393 sm->dot11RSNAConfigPMKLifetime, &sm->ptk); in fils_process_assoc_resp()
6398 os_memset(sm->ptk.tk, 0, WPA_TK_MAX_LEN); in fils_process_assoc_resp()
6399 sm->ptk.tk_len = 0; in fils_process_assoc_resp()
6400 sm->ptk.installed = 1; in fils_process_assoc_resp()
6401 sm->tk_set = true; in fils_process_assoc_resp()
6404 fils_process_hlp_container(sm, ie_start, end - ie_start); in fils_process_assoc_resp()
6409 sm->fils_completed = 1; in fils_process_assoc_resp()
6413 wpa_sm_transition_disable(sm, kde.transition_disable[0]); in fils_process_assoc_resp()
6422 void wpa_sm_set_reset_fils_completed(struct wpa_sm *sm, int set) in wpa_sm_set_reset_fils_completed() argument
6424 if (sm) in wpa_sm_set_reset_fils_completed()
6425 sm->fils_completed = !!set; in wpa_sm_set_reset_fils_completed()
6431 int wpa_fils_is_completed(struct wpa_sm *sm) in wpa_fils_is_completed() argument
6434 return sm && sm->fils_completed; in wpa_fils_is_completed()
6443 struct wpabuf * owe_build_assoc_req(struct wpa_sm *sm, u16 group) in owe_build_assoc_req() argument
6457 crypto_ecdh_deinit(sm->owe_ecdh); in owe_build_assoc_req()
6458 sm->owe_ecdh = crypto_ecdh_init(group); in owe_build_assoc_req()
6459 if (!sm->owe_ecdh) in owe_build_assoc_req()
6461 sm->owe_group = group; in owe_build_assoc_req()
6462 pub = crypto_ecdh_get_pubkey(sm->owe_ecdh, 0); in owe_build_assoc_req()
6482 crypto_ecdh_deinit(sm->owe_ecdh); in owe_build_assoc_req()
6483 sm->owe_ecdh = NULL; in owe_build_assoc_req()
6488 int owe_process_assoc_resp(struct wpa_sm *sm, const u8 *bssid, in owe_process_assoc_resp() argument
6510 if (sm->cur_pmksa && elems.rsn_ie && in owe_process_assoc_resp()
6514 os_memcmp(sm->cur_pmksa->pmkid, data.pmkid, PMKID_LEN) == 0) { in owe_process_assoc_resp()
6516 wpa_sm_set_pmk_from_pmksa(sm); in owe_process_assoc_resp()
6527 if (group != sm->owe_group) { in owe_process_assoc_resp()
6534 if (!sm->owe_ecdh) { in owe_process_assoc_resp()
6548 secret = crypto_ecdh_set_peerkey(sm->owe_ecdh, 0, in owe_process_assoc_resp()
6560 pub = crypto_ecdh_get_pubkey(sm->owe_ecdh, 0); in owe_process_assoc_resp()
6601 wpabuf_put_le16(hkey, sm->owe_group); /* group */ in owe_process_assoc_resp()
6622 os_strlen(info), sm->pmk, hash_len); in owe_process_assoc_resp()
6625 os_strlen(info), sm->pmk, hash_len); in owe_process_assoc_resp()
6628 os_strlen(info), sm->pmk, hash_len); in owe_process_assoc_resp()
6631 sm->pmk_len = 0; in owe_process_assoc_resp()
6634 sm->pmk_len = hash_len; in owe_process_assoc_resp()
6636 wpa_hexdump_key(MSG_DEBUG, "OWE: PMK", sm->pmk, sm->pmk_len); in owe_process_assoc_resp()
6638 pmksa_cache_add(sm->pmksa, sm->pmk, sm->pmk_len, pmkid, NULL, 0, in owe_process_assoc_resp()
6639 bssid, sm->own_addr, sm->network_ctx, sm->key_mgmt, in owe_process_assoc_resp()
6648 void wpa_sm_set_fils_cache_id(struct wpa_sm *sm, const u8 *fils_cache_id) in wpa_sm_set_fils_cache_id() argument
6651 if (sm && fils_cache_id) { in wpa_sm_set_fils_cache_id()
6652 sm->fils_cache_id_set = 1; in wpa_sm_set_fils_cache_id()
6653 os_memcpy(sm->fils_cache_id, fils_cache_id, FILS_CACHE_ID_LEN); in wpa_sm_set_fils_cache_id()
6660 void wpa_sm_set_dpp_z(struct wpa_sm *sm, const struct wpabuf *z) in wpa_sm_set_dpp_z() argument
6662 if (sm) { in wpa_sm_set_dpp_z()
6663 wpabuf_clear_free(sm->dpp_z); in wpa_sm_set_dpp_z()
6664 sm->dpp_z = z ? wpabuf_dup(z) : NULL; in wpa_sm_set_dpp_z()
6672 void wpa_pasn_sm_set_caps(struct wpa_sm *sm, unsigned int flags2) in wpa_pasn_sm_set_caps() argument
6675 sm->secure_ltf = 1; in wpa_pasn_sm_set_caps()
6677 sm->secure_rtt = 1; in wpa_pasn_sm_set_caps()
6679 sm->prot_range_neg = 1; in wpa_pasn_sm_set_caps()
6685 void wpa_sm_pmksa_cache_reconfig(struct wpa_sm *sm) in wpa_sm_pmksa_cache_reconfig() argument
6687 if (sm) in wpa_sm_pmksa_cache_reconfig()
6688 pmksa_cache_reconfig(sm->pmksa); in wpa_sm_pmksa_cache_reconfig()
6692 struct rsn_pmksa_cache * wpa_sm_get_pmksa_cache(struct wpa_sm *sm) in wpa_sm_get_pmksa_cache() argument
6694 return sm ? sm->pmksa : NULL; in wpa_sm_get_pmksa_cache()
6698 void wpa_sm_set_cur_pmksa(struct wpa_sm *sm, in wpa_sm_set_cur_pmksa() argument
6701 if (sm) in wpa_sm_set_cur_pmksa()
6702 sm->cur_pmksa = entry; in wpa_sm_set_cur_pmksa()
6706 void wpa_sm_set_driver_bss_selection(struct wpa_sm *sm, in wpa_sm_set_driver_bss_selection() argument
6709 if (sm) in wpa_sm_set_driver_bss_selection()
6710 sm->driver_bss_selection = driver_bss_selection; in wpa_sm_set_driver_bss_selection()