1*a90b9d01SCy Schubert /* 2*a90b9d01SCy Schubert * PASN info for initiator and responder 3*a90b9d01SCy Schubert * 4*a90b9d01SCy Schubert * Copyright (C) 2019, Intel Corporation 5*a90b9d01SCy Schubert * Copyright (c) 2022, Jouni Malinen <j@w1.fi> 6*a90b9d01SCy Schubert * Copyright (C) 2022, Qualcomm Innovation Center, Inc. 7*a90b9d01SCy Schubert * 8*a90b9d01SCy Schubert * This software may be distributed under the terms of the BSD license. 9*a90b9d01SCy Schubert * See README for more details. 10*a90b9d01SCy Schubert */ 11*a90b9d01SCy Schubert 12*a90b9d01SCy Schubert #ifndef PASN_COMMON_H 13*a90b9d01SCy Schubert #define PASN_COMMON_H 14*a90b9d01SCy Schubert 15*a90b9d01SCy Schubert #ifdef __cplusplus 16*a90b9d01SCy Schubert extern "C" { 17*a90b9d01SCy Schubert #endif 18*a90b9d01SCy Schubert 19*a90b9d01SCy Schubert enum pasn_fils_state { 20*a90b9d01SCy Schubert PASN_FILS_STATE_NONE = 0, 21*a90b9d01SCy Schubert PASN_FILS_STATE_PENDING_AS, 22*a90b9d01SCy Schubert PASN_FILS_STATE_COMPLETE 23*a90b9d01SCy Schubert }; 24*a90b9d01SCy Schubert 25*a90b9d01SCy Schubert struct pasn_fils { 26*a90b9d01SCy Schubert u8 state; 27*a90b9d01SCy Schubert u8 nonce[FILS_NONCE_LEN]; 28*a90b9d01SCy Schubert u8 anonce[FILS_NONCE_LEN]; 29*a90b9d01SCy Schubert u8 session[FILS_SESSION_LEN]; 30*a90b9d01SCy Schubert u8 erp_pmkid[PMKID_LEN]; 31*a90b9d01SCy Schubert bool completed; 32*a90b9d01SCy Schubert struct wpabuf *erp_resp; 33*a90b9d01SCy Schubert }; 34*a90b9d01SCy Schubert 35*a90b9d01SCy Schubert struct pasn_data { 36*a90b9d01SCy Schubert /* External modules access below variables using setter and getter 37*a90b9d01SCy Schubert * functions */ 38*a90b9d01SCy Schubert int akmp; 39*a90b9d01SCy Schubert int cipher; 40*a90b9d01SCy Schubert u8 own_addr[ETH_ALEN]; 41*a90b9d01SCy Schubert u8 peer_addr[ETH_ALEN]; 42*a90b9d01SCy Schubert u8 bssid[ETH_ALEN]; 43*a90b9d01SCy Schubert struct rsn_pmksa_cache *pmksa; 44*a90b9d01SCy Schubert bool derive_kdk; 45*a90b9d01SCy Schubert size_t kdk_len; 46*a90b9d01SCy Schubert void *cb_ctx; 47*a90b9d01SCy Schubert 48*a90b9d01SCy Schubert #ifdef CONFIG_SAE 49*a90b9d01SCy Schubert struct sae_pt *pt; 50*a90b9d01SCy Schubert #endif /* CONFIG_SAE */ 51*a90b9d01SCy Schubert 52*a90b9d01SCy Schubert /* Responder */ 53*a90b9d01SCy Schubert const char *password; 54*a90b9d01SCy Schubert int wpa_key_mgmt; 55*a90b9d01SCy Schubert int rsn_pairwise; 56*a90b9d01SCy Schubert u16 rsnxe_capab; 57*a90b9d01SCy Schubert const u8 *rsnxe_ie; 58*a90b9d01SCy Schubert bool custom_pmkid_valid; 59*a90b9d01SCy Schubert u8 custom_pmkid[PMKID_LEN]; 60*a90b9d01SCy Schubert 61*a90b9d01SCy Schubert /* 62*a90b9d01SCy Schubert * Extra elements to add into Authentication frames. These can be used, 63*a90b9d01SCy Schubert * e.g., for Wi-Fi Aware use cases. 64*a90b9d01SCy Schubert */ 65*a90b9d01SCy Schubert const u8 *extra_ies; 66*a90b9d01SCy Schubert size_t extra_ies_len; 67*a90b9d01SCy Schubert 68*a90b9d01SCy Schubert /* External modules do not access below variables */ 69*a90b9d01SCy Schubert u16 group; 70*a90b9d01SCy Schubert bool secure_ltf; 71*a90b9d01SCy Schubert int freq; 72*a90b9d01SCy Schubert 73*a90b9d01SCy Schubert u8 trans_seq; 74*a90b9d01SCy Schubert u8 status; 75*a90b9d01SCy Schubert 76*a90b9d01SCy Schubert size_t pmk_len; 77*a90b9d01SCy Schubert u8 pmk[PMK_LEN_MAX]; 78*a90b9d01SCy Schubert bool using_pmksa; 79*a90b9d01SCy Schubert 80*a90b9d01SCy Schubert u8 hash[SHA384_MAC_LEN]; 81*a90b9d01SCy Schubert 82*a90b9d01SCy Schubert struct wpabuf *beacon_rsne_rsnxe; 83*a90b9d01SCy Schubert struct wpa_ptk ptk; 84*a90b9d01SCy Schubert struct crypto_ecdh *ecdh; 85*a90b9d01SCy Schubert 86*a90b9d01SCy Schubert struct wpabuf *comeback; 87*a90b9d01SCy Schubert u16 comeback_after; 88*a90b9d01SCy Schubert 89*a90b9d01SCy Schubert #ifdef CONFIG_SAE 90*a90b9d01SCy Schubert struct sae_data sae; 91*a90b9d01SCy Schubert #endif /* CONFIG_SAE */ 92*a90b9d01SCy Schubert 93*a90b9d01SCy Schubert #ifdef CONFIG_FILS 94*a90b9d01SCy Schubert bool fils_eapol; 95*a90b9d01SCy Schubert bool fils_wd_valid; 96*a90b9d01SCy Schubert struct pasn_fils fils; 97*a90b9d01SCy Schubert #endif /* CONFIG_FILS */ 98*a90b9d01SCy Schubert 99*a90b9d01SCy Schubert #ifdef CONFIG_IEEE80211R 100*a90b9d01SCy Schubert u8 pmk_r1[PMK_LEN_MAX]; 101*a90b9d01SCy Schubert size_t pmk_r1_len; 102*a90b9d01SCy Schubert u8 pmk_r1_name[WPA_PMK_NAME_LEN]; 103*a90b9d01SCy Schubert #endif /* CONFIG_IEEE80211R */ 104*a90b9d01SCy Schubert /* Note that this pointers to RSN PMKSA cache are actually defined 105*a90b9d01SCy Schubert * differently for the PASN initiator (using RSN Supplicant 106*a90b9d01SCy Schubert * implementation) and PASN responser (using RSN Authenticator 107*a90b9d01SCy Schubert * implementation). Functions cannot be mixed between those cases. */ 108*a90b9d01SCy Schubert struct rsn_pmksa_cache_entry *pmksa_entry; 109*a90b9d01SCy Schubert struct eapol_sm *eapol; 110*a90b9d01SCy Schubert int fast_reauth; 111*a90b9d01SCy Schubert #ifdef CONFIG_TESTING_OPTIONS 112*a90b9d01SCy Schubert int corrupt_mic; 113*a90b9d01SCy Schubert #endif /* CONFIG_TESTING_OPTIONS */ 114*a90b9d01SCy Schubert int network_id; 115*a90b9d01SCy Schubert 116*a90b9d01SCy Schubert u8 wrapped_data_format; 117*a90b9d01SCy Schubert struct wpabuf *secret; 118*a90b9d01SCy Schubert 119*a90b9d01SCy Schubert /* Responder */ 120*a90b9d01SCy Schubert bool noauth; /* Whether PASN without mutual authentication is enabled */ 121*a90b9d01SCy Schubert int disable_pmksa_caching; 122*a90b9d01SCy Schubert int *pasn_groups; 123*a90b9d01SCy Schubert struct wpabuf *wrapped_data; 124*a90b9d01SCy Schubert int use_anti_clogging; 125*a90b9d01SCy Schubert const u8 *rsn_ie; 126*a90b9d01SCy Schubert size_t rsn_ie_len; 127*a90b9d01SCy Schubert 128*a90b9d01SCy Schubert u8 *comeback_key; 129*a90b9d01SCy Schubert struct os_reltime last_comeback_key_update; 130*a90b9d01SCy Schubert u16 comeback_idx; 131*a90b9d01SCy Schubert u16 *comeback_pending_idx; 132*a90b9d01SCy Schubert 133*a90b9d01SCy Schubert /** 134*a90b9d01SCy Schubert * send_mgmt - Function handler to transmit a Management frame 135*a90b9d01SCy Schubert * @ctx: Callback context from cb_ctx 136*a90b9d01SCy Schubert * @frame_buf : Frame to transmit 137*a90b9d01SCy Schubert * @frame_len: Length of frame to transmit 138*a90b9d01SCy Schubert * @freq: Frequency in MHz for the channel on which to transmit 139*a90b9d01SCy Schubert * @wait_dur: How many milliseconds to wait for a response frame 140*a90b9d01SCy Schubert * Returns: 0 on success, -1 on failure 141*a90b9d01SCy Schubert */ 142*a90b9d01SCy Schubert int (*send_mgmt)(void *ctx, const u8 *data, size_t data_len, int noack, 143*a90b9d01SCy Schubert unsigned int freq, unsigned int wait); 144*a90b9d01SCy Schubert /** 145*a90b9d01SCy Schubert * validate_custom_pmkid - Handler to validate vendor specific PMKID 146*a90b9d01SCy Schubert * @ctx: Callback context from cb_ctx 147*a90b9d01SCy Schubert * @addr : MAC address of the peer 148*a90b9d01SCy Schubert * @pmkid: Custom PMKID 149*a90b9d01SCy Schubert * Returns: 0 on success (valid PMKID), -1 on failure 150*a90b9d01SCy Schubert */ 151*a90b9d01SCy Schubert int (*validate_custom_pmkid)(void *ctx, const u8 *addr, 152*a90b9d01SCy Schubert const u8 *pmkid); 153*a90b9d01SCy Schubert }; 154*a90b9d01SCy Schubert 155*a90b9d01SCy Schubert /* Initiator */ 156*a90b9d01SCy Schubert void wpa_pasn_reset(struct pasn_data *pasn); 157*a90b9d01SCy Schubert int wpas_pasn_start(struct pasn_data *pasn, const u8 *own_addr, 158*a90b9d01SCy Schubert const u8 *peer_addr, const u8 *bssid, 159*a90b9d01SCy Schubert int akmp, int cipher, u16 group, 160*a90b9d01SCy Schubert int freq, const u8 *beacon_rsne, u8 beacon_rsne_len, 161*a90b9d01SCy Schubert const u8 *beacon_rsnxe, u8 beacon_rsnxe_len, 162*a90b9d01SCy Schubert const struct wpabuf *comeback); 163*a90b9d01SCy Schubert int wpa_pasn_verify(struct pasn_data *pasn, const u8 *own_addr, 164*a90b9d01SCy Schubert const u8 *peer_addr, const u8 *bssid, 165*a90b9d01SCy Schubert int akmp, int cipher, u16 group, 166*a90b9d01SCy Schubert int freq, const u8 *beacon_rsne, u8 beacon_rsne_len, 167*a90b9d01SCy Schubert const u8 *beacon_rsnxe, u8 beacon_rsnxe_len, 168*a90b9d01SCy Schubert const struct wpabuf *comeback); 169*a90b9d01SCy Schubert int wpa_pasn_auth_rx(struct pasn_data *pasn, const u8 *data, size_t len, 170*a90b9d01SCy Schubert struct wpa_pasn_params_data *pasn_params); 171*a90b9d01SCy Schubert int wpa_pasn_auth_tx_status(struct pasn_data *pasn, 172*a90b9d01SCy Schubert const u8 *data, size_t data_len, u8 acked); 173*a90b9d01SCy Schubert 174*a90b9d01SCy Schubert /* Responder */ 175*a90b9d01SCy Schubert int handle_auth_pasn_1(struct pasn_data *pasn, 176*a90b9d01SCy Schubert const u8 *own_addr, const u8 *peer_addr, 177*a90b9d01SCy Schubert const struct ieee80211_mgmt *mgmt, size_t len); 178*a90b9d01SCy Schubert int handle_auth_pasn_3(struct pasn_data *pasn, const u8 *own_addr, 179*a90b9d01SCy Schubert const u8 *peer_addr, 180*a90b9d01SCy Schubert const struct ieee80211_mgmt *mgmt, size_t len); 181*a90b9d01SCy Schubert int handle_auth_pasn_resp(struct pasn_data *pasn, const u8 *own_addr, 182*a90b9d01SCy Schubert const u8 *peer_addr, 183*a90b9d01SCy Schubert struct rsn_pmksa_cache_entry *pmksa, u16 status); 184*a90b9d01SCy Schubert 185*a90b9d01SCy Schubert struct pasn_data * pasn_data_init(void); 186*a90b9d01SCy Schubert void pasn_data_deinit(struct pasn_data *pasn); 187*a90b9d01SCy Schubert void pasn_register_callbacks(struct pasn_data *pasn, void *cb_ctx, 188*a90b9d01SCy Schubert int (*send_mgmt)(void *ctx, const u8 *data, 189*a90b9d01SCy Schubert size_t data_len, int noack, 190*a90b9d01SCy Schubert unsigned int freq, 191*a90b9d01SCy Schubert unsigned int wait), 192*a90b9d01SCy Schubert int (*validate_custom_pmkid)(void *ctx, 193*a90b9d01SCy Schubert const u8 *addr, 194*a90b9d01SCy Schubert const u8 *pmkid)); 195*a90b9d01SCy Schubert void pasn_enable_kdk_derivation(struct pasn_data *pasn); 196*a90b9d01SCy Schubert void pasn_disable_kdk_derivation(struct pasn_data *pasn); 197*a90b9d01SCy Schubert 198*a90b9d01SCy Schubert void pasn_set_akmp(struct pasn_data *pasn, int akmp); 199*a90b9d01SCy Schubert void pasn_set_cipher(struct pasn_data *pasn, int cipher); 200*a90b9d01SCy Schubert void pasn_set_own_addr(struct pasn_data *pasn, const u8 *addr); 201*a90b9d01SCy Schubert void pasn_set_peer_addr(struct pasn_data *pasn, const u8 *addr); 202*a90b9d01SCy Schubert void pasn_set_bssid(struct pasn_data *pasn, const u8 *addr); 203*a90b9d01SCy Schubert void pasn_set_initiator_pmksa(struct pasn_data *pasn, 204*a90b9d01SCy Schubert struct rsn_pmksa_cache *pmksa); 205*a90b9d01SCy Schubert void pasn_set_responder_pmksa(struct pasn_data *pasn, 206*a90b9d01SCy Schubert struct rsn_pmksa_cache *pmksa); 207*a90b9d01SCy Schubert int pasn_set_pt(struct pasn_data *pasn, struct sae_pt *pt); 208*a90b9d01SCy Schubert 209*a90b9d01SCy Schubert /* Responder */ 210*a90b9d01SCy Schubert void pasn_set_password(struct pasn_data *pasn, const char *password); 211*a90b9d01SCy Schubert void pasn_set_wpa_key_mgmt(struct pasn_data *pasn, int key_mgmt); 212*a90b9d01SCy Schubert void pasn_set_rsn_pairwise(struct pasn_data *pasn, int rsn_pairwise); 213*a90b9d01SCy Schubert void pasn_set_rsnxe_caps(struct pasn_data *pasn, u16 rsnxe_capab); 214*a90b9d01SCy Schubert void pasn_set_rsnxe_ie(struct pasn_data *pasn, const u8 *rsnxe_ie); 215*a90b9d01SCy Schubert void pasn_set_custom_pmkid(struct pasn_data *pasn, const u8 *pmkid); 216*a90b9d01SCy Schubert int pasn_set_extra_ies(struct pasn_data *pasn, const u8 *extra_ies, 217*a90b9d01SCy Schubert size_t extra_ies_len); 218*a90b9d01SCy Schubert 219*a90b9d01SCy Schubert int pasn_get_akmp(struct pasn_data *pasn); 220*a90b9d01SCy Schubert int pasn_get_cipher(struct pasn_data *pasn); 221*a90b9d01SCy Schubert size_t pasn_get_pmk_len(struct pasn_data *pasn); 222*a90b9d01SCy Schubert u8 * pasn_get_pmk(struct pasn_data *pasn); 223*a90b9d01SCy Schubert struct wpa_ptk * pasn_get_ptk(struct pasn_data *pasn); 224*a90b9d01SCy Schubert 225*a90b9d01SCy Schubert #ifdef __cplusplus 226*a90b9d01SCy Schubert } 227*a90b9d01SCy Schubert #endif 228*a90b9d01SCy Schubert #endif /* PASN_COMMON_H */ 229