xref: /freebsd/contrib/wpa/wpa_supplicant/pasn_supplicant.c (revision 1d386b48a555f61cb7325543adbbb5c3f3407a66)
1 /*
2  * wpa_supplicant - PASN processing
3  *
4  * Copyright (C) 2019 Intel Corporation
5  *
6  * This software may be distributed under the terms of the BSD license.
7  * See README for more details.
8  */
9 
10 #include "includes.h"
11 
12 #include "common/ieee802_11_defs.h"
13 #include "common/ieee802_11_common.h"
14 #include "common/dragonfly.h"
15 #include "common/ptksa_cache.h"
16 #include "utils/eloop.h"
17 #include "drivers/driver.h"
18 #include "crypto/crypto.h"
19 #include "crypto/random.h"
20 #include "eap_common/eap_defs.h"
21 #include "rsn_supp/wpa.h"
22 #include "rsn_supp/pmksa_cache.h"
23 #include "wpa_supplicant_i.h"
24 #include "driver_i.h"
25 #include "bss.h"
26 #include "config.h"
27 
28 static const int dot11RSNAConfigPMKLifetime = 43200;
29 
30 struct wpa_pasn_auth_work {
31 	u8 bssid[ETH_ALEN];
32 	int akmp;
33 	int cipher;
34 	u16 group;
35 	int network_id;
36 	struct wpabuf *comeback;
37 };
38 
39 
40 static void wpas_pasn_free_auth_work(struct wpa_pasn_auth_work *awork)
41 {
42 	wpabuf_free(awork->comeback);
43 	awork->comeback = NULL;
44 	os_free(awork);
45 }
46 
47 
48 static void wpas_pasn_auth_work_timeout(void *eloop_ctx, void *timeout_ctx)
49 {
50 	struct wpa_supplicant *wpa_s = eloop_ctx;
51 
52 	wpa_printf(MSG_DEBUG, "PASN: Auth work timeout - stopping auth");
53 
54 	wpas_pasn_auth_stop(wpa_s);
55 }
56 
57 
58 static void wpas_pasn_cancel_auth_work(struct wpa_supplicant *wpa_s)
59 {
60 	wpa_printf(MSG_DEBUG, "PASN: Cancel pasn-start-auth work");
61 
62 	/* Remove pending/started work */
63 	radio_remove_works(wpa_s, "pasn-start-auth", 0);
64 }
65 
66 
67 static void wpas_pasn_auth_status(struct wpa_supplicant *wpa_s, const u8 *bssid,
68 				  int akmp, int cipher, u8 status,
69 				  struct wpabuf *comeback,
70 				  u16 comeback_after)
71 {
72 	if (comeback) {
73 		size_t comeback_len = wpabuf_len(comeback);
74 		size_t buflen = comeback_len * 2 + 1;
75 		char *comeback_txt = os_malloc(buflen);
76 
77 		if (comeback_txt) {
78 			wpa_snprintf_hex(comeback_txt, buflen,
79 					 wpabuf_head(comeback), comeback_len);
80 
81 			wpa_msg(wpa_s, MSG_INFO, PASN_AUTH_STATUS MACSTR
82 				" akmp=%s, status=%u comeback_after=%u comeback=%s",
83 				MAC2STR(bssid),
84 				wpa_key_mgmt_txt(akmp, WPA_PROTO_RSN),
85 				status, comeback_after, comeback_txt);
86 
87 			os_free(comeback_txt);
88 			return;
89 		}
90 	}
91 
92 	wpa_msg(wpa_s, MSG_INFO,
93 		PASN_AUTH_STATUS MACSTR " akmp=%s, status=%u",
94 		MAC2STR(bssid), wpa_key_mgmt_txt(akmp, WPA_PROTO_RSN),
95 		status);
96 }
97 
98 
99 #ifdef CONFIG_SAE
100 
101 static struct wpabuf * wpas_pasn_wd_sae_commit(struct wpa_supplicant *wpa_s)
102 {
103 	struct wpas_pasn *pasn = &wpa_s->pasn;
104 	struct wpabuf *buf = NULL;
105 	int ret;
106 
107 	ret = sae_set_group(&pasn->sae, pasn->group);
108 	if (ret) {
109 		wpa_printf(MSG_DEBUG, "PASN: Failed to set SAE group");
110 		return NULL;
111 	}
112 
113 	ret = sae_prepare_commit_pt(&pasn->sae, pasn->ssid->pt,
114 				    wpa_s->own_addr, pasn->bssid,
115 				    NULL, NULL);
116 	if (ret) {
117 		wpa_printf(MSG_DEBUG, "PASN: Failed to prepare SAE commit");
118 		return NULL;
119 	}
120 
121 	/* Need to add the entire Authentication frame body */
122 	buf = wpabuf_alloc(6 + SAE_COMMIT_MAX_LEN);
123 	if (!buf) {
124 		wpa_printf(MSG_DEBUG, "PASN: Failed to allocate SAE buffer");
125 		return NULL;
126 	}
127 
128 	wpabuf_put_le16(buf, WLAN_AUTH_SAE);
129 	wpabuf_put_le16(buf, 1);
130 	wpabuf_put_le16(buf, WLAN_STATUS_SAE_HASH_TO_ELEMENT);
131 
132 	sae_write_commit(&pasn->sae, buf, NULL, 0);
133 	pasn->sae.state = SAE_COMMITTED;
134 
135 	return buf;
136 }
137 
138 
139 static int wpas_pasn_wd_sae_rx(struct wpa_supplicant *wpa_s, struct wpabuf *wd)
140 {
141 	struct wpas_pasn *pasn = &wpa_s->pasn;
142 	const u8 *data;
143 	size_t buf_len;
144 	u16 len, res, alg, seq, status;
145 	int groups[] = { pasn->group, 0 };
146 	int ret;
147 
148 	if (!wd)
149 		return -1;
150 
151 	data = wpabuf_head_u8(wd);
152 	buf_len = wpabuf_len(wd);
153 
154 	/* first handle the commit message */
155 	if (buf_len < 2) {
156 		wpa_printf(MSG_DEBUG, "PASN: SAE buffer too short (commit)");
157 		return -1;
158 	}
159 
160 	len = WPA_GET_LE16(data);
161 	if (len < 6 || buf_len - 2 < len) {
162 		wpa_printf(MSG_DEBUG, "PASN: SAE buffer too short for commit");
163 		return -1;
164 	}
165 
166 	buf_len -= 2;
167 	data += 2;
168 
169 	alg = WPA_GET_LE16(data);
170 	seq = WPA_GET_LE16(data + 2);
171 	status = WPA_GET_LE16(data + 4);
172 
173 	wpa_printf(MSG_DEBUG, "PASN: SAE: commit: alg=%u, seq=%u, status=%u",
174 		   alg, seq, status);
175 
176 	if (alg != WLAN_AUTH_SAE || seq != 1 ||
177 	    status != WLAN_STATUS_SAE_HASH_TO_ELEMENT) {
178 		wpa_printf(MSG_DEBUG, "PASN: SAE: dropping peer commit");
179 		return -1;
180 	}
181 
182 	res = sae_parse_commit(&pasn->sae, data + 6, len - 6, NULL, 0, groups,
183 			       1);
184 	if (res != WLAN_STATUS_SUCCESS) {
185 		wpa_printf(MSG_DEBUG, "PASN: SAE failed parsing commit");
186 		return -1;
187 	}
188 
189 	/* Process the commit message and derive the PMK */
190 	ret = sae_process_commit(&pasn->sae);
191 	if (ret) {
192 		wpa_printf(MSG_DEBUG, "SAE: Failed to process peer commit");
193 		return -1;
194 	}
195 
196 	buf_len -= len;
197 	data += len;
198 
199 	/* Handle the confirm message */
200 	if (buf_len < 2) {
201 		wpa_printf(MSG_DEBUG, "PASN: SAE buffer too short (confirm)");
202 		return -1;
203 	}
204 
205 	len = WPA_GET_LE16(data);
206 	if (len < 6 || buf_len - 2 < len) {
207 		wpa_printf(MSG_DEBUG, "PASN: SAE buffer too short for confirm");
208 		return -1;
209 	}
210 
211 	buf_len -= 2;
212 	data += 2;
213 
214 	alg = WPA_GET_LE16(data);
215 	seq = WPA_GET_LE16(data + 2);
216 	status = WPA_GET_LE16(data + 4);
217 
218 	wpa_printf(MSG_DEBUG, "PASN: SAE confirm: alg=%u, seq=%u, status=%u",
219 		   alg, seq, status);
220 
221 	if (alg != WLAN_AUTH_SAE || seq != 2 || status != WLAN_STATUS_SUCCESS) {
222 		wpa_printf(MSG_DEBUG, "PASN: Dropping peer SAE confirm");
223 		return -1;
224 	}
225 
226 	res = sae_check_confirm(&pasn->sae, data + 6, len - 6);
227 	if (res != WLAN_STATUS_SUCCESS) {
228 		wpa_printf(MSG_DEBUG, "PASN: SAE failed checking confirm");
229 		return -1;
230 	}
231 
232 	wpa_printf(MSG_DEBUG, "PASN: SAE completed successfully");
233 	pasn->sae.state = SAE_ACCEPTED;
234 
235 	return 0;
236 }
237 
238 
239 static struct wpabuf * wpas_pasn_wd_sae_confirm(struct wpa_supplicant *wpa_s)
240 {
241 	struct wpas_pasn *pasn = &wpa_s->pasn;
242 	struct wpabuf *buf = NULL;
243 
244 	/* Need to add the entire authentication frame body */
245 	buf = wpabuf_alloc(6 + SAE_CONFIRM_MAX_LEN);
246 	if (!buf) {
247 		wpa_printf(MSG_DEBUG, "PASN: Failed to allocate SAE buffer");
248 		return NULL;
249 	}
250 
251 	wpabuf_put_le16(buf, WLAN_AUTH_SAE);
252 	wpabuf_put_le16(buf, 2);
253 	wpabuf_put_le16(buf, WLAN_STATUS_SUCCESS);
254 
255 	sae_write_confirm(&pasn->sae, buf);
256 	pasn->sae.state = SAE_CONFIRMED;
257 
258 	return buf;
259 }
260 
261 
262 static int wpas_pasn_sae_setup_pt(struct wpa_supplicant *wpa_s,
263 				  struct wpa_ssid *ssid, int group)
264 {
265 	const char *password = ssid->sae_password;
266 	int groups[2] = { group, 0 };
267 
268 	if (!password)
269 		password = ssid->passphrase;
270 
271 	if (!password) {
272 		wpa_printf(MSG_DEBUG, "PASN: SAE without a password");
273 		return -1;
274 	}
275 
276 	if (ssid->pt)
277 		return 0; /* PT already derived */
278 
279 	ssid->pt = sae_derive_pt(groups, ssid->ssid, ssid->ssid_len,
280 				 (const u8 *) password, os_strlen(password),
281 				 ssid->sae_password_id);
282 
283 	return ssid->pt ? 0 : -1;
284 }
285 
286 #endif /* CONFIG_SAE */
287 
288 
289 #ifdef CONFIG_FILS
290 
291 static struct wpabuf * wpas_pasn_fils_build_auth(struct wpa_supplicant *wpa_s)
292 {
293 	struct wpas_pasn *pasn = &wpa_s->pasn;
294 	struct wpabuf *buf = NULL;
295 	struct wpabuf *erp_msg;
296 	int ret;
297 
298 	erp_msg = eapol_sm_build_erp_reauth_start(wpa_s->eapol);
299 	if (!erp_msg) {
300 		wpa_printf(MSG_DEBUG,
301 			   "PASN: FILS: ERP EAP-Initiate/Re-auth unavailable");
302 		return NULL;
303 	}
304 
305 	if (random_get_bytes(pasn->fils.nonce, FILS_NONCE_LEN) < 0 ||
306 	    random_get_bytes(pasn->fils.session, FILS_SESSION_LEN) < 0)
307 		goto fail;
308 
309 	wpa_hexdump(MSG_DEBUG, "PASN: FILS: Nonce", pasn->fils.nonce,
310 		    FILS_NONCE_LEN);
311 
312 	wpa_hexdump(MSG_DEBUG, "PASN: FILS: Session", pasn->fils.session,
313 		    FILS_SESSION_LEN);
314 
315 	buf = wpabuf_alloc(1500);
316 	if (!buf)
317 		goto fail;
318 
319 	/* Add the authentication algorithm */
320 	wpabuf_put_le16(buf, WLAN_AUTH_FILS_SK);
321 
322 	/* Authentication Transaction seq# */
323 	wpabuf_put_le16(buf, 1);
324 
325 	/* Status Code */
326 	wpabuf_put_le16(buf, WLAN_STATUS_SUCCESS);
327 
328 	/* Own RSNE */
329 	wpa_pasn_add_rsne(buf, NULL, pasn->akmp, pasn->cipher);
330 
331 	/* FILS Nonce */
332 	wpabuf_put_u8(buf, WLAN_EID_EXTENSION);
333 	wpabuf_put_u8(buf, 1 + FILS_NONCE_LEN);
334 	wpabuf_put_u8(buf, WLAN_EID_EXT_FILS_NONCE);
335 	wpabuf_put_data(buf, pasn->fils.nonce, FILS_NONCE_LEN);
336 
337 	/* FILS Session */
338 	wpabuf_put_u8(buf, WLAN_EID_EXTENSION);
339 	wpabuf_put_u8(buf, 1 + FILS_SESSION_LEN);
340 	wpabuf_put_u8(buf, WLAN_EID_EXT_FILS_SESSION);
341 	wpabuf_put_data(buf, pasn->fils.session, FILS_SESSION_LEN);
342 
343 	/* Wrapped Data (ERP) */
344 	wpabuf_put_u8(buf, WLAN_EID_EXTENSION);
345 	wpabuf_put_u8(buf, 1 + wpabuf_len(erp_msg));
346 	wpabuf_put_u8(buf, WLAN_EID_EXT_WRAPPED_DATA);
347 	wpabuf_put_buf(buf, erp_msg);
348 
349 	/*
350 	 * Calculate pending PMKID here so that we do not need to maintain a
351 	 * copy of the EAP-Initiate/Reauth message.
352 	 */
353 	ret = fils_pmkid_erp(pasn->akmp, wpabuf_head(erp_msg),
354 			     wpabuf_len(erp_msg),
355 			     pasn->fils.erp_pmkid);
356 	if (ret) {
357 		wpa_printf(MSG_DEBUG, "PASN: FILS: Failed to get ERP PMKID");
358 		goto fail;
359 	}
360 
361 	wpabuf_free(erp_msg);
362 	erp_msg = NULL;
363 
364 	wpa_hexdump_buf(MSG_DEBUG, "PASN: FILS: Authentication frame", buf);
365 	return buf;
366 fail:
367 	wpabuf_free(erp_msg);
368 	wpabuf_free(buf);
369 	return NULL;
370 }
371 
372 
373 static void wpas_pasn_initiate_eapol(struct wpa_supplicant *wpa_s)
374 {
375 	struct wpas_pasn *pasn = &wpa_s->pasn;
376 	struct eapol_config eapol_conf;
377 	struct wpa_ssid *ssid = pasn->ssid;
378 
379 	wpa_printf(MSG_DEBUG, "PASN: FILS: Initiating EAPOL");
380 
381 	eapol_sm_notify_eap_success(wpa_s->eapol, false);
382 	eapol_sm_notify_eap_fail(wpa_s->eapol, false);
383 	eapol_sm_notify_portControl(wpa_s->eapol, Auto);
384 
385 	os_memset(&eapol_conf, 0, sizeof(eapol_conf));
386 	eapol_conf.fast_reauth = wpa_s->conf->fast_reauth;
387 	eapol_conf.workaround = ssid->eap_workaround;
388 
389 	eapol_sm_notify_config(wpa_s->eapol, &ssid->eap, &eapol_conf);
390 }
391 
392 
393 static struct wpabuf * wpas_pasn_wd_fils_auth(struct wpa_supplicant *wpa_s)
394 {
395 	struct wpas_pasn *pasn = &wpa_s->pasn;
396 	struct wpa_bss *bss;
397 	const u8 *indic;
398 	u16 fils_info;
399 
400 	wpa_printf(MSG_DEBUG, "PASN: FILS: wrapped data - completed=%u",
401 		   pasn->fils.completed);
402 
403 	/* Nothing to add as we are done */
404 	if (pasn->fils.completed)
405 		return NULL;
406 
407 	if (!pasn->ssid) {
408 		wpa_printf(MSG_DEBUG, "PASN: FILS: No network block");
409 		return NULL;
410 	}
411 
412 	bss = wpa_bss_get_bssid(wpa_s, pasn->bssid);
413 	if (!bss) {
414 		wpa_printf(MSG_DEBUG, "PASN: FILS: BSS not found");
415 		return NULL;
416 	}
417 
418 	indic = wpa_bss_get_ie(bss, WLAN_EID_FILS_INDICATION);
419 	if (!indic || indic[1] < 2) {
420 		wpa_printf(MSG_DEBUG, "PASN: Missing FILS Indication IE");
421 		return NULL;
422 	}
423 
424 	fils_info = WPA_GET_LE16(indic + 2);
425 	if (!(fils_info & BIT(9))) {
426 		wpa_printf(MSG_DEBUG,
427 			   "PASN: FILS auth without PFS not supported");
428 		return NULL;
429 	}
430 
431 	wpas_pasn_initiate_eapol(wpa_s);
432 
433 	return wpas_pasn_fils_build_auth(wpa_s);
434 }
435 
436 
437 static int wpas_pasn_wd_fils_rx(struct wpa_supplicant *wpa_s, struct wpabuf *wd)
438 {
439 	struct wpas_pasn *pasn = &wpa_s->pasn;
440 	struct ieee802_11_elems elems;
441 	struct wpa_ie_data rsne_data;
442 	u8 rmsk[ERP_MAX_KEY_LEN];
443 	size_t rmsk_len;
444 	u8 anonce[FILS_NONCE_LEN];
445 	const u8 *data;
446 	size_t buf_len;
447 	struct wpabuf *fils_wd = NULL;
448 	u16 alg, seq, status;
449 	int ret;
450 
451 	if (!wd)
452 		return -1;
453 
454 	data = wpabuf_head(wd);
455 	buf_len = wpabuf_len(wd);
456 
457 	wpa_hexdump(MSG_DEBUG, "PASN: FILS: Authentication frame len=%zu",
458 		    data, buf_len);
459 
460 	/* first handle the header */
461 	if (buf_len < 6) {
462 		wpa_printf(MSG_DEBUG, "PASN: FILS: Buffer too short");
463 		return -1;
464 	}
465 
466 	alg = WPA_GET_LE16(data);
467 	seq = WPA_GET_LE16(data + 2);
468 	status = WPA_GET_LE16(data + 4);
469 
470 	wpa_printf(MSG_DEBUG, "PASN: FILS: commit: alg=%u, seq=%u, status=%u",
471 		   alg, seq, status);
472 
473 	if (alg != WLAN_AUTH_FILS_SK || seq != 2 ||
474 	    status != WLAN_STATUS_SUCCESS) {
475 		wpa_printf(MSG_DEBUG,
476 			   "PASN: FILS: Dropping peer authentication");
477 		return -1;
478 	}
479 
480 	data += 6;
481 	buf_len -= 6;
482 
483 	if (ieee802_11_parse_elems(data, buf_len, &elems, 1) == ParseFailed) {
484 		wpa_printf(MSG_DEBUG, "PASN: FILS: Could not parse elements");
485 		return -1;
486 	}
487 
488 	if (!elems.rsn_ie || !elems.fils_nonce || !elems.fils_nonce ||
489 	    !elems.wrapped_data) {
490 		wpa_printf(MSG_DEBUG, "PASN: FILS: Missing IEs");
491 		return -1;
492 	}
493 
494 	ret = wpa_parse_wpa_ie(elems.rsn_ie - 2, elems.rsn_ie_len + 2,
495 			       &rsne_data);
496 	if (ret) {
497 		wpa_printf(MSG_DEBUG, "PASN: FILS: Failed parsing RNSE");
498 		return -1;
499 	}
500 
501 	ret = wpa_pasn_validate_rsne(&rsne_data);
502 	if (ret) {
503 		wpa_printf(MSG_DEBUG, "PASN: FILS: Failed validating RSNE");
504 		return -1;
505 	}
506 
507 	if (rsne_data.num_pmkid) {
508 		wpa_printf(MSG_DEBUG,
509 			   "PASN: FILS: Not expecting PMKID in RSNE");
510 		return -1;
511 	}
512 
513 	wpa_hexdump(MSG_DEBUG, "PASN: FILS: ANonce", elems.fils_nonce,
514 		    FILS_NONCE_LEN);
515 	os_memcpy(anonce, elems.fils_nonce, FILS_NONCE_LEN);
516 
517 	wpa_hexdump(MSG_DEBUG, "PASN: FILS: FILS Session", elems.fils_session,
518 		    FILS_SESSION_LEN);
519 
520 	if (os_memcmp(pasn->fils.session, elems.fils_session,
521 		      FILS_SESSION_LEN)) {
522 		wpa_printf(MSG_DEBUG, "PASN: FILS: Session mismatch");
523 		return -1;
524 	}
525 
526 	fils_wd = ieee802_11_defrag(&elems, WLAN_EID_EXTENSION,
527 				    WLAN_EID_EXT_WRAPPED_DATA);
528 
529 	if (!fils_wd) {
530 		wpa_printf(MSG_DEBUG,
531 			   "PASN: FILS: Failed getting wrapped data");
532 		return -1;
533 	}
534 
535 	eapol_sm_process_erp_finish(wpa_s->eapol, wpabuf_head(fils_wd),
536 				    wpabuf_len(fils_wd));
537 
538 	wpabuf_free(fils_wd);
539 	fils_wd = NULL;
540 
541 	if (eapol_sm_failed(wpa_s->eapol)) {
542 		wpa_printf(MSG_DEBUG, "PASN: FILS: ERP finish failed");
543 		return -1;
544 	}
545 
546 	rmsk_len = ERP_MAX_KEY_LEN;
547 	ret = eapol_sm_get_key(wpa_s->eapol, rmsk, rmsk_len);
548 
549 	if (ret == PMK_LEN) {
550 		rmsk_len = PMK_LEN;
551 		ret = eapol_sm_get_key(wpa_s->eapol, rmsk, rmsk_len);
552 	}
553 
554 	if (ret) {
555 		wpa_printf(MSG_DEBUG, "PASN: FILS: Failed getting RMSK");
556 		return -1;
557 	}
558 
559 	ret = fils_rmsk_to_pmk(pasn->akmp, rmsk, rmsk_len,
560 			       pasn->fils.nonce, anonce, NULL, 0,
561 			       pasn->pmk, &pasn->pmk_len);
562 
563 	forced_memzero(rmsk, sizeof(rmsk));
564 
565 	if (ret) {
566 		wpa_printf(MSG_DEBUG, "PASN: FILS: Failed to derive PMK");
567 		return -1;
568 	}
569 
570 	wpa_hexdump(MSG_DEBUG, "PASN: FILS: PMKID", pasn->fils.erp_pmkid,
571 		    PMKID_LEN);
572 
573 	wpa_printf(MSG_DEBUG, "PASN: FILS: ERP processing succeeded");
574 
575 	wpa_pasn_pmksa_cache_add(wpa_s->wpa, pasn->pmk,
576 				 pasn->pmk_len, pasn->fils.erp_pmkid,
577 				 pasn->bssid, pasn->akmp);
578 
579 	pasn->fils.completed = true;
580 	return 0;
581 }
582 
583 #endif /* CONFIG_FILS */
584 
585 
586 static struct wpabuf * wpas_pasn_get_wrapped_data(struct wpa_supplicant *wpa_s)
587 {
588 	struct wpas_pasn *pasn = &wpa_s->pasn;
589 
590 	if (pasn->using_pmksa)
591 		return NULL;
592 
593 	switch (pasn->akmp) {
594 	case WPA_KEY_MGMT_PASN:
595 		/* no wrapped data */
596 		return NULL;
597 	case WPA_KEY_MGMT_SAE:
598 #ifdef CONFIG_SAE
599 		if (pasn->trans_seq == 0)
600 			return wpas_pasn_wd_sae_commit(wpa_s);
601 		if (pasn->trans_seq == 2)
602 			return wpas_pasn_wd_sae_confirm(wpa_s);
603 #endif /* CONFIG_SAE */
604 		wpa_printf(MSG_ERROR,
605 			   "PASN: SAE: Cannot derive wrapped data");
606 		return NULL;
607 	case WPA_KEY_MGMT_FILS_SHA256:
608 	case WPA_KEY_MGMT_FILS_SHA384:
609 #ifdef CONFIG_FILS
610 		return wpas_pasn_wd_fils_auth(wpa_s);
611 #endif /* CONFIG_FILS */
612 	case WPA_KEY_MGMT_FT_PSK:
613 	case WPA_KEY_MGMT_FT_IEEE8021X:
614 	case WPA_KEY_MGMT_FT_IEEE8021X_SHA384:
615 		/*
616 		 * Wrapped data with these AKMs is optional and is only needed
617 		 * for further validation of FT security parameters. For now do
618 		 * not use them.
619 		 */
620 		return NULL;
621 	default:
622 		wpa_printf(MSG_ERROR,
623 			   "PASN: TODO: Wrapped data for akmp=0x%x",
624 			   pasn->akmp);
625 		return NULL;
626 	}
627 }
628 
629 
630 static u8 wpas_pasn_get_wrapped_data_format(struct wpas_pasn *pasn)
631 {
632 	if (pasn->using_pmksa)
633 		return WPA_PASN_WRAPPED_DATA_NO;
634 
635 	/* Note: Valid AKMP is expected to already be validated */
636 	switch (pasn->akmp) {
637 	case WPA_KEY_MGMT_SAE:
638 		return WPA_PASN_WRAPPED_DATA_SAE;
639 	case WPA_KEY_MGMT_FILS_SHA256:
640 	case WPA_KEY_MGMT_FILS_SHA384:
641 		return WPA_PASN_WRAPPED_DATA_FILS_SK;
642 	case WPA_KEY_MGMT_FT_PSK:
643 	case WPA_KEY_MGMT_FT_IEEE8021X:
644 	case WPA_KEY_MGMT_FT_IEEE8021X_SHA384:
645 		/*
646 		 * Wrapped data with these AKMs is optional and is only needed
647 		 * for further validation of FT security parameters. For now do
648 		 * not use them.
649 		 */
650 		return WPA_PASN_WRAPPED_DATA_NO;
651 	case WPA_KEY_MGMT_PASN:
652 	default:
653 		return WPA_PASN_WRAPPED_DATA_NO;
654 	}
655 }
656 
657 
658 static struct wpabuf * wpas_pasn_build_auth_1(struct wpa_supplicant *wpa_s,
659 					      const struct wpabuf *comeback)
660 {
661 	struct wpas_pasn *pasn = &wpa_s->pasn;
662 	struct wpabuf *buf, *pubkey = NULL, *wrapped_data_buf = NULL;
663 	const u8 *pmkid;
664 	u8 wrapped_data;
665 	int ret;
666 	u16 capab;
667 
668 	wpa_printf(MSG_DEBUG, "PASN: Building frame 1");
669 
670 	if (pasn->trans_seq)
671 		return NULL;
672 
673 	buf = wpabuf_alloc(1500);
674 	if (!buf)
675 		goto fail;
676 
677 	/* Get public key */
678 	pubkey = crypto_ecdh_get_pubkey(pasn->ecdh, 0);
679 	pubkey = wpabuf_zeropad(pubkey, crypto_ecdh_prime_len(pasn->ecdh));
680 	if (!pubkey) {
681 		wpa_printf(MSG_DEBUG, "PASN: Failed to get pubkey");
682 		goto fail;
683 	}
684 
685 	wrapped_data = wpas_pasn_get_wrapped_data_format(pasn);
686 
687 	wpa_pasn_build_auth_header(buf, pasn->bssid,
688 				   wpa_s->own_addr, pasn->bssid,
689 				   pasn->trans_seq + 1, WLAN_STATUS_SUCCESS);
690 
691 	pmkid = NULL;
692 	if (wpa_key_mgmt_ft(pasn->akmp)) {
693 		ret = wpa_pasn_ft_derive_pmk_r1(wpa_s->wpa, pasn->akmp,
694 						pasn->bssid,
695 						pasn->pmk_r1,
696 						&pasn->pmk_r1_len,
697 						pasn->pmk_r1_name);
698 		if (ret) {
699 			wpa_printf(MSG_DEBUG,
700 				   "PASN: FT: Failed to derive keys");
701 			goto fail;
702 		}
703 
704 		pmkid = pasn->pmk_r1_name;
705 	} else if (wrapped_data != WPA_PASN_WRAPPED_DATA_NO) {
706 		struct rsn_pmksa_cache_entry *pmksa;
707 
708 		pmksa = wpa_sm_pmksa_cache_get(wpa_s->wpa, pasn->bssid,
709 					       NULL, NULL, pasn->akmp);
710 		if (pmksa)
711 			pmkid = pmksa->pmkid;
712 
713 		/*
714 		 * Note: Even when PMKSA is available, also add wrapped data as
715 		 * it is possible that the PMKID is no longer valid at the AP.
716 		 */
717 		wrapped_data_buf = wpas_pasn_get_wrapped_data(wpa_s);
718 	}
719 
720 	if (wpa_pasn_add_rsne(buf, pmkid, pasn->akmp, pasn->cipher) < 0)
721 		goto fail;
722 
723 	if (!wrapped_data_buf)
724 		wrapped_data = WPA_PASN_WRAPPED_DATA_NO;
725 
726 	wpa_pasn_add_parameter_ie(buf, pasn->group, wrapped_data,
727 				  pubkey, true, comeback, -1);
728 
729 	if (wpa_pasn_add_wrapped_data(buf, wrapped_data_buf) < 0)
730 		goto fail;
731 
732 	/* Add own RNSXE */
733 	capab = 0;
734 	capab |= BIT(WLAN_RSNX_CAPAB_SAE_H2E);
735 	if (wpa_s->drv_flags2 & WPA_DRIVER_FLAGS2_SEC_LTF)
736 		capab |= BIT(WLAN_RSNX_CAPAB_SECURE_LTF);
737 	if (wpa_s->drv_flags2 & WPA_DRIVER_FLAGS2_SEC_RTT)
738 		capab |= BIT(WLAN_RSNX_CAPAB_SECURE_RTT);
739 	if (wpa_s->drv_flags2 & WPA_DRIVER_FLAGS2_PROT_RANGE_NEG)
740 		capab |= BIT(WLAN_RSNX_CAPAB_PROT_RANGE_NEG);
741 	wpa_pasn_add_rsnxe(buf, capab);
742 
743 	ret = pasn_auth_frame_hash(pasn->akmp, pasn->cipher,
744 				   wpabuf_head_u8(buf) + IEEE80211_HDRLEN,
745 				   wpabuf_len(buf) - IEEE80211_HDRLEN,
746 				   pasn->hash);
747 	if (ret) {
748 		wpa_printf(MSG_DEBUG, "PASN: Failed to compute hash");
749 		goto fail;
750 	}
751 
752 	pasn->trans_seq++;
753 
754 	wpabuf_free(wrapped_data_buf);
755 	wpabuf_free(pubkey);
756 
757 	wpa_printf(MSG_DEBUG, "PASN: Frame 1: Success");
758 	return buf;
759 fail:
760 	pasn->status = WLAN_STATUS_UNSPECIFIED_FAILURE;
761 	wpabuf_free(wrapped_data_buf);
762 	wpabuf_free(pubkey);
763 	wpabuf_free(buf);
764 	return NULL;
765 }
766 
767 
768 static struct wpabuf * wpas_pasn_build_auth_3(struct wpa_supplicant *wpa_s)
769 {
770 	struct wpas_pasn *pasn = &wpa_s->pasn;
771 	struct wpabuf *buf, *wrapped_data_buf = NULL;
772 	u8 mic[WPA_PASN_MAX_MIC_LEN];
773 	u8 mic_len, data_len;
774 	const u8 *data;
775 	u8 *ptr;
776 	u8 wrapped_data;
777 	int ret;
778 
779 	wpa_printf(MSG_DEBUG, "PASN: Building frame 3");
780 
781 	if (pasn->trans_seq != 2)
782 		return NULL;
783 
784 	buf = wpabuf_alloc(1500);
785 	if (!buf)
786 		goto fail;
787 
788 	wrapped_data = wpas_pasn_get_wrapped_data_format(pasn);
789 
790 	wpa_pasn_build_auth_header(buf, pasn->bssid,
791 				   wpa_s->own_addr, pasn->bssid,
792 				   pasn->trans_seq + 1, WLAN_STATUS_SUCCESS);
793 
794 	wrapped_data_buf = wpas_pasn_get_wrapped_data(wpa_s);
795 
796 	if (!wrapped_data_buf)
797 		wrapped_data = WPA_PASN_WRAPPED_DATA_NO;
798 
799 	wpa_pasn_add_parameter_ie(buf, pasn->group, wrapped_data,
800 				  NULL, false, NULL, -1);
801 
802 	if (wpa_pasn_add_wrapped_data(buf, wrapped_data_buf) < 0)
803 		goto fail;
804 	wpabuf_free(wrapped_data_buf);
805 	wrapped_data_buf = NULL;
806 
807 	/* Add the MIC */
808 	mic_len = pasn_mic_len(pasn->akmp, pasn->cipher);
809 	wpabuf_put_u8(buf, WLAN_EID_MIC);
810 	wpabuf_put_u8(buf, mic_len);
811 	ptr = wpabuf_put(buf, mic_len);
812 
813 	os_memset(ptr, 0, mic_len);
814 
815 	data = wpabuf_head_u8(buf) + IEEE80211_HDRLEN;
816 	data_len = wpabuf_len(buf) - IEEE80211_HDRLEN;
817 
818 	ret = pasn_mic(pasn->ptk.kck, pasn->akmp, pasn->cipher,
819 		       wpa_s->own_addr, pasn->bssid,
820 		       pasn->hash, mic_len * 2, data, data_len, mic);
821 	if (ret) {
822 		wpa_printf(MSG_DEBUG, "PASN: frame 3: Failed MIC calculation");
823 		goto fail;
824 	}
825 
826 #ifdef CONFIG_TESTING_OPTIONS
827 	if (wpa_s->conf->pasn_corrupt_mic) {
828 		wpa_printf(MSG_DEBUG, "PASN: frame 3: Corrupt MIC");
829 		mic[0] = ~mic[0];
830 	}
831 #endif /* CONFIG_TESTING_OPTIONS */
832 
833 	os_memcpy(ptr, mic, mic_len);
834 
835 	pasn->trans_seq++;
836 
837 	wpa_printf(MSG_DEBUG, "PASN: frame 3: Success");
838 	return buf;
839 fail:
840 	pasn->status = WLAN_STATUS_UNSPECIFIED_FAILURE;
841 	wpabuf_free(wrapped_data_buf);
842 	wpabuf_free(buf);
843 	return NULL;
844 }
845 
846 
847 static void wpas_pasn_reset(struct wpa_supplicant *wpa_s)
848 {
849 	struct wpas_pasn *pasn = &wpa_s->pasn;
850 
851 	wpa_printf(MSG_DEBUG, "PASN: Reset");
852 
853 	crypto_ecdh_deinit(pasn->ecdh);
854 	pasn->ecdh = NULL;
855 
856 	wpas_pasn_cancel_auth_work(wpa_s);
857 	wpa_s->pasn_auth_work = NULL;
858 
859 	eloop_cancel_timeout(wpas_pasn_auth_work_timeout, wpa_s, NULL);
860 
861 	pasn->akmp = 0;
862 	pasn->cipher = 0;
863 	pasn->group = 0;
864 	pasn->trans_seq = 0;
865 	pasn->pmk_len = 0;
866 	pasn->using_pmksa = false;
867 
868 	forced_memzero(pasn->pmk, sizeof(pasn->pmk));
869 	forced_memzero(&pasn->ptk, sizeof(pasn->ptk));
870 	forced_memzero(&pasn->hash, sizeof(pasn->hash));
871 
872 	wpabuf_free(pasn->beacon_rsne_rsnxe);
873 	pasn->beacon_rsne_rsnxe = NULL;
874 
875 	wpabuf_free(pasn->comeback);
876 	pasn->comeback = NULL;
877 	pasn->comeback_after = 0;
878 
879 #ifdef CONFIG_SAE
880 	sae_clear_data(&pasn->sae);
881 #endif /* CONFIG_SAE */
882 
883 #ifdef CONFIG_FILS
884 	os_memset(&pasn->fils, 0, sizeof(pasn->fils));
885 #endif /* CONFIG_FILS*/
886 
887 #ifdef CONFIG_IEEE80211R
888 	forced_memzero(pasn->pmk_r1, sizeof(pasn->pmk_r1));
889 	pasn->pmk_r1_len = 0;
890 	os_memset(pasn->pmk_r1_name, 0, sizeof(pasn->pmk_r1_name));
891 #endif /* CONFIG_IEEE80211R */
892 	pasn->status = WLAN_STATUS_UNSPECIFIED_FAILURE;
893 }
894 
895 
896 static int wpas_pasn_set_pmk(struct wpa_supplicant *wpa_s,
897 			     struct wpa_ie_data *rsn_data,
898 			     struct wpa_pasn_params_data *pasn_data,
899 			     struct wpabuf *wrapped_data)
900 {
901 	static const u8 pasn_default_pmk[] = {'P', 'M', 'K', 'z'};
902 	struct wpas_pasn *pasn = &wpa_s->pasn;
903 
904 	os_memset(pasn->pmk, 0, sizeof(pasn->pmk));
905 	pasn->pmk_len = 0;
906 
907 	if (pasn->akmp == WPA_KEY_MGMT_PASN) {
908 		wpa_printf(MSG_DEBUG, "PASN: Using default PMK");
909 
910 		pasn->pmk_len = WPA_PASN_PMK_LEN;
911 		os_memcpy(pasn->pmk, pasn_default_pmk,
912 			  sizeof(pasn_default_pmk));
913 		return 0;
914 	}
915 
916 	if (wpa_key_mgmt_ft(pasn->akmp)) {
917 #ifdef CONFIG_IEEE80211R
918 		wpa_printf(MSG_DEBUG, "PASN: FT: Using PMK-R1");
919 		pasn->pmk_len = pasn->pmk_r1_len;
920 		os_memcpy(pasn->pmk, pasn->pmk_r1, pasn->pmk_r1_len);
921 		pasn->using_pmksa = true;
922 		return 0;
923 #else /* CONFIG_IEEE80211R */
924 		wpa_printf(MSG_DEBUG, "PASN: FT: Not supported");
925 		return -1;
926 #endif /* CONFIG_IEEE80211R */
927 	}
928 
929 	if (rsn_data->num_pmkid) {
930 		struct rsn_pmksa_cache_entry *pmksa;
931 
932 		pmksa = wpa_sm_pmksa_cache_get(wpa_s->wpa, pasn->bssid,
933 					       rsn_data->pmkid, NULL,
934 					       pasn->akmp);
935 		if (pmksa) {
936 			wpa_printf(MSG_DEBUG, "PASN: Using PMKSA");
937 
938 			pasn->pmk_len = pmksa->pmk_len;
939 			os_memcpy(pasn->pmk, pmksa->pmk, pmksa->pmk_len);
940 			pasn->using_pmksa = true;
941 
942 			return 0;
943 		}
944 	}
945 
946 #ifdef CONFIG_SAE
947 	if (pasn->akmp == WPA_KEY_MGMT_SAE) {
948 		int ret;
949 
950 		ret = wpas_pasn_wd_sae_rx(wpa_s, wrapped_data);
951 		if (ret) {
952 			wpa_printf(MSG_DEBUG,
953 				   "PASN: Failed processing SAE wrapped data");
954 			pasn->status = WLAN_STATUS_UNSPECIFIED_FAILURE;
955 			return -1;
956 		}
957 
958 		wpa_printf(MSG_DEBUG, "PASN: Success deriving PMK with SAE");
959 		pasn->pmk_len = PMK_LEN;
960 		os_memcpy(pasn->pmk, pasn->sae.pmk, PMK_LEN);
961 
962 		wpa_pasn_pmksa_cache_add(wpa_s->wpa, pasn->pmk,
963 					 pasn->pmk_len, pasn->sae.pmkid,
964 					 pasn->bssid, pasn->akmp);
965 		return 0;
966 	}
967 #endif /* CONFIG_SAE */
968 
969 #ifdef CONFIG_FILS
970 	if (pasn->akmp == WPA_KEY_MGMT_FILS_SHA256 ||
971 	    pasn->akmp == WPA_KEY_MGMT_FILS_SHA384) {
972 		int ret;
973 
974 		ret = wpas_pasn_wd_fils_rx(wpa_s, wrapped_data);
975 		if (ret) {
976 			wpa_printf(MSG_DEBUG,
977 				   "PASN: Failed processing FILS wrapped data");
978 			pasn->status = WLAN_STATUS_UNSPECIFIED_FAILURE;
979 			return -1;
980 		}
981 
982 		return 0;
983 	}
984 #endif	/* CONFIG_FILS */
985 
986 	/* TODO: Derive PMK based on wrapped data */
987 	wpa_printf(MSG_DEBUG, "PASN: Missing implementation to derive PMK");
988 	pasn->status = WLAN_STATUS_UNSPECIFIED_FAILURE;
989 	return -1;
990 }
991 
992 
993 static int wpas_pasn_start(struct wpa_supplicant *wpa_s, const u8 *bssid,
994 			   int akmp, int cipher, u16 group, int freq,
995 			   const u8 *beacon_rsne, u8 beacon_rsne_len,
996 			   const u8 *beacon_rsnxe, u8 beacon_rsnxe_len,
997 			   int network_id, struct wpabuf *comeback)
998 {
999 	struct wpas_pasn *pasn = &wpa_s->pasn;
1000 	struct wpa_ssid *ssid = NULL;
1001 	struct wpabuf *frame;
1002 	int ret;
1003 
1004 	/* TODO: Currently support only ECC groups */
1005 	if (!dragonfly_suitable_group(group, 1)) {
1006 		wpa_printf(MSG_DEBUG,
1007 			   "PASN: Reject unsuitable group %u", group);
1008 		return -1;
1009 	}
1010 
1011 	ssid = wpa_config_get_network(wpa_s->conf, network_id);
1012 
1013 	switch (akmp) {
1014 	case WPA_KEY_MGMT_PASN:
1015 		break;
1016 #ifdef CONFIG_SAE
1017 	case WPA_KEY_MGMT_SAE:
1018 		if (!ssid) {
1019 			wpa_printf(MSG_DEBUG,
1020 				   "PASN: No network profile found for SAE");
1021 			return -1;
1022 		}
1023 
1024 		if (!ieee802_11_rsnx_capab(beacon_rsnxe,
1025 					   WLAN_RSNX_CAPAB_SAE_H2E)) {
1026 			wpa_printf(MSG_DEBUG,
1027 				   "PASN: AP does not support SAE H2E");
1028 			return -1;
1029 		}
1030 
1031 		if (wpas_pasn_sae_setup_pt(wpa_s, ssid, group) < 0) {
1032 			wpa_printf(MSG_DEBUG,
1033 				   "PASN: Failed to derive PT");
1034 			return -1;
1035 		}
1036 
1037 		pasn->sae.state = SAE_NOTHING;
1038 		pasn->sae.send_confirm = 0;
1039 		pasn->ssid = ssid;
1040 		break;
1041 #endif /* CONFIG_SAE */
1042 #ifdef CONFIG_FILS
1043 	case WPA_KEY_MGMT_FILS_SHA256:
1044 	case WPA_KEY_MGMT_FILS_SHA384:
1045 		pasn->ssid = ssid;
1046 		break;
1047 #endif /* CONFIG_FILS */
1048 #ifdef CONFIG_IEEE80211R
1049 	case WPA_KEY_MGMT_FT_PSK:
1050 	case WPA_KEY_MGMT_FT_IEEE8021X:
1051 	case WPA_KEY_MGMT_FT_IEEE8021X_SHA384:
1052 		break;
1053 #endif /* CONFIG_IEEE80211R */
1054 	default:
1055 		wpa_printf(MSG_ERROR, "PASN: Unsupported AKMP=0x%x", akmp);
1056 		return -1;
1057 	}
1058 
1059 	pasn->ecdh = crypto_ecdh_init(group);
1060 	if (!pasn->ecdh) {
1061 		wpa_printf(MSG_DEBUG, "PASN: Failed to init ECDH");
1062 		goto fail;
1063 	}
1064 
1065 	pasn->beacon_rsne_rsnxe = wpabuf_alloc(beacon_rsne_len +
1066 					       beacon_rsnxe_len);
1067 	if (!pasn->beacon_rsne_rsnxe) {
1068 		wpa_printf(MSG_DEBUG, "PASN: Failed storing beacon RSNE/RSNXE");
1069 		goto fail;
1070 	}
1071 
1072 	wpabuf_put_data(pasn->beacon_rsne_rsnxe, beacon_rsne, beacon_rsne_len);
1073 	if (beacon_rsnxe && beacon_rsnxe_len)
1074 		wpabuf_put_data(pasn->beacon_rsne_rsnxe, beacon_rsnxe,
1075 				beacon_rsnxe_len);
1076 
1077 	pasn->akmp = akmp;
1078 	pasn->cipher = cipher;
1079 	pasn->group = group;
1080 	pasn->freq = freq;
1081 
1082 #ifdef CONFIG_TESTING_OPTIONS
1083 	if (wpa_s->conf->force_kdk_derivation ||
1084 #else
1085 	if (
1086 #endif
1087 	    (wpa_s->drv_flags2 & WPA_DRIVER_FLAGS2_SEC_LTF &&
1088 	     ieee802_11_rsnx_capab(beacon_rsnxe, WLAN_RSNX_CAPAB_SECURE_LTF)))
1089 		pasn->kdk_len = WPA_KDK_MAX_LEN;
1090 	else
1091 		pasn->kdk_len = 0;
1092 	wpa_printf(MSG_DEBUG, "PASN: kdk_len=%zu", pasn->kdk_len);
1093 
1094 	os_memcpy(pasn->bssid, bssid, ETH_ALEN);
1095 
1096 	wpa_printf(MSG_DEBUG,
1097 		   "PASN: Init: " MACSTR " akmp=0x%x, cipher=0x%x, group=%u",
1098 		   MAC2STR(pasn->bssid), pasn->akmp, pasn->cipher,
1099 		   pasn->group);
1100 
1101 	frame = wpas_pasn_build_auth_1(wpa_s, comeback);
1102 	if (!frame) {
1103 		wpa_printf(MSG_DEBUG, "PASN: Failed building 1st auth frame");
1104 		goto fail;
1105 	}
1106 
1107 	ret = wpa_drv_send_mlme(wpa_s, wpabuf_head(frame), wpabuf_len(frame), 0,
1108 				pasn->freq, 1000);
1109 
1110 	wpabuf_free(frame);
1111 	if (ret) {
1112 		wpa_printf(MSG_DEBUG, "PASN: Failed sending 1st auth frame");
1113 		goto fail;
1114 	}
1115 
1116 	eloop_register_timeout(2, 0, wpas_pasn_auth_work_timeout, wpa_s, NULL);
1117 	return 0;
1118 
1119 fail:
1120 	return -1;
1121 }
1122 
1123 
1124 static struct wpa_bss * wpas_pasn_allowed(struct wpa_supplicant *wpa_s,
1125 					  const u8 *bssid, int akmp, int cipher)
1126 {
1127 	struct wpa_bss *bss;
1128 	const u8 *rsne;
1129 	struct wpa_ie_data rsne_data;
1130 	int ret;
1131 
1132 	if (os_memcmp(wpa_s->bssid, bssid, ETH_ALEN) == 0) {
1133 		wpa_printf(MSG_DEBUG,
1134 			   "PASN: Not doing authentication with current BSS");
1135 		return NULL;
1136 	}
1137 
1138 	bss = wpa_bss_get_bssid(wpa_s, bssid);
1139 	if (!bss) {
1140 		wpa_printf(MSG_DEBUG, "PASN: BSS not found");
1141 		return NULL;
1142 	}
1143 
1144 	rsne = wpa_bss_get_ie(bss, WLAN_EID_RSN);
1145 	if (!rsne) {
1146 		wpa_printf(MSG_DEBUG, "PASN: BSS without RSNE");
1147 		return NULL;
1148 	}
1149 
1150 	ret = wpa_parse_wpa_ie(rsne, *(rsne + 1) + 2, &rsne_data);
1151 	if (ret) {
1152 		wpa_printf(MSG_DEBUG, "PASN: Failed parsing RSNE data");
1153 		return NULL;
1154 	}
1155 
1156 	if (!(rsne_data.key_mgmt & akmp) ||
1157 	    !(rsne_data.pairwise_cipher & cipher)) {
1158 		wpa_printf(MSG_DEBUG,
1159 			   "PASN: AP does not support requested AKMP or cipher");
1160 		return NULL;
1161 	}
1162 
1163 	return bss;
1164 }
1165 
1166 
1167 static void wpas_pasn_auth_start_cb(struct wpa_radio_work *work, int deinit)
1168 {
1169 	struct wpa_supplicant *wpa_s = work->wpa_s;
1170 	struct wpa_pasn_auth_work *awork = work->ctx;
1171 	struct wpa_bss *bss;
1172 	const u8 *rsne, *rsnxe;
1173 	int ret;
1174 
1175 	wpa_printf(MSG_DEBUG, "PASN: auth_start_cb: deinit=%d", deinit);
1176 
1177 	if (deinit) {
1178 		if (work->started) {
1179 			eloop_cancel_timeout(wpas_pasn_auth_work_timeout,
1180 					     wpa_s, NULL);
1181 			wpa_s->pasn_auth_work = NULL;
1182 		}
1183 
1184 		wpas_pasn_free_auth_work(awork);
1185 		return;
1186 	}
1187 
1188 	/*
1189 	 * It is possible that by the time the callback is called, the PASN
1190 	 * authentication is not allowed, e.g., a connection with the AP was
1191 	 * established.
1192 	 */
1193 	bss = wpas_pasn_allowed(wpa_s, awork->bssid, awork->akmp,
1194 				awork->cipher);
1195 	if (!bss) {
1196 		wpa_printf(MSG_DEBUG, "PASN: auth_start_cb: Not allowed");
1197 		goto fail;
1198 	}
1199 
1200 	rsne = wpa_bss_get_ie(bss, WLAN_EID_RSN);
1201 	if (!rsne) {
1202 		wpa_printf(MSG_DEBUG, "PASN: BSS without RSNE");
1203 		goto fail;
1204 	}
1205 
1206 	rsnxe = wpa_bss_get_ie(bss, WLAN_EID_RSNX);
1207 
1208 	ret = wpas_pasn_start(wpa_s, awork->bssid, awork->akmp, awork->cipher,
1209 			      awork->group, bss->freq, rsne, *(rsne + 1) + 2,
1210 			      rsnxe, rsnxe ? *(rsnxe + 1) + 2 : 0,
1211 			      awork->network_id, awork->comeback);
1212 	if (ret) {
1213 		wpa_printf(MSG_DEBUG,
1214 			   "PASN: Failed to start PASN authentication");
1215 		goto fail;
1216 	}
1217 
1218 	/* comeback token is no longer needed at this stage */
1219 	wpabuf_free(awork->comeback);
1220 	awork->comeback = NULL;
1221 
1222 	wpa_s->pasn_auth_work = work;
1223 	return;
1224 fail:
1225 	wpas_pasn_free_auth_work(awork);
1226 	work->ctx = NULL;
1227 	radio_work_done(work);
1228 }
1229 
1230 
1231 int wpas_pasn_auth_start(struct wpa_supplicant *wpa_s, const u8 *bssid,
1232 			 int akmp, int cipher, u16 group, int network_id,
1233 			 const u8 *comeback, size_t comeback_len)
1234 {
1235 	struct wpa_pasn_auth_work *awork;
1236 	struct wpa_bss *bss;
1237 
1238 	wpa_printf(MSG_DEBUG, "PASN: Start: " MACSTR " akmp=0x%x, cipher=0x%x",
1239 		   MAC2STR(bssid), akmp, cipher);
1240 
1241 	/*
1242 	 * TODO: Consider modifying the offchannel logic to handle additional
1243 	 * Management frames other then Action frames. For now allow PASN only
1244 	 * with drivers that support off-channel TX.
1245 	 */
1246 	if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_OFFCHANNEL_TX)) {
1247 		wpa_printf(MSG_DEBUG,
1248 			   "PASN: Driver does not support offchannel TX");
1249 		return -1;
1250 	}
1251 
1252 	if (radio_work_pending(wpa_s, "pasn-start-auth")) {
1253 		wpa_printf(MSG_DEBUG,
1254 			   "PASN: send_auth: Work is already pending");
1255 		return -1;
1256 	}
1257 
1258 	if (wpa_s->pasn_auth_work) {
1259 		wpa_printf(MSG_DEBUG, "PASN: send_auth: Already in progress");
1260 		return -1;
1261 	}
1262 
1263 	bss = wpas_pasn_allowed(wpa_s, bssid, akmp, cipher);
1264 	if (!bss)
1265 		return -1;
1266 
1267 	wpas_pasn_reset(wpa_s);
1268 
1269 	awork = os_zalloc(sizeof(*awork));
1270 	if (!awork)
1271 		return -1;
1272 
1273 	os_memcpy(awork->bssid, bssid, ETH_ALEN);
1274 	awork->akmp = akmp;
1275 	awork->cipher = cipher;
1276 	awork->group = group;
1277 	awork->network_id = network_id;
1278 
1279 	if (comeback && comeback_len) {
1280 		awork->comeback = wpabuf_alloc_copy(comeback, comeback_len);
1281 		if (!awork->comeback) {
1282 			wpas_pasn_free_auth_work(awork);
1283 			return -1;
1284 		}
1285 	}
1286 
1287 	if (radio_add_work(wpa_s, bss->freq, "pasn-start-auth", 1,
1288 			   wpas_pasn_auth_start_cb, awork) < 0) {
1289 		wpas_pasn_free_auth_work(awork);
1290 		return -1;
1291 	}
1292 
1293 	wpa_printf(MSG_DEBUG, "PASN: Auth work successfully added");
1294 	return 0;
1295 }
1296 
1297 
1298 void wpas_pasn_auth_stop(struct wpa_supplicant *wpa_s)
1299 {
1300 	struct wpas_pasn *pasn = &wpa_s->pasn;
1301 
1302 	if (!wpa_s->pasn.ecdh)
1303 		return;
1304 
1305 	wpa_printf(MSG_DEBUG, "PASN: Stopping authentication");
1306 
1307 	wpas_pasn_auth_status(wpa_s, pasn->bssid, pasn->akmp, pasn->cipher,
1308 			      pasn->status, pasn->comeback,
1309 			      pasn->comeback_after);
1310 
1311 	wpas_pasn_reset(wpa_s);
1312 }
1313 
1314 
1315 static int wpas_pasn_immediate_retry(struct wpa_supplicant *wpa_s,
1316 				     struct wpas_pasn *pasn,
1317 				     struct wpa_pasn_params_data *params)
1318 {
1319 	int akmp = pasn->akmp;
1320 	int cipher = pasn->cipher;
1321 	u16 group = pasn->group;
1322 	u8 bssid[ETH_ALEN];
1323 	int network_id = pasn->ssid ? pasn->ssid->id : 0;
1324 
1325 	wpa_printf(MSG_DEBUG, "PASN: Immediate retry");
1326 	os_memcpy(bssid, pasn->bssid, ETH_ALEN);
1327 	wpas_pasn_reset(wpa_s);
1328 
1329 	return wpas_pasn_auth_start(wpa_s, bssid, akmp, cipher, group,
1330 				    network_id,
1331 				    params->comeback, params->comeback_len);
1332 }
1333 
1334 
1335 int wpas_pasn_auth_rx(struct wpa_supplicant *wpa_s,
1336 		      const struct ieee80211_mgmt *mgmt, size_t len)
1337 {
1338 	struct wpas_pasn *pasn = &wpa_s->pasn;
1339 	struct ieee802_11_elems elems;
1340 	struct wpa_ie_data rsn_data;
1341 	struct wpa_pasn_params_data pasn_params;
1342 	struct wpabuf *wrapped_data = NULL, *secret = NULL, *frame = NULL;
1343 	u8 mic[WPA_PASN_MAX_MIC_LEN], out_mic[WPA_PASN_MAX_MIC_LEN];
1344 	u8 mic_len;
1345 	u16 status;
1346 	int ret, inc_y;
1347 	u16 fc = host_to_le16((WLAN_FC_TYPE_MGMT << 2) |
1348 			      (WLAN_FC_STYPE_AUTH << 4));
1349 
1350 	if (!wpa_s->pasn_auth_work || !mgmt ||
1351 	    len < offsetof(struct ieee80211_mgmt, u.auth.variable))
1352 		return -2;
1353 
1354 	/* Not an Authentication frame; do nothing */
1355 	if ((mgmt->frame_control & fc) != fc)
1356 		return -2;
1357 
1358 	/* Not our frame; do nothing */
1359 	if (os_memcmp(mgmt->da, wpa_s->own_addr, ETH_ALEN) != 0 ||
1360 	    os_memcmp(mgmt->sa, pasn->bssid, ETH_ALEN) != 0 ||
1361 	    os_memcmp(mgmt->bssid, pasn->bssid, ETH_ALEN) != 0)
1362 		return -2;
1363 
1364 	/* Not PASN; do nothing */
1365 	if (mgmt->u.auth.auth_alg != host_to_le16(WLAN_AUTH_PASN))
1366 		return -2;
1367 
1368 	if (mgmt->u.auth.auth_transaction !=
1369 	    host_to_le16(pasn->trans_seq + 1)) {
1370 		wpa_printf(MSG_DEBUG,
1371 			   "PASN: RX: Invalid transaction sequence: (%u != %u)",
1372 			   le_to_host16(mgmt->u.auth.auth_transaction),
1373 			   pasn->trans_seq + 1);
1374 		return -1;
1375 	}
1376 
1377 	status = le_to_host16(mgmt->u.auth.status_code);
1378 
1379 	if (status != WLAN_STATUS_SUCCESS &&
1380 	    status != WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY) {
1381 		wpa_printf(MSG_DEBUG,
1382 			   "PASN: Authentication rejected - status=%u", status);
1383 		pasn->status = status;
1384 		wpas_pasn_auth_stop(wpa_s);
1385 		return -1;
1386 	}
1387 
1388 	if (ieee802_11_parse_elems(mgmt->u.auth.variable,
1389 				   len - offsetof(struct ieee80211_mgmt,
1390 						  u.auth.variable),
1391 				   &elems, 0) == ParseFailed) {
1392 		wpa_printf(MSG_DEBUG,
1393 			   "PASN: Failed parsing Authentication frame");
1394 		goto fail;
1395 	}
1396 
1397 	/* Check that the MIC IE exists. Save it and zero out the memory */
1398 	mic_len = pasn_mic_len(pasn->akmp, pasn->cipher);
1399 	if (status == WLAN_STATUS_SUCCESS) {
1400 		if (!elems.mic || elems.mic_len != mic_len) {
1401 			wpa_printf(MSG_DEBUG,
1402 				   "PASN: Invalid MIC. Expecting len=%u",
1403 				   mic_len);
1404 			goto fail;
1405 		} else {
1406 			os_memcpy(mic, elems.mic, mic_len);
1407 			/* TODO: Clean this up.. Should not be modifying the
1408 			 * received message buffer. */
1409 			os_memset((u8 *) elems.mic, 0, mic_len);
1410 		}
1411 	}
1412 
1413 	if (!elems.pasn_params || !elems.pasn_params_len) {
1414 		wpa_printf(MSG_DEBUG,
1415 			   "PASN: Missing PASN Parameters IE");
1416 		goto fail;
1417 	}
1418 
1419 	ret = wpa_pasn_parse_parameter_ie(elems.pasn_params - 3,
1420 					  elems.pasn_params_len + 3,
1421 					  true, &pasn_params);
1422 	if (ret) {
1423 		wpa_printf(MSG_DEBUG,
1424 			   "PASN: Failed validation PASN of Parameters IE");
1425 		goto fail;
1426 	}
1427 
1428 	if (status == WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY) {
1429 		wpa_printf(MSG_DEBUG,
1430 			   "PASN: Authentication temporarily rejected");
1431 
1432 		if (pasn_params.comeback && pasn_params.comeback_len) {
1433 			wpa_printf(MSG_DEBUG,
1434 				   "PASN: Comeback token available. After=%u",
1435 				   pasn_params.after);
1436 
1437 			if (!pasn_params.after)
1438 				return wpas_pasn_immediate_retry(wpa_s, pasn,
1439 								 &pasn_params);
1440 
1441 			pasn->comeback = wpabuf_alloc_copy(
1442 				pasn_params.comeback, pasn_params.comeback_len);
1443 			if (pasn->comeback)
1444 				pasn->comeback_after = pasn_params.after;
1445 		}
1446 
1447 		pasn->status = status;
1448 		goto fail;
1449 	}
1450 
1451 	ret = wpa_parse_wpa_ie(elems.rsn_ie - 2, elems.rsn_ie_len + 2,
1452 			       &rsn_data);
1453 	if (ret) {
1454 		wpa_printf(MSG_DEBUG, "PASN: Failed parsing RNSE");
1455 		goto fail;
1456 	}
1457 
1458 	ret = wpa_pasn_validate_rsne(&rsn_data);
1459 	if (ret) {
1460 		wpa_printf(MSG_DEBUG, "PASN: Failed validating RSNE");
1461 		goto fail;
1462 	}
1463 
1464 	if (pasn->akmp != rsn_data.key_mgmt ||
1465 	    pasn->cipher != rsn_data.pairwise_cipher) {
1466 		wpa_printf(MSG_DEBUG, "PASN: Mismatch in AKMP/cipher");
1467 		goto fail;
1468 	}
1469 
1470 	if (pasn->group != pasn_params.group) {
1471 		wpa_printf(MSG_DEBUG, "PASN: Mismatch in group");
1472 		goto fail;
1473 	}
1474 
1475 	if (!pasn_params.pubkey || !pasn_params.pubkey_len) {
1476 		wpa_printf(MSG_DEBUG, "PASN: Invalid public key");
1477 		goto fail;
1478 	}
1479 
1480 	if (pasn_params.pubkey[0] == WPA_PASN_PUBKEY_UNCOMPRESSED) {
1481 		inc_y = 1;
1482 	} else if (pasn_params.pubkey[0] == WPA_PASN_PUBKEY_COMPRESSED_0 ||
1483 		   pasn_params.pubkey[0] == WPA_PASN_PUBKEY_COMPRESSED_1) {
1484 		inc_y = 0;
1485 	} else {
1486 		wpa_printf(MSG_DEBUG,
1487 			   "PASN: Invalid first octet in pubkey=0x%x",
1488 			   pasn_params.pubkey[0]);
1489 		goto fail;
1490 	}
1491 
1492 	secret = crypto_ecdh_set_peerkey(pasn->ecdh, inc_y,
1493 					 pasn_params.pubkey + 1,
1494 					 pasn_params.pubkey_len - 1);
1495 
1496 	if (!secret) {
1497 		wpa_printf(MSG_DEBUG, "PASN: Failed to derive shared secret");
1498 		goto fail;
1499 	}
1500 
1501 	if (pasn_params.wrapped_data_format != WPA_PASN_WRAPPED_DATA_NO) {
1502 		wrapped_data = ieee802_11_defrag(&elems,
1503 						 WLAN_EID_EXTENSION,
1504 						 WLAN_EID_EXT_WRAPPED_DATA);
1505 
1506 		if (!wrapped_data) {
1507 			wpa_printf(MSG_DEBUG, "PASN: Missing wrapped data");
1508 			goto fail;
1509 		}
1510 	}
1511 
1512 	ret = wpas_pasn_set_pmk(wpa_s, &rsn_data, &pasn_params, wrapped_data);
1513 	if (ret) {
1514 		wpa_printf(MSG_DEBUG, "PASN: Failed to set PMK");
1515 		goto fail;
1516 	}
1517 
1518 	ret = pasn_pmk_to_ptk(pasn->pmk, pasn->pmk_len,
1519 			      wpa_s->own_addr, pasn->bssid,
1520 			      wpabuf_head(secret), wpabuf_len(secret),
1521 			      &pasn->ptk, pasn->akmp, pasn->cipher,
1522 			      pasn->kdk_len);
1523 	if (ret) {
1524 		wpa_printf(MSG_DEBUG, "PASN: Failed to derive PTK");
1525 		goto fail;
1526 	}
1527 
1528 	wpabuf_free(wrapped_data);
1529 	wrapped_data = NULL;
1530 	wpabuf_free(secret);
1531 	secret = NULL;
1532 
1533 	/* Verify the MIC */
1534 	ret = pasn_mic(pasn->ptk.kck, pasn->akmp, pasn->cipher,
1535 		       pasn->bssid, wpa_s->own_addr,
1536 		       wpabuf_head(pasn->beacon_rsne_rsnxe),
1537 		       wpabuf_len(pasn->beacon_rsne_rsnxe),
1538 		       (u8 *) &mgmt->u.auth,
1539 		       len - offsetof(struct ieee80211_mgmt, u.auth),
1540 		       out_mic);
1541 
1542 	wpa_hexdump_key(MSG_DEBUG, "PASN: Frame MIC", mic, mic_len);
1543 	if (ret || os_memcmp(mic, out_mic, mic_len) != 0) {
1544 		wpa_printf(MSG_DEBUG, "PASN: Failed MIC verification");
1545 		goto fail;
1546 	}
1547 
1548 	pasn->trans_seq++;
1549 
1550 	wpa_printf(MSG_DEBUG, "PASN: Success verifying Authentication frame");
1551 
1552 	frame = wpas_pasn_build_auth_3(wpa_s);
1553 	if (!frame) {
1554 		wpa_printf(MSG_DEBUG, "PASN: Failed building 3rd auth frame");
1555 		goto fail;
1556 	}
1557 
1558 	ret = wpa_drv_send_mlme(wpa_s, wpabuf_head(frame), wpabuf_len(frame), 0,
1559 				pasn->freq, 100);
1560 	wpabuf_free(frame);
1561 	if (ret) {
1562 		wpa_printf(MSG_DEBUG, "PASN: Failed sending 3st auth frame");
1563 		goto fail;
1564 	}
1565 
1566 	wpa_printf(MSG_DEBUG, "PASN: Success sending last frame. Store PTK");
1567 
1568 	ptksa_cache_add(wpa_s->ptksa, pasn->bssid, pasn->cipher,
1569 			dot11RSNAConfigPMKLifetime, &pasn->ptk);
1570 
1571 	forced_memzero(&pasn->ptk, sizeof(pasn->ptk));
1572 
1573 	pasn->status = WLAN_STATUS_SUCCESS;
1574 	return 0;
1575 fail:
1576 	wpa_printf(MSG_DEBUG, "PASN: Failed RX processing - terminating");
1577 	wpabuf_free(wrapped_data);
1578 	wpabuf_free(secret);
1579 
1580 	/*
1581 	 * TODO: In case of an error the standard allows to silently drop
1582 	 * the frame and terminate the authentication exchange. However, better
1583 	 * reply to the AP with an error status.
1584 	 */
1585 	if (status == WLAN_STATUS_SUCCESS)
1586 		pasn->status = WLAN_STATUS_UNSPECIFIED_FAILURE;
1587 	else
1588 		pasn->status = status;
1589 
1590 	wpas_pasn_auth_stop(wpa_s);
1591 	return -1;
1592 }
1593 
1594 
1595 int wpas_pasn_auth_tx_status(struct wpa_supplicant *wpa_s,
1596 			     const u8 *data, size_t data_len, u8 acked)
1597 
1598 {
1599 	struct wpas_pasn *pasn = &wpa_s->pasn;
1600 	const struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *) data;
1601 	u16 fc = host_to_le16((WLAN_FC_TYPE_MGMT << 2) |
1602 			      (WLAN_FC_STYPE_AUTH << 4));
1603 
1604 	wpa_printf(MSG_DEBUG, "PASN: auth_tx_status: acked=%u", acked);
1605 
1606 	if (!wpa_s->pasn_auth_work) {
1607 		wpa_printf(MSG_DEBUG,
1608 			   "PASN: auth_tx_status: no work in progress");
1609 		return -1;
1610 	}
1611 
1612 	if (!mgmt ||
1613 	    data_len < offsetof(struct ieee80211_mgmt, u.auth.variable))
1614 		return -1;
1615 
1616 	/* Not an authentication frame; do nothing */
1617 	if ((mgmt->frame_control & fc) != fc)
1618 		return -1;
1619 
1620 	/* Not our frame; do nothing */
1621 	if (os_memcmp(mgmt->da, pasn->bssid, ETH_ALEN) ||
1622 	    os_memcmp(mgmt->sa, wpa_s->own_addr, ETH_ALEN) ||
1623 	    os_memcmp(mgmt->bssid, pasn->bssid, ETH_ALEN))
1624 		return -1;
1625 
1626 	/* Not PASN; do nothing */
1627 	if (mgmt->u.auth.auth_alg !=  host_to_le16(WLAN_AUTH_PASN))
1628 		return -1;
1629 
1630 	if (mgmt->u.auth.auth_transaction != host_to_le16(pasn->trans_seq)) {
1631 		wpa_printf(MSG_ERROR,
1632 			   "PASN: Invalid transaction sequence: (%u != %u)",
1633 			   pasn->trans_seq,
1634 			   le_to_host16(mgmt->u.auth.auth_transaction));
1635 		return 0;
1636 	}
1637 
1638 	wpa_printf(MSG_ERROR,
1639 		   "PASN: auth with trans_seq=%u, acked=%u", pasn->trans_seq,
1640 		   acked);
1641 
1642 	/*
1643 	 * Even if the frame was not acked, do not treat this is an error, and
1644 	 * try to complete the flow, relying on the PASN timeout callback to
1645 	 * clean up.
1646 	 */
1647 	if (pasn->trans_seq == 3) {
1648 		wpa_printf(MSG_DEBUG, "PASN: auth complete with: " MACSTR,
1649 			   MAC2STR(pasn->bssid));
1650 		/*
1651 		 * Either frame was not ACKed or it was ACKed but the trans_seq
1652 		 * != 1, i.e., not expecting an RX frame, so we are done.
1653 		 */
1654 		wpas_pasn_auth_stop(wpa_s);
1655 	}
1656 
1657 	return 0;
1658 }
1659 
1660 
1661 int wpas_pasn_deauthenticate(struct wpa_supplicant *wpa_s, const u8 *bssid)
1662 {
1663 	struct wpa_bss *bss;
1664 	struct wpabuf *buf;
1665 	struct ieee80211_mgmt *deauth;
1666 	int ret;
1667 
1668 	if (os_memcmp(wpa_s->bssid, bssid, ETH_ALEN) == 0) {
1669 		wpa_printf(MSG_DEBUG,
1670 			   "PASN: Cannot deauthenticate from current BSS");
1671 		return -1;
1672 	}
1673 
1674 	wpa_printf(MSG_DEBUG, "PASN: deauth: Flushing all PTKSA entries for "
1675 		   MACSTR, MAC2STR(bssid));
1676 	ptksa_cache_flush(wpa_s->ptksa, bssid, WPA_CIPHER_NONE);
1677 
1678 	bss = wpa_bss_get_bssid(wpa_s, bssid);
1679 	if (!bss) {
1680 		wpa_printf(MSG_DEBUG, "PASN: deauth: BSS not found");
1681 		return -1;
1682 	}
1683 
1684 	buf = wpabuf_alloc(64);
1685 	if (!buf) {
1686 		wpa_printf(MSG_DEBUG, "PASN: deauth: Failed wpabuf allocate");
1687 		return -1;
1688 	}
1689 
1690 	deauth = wpabuf_put(buf, offsetof(struct ieee80211_mgmt,
1691 					  u.deauth.variable));
1692 
1693 	deauth->frame_control = host_to_le16((WLAN_FC_TYPE_MGMT << 2) |
1694 					     (WLAN_FC_STYPE_DEAUTH << 4));
1695 
1696 	os_memcpy(deauth->da, bssid, ETH_ALEN);
1697 	os_memcpy(deauth->sa, wpa_s->own_addr, ETH_ALEN);
1698 	os_memcpy(deauth->bssid, bssid, ETH_ALEN);
1699 	deauth->u.deauth.reason_code =
1700 		host_to_le16(WLAN_REASON_PREV_AUTH_NOT_VALID);
1701 
1702 	/*
1703 	 * Since we do not expect any response from the AP, implement the
1704 	 * Deauthentication frame transmission using direct call to the driver
1705 	 * without a radio work.
1706 	 */
1707 	ret = wpa_drv_send_mlme(wpa_s, wpabuf_head(buf), wpabuf_len(buf), 1,
1708 				bss->freq, 0);
1709 
1710 	wpabuf_free(buf);
1711 	wpa_printf(MSG_DEBUG, "PASN: deauth: send_mlme ret=%d", ret);
1712 
1713 	return ret;
1714 }
1715