1 /* 2 * PASN info for initiator and responder 3 * 4 * Copyright (C) 2019, Intel Corporation 5 * Copyright (c) 2022, Jouni Malinen <j (at) w1.fi> 6 * Copyright (C) 2022, Qualcomm Innovation Center, Inc. 7 * 8 * This software may be distributed under the terms of the BSD license. 9 * See README for more details. 10 */ 11 12 #ifndef PASN_COMMON_H 13 #define PASN_COMMON_H 14 15 #ifdef __cplusplus 16 extern "C" { 17 #endif 18 19 enum pasn_fils_state { 20 PASN_FILS_STATE_NONE = 0, 21 PASN_FILS_STATE_PENDING_AS, 22 PASN_FILS_STATE_COMPLETE 23 }; 24 25 struct pasn_fils { 26 u8 state; 27 u8 nonce[FILS_NONCE_LEN]; 28 u8 anonce[FILS_NONCE_LEN]; 29 u8 session[FILS_SESSION_LEN]; 30 u8 erp_pmkid[PMKID_LEN]; 31 bool completed; 32 struct wpabuf *erp_resp; 33 }; 34 35 struct pasn_data { 36 /* External modules access below variables using setter and getter 37 * functions */ 38 int akmp; 39 int cipher; 40 u8 own_addr[ETH_ALEN]; 41 u8 peer_addr[ETH_ALEN]; 42 u8 bssid[ETH_ALEN]; 43 struct rsn_pmksa_cache *pmksa; 44 bool derive_kdk; 45 size_t kdk_len; 46 void *cb_ctx; 47 48 #ifdef CONFIG_SAE 49 struct sae_pt *pt; 50 #endif /* CONFIG_SAE */ 51 52 /* Responder */ 53 const char *password; 54 int wpa_key_mgmt; 55 int rsn_pairwise; 56 u16 rsnxe_capab; 57 const u8 *rsnxe_ie; 58 bool custom_pmkid_valid; 59 u8 custom_pmkid[PMKID_LEN]; 60 61 /* 62 * Extra elements to add into Authentication frames. These can be used, 63 * e.g., for Wi-Fi Aware use cases. 64 */ 65 const u8 *extra_ies; 66 size_t extra_ies_len; 67 68 /* External modules do not access below variables */ 69 u16 group; 70 bool secure_ltf; 71 int freq; 72 73 u8 trans_seq; 74 u8 status; 75 76 size_t pmk_len; 77 u8 pmk[PMK_LEN_MAX]; 78 bool using_pmksa; 79 80 u8 hash[SHA384_MAC_LEN]; 81 82 struct wpabuf *beacon_rsne_rsnxe; 83 struct wpa_ptk ptk; 84 struct crypto_ecdh *ecdh; 85 86 struct wpabuf *comeback; 87 u16 comeback_after; 88 89 #ifdef CONFIG_SAE 90 struct sae_data sae; 91 #endif /* CONFIG_SAE */ 92 93 #ifdef CONFIG_FILS 94 bool fils_eapol; 95 bool fils_wd_valid; 96 struct pasn_fils fils; 97 #endif /* CONFIG_FILS */ 98 99 #ifdef CONFIG_IEEE80211R 100 u8 pmk_r1[PMK_LEN_MAX]; 101 size_t pmk_r1_len; 102 u8 pmk_r1_name[WPA_PMK_NAME_LEN]; 103 #endif /* CONFIG_IEEE80211R */ 104 /* Note that this pointers to RSN PMKSA cache are actually defined 105 * differently for the PASN initiator (using RSN Supplicant 106 * implementation) and PASN responser (using RSN Authenticator 107 * implementation). Functions cannot be mixed between those cases. */ 108 struct rsn_pmksa_cache_entry *pmksa_entry; 109 struct eapol_sm *eapol; 110 int fast_reauth; 111 #ifdef CONFIG_TESTING_OPTIONS 112 int corrupt_mic; 113 #endif /* CONFIG_TESTING_OPTIONS */ 114 int network_id; 115 116 u8 wrapped_data_format; 117 struct wpabuf *secret; 118 119 /* Responder */ 120 bool noauth; /* Whether PASN without mutual authentication is enabled */ 121 int disable_pmksa_caching; 122 int *pasn_groups; 123 struct wpabuf *wrapped_data; 124 int use_anti_clogging; 125 const u8 *rsn_ie; 126 size_t rsn_ie_len; 127 128 u8 *comeback_key; 129 struct os_reltime last_comeback_key_update; 130 u16 comeback_idx; 131 u16 *comeback_pending_idx; 132 133 /** 134 * send_mgmt - Function handler to transmit a Management frame 135 * @ctx: Callback context from cb_ctx 136 * @frame_buf : Frame to transmit 137 * @frame_len: Length of frame to transmit 138 * @freq: Frequency in MHz for the channel on which to transmit 139 * @wait_dur: How many milliseconds to wait for a response frame 140 * Returns: 0 on success, -1 on failure 141 */ 142 int (*send_mgmt)(void *ctx, const u8 *data, size_t data_len, int noack, 143 unsigned int freq, unsigned int wait); 144 /** 145 * validate_custom_pmkid - Handler to validate vendor specific PMKID 146 * @ctx: Callback context from cb_ctx 147 * @addr : MAC address of the peer 148 * @pmkid: Custom PMKID 149 * Returns: 0 on success (valid PMKID), -1 on failure 150 */ 151 int (*validate_custom_pmkid)(void *ctx, const u8 *addr, 152 const u8 *pmkid); 153 }; 154 155 /* Initiator */ 156 void wpa_pasn_reset(struct pasn_data *pasn); 157 int wpas_pasn_start(struct pasn_data *pasn, const u8 *own_addr, 158 const u8 *peer_addr, const u8 *bssid, 159 int akmp, int cipher, u16 group, 160 int freq, const u8 *beacon_rsne, u8 beacon_rsne_len, 161 const u8 *beacon_rsnxe, u8 beacon_rsnxe_len, 162 const struct wpabuf *comeback); 163 int wpa_pasn_verify(struct pasn_data *pasn, const u8 *own_addr, 164 const u8 *peer_addr, const u8 *bssid, 165 int akmp, int cipher, u16 group, 166 int freq, const u8 *beacon_rsne, u8 beacon_rsne_len, 167 const u8 *beacon_rsnxe, u8 beacon_rsnxe_len, 168 const struct wpabuf *comeback); 169 int wpa_pasn_auth_rx(struct pasn_data *pasn, const u8 *data, size_t len, 170 struct wpa_pasn_params_data *pasn_params); 171 int wpa_pasn_auth_tx_status(struct pasn_data *pasn, 172 const u8 *data, size_t data_len, u8 acked); 173 174 /* Responder */ 175 int handle_auth_pasn_1(struct pasn_data *pasn, 176 const u8 *own_addr, const u8 *peer_addr, 177 const struct ieee80211_mgmt *mgmt, size_t len); 178 int handle_auth_pasn_3(struct pasn_data *pasn, const u8 *own_addr, 179 const u8 *peer_addr, 180 const struct ieee80211_mgmt *mgmt, size_t len); 181 int handle_auth_pasn_resp(struct pasn_data *pasn, const u8 *own_addr, 182 const u8 *peer_addr, 183 struct rsn_pmksa_cache_entry *pmksa, u16 status); 184 185 struct pasn_data * pasn_data_init(void); 186 void pasn_data_deinit(struct pasn_data *pasn); 187 void pasn_register_callbacks(struct pasn_data *pasn, void *cb_ctx, 188 int (*send_mgmt)(void *ctx, const u8 *data, 189 size_t data_len, int noack, 190 unsigned int freq, 191 unsigned int wait), 192 int (*validate_custom_pmkid)(void *ctx, 193 const u8 *addr, 194 const u8 *pmkid)); 195 void pasn_enable_kdk_derivation(struct pasn_data *pasn); 196 void pasn_disable_kdk_derivation(struct pasn_data *pasn); 197 198 void pasn_set_akmp(struct pasn_data *pasn, int akmp); 199 void pasn_set_cipher(struct pasn_data *pasn, int cipher); 200 void pasn_set_own_addr(struct pasn_data *pasn, const u8 *addr); 201 void pasn_set_peer_addr(struct pasn_data *pasn, const u8 *addr); 202 void pasn_set_bssid(struct pasn_data *pasn, const u8 *addr); 203 void pasn_set_initiator_pmksa(struct pasn_data *pasn, 204 struct rsn_pmksa_cache *pmksa); 205 void pasn_set_responder_pmksa(struct pasn_data *pasn, 206 struct rsn_pmksa_cache *pmksa); 207 int pasn_set_pt(struct pasn_data *pasn, struct sae_pt *pt); 208 209 /* Responder */ 210 void pasn_set_password(struct pasn_data *pasn, const char *password); 211 void pasn_set_wpa_key_mgmt(struct pasn_data *pasn, int key_mgmt); 212 void pasn_set_rsn_pairwise(struct pasn_data *pasn, int rsn_pairwise); 213 void pasn_set_rsnxe_caps(struct pasn_data *pasn, u16 rsnxe_capab); 214 void pasn_set_rsnxe_ie(struct pasn_data *pasn, const u8 *rsnxe_ie); 215 void pasn_set_custom_pmkid(struct pasn_data *pasn, const u8 *pmkid); 216 int pasn_set_extra_ies(struct pasn_data *pasn, const u8 *extra_ies, 217 size_t extra_ies_len); 218 219 int pasn_get_akmp(struct pasn_data *pasn); 220 int pasn_get_cipher(struct pasn_data *pasn); 221 size_t pasn_get_pmk_len(struct pasn_data *pasn); 222 u8 * pasn_get_pmk(struct pasn_data *pasn); 223 struct wpa_ptk * pasn_get_ptk(struct pasn_data *pasn); 224 225 #ifdef __cplusplus 226 } 227 #endif 228 #endif /* PASN_COMMON_H */ 229
Indexes created Mon Jun 22 00:25:11 UTC 2026