1  /*
2   * PASN info for initiator and responder
3   *
4   * Copyright (C) 2019, Intel Corporation
5   * Copyright (c) 2022, Jouni Malinen <j@w1.fi>
6   * Copyright (C) 2022, Qualcomm Innovation Center, Inc.
7   *
8   * This software may be distributed under the terms of the BSD license.
9   * See README for more details.
10   */
11  
12  #ifndef PASN_COMMON_H
13  #define PASN_COMMON_H
14  
15  #ifdef __cplusplus
16  extern "C" {
17  #endif
18  
19  enum pasn_fils_state {
20  	PASN_FILS_STATE_NONE = 0,
21  	PASN_FILS_STATE_PENDING_AS,
22  	PASN_FILS_STATE_COMPLETE
23  };
24  
25  struct pasn_fils {
26  	u8 state;
27  	u8 nonce[FILS_NONCE_LEN];
28  	u8 anonce[FILS_NONCE_LEN];
29  	u8 session[FILS_SESSION_LEN];
30  	u8 erp_pmkid[PMKID_LEN];
31  	bool completed;
32  	struct wpabuf *erp_resp;
33  };
34  
35  struct pasn_data {
36  	/* External modules access below variables using setter and getter
37  	 * functions */
38  	int akmp;
39  	int cipher;
40  	u8 own_addr[ETH_ALEN];
41  	u8 peer_addr[ETH_ALEN];
42  	u8 bssid[ETH_ALEN];
43  	struct rsn_pmksa_cache *pmksa;
44  	bool derive_kdk;
45  	size_t kdk_len;
46  	void *cb_ctx;
47  
48  #ifdef CONFIG_SAE
49  	struct sae_pt *pt;
50  #endif /* CONFIG_SAE */
51  
52  	/* Responder */
53  	const char *password;
54  	int wpa_key_mgmt;
55  	int rsn_pairwise;
56  	u16 rsnxe_capab;
57  	u8 *rsnxe_ie;
58  	bool custom_pmkid_valid;
59  	u8 custom_pmkid[PMKID_LEN];
60  
61  	/*
62  	 * Extra elements to add into Authentication frames. These can be used,
63  	 * e.g., for Wi-Fi Aware use cases.
64  	 */
65  	const u8 *extra_ies;
66  	size_t extra_ies_len;
67  
68  	/* External modules do not access below variables */
69  	bool derive_kek;
70  	size_t kek_len;
71  	u16 group;
72  	bool secure_ltf;
73  	int freq;
74  
75  	u8 trans_seq;
76  	u8 status;
77  
78  	size_t pmk_len;
79  	u8 pmk[PMK_LEN_MAX];
80  	bool using_pmksa;
81  
82  	u8 hash[SHA384_MAC_LEN];
83  
84  	struct wpabuf *beacon_rsne_rsnxe;
85  	struct wpa_ptk ptk;
86  	struct crypto_ecdh *ecdh;
87  
88  	struct wpabuf *comeback;
89  	u16 comeback_after;
90  
91  #ifdef CONFIG_SAE
92  	struct sae_data sae;
93  #endif /* CONFIG_SAE */
94  
95  #ifdef CONFIG_FILS
96  	bool fils_eapol;
97  	bool fils_wd_valid;
98  	struct pasn_fils fils;
99  #endif /* CONFIG_FILS */
100  
101  #ifdef CONFIG_IEEE80211R
102  	u8 pmk_r1[PMK_LEN_MAX];
103  	size_t pmk_r1_len;
104  	u8 pmk_r1_name[WPA_PMK_NAME_LEN];
105  #endif /* CONFIG_IEEE80211R */
106  	/* Note that this pointers to RSN PMKSA cache are actually defined
107  	 * differently for the PASN initiator (using RSN Supplicant
108  	 * implementation) and PASN responser (using RSN Authenticator
109  	 * implementation). Functions cannot be mixed between those cases. */
110  	struct rsn_pmksa_cache_entry *pmksa_entry;
111  	struct eapol_sm *eapol;
112  	int fast_reauth;
113  #ifdef CONFIG_TESTING_OPTIONS
114  	int corrupt_mic;
115  #endif /* CONFIG_TESTING_OPTIONS */
116  	int network_id;
117  
118  	u8 wrapped_data_format;
119  	struct wpabuf *secret;
120  
121  	/* Responder */
122  	bool noauth; /* Whether PASN without mutual authentication is enabled */
123  	int disable_pmksa_caching;
124  	int *pasn_groups;
125  	struct wpabuf *wrapped_data;
126  	int use_anti_clogging;
127  	const u8 *rsn_ie;
128  	size_t rsn_ie_len;
129  
130  	u8 *comeback_key;
131  	struct os_reltime last_comeback_key_update;
132  	u16 comeback_idx;
133  	u16 *comeback_pending_idx;
134  	struct wpabuf *frame;
135  
136  	/**
137  	 * send_mgmt - Function handler to transmit a Management frame
138  	 * @ctx: Callback context from cb_ctx
139  	 * @frame_buf : Frame to transmit
140  	 * @frame_len: Length of frame to transmit
141  	 * @freq: Frequency in MHz for the channel on which to transmit
142  	 * @wait_dur: How many milliseconds to wait for a response frame
143  	 * Returns: 0 on success, -1 on failure
144  	 */
145  	int (*send_mgmt)(void *ctx, const u8 *data, size_t data_len, int noack,
146  			 unsigned int freq, unsigned int wait);
147  	/**
148  	 * validate_custom_pmkid - Handler to validate vendor specific PMKID
149  	 * @ctx: Callback context from cb_ctx
150  	 * @addr : MAC address of the peer
151  	 * @pmkid: Custom PMKID
152  	 * Returns: 0 on success (valid PMKID), -1 on failure
153  	 */
154  	int (*validate_custom_pmkid)(void *ctx, const u8 *addr,
155  				     const u8 *pmkid);
156  
157  	int (*prepare_data_element)(void *ctx, const u8 *peer_addr);
158  
159  	int (*parse_data_element)(void *ctx, const u8 *data, size_t len);
160  };
161  
162  /* Initiator */
163  void wpa_pasn_reset(struct pasn_data *pasn);
164  int wpas_pasn_start(struct pasn_data *pasn, const u8 *own_addr,
165  		    const u8 *peer_addr, const u8 *bssid,
166  		    int akmp, int cipher, u16 group,
167  		    int freq, const u8 *beacon_rsne, u8 beacon_rsne_len,
168  		    const u8 *beacon_rsnxe, u8 beacon_rsnxe_len,
169  		    const struct wpabuf *comeback);
170  int wpa_pasn_verify(struct pasn_data *pasn, const u8 *own_addr,
171  		    const u8 *peer_addr, const u8 *bssid,
172  		    int akmp, int cipher, u16 group,
173  		    int freq, const u8 *beacon_rsne, u8 beacon_rsne_len,
174  		    const u8 *beacon_rsnxe, u8 beacon_rsnxe_len,
175  		    const struct wpabuf *comeback);
176  int wpa_pasn_auth_rx(struct pasn_data *pasn, const u8 *data, size_t len,
177  		     struct wpa_pasn_params_data *pasn_params);
178  int wpa_pasn_auth_tx_status(struct pasn_data *pasn,
179  			    const u8 *data, size_t data_len, u8 acked);
180  
181  /* Responder */
182  int handle_auth_pasn_1(struct pasn_data *pasn,
183  		       const u8 *own_addr, const u8 *peer_addr,
184  		       const struct ieee80211_mgmt *mgmt, size_t len,
185  		       bool reject);
186  int handle_auth_pasn_3(struct pasn_data *pasn, const u8 *own_addr,
187  		       const u8 *peer_addr,
188  		       const struct ieee80211_mgmt *mgmt, size_t len);
189  int handle_auth_pasn_resp(struct pasn_data *pasn, const u8 *own_addr,
190  			  const u8 *peer_addr,
191  			  struct rsn_pmksa_cache_entry *pmksa, u16 status);
192  
193  struct pasn_data * pasn_data_init(void);
194  void pasn_data_deinit(struct pasn_data *pasn);
195  void pasn_register_callbacks(struct pasn_data *pasn, void *cb_ctx,
196  			     int (*send_mgmt)(void *ctx, const u8 *data,
197  					      size_t data_len, int noack,
198  					      unsigned int freq,
199  					      unsigned int wait),
200  			     int (*validate_custom_pmkid)(void *ctx,
201  							  const u8 *addr,
202  							  const u8 *pmkid));
203  void pasn_enable_kdk_derivation(struct pasn_data *pasn);
204  void pasn_disable_kdk_derivation(struct pasn_data *pasn);
205  
206  void pasn_set_akmp(struct pasn_data *pasn, int akmp);
207  void pasn_set_cipher(struct pasn_data *pasn, int cipher);
208  void pasn_set_own_addr(struct pasn_data *pasn, const u8 *addr);
209  void pasn_set_peer_addr(struct pasn_data *pasn, const u8 *addr);
210  void pasn_set_bssid(struct pasn_data *pasn, const u8 *addr);
211  void pasn_set_initiator_pmksa(struct pasn_data *pasn,
212  			      struct rsn_pmksa_cache *pmksa);
213  void pasn_set_responder_pmksa(struct pasn_data *pasn,
214  			      struct rsn_pmksa_cache *pmksa);
215  int pasn_set_pt(struct pasn_data *pasn, struct sae_pt *pt);
216  struct rsn_pmksa_cache * pasn_initiator_pmksa_cache_init(void);
217  void pasn_initiator_pmksa_cache_deinit(struct rsn_pmksa_cache *pmksa);
218  int pasn_initiator_pmksa_cache_add(struct rsn_pmksa_cache *pmksa,
219  				   const u8 *own_addr, const u8 *bssid,
220  				   const u8 *pmk, size_t pmk_len,
221  				   const u8 *pmkid);
222  int pasn_initiator_pmksa_cache_get(struct rsn_pmksa_cache *pmksa,
223  				   const u8 *bssid, u8 *pmkid, u8 *pmk,
224  				   size_t *pmk_len);
225  void pasn_initiator_pmksa_cache_remove(struct rsn_pmksa_cache *pmksa,
226  				       const u8 *bssid);
227  void pasn_initiator_pmksa_cache_flush(struct rsn_pmksa_cache *pmksa);
228  
229  /* Responder */
230  void pasn_set_noauth(struct pasn_data *pasn, bool noauth);
231  void pasn_set_password(struct pasn_data *pasn, const char *password);
232  void pasn_set_wpa_key_mgmt(struct pasn_data *pasn, int key_mgmt);
233  void pasn_set_rsn_pairwise(struct pasn_data *pasn, int rsn_pairwise);
234  void pasn_set_rsnxe_caps(struct pasn_data *pasn, u16 rsnxe_capab);
235  void pasn_set_rsnxe_ie(struct pasn_data *pasn, const u8 *rsnxe_ie);
236  void pasn_set_custom_pmkid(struct pasn_data *pasn, const u8 *pmkid);
237  int pasn_set_extra_ies(struct pasn_data *pasn, const u8 *extra_ies,
238  		       size_t extra_ies_len);
239  struct rsn_pmksa_cache * pasn_responder_pmksa_cache_init(void);
240  void pasn_responder_pmksa_cache_deinit(struct rsn_pmksa_cache *pmksa);
241  int pasn_responder_pmksa_cache_add(struct rsn_pmksa_cache *pmksa,
242  				   const u8 *own_addr, const u8 *bssid,
243  				   const u8 *pmk, size_t pmk_len,
244  				   const u8 *pmkid);
245  int pasn_responder_pmksa_cache_get(struct rsn_pmksa_cache *pmksa,
246  				   const u8 *bssid, u8 *pmkid, u8 *pmk,
247  				   size_t *pmk_len);
248  void pasn_responder_pmksa_cache_remove(struct rsn_pmksa_cache *pmksa,
249  				       const u8 *bssid);
250  void pasn_responder_pmksa_cache_flush(struct rsn_pmksa_cache *pmksa);
251  
252  int pasn_get_akmp(struct pasn_data *pasn);
253  int pasn_get_cipher(struct pasn_data *pasn);
254  size_t pasn_get_pmk_len(struct pasn_data *pasn);
255  u8 * pasn_get_pmk(struct pasn_data *pasn);
256  struct wpa_ptk * pasn_get_ptk(struct pasn_data *pasn);
257  int pasn_add_encrypted_data(struct pasn_data *pasn, struct wpabuf *buf,
258  			    const u8 *data, size_t data_len);
259  int pasn_parse_encrypted_data(struct pasn_data *pasn, const u8 *data,
260  			      size_t len);
261  
262  #ifdef __cplusplus
263  }
264  #endif
265  #endif /* PASN_COMMON_H */
266