pasn_common.c - OpenGrok cross reference for /hostap/src/pasn/pasn_common.c

/*
 * PASN common processing
 *
 * Copyright (C) 2024, Qualcomm Innovation Center, Inc.
 *
 * This software may be distributed under the terms of the BSD license.
 * See README for more details.
 */

#include "utils/includes.h"

#include "utils/common.h"
#include "common/wpa_common.h"
#include "common/sae.h"
#include "crypto/sha384.h"
#include "crypto/crypto.h"
#include "common/ieee802_11_defs.h"
#include "common/ieee802_11_common.h"
#include "crypto/aes_wrap.h"
#include "pasn_common.h"


struct pasn_data * pasn_data_init(void)
{
	struct pasn_data *pasn = os_zalloc(sizeof(struct pasn_data));

	return pasn;
}


void pasn_data_deinit(struct pasn_data *pasn)
{
	if (!pasn)
		return;
	os_free(pasn->rsnxe_ie);
	wpabuf_free(pasn->frame);
	bin_clear_free(pasn, sizeof(struct pasn_data));
}


void pasn_register_callbacks(struct pasn_data *pasn, void *cb_ctx,
			     int (*send_mgmt)(void *ctx, const u8 *data,
					      size_t data_len, int noack,
					      unsigned int freq,
					      unsigned int wait),
			     int (*validate_custom_pmkid)(void *ctx,
							  const u8 *addr,
							  const u8 *pmkid))
{
	if (!pasn)
		return;

	pasn->cb_ctx = cb_ctx;
	pasn->send_mgmt = send_mgmt;
	pasn->validate_custom_pmkid = validate_custom_pmkid;
}


void pasn_enable_kdk_derivation(struct pasn_data *pasn)
{
	if (!pasn)
		return;
	pasn->derive_kdk = true;
	pasn->kdk_len = WPA_KDK_MAX_LEN;
}


void pasn_disable_kdk_derivation(struct pasn_data *pasn)
{
	if (!pasn)
		return;
	pasn->derive_kdk = false;
	pasn->kdk_len = 0;
}


void pasn_set_akmp(struct pasn_data *pasn, int akmp)
{
	if (!pasn)
		return;
	pasn->akmp = akmp;
}


void pasn_set_cipher(struct pasn_data *pasn, int cipher)
{
	if (!pasn)
		return;
	pasn->cipher = cipher;
}


void pasn_set_own_addr(struct pasn_data *pasn, const u8 *addr)
{
	if (!pasn || !addr)
		return;
	os_memcpy(pasn->own_addr, addr, ETH_ALEN);
}


void pasn_set_peer_addr(struct pasn_data *pasn, const u8 *addr)
{
	if (!pasn || !addr)
		return;
	os_memcpy(pasn->peer_addr, addr, ETH_ALEN);
}


void pasn_set_bssid(struct pasn_data *pasn, const u8 *addr)
{
	if (!pasn || !addr)
		return;
	os_memcpy(pasn->bssid, addr, ETH_ALEN);
}


int pasn_set_pt(struct pasn_data *pasn, struct sae_pt *pt)
{
	if (!pasn)
		return -1;
#ifdef CONFIG_SAE
	pasn->pt = pt;
	return 0;
#else /* CONFIG_SAE */
	return -1;
#endif /* CONFIG_SAE */
}


void pasn_set_password(struct pasn_data *pasn, const char *password)
{
	if (!pasn)
		return;
	pasn->password = password;
}


void pasn_set_wpa_key_mgmt(struct pasn_data *pasn, int key_mgmt)
{
	if (!pasn)
		return;
	pasn->wpa_key_mgmt = key_mgmt;
}


void pasn_set_rsn_pairwise(struct pasn_data *pasn, int rsn_pairwise)
{
	if (!pasn)
		return;
	pasn->rsn_pairwise = rsn_pairwise;
}


void pasn_set_rsnxe_caps(struct pasn_data *pasn, u16 rsnxe_capab)
{
	if (!pasn)
		return;
	pasn->rsnxe_capab = rsnxe_capab;
}


void pasn_set_rsnxe_ie(struct pasn_data *pasn, const u8 *rsnxe_ie)
{
	if (!pasn || !rsnxe_ie)
		return;
	pasn->rsnxe_ie = os_memdup(rsnxe_ie, 2 + rsnxe_ie[1]);
}


void pasn_set_custom_pmkid(struct pasn_data *pasn, const u8 *pmkid)
{
	if (!pasn || !pmkid)
		return;
	os_memcpy(pasn->custom_pmkid, pmkid, PMKID_LEN);
	pasn->custom_pmkid_valid = true;
}


int pasn_set_extra_ies(struct pasn_data *pasn, const u8 *extra_ies,
		       size_t extra_ies_len)
{
	if (!pasn || !extra_ies_len || !extra_ies)
		return -1;

	if (pasn->extra_ies) {
		os_free((u8 *) pasn->extra_ies);
		pasn->extra_ies_len = extra_ies_len;
	}

	pasn->extra_ies = os_memdup(extra_ies, extra_ies_len);
	if (!pasn->extra_ies) {
		wpa_printf(MSG_ERROR,
			   "PASN: Extra IEs memory allocation failed");
		return -1;
	}
	pasn->extra_ies_len = extra_ies_len;
	return 0;
}


void pasn_set_noauth(struct pasn_data *pasn, bool noauth)
{
	if (!pasn)
		return;
	pasn->noauth = noauth;
}


int pasn_get_akmp(struct pasn_data *pasn)
{
	if (!pasn)
		return 0;
	return pasn->akmp;
}


int pasn_get_cipher(struct pasn_data *pasn)
{
	if (!pasn)
		return 0;
	return pasn->cipher;
}


size_t pasn_get_pmk_len(struct pasn_data *pasn)
{
	if (!pasn)
		return 0;
	return pasn->pmk_len;
}


u8 * pasn_get_pmk(struct pasn_data *pasn)
{
	if (!pasn)
		return NULL;
	return pasn->pmk;
}


struct wpa_ptk * pasn_get_ptk(struct pasn_data *pasn)
{
	if (!pasn)
		return NULL;
	return &pasn->ptk;
}


int pasn_add_encrypted_data(struct pasn_data *pasn, struct wpabuf *buf,
			    const u8 *data, size_t data_len)
{
	int ret;
	u8 *encrypted_data, *padded_data = NULL;
	u8 *len;
	size_t pad_len = 0;

	if (!pasn->ptk.kek_len) {
		wpa_printf(MSG_DEBUG, "PASN: KEK not available");
		return -2;
	}

	pad_len = data_len % 8;
	if (pad_len) {
		pad_len = 8 - pad_len;
		padded_data = os_zalloc(data_len + pad_len);
		if (!padded_data)
			return -1;
		os_memcpy(padded_data, data, data_len);
		data = padded_data;
		padded_data[data_len] = 0xdd;
	}
	data_len += pad_len + 8;

	encrypted_data = os_malloc(data_len);
	if (!encrypted_data) {
		os_free(padded_data);
		return -1;
	}

	ret = aes_wrap(pasn->ptk.kek, pasn->ptk.kek_len,
		       (data_len - 8) / 8, data, encrypted_data);
	if (ret) {
		wpa_printf(MSG_DEBUG, "PASN: AES wrap failed, ret=%d", ret);
		goto out;
	}

	if (wpabuf_tailroom(buf) < 1 + 1 + 1 + data_len) {
		wpa_printf(MSG_DEBUG,
			   "PASN: Not enough room in the buffer for PASN Encrypred Data element");
		ret = -1;
		goto out;
	}

	wpabuf_put_u8(buf, WLAN_EID_EXTENSION);
	len = wpabuf_put(buf, 1);

	wpabuf_put_u8(buf, WLAN_EID_EXT_PASN_ENCRYPTED_DATA);

	wpabuf_put_data(buf, encrypted_data, data_len);
	*len = (u8 *) wpabuf_put(buf, 0) - len - 1;

out:
	os_free(padded_data);
	os_free(encrypted_data);
	return ret;
}


int pasn_parse_encrypted_data(struct pasn_data *pasn, const u8 *data,
			      size_t len)
{
	int ret = -1;
	u8 *buf;
	u16 buf_len;
	struct ieee802_11_elems elems;
	const struct ieee80211_mgmt *mgmt =
		(const struct ieee80211_mgmt *) data;

	if (len < 24 + 6 ||
	    ieee802_11_parse_elems(mgmt->u.auth.variable,
				   len - offsetof(struct ieee80211_mgmt,
						  u.auth.variable),
				   &elems, 0) == ParseFailed) {
		wpa_printf(MSG_DEBUG,
			   "PASN: Failed parsing Authentication frame");
		return -1;
	}

	if (!elems.pasn_encrypted_data || elems.pasn_encrypted_data_len < 8 ||
	    elems.pasn_encrypted_data_len % 8) {
		wpa_printf(MSG_DEBUG, "PASN: No encrypted elements");
		return 0;
	}

	buf_len = elems.pasn_encrypted_data_len - 8;

	buf = os_malloc(buf_len);
	if (!buf)
		return -1;

	ret = aes_unwrap(pasn->ptk.kek, pasn->ptk.kek_len, buf_len / 8,
			 elems.pasn_encrypted_data, buf);
	if (ret)
		wpa_printf(MSG_DEBUG, "PASN: AES unwrap failed, ret=%d", ret);
	else if (pasn->parse_data_element && pasn->cb_ctx)
		ret = pasn->parse_data_element(pasn->cb_ctx, buf, buf_len);

	os_free(buf);
	return ret;
}