src/pasn/pasn_common.c - android_external_wpa_supplicant_8 - Gitiles

 /*
  * PASN common processing
  *
  * Copyright (C) 2024, Qualcomm Innovation Center, Inc.
  *
  * This software may be distributed under the terms of the BSD license.
  * See README for more details.
  */

 #include "utils/includes.h"

 #include "utils/common.h"
 #include "common/wpa_common.h"
 #include "common/sae.h"
 #include "crypto/sha384.h"
 #include "crypto/crypto.h"
 #include "common/ieee802_11_defs.h"
 #include "common/ieee802_11_common.h"
 #include "crypto/aes_wrap.h"
 #include "pasn_common.h"


 struct pasn_data * pasn_data_init(void)
 {
 	struct pasn_data *pasn = os_zalloc(sizeof(struct pasn_data));

 	return pasn;
 }


 void pasn_data_deinit(struct pasn_data *pasn)
 {
 	if (!pasn)
 		return;
 	os_free(pasn->rsnxe_ie);
 	wpabuf_free(pasn->frame);
 	bin_clear_free(pasn, sizeof(struct pasn_data));
 }


 void pasn_register_callbacks(struct pasn_data *pasn, void *cb_ctx,
 			     int (*send_mgmt)(void *ctx, const u8 *data,
 					      size_t data_len, int noack,
 					      unsigned int freq,
 					      unsigned int wait),
 			     int (*validate_custom_pmkid)(void *ctx,
 							  const u8 *addr,
 							  const u8 *pmkid))
 {
 	if (!pasn)
 		return;

 	pasn->cb_ctx = cb_ctx;
 	pasn->send_mgmt = send_mgmt;
 	pasn->validate_custom_pmkid = validate_custom_pmkid;
 }


 void pasn_enable_kdk_derivation(struct pasn_data *pasn)
 {
 	if (!pasn)
 		return;
 	pasn->derive_kdk = true;
 	pasn->kdk_len = WPA_KDK_MAX_LEN;
 }


 void pasn_disable_kdk_derivation(struct pasn_data *pasn)
 {
 	if (!pasn)
 		return;
 	pasn->derive_kdk = false;
 	pasn->kdk_len = 0;
 }


 void pasn_set_akmp(struct pasn_data *pasn, int akmp)
 {
 	if (!pasn)
 		return;
 	pasn->akmp = akmp;
 }


 void pasn_set_cipher(struct pasn_data *pasn, int cipher)
 {
 	if (!pasn)
 		return;
 	pasn->cipher = cipher;
 }


 void pasn_set_own_addr(struct pasn_data *pasn, const u8 *addr)
 {
 	if (!pasn || !addr)
 		return;
 	os_memcpy(pasn->own_addr, addr, ETH_ALEN);
 }


 void pasn_set_peer_addr(struct pasn_data *pasn, const u8 *addr)
 {
 	if (!pasn || !addr)
 		return;
 	os_memcpy(pasn->peer_addr, addr, ETH_ALEN);
 }


 void pasn_set_bssid(struct pasn_data *pasn, const u8 *addr)
 {
 	if (!pasn || !addr)
 		return;
 	os_memcpy(pasn->bssid, addr, ETH_ALEN);
 }


 int pasn_set_pt(struct pasn_data *pasn, struct sae_pt *pt)
 {
 	if (!pasn)
 		return -1;
 #ifdef CONFIG_SAE
 	pasn->pt = pt;
 	return 0;
 #else /* CONFIG_SAE */
 	return -1;
 #endif /* CONFIG_SAE */
 }


 void pasn_set_password(struct pasn_data *pasn, const char *password)
 {
 	if (!pasn)
 		return;
 	pasn->password = password;
 }


 void pasn_set_wpa_key_mgmt(struct pasn_data *pasn, int key_mgmt)
 {
 	if (!pasn)
 		return;
 	pasn->wpa_key_mgmt = key_mgmt;
 }


 void pasn_set_rsn_pairwise(struct pasn_data *pasn, int rsn_pairwise)
 {
 	if (!pasn)
 		return;
 	pasn->rsn_pairwise = rsn_pairwise;
 }


 void pasn_set_rsnxe_caps(struct pasn_data *pasn, u16 rsnxe_capab)
 {
 	if (!pasn)
 		return;
 	pasn->rsnxe_capab = rsnxe_capab;
 }


 void pasn_set_rsnxe_ie(struct pasn_data *pasn, const u8 *rsnxe_ie)
 {
 	if (!pasn || !rsnxe_ie)
 		return;
 	pasn->rsnxe_ie = os_memdup(rsnxe_ie, 2 + rsnxe_ie[1]);
 }


 void pasn_set_custom_pmkid(struct pasn_data *pasn, const u8 *pmkid)
 {
 	if (!pasn || !pmkid)
 		return;
 	os_memcpy(pasn->custom_pmkid, pmkid, PMKID_LEN);
 	pasn->custom_pmkid_valid = true;
 }


 int pasn_set_extra_ies(struct pasn_data *pasn, const u8 *extra_ies,
 		       size_t extra_ies_len)
 {
 	if (!pasn || !extra_ies_len || !extra_ies)
 		return -1;

 	if (pasn->extra_ies) {
 		os_free((u8 *) pasn->extra_ies);
 		pasn->extra_ies_len = extra_ies_len;
 	}

 	pasn->extra_ies = os_memdup(extra_ies, extra_ies_len);
 	if (!pasn->extra_ies) {
 		wpa_printf(MSG_ERROR,
 			   "PASN: Extra IEs memory allocation failed");
 		return -1;
 	}
 	pasn->extra_ies_len = extra_ies_len;
 	return 0;
 }


 void pasn_set_noauth(struct pasn_data *pasn, bool noauth)
 {
 	if (!pasn)
 		return;
 	pasn->noauth = noauth;
 }


 int pasn_get_akmp(struct pasn_data *pasn)
 {
 	if (!pasn)
 		return 0;
 	return pasn->akmp;
 }


 int pasn_get_cipher(struct pasn_data *pasn)
 {
 	if (!pasn)
 		return 0;
 	return pasn->cipher;
 }


 size_t pasn_get_pmk_len(struct pasn_data *pasn)
 {
 	if (!pasn)
 		return 0;
 	return pasn->pmk_len;
 }


 u8 * pasn_get_pmk(struct pasn_data *pasn)
 {
 	if (!pasn)
 		return NULL;
 	return pasn->pmk;
 }


 struct wpa_ptk * pasn_get_ptk(struct pasn_data *pasn)
 {
 	if (!pasn)
 		return NULL;
 	return &pasn->ptk;
 }


 int pasn_add_encrypted_data(struct pasn_data *pasn, struct wpabuf *buf,
 			    const u8 *data, size_t data_len)
 {
 	int ret;
 	u8 *encrypted_data, *padded_data = NULL;
 	u8 *len;
 	size_t pad_len = 0;

 	if (!pasn->ptk.kek_len) {
 		wpa_printf(MSG_DEBUG, "PASN: KEK not available");
 		return -2;
 	}

 	pad_len = data_len % 8;
 	if (pad_len) {
 		pad_len = 8 - pad_len;
 		padded_data = os_zalloc(data_len + pad_len);
 		if (!padded_data)
 			return -1;
 		os_memcpy(padded_data, data, data_len);
 		data = padded_data;
 		padded_data[data_len] = 0xdd;
 	}
 	data_len += pad_len + 8;

 	encrypted_data = os_malloc(data_len);
 	if (!encrypted_data) {
 		os_free(padded_data);
 		return -1;
 	}

 	ret = aes_wrap(pasn->ptk.kek, pasn->ptk.kek_len,
 		       (data_len - 8) / 8, data, encrypted_data);
 	if (ret) {
 		wpa_printf(MSG_DEBUG, "PASN: AES wrap failed, ret=%d", ret);
 		goto out;
 	}

 	if (wpabuf_tailroom(buf) < 1 + 1 + 1 + data_len) {
 		wpa_printf(MSG_DEBUG,
 			   "PASN: Not enough room in the buffer for PASN Encrypred Data element");
 		ret = -1;
 		goto out;
 	}

 	wpabuf_put_u8(buf, WLAN_EID_EXTENSION);
 	len = wpabuf_put(buf, 1);

 	wpabuf_put_u8(buf, WLAN_EID_EXT_PASN_ENCRYPTED_DATA);

 	wpabuf_put_data(buf, encrypted_data, data_len);
 	*len = (u8 *) wpabuf_put(buf, 0) - len - 1;

 out:
 	os_free(padded_data);
 	os_free(encrypted_data);
 	return ret;
 }


 int pasn_parse_encrypted_data(struct pasn_data *pasn, const u8 *data,
 			      size_t len)
 {
 	int ret = -1;
 	u8 *buf;
 	u16 buf_len;
 	struct ieee802_11_elems elems;
 	const struct ieee80211_mgmt *mgmt =
 		(const struct ieee80211_mgmt *) data;

 	if (len < 24 + 6 ||
 	    ieee802_11_parse_elems(mgmt->u.auth.variable,
 				   len - offsetof(struct ieee80211_mgmt,
 						  u.auth.variable),
 				   &elems, 0) == ParseFailed) {
 		wpa_printf(MSG_DEBUG,
 			   "PASN: Failed parsing Authentication frame");
 		return -1;
 	}

 	if (!elems.pasn_encrypted_data || elems.pasn_encrypted_data_len < 8 ||
 	    elems.pasn_encrypted_data_len % 8) {
 		wpa_printf(MSG_DEBUG, "PASN: No encrypted elements");
 		return 0;
 	}

 	buf_len = elems.pasn_encrypted_data_len - 8;

 	buf = os_malloc(buf_len);
 	if (!buf)
 		return -1;

 	ret = aes_unwrap(pasn->ptk.kek, pasn->ptk.kek_len, buf_len / 8,
 			 elems.pasn_encrypted_data, buf);
 	if (ret)
 		wpa_printf(MSG_DEBUG, "PASN: AES unwrap failed, ret=%d", ret);
 	else if (pasn->parse_data_element && pasn->cb_ctx)
 		ret = pasn->parse_data_element(pasn->cb_ctx, buf, buf_len);

 	os_free(buf);
 	return ret;
 }
	/*
	* PASN common processing
	*
	* Copyright (C) 2024, Qualcomm Innovation Center, Inc.
	*
	* This software may be distributed under the terms of the BSD license.
	* See README for more details.
	*/

	#include "utils/includes.h"

	#include "utils/common.h"
	#include "common/wpa_common.h"
	#include "common/sae.h"
	#include "crypto/sha384.h"
	#include "crypto/crypto.h"
	#include "common/ieee802_11_defs.h"
	#include "common/ieee802_11_common.h"
	#include "crypto/aes_wrap.h"
	#include "pasn_common.h"


	struct pasn_data * pasn_data_init(void)
	{
	struct pasn_data *pasn = os_zalloc(sizeof(struct pasn_data));

	return pasn;
	}


	void pasn_data_deinit(struct pasn_data *pasn)
	{
	if (!pasn)
	return;
	os_free(pasn->rsnxe_ie);
	wpabuf_free(pasn->frame);
	bin_clear_free(pasn, sizeof(struct pasn_data));
	}


	void pasn_register_callbacks(struct pasn_data pasn, void cb_ctx,
	int (send_mgmt)(void ctx, const u8 *data,
	size_t data_len, int noack,
	unsigned int freq,
	unsigned int wait),
	int (validate_custom_pmkid)(void ctx,
	const u8 *addr,
	const u8 *pmkid))
	{
	if (!pasn)
	return;

	pasn->cb_ctx = cb_ctx;
	pasn->send_mgmt = send_mgmt;
	pasn->validate_custom_pmkid = validate_custom_pmkid;
	}


	void pasn_enable_kdk_derivation(struct pasn_data *pasn)
	{
	if (!pasn)
	return;
	pasn->derive_kdk = true;
	pasn->kdk_len = WPA_KDK_MAX_LEN;
	}


	void pasn_disable_kdk_derivation(struct pasn_data *pasn)
	{
	if (!pasn)
	return;
	pasn->derive_kdk = false;
	pasn->kdk_len = 0;
	}


	void pasn_set_akmp(struct pasn_data *pasn, int akmp)
	{
	if (!pasn)
	return;
	pasn->akmp = akmp;
	}


	void pasn_set_cipher(struct pasn_data *pasn, int cipher)
	{
	if (!pasn)
	return;
	pasn->cipher = cipher;
	}


	void pasn_set_own_addr(struct pasn_data pasn, const u8 addr)
	{
	if (!pasn \|\| !addr)
	return;
	os_memcpy(pasn->own_addr, addr, ETH_ALEN);
	}


	void pasn_set_peer_addr(struct pasn_data pasn, const u8 addr)
	{
	if (!pasn \|\| !addr)
	return;
	os_memcpy(pasn->peer_addr, addr, ETH_ALEN);
	}


	void pasn_set_bssid(struct pasn_data pasn, const u8 addr)
	{
	if (!pasn \|\| !addr)
	return;
	os_memcpy(pasn->bssid, addr, ETH_ALEN);
	}


	int pasn_set_pt(struct pasn_data pasn, struct sae_pt pt)
	{
	if (!pasn)
	return -1;
	#ifdef CONFIG_SAE
	pasn->pt = pt;
	return 0;
	#else /* CONFIG_SAE */
	return -1;
	#endif /* CONFIG_SAE */
	}


	void pasn_set_password(struct pasn_data pasn, const char password)
	{
	if (!pasn)
	return;
	pasn->password = password;
	}


	void pasn_set_wpa_key_mgmt(struct pasn_data *pasn, int key_mgmt)
	{
	if (!pasn)
	return;
	pasn->wpa_key_mgmt = key_mgmt;
	}


	void pasn_set_rsn_pairwise(struct pasn_data *pasn, int rsn_pairwise)
	{
	if (!pasn)
	return;
	pasn->rsn_pairwise = rsn_pairwise;
	}


	void pasn_set_rsnxe_caps(struct pasn_data *pasn, u16 rsnxe_capab)
	{
	if (!pasn)
	return;
	pasn->rsnxe_capab = rsnxe_capab;
	}


	void pasn_set_rsnxe_ie(struct pasn_data pasn, const u8 rsnxe_ie)
	{
	if (!pasn \|\| !rsnxe_ie)
	return;
	pasn->rsnxe_ie = os_memdup(rsnxe_ie, 2 + rsnxe_ie[1]);
	}


	void pasn_set_custom_pmkid(struct pasn_data pasn, const u8 pmkid)
	{
	if (!pasn \|\| !pmkid)
	return;
	os_memcpy(pasn->custom_pmkid, pmkid, PMKID_LEN);
	pasn->custom_pmkid_valid = true;
	}


	int pasn_set_extra_ies(struct pasn_data pasn, const u8 extra_ies,
	size_t extra_ies_len)
	{
	if (!pasn \|\| !extra_ies_len \|\| !extra_ies)
	return -1;

	if (pasn->extra_ies) {
	os_free((u8 *) pasn->extra_ies);
	pasn->extra_ies_len = extra_ies_len;
	}

	pasn->extra_ies = os_memdup(extra_ies, extra_ies_len);
	if (!pasn->extra_ies) {
	wpa_printf(MSG_ERROR,
	"PASN: Extra IEs memory allocation failed");
	return -1;
	}
	pasn->extra_ies_len = extra_ies_len;
	return 0;
	}


	void pasn_set_noauth(struct pasn_data *pasn, bool noauth)
	{
	if (!pasn)
	return;
	pasn->noauth = noauth;
	}


	int pasn_get_akmp(struct pasn_data *pasn)
	{
	if (!pasn)
	return 0;
	return pasn->akmp;
	}


	int pasn_get_cipher(struct pasn_data *pasn)
	{
	if (!pasn)
	return 0;
	return pasn->cipher;
	}


	size_t pasn_get_pmk_len(struct pasn_data *pasn)
	{
	if (!pasn)
	return 0;
	return pasn->pmk_len;
	}


	u8 * pasn_get_pmk(struct pasn_data *pasn)
	{
	if (!pasn)
	return NULL;
	return pasn->pmk;
	}


	struct wpa_ptk * pasn_get_ptk(struct pasn_data *pasn)
	{
	if (!pasn)
	return NULL;
	return &pasn->ptk;
	}


	int pasn_add_encrypted_data(struct pasn_data pasn, struct wpabuf buf,
	const u8 *data, size_t data_len)
	{
	int ret;
	u8 encrypted_data, padded_data = NULL;
	u8 *len;
	size_t pad_len = 0;

	if (!pasn->ptk.kek_len) {
	wpa_printf(MSG_DEBUG, "PASN: KEK not available");
	return -2;
	}

	pad_len = data_len % 8;
	if (pad_len) {
	pad_len = 8 - pad_len;
	padded_data = os_zalloc(data_len + pad_len);
	if (!padded_data)
	return -1;
	os_memcpy(padded_data, data, data_len);
	data = padded_data;
	padded_data[data_len] = 0xdd;
	}
	data_len += pad_len + 8;

	encrypted_data = os_malloc(data_len);
	if (!encrypted_data) {
	os_free(padded_data);
	return -1;
	}

	ret = aes_wrap(pasn->ptk.kek, pasn->ptk.kek_len,
	(data_len - 8) / 8, data, encrypted_data);
	if (ret) {
	wpa_printf(MSG_DEBUG, "PASN: AES wrap failed, ret=%d", ret);
	goto out;
	}

	if (wpabuf_tailroom(buf) < 1 + 1 + 1 + data_len) {
	wpa_printf(MSG_DEBUG,
	"PASN: Not enough room in the buffer for PASN Encrypred Data element");
	ret = -1;
	goto out;
	}

	wpabuf_put_u8(buf, WLAN_EID_EXTENSION);
	len = wpabuf_put(buf, 1);

	wpabuf_put_u8(buf, WLAN_EID_EXT_PASN_ENCRYPTED_DATA);

	wpabuf_put_data(buf, encrypted_data, data_len);
	len = (u8 ) wpabuf_put(buf, 0) - len - 1;

	out:
	os_free(padded_data);
	os_free(encrypted_data);
	return ret;
	}


	int pasn_parse_encrypted_data(struct pasn_data pasn, const u8 data,
	size_t len)
	{
	int ret = -1;
	u8 *buf;
	u16 buf_len;
	struct ieee802_11_elems elems;
	const struct ieee80211_mgmt *mgmt =
	(const struct ieee80211_mgmt *) data;

	if (len < 24 + 6 \|\|
	ieee802_11_parse_elems(mgmt->u.auth.variable,
	len - offsetof(struct ieee80211_mgmt,
	u.auth.variable),
	&elems, 0) == ParseFailed) {
	wpa_printf(MSG_DEBUG,
	"PASN: Failed parsing Authentication frame");
	return -1;
	}

	if (!elems.pasn_encrypted_data \|\| elems.pasn_encrypted_data_len < 8 \|\|
	elems.pasn_encrypted_data_len % 8) {
	wpa_printf(MSG_DEBUG, "PASN: No encrypted elements");
	return 0;
	}

	buf_len = elems.pasn_encrypted_data_len - 8;

	buf = os_malloc(buf_len);
	if (!buf)
	return -1;

	ret = aes_unwrap(pasn->ptk.kek, pasn->ptk.kek_len, buf_len / 8,
	elems.pasn_encrypted_data, buf);
	if (ret)
	wpa_printf(MSG_DEBUG, "PASN: AES unwrap failed, ret=%d", ret);
	else if (pasn->parse_data_element && pasn->cb_ctx)
	ret = pasn->parse_data_element(pasn->cb_ctx, buf, buf_len);

	os_free(buf);
	return ret;
	}