Gitiles
Code Review Sign In
gerrit.omnirom.org / android_external_wpa_supplicant_8 / 79e6c4f365e2724d802f81875cb4957976935378 / . / src / pasn / pasn_common.h
blob: cc3abf6ea478dfa6d9548871306b72986a6feb18 [file] [log] [blame]
Sunil Ravi77d572f2023-01-17 23:58:31 +0000[diff] [blame]1/*
2 * PASN info for initiator and responder
3 *
4 * Copyright (C) 2019, Intel Corporation
5 * Copyright (c) 2022, Jouni Malinen <j@w1.fi>
6 * Copyright (C) 2022, Qualcomm Innovation Center, Inc.
7 *
8 * This software may be distributed under the terms of the BSD license.
9 * See README for more details.
10 */
11
12#ifndef PASN_COMMON_H
13#define PASN_COMMON_H
14
15#ifdef __cplusplus
16extern "C" {
17#endif
18
Sunil Ravi77d572f2023-01-17 23:58:31 +0000[diff] [blame]19enum pasn_fils_state {
20 PASN_FILS_STATE_NONE = 0,
21 PASN_FILS_STATE_PENDING_AS,
22 PASN_FILS_STATE_COMPLETE
23};
24
25struct pasn_fils {
26 u8 state;
27 u8 nonce[FILS_NONCE_LEN];
28 u8 anonce[FILS_NONCE_LEN];
29 u8 session[FILS_SESSION_LEN];
30 u8 erp_pmkid[PMKID_LEN];
31 bool completed;
32 struct wpabuf *erp_resp;
33};
34
35struct pasn_data {
Sunil Ravi99c035e2024-07-12 01:42:03 +0000[diff] [blame]36 /* External modules access below variables using setter and getter
37 * functions */
Sunil Ravi77d572f2023-01-17 23:58:31 +0000[diff] [blame]38 int akmp;
39 int cipher;
Sunil Ravi99c035e2024-07-12 01:42:03 +0000[diff] [blame]40 u8 own_addr[ETH_ALEN];
41 u8 peer_addr[ETH_ALEN];
42 u8 bssid[ETH_ALEN];
43 struct rsn_pmksa_cache *pmksa;
44 bool derive_kdk;
45 size_t kdk_len;
46 void *cb_ctx;
47
48#ifdef CONFIG_SAE
49 struct sae_pt *pt;
50#endif /* CONFIG_SAE */
51
52 /* Responder */
53 const char *password;
54 int wpa_key_mgmt;
55 int rsn_pairwise;
56 u16 rsnxe_capab;
Sunil Ravic0f5d412024-09-11 22:12:49 +0000[diff] [blame]57 u8 *rsnxe_ie;
Sunil Ravi99c035e2024-07-12 01:42:03 +0000[diff] [blame]58 bool custom_pmkid_valid;
59 u8 custom_pmkid[PMKID_LEN];
60
61 /*
62 * Extra elements to add into Authentication frames. These can be used,
63 * e.g., for Wi-Fi Aware use cases.
64 */
65 const u8 *extra_ies;
66 size_t extra_ies_len;
67
68 /* External modules do not access below variables */
Sunil Ravi79e6c4f2025-01-04 00:47:06 +0000[diff] [blame^]69 bool derive_kek;
Sunil Ravic0f5d412024-09-11 22:12:49 +0000[diff] [blame]70 size_t kek_len;
Sunil Ravi77d572f2023-01-17 23:58:31 +0000[diff] [blame]71 u16 group;
72 bool secure_ltf;
73 int freq;
Sunil Ravi77d572f2023-01-17 23:58:31 +0000[diff] [blame]74
75 u8 trans_seq;
76 u8 status;
77
Sunil Ravi77d572f2023-01-17 23:58:31 +0000[diff] [blame]78 size_t pmk_len;
79 u8 pmk[PMK_LEN_MAX];
80 bool using_pmksa;
81
82 u8 hash[SHA384_MAC_LEN];
83
84 struct wpabuf *beacon_rsne_rsnxe;
85 struct wpa_ptk ptk;
86 struct crypto_ecdh *ecdh;
87
88 struct wpabuf *comeback;
89 u16 comeback_after;
90
91#ifdef CONFIG_SAE
92 struct sae_data sae;
Sunil Ravi77d572f2023-01-17 23:58:31 +0000[diff] [blame]93#endif /* CONFIG_SAE */
94
95#ifdef CONFIG_FILS
96 bool fils_eapol;
97 bool fils_wd_valid;
98 struct pasn_fils fils;
99#endif /* CONFIG_FILS */
100
101#ifdef CONFIG_IEEE80211R
102 u8 pmk_r1[PMK_LEN_MAX];
103 size_t pmk_r1_len;
104 u8 pmk_r1_name[WPA_PMK_NAME_LEN];
105#endif /* CONFIG_IEEE80211R */
106 /* Note that this pointers to RSN PMKSA cache are actually defined
107 * differently for the PASN initiator (using RSN Supplicant
108 * implementation) and PASN responser (using RSN Authenticator
109 * implementation). Functions cannot be mixed between those cases. */
Sunil Ravi77d572f2023-01-17 23:58:31 +0000[diff] [blame]110 struct rsn_pmksa_cache_entry *pmksa_entry;
111 struct eapol_sm *eapol;
112 int fast_reauth;
113#ifdef CONFIG_TESTING_OPTIONS
114 int corrupt_mic;
115#endif /* CONFIG_TESTING_OPTIONS */
Sunil Ravi77d572f2023-01-17 23:58:31 +0000[diff] [blame]116 int network_id;
117
118 u8 wrapped_data_format;
119 struct wpabuf *secret;
120
Sunil Ravi640215c2023-06-28 23:08:09 +0000[diff] [blame]121 /* Responder */
122 bool noauth; /* Whether PASN without mutual authentication is enabled */
Sunil Ravi77d572f2023-01-17 23:58:31 +0000[diff] [blame]123 int disable_pmksa_caching;
124 int *pasn_groups;
125 struct wpabuf *wrapped_data;
126 int use_anti_clogging;
127 const u8 *rsn_ie;
Sunil Ravi77d572f2023-01-17 23:58:31 +0000[diff] [blame]128 size_t rsn_ie_len;
129
130 u8 *comeback_key;
131 struct os_reltime last_comeback_key_update;
132 u16 comeback_idx;
133 u16 *comeback_pending_idx;
Sunil Ravi79e6c4f2025-01-04 00:47:06 +0000[diff] [blame^]134 struct wpabuf *frame;
Sunil Ravi77d572f2023-01-17 23:58:31 +0000[diff] [blame]135
Sunil Ravi77d572f2023-01-17 23:58:31 +0000[diff] [blame]136 /**
137 * send_mgmt - Function handler to transmit a Management frame
138 * @ctx: Callback context from cb_ctx
139 * @frame_buf : Frame to transmit
140 * @frame_len: Length of frame to transmit
141 * @freq: Frequency in MHz for the channel on which to transmit
142 * @wait_dur: How many milliseconds to wait for a response frame
143 * Returns: 0 on success, -1 on failure
144 */
145 int (*send_mgmt)(void *ctx, const u8 *data, size_t data_len, int noack,
146 unsigned int freq, unsigned int wait);
147 /**
148 * validate_custom_pmkid - Handler to validate vendor specific PMKID
149 * @ctx: Callback context from cb_ctx
150 * @addr : MAC address of the peer
151 * @pmkid: Custom PMKID
152 * Returns: 0 on success (valid PMKID), -1 on failure
153 */
154 int (*validate_custom_pmkid)(void *ctx, const u8 *addr,
155 const u8 *pmkid);
Sunil Ravi79e6c4f2025-01-04 00:47:06 +0000[diff] [blame^]156
157 int (*prepare_data_element)(void *ctx, const u8 *peer_addr);
158
159 int (*parse_data_element)(void *ctx, const u8 *data, size_t len);
Sunil Ravi77d572f2023-01-17 23:58:31 +0000[diff] [blame]160};
161
162/* Initiator */
Sunil Ravi77d572f2023-01-17 23:58:31 +0000[diff] [blame]163void wpa_pasn_reset(struct pasn_data *pasn);
164int wpas_pasn_start(struct pasn_data *pasn, const u8 *own_addr,
165 const u8 *peer_addr, const u8 *bssid,
166 int akmp, int cipher, u16 group,
167 int freq, const u8 *beacon_rsne, u8 beacon_rsne_len,
168 const u8 *beacon_rsnxe, u8 beacon_rsnxe_len,
169 const struct wpabuf *comeback);
170int wpa_pasn_verify(struct pasn_data *pasn, const u8 *own_addr,
171 const u8 *peer_addr, const u8 *bssid,
172 int akmp, int cipher, u16 group,
173 int freq, const u8 *beacon_rsne, u8 beacon_rsne_len,
174 const u8 *beacon_rsnxe, u8 beacon_rsnxe_len,
175 const struct wpabuf *comeback);
176int wpa_pasn_auth_rx(struct pasn_data *pasn, const u8 *data, size_t len,
177 struct wpa_pasn_params_data *pasn_params);
178int wpa_pasn_auth_tx_status(struct pasn_data *pasn,
179 const u8 *data, size_t data_len, u8 acked);
180
181/* Responder */
182int handle_auth_pasn_1(struct pasn_data *pasn,
183 const u8 *own_addr, const u8 *peer_addr,
Sunil Ravic0f5d412024-09-11 22:12:49 +0000[diff] [blame]184 const struct ieee80211_mgmt *mgmt, size_t len,
185 bool reject);
Sunil Ravi77d572f2023-01-17 23:58:31 +0000[diff] [blame]186int handle_auth_pasn_3(struct pasn_data *pasn, const u8 *own_addr,
187 const u8 *peer_addr,
188 const struct ieee80211_mgmt *mgmt, size_t len);
189int handle_auth_pasn_resp(struct pasn_data *pasn, const u8 *own_addr,
190 const u8 *peer_addr,
191 struct rsn_pmksa_cache_entry *pmksa, u16 status);
192
Sunil Ravi99c035e2024-07-12 01:42:03 +0000[diff] [blame]193struct pasn_data * pasn_data_init(void);
194void pasn_data_deinit(struct pasn_data *pasn);
195void pasn_register_callbacks(struct pasn_data *pasn, void *cb_ctx,
196 int (*send_mgmt)(void *ctx, const u8 *data,
197 size_t data_len, int noack,
198 unsigned int freq,
199 unsigned int wait),
200 int (*validate_custom_pmkid)(void *ctx,
201 const u8 *addr,
202 const u8 *pmkid));
203void pasn_enable_kdk_derivation(struct pasn_data *pasn);
204void pasn_disable_kdk_derivation(struct pasn_data *pasn);
205
206void pasn_set_akmp(struct pasn_data *pasn, int akmp);
207void pasn_set_cipher(struct pasn_data *pasn, int cipher);
208void pasn_set_own_addr(struct pasn_data *pasn, const u8 *addr);
209void pasn_set_peer_addr(struct pasn_data *pasn, const u8 *addr);
210void pasn_set_bssid(struct pasn_data *pasn, const u8 *addr);
211void pasn_set_initiator_pmksa(struct pasn_data *pasn,
212 struct rsn_pmksa_cache *pmksa);
213void pasn_set_responder_pmksa(struct pasn_data *pasn,
214 struct rsn_pmksa_cache *pmksa);
215int pasn_set_pt(struct pasn_data *pasn, struct sae_pt *pt);
Sunil Ravic0f5d412024-09-11 22:12:49 +0000[diff] [blame]216struct rsn_pmksa_cache * pasn_initiator_pmksa_cache_init(void);
217void pasn_initiator_pmksa_cache_deinit(struct rsn_pmksa_cache *pmksa);
218int pasn_initiator_pmksa_cache_add(struct rsn_pmksa_cache *pmksa,
Sunil Ravi79e6c4f2025-01-04 00:47:06 +0000[diff] [blame^]219 const u8 *own_addr, const u8 *bssid,
220 const u8 *pmk, size_t pmk_len,
221 const u8 *pmkid);
Sunil Ravic0f5d412024-09-11 22:12:49 +0000[diff] [blame]222int pasn_initiator_pmksa_cache_get(struct rsn_pmksa_cache *pmksa,
223 const u8 *bssid, u8 *pmkid, u8 *pmk,
224 size_t *pmk_len);
225void pasn_initiator_pmksa_cache_remove(struct rsn_pmksa_cache *pmksa,
226 const u8 *bssid);
227void pasn_initiator_pmksa_cache_flush(struct rsn_pmksa_cache *pmksa);
Sunil Ravi99c035e2024-07-12 01:42:03 +0000[diff] [blame]228
229/* Responder */
Sunil Ravic0f5d412024-09-11 22:12:49 +0000[diff] [blame]230void pasn_set_noauth(struct pasn_data *pasn, bool noauth);
Sunil Ravi99c035e2024-07-12 01:42:03 +0000[diff] [blame]231void pasn_set_password(struct pasn_data *pasn, const char *password);
232void pasn_set_wpa_key_mgmt(struct pasn_data *pasn, int key_mgmt);
233void pasn_set_rsn_pairwise(struct pasn_data *pasn, int rsn_pairwise);
234void pasn_set_rsnxe_caps(struct pasn_data *pasn, u16 rsnxe_capab);
235void pasn_set_rsnxe_ie(struct pasn_data *pasn, const u8 *rsnxe_ie);
236void pasn_set_custom_pmkid(struct pasn_data *pasn, const u8 *pmkid);
237int pasn_set_extra_ies(struct pasn_data *pasn, const u8 *extra_ies,
238 size_t extra_ies_len);
Sunil Ravic0f5d412024-09-11 22:12:49 +0000[diff] [blame]239struct rsn_pmksa_cache * pasn_responder_pmksa_cache_init(void);
240void pasn_responder_pmksa_cache_deinit(struct rsn_pmksa_cache *pmksa);
241int pasn_responder_pmksa_cache_add(struct rsn_pmksa_cache *pmksa,
Sunil Ravi79e6c4f2025-01-04 00:47:06 +0000[diff] [blame^]242 const u8 *own_addr, const u8 *bssid,
243 const u8 *pmk, size_t pmk_len,
244 const u8 *pmkid);
Sunil Ravic0f5d412024-09-11 22:12:49 +0000[diff] [blame]245int pasn_responder_pmksa_cache_get(struct rsn_pmksa_cache *pmksa,
246 const u8 *bssid, u8 *pmkid, u8 *pmk,
247 size_t *pmk_len);
248void pasn_responder_pmksa_cache_remove(struct rsn_pmksa_cache *pmksa,
249 const u8 *bssid);
250void pasn_responder_pmksa_cache_flush(struct rsn_pmksa_cache *pmksa);
Sunil Ravi99c035e2024-07-12 01:42:03 +0000[diff] [blame]251
252int pasn_get_akmp(struct pasn_data *pasn);
253int pasn_get_cipher(struct pasn_data *pasn);
254size_t pasn_get_pmk_len(struct pasn_data *pasn);
255u8 * pasn_get_pmk(struct pasn_data *pasn);
256struct wpa_ptk * pasn_get_ptk(struct pasn_data *pasn);
Sunil Ravi79e6c4f2025-01-04 00:47:06 +0000[diff] [blame^]257int pasn_add_encrypted_data(struct pasn_data *pasn, struct wpabuf *buf,
258 const u8 *data, size_t data_len);
259int pasn_parse_encrypted_data(struct pasn_data *pasn, const u8 *data,
260 size_t len);
Sunil Ravi77d572f2023-01-17 23:58:31 +0000[diff] [blame]261
262#ifdef __cplusplus
263}
264#endif
265#endif /* PASN_COMMON_H */