Lines Matching refs:sm
40 * @sm: Pointer to WPA state machine data from wpa_sm_init()
50 int wpa_eapol_key_send(struct wpa_sm *sm, struct wpa_ptk *ptk,
55 size_t mic_len = wpa_mic_len(sm->key_mgmt, sm->pmk_len);
59 MAC2STR(dest), ver, (int) mic_len, sm->key_mgmt);
60 if (is_zero_ether_addr(dest) && is_zero_ether_addr(sm->bssid)) {
65 if (wpa_sm_get_bssid(sm, sm->bssid) < 0) {
66 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
70 dest = sm->bssid;
71 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
83 wpa_eapol_key_mic(ptk->kck, ptk->kck_len, sm->key_mgmt, ver,
85 wpa_msg(sm->ctx->msg_ctx, MSG_ERROR,
87 ver, sm->key_mgmt);
161 ret = wpa_sm_ether_send(sm, dest, proto, msg, msg_len);
162 eapol_sm_notify_tx_eapol_key(sm->eapol);
171 * @sm: Pointer to WPA state machine data from wpa_sm_init()
179 void wpa_sm_key_request(struct wpa_sm *sm, int error, int pairwise)
186 if (wpa_use_akm_defined(sm->key_mgmt))
188 else if (wpa_key_mgmt_ft(sm->key_mgmt) ||
189 wpa_key_mgmt_sha256(sm->key_mgmt))
191 else if (sm->pairwise_cipher != WPA_CIPHER_TKIP)
196 if (wpa_sm_get_bssid(sm, bssid) < 0) {
197 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
202 mic_len = wpa_mic_len(sm->key_mgmt, sm->pmk_len);
204 rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL,
209 reply->type = (sm->proto == WPA_PROTO_RSN ||
210 sm->proto == WPA_PROTO_OSEN) ?
213 if (sm->ptk_set)
215 if (sm->ptk_set && mic_len)
223 os_memcpy(reply->replay_counter, sm->request_counter,
225 inc_byte_array(sm->request_counter, WPA_REPLAY_COUNTER_LEN);
234 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
237 error, pairwise, sm->ptk_set, (unsigned long) rlen);
238 wpa_eapol_key_send(sm, &sm->ptk, ver, bssid, ETH_P_EAPOL, rbuf, rlen,
243 static void wpa_supplicant_key_mgmt_set_pmk(struct wpa_sm *sm)
246 if (sm->key_mgmt == WPA_KEY_MGMT_FT_IEEE8021X) {
247 if (wpa_sm_key_mgmt_set_pmk(sm, sm->xxkey, sm->xxkey_len))
248 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
252 if (wpa_sm_key_mgmt_set_pmk(sm, sm->pmk, sm->pmk_len))
253 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
261 static int wpa_supplicant_get_pmk(struct wpa_sm *sm,
267 if (pmkid && !sm->cur_pmksa) {
272 sm->cur_pmksa = pmksa_cache_get(sm->pmksa, src_addr, pmkid,
274 if (sm->cur_pmksa) {
275 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
278 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
284 if (pmkid && sm->cur_pmksa &&
285 os_memcmp_const(pmkid, sm->cur_pmksa->pmkid, PMKID_LEN) == 0) {
287 wpa_sm_set_pmk_from_pmksa(sm);
289 sm->pmk, sm->pmk_len);
290 eapol_sm_notify_cached(sm->eapol);
292 sm->xxkey_len = 0;
294 if (sm->key_mgmt == WPA_KEY_MGMT_FT_SAE &&
295 sm->pmk_len == PMK_LEN) {
301 os_memcpy(sm->xxkey, sm->pmk, sm->pmk_len);
302 sm->xxkey_len = sm->pmk_len;
306 } else if (wpa_key_mgmt_wpa_ieee8021x(sm->key_mgmt) && sm->eapol) {
309 if (wpa_key_mgmt_sha384(sm->key_mgmt))
313 res = eapol_sm_get_key(sm->eapol, sm->pmk, pmk_len);
320 res = eapol_sm_get_key(sm->eapol, sm->pmk, 16);
326 if (eapol_sm_get_key(sm->eapol, buf, 2 * PMK_LEN) == 0)
328 if (wpa_key_mgmt_sha384(sm->key_mgmt)) {
329 os_memcpy(sm->xxkey, buf,
331 sm->xxkey_len = SHA384_MAC_LEN;
333 os_memcpy(sm->xxkey, buf + PMK_LEN,
335 sm->xxkey_len = PMK_LEN;
346 if (sm->fils_cache_id_set)
347 fils_cache_id = sm->fils_cache_id;
351 "machines", sm->pmk, pmk_len);
352 sm->pmk_len = pmk_len;
353 wpa_supplicant_key_mgmt_set_pmk(sm);
354 if (sm->proto == WPA_PROTO_RSN &&
355 !wpa_key_mgmt_suite_b(sm->key_mgmt) &&
356 !wpa_key_mgmt_ft(sm->key_mgmt)) {
357 sa = pmksa_cache_add(sm->pmksa,
358 sm->pmk, pmk_len, NULL,
360 src_addr, sm->own_addr,
361 sm->network_ctx,
362 sm->key_mgmt,
365 if (!sm->cur_pmksa && pmkid &&
366 pmksa_cache_get(sm->pmksa, src_addr, pmkid, NULL,
368 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
372 } else if (sa && !sm->cur_pmksa && pmkid) {
380 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
385 if (!sm->cur_pmksa)
386 sm->cur_pmksa = sa;
388 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
392 if (sm->cur_pmksa) {
393 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
396 sm->cur_pmksa = NULL;
404 if (abort_cached && wpa_key_mgmt_wpa_ieee8021x(sm->key_mgmt) &&
405 !wpa_key_mgmt_suite_b(sm->key_mgmt) &&
406 !wpa_key_mgmt_ft(sm->key_mgmt) && sm->key_mgmt != WPA_KEY_MGMT_OSEN)
412 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
415 buf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_START,
418 wpa_sm_ether_send(sm, sm->bssid, ETH_P_EAPOL,
433 * @sm: Pointer to WPA state machine data from wpa_sm_init()
443 int wpa_supplicant_send_2_of_4(struct wpa_sm *sm, const unsigned char *dst,
456 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, "WPA: No wpa_ie set - "
462 if (wpa_key_mgmt_ft(sm->key_mgmt)) {
470 sm->assoc_resp_ies_len);
475 sm->pmk_r1_name);
481 if (sm->assoc_resp_ies) {
482 os_memcpy(rsn_ie_buf + wpa_ie_len, sm->assoc_resp_ies,
483 sm->assoc_resp_ies_len);
484 wpa_ie_len += sm->assoc_resp_ies_len;
493 mic_len = wpa_mic_len(sm->key_mgmt, sm->pmk_len);
495 rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY,
503 reply->type = (sm->proto == WPA_PROTO_RSN ||
504 sm->proto == WPA_PROTO_OSEN) ?
512 if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN)
528 wpa_dbg(sm->ctx->msg_ctx, MSG_INFO, "WPA: Sending EAPOL-Key 2/4");
529 return wpa_eapol_key_send(sm, ptk, ver, dst, ETH_P_EAPOL, rbuf, rlen,
534 static int wpa_derive_ptk(struct wpa_sm *sm, const unsigned char *src_addr,
541 if (wpa_key_mgmt_ft(sm->key_mgmt))
542 return wpa_derive_ptk_ft(sm, src_addr, key, ptk);
546 if (sm->key_mgmt == WPA_KEY_MGMT_DPP && sm->dpp_z) {
547 z = wpabuf_head(sm->dpp_z);
548 z_len = wpabuf_len(sm->dpp_z);
552 return wpa_pmk_to_ptk(sm->pmk, sm->pmk_len, "Pairwise key expansion",
553 sm->own_addr, sm->bssid, sm->snonce,
554 key->key_nonce, ptk, sm->key_mgmt,
555 sm
559 static void wpa_supplicant_process_1_of_4(struct wpa_sm *sm,
571 if (wpa_sm_get_network_ctx(sm) == NULL) {
572 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, "WPA: No SSID info "
577 wpa_sm_set_state(sm, WPA_4WAY_HANDSHAKE);
578 wpa_dbg(sm->ctx->msg_ctx, MSG_INFO, "WPA: RX message 1 of 4-Way "
583 if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) {
595 res = wpa_supplicant_get_pmk(sm, src_addr, ie.pmkid);
597 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "RSN: Do not reply to "
604 if (sm->renew_snonce) {
605 if (random_get_bytes(sm->snonce, WPA_NONCE_LEN)) {
606 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
610 sm->renew_snonce = 0;
612 sm->snonce, WPA_NONCE_LEN);
617 ptk = &sm->tptk;
618 if (wpa_derive_ptk(sm, src_addr, key, ptk) < 0)
620 if (sm->pairwise_cipher == WPA_CIPHER_TKIP) {
628 sm->tptk_set = 1;
630 kde = sm->assoc_wpa_ie;
631 kde_len = sm->assoc_wpa_ie_len;
634 if (wpa_sm_ocv_enabled(sm)) {
638 if (wpa_sm_channel_info(sm, &ci) != 0) {
661 if (sm->p2p) {
680 if (wpa_supplicant_send_2_of_4(sm, sm->bssid, key, ver, sm->snonce,
685 os_memcpy(sm->anonce, key->key_nonce, WPA_NONCE_LEN);
690 wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED);
696 struct wpa_sm *sm = eloop_ctx;
697 rsn_preauth_candidate_process(sm);
701 static void wpa_supplicant_key_neg_complete(struct wpa_sm *sm,
704 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
707 wpa_cipher_txt(sm->pairwise_cipher),
708 wpa_cipher_txt(sm->group_cipher));
709 wpa_sm_cancel_auth_timeout(sm);
710 wpa_sm_set_state(sm, WPA_COMPLETED);
714 sm, addr, MLME_SETPROTECTION_PROTECT_TYPE_RX_TX,
716 eapol_sm_notify_portValid(sm->eapol, TRUE);
717 if (wpa_key_mgmt_wpa_psk(sm->key_mgmt) ||
718 sm->key_mgmt == WPA_KEY_MGMT_DPP ||
719 sm->key_mgmt == WPA_KEY_MGMT_OWE)
720 eapol_sm_notify_eap_success(sm->eapol, TRUE);
728 if (!dl_list_empty(&sm->pmksa_candidates))
730 sm, NULL);
733 if (sm->cur_pmksa && sm->cur_pmksa->opportunistic) {
734 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
737 sm->cur_pmksa->opportunistic = 0;
741 if (wpa_key_mgmt_ft(sm->key_mgmt)) {
743 wpa_ft_prepare_auth_request(sm, NULL);
751 struct wpa_sm *sm = eloop_ctx;
752 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Request PTK rekeying");
753 wpa_sm_key_request(sm, 0, 1);
757 static int wpa_supplicant_install_ptk(struct wpa_sm *sm,
764 if (sm->ptk.installed) {
765 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
770 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
773 if (sm->pairwise_cipher == WPA_CIPHER_NONE) {
774 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Pairwise Cipher "
779 if (!wpa_cipher_valid_pairwise(sm->pairwise_cipher)) {
780 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
782 sm->pairwise_cipher);
786 alg = wpa_cipher_to_alg(sm->pairwise_cipher);
787 keylen = wpa_cipher_key_len(sm->pairwise_cipher);
788 if (keylen <= 0 || (unsigned int) keylen != sm->ptk.tk_len) {
790 keylen, (long unsigned int) sm->ptk.tk_len);
793 rsclen = wpa_cipher_rsc_len(sm->pairwise_cipher);
795 if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) {
802 if (wpa_sm_set_key(sm, alg, sm->bssid, 0, 1, key_rsc, rsclen,
803 sm->ptk.tk, keylen) < 0) {
804 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
807 alg, keylen, MAC2STR(sm->bssid));
812 os_memset(sm->ptk.tk, 0, WPA_TK_MAX_LEN);
813 sm->ptk.tk_len = 0;
814 sm->ptk.installed = 1;
816 if (sm->wpa_ptk_rekey) {
817 eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL);
818 eloop_register_timeout(sm->wpa_ptk_rekey, 0, wpa_sm_rekey_ptk,
819 sm, NULL);
826 static int wpa_supplicant_check_group_cipher(struct wpa_sm *sm,
836 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
845 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
862 static int wpa_supplicant_install_gtk(struct wpa_sm *sm,
870 if ((sm->gtk.gtk_len == (size_t) gd->gtk_len &&
871 os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) ||
872 (sm->gtk_wnm_sleep.gtk_len == (size_t) gd->gtk_len &&
873 os_memcmp(sm->gtk_wnm_sleep.gtk, gd->gtk,
874 sm->gtk_wnm_sleep.gtk_len) == 0)) {
875 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
882 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
886 if (sm->group_cipher == WPA_CIPHER_TKIP) {
893 if (sm->pairwise_cipher == WPA_CIPHER_NONE) {
894 if (wpa_sm_set_key(sm, gd->alg, NULL,
897 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
903 } else if (wpa_sm_set_key(sm, gd->alg, broadcast_ether_addr,
906 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
916 sm->gtk_wnm_sleep.gtk_len = gd->gtk_len;
917 os_memcpy(sm->gtk_wnm_sleep.gtk, gd->gtk,
918 sm->gtk_wnm_sleep.gtk_len);
920 sm->gtk.gtk_len = gd->gtk_len;
921 os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len);
928 static int wpa_supplicant_gtk_tx_bit_workaround(const struct wpa_sm *sm,
931 if (tx && sm->pairwise_cipher != WPA_CIPHER_NONE) {
937 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
946 static int wpa_supplicant_rsc_relaxation(const struct wpa_sm *sm,
951 if (!sm->wpa_rsc_relaxation)
954 rsclen = wpa_cipher_rsc_len(sm->group_cipher);
964 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
976 static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm,
1000 gd.tx = wpa_supplicant_gtk_tx_bit_workaround(sm,
1009 if (wpa_supplicant_rsc_relaxation(sm, key->key_rsc))
1012 if (sm->group_cipher != WPA_CIPHER_GTK_NOT_USED &&
1013 (wpa_supplicant_check_group_cipher(sm, sm->group_cipher,
1016 wpa_supplicant_install_gtk(sm, &gd, key_rsc, 0))) {
1017 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1029 static int wpa_supplicant_install_igtk(struct wpa_sm *sm,
1033 size_t len = wpa_cipher_key_len(sm->mgmt_group_cipher);
1037 if ((sm->igtk.igtk_len == len &&
1038 os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) ||
1039 (sm->igtk_wnm_sleep.igtk_len == len &&
1040 os_memcmp(sm->igtk_wnm_sleep.igtk, igtk->igtk,
1041 sm->igtk_wnm_sleep.igtk_len) == 0)) {
1042 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1048 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1053 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1057 if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher),
1075 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1078 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1085 sm->igtk_wnm_sleep.igtk_len = len;
1086 os_memcpy(sm->igtk_wnm_sleep.igtk, igtk->igtk,
1087 sm->igtk_wnm_sleep.igtk_len);
1089 sm->igtk.igtk_len = len;
1090 os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len);
1098 static int ieee80211w_set_keys(struct wpa_sm *sm,
1102 if (!wpa_cipher_valid_mgmt_group(sm->mgmt_group_cipher))
1109 len = wpa_cipher_key_len(sm->mgmt_group_cipher);
1114 if (wpa_supplicant_install_igtk(sm, igtk, 0) < 0)
1125 static void wpa_report_ie_mismatch(struct wpa_sm *sm,
1130 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, "WPA: %s (src=" MACSTR ")",
1133 if (sm->ap_wpa_ie) {
1135 sm->ap_wpa_ie, sm->ap_wpa_ie_len);
1138 if (!sm
1139 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1146 if (sm->ap_rsn_ie) {
1148 sm->ap_rsn_ie, sm->ap_rsn_ie_len);
1151 if (!sm->ap_rsn_ie) {
1152 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1159 wpa_sm_deauthenticate(sm, WLAN_REASON_IE_IN_4WAY_DIFFERS);
1165 static int ft_validate_mdie(struct wpa_sm *sm,
1174 os_memcmp(mdie->mobility_domain, sm->mobility_domain,
1176 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "FT: MDIE in msg 3/4 did "
1184 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "FT: MDIE mismatch");
1196 static int ft_validate_ftie(struct wpa_sm *sm,
1202 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1212 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "FT: FTIE mismatch");
1224 static int ft_validate_rsnie(struct wpa_sm *sm,
1239 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "FT: No PMKR1Name in "
1244 if (os_memcmp_const(rsn.pmkid, sm->pmk_r1_name, WPA_PMK_NAME_LEN) != 0)
1246 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1252 sm->pmk_r1_name, WPA_PMK_NAME_LEN);
1260 static int wpa_supplicant_validate_ie_ft(struct wpa_sm *sm,
1266 if (sm->assoc_resp_ies) {
1267 pos = sm->assoc_resp_ies;
1268 end = pos + sm->assoc_resp_ies_len;
1284 if (ft_validate_mdie(sm, src_addr, ie, mdie) < 0 ||
1285 ft_validate_ftie(sm, src_addr, ie, ftie) < 0 ||
1286 ft_validate_rsnie(sm, src_addr, ie) < 0)
1295 static int wpa_supplicant_validate_ie(struct wpa_sm *sm,
1299 if (sm->ap_wpa_ie == NULL && sm->ap_rsn_ie == NULL) {
1300 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1303 if (wpa_sm_get_beacon_ie(sm) < 0) {
1304 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1308 wpa_msg(sm->ctx->msg_ctx, MSG_DEBUG,
1315 (sm->ap_wpa_ie || sm->ap_rsn_ie)) {
1316 wpa_report_ie_mismatch(sm, "IE in 3/4 msg does not match "
1323 if ((ie->wpa_ie && sm->ap_wpa_ie &&
1324 (ie->wpa_ie_len != sm->ap_wpa_ie_len ||
1325 os_memcmp(ie->wpa_ie, sm->ap_wpa_ie, ie->wpa_ie_len) != 0)) ||
1326 (ie->rsn_ie && sm->ap_rsn_ie &&
1327 wpa_compare_rsn_ie(wpa_key_mgmt_ft(sm->key_mgmt),
1328 sm->ap_rsn_ie, sm->ap_rsn_ie_len,
1330 wpa_report_ie_mismatch(sm, "IE in 3/4 msg does not match "
1337 if (sm->proto == WPA_PROTO_WPA &&
1338 ie->rsn_ie && sm->ap_rsn_ie == NULL && sm->rsn_enabled) {
1339 wpa_report_ie_mismatch(sm, "Possible downgrade attack "
1349 if (wpa_key_mgmt_ft(sm->key_mgmt) &&
1350 wpa_supplicant_validate_ie_ft(sm, src_addr, ie) < 0)
1360 * @sm: Pointer to WPA state machine data from wpa_sm_init()
1368 int wpa_supplicant_send_4_of_4(struct wpa_sm *sm, const unsigned char *dst,
1377 mic_len = wpa_mic_len(sm->key_mgmt, sm->pmk_len);
1379 rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL,
1384 reply->type = (sm->proto == WPA_PROTO_RSN ||
1385 sm->proto == WPA_PROTO_OSEN) ?
1394 if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN)
1404 wpa_dbg(sm->ctx->msg_ctx, MSG_INFO, "WPA: Sending EAPOL-Key 4/4");
1405 return wpa_eapol_key_send(sm, ptk, ver, dst, ETH_P_EAPOL, rbuf, rlen,
1410 static void wpa_supplicant_process_3_of_4(struct wpa_sm *sm,
1418 wpa_sm_set_state(sm, WPA_4WAY_HANDSHAKE);
1419 wpa_dbg(sm->ctx->msg_ctx, MSG_INFO, "WPA: RX message 3 of 4-Way "
1420 "Handshake from " MACSTR " (ver=%d)", MAC2STR(sm->bssid), ver);
1428 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1434 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1440 wpa_cipher_valid_mgmt_group(sm->mgmt_group_cipher) &&
1442 (unsigned int) wpa_cipher_key_len(sm->mgmt_group_cipher)) {
1443 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1450 if (wpa_supplicant_validate_ie(sm, sm->bssid, &ie) < 0)
1453 if (os_memcmp(sm->anonce, key->key_nonce, WPA_NONCE_LEN) != 0) {
1454 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1457 MACSTR ")", MAC2STR(sm->bssid));
1462 if (keylen != wpa_cipher_key_len(sm->pairwise_cipher)) {
1463 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1465 ")", wpa_cipher_txt(sm->pairwise_cipher), keylen,
1466 MAC2STR(sm->bssid));
1472 os_memcpy(sm->p2p_ip_addr, ie.ip_addr_alloc, 3 * 4);
1474 sm->p2p_ip_addr, sizeof(sm->p2p_ip_addr));
1479 if (wpa_sm_ocv_enabled(sm)) {
1482 if (wpa_sm_channel_info(sm, &ci) != 0) {
1483 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1491 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, "%s",
1498 if (wpa_supplicant_send_4_of_4(sm, sm->bssid, key, ver, key_info,
1499 &sm->ptk) < 0) {
1506 sm->renew_snonce = 1;
1509 if (wpa_supplicant_install_ptk(sm, key))
1515 sm, sm->bssid, MLME_SETPROTECTION_PROTECT_TYPE_RX,
1517 eapol_sm_notify_portValid(sm->eapol, TRUE);
1519 wpa_sm_set_state(sm, WPA_GROUP_HANDSHAKE);
1521 if (sm->group_cipher == WPA_CIPHER_GTK_NOT_USED) {
1523 } else if (!ie.gtk && sm->proto == WPA_PROTO_RSN) {
1524 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1528 wpa_supplicant_pairwise_gtk(sm, key,
1530 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1535 if (ieee80211w_set_keys(sm, &ie) < 0) {
1536 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1541 if (sm->group_cipher == WPA_CIPHER_GTK_NOT_USED || ie.gtk)
1542 wpa_supplicant_key_neg_complete(sm, sm->bssid,
1546 wpa_sm_set_rekey_offload(sm);
1553 if (sm->proto == WPA_PROTO_RSN && wpa_key_mgmt_suite_b(sm->key_mgmt) &&
1554 !sm->cur_pmksa) {
1557 sa = pmksa_cache_add(sm->pmksa, sm->pmk, sm->pmk_len, NULL,
1558 sm->ptk.kck, sm->ptk.kck_len,
1559 sm->bssid, sm->own_addr,
1560 sm->network_ctx, sm->key_mgmt, NULL);
1561 if (!sm->cur_pmksa)
1562 sm->cur_pmksa = sa;
1565 sm->msg_3_of_4_ok = 1;
1569 wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED);
1573 static int wpa_supplicant_process_1_of_2_rsn(struct wpa_sm *sm,
1587 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1592 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1599 if (wpa_sm_ocv_enabled(sm)) {
1602 if (wpa_sm_channel_info(sm, &ci) != 0) {
1603 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1611 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, "%s",
1618 if (wpa_supplicant_check_group_cipher(sm, sm->group_cipher,
1626 gd->tx = wpa_supplicant_gtk_tx_bit_workaround(sm,
1629 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1636 if (ieee80211w_set_keys(sm, &ie) < 0)
1637 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1644 static int wpa_supplicant_process_1_of_2_wpa(struct wpa_sm *sm,
1657 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1666 wpa_supplicant_check_group_cipher(sm, sm->group_cipher,
1674 if (ver == WPA_KEY_INFO_TYPE_HMAC_MD5_RC4 && sm->ptk.kek_len == 16) {
1676 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1682 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1688 os_memcpy(ek + 16, sm->ptk.kek, sm->ptk.kek_len);
1692 wpa_msg(sm->ctx->msg_ctx, MSG_ERROR,
1700 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1706 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1713 if (aes_unwrap(sm->ptk.kek, sm->ptk.kek_len, maxkeylen / 8,
1715 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1721 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1726 sm, !!(key_info & WPA_KEY_INFO_TXRX));
1731 static int wpa_supplicant_send_2_of_2(struct wpa_sm *sm,
1741 if (wpa_sm_ocv_enabled(sm))
1745 mic_len = wpa_mic_len(sm->key_mgmt, sm->pmk_len);
1747 rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL,
1752 reply->type = (sm->proto == WPA_PROTO_RSN ||
1753 sm->proto == WPA_PROTO_OSEN) ?
1762 if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN)
1773 if (wpa_sm_ocv_enabled(sm)) {
1777 if (wpa_sm_channel_info(sm, &ci) != 0) {
1792 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Sending EAPOL-Key 2/2");
1793 return wpa_eapol_key_send(sm, &sm->ptk, ver, sm->bssid, ETH_P_EAPOL,
1798 static void wpa_supplicant_process_1_of_2(struct wpa_sm *sm,
1809 if (!sm->msg_3_of_4_ok && !wpa_fils_is_completed(sm)) {
1810 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1817 rekey = wpa_sm_get_state(sm) == WPA_COMPLETED;
1818 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: RX message 1 of Group Key "
1823 if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) {
1824 ret = wpa_supplicant_process_1_of_2_rsn(sm, key_data,
1828 ret = wpa_supplicant_process_1_of_2_wpa(sm, key, key_data,
1833 wpa_sm_set_state(sm, WPA_GROUP_HANDSHAKE);
1839 if (wpa_supplicant_rsc_relaxation(sm, key->key_rsc))
1842 if (wpa_supplicant_install_gtk(sm, &gd, key_rsc, 0) ||
1843 wpa_supplicant_send_2_of_2(sm, key, ver, key_info) < 0)
1848 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, "WPA: Group rekeying "
1850 MAC2STR(sm->bssid), wpa_cipher_txt(sm->group_cipher));
1851 wpa_sm_cancel_auth_timeout(sm);
1852 wpa_sm_set_state(sm, WPA_COMPLETED);
1854 wpa_supplicant_key_neg_complete(sm, sm->bssid,
1859 wpa_sm_set_rekey_offload(sm);
1865 wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED);
1869 static int wpa_supplicant_verify_eapol_key_mic(struct wpa_sm *sm,
1876 size_t mic_len = wpa_mic_len(sm->key_mgmt, sm->pmk_len);
1879 if (sm->tptk_set) {
1881 if (wpa_eapol_key_mic(sm->tptk.kck, sm->tptk.kck_len,
1882 sm->key_mgmt,
1885 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1898 sm->tptk_set = 0;
1899 sm->ptk_set = 1;
1900 os_memcpy(&sm->ptk, &sm->tptk, sizeof(sm->ptk));
1901 os_memset(&sm->tptk, 0, sizeof(sm->tptk));
1903 * This assures the same TPTK in sm->tptk can never be
1904 * copied twice to sm->ptk as the new PTK. In
1909 sm->renew_snonce = 1;
1913 if (!ok && sm->ptk_set) {
1915 if (wpa_eapol_key_mic(sm->ptk.kck, sm->ptk.kck_len,
1916 sm->key_mgmt,
1919 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1936 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1942 os_memcpy(sm->rx_replay_counter, key->replay_counter,
1944 sm->rx_replay_counter_set = 1;
1950 static int wpa_supplicant_decrypt_key_data(struct wpa_sm *sm,
1957 if (!sm->ptk_set) {
1958 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1966 if (ver == WPA_KEY_INFO_TYPE_HMAC_MD5_RC4 && sm->ptk.kek_len == 16) {
1968 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1976 os_memcpy(ek + 16, sm->ptk.kek, sm->ptk.kek_len);
1979 wpa_msg(sm->ctx->msg_ctx, MSG_ERROR,
1987 wpa_use_aes_key_wrap(sm->key_mgmt)) {
1992 (unsigned int) sm->ptk.kek_len);
1994 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
2002 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
2009 if (aes_unwrap(sm->ptk.kek, sm->ptk.kek_len, *key_data_len / 8,
2017 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
2029 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
2041 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2043 void wpa_sm_aborted_cached(struct wpa_sm *sm)
2045 if (sm && sm->cur_pmksa) {
2046 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
2048 sm->cur_pmksa = NULL;
2053 static void wpa_eapol_key_dump(struct wpa_sm *sm,
2061 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, " EAPOL-Key type=%d", key->type);
2062 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
2076 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
2091 static int wpa_supp_aead_decrypt(struct wpa_sm *sm, u8 *buf, size_t buf_len,
2106 if (sm->tptk_set)
2107 ptk = &sm->tptk;
2108 else if (sm->ptk_set)
2109 ptk = &sm->ptk;
2144 if (sm->tptk_set) {
2145 sm->tptk_set = 0;
2146 sm->ptk_set = 1;
2147 os_memcpy(&sm->ptk, &sm->tptk, sizeof(sm->ptk));
2148 os_memset(&sm->tptk, 0, sizeof(sm->tptk));
2151 os_memcpy(sm->rx_replay_counter, key->replay_counter,
2153 sm->rx_replay_counter_set = 1;
2162 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2176 int wpa_sm_rx_eapol(struct wpa_sm *sm, const u8 *src_addr,
2189 sm->ft_completed = 0;
2192 mic_len = wpa_mic_len(sm->key_mgmt, sm->pmk_len);
2196 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
2207 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
2215 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
2223 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
2231 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
2249 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
2257 wpa_eapol_key_dump(sm, key, key_data_len, mic, mic_len);
2260 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, "WPA: Invalid EAPOL-Key "
2267 eapol_sm_notify_lower_layer_success(sm->eapol, 0);
2275 !wpa_use_akm_defined(sm->key_mgmt)) {
2276 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
2282 if (wpa_use_akm_defined(sm->key_mgmt) &&
2284 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
2291 if (wpa_key_mgmt_ft(sm->key_mgmt)) {
2294 !wpa_use_akm_defined(sm->key_mgmt)) {
2295 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
2302 if (wpa_key_mgmt_sha256(sm->key_mgmt)) {
2304 !wpa_use_akm_defined(sm->key_mgmt)) {
2305 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
2312 if (sm->pairwise_cipher == WPA_CIPHER_CCMP &&
2313 !wpa_use_akm_defined(sm->key_mgmt) &&
2315 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
2318 if (sm->group_cipher != WPA_CIPHER_CCMP &&
2324 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
2328 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
2332 } else if (sm->pairwise_cipher == WPA_CIPHER_GCMP &&
2333 !wpa_use_akm_defined(sm->key_mgmt) &&
2335 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
2341 if (sm->rx_replay_counter_set &&
2342 os_memcmp(key->replay_counter, sm->rx_replay_counter,
2344 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
2351 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
2357 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
2363 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
2369 wpa_supplicant_verify_eapol_key_mic(sm, key, ver, tmp, data_len))
2374 if (wpa_supp_aead_decrypt(sm, tmp, data_len, &key_data_len))
2379 if ((sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) &&
2388 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
2392 if (wpa_supplicant_decrypt_key_data(sm, key, mic_len,
2400 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
2408 wpa_supplicant_process_3_of_4(sm, key, ver, key_data,
2412 wpa_supplicant_process_1_of_4(sm, src_addr, key,
2420 wpa_supplicant_process_1_of_2(sm, src_addr, key,
2424 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
2439 static u32 wpa_key_mgmt_suite(struct wpa_sm *sm)
2441 switch (sm->key_mgmt) {
2443 return ((sm->proto == WPA_PROTO_RSN ||
2444 sm->proto == WPA_PROTO_OSEN) ?
2448 return (sm->proto == WPA_PROTO_RSN ?
2464 return (sm->proto == WPA_PROTO_RSN ?
2485 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2492 int wpa_sm_get_mib(struct wpa_sm *sm, char *buf, size_t buflen)
2498 if (sm->cur_pmksa) {
2500 sm->cur_pmksa->pmkid, PMKID_LEN);
2504 if ((wpa_key_mgmt_wpa_psk(sm->key_mgmt) ||
2505 wpa_key_mgmt_wpa_ieee8021x(sm->key_mgmt)) &&
2506 sm->proto == WPA_PROTO_RSN)
2526 wpa_cipher_key_len(sm->group_cipher) * 8,
2527 sm->dot11RSNAConfigPMKLifetime,
2528 sm->dot11RSNAConfigPMKReauthThreshold,
2529 sm->dot11RSNAConfigSATimeout);
2545 RSN_SUITE_ARG(wpa_key_mgmt_suite(sm)),
2546 RSN_SUITE_ARG(wpa_cipher_to_suite(sm->proto,
2547 sm->pairwise_cipher)),
2548 RSN_SUITE_ARG(wpa_cipher_to_suite(sm->proto,
2549 sm->group_cipher)),
2551 RSN_SUITE_ARG(wpa_key_mgmt_suite(sm)),
2552 RSN_SUITE_ARG(wpa_cipher_to_suite(sm->proto,
2553 sm->pairwise_cipher)),
2554 RSN_SUITE_ARG(wpa_cipher_to_suite(sm->proto,
2555 sm->group_cipher)),
2556 sm->dot11RSNA4WayHandshakeFailures);
2568 struct wpa_sm *sm = ctx;
2571 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "RSN: PMKSA cache entry free_cb: "
2574 if (sm->cur_pmksa == entry) {
2575 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
2578 pmksa_cache_clear_current(sm);
2591 (sm->pmk_len == entry->pmk_len &&
2592 os_memcmp(sm->pmk, entry->pmk, sm->pmk_len) == 0)) {
2593 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
2595 pmksa_cache_clear_current(sm);
2600 sm->pmk_len = 0;
2601 os_memset(sm->pmk, 0, sizeof(sm->pmk));
2602 wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED);
2617 struct wpa_sm *sm;
2619 sm = os_zalloc(sizeof(*sm));
2620 if (sm == NULL)
2622 dl_list_init(&sm->pmksa_candidates);
2623 sm->renew_snonce = 1;
2624 sm->ctx = ctx;
2626 sm->dot11RSNAConfigPMKLifetime = 43200;
2627 sm->dot11RSNAConfigPMKReauthThreshold = 70;
2628 sm->dot11RSNAConfigSATimeout = 60;
2630 sm->pmksa = pmksa_cache_init(wpa_sm_pmksa_free_cb, sm, sm);
2631 if (sm->pmksa == NULL) {
2632 wpa_msg(sm->ctx->msg_ctx, MSG_ERROR,
2634 os_free(sm);
2638 return sm;
2644 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2646 void wpa_sm_deinit(struct wpa_sm *sm)
2648 if (sm == NULL)
2650 pmksa_cache_deinit(sm->pmksa);
2651 eloop_cancel_timeout(wpa_sm_start_preauth, sm, NULL);
2652 eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL);
2653 os_free(sm->assoc_wpa_ie);
2654 os_free(sm->ap_wpa_ie);
2655 os_free(sm->ap_rsn_ie);
2656 wpa_sm_drop_sa(sm);
2657 os_free(sm->ctx);
2659 os_free(sm->assoc_resp_ies);
2662 wpabuf_free(sm->test_assoc_ie);
2665 crypto_ecdh_deinit(sm->fils_ecdh);
2668 wpabuf_free(sm->fils_ft_ies);
2671 crypto_ecdh_deinit(sm->owe_ecdh);
2674 wpabuf_clear_free(sm->dpp_z);
2676 os_free(sm);
2682 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2688 void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid)
2692 if (sm == NULL)
2695 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
2697 os_memcpy(sm->bssid, bssid, ETH_ALEN);
2698 os_memset(sm->rx_replay_counter, 0, WPA_REPLAY_COUNTER_LEN);
2699 sm->rx_replay_counter_set = 0;
2700 sm->renew_snonce = 1;
2701 if (os_memcmp(sm->preauth_bssid, bssid, ETH_ALEN) == 0)
2702 rsn_preauth_deinit(sm);
2705 if (wpa_ft_is_completed(sm)) {
2710 eapol_sm_notify_portValid(sm->eapol, FALSE);
2711 wpa_supplicant_key_neg_complete(sm, sm->bssid, 1);
2714 wpa_ft_prepare_auth_request(sm, NULL);
2720 if (sm->fils_completed) {
2725 wpa_supplicant_key_neg_complete(sm, sm->bssid, 1);
2735 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Clear old PTK");
2736 sm->ptk_set = 0;
2737 os_memset(&sm->ptk, 0, sizeof(sm->ptk));
2738 sm->tptk_set = 0;
2739 os_memset(&sm->tptk, 0, sizeof(sm->tptk));
2740 os_memset(&sm->gtk, 0, sizeof(sm->gtk));
2741 os_memset(&sm->gtk_wnm_sleep, 0, sizeof(sm->gtk_wnm_sleep));
2743 os_memset(&sm->igtk, 0, sizeof(sm->igtk));
2744 os_memset(&sm->igtk_wnm_sleep, 0, sizeof(sm->igtk_wnm_sleep));
2749 wpa_tdls_assoc(sm);
2753 os_memset(sm->p2p_ip_addr, 0, sizeof(sm->p2p_ip_addr));
2760 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2765 void wpa_sm_notify_disassoc(struct wpa_sm *sm)
2767 eloop_cancel_timeout(wpa_sm_start_preauth, sm, NULL);
2768 eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL);
2769 rsn_preauth_deinit(sm);
2770 pmksa_cache_clear_current(sm);
2771 if (wpa_sm_get_state(sm) == WPA_4WAY_HANDSHAKE)
2772 sm->dot11RSNA4WayHandshakeFailures++;
2774 wpa_tdls_disassoc(sm);
2777 sm->fils_completed = 0;
2780 sm->ft_reassoc_completed = 0;
2784 wpa_sm_drop_sa(sm);
2786 sm->msg_3_of_4_ok = 0;
2787 os_memset(sm->bssid, 0, ETH_ALEN);
2793 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2801 void wpa_sm_set_pmk(struct wpa_sm *sm, const u8 *pmk, size_t pmk_len,
2804 if (sm == NULL)
2809 sm->pmk_len = pmk_len;
2810 os_memcpy(sm->pmk, pmk, pmk_len);
2814 sm->xxkey_len = pmk_len;
2815 os_memcpy(sm->xxkey, pmk, pmk_len);
2819 pmksa_cache_add(sm->pmksa, pmk, pmk_len, pmkid, NULL, 0,
2820 bssid, sm->own_addr,
2821 sm->network_ctx, sm->key_mgmt, NULL);
2828 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2833 void wpa_sm_set_pmk_from_pmksa(struct wpa_sm *sm)
2835 if (sm == NULL)
2838 if (sm->cur_pmksa) {
2841 sm->cur_pmksa->pmk, sm->cur_pmksa->pmk_len);
2842 sm->pmk_len = sm->cur_pmksa->pmk_len;
2843 os_memcpy(sm->pmk, sm->cur_pmksa->pmk, sm->pmk_len);
2846 sm->pmk_len = 0;
2847 os_memset(sm->pmk, 0, PMK_LEN_MAX);
2854 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2857 void wpa_sm_set_fast_reauth(struct wpa_sm *sm, int fast_reauth)
2859 if (sm)
2860 sm->fast_reauth = fast_reauth;
2866 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2869 void wpa_sm_set_scard_ctx(struct wpa_sm *sm, void *scard_ctx)
2871 if (sm == NULL)
2873 sm->scard_ctx = scard_ctx;
2874 if (sm->preauth_eapol)
2875 eapol_sm_register_scard_ctx(sm->preauth_eapol, scard_ctx);
2881 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2888 void wpa_sm_set_config(struct wpa_sm *sm, struct rsn_supp_config *config)
2890 if (!sm)
2894 sm->network_ctx = config->network_ctx;
2895 sm->allowed_pairwise_cipher = config->allowed_pairwise_cipher;
2896 sm->proactive_key_caching = config->proactive_key_caching;
2897 sm->eap_workaround = config->eap_workaround;
2898 sm->eap_conf_ctx = config->eap_conf_ctx;
2900 os_memcpy(sm->ssid, config->ssid, config->ssid_len);
2901 sm->ssid_len = config->ssid_len;
2903 sm->ssid_len = 0;
2904 sm->wpa_ptk_rekey = config->wpa_ptk_rekey;
2905 sm->p2p = config->p2p;
2906 sm->wpa_rsc_relaxation = config->wpa_rsc_relaxation;
2909 sm->fils_cache_id_set = 1;
2910 os_memcpy(sm->fils_cache_id, config->fils_cache_id,
2913 sm->fils_cache_id_set = 0;
2917 sm->network_ctx = NULL;
2918 sm->allowed_pairwise_cipher = 0;
2919 sm->proactive_key_caching = 0;
2920 sm->eap_workaround = 0;
2921 sm->eap_conf_ctx = NULL;
2922 sm->ssid_len = 0;
2923 sm->wpa_ptk_rekey = 0;
2924 sm->p2p = 0;
2925 sm->wpa_rsc_relaxation = 0;
2932 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2935 void wpa_sm_set_own_addr(struct wpa_sm *sm, const u8 *addr)
2937 if (sm)
2938 os_memcpy(sm->own_addr, addr, ETH_ALEN);
2944 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2948 void wpa_sm_set_ifname(struct wpa_sm *sm, const char *ifname,
2951 if (sm) {
2952 sm->ifname = ifname;
2953 sm->bridge_ifname = bridge_ifname;
2960 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2963 void wpa_sm_set_eapol(struct wpa_sm *sm, struct eapol_sm *eapol)
2965 if (sm)
2966 sm->eapol = eapol;
2972 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2977 int wpa_sm_set_param(struct wpa_sm *sm, enum wpa_sm_conf_params param,
2982 if (sm == NULL)
2988 sm->dot11RSNAConfigPMKLifetime = value;
2994 sm->dot11RSNAConfigPMKReauthThreshold = value;
3000 sm->dot11RSNAConfigSATimeout = value;
3005 sm->proto = value;
3008 sm->pairwise_cipher = value;
3011 sm->group_cipher = value;
3014 sm->key_mgmt = value;
3018 sm->mgmt_group_cipher = value;
3022 sm->rsn_enabled = value;
3025 sm->mfp = value;
3028 sm->ocv = value;
3040 * @sm: Pointer to WPA state machine data from wpa_sm_init()
3050 int wpa_sm_get_status(struct wpa_sm *sm, char *buf, size_t buflen,
3060 wpa_cipher_txt(sm->pairwise_cipher),
3061 wpa_cipher_txt(sm->group_cipher),
3062 wpa_key_mgmt_txt(sm->key_mgmt, sm->proto));
3067 if (sm->mfp != NO_MGMT_FRAME_PROTECTION && sm->ap_rsn_ie) {
3069 if (wpa_parse_wpa_ie_rsn(sm->ap_rsn_ie, sm->ap_rsn_ie_len, &rsn)
3078 sm->mgmt_group_cipher));
3089 int wpa_sm_pmf_enabled(struct wpa_sm *sm)
3093 if (sm->mfp == NO_MGMT_FRAME_PROTECTION || !sm->ap_rsn_ie)
3096 if (wpa_parse_wpa_ie_rsn(sm->ap_rsn_ie, sm->ap_rsn_ie_len, &rsn) >= 0 &&
3104 int wpa_sm_ocv_enabled(struct wpa_sm *sm)
3108 if (!sm->ocv || !sm->ap_rsn_ie)
3111 return wpa_parse_wpa_ie_rsn(sm->ap_rsn_ie, sm->ap_rsn_ie_len,
3119 * @sm: Pointer to WPA state machine data from wpa_sm_init()
3124 int wpa_sm_set_assoc_wpa_ie_default(struct wpa_sm *sm, u8 *wpa_ie,
3129 if (sm == NULL)
3133 if (sm->test_assoc_ie) {
3136 if (*wpa_ie_len < wpabuf_len(sm->test_assoc_ie))
3138 os_memcpy(wpa_ie, wpabuf_head(sm->test_assoc_ie),
3139 wpabuf_len(sm->test_assoc_ie));
3140 res = wpabuf_len(sm->test_assoc_ie);
3143 res = wpa_gen_wpa_ie(sm, wpa_ie, *wpa_ie_len);
3151 if (sm->assoc_wpa_ie == NULL) {
3157 sm->assoc_wpa_ie = os_memdup(wpa_ie, *wpa_ie_len);
3158 if (sm->assoc_wpa_ie == NULL)
3161 sm->assoc_wpa_ie_len = *wpa_ie_len;
3165 sm->assoc_wpa_ie, sm->assoc_wpa_ie_len);
3174 * @sm: Pointer to WPA state machine data from wpa_sm_init()
3183 int wpa_sm_set_assoc_wpa_ie(struct wpa_sm *sm, const u8 *ie, size_t len)
3185 if (sm == NULL)
3188 os_free(sm->assoc_wpa_ie);
3190 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
3192 sm->assoc_wpa_ie = NULL;
3193 sm->assoc_wpa_ie_len = 0;
3196 sm->assoc_wpa_ie = os_memdup(ie, len);
3197 if (sm->assoc_wpa_ie == NULL)
3200 sm->assoc_wpa_ie_len = len;
3209 * @sm: Pointer to WPA state machine data from wpa_sm_init()
3217 int wpa_sm_set_ap_wpa_ie(struct wpa_sm *sm, const u8 *ie, size_t len)
3219 if (sm == NULL)
3222 os_free(sm->ap_wpa_ie);
3224 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
3226 sm->ap_wpa_ie = NULL;
3227 sm->ap_wpa_ie_len = 0;
3230 sm->ap_wpa_ie = os_memdup(ie, len);
3231 if (sm->ap_wpa_ie == NULL)
3234 sm->ap_wpa_ie_len = len;
3243 * @sm: Pointer to WPA state machine data from wpa_sm_init()
3251 int wpa_sm_set_ap_rsn_ie(struct wpa_sm *sm, const u8 *ie, size_t len)
3253 if (sm == NULL)
3256 os_free(sm->ap_rsn_ie);
3258 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
3260 sm->ap_rsn_ie = NULL;
3261 sm->ap_rsn_ie_len = 0;
3264 sm->ap_rsn_ie = os_memdup(ie, len);
3265 if (sm->ap_rsn_ie == NULL)
3268 sm->ap_rsn_ie_len = len;
3277 * @sm: Pointer to WPA state machine data from wpa_sm_init()
3284 int wpa_sm_parse_own_wpa_ie(struct wpa_sm *sm, struct wpa_ie_data *data)
3286 if (sm == NULL)
3289 if (sm->assoc_wpa_ie == NULL) {
3290 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
3294 if (wpa_parse_wpa_ie(sm->assoc_wpa_ie, sm->assoc_wpa_ie_len, data))
3300 int wpa_sm_pmksa_cache_list(struct wpa_sm *sm, char *buf, size_t len)
3302 return pmksa_cache_list(sm->pmksa, buf, len);
3306 struct rsn_pmksa_cache_entry * wpa_sm_pmksa_cache_head(struct wpa_sm *sm)
3308 return pmksa_cache_head(sm->pmksa);
3313 wpa_sm_pmksa_cache_add_entry(struct wpa_sm *sm,
3316 return pmksa_cache_add_entry(sm->pmksa, entry);
3320 void wpa_sm_pmksa_cache_add(struct wpa_sm *sm, const u8 *pmk, size_t pmk_len,
3324 sm->cur_pmksa = pmksa_cache_add(sm->pmksa, pmk, pmk_len, pmkid, NULL, 0,
3325 bssid, sm->own_addr, sm->network_ctx,
3326 sm->key_mgmt, fils_cache_id);
3330 int wpa_sm_pmksa_exists(struct wpa_sm *sm, const u8 *bssid,
3333 return pmksa_cache_get(sm->pmksa, bssid, NULL, network_ctx, 0) != NULL;
3337 void wpa_sm_drop_sa(struct wpa_sm *sm)
3339 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Clear old PMK and PTK");
3340 sm->ptk_set = 0;
3341 sm->tptk_set = 0;
3342 sm->pmk_len = 0;
3343 os_memset(sm->pmk, 0, sizeof(sm->pmk));
3344 os_memset(&sm->ptk, 0, sizeof(sm->ptk));
3345 os_memset(&sm->tptk, 0, sizeof(sm->tptk));
3346 os_memset(&sm->gtk, 0, sizeof(sm->gtk));
3347 os_memset(&sm->gtk_wnm_sleep, 0, sizeof(sm->gtk_wnm_sleep));
3349 os_memset(&sm->igtk, 0, sizeof(sm->igtk));
3350 os_memset(&sm->igtk_wnm_sleep, 0, sizeof(sm->igtk_wnm_sleep));
3353 os_memset(sm->xxkey, 0, sizeof(sm->xxkey));
3354 sm->xxkey_len = 0;
3355 os_memset(sm->pmk_r0, 0, sizeof(sm->pmk_r0));
3356 sm->pmk_r0_len = 0;
3357 os_memset(sm->pmk_r1, 0, sizeof(sm->pmk_r1));
3358 sm->pmk_r1_len = 0;
3363 int wpa_sm_has_ptk(struct wpa_sm *sm)
3365 if (sm == NULL)
3367 return sm->ptk_set;
3371 void wpa_sm_update_replay_ctr(struct wpa_sm *sm, const u8 *replay_ctr)
3373 os_memcpy(sm->rx_replay_counter, replay_ctr, WPA_REPLAY_COUNTER_LEN);
3377 void wpa_sm_pmksa_cache_flush(struct wpa_sm *sm, void *network_ctx)
3379 pmksa_cache_flush(sm->pmksa, network_ctx, NULL, 0);
3384 int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf)
3394 keylen = wpa_cipher_key_len(sm->group_cipher);
3395 gd.key_rsc_len = wpa_cipher_rsc_len(sm->group_cipher);
3396 gd.alg = wpa_cipher_to_alg(sm->group_cipher);
3412 sm, !!(keyinfo & WPA_KEY_INFO_TXRX));
3418 if (wpa_supplicant_install_gtk(sm, &gd, key_rsc, 1)) {
3430 if (wpa_supplicant_install_igtk(sm, igtk, 1) < 0)
3445 int wpa_sm_get_p2p_ip_addr(struct wpa_sm *sm, u8 *buf)
3447 if (sm == NULL || WPA_GET_BE32(sm->p2p_ip_addr) == 0)
3449 os_memcpy(buf, sm->p2p_ip_addr, 3 * 4);
3456 void wpa_sm_set_rx_replay_ctr(struct wpa_sm *sm, const u8 *rx_replay_counter)
3461 os_memcpy(sm->rx_replay_counter, rx_replay_counter,
3463 sm->rx_replay_counter_set = 1;
3468 void wpa_sm_set_ptk_kck_kek(struct wpa_sm *sm,
3473 os_memcpy(sm->ptk.kck, ptk_kck, ptk_kck_len);
3474 sm->ptk.kck_len = ptk_kck_len;
3478 os_memcpy(sm
3479 sm->ptk.kek_len = ptk_kek_len;
3482 sm->ptk_set = 1;
3488 void wpa_sm_set_test_assoc_ie(struct wpa_sm *sm, struct wpabuf *buf)
3490 wpabuf_free(sm->test_assoc_ie);
3491 sm->test_assoc_ie = buf;
3495 const u8 * wpa_sm_get_anonce(struct wpa_sm *sm)
3497 return sm->anonce;
3503 unsigned int wpa_sm_get_key_mgmt(struct wpa_sm *sm)
3505 return sm->key_mgmt;
3511 struct wpabuf * fils_build_auth(struct wpa_sm *sm, int dh_group, const u8 *md)
3517 erp_msg = eapol_sm_build_erp_reauth_start(sm->eapol);
3518 if (!erp_msg && !sm->cur_pmksa) {
3525 erp_msg != NULL, sm->cur_pmksa != NULL);
3527 sm->fils_completed = 0;
3529 if (!sm->assoc_wpa_ie) {
3534 if (random_get_bytes(sm->fils_nonce, FILS_NONCE_LEN) < 0 ||
3535 random_get_bytes(sm->fils_session, FILS_SESSION_LEN) < 0)
3539 sm->fils_nonce, FILS_NONCE_LEN);
3541 sm->fils_session, FILS_SESSION_LEN);
3544 sm->fils_dh_group = dh_group;
3546 crypto_ecdh_deinit(sm->fils_ecdh);
3547 sm->fils_ecdh = crypto_ecdh_init(dh_group);
3548 if (!sm->fils_ecdh) {
3554 pub = crypto_ecdh_get_pubkey(sm->fils_ecdh, 1);
3559 sm->fils_dh_elem_len = wpabuf_len(pub);
3563 buf = wpabuf_alloc(1000 + sm->assoc_wpa_ie_len +
3588 sm->assoc_wpa_ie, sm->assoc_wpa_ie_len);
3589 wpabuf_put_data(buf, sm->assoc_wpa_ie, sm->assoc_wpa_ie_len);
3607 wpabuf_put_data(buf, sm->fils_nonce, FILS_NONCE_LEN);
3614 wpabuf_put_data(buf, sm->fils_session, FILS_SESSION_LEN);
3617 sm->fils_erp_pmkid_set = 0;
3626 if (fils_pmkid_erp(sm->key_mgmt, wpabuf_head(erp_msg),
3628 sm->fils_erp_pmkid) == 0)
3629 sm->fils_erp_pmkid_set = 1;
3642 int fils_process_auth(struct wpa_sm *sm, const u8 *bssid, const u8 *data,
3659 os_memcpy(sm->bssid, bssid, ETH_ALEN);
3668 if (sm->fils_dh_group) {
3681 if (group != sm->fils_dh_group) {
3684 group, sm->fils_dh_group);
3689 if ((size_t) (end - pos) < sm->fils_dh_elem_len) {
3694 if (!sm->fils_ecdh) {
3698 dh_ss = crypto_ecdh_set_peerkey(sm->fils_ecdh, 1, pos,
3699 sm->fils_dh_elem_len);
3706 g_ap_len = sm->fils_dh_elem_len;
3707 pos += sm->fils_dh_elem_len;
3731 os_memcpy(sm->fils_anonce, elems.fils_nonce, FILS_NONCE_LEN);
3732 wpa_hexdump(MSG_DEBUG, "FILS: ANonce", sm->fils_anonce, FILS_NONCE_LEN);
3735 if (wpa_key_mgmt_ft(sm->key_mgmt)) {
3744 wpa_key_mgmt_sha384(sm->key_mgmt)) < 0) {
3754 os_memcpy(sm->r0kh_id, parse.r0kh_id, parse.r0kh_id_len);
3755 sm->r0kh_id_len = parse.r0kh_id_len;
3757 sm->r0kh_id, sm->r0kh_id_len);
3764 os_memcpy(sm->r1kh_id, parse.r1kh_id, FT_R1KH_ID_LEN);
3766 sm->r1kh_id, FT_R1KH_ID_LEN);
3770 wpabuf_free(sm->fils_ft_ies);
3771 sm->fils_ft_ies = wpabuf_alloc(2 + elems.mdie_len +
3773 if (!sm->fils_ft_ies)
3775 wpabuf_put_data(sm->fils_ft_ies, elems.mdie - 2,
3777 wpabuf_put_data(sm->fils_ft_ies, elems.ftie - 2,
3780 wpabuf_free(sm->fils_ft_ies);
3781 sm->fils_ft_ies = NULL;
3795 if (os_memcmp(sm->cur_pmksa->pmkid, rsn.pmkid, PMKID_LEN) != 0)
3799 sm->cur_pmksa->pmkid, PMKID_LEN);
3806 if (!pmkid_match && sm->cur_pmksa) {
3809 sm->cur_pmksa = NULL;
3819 if (os_memcmp(sm->fils_session, elems.fils_session, FILS_SESSION_LEN)
3823 sm->fils_session, FILS_SESSION_LEN);
3828 if (!sm->cur_pmksa && elems.fils_wrapped_data) {
3835 eapol_sm_process_erp_finish(sm->eapol, elems.fils_wrapped_data,
3837 if (eapol_sm_failed(sm->eapol))
3841 res = eapol_sm_get_key(sm->eapol, rmsk, rmsk_len);
3844 res = eapol_sm_get_key(sm->eapol, rmsk, rmsk_len);
3849 res = fils_rmsk_to_pmk(sm->key_mgmt, rmsk, rmsk_len,
3850 sm->fils_nonce, sm->fils_anonce,
3853 sm->pmk, &sm->pmk_len);
3864 if (!sm->fils_erp_pmkid_set) {
3868 wpa_hexdump(MSG_DEBUG, "FILS: PMKID", sm->fils_erp_pmkid,
3871 sm->cur_pmksa = pmksa_cache_add(sm->pmksa, sm->pmk, sm->pmk_len,
3872 sm->fils_erp_pmkid, NULL, 0,
3873 sm->bssid, sm->own_addr,
3874 sm->network_ctx, sm->key_mgmt,
3878 if (!sm->cur_pmksa) {
3884 if (fils_pmk_to_ptk(sm->pmk, sm->pmk_len, sm->own_addr, sm->bssid,
3885 sm->fils_nonce, sm->fils_anonce,
3888 &sm->ptk, ick, &ick_len,
3889 sm->key_mgmt, sm->pairwise_cipher,
3890 sm->fils_ft, &sm->fils_ft_len) < 0) {
3898 sm->ptk_set = 1;
3899 sm->tptk_set = 0;
3900 os_memset(&sm->tptk, 0, sizeof(sm->tptk));
3903 if (sm->fils_dh_group) {
3904 if (!sm->fils_ecdh) {
3908 pub = crypto_ecdh_get_pubkey(sm->fils_ecdh, 1);
3922 res = fils_key_auth_sk(ick, ick_len, sm->fils_nonce,
3923 sm->fils_anonce, sm->own_addr, sm->bssid,
3925 sm->key_mgmt, sm->fils_key_auth_sta,
3926 sm->fils_key_auth_ap,
3927 &sm->fils_key_auth_len);
3939 static int fils_ft_build_assoc_req_rsne(struct wpa_sm *sm, struct wpabuf *buf)
3944 int use_sha384 = wpa_key_mgmt_sha384(sm->key_mgmt);
3952 if (!wpa_cipher_valid_group(sm->group_cipher)) {
3954 sm->group_cipher);
3959 sm->group_cipher));
3965 if (!wpa_cipher_valid_pairwise(sm->pairwise_cipher)) {
3967 sm->pairwise_cipher);
3972 sm->pairwise_cipher));
3979 if (sm->key_mgmt == WPA_KEY_MGMT_FT_FILS_SHA256)
3981 else if (sm->key_mgmt == WPA_KEY_MGMT_FT_FILS_SHA384)
3986 sm->key_mgmt);
3993 if (sm->mgmt_group_cipher == WPA_CIPHER_AES_128_CMAC)
3996 if (sm->ocv)
4005 sm->fils_ft, sm->fils_ft_len);
4006 wpa_hexdump_ascii(MSG_DEBUG, "FILS+FT: SSID", sm->ssid, sm->ssid_len);
4008 sm->mobility_domain, MOBILITY_DOMAIN_ID_LEN);
4010 sm->r0kh_id, sm->r0kh_id_len);
4011 if (wpa_derive_pmk_r0(sm->fils_ft, sm->fils_ft_len, sm->ssid,
4012 sm->ssid_len, sm->mobility_domain,
4013 sm->r0kh_id, sm->r0kh_id_len, sm->own_addr,
4014 sm->pmk_r0, sm->pmk_r0_name, use_sha384) < 0) {
4018 sm->pmk_r0_len = use_sha384 ? SHA384_MAC_LEN : PMK_LEN;
4020 sm->pmk_r0, sm->pmk_r0_len);
4022 sm->pmk_r0_name, WPA_PMK_NAME_LEN);
4024 MAC2STR(sm->r1kh_id));
4026 if (wpa_derive_pmk_r1_name(sm->pmk_r0_name, sm->r1kh_id, sm->own_addr,
4027 sm->pmk_r1_name, use_sha384) < 0) {
4031 wpa_hexdump(MSG_DEBUG, "FILS+FT: PMKR1Name", sm->pmk_r1_name,
4033 os_memcpy(pos, sm->pmk_r1_name, WPA_PMK_NAME_LEN);
4036 if (sm->mgmt_group_cipher == WPA_CIPHER_AES_128_CMAC) {
4049 struct wpabuf * fils_build_assoc_req(struct wpa_sm *sm, const u8 **kek,
4061 if (sm->fils_ft_ies)
4062 len += wpabuf_len(sm->fils_ft_ies);
4063 if (wpa_key_mgmt_ft(sm->key_mgmt))
4073 if (wpa_key_mgmt_ft(sm->key_mgmt) && sm->fils_ft_ies) {
4075 wpabuf_put_buf(buf, sm->fils_ft_ies);
4077 if (fils_ft_build_assoc_req_rsne(sm, buf) < 0) {
4089 wpabuf_put_data(buf, sm->fils_session, FILS_SESSION_LEN);
4098 wpabuf_put_u8(buf, 1 + sm->fils_key_auth_len); /* Length */
4101 wpabuf_put_data(buf, sm->fils_key_auth_sta, sm->fils_key_auth_len);
4135 if (wpa_sm_ocv_enabled(sm)) {
4139 if (wpa_sm_channel_info(sm, &ci) != 0) {
4156 *kek = sm->ptk.kek;
4157 *kek_len = sm->ptk.kek_len;
4159 *snonce = sm->fils_nonce;
4162 *anonce = sm->fils_anonce;
4170 static void fils_process_hlp_resp(struct wpa_sm *sm, const u8 *resp, size_t len)
4182 wpa_sm_fils_hlp_rx(sm, resp, resp + ETH_ALEN, pos, end - pos);
4186 static void fils_process_hlp_container(struct wpa_sm *sm, const u8 *pos,
4228 fils_process_hlp_resp(sm, tmp, tmp_pos - tmp);
4235 int fils_process_assoc_resp(struct wpa_sm *sm, const u8 *resp, size_t len)
4246 if (!sm || !sm->ptk_set) {
4251 if (!wpa_key_mgmt_fils(sm->key_mgmt)) {
4256 if (sm->fils_completed) {
4284 if (os_memcmp(elems.fils_session, sm->fils_session,
4290 sm->fils_session, FILS_SESSION_LEN);
4299 if (elems.fils_key_confirm_len != sm->fils_key_auth_len) {
4303 (int) sm->fils_key_auth_len);
4306 if (os_memcmp(elems.fils_key_confirm, sm->fils_key_auth_ap,
4307 sm->fils_key_auth_len) != 0) {
4313 sm->fils_key_auth_ap, sm->fils_key_auth_len);
4318 if (wpa_sm_ocv_enabled(sm)) {
4321 if (wpa_sm_channel_info(sm, &ci) != 0) {
4337 if (wpa_key_mgmt_ft(sm->key_mgmt) && sm->fils_ft_ies) {
4345 os_memcmp(rsn.pmkid, sm->pmk_r1_name,
4373 if (wpa_supplicant_check_group_cipher(sm, sm->group_cipher,
4380 gd.tx = wpa_supplicant_gtk_tx_bit_workaround(sm,
4390 if (wpa_supplicant_install_gtk(sm, &gd, elems.key_delivery, 0) < 0) {
4395 if (ieee80211w_set_keys(sm, &kde) < 0) {
4400 alg = wpa_cipher_to_alg(sm->pairwise_cipher);
4401 keylen = wpa_cipher_key_len(sm->pairwise_cipher);
4402 if (keylen <= 0 || (unsigned int) keylen != sm->ptk.tk_len) {
4404 keylen, (long unsigned int) sm->ptk.tk_len);
4407 rsclen = wpa_cipher_rsc_len(sm->pairwise_cipher);
4409 sm->ptk.tk, keylen);
4410 if (wpa_sm_set_key(sm, alg, sm->bssid, 0, 1, null_rsc, rsclen,
4411 sm->ptk.tk, keylen) < 0) {
4412 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
4415 alg, keylen, MAC2STR(sm->bssid));
4422 os_memset(sm->ptk.tk, 0, WPA_TK_MAX_LEN);
4423 sm->ptk.tk_len = 0;
4424 sm->ptk.installed = 1;
4427 fils_process_hlp_container(sm, ie_start, end - ie_start);
4432 sm->fils_completed = 1;
4440 void wpa_sm_set_reset_fils_completed(struct wpa_sm *sm, int set)
4442 if (sm)
4443 sm->fils_completed = !!set;
4449 int wpa_fils_is_completed(struct wpa_sm *sm)
4452 return sm && sm->fils_completed;
4461 struct wpabuf * owe_build_assoc_req(struct wpa_sm *sm, u16 group)
4475 crypto_ecdh_deinit(sm->owe_ecdh);
4476 sm->owe_ecdh = crypto_ecdh_init(group);
4477 if (!sm->owe_ecdh)
4479 sm->owe_group = group;
4480 pub = crypto_ecdh_get_pubkey(sm->owe_ecdh, 0);
4500 crypto_ecdh_deinit(sm->owe_ecdh);
4501 sm->owe_ecdh = NULL;
4506 int owe_process_assoc_resp(struct wpa_sm *sm, const u8 *bssid,
4528 if (sm->cur_pmksa && elems.rsn_ie &&
4532 os_memcmp(sm->cur_pmksa->pmkid, data.pmkid, PMKID_LEN) == 0) {
4534 wpa_sm_set_pmk_from_pmksa(sm);
4545 if (group != sm->owe_group) {
4552 if (!sm->owe_ecdh) {
4566 secret = crypto_ecdh_set_peerkey(sm->owe_ecdh, 0,
4578 pub = crypto_ecdh_get_pubkey(sm->owe_ecdh, 0);
4619 wpabuf_put_le16(hkey, sm->owe_group); /* group */
4640 os_strlen(info), sm->pmk, hash_len);
4643 os_strlen(info), sm->pmk, hash_len);
4646 os_strlen(info), sm->pmk, hash_len);
4649 sm->pmk_len = 0;
4652 sm->pmk_len = hash_len;
4654 wpa_hexdump_key(MSG_DEBUG, "OWE: PMK", sm->pmk, sm->pmk_len);
4656 pmksa_cache_add(sm->pmksa, sm->pmk, sm->pmk_len, pmkid, NULL, 0,
4657 bssid, sm->own_addr, sm->network_ctx, sm->key_mgmt,
4666 void wpa_sm_set_fils_cache_id(struct wpa_sm *sm, const u8 *fils_cache_id)
4669 if (sm && fils_cache_id) {
4670 sm->fils_cache_id_set = 1;
4671 os_memcpy(sm->fils_cache_id, fils_cache_id, FILS_CACHE_ID_LEN);
4678 void wpa_sm_set_dpp_z(struct wpa_sm *sm, const struct wpabuf *z)
4680 if (sm) {
4681 sm->dpp_z);
4682 sm->dpp_z = z ? wpabuf_dup(z) : NULL;
