Lines Matching refs:sm
24 int wpa_derive_ptk_ft(struct wpa_sm *sm, const unsigned char *src_addr,
29 int use_sha384 = wpa_key_mgmt_sha384(sm->key_mgmt);
31 if (sm->xxkey_len == 0) {
37 sm->pmk_r0_len = use_sha384 ? SHA384_MAC_LEN : PMK_LEN;
38 if (wpa_derive_pmk_r0(sm->xxkey, sm->xxkey_len, sm->ssid,
39 sm->ssid_len, sm->mobility_domain,
40 sm->r0kh_id, sm->r0kh_id_len, sm->own_addr,
41 sm->pmk_r0, sm->pmk_r0_name, use_sha384) < 0)
43 wpa_hexdump_key(MSG_DEBUG, "FT: PMK-R0", sm->pmk_r0, sm->pmk_r0_len);
45 sm->pmk_r0_name, WPA_PMK_NAME_LEN);
46 sm->pmk_r1_len = sm->pmk_r0_len;
47 if (wpa_derive_pmk_r1(sm->pmk_r0, sm->pmk_r0_len, sm->pmk_r0_name,
48 sm->r1kh_id, sm->own_addr, sm->pmk_r1,
49 sm->pmk_r1_name) < 0)
51 wpa_hexdump_key(MSG_DEBUG, "FT: PMK-R1", sm->pmk_r1, sm->pmk_r1_len);
52 wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name", sm->pmk_r1_name,
54 return wpa_pmk_r1_to_ptk(sm->pmk_r1, sm->pmk_r1_len, sm->snonce, anonce,
55 sm->own_addr, sm->bssid, sm->pmk_r1_name, ptk,
56 ptk_name, sm->key_mgmt, sm->pairwise_cipher);
62 * @sm: Pointer to WPA state machine data from wpa_sm_init()
67 int wpa_sm_set_ft_params(struct wpa_sm *sm, const u8 *ies, size_t ies_len)
72 if (sm == NULL)
75 use_sha384 = wpa_key_mgmt_sha384(sm->key_mgmt);
85 os_memcpy(sm->mobility_domain, ft.mdie,
87 sm->mdie_ft_capab = ft.mdie[MOBILITY_DOMAIN_ID_LEN];
89 sm->mdie_ft_capab);
91 os_memset(sm->mobility_domain, 0, MOBILITY_DOMAIN_ID_LEN);
96 os_memcpy(sm->r0kh_id, ft.r0kh_id, ft.r0kh_id_len);
97 sm->r0kh_id_len = ft.r0kh_id_len;
102 * os_memset(sm->r0kh_id, 0, FT_R0KH_ID_LEN);
103 * sm->r0kh_id_len = 0;
110 os_memcpy(sm->r1kh_id, ft.r1kh_id, FT_R1KH_ID_LEN);
112 os_memset(sm->r1kh_id, 0, FT_R1KH_ID_LEN);
114 os_free(sm->assoc_resp_ies);
115 sm->assoc_resp_ies = os_malloc(ft.mdie_len + 2 + ft.ftie_len + 2);
116 if (sm->assoc_resp_ies) {
117 u8 *pos = sm->assoc_resp_ies;
126 sm->assoc_resp_ies_len = pos - sm->assoc_resp_ies;
129 sm->assoc_resp_ies, sm->assoc_resp_ies_len);
138 * @sm: Pointer to WPA state machine data from wpa_sm_init()
152 static u8 * wpa_ft_gen_req_ies(struct wpa_sm *sm, size_t *len,
166 sm->ft_completed = 0;
167 sm->ft_reassoc_completed = 0;
171 2 + sm->r0kh_id_len + ric_ies_len + 100;
184 if (!wpa_cipher_valid_group(sm->group_cipher)) {
186 sm->group_cipher);
191 sm->group_cipher));
199 if (!wpa_cipher_valid_pairwise(sm->pairwise_cipher)) {
201 sm->pairwise_cipher);
206 sm->pairwise_cipher));
214 if (sm->key_mgmt == WPA_KEY_MGMT_FT_IEEE8021X)
217 else if (sm->key_mgmt == WPA_KEY_MGMT_FT_IEEE8021X_SHA384)
220 else if (sm->key_mgmt == WPA_KEY_MGMT_FT_PSK)
222 else if (sm->key_mgmt == WPA_KEY_MGMT_FT_SAE)
225 else if (sm->key_mgmt == WPA_KEY_MGMT_FT_FILS_SHA256)
227 else if (sm->key_mgmt == WPA_KEY_MGMT_FT_FILS_SHA384)
232 sm->key_mgmt);
241 if (sm->mgmt_group_cipher == WPA_CIPHER_AES_128_CMAC ||
242 sm->mgmt_group_cipher == WPA_CIPHER_BIP_GMAC_128 ||
243 sm->mgmt_group_cipher == WPA_CIPHER_BIP_GMAC_256 ||
244 sm->mgmt_group_cipher == WPA_CIPHER_BIP_CMAC_256)
247 if (sm->ocv)
262 switch (sm->mgmt_group_cipher) {
285 mdie_len = wpa_ft_add_mdie(sm, pos, buf_len - (pos - buf), ap_mdie);
297 if (wpa_key_mgmt_sha384(sm->key_mgmt)) {
304 os_memcpy(ftie->snonce, sm->snonce, WPA_NONCE_LEN);
314 os_memcpy(ftie->snonce, sm->snonce, WPA_NONCE_LEN);
322 os_memcpy(pos, sm->r1kh_id, FT_R1KH_ID_LEN);
327 *pos++ = sm->r0kh_id_len;
328 os_memcpy(pos, sm->r0kh_id, sm->r0kh_id_len);
329 pos += sm->r0kh_id_len;
331 if (kck && wpa_sm_ocv_enabled(sm)) {
335 if (wpa_sm_channel_info(sm, &ci) != 0) {
372 if (wpa_ft_mic(kck, kck_len, sm->own_addr, target_ap, 5,
389 static int wpa_ft_install_ptk(struct wpa_sm *sm, const u8 *bssid)
397 if (!wpa_cipher_valid_pairwise(sm->pairwise_cipher)) {
399 sm->pairwise_cipher);
403 alg = wpa_cipher_to_alg(sm->pairwise_cipher);
404 keylen = wpa_cipher_key_len(sm->pairwise_cipher);
406 if (wpa_sm_set_key(sm, alg, bssid, 0, 1, null_rsc,
407 sizeof(null_rsc), (u8 *) sm->ptk.tk, keylen) < 0) {
418 * @sm: Pointer to WPA state machine data from wpa_sm_init()
422 int wpa_ft_prepare_auth_request(struct wpa_sm *sm, const u8 *mdie)
428 if (random_get_bytes(sm->snonce, WPA_NONCE_LEN)) {
433 ft_ies = wpa_ft_gen_req_ies(sm, &ft_ies_len, NULL, sm->pmk_r0_name,
434 NULL, 0, sm->bssid, NULL, 0, mdie);
436 wpa_sm_update_ft_ies(sm, sm->mobility_domain,
445 int wpa_ft_add_mdie(struct wpa_sm *sm, u8 *buf, size_t buf_len,
461 os_memcpy(mdie->mobility_domain, sm->mobility_domain,
464 sm->mdie_ft_capab;
470 const u8 * wpa_sm_get_ft_md(struct wpa_sm *sm)
472 return sm->mobility_domain;
476 int wpa_ft_process_response(struct wpa_sm *sm, const u8 *ies, size_t ies_len,
489 int use_sha384 = wpa_key_mgmt_sha384(sm->key_mgmt);
496 if (!sm->over_the_ds_in_progress) {
502 if (os_memcmp(target_ap, sm->target_ap, ETH_ALEN) != 0) {
510 if (!wpa_key_mgmt_ft(sm->key_mgmt)) {
523 os_memcmp(mdie->mobility_domain, sm->mobility_domain,
553 if (os_memcmp(snonce, sm->snonce, WPA_NONCE_LEN) != 0) {
558 sm->snonce, WPA_NONCE_LEN);
567 if (parse.r0kh_id_len != sm->r0kh_id_len ||
568 os_memcmp_const(parse.r0kh_id, sm->r0kh_id, parse.r0kh_id_len) != 0)
575 sm->r0kh_id, sm->r0kh_id_len);
585 os_memcmp_const(parse.rsn_pmkid, sm->pmk_r0_name, WPA_PMK_NAME_LEN))
592 os_memcpy(sm->r1kh_id, parse.r1kh_id, FT_R1KH_ID_LEN);
593 wpa_hexdump(MSG_DEBUG, "FT: R1KH-ID", sm->r1kh_id, FT_R1KH_ID_LEN);
594 wpa_hexdump(MSG_DEBUG, "FT: SNonce", sm->snonce, WPA_NONCE_LEN);
596 os_memcpy(sm->anonce, anonce, WPA_NONCE_LEN);
597 if (wpa_derive_pmk_r1(sm->pmk_r0, sm->pmk_r0_len, sm->pmk_r0_name,
598 sm->r1kh_id, sm->own_addr, sm->pmk_r1,
599 sm->pmk_r1_name) < 0)
601 sm->pmk_r1_len = sm->pmk_r0_len;
602 wpa_hexdump_key(MSG_DEBUG, "FT: PMK-R1", sm->pmk_r1, sm->pmk_r1_len);
604 sm->pmk_r1_name, WPA_PMK_NAME_LEN);
607 if (wpa_pmk_r1_to_ptk(sm->pmk_r1, sm->pmk_r1_len, sm->snonce,
608 anonce, sm->own_addr, bssid,
609 sm->pmk_r1_name, &sm->ptk, ptk_name, sm->key_mgmt,
610 sm->pairwise_cipher) < 0)
613 if (wpa_key_mgmt_fils(sm->key_mgmt)) {
614 kck = sm->ptk.kck2;
615 kck_len = sm->ptk.kck2_len;
617 kck = sm->ptk.kck;
618 kck_len = sm->ptk.kck_len;
620 ft_ies = wpa_ft_gen_req_ies(sm, &ft_ies_len, anonce,
621 sm->pmk_r1_name,
626 wpa_sm_update_ft_ies(sm, sm->mobility_domain,
631 wpa_sm_mark_authenticated(sm, bssid);
632 ret = wpa_ft_install_ptk(sm, bssid);
642 sm->set_ptk_after_assoc = 1;
644 sm->set_ptk_after_assoc = 0;
646 sm->ft_completed = 1;
652 os_memcpy(sm->bssid, target_ap, ETH_ALEN);
659 int wpa_ft_is_completed(struct wpa_sm *sm)
661 if (sm == NULL)
664 if (!wpa_key_mgmt_ft(sm->key_mgmt))
667 return sm->ft_completed;
671 void wpa_reset_ft_completed(struct wpa_sm *sm)
673 if (sm != NULL)
674 sm->ft_completed = 0;
678 static int wpa_ft_process_gtk_subelem(struct wpa_sm *sm, const u8 *gtk_elem,
688 if (wpa_key_mgmt_fils(sm->key_mgmt)) {
689 kek = sm->ptk.kek2;
690 kek_len = sm->ptk.kek2_len;
692 kek = sm->ptk.kek;
693 kek_len = sm->ptk.kek_len;
717 keylen = wpa_cipher_key_len(sm->group_cipher);
718 rsc_len = wpa_cipher_rsc_len(sm->group_cipher);
719 alg = wpa_cipher_to_alg(sm->group_cipher);
722 sm->group_cipher);
743 if (sm->group_cipher == WPA_CIPHER_TKIP) {
750 if (wpa_sm_set_key(sm, alg, broadcast_ether_addr, keyidx, 0,
762 static int wpa_ft_process_igtk_subelem(struct wpa_sm *sm, const u8 *igtk_elem,
771 if (wpa_key_mgmt_fils(sm->key_mgmt)) {
772 kek = sm->ptk.kek2;
773 kek_len = sm->ptk.kek2_len;
775 kek = sm->ptk.kek;
776 kek_len = sm->ptk.kek_len;
779 if (sm->mgmt_group_cipher != WPA_CIPHER_AES_128_CMAC &&
780 sm->mgmt_group_cipher != WPA_CIPHER_BIP_GMAC_128 &&
781 sm->mgmt_group_cipher != WPA_CIPHER_BIP_GMAC_256 &&
782 sm->mgmt_group_cipher != WPA_CIPHER_BIP_CMAC_256)
793 igtk_len = wpa_cipher_key_len(sm->mgmt_group_cipher);
817 if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher),
832 int wpa_ft_validate_reassoc_resp(struct wpa_sm *sm, const u8 *ies,
841 int use_sha384 = wpa_key_mgmt_sha384(sm->key_mgmt);
847 if (!wpa_key_mgmt_ft(sm->key_mgmt)) {
853 if (sm->ft_reassoc_completed) {
865 os_memcmp(mdie->mobility_domain, sm->mobility_domain,
899 if (os_memcmp(snonce, sm->snonce, WPA_NONCE_LEN) != 0) {
904 sm->snonce, WPA_NONCE_LEN);
908 if (os_memcmp(anonce, sm->anonce, WPA_NONCE_LEN) != 0) {
913 sm->anonce, WPA_NONCE_LEN);
922 if (parse.r0kh_id_len != sm->r0kh_id_len ||
923 os_memcmp_const(parse.r0kh_id, sm->r0kh_id, parse.r0kh_id_len) != 0)
930 sm->r0kh_id, sm->r0kh_id_len);
939 if (os_memcmp_const(parse.r1kh_id, sm->r1kh_id, FT_R1KH_ID_LEN) != 0) {
946 os_memcmp_const(parse.rsn_pmkid, sm->pmk_r1_name, WPA_PMK_NAME_LEN))
963 if (wpa_key_mgmt_fils(sm->key_mgmt)) {
964 kck = sm->ptk.kck2;
965 kck_len = sm->ptk.kck2_len;
967 kck = sm->ptk.kck;
968 kck_len = sm->ptk.kck_len;
971 if (wpa_ft_mic(kck, kck_len, sm->own_addr, src_addr, 6,
989 if (wpa_sm_ocv_enabled(sm)) {
992 if (wpa_sm_channel_info(sm, &ci) != 0) {
1007 sm->ft_reassoc_completed = 1;
1009 if (wpa_ft_process_gtk_subelem(sm, parse.gtk, parse.gtk_len) < 0)
1013 if (wpa_ft_process_igtk_subelem(sm, parse.igtk, parse.igtk_len) < 0)
1017 if (sm->set_ptk_after_assoc) {
1020 if (wpa_ft_install_ptk(sm, src_addr) < 0)
1022 sm->set_ptk_after_assoc = 0;
1040 * @sm: Pointer to WPA state machine data from wpa_sm_init()
1045 int wpa_ft_start_over_ds(struct wpa_sm *sm, const u8 *target_ap,
1055 if (random_get_bytes(sm->snonce, WPA_NONCE_LEN)) {
1060 ft_ies = wpa_ft_gen_req_ies(sm, &ft_ies_len, NULL, sm->pmk_r0_name,
1063 sm->over_the_ds_in_progress = 1;
1064 os_memcpy(sm->target_ap, target_ap, ETH_ALEN);
1065 wpa_sm_send_ft_action(sm, 1, target_ap, ft_ies, ft_ies_len);
