Lines Matching refs:sm
38 * @sm: Pointer to WPA state machine data from wpa_sm_init()
48 int wpa_eapol_key_send(struct wpa_sm *sm, struct wpa_ptk *ptk,
53 size_t mic_len = wpa_mic_len(sm->key_mgmt, sm->pmk_len);
57 MAC2STR(dest), ver, (int) mic_len, sm->key_mgmt);
58 if (is_zero_ether_addr(dest) && is_zero_ether_addr(sm->bssid)) {
63 if (wpa_sm_get_bssid(sm, sm->bssid) < 0) {
64 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
68 dest = sm->bssid;
69 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
81 wpa_eapol_key_mic(ptk->kck, ptk->kck_len, sm->key_mgmt, ver,
83 wpa_msg(sm->ctx->msg_ctx, MSG_ERROR,
85 ver, sm->key_mgmt);
159 ret = wpa_sm_ether_send(sm, dest, proto, msg, msg_len);
160 eapol_sm_notify_tx_eapol_key(sm->eapol);
169 * @sm: Pointer to WPA state machine data from wpa_sm_init()
177 void wpa_sm_key_request(struct wpa_sm *sm, int error, int pairwise)
184 if (sm->key_mgmt == WPA_KEY_MGMT_OSEN ||
185 wpa_key_mgmt_suite_b(sm->key_mgmt))
187 else if (wpa_key_mgmt_ft(sm->key_mgmt) ||
188 wpa_key_mgmt_sha256(sm->key_mgmt))
190 else if (sm->pairwise_cipher != WPA_CIPHER_TKIP)
195 if (wpa_sm_get_bssid(sm, bssid) < 0) {
196 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
201 mic_len = wpa_mic_len(sm->key_mgmt, sm->pmk_len);
203 rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL,
208 reply->type = (sm->proto == WPA_PROTO_RSN ||
209 sm->proto == WPA_PROTO_OSEN) ?
212 if (sm->ptk_set)
214 if (sm->ptk_set && mic_len)
222 os_memcpy(reply->replay_counter, sm->request_counter,
224 inc_byte_array(sm->request_counter, WPA_REPLAY_COUNTER_LEN);
233 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
236 error, pairwise, sm->ptk_set, (unsigned long) rlen);
237 wpa_eapol_key_send(sm, &sm->ptk, ver, bssid, ETH_P_EAPOL, rbuf, rlen,
242 static void wpa_supplicant_key_mgmt_set_pmk(struct wpa_sm *sm)
245 if (sm->key_mgmt == WPA_KEY_MGMT_FT_IEEE8021X) {
246 if (wpa_sm_key_mgmt_set_pmk(sm, sm->xxkey, sm->xxkey_len))
247 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
251 if (wpa_sm_key_mgmt_set_pmk(sm, sm->pmk, sm->pmk_len))
252 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
260 static int wpa_supplicant_get_pmk(struct wpa_sm *sm,
266 if (pmkid && !sm->cur_pmksa) {
271 sm->cur_pmksa = pmksa_cache_get(sm->pmksa, src_addr, pmkid,
273 if (sm->cur_pmksa) {
274 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
277 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
283 if (pmkid && sm->cur_pmksa &&
284 os_memcmp_const(pmkid, sm->cur_pmksa->pmkid, PMKID_LEN) == 0) {
286 wpa_sm_set_pmk_from_pmksa(sm);
288 sm->pmk, sm->pmk_len);
289 eapol_sm_notify_cached(sm->eapol);
291 sm->xxkey_len = 0;
293 } else if (wpa_key_mgmt_wpa_ieee8021x(sm->key_mgmt) && sm->eapol) {
296 if (wpa_key_mgmt_sha384(sm->key_mgmt))
300 res = eapol_sm_get_key(sm->eapol, sm->pmk, pmk_len);
307 res = eapol_sm_get_key(sm->eapol, sm->pmk, 16);
313 if (eapol_sm_get_key(sm->eapol, buf, 2 * PMK_LEN) == 0)
315 os_memcpy(sm->xxkey, buf + PMK_LEN, PMK_LEN);
316 sm->xxkey_len = PMK_LEN;
326 if (sm->fils_cache_id_set)
327 fils_cache_id = sm->fils_cache_id;
331 "machines", sm->pmk, pmk_len);
332 sm->pmk_len = pmk_len;
333 wpa_supplicant_key_mgmt_set_pmk(sm);
334 if (sm->proto == WPA_PROTO_RSN &&
335 !wpa_key_mgmt_suite_b(sm->key_mgmt) &&
336 !wpa_key_mgmt_ft(sm->key_mgmt)) {
337 sa = pmksa_cache_add(sm->pmksa,
338 sm->pmk, pmk_len, NULL,
340 src_addr, sm->own_addr,
341 sm->network_ctx,
342 sm->key_mgmt,
345 if (!sm->cur_pmksa && pmkid &&
346 pmksa_cache_get(sm->pmksa, src_addr, pmkid, NULL))
348 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
352 } else if (sa && !sm->cur_pmksa && pmkid) {
360 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
365 if (!sm->cur_pmksa)
366 sm->cur_pmksa = sa;
368 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
372 if (sm->cur_pmksa) {
373 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
376 sm->cur_pmksa = NULL;
384 if (abort_cached && wpa_key_mgmt_wpa_ieee8021x(sm->key_mgmt) &&
385 !wpa_key_mgmt_suite_b(sm->key_mgmt) &&
386 !wpa_key_mgmt_ft(sm->key_mgmt) && sm->key_mgmt != WPA_KEY_MGMT_OSEN)
392 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
395 buf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_START,
398 wpa_sm_ether_send(sm, sm->bssid, ETH_P_EAPOL,
413 * @sm: Pointer to WPA state machine data from wpa_sm_init()
423 int wpa_supplicant_send_2_of_4(struct wpa_sm *sm, const unsigned char *dst,
436 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, "WPA: No wpa_ie set - "
442 if (wpa_key_mgmt_ft(sm->key_mgmt)) {
450 sm->assoc_resp_ies_len);
455 sm->pmk_r1_name);
461 if (sm->assoc_resp_ies) {
462 os_memcpy(rsn_ie_buf + wpa_ie_len, sm->assoc_resp_ies,
463 sm->assoc_resp_ies_len);
464 wpa_ie_len += sm->assoc_resp_ies_len;
473 mic_len = wpa_mic_len(sm->key_mgmt, sm->pmk_len);
475 rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY,
483 reply->type = (sm->proto == WPA_PROTO_RSN ||
484 sm->proto == WPA_PROTO_OSEN) ?
492 if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN)
508 wpa_dbg(sm->ctx->msg_ctx, MSG_INFO, "WPA: Sending EAPOL-Key 2/4");
509 return wpa_eapol_key_send(sm, ptk, ver, dst, ETH_P_EAPOL, rbuf, rlen,
514 static int wpa_derive_ptk(struct wpa_sm *sm, const unsigned char *src_addr,
518 if (wpa_key_mgmt_ft(sm->key_mgmt))
519 return wpa_derive_ptk_ft(sm, src_addr, key, ptk);
522 return wpa_pmk_to_ptk(sm->pmk, sm->pmk_len, "Pairwise key expansion",
523 sm->own_addr, sm->bssid, sm->snonce,
524 key->key_nonce, ptk, sm->key_mgmt,
525 sm->pairwise_cipher);
529 static void wpa_supplicant_process_1_of_4(struct wpa_sm *sm,
541 if (wpa_sm_get_network_ctx(sm) == NULL) {
542 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, "WPA: No SSID info "
547 wpa_sm_set_state(sm, WPA_4WAY_HANDSHAKE);
548 wpa_dbg(sm->ctx->msg_ctx, MSG_INFO, "WPA: RX message 1 of 4-Way "
553 if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) {
565 res = wpa_supplicant_get_pmk(sm, src_addr, ie.pmkid);
567 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "RSN: Do not reply to "
574 if (sm->renew_snonce) {
575 if (random_get_bytes(sm->snonce, WPA_NONCE_LEN)) {
576 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
580 sm->renew_snonce = 0;
582 sm->snonce, WPA_NONCE_LEN);
587 ptk = &sm->tptk;
588 if (wpa_derive_ptk(sm, src_addr, key, ptk) < 0)
590 if (sm->pairwise_cipher == WPA_CIPHER_TKIP) {
598 sm->tptk_set = 1;
600 kde = sm->assoc_wpa_ie;
601 kde_len = sm->assoc_wpa_ie_len;
604 if (sm->p2p) {
623 if (wpa_supplicant_send_2_of_4(sm, sm->bssid, key, ver, sm->snonce,
628 os_memcpy(sm->anonce, key->key_nonce, WPA_NONCE_LEN);
633 wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED);
639 struct wpa_sm *sm = eloop_ctx;
640 rsn_preauth_candidate_process(sm);
644 static void wpa_supplicant_key_neg_complete(struct wpa_sm *sm,
647 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
650 wpa_cipher_txt(sm->pairwise_cipher),
651 wpa_cipher_txt(sm->group_cipher));
652 wpa_sm_cancel_auth_timeout(sm);
653 wpa_sm_set_state(sm, WPA_COMPLETED);
657 sm, addr, MLME_SETPROTECTION_PROTECT_TYPE_RX_TX,
659 eapol_sm_notify_portValid(sm->eapol, TRUE);
660 if (wpa_key_mgmt_wpa_psk(sm->key_mgmt) ||
661 sm->key_mgmt == WPA_KEY_MGMT_DPP ||
662 sm->key_mgmt == WPA_KEY_MGMT_OWE)
663 eapol_sm_notify_eap_success(sm->eapol, TRUE);
671 eloop_register_timeout(1, 0, wpa_sm_start_preauth, sm, NULL);
674 if (sm->cur_pmksa && sm->cur_pmksa->opportunistic) {
675 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
678 sm->cur_pmksa->opportunistic = 0;
682 if (wpa_key_mgmt_ft(sm->key_mgmt)) {
684 wpa_ft_prepare_auth_request(sm, NULL);
692 struct wpa_sm *sm = eloop_ctx;
693 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Request PTK rekeying");
694 wpa_sm_key_request(sm, 0, 1);
698 static int wpa_supplicant_install_ptk(struct wpa_sm *sm,
705 if (sm->ptk.installed) {
706 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
711 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
714 if (sm->pairwise_cipher == WPA_CIPHER_NONE) {
715 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Pairwise Cipher "
720 if (!wpa_cipher_valid_pairwise(sm->pairwise_cipher)) {
721 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
723 sm->pairwise_cipher);
727 alg = wpa_cipher_to_alg(sm->pairwise_cipher);
728 keylen = wpa_cipher_key_len(sm->pairwise_cipher);
729 if (keylen <= 0 || (unsigned int) keylen != sm->ptk.tk_len) {
731 keylen, (long unsigned int) sm->ptk.tk_len);
734 rsclen = wpa_cipher_rsc_len(sm->pairwise_cipher);
736 if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) {
743 if (wpa_sm_set_key(sm, alg, sm->bssid, 0, 1, key_rsc, rsclen,
744 sm->ptk.tk, keylen) < 0) {
745 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
748 alg, keylen, MAC2STR(sm->bssid));
753 os_memset(sm->ptk.tk, 0, WPA_TK_MAX_LEN);
754 sm->ptk.tk_len = 0;
755 sm->ptk.installed = 1;
757 if (sm->wpa_ptk_rekey) {
758 eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL);
759 eloop_register_timeout(sm->wpa_ptk_rekey, 0, wpa_sm_rekey_ptk,
760 sm, NULL);
767 static int wpa_supplicant_check_group_cipher(struct wpa_sm *sm,
777 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
786 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
803 static int wpa_supplicant_install_gtk(struct wpa_sm *sm,
811 if ((sm->gtk.gtk_len == (size_t) gd->gtk_len &&
812 os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) ||
813 (sm->gtk_wnm_sleep.gtk_len == (size_t) gd->gtk_len &&
814 os_memcmp(sm->gtk_wnm_sleep.gtk, gd->gtk,
815 sm->gtk_wnm_sleep.gtk_len) == 0)) {
816 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
823 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
827 if (sm->group_cipher == WPA_CIPHER_TKIP) {
834 if (sm->pairwise_cipher == WPA_CIPHER_NONE) {
835 if (wpa_sm_set_key(sm, gd->alg, NULL,
838 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
844 } else if (wpa_sm_set_key(sm, gd->alg, broadcast_ether_addr,
847 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
857 sm->gtk_wnm_sleep.gtk_len = gd->gtk_len;
858 os_memcpy(sm->gtk_wnm_sleep.gtk, gd->gtk,
859 sm->gtk_wnm_sleep.gtk_len);
861 sm->gtk.gtk_len = gd->gtk_len;
862 os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len);
869 static int wpa_supplicant_gtk_tx_bit_workaround(const struct wpa_sm *sm,
872 if (tx && sm->pairwise_cipher != WPA_CIPHER_NONE) {
878 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
887 static int wpa_supplicant_rsc_relaxation(const struct wpa_sm *sm,
892 if (!sm->wpa_rsc_relaxation)
895 rsclen = wpa_cipher_rsc_len(sm->group_cipher);
905 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
917 static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm,
941 gd.tx = wpa_supplicant_gtk_tx_bit_workaround(sm,
950 if (wpa_supplicant_rsc_relaxation(sm, key->key_rsc))
953 if (sm->group_cipher != WPA_CIPHER_GTK_NOT_USED &&
954 (wpa_supplicant_check_group_cipher(sm, sm->group_cipher,
957 wpa_supplicant_install_gtk(sm, &gd, key_rsc, 0))) {
958 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
965 wpa_supplicant_key_neg_complete(sm, sm->bssid,
972 static int wpa_supplicant_install_igtk(struct wpa_sm *sm,
976 size_t len = wpa_cipher_key_len(sm->mgmt_group_cipher);
980 if ((sm->igtk.igtk_len == len &&
981 os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) ||
982 (sm->igtk_wnm_sleep.igtk_len == len &&
983 os_memcmp(sm->igtk_wnm_sleep.igtk, igtk->igtk,
984 sm->igtk_wnm_sleep.igtk_len) == 0)) {
985 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
991 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
996 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1000 if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher),
1004 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1010 sm->igtk_wnm_sleep.igtk_len = len;
1011 os_memcpy(sm->igtk_wnm_sleep.igtk, igtk->igtk,
1012 sm->igtk_wnm_sleep.igtk_len);
1014 sm->igtk.igtk_len = len;
1015 os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len);
1023 static int ieee80211w_set_keys(struct wpa_sm *sm,
1027 if (!wpa_cipher_valid_mgmt_group(sm->mgmt_group_cipher))
1034 len = wpa_cipher_key_len(sm->mgmt_group_cipher);
1039 if (wpa_supplicant_install_igtk(sm, igtk, 0) < 0)
1050 static void wpa_report_ie_mismatch(struct wpa_sm *sm,
1055 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, "WPA: %s (src=" MACSTR ")",
1058 if (sm->ap_wpa_ie) {
1060 sm->ap_wpa_ie, sm->ap_wpa_ie_len);
1063 if (!sm->ap_wpa_ie) {
1064 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1071 if (sm->ap_rsn_ie) {
1073 sm->ap_rsn_ie, sm->ap_rsn_ie_len);
1076 if (!sm->ap_rsn_ie) {
1077 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1084 wpa_sm_deauthenticate(sm, WLAN_REASON_IE_IN_4WAY_DIFFERS);
1090 static int ft_validate_mdie(struct wpa_sm *sm,
1099 os_memcmp(mdie->mobility_domain, sm->mobility_domain,
1101 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "FT: MDIE in msg 3/4 did "
1109 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "FT: MDIE mismatch");
1121 static int ft_validate_ftie(struct wpa_sm *sm,
1127 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1137 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "FT: FTIE mismatch");
1149 sm,
1164 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "FT: No PMKR1Name in "
1169 if (os_memcmp_const(rsn.pmkid, sm->pmk_r1_name, WPA_PMK_NAME_LEN) != 0)
1171 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1177 sm->pmk_r1_name, WPA_PMK_NAME_LEN);
1185 static int wpa_supplicant_validate_ie_ft(struct wpa_sm *sm,
1191 if (sm->assoc_resp_ies) {
1192 pos = sm->assoc_resp_ies;
1193 end = pos + sm->assoc_resp_ies_len;
1209 if (ft_validate_mdie(sm, src_addr, ie, mdie) < 0 ||
1210 ft_validate_ftie(sm, src_addr, ie, ftie) < 0 ||
1211 ft_validate_rsnie(sm, src_addr, ie) < 0)
1220 static int wpa_supplicant_validate_ie(struct wpa_sm *sm,
1224 if (sm->ap_wpa_ie == NULL && sm->ap_rsn_ie == NULL) {
1225 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1228 if (wpa_sm_get_beacon_ie(sm) < 0) {
1229 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1233 wpa_msg(sm->ctx->msg_ctx, MSG_DEBUG,
1240 (sm->ap_wpa_ie || sm->ap_rsn_ie)) {
1241 wpa_report_ie_mismatch(sm, "IE in 3/4 msg does not match "
1248 if ((ie->wpa_ie && sm->ap_wpa_ie &&
1249 (ie->wpa_ie_len != sm->ap_wpa_ie_len ||
1250 os_memcmp(ie->wpa_ie, sm->ap_wpa_ie, ie->wpa_ie_len) != 0)) ||
1251 (ie->rsn_ie && sm->ap_rsn_ie &&
1252 wpa_compare_rsn_ie(wpa_key_mgmt_ft(sm->key_mgmt),
1253 sm->ap_rsn_ie, sm->ap_rsn_ie_len,
1255 wpa_report_ie_mismatch(sm, "IE in 3/4 msg does not match "
1262 if (sm->proto == WPA_PROTO_WPA &&
1263 ie->rsn_ie && sm->ap_rsn_ie == NULL && sm->rsn_enabled) {
1264 wpa_report_ie_mismatch(sm, "Possible downgrade attack "
1274 if (wpa_key_mgmt_ft(sm->key_mgmt) &&
1275 wpa_supplicant_validate_ie_ft(sm, src_addr, ie) < 0)
1285 * @sm: Pointer to WPA state machine data from wpa_sm_init()
1293 int wpa_supplicant_send_4_of_4(struct wpa_sm *sm, const unsigned char *dst,
1302 mic_len = wpa_mic_len(sm->key_mgmt, sm->pmk_len);
1304 rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL,
1309 reply->type = (sm->proto == WPA_PROTO_RSN ||
1310 sm->proto == WPA_PROTO_OSEN) ?
1319 if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN)
1329 wpa_dbg(sm->ctx->msg_ctx, MSG_INFO, "WPA: Sending EAPOL-Key 4/4");
1330 return wpa_eapol_key_send(sm, ptk, ver, dst, ETH_P_EAPOL, rbuf, rlen,
1335 static void wpa_supplicant_process_3_of_4(struct wpa_sm *sm,
1343 wpa_sm_set_state(sm, WPA_4WAY_HANDSHAKE);
1344 wpa_dbg(sm->ctx->msg_ctx, MSG_INFO, "WPA: RX message 3 of 4-Way "
1345 "Handshake from " MACSTR " (ver=%d)", MAC2STR(sm->bssid), ver);
1353 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1359 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1365 wpa_cipher_valid_mgmt_group(sm->mgmt_group_cipher) &&
1367 (unsigned int) wpa_cipher_key_len(sm->mgmt_group_cipher)) {
1368 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1375 if (wpa_supplicant_validate_ie(sm, sm->bssid, &ie) < 0)
1378 if (os_memcmp(sm->anonce, key->key_nonce, WPA_NONCE_LEN) != 0) {
1379 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1382 MACSTR ")", MAC2STR(sm->bssid));
1387 if (keylen != wpa_cipher_key_len(sm->pairwise_cipher)) {
1388 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1390 ")", wpa_cipher_txt(sm->pairwise_cipher), keylen,
1391 MAC2STR(sm->bssid));
1397 os_memcpy(sm->p2p_ip_addr, ie.ip_addr_alloc, 3 * 4);
1399 sm->p2p_ip_addr, sizeof(sm->p2p_ip_addr));
1403 if (wpa_supplicant_send_4_of_4(sm, sm->bssid, key, ver, key_info,
1404 &sm->ptk) < 0) {
1411 sm->renew_snonce = 1;
1414 if (wpa_supplicant_install_ptk(sm, key))
1420 sm, sm->bssid, MLME_SETPROTECTION_PROTECT_TYPE_RX,
1422 eapol_sm_notify_portValid(sm->eapol, TRUE);
1424 wpa_sm_set_state(sm, WPA_GROUP_HANDSHAKE);
1426 if (sm->group_cipher == WPA_CIPHER_GTK_NOT_USED) {
1427 wpa_supplicant_key_neg_complete(sm, sm->bssid,
1430 wpa_supplicant_pairwise_gtk(sm, key,
1432 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1437 if (ieee80211w_set_keys(sm, &ie) < 0) {
1438 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1444 wpa_sm_set_rekey_offload(sm);
1446 if (sm->proto == WPA_PROTO_RSN && wpa_key_mgmt_suite_b(sm->key_mgmt)) {
1449 sa = pmksa_cache_add(sm->pmksa, sm->pmk, sm->pmk_len, NULL,
1450 sm->ptk.kck, sm->ptk.kck_len,
1451 sm->bssid, sm->own_addr,
1452 sm->network_ctx, sm->key_mgmt, NULL);
1453 if (!sm->cur_pmksa)
1454 sm->cur_pmksa = sa;
1457 sm->msg_3_of_4_ok = 1;
1461 wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED);
1465 static int wpa_supplicant_process_1_of_2_rsn(struct wpa_sm *sm,
1479 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1484 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1490 if (wpa_supplicant_check_group_cipher(sm, sm->group_cipher,
1498 gd->tx = wpa_supplicant_gtk_tx_bit_workaround(sm,
1501 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1508 if (ieee80211w_set_keys(sm, &ie) < 0)
1509 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1516 static int wpa_supplicant_process_1_of_2_wpa(struct wpa_sm *sm,
1529 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1538 wpa_supplicant_check_group_cipher(sm, sm->group_cipher,
1546 if (ver == WPA_KEY_INFO_TYPE_HMAC_MD5_RC4 && sm->ptk.kek_len == 16) {
1548 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1554 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1560 os_memcpy(ek + 16, sm->ptk.kek, sm->ptk.kek_len);
1564 wpa_msg(sm->ctx->msg_ctx, MSG_ERROR,
1572 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1578 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1585 if (aes_unwrap(sm->ptk.kek, sm->ptk.kek_len, maxkeylen / 8,
1587 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1593 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1598 sm, !!(key_info & WPA_KEY_INFO_TXRX));
1603 static int wpa_supplicant_send_2_of_2(struct wpa_sm *sm,
1611 mic_len = wpa_mic_len(sm->key_mgmt, sm->pmk_len);
1613 rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL,
1618 reply->type = (sm->proto == WPA_PROTO_RSN ||
1619 sm->proto == WPA_PROTO_OSEN) ?
1628 if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN)
1638 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Sending EAPOL-Key 2/2");
1639 return wpa_eapol_key_send(sm, &sm->ptk, ver, sm->bssid, ETH_P_EAPOL,
1644 static void wpa_supplicant_process_1_of_2(struct wpa_sm *sm,
1655 if (!sm->msg_3_of_4_ok && !wpa_fils_is_completed(sm)) {
1656 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1663 rekey = wpa_sm_get_state(sm) == WPA_COMPLETED;
1664 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: RX message 1 of Group Key "
1669 if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) {
1670 ret = wpa_supplicant_process_1_of_2_rsn(sm, key_data,
1674 ret = wpa_supplicant_process_1_of_2_wpa(sm, key, key_data,
1679 wpa_sm_set_state(sm, WPA_GROUP_HANDSHAKE);
1685 if (wpa_supplicant_rsc_relaxation(sm, key->key_rsc))
1688 if (wpa_supplicant_install_gtk(sm, &gd, key_rsc, 0) ||
1689 wpa_supplicant_send_2_of_2(sm, key, ver, key_info) < 0)
1694 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, "WPA: Group rekeying "
1696 MAC2STR(sm->bssid), wpa_cipher_txt(sm->group_cipher));
1697 wpa_sm_cancel_auth_timeout(sm);
1698 wpa_sm_set_state(sm, WPA_COMPLETED);
1700 wpa_supplicant_key_neg_complete(sm, sm->bssid,
1705 wpa_sm_set_rekey_offload(sm);
1711 wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED);
1715 static int wpa_supplicant_verify_eapol_key_mic(struct wpa_sm *sm,
1722 size_t mic_len = wpa_mic_len(sm->key_mgmt, sm->pmk_len);
1725 if (sm->tptk_set) {
1727 if (wpa_eapol_key_mic(sm->tptk.kck, sm->tptk.kck_len,
1728 sm->key_mgmt,
1731 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1736 sm->tptk_set = 0;
1737 sm->ptk_set = 1;
1738 os_memcpy(&sm->ptk, &sm->tptk, sizeof(sm->ptk));
1739 os_memset(&sm->tptk, 0, sizeof(sm->tptk));
1741 * This assures the same TPTK in sm->tptk can never be
1742 * copied twice to sm->pkt as the new PTK. In
1747 sm->renew_snonce = 1;
1751 if (!ok && sm->ptk_set) {
1753 if (wpa_eapol_key_mic(sm->ptk.kck, sm->ptk.kck_len,
1754 sm->key_mgmt,
1757 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1766 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1772 os_memcpy(sm->rx_replay_counter, key->replay_counter,
1774 sm->rx_replay_counter_set = 1;
1780 static int wpa_supplicant_decrypt_key_data(struct wpa_sm *sm,
1787 if (!sm->ptk_set) {
1788 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1796 if (ver == WPA_KEY_INFO_TYPE_HMAC_MD5_RC4 && sm->ptk.kek_len == 16) {
1798 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1806 os_memcpy(ek + 16, sm->ptk.kek, sm->ptk.kek_len);
1809 wpa_msg(sm->ctx->msg_ctx, MSG_ERROR,
1817 sm->key_mgmt == WPA_KEY_MGMT_OWE ||
1818 sm->key_mgmt == WPA_KEY_MGMT_DPP ||
1819 sm->key_mgmt == WPA_KEY_MGMT_OSEN ||
1820 wpa_key_mgmt_suite_b(sm->key_mgmt)) {
1825 (unsigned int) sm->ptk.kek_len);
1827 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1835 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1839 if (aes_unwrap(sm->ptk.kek, sm->ptk.kek_len, *key_data_len / 8,
1842 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1851 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1863 * @sm: Pointer to WPA state machine data from wpa_sm_init()
1865 void wpa_sm_aborted_cached(struct wpa_sm *sm)
1867 if (sm && sm->cur_pmksa) {
1868 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1870 sm->cur_pmksa = NULL;
1875 static void wpa_eapol_key_dump(struct wpa_sm *sm,
1883 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, " EAPOL-Key type=%d", key->type);
1884 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1898 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1913 static int wpa_supp_aead_decrypt(struct wpa_sm *sm, u8 *buf, size_t buf_len,
1928 if (sm->tptk_set)
1929 ptk = &sm->tptk;
1930 else if (sm->ptk_set)
1931 ptk = &sm->ptk;
1966 if (sm->tptk_set) {
1967 sm->tptk_set = 0;
1968 sm->ptk_set = 1;
1969 os_memcpy(&sm->ptk, &sm->tptk, sizeof(sm->ptk));
1970 os_memset(&sm->tptk, 0, sizeof(sm->tptk));
1973 os_memcpy(sm->rx_replay_counter, key->replay_counter,
1975 sm->rx_replay_counter_set = 1;
1984 * @sm: Pointer to WPA state machine data from wpa_sm_init()
1998 int wpa_sm_rx_eapol(struct wpa_sm *sm, const u8 *src_addr,
2011 sm->ft_completed = 0;
2014 mic_len = wpa_mic_len(sm->key_mgmt, sm->pmk_len);
2018 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
2029 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
2037 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
2045 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
2053 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
2071 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
2079 wpa_eapol_key_dump(sm, key, key_data_len, mic, mic_len);
2082 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, "WPA: Invalid EAPOL-Key "
2089 eapol_sm_notify_lower_layer_success(sm->eapol, 0);
2097 !wpa_key_mgmt_suite_b(sm->key_mgmt) &&
2098 !wpa_key_mgmt_fils(sm->key_mgmt) &&
2099 sm->key_mgmt != WPA_KEY_MGMT_OWE &&
2100 sm->key_mgmt != WPA_KEY_MGMT_DPP &&
2101 sm->key_mgmt != WPA_KEY_MGMT_OSEN) {
2102 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
2108 if (sm->key_mgmt == WPA_KEY_MGMT_OSEN &&
2110 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
2116 if ((wpa_key_mgmt_suite_b(sm->key_mgmt) ||
2117 wpa_key_mgmt_fils(sm->key_mgmt) ||
2118 sm->key_mgmt == WPA_KEY_MGMT_DPP ||
2119 sm->key_mgmt == WPA_KEY_MGMT_OWE) &&
2121 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
2128 if (wpa_key_mgmt_ft(sm->key_mgmt)) {
2131 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
2138 if (wpa_key_mgmt_sha256(sm->key_mgmt)) {
2140 sm->key_mgmt != WPA_KEY_MGMT_OSEN &&
2141 !wpa_key_mgmt_fils(sm->key_mgmt) &&
2142 !wpa_key_mgmt_suite_b(sm->key_mgmt)) {
2143 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
2150 if (sm->pairwise_cipher == WPA_CIPHER_CCMP &&
2151 !wpa_key_mgmt_suite_b(sm->key_mgmt) &&
2152 !wpa_key_mgmt_fils(sm->key_mgmt) &&
2153 sm->key_mgmt != WPA_KEY_MGMT_OWE &&
2154 sm->key_mgmt != WPA_KEY_MGMT_DPP &&
2156 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
2159 if (sm->group_cipher != WPA_CIPHER_CCMP &&
2165 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
2169 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
2173 } else if (sm->pairwise_cipher == WPA_CIPHER_GCMP &&
2174 !wpa_key_mgmt_suite_b(sm->key_mgmt) &&
2176 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
2182 if (sm->rx_replay_counter_set &&
2183 os_memcmp(key->replay_counter, sm->rx_replay_counter,
2185 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
2192 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
2198 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
2204 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
2210 wpa_supplicant_verify_eapol_key_mic(sm, key, ver, tmp, data_len))
2215 if (wpa_supp_aead_decrypt(sm, tmp, data_len, &key_data_len))
2220 if ((sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) &&
2222 if (wpa_supplicant_decrypt_key_data(sm, key, mic_len,
2230 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
2238 wpa_supplicant_process_3_of_4(sm, key, ver, key_data,
2242 wpa_supplicant_process_1_of_4(sm, src_addr, key,
2250 wpa_supplicant_process_1_of_2(sm, src_addr, key,
2254 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
2269 static u32 wpa_key_mgmt_suite(struct wpa_sm *sm)
2271 switch (sm->key_mgmt) {
2273 return ((sm->proto == WPA_PROTO_RSN ||
2274 sm->proto == WPA_PROTO_OSEN) ?
2278 return (sm->proto == WPA_PROTO_RSN ?
2294 return (sm->proto == WPA_PROTO_RSN ?
2315 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2322 int wpa_sm_get_mib(struct wpa_sm *sm, char *buf, size_t buflen)
2328 if (sm->cur_pmksa) {
2330 sm->cur_pmksa->pmkid, PMKID_LEN);
2334 if ((wpa_key_mgmt_wpa_psk(sm->key_mgmt) ||
2335 wpa_key_mgmt_wpa_ieee8021x(sm->key_mgmt)) &&
2336 sm->proto == WPA_PROTO_RSN)
2356 wpa_cipher_key_len(sm->group_cipher) * 8,
2357 sm->dot11RSNAConfigPMKLifetime,
2358 sm->dot11RSNAConfigPMKReauthThreshold,
2359 sm->dot11RSNAConfigSATimeout);
2375 RSN_SUITE_ARG(wpa_key_mgmt_suite(sm)),
2376 RSN_SUITE_ARG(wpa_cipher_to_suite(sm->proto,
2377 sm->pairwise_cipher)),
2378 RSN_SUITE_ARG(wpa_cipher_to_suite(sm->proto,
2379 sm->group_cipher)),
2381 RSN_SUITE_ARG(wpa_key_mgmt_suite(sm)),
2382 RSN_SUITE_ARG(wpa_cipher_to_suite(sm->proto,
2383 sm->pairwise_cipher)),
2384 RSN_SUITE_ARG(wpa_cipher_to_suite(sm->proto,
2385 sm->group_cipher)),
2386 sm->dot11RSNA4WayHandshakeFailures);
2398 struct wpa_sm *sm = ctx;
2401 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "RSN: PMKSA cache entry free_cb: "
2404 if (sm->cur_pmksa == entry) {
2405 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
2408 pmksa_cache_clear_current(sm);
2421 (sm->pmk_len == entry->pmk_len &&
2422 os_memcmp(sm->pmk, entry->pmk, sm->pmk_len) == 0)) {
2423 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
2425 pmksa_cache_clear_current(sm);
2430 os_memset(sm->pmk, 0, sizeof(sm->pmk));
2431 wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED);
2446 struct wpa_sm *sm;
2448 sm = os_zalloc(sizeof(*sm));
2449 if (sm == NULL)
2451 dl_list_init(&sm->pmksa_candidates);
2452 sm->renew_snonce = 1;
2453 sm->ctx = ctx;
2455 sm->dot11RSNAConfigPMKLifetime = 43200;
2456 sm->dot11RSNAConfigPMKReauthThreshold = 70;
2457 sm->dot11RSNAConfigSATimeout = 60;
2459 sm->pmksa = pmksa_cache_init(wpa_sm_pmksa_free_cb, sm, sm);
2460 if (sm->pmksa == NULL) {
2461 wpa_msg(sm->ctx->msg_ctx, MSG_ERROR,
2463 os_free(sm);
2467 return sm;
2473 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2475 void wpa_sm_deinit(struct wpa_sm *sm)
2477 if (sm == NULL)
2479 pmksa_cache_deinit(sm->pmksa);
2480 eloop_cancel_timeout(wpa_sm_start_preauth, sm, NULL);
2481 eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL);
2482 os_free(sm->assoc_wpa_ie);
2483 os_free(sm->ap_wpa_ie);
2484 os_free(sm->ap_rsn_ie);
2485 wpa_sm_drop_sa(sm);
2486 os_free(sm->ctx);
2488 os_free(sm->assoc_resp_ies);
2491 wpabuf_free(sm->test_assoc_ie);
2494 crypto_ecdh_deinit(sm->fils_ecdh);
2497 wpabuf_free(sm->fils_ft_ies);
2500 crypto_ecdh_deinit(sm->owe_ecdh);
2502 os_free(sm);
2508 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2514 void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid)
2518 if (sm == NULL)
2521 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
2523 os_memcpy(sm->bssid, bssid, ETH_ALEN);
2524 os_memset(sm->rx_replay_counter, 0, WPA_REPLAY_COUNTER_LEN);
2525 sm->rx_replay_counter_set = 0;
2526 sm->renew_snonce = 1;
2527 if (os_memcmp(sm->preauth_bssid, bssid, ETH_ALEN) == 0)
2528 rsn_preauth_deinit(sm);
2531 if (wpa_ft_is_completed(sm)) {
2536 eapol_sm_notify_portValid(sm->eapol, FALSE);
2537 wpa_supplicant_key_neg_complete(sm, sm->bssid, 1);
2540 wpa_ft_prepare_auth_request(sm, NULL);
2546 if (sm->fils_completed) {
2551 wpa_supplicant_key_neg_complete(sm, sm->bssid, 1);
2561 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Clear old PTK");
2562 sm->ptk_set = 0;
2563 os_memset(&sm->ptk, 0, sizeof(sm->ptk));
2564 sm->tptk_set = 0;
2565 os_memset(&sm->tptk, 0, sizeof(sm->tptk));
2566 os_memset(&sm->gtk, 0, sizeof(sm->gtk));
2567 os_memset(&sm->gtk_wnm_sleep, 0, sizeof(sm->gtk_wnm_sleep));
2569 os_memset(&sm->igtk, 0, sizeof(sm->igtk));
2570 os_memset(&sm->igtk_wnm_sleep, 0, sizeof(sm->igtk_wnm_sleep));
2575 wpa_tdls_assoc(sm);
2579 os_memset(sm->p2p_ip_addr, 0, sizeof(sm->p2p_ip_addr));
2586 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2591 void wpa_sm_notify_disassoc(struct wpa_sm *sm)
2593 eloop_cancel_timeout(wpa_sm_start_preauth, sm, NULL);
2594 eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL);
2595 rsn_preauth_deinit(sm);
2596 pmksa_cache_clear_current(sm);
2597 if (wpa_sm_get_state(sm) == WPA_4WAY_HANDSHAKE)
2598 sm->dot11RSNA4WayHandshakeFailures++;
2600 wpa_tdls_disassoc(sm);
2603 sm->fils_completed = 0;
2606 sm->ft_reassoc_completed = 0;
2610 wpa_sm_drop_sa(sm);
2612 sm->msg_3_of_4_ok = 0;
2613 os_memset(sm->bssid, 0, ETH_ALEN);
2619 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2627 void wpa_sm_set_pmk(struct wpa_sm *sm, const u8 *pmk, size_t pmk_len,
2630 if (sm == NULL)
2635 sm->pmk_len = pmk_len;
2636 os_memcpy(sm->pmk, pmk, pmk_len);
2640 sm->xxkey_len = pmk_len;
2641 os_memcpy(sm->xxkey, pmk, pmk_len);
2645 pmksa_cache_add(sm->pmksa, pmk, pmk_len, pmkid, NULL, 0,
2646 bssid, sm->own_addr,
2647 sm->network_ctx, sm->key_mgmt, NULL);
2654 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2659 void wpa_sm_set_pmk_from_pmksa(struct wpa_sm *sm)
2661 if (sm == NULL)
2664 if (sm->cur_pmksa) {
2667 sm->cur_pmksa->pmk, sm->cur_pmksa->pmk_len);
2668 sm->pmk_len = sm->cur_pmksa->pmk_len;
2669 os_memcpy(sm->pmk, sm->cur_pmksa->pmk, sm->pmk_len);
2672 sm->pmk_len = 0;
2673 os_memset(sm->pmk, 0, PMK_LEN_MAX);
2680 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2683 void wpa_sm_set_fast_reauth(struct wpa_sm *sm, int fast_reauth)
2685 if (sm)
2686 sm->fast_reauth = fast_reauth;
2692 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2695 void wpa_sm_set_scard_ctx(struct wpa_sm *sm, void *scard_ctx)
2697 if (sm == NULL)
2699 sm->scard_ctx = scard_ctx;
2700 if (sm->preauth_eapol)
2701 eapol_sm_register_scard_ctx(sm->preauth_eapol, scard_ctx);
2707 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2714 void wpa_sm_set_config(struct wpa_sm *sm, struct rsn_supp_config *config)
2716 if (!sm)
2720 sm->network_ctx = config->network_ctx;
2721 sm->allowed_pairwise_cipher = config->allowed_pairwise_cipher;
2722 sm->proactive_key_caching = config->proactive_key_caching;
2723 sm->eap_workaround = config->eap_workaround;
2724 sm->eap_conf_ctx = config->eap_conf_ctx;
2726 os_memcpy(sm->ssid, config->ssid, config->ssid_len);
2727 sm->ssid_len = config->ssid_len;
2729 sm->ssid_len = 0;
2730 sm->wpa_ptk_rekey = config->wpa_ptk_rekey;
2731 sm->p2p = config->p2p;
2732 sm->wpa_rsc_relaxation = config->wpa_rsc_relaxation;
2735 sm->fils_cache_id_set = 1;
2736 os_memcpy(sm->fils_cache_id, config->fils_cache_id,
2739 sm->fils_cache_id_set = 0;
2743 sm->network_ctx = NULL;
2744 sm->allowed_pairwise_cipher = 0;
2745 sm->proactive_key_caching = 0;
2746 sm->eap_workaround = 0;
2747 sm->eap_conf_ctx = NULL;
2748 sm->ssid_len = 0;
2749 sm->wpa_ptk_rekey = 0;
2750 sm->p2p = 0;
2751 sm->wpa_rsc_relaxation = 0;
2758 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2761 void wpa_sm_set_own_addr(struct wpa_sm *sm, const u8 *addr)
2763 if (sm)
2764 os_memcpy(sm->own_addr, addr, ETH_ALEN);
2770 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2774 void wpa_sm_set_ifname(struct wpa_sm *sm, const char *ifname,
2777 if (sm) {
2778 sm->ifname = ifname;
2779 sm->bridge_ifname = bridge_ifname;
2786 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2789 void wpa_sm_set_eapol(struct wpa_sm *sm, struct eapol_sm *eapol)
2791 if (sm)
2792 sm->eapol = eapol;
2798 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2803 int wpa_sm_set_param(struct wpa_sm *sm, enum wpa_sm_conf_params param,
2808 if (sm == NULL)
2814 sm->dot11RSNAConfigPMKLifetime = value;
2820 sm->dot11RSNAConfigPMKReauthThreshold = value;
2826 sm->dot11RSNAConfigSATimeout = value;
2831 sm->proto = value;
2834 sm->pairwise_cipher = value;
2837 sm->group_cipher = value;
2840 sm->key_mgmt = value;
2844 sm->mgmt_group_cipher = value;
2848 sm->rsn_enabled = value;
2851 sm->mfp = value;
2863 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2873 int wpa_sm_get_status(struct wpa_sm *sm, char *buf, size_t buflen,
2883 wpa_cipher_txt(sm->pairwise_cipher),
2884 wpa_cipher_txt(sm->group_cipher),
2885 wpa_key_mgmt_txt(sm->key_mgmt, sm->proto));
2890 if (sm->mfp != NO_MGMT_FRAME_PROTECTION && sm->ap_rsn_ie) {
2892 if (wpa_parse_wpa_ie_rsn(sm->ap_rsn_ie, sm->ap_rsn_ie_len, &rsn)
2901 sm->mgmt_group_cipher));
2912 int wpa_sm_pmf_enabled(struct wpa_sm *sm)
2916 if (sm->mfp == NO_MGMT_FRAME_PROTECTION || !sm->ap_rsn_ie)
2919 if (wpa_parse_wpa_ie_rsn(sm->ap_rsn_ie, sm->ap_rsn_ie_len, &rsn) >= 0 &&
2929 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2934 int wpa_sm_set_assoc_wpa_ie_default(struct wpa_sm *sm, u8 *wpa_ie,
2939 if (sm == NULL)
2943 if (sm->test_assoc_ie) {
2946 if (*wpa_ie_len < wpabuf_len(sm->test_assoc_ie))
2948 os_memcpy(wpa_ie, wpabuf_head(sm->test_assoc_ie),
2949 wpabuf_len(sm->test_assoc_ie));
2950 res = wpabuf_len(sm->test_assoc_ie);
2953 res = wpa_gen_wpa_ie(sm, wpa_ie, *wpa_ie_len);
2961 if (sm->assoc_wpa_ie == NULL) {
2967 sm->assoc_wpa_ie = os_memdup(wpa_ie, *wpa_ie_len);
2968 if (sm->assoc_wpa_ie == NULL)
2971 sm->assoc_wpa_ie_len = *wpa_ie_len;
2975 sm->assoc_wpa_ie, sm->assoc_wpa_ie_len);
2984 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2993 int wpa_sm_set_assoc_wpa_ie(struct wpa_sm *sm, const u8 *ie, size_t len)
2995 if (sm == NULL)
2998 os_free(sm->assoc_wpa_ie);
3000 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
3002 sm->assoc_wpa_ie = NULL;
3003 sm->assoc_wpa_ie_len = 0;
3006 sm->assoc_wpa_ie = os_memdup(ie, len);
3007 if (sm->assoc_wpa_ie == NULL)
3010 sm->assoc_wpa_ie_len = len;
3019 * @sm: Pointer to WPA state machine data from wpa_sm_init()
3027 int wpa_sm_set_ap_wpa_ie(struct wpa_sm *sm, const u8 *ie, size_t len)
3029 if (sm == NULL)
3032 os_free(sm->ap_wpa_ie);
3034 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
3036 sm->ap_wpa_ie = NULL;
3037 sm->ap_wpa_ie_len = 0;
3040 sm->ap_wpa_ie = os_memdup(ie, len);
3041 if (sm->ap_wpa_ie == NULL)
3044 sm->ap_wpa_ie_len = len;
3053 * @sm: Pointer to WPA state machine data from wpa_sm_init()
3061 int wpa_sm_set_ap_rsn_ie(struct wpa_sm *sm, const u8 *ie, size_t len)
3063 if (sm == NULL)
3066 os_free(sm->ap_rsn_ie);
3068 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
3070 sm->ap_rsn_ie = NULL;
3071 sm->ap_rsn_ie_len = 0;
3074 sm->ap_rsn_ie = os_memdup(ie, len);
3075 if (sm->ap_rsn_ie == NULL)
3078 sm->ap_rsn_ie_len = len;
3087 * @sm: Pointer to WPA state machine data from wpa_sm_init()
3094 int wpa_sm_parse_own_wpa_ie(struct wpa_sm *sm, struct wpa_ie_data *data)
3096 if (sm == NULL)
3099 if (sm->assoc_wpa_ie == NULL) {
3100 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
3104 if (wpa_parse_wpa_ie(sm->assoc_wpa_ie, sm->assoc_wpa_ie_len, data))
3110 int wpa_sm_pmksa_cache_list(struct wpa_sm *sm, char *buf, size_t len)
3112 return pmksa_cache_list(sm->pmksa, buf, len);
3116 struct rsn_pmksa_cache_entry * wpa_sm_pmksa_cache_head(struct wpa_sm *sm)
3118 return pmksa_cache_head(sm->pmksa);
3123 wpa_sm_pmksa_cache_add_entry(struct wpa_sm *sm,
3126 return pmksa_cache_add_entry(sm->pmksa, entry);
3130 void wpa_sm_pmksa_cache_add(struct wpa_sm *sm, const u8 *pmk, size_t pmk_len,
3134 sm->cur_pmksa = pmksa_cache_add(sm->pmksa, pmk, pmk_len, pmkid, NULL, 0,
3135 bssid, sm->own_addr, sm->network_ctx,
3136 sm->key_mgmt, fils_cache_id);
3140 int wpa_sm_pmksa_exists(struct wpa_sm *sm, const u8 *bssid,
3143 return pmksa_cache_get(sm->pmksa, bssid, NULL, network_ctx) != NULL;
3147 void wpa_sm_drop_sa(struct wpa_sm *sm)
3149 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Clear old PMK and PTK");
3150 sm->ptk_set = 0;
3151 sm->tptk_set = 0;
3152 os_memset(sm->pmk, 0, sizeof(sm->pmk));
3153 os_memset(&sm->ptk, 0, sizeof(sm->ptk));
3154 os_memset(&sm->tptk, 0, sizeof(sm->tptk));
3155 os_memset(&sm->gtk, 0, sizeof(sm->gtk));
3156 os_memset(&sm->gtk_wnm_sleep, 0, sizeof(sm->gtk_wnm_sleep));
3158 os_memset(&sm->igtk, 0, sizeof(sm->igtk));
3159 os_memset(&sm->igtk_wnm_sleep, 0, sizeof(sm->igtk_wnm_sleep));
3162 os_memset(sm->xxkey, 0, sizeof(sm->xxkey));
3163 os_memset(sm->pmk_r0, 0, sizeof(sm->pmk_r0));
3164 os_memset(sm->pmk_r1, 0, sizeof(sm->pmk_r1));
3169 int wpa_sm_has_ptk(struct wpa_sm *sm)
3171 if (sm == NULL)
3173 return sm->ptk_set;
3177 void wpa_sm_update_replay_ctr(struct wpa_sm *sm, const u8 *replay_ctr)
3179 os_memcpy(sm->rx_replay_counter, replay_ctr, WPA_REPLAY_COUNTER_LEN);
3183 void wpa_sm_pmksa_cache_flush(struct wpa_sm *sm, void *network_ctx)
3185 pmksa_cache_flush(sm->pmksa, network_ctx, NULL, 0);
3190 int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf)
3200 keylen = wpa_cipher_key_len(sm->group_cipher);
3201 gd.key_rsc_len = wpa_cipher_rsc_len(sm->group_cipher);
3202 gd.alg = wpa_cipher_to_alg(sm->group_cipher);
3218 sm, !!(keyinfo & WPA_KEY_INFO_TXRX));
3224 if (wpa_supplicant_install_gtk(sm, &gd, key_rsc, 1)) {
3236 if (wpa_supplicant_install_igtk(sm, igtk, 1) < 0)
3251 int wpa_sm_get_p2p_ip_addr(struct wpa_sm *sm, u8 *buf)
3253 if (sm == NULL || WPA_GET_BE32(sm->p2p_ip_addr) == 0)
3255 os_memcpy(buf, sm->p2p_ip_addr, 3 * 4);
3262 void wpa_sm_set_rx_replay_ctr(struct wpa_sm *sm, const u8 *rx_replay_counter)
3267 os_memcpy(sm->rx_replay_counter, rx_replay_counter,
3269 sm->rx_replay_counter_set = 1;
3274 void wpa_sm_set_ptk_kck_kek(struct wpa_sm *sm,
3279 os_memcpy(sm->ptk.kck, ptk_kck, ptk_kck_len);
3280 sm->ptk.kck_len = ptk_kck_len;
3284 os_memcpy(sm->ptk.kek, ptk_kek, ptk_kek_len);
3285 sm->ptk.kek_len = ptk_kek_len;
3288 sm->ptk_set = 1;
3294 void wpa_sm_set_test_assoc_ie(struct wpa_sm *sm, struct wpabuf *buf)
3296 wpabuf_free(sm->test_assoc_ie);
3297 sm->test_assoc_ie = buf;
3301 const u8 * wpa_sm_get_anonce(struct wpa_sm *sm)
3303 return sm->anonce;
3311 struct wpabuf * fils_build_auth(struct wpa_sm *sm, int dh_group, const u8 *md)
3317 erp_msg = eapol_sm_build_erp_reauth_start(sm->eapol);
3318 if (!erp_msg && !sm->cur_pmksa) {
3325 erp_msg != NULL, sm->cur_pmksa != NULL);
3327 sm->fils_completed = 0;
3329 if (!sm->assoc_wpa_ie) {
3334 if (random_get_bytes(sm->fils_nonce, FILS_NONCE_LEN) < 0 ||
3335 random_get_bytes(sm->fils_session, FILS_SESSION_LEN) < 0)
3339 sm->fils_nonce, FILS_NONCE_LEN);
3341 sm->fils_session, FILS_SESSION_LEN);
3344 sm->fils_dh_group = dh_group;
3346 crypto_ecdh_deinit(sm->fils_ecdh);
3347 sm->fils_ecdh = crypto_ecdh_init(dh_group);
3348 if (!sm->fils_ecdh) {
3354 pub = crypto_ecdh_get_pubkey(sm->fils_ecdh, 1);
3359 sm->fils_dh_elem_len = wpabuf_len(pub);
3363 buf = wpabuf_alloc(1000 + sm->assoc_wpa_ie_len +
3388 sm->assoc_wpa_ie, sm->assoc_wpa_ie_len);
3389 wpabuf_put_data(buf, sm->assoc_wpa_ie, sm->assoc_wpa_ie_len);
3407 wpabuf_put_data(buf, sm->fils_nonce, FILS_NONCE_LEN);
3414 wpabuf_put_data(buf, sm->fils_session, FILS_SESSION_LEN);
3417 sm->fils_erp_pmkid_set = 0;
3426 if (fils_pmkid_erp(sm->key_mgmt, wpabuf_head(erp_msg),
3428 sm->fils_erp_pmkid) == 0)
3429 sm->fils_erp_pmkid_set = 1;
3442 int fils_process_auth(struct wpa_sm *sm, const u8 *bssid, const u8 *data,
3459 os_memcpy(sm->bssid, bssid, ETH_ALEN);
3468 if (sm->fils_dh_group) {
3481 if (group != sm->fils_dh_group) {
3484 group, sm->fils_dh_group);
3489 sm->fils_dh_elem_len) {
3494 if (!sm->fils_ecdh) {
3498 dh_ss = crypto_ecdh_set_peerkey(sm->fils_ecdh, 1, pos,
3499 sm->fils_dh_elem_len);
3506 g_ap_len = sm->fils_dh_elem_len;
3507 pos += sm->fils_dh_elem_len;
3531 os_memcpy(sm->fils_anonce, elems.fils_nonce, FILS_NONCE_LEN);
3532 wpa_hexdump(MSG_DEBUG, "FILS: ANonce", sm->fils_anonce, FILS_NONCE_LEN);
3534 if (wpa_key_mgmt_ft(sm->key_mgmt)) {
3552 os_memcpy(sm->r0kh_id, parse.r0kh_id, parse.r0kh_id_len);
3553 sm->r0kh_id_len = parse.r0kh_id_len;
3555 sm->r0kh_id, sm->r0kh_id_len);
3562 os_memcpy(sm->r1kh_id, parse.r1kh_id, FT_R1KH_ID_LEN);
3564 sm->r1kh_id, FT_R1KH_ID_LEN);
3568 wpabuf_free(sm->fils_ft_ies);
3569 sm->fils_ft_ies = wpabuf_alloc(2 + elems.mdie_len +
3571 if (!sm->fils_ft_ies)
3573 wpabuf_put_data(sm->fils_ft_ies, elems.mdie - 2,
3575 wpabuf_put_data(sm->fils_ft_ies, elems.ftie - 2,
3578 wpabuf_free(sm->fils_ft_ies);
3579 sm->fils_ft_ies = NULL;
3592 if (os_memcmp(sm->cur_pmksa->pmkid, rsn.pmkid, PMKID_LEN) != 0)
3596 sm->cur_pmksa->pmkid, PMKID_LEN);
3603 if (!pmkid_match && sm->cur_pmksa) {
3606 sm->cur_pmksa = NULL;
3616 if (os_memcmp(sm->fils_session, elems.fils_session, FILS_SESSION_LEN)
3620 sm->fils_session, FILS_SESSION_LEN);
3625 if (!sm->cur_pmksa && elems.fils_wrapped_data) {
3632 eapol_sm_process_erp_finish(sm->eapol, elems.fils_wrapped_data,
3634 if (eapol_sm_failed(sm->eapol))
3638 res = eapol_sm_get_key(sm->eapol, rmsk, rmsk_len);
3641 res = eapol_sm_get_key(sm->eapol, rmsk, rmsk_len);
3646 res = fils_rmsk_to_pmk(sm->key_mgmt, rmsk, rmsk_len,
3647 sm->fils_nonce, sm->fils_anonce,
3650 sm->pmk, &sm->pmk_len);
3661 if (!sm->fils_erp_pmkid_set) {
3665 wpa_hexdump(MSG_DEBUG, "FILS: PMKID", sm->fils_erp_pmkid,
3668 sm->cur_pmksa = pmksa_cache_add(sm->pmksa, sm->pmk, sm->pmk_len,
3669 sm->fils_erp_pmkid, NULL, 0,
3670 sm->bssid, sm->own_addr,
3671 sm->network_ctx, sm->key_mgmt,
3675 if (!sm->cur_pmksa) {
3681 if (fils_pmk_to_ptk(sm->pmk, sm->pmk_len, sm->own_addr, sm->bssid,
3682 sm->fils_nonce, sm->fils_anonce,
3685 &sm->ptk, ick, &ick_len,
3686 sm->key_mgmt, sm->pairwise_cipher,
3687 sm->fils_ft, &sm->fils_ft_len) < 0) {
3695 sm->ptk_set = 1;
3696 sm->tptk_set = 0;
3697 os_memset(&sm->tptk, 0, sizeof(sm->tptk));
3700 if (sm->fils_dh_group) {
3701 if (!sm->fils_ecdh) {
3705 pub = crypto_ecdh_get_pubkey(sm->fils_ecdh, 1);
3719 res = fils_key_auth_sk(ick, ick_len, sm->fils_nonce,
3720 sm->fils_anonce, sm->own_addr, sm->bssid,
3722 sm->key_mgmt, sm->fils_key_auth_sta,
3723 sm->fils_key_auth_ap,
3724 &sm->fils_key_auth_len);
3736 static int fils_ft_build_assoc_req_rsne(struct wpa_sm *sm, struct wpabuf *buf)
3748 if (!wpa_cipher_valid_group(sm->group_cipher)) {
3750 sm->group_cipher);
3755 sm->group_cipher));
3761 if (!wpa_cipher_valid_pairwise(sm->pairwise_cipher)) {
3763 sm->pairwise_cipher);
3768 sm->pairwise_cipher));
3775 if (sm->key_mgmt == WPA_KEY_MGMT_FT_FILS_SHA256)
3777 else if (sm->key_mgmt == WPA_KEY_MGMT_FT_FILS_SHA384)
3782 sm->key_mgmt);
3789 if (sm->mgmt_group_cipher == WPA_CIPHER_AES_128_CMAC)
3799 sm->fils_ft, sm->fils_ft_len);
3800 wpa_hexdump_ascii(MSG_DEBUG, "FILS+FT: SSID", sm->ssid, sm->ssid_len);
3802 sm->mobility_domain, MOBILITY_DOMAIN_ID_LEN);
3804 sm->r0kh_id, sm->r0kh_id_len);
3805 if (wpa_derive_pmk_r0(sm->fils_ft, sm->fils_ft_len, sm->ssid,
3806 sm->ssid_len, sm->mobility_domain,
3807 sm->r0kh_id, sm->r0kh_id_len, sm->own_addr,
3808 sm->pmk_r0, sm->pmk_r0_name) < 0) {
3812 wpa_hexdump_key(MSG_DEBUG, "FILS+FT: PMK-R0", sm->pmk_r0, PMK_LEN);
3814 sm->pmk_r0_name, WPA_PMK_NAME_LEN);
3816 MAC2STR(sm->r1kh_id));
3818 if (wpa_derive_pmk_r1_name(sm->pmk_r0_name, sm->r1kh_id, sm->own_addr,
3826 if (sm->mgmt_group_cipher == WPA_CIPHER_AES_128_CMAC) {
3839 struct wpabuf * fils_build_assoc_req(struct wpa_sm *sm, const u8 **kek,
3851 if (sm->fils_ft_ies)
3852 len += wpabuf_len(sm->fils_ft_ies);
3853 if (wpa_key_mgmt_ft(sm->key_mgmt))
3863 if (wpa_key_mgmt_ft(sm->key_mgmt) && sm->fils_ft_ies) {
3865 wpabuf_put_buf(buf, sm->fils_ft_ies);
3867 if (fils_ft_build_assoc_req_rsne(sm, buf) < 0) {
3879 wpabuf_put_data(buf, sm->fils_session, FILS_SESSION_LEN);
3888 wpabuf_put_u8(buf, 1 + sm->fils_key_auth_len); /* Length */
3891 wpabuf_put_data(buf, sm->fils_key_auth_sta, sm->fils_key_auth_len);
3926 *kek = sm->ptk.kek;
3927 *kek_len = sm->ptk.kek_len;
3929 *snonce = sm->fils_nonce;
3932 *anonce = sm->fils_anonce;
3940 static void fils_process_hlp_resp(struct wpa_sm *sm, const u8 *resp, size_t len)
3952 wpa_sm_fils_hlp_rx(sm, resp, resp + ETH_ALEN, pos, end - pos);
3956 static void fils_process_hlp_container(struct wpa_sm *sm, const u8 *pos,
3998 fils_process_hlp_resp(sm, tmp, tmp_pos - tmp);
4005 int fils_process_assoc_resp(struct wpa_sm *sm, const u8 *resp, size_t len)
4016 if (!sm || !sm->ptk_set) {
4021 if (!wpa_key_mgmt_fils(sm->key_mgmt)) {
4026 if (sm->fils_completed) {
4054 if (os_memcmp(elems.fils_session, sm->fils_session,
4060 sm->fils_session, FILS_SESSION_LEN);
4069 if (elems.fils_key_confirm_len != sm->fils_key_auth_len) {
4073 (int) sm->fils_key_auth_len);
4076 if (os_memcmp(elems.fils_key_confirm, sm->fils_key_auth_ap,
4077 sm->fils_key_auth_len) != 0) {
4083 sm->fils_key_auth_ap, sm->fils_key_auth_len);
4106 if (wpa_supplicant_check_group_cipher(sm, sm->group_cipher,
4113 gd.tx = wpa_supplicant_gtk_tx_bit_workaround(sm,
4123 if (wpa_supplicant_install_gtk(sm, &gd, elems.key_delivery, 0) < 0) {
4128 if (ieee80211w_set_keys(sm, &kde) < 0) {
4133 alg = wpa_cipher_to_alg(sm->pairwise_cipher);
4134 keylen = wpa_cipher_key_len(sm->pairwise_cipher);
4135 if (keylen <= 0 || (unsigned int) keylen != sm->ptk.tk_len) {
4137 keylen, (long unsigned int) sm->ptk.tk_len);
4140 rsclen = wpa_cipher_rsc_len(sm->pairwise_cipher);
4142 sm->ptk.tk, keylen);
4143 if (wpa_sm_set_key(sm, alg, sm->bssid, 0, 1, null_rsc, rsclen,
4144 sm->ptk.tk, keylen) < 0) {
4145 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
4148 alg, keylen, MAC2STR(sm->bssid));
4155 os_memset(sm->ptk.tk, 0, WPA_TK_MAX_LEN);
4156 sm->ptk.tk_len = 0;
4157 sm->ptk.installed = 1;
4160 fils_process_hlp_container(sm, ie_start, end - ie_start);
4165 sm->fils_completed = 1;
4173 void wpa_sm_set_reset_fils_completed(struct wpa_sm *sm, int set)
4175 if (sm)
4176 sm->fils_completed = !!set;
4182 int wpa_fils_is_completed(struct wpa_sm *sm)
4185 return sm && sm->fils_completed;
4194 struct wpabuf * owe_build_assoc_req(struct wpa_sm *sm, u16 group)
4208 crypto_ecdh_deinit(sm->owe_ecdh);
4209 sm->owe_ecdh = crypto_ecdh_init(group);
4210 if (!sm->owe_ecdh)
4212 sm->owe_group = group;
4213 pub = crypto_ecdh_get_pubkey(sm->owe_ecdh, 0);
4233 crypto_ecdh_deinit(sm->owe_ecdh);
4234 sm->owe_ecdh = NULL;
4239 int owe_process_assoc_resp(struct wpa_sm *sm, const u8 *bssid,
4261 if (sm->cur_pmksa && elems.rsn_ie &&
4265 os_memcmp(sm->cur_pmksa->pmkid, data.pmkid, PMKID_LEN) == 0) {
4267 wpa_sm_set_pmk_from_pmksa(sm);
4278 if (group != sm->owe_group) {
4285 if (!sm->owe_ecdh) {
4299 secret = crypto_ecdh_set_peerkey(sm->owe_ecdh, 0,
4311 pub = crypto_ecdh_get_pubkey(sm->owe_ecdh, 0);
4352 wpabuf_put_le16(hkey, sm->owe_group); /* group */
4373 os_strlen(info), sm->pmk, hash_len);
4376 os_strlen(info), sm->pmk, hash_len);
4379 os_strlen(info), sm->pmk, hash_len);
4383 sm->pmk_len = hash_len;
4385 wpa_hexdump_key(MSG_DEBUG, "OWE: PMK", sm->pmk, sm->pmk_len);
4387 pmksa_cache_add(sm->pmksa, sm->pmk, sm->pmk_len, pmkid, NULL, 0,
4388 bssid, sm->own_addr, sm->network_ctx, sm->key_mgmt,
4397 void wpa_sm_set_fils_cache_id(struct wpa_sm *sm, const u8 *fils_cache_id)
4400 if (sm && fils_cache_id) {
4401 sm->fils_cache_id_set = 1;
4402 os_memcpy(sm->fils_cache_id, fils_cache_id, FILS_CACHE_ID_LEN);
