34 	struct sta_info *sta = user_data;
37 	if (sta->sae->state != SAE_ACCEPTED) {
40 			   MAC2STR(sta->addr), sta->sae_auth_retry);
42 			MAC2STR(sta->addr));
43 		if (sta->sae_auth_retry < MESH_AUTH_RETRY) {
44 			mesh_rsn_auth_sae_sta(wpa_s, sta);
48 			if (sta->sae_auth_retry > MESH_AUTH_RETRY) {
49 				ap_free_sta(hapd, sta);
54 			wpa_mesh_set_plink_state(wpa_s, sta, PLINK_BLOCKED);
55 			sta->sae->state = SAE_NOTHING;
58 				MAC2STR(sta->addr),
61 		sta->sae_auth_retry++;
83 	struct sta_info *sta = ap_get_sta(hapd, addr);
92 	if (sta && sta->auth_alg == WLAN_AUTH_SAE) {
93 		if (!sta->sae || prev_psk)
95 		return sta->sae->pmk;
129 	struct sta_info *sta;
135 	sta = ap_get_sta(hapd, addr);
136 	if (sta)
137 		eloop_cancel_timeout(mesh_auth_timer, mesh_rsn->wpa_s, sta);
323 				     struct sta_info *sta)
335 	if (mesh_rsn_sae_group(wpa_s, sta->sae) < 0) {
340 	if (sta->sae->tmp && !sta->sae->tmp->pw_id && ssid->sae_password_id) {
341 		sta->sae->tmp->pw_id = os_strdup(ssid->sae_password_id);
342 		if (!sta->sae->tmp->pw_id)
345 	return sae_prepare_commit(wpa_s->own_addr, sta->addr,
348 				  sta->sae);
352 /* initiate new SAE authentication with sta */
354 			  struct sta_info *sta)
368 	if (!sta->sae) {
369 		sta->sae = os_zalloc(sizeof(*sta->sae));
370 		if (sta->sae == NULL)
374 	pmksa = wpa_auth_pmksa_get(hapd->wpa_auth, sta->addr, NULL);
376 		if (!sta->wpa_sm)
377 			sta->wpa_sm = wpa_auth_sta_init(hapd->wpa_auth,
378 							sta->addr, NULL);
379 		if (!sta->wpa_sm) {
388 			   MAC2STR(sta->addr));
389 		wpa_auth_pmksa_set_to_sm(pmksa, sta->wpa_sm, hapd->wpa_auth,
390 					 sta->sae->pmkid, sta->sae->pmk);
391 		sae_accept_sta(hapd, sta);
392 		sta->mesh_sae_pmksa_caching = 1;
395 	sta->mesh_sae_pmksa_caching = 0;
397 	if (mesh_rsn_build_sae_commit(wpa_s, ssid, sta))
402 		MAC2STR(sta->addr));
404 	ret = auth_sae_init_committed(hapd, sta);
408 	eloop_cancel_timeout(mesh_auth_timer, wpa_s, sta);
411 			       wpa_s, sta);
416 void mesh_rsn_get_pmkid(struct mesh_rsn *rsn, struct sta_info *sta, u8 *pmkid)
418 	os_memcpy(pmkid, sta->sae->pmkid, SAE_PMKID_LEN);
423 mesh_rsn_derive_aek(struct mesh_rsn *rsn, struct sta_info *sta)
426 	u8 *peer = sta->addr;
449 	sha256_prf(sta->sae->pmk, sizeof(sta->sae->pmk), "AEK Derivation",
450 		   context, sizeof(context), sta->aek, sizeof(sta->aek));
455 int mesh_rsn_derive_mtk(struct wpa_supplicant *wpa_s, struct sta_info *sta)
460 	u8 *peer = sta->addr;
470 	if (os_memcmp(sta->my_nonce, sta->peer_nonce, WPA_NONCE_LEN) < 0) {
471 		min = sta->my_nonce;
472 		max = sta->peer_nonce;
474 		min = sta->peer_nonce;
475 		max = sta->my_nonce;
482 	if (sta->my_lid < sta->peer_lid) {
483 		WPA_PUT_LE16(ptr, sta->my_lid);
485 		WPA_PUT_LE16(ptr, sta->peer_lid);
488 		WPA_PUT_LE16(ptr, sta->peer_lid);
490 		WPA_PUT_LE16(ptr, sta->my_lid);
509 	sta->mtk_len = wpa_cipher_key_len(wpa_s->mesh_rsn->pairwise_cipher);
510 	sha256_prf(sta->sae->pmk, SAE_PMK_LEN,
512 		   sta->mtk, sta->mtk_len);
517 void mesh_rsn_init_ampe_sta(struct wpa_supplicant *wpa_s, struct sta_info *sta)
519 	if (random_get_bytes(sta->my_nonce, WPA_NONCE_LEN) < 0) {
523 	os_memset(sta->peer_nonce, 0, WPA_NONCE_LEN);
524 	mesh_rsn_derive_aek(wpa_s->mesh_rsn, sta);
530  * @sta: STA we're sending to
534 int mesh_rsn_protect_frame(struct mesh_rsn *rsn, struct sta_info *sta,
540 	const u8 *aad[] = { rsn->wpa_s->own_addr, sta->addr, cat };
571 	os_memcpy(ampe->local_nonce, sta->my_nonce, WPA_NONCE_LEN);
572 	os_memcpy(ampe->peer_nonce, sta->peer_nonce, WPA_NONCE_LEN);
620 	if (aes_siv_encrypt(sta->aek, sizeof(sta->aek), ampe_ie, 2 + len, 3,
632 int mesh_rsn_process_ampe(struct wpa_supplicant *wpa_s, struct sta_info *sta,
644 	const u8 *aad[] = { sta->addr, wpa_s->own_addr, cat };
649 	if (!sta->sae) {
652 		if (!wpa_auth_pmksa_get(hapd->wpa_auth, sta->addr, NULL)) {
657 		mesh_rsn_auth_sae_sta(wpa_s, sta);
661 	    (!sta->sae ||
662 	     os_memcmp(chosen_pmk, sta->sae->pmkid, PMKID_LEN) != 0)) {
693 	if (aes_siv_decrypt(sta->aek, sizeof(sta->aek), crypt, crypt_len, 3,
719 	    os_memcmp(ampe->peer_nonce, sta->my_nonce, WPA_NONCE_LEN) != 0) {
724 	os_memcpy(sta->peer_nonce, ampe->local_nonce,
756 	sta->mgtk_key_id = 1; /* FIX: Where to get Key ID? */
763 	sta->mgtk_len = key_len;
764 	os_memcpy(sta->mgtk, pos, sta->mgtk_len);
766 			sta->mgtk, sta->mgtk_len);
767 	pos += sta->mgtk_len;
770 	os_memcpy(sta->mgtk_rsc, pos, sizeof(sta->mgtk_rsc));
784 		sta->igtk_key_id = WPA_GET_LE16(pos);
786 			   sta->igtk_key_id);
788 		os_memcpy(sta->igtk_rsc, pos, sizeof(sta->igtk_rsc));
790 			    sta->igtk_rsc, sizeof(sta->igtk_rsc));
792 		os_memcpy(sta->igtk, pos, key_len);
793 		sta->igtk_len = key_len;
795 				sta->igtk, sta->igtk_len);

Indexes created Sat May 18 11:27:04 MDT 2024