Lines Matching defs:wpa_auth
33 #include "wpa_auth.h"
54 static void wpa_group_sm_step(struct wpa_authenticator *wpa_auth,
57 static int wpa_gtk_update(struct wpa_authenticator *wpa_auth,
59 static int wpa_group_config_group_keys(struct wpa_authenticator *wpa_auth,
66 static void wpa_group_free(struct wpa_authenticator *wpa_auth,
68 static void wpa_group_get(struct wpa_authenticator *wpa_auth,
70 static void wpa_group_put(struct wpa_authenticator *wpa_auth,
74 static void wpa_group_update_gtk(struct wpa_authenticator *wpa_auth,
93 return sm->wpa_auth->mld_addr;
95 return sm->wpa_auth->addr;
115 if (!sm->wpa_auth)
118 sm->wpa_auth->group->GKeyDoneStations--;
123 sm->mld_links[link_id].wpa_auth->group->GKeyDoneStations--;
140 wpa_group_put(sm->mld_links[link_id].wpa_auth,
141 sm->mld_links[link_id].wpa_auth->group);
142 sm->mld_links[link_id].wpa_auth = NULL;
152 struct wpa_authenticator *wpa_auth;
155 static int wpa_get_link_sta_auth(struct wpa_authenticator *wpa_auth, void *data)
159 if (!wpa_auth->is_ml)
163 !ether_addr_equal(wpa_auth->mld_addr, ctx->mld_addr))
166 if ((ctx->addr && ether_addr_equal(wpa_auth->addr, ctx->addr)) ||
167 (ctx->link_id > -1 && wpa_auth->is_ml &&
168 wpa_auth->link_id == ctx->link_id)) {
169 ctx->wpa_auth = wpa_auth;
178 wpa_get_link_auth(struct wpa_authenticator *wpa_auth, int link_id)
183 ctx.mld_addr = wpa_auth->mld_addr;
185 ctx.wpa_auth = NULL;
186 wpa_auth_for_each_auth(wpa_auth, wpa_get_link_sta_auth, &ctx);
187 return ctx.wpa_auth;
191 static int wpa_get_primary_auth_cb(struct wpa_authenticator *wpa_auth,
196 if (!wpa_auth->is_ml ||
197 !ether_addr_equal(wpa_auth->mld_addr, ctx->addr) ||
198 !wpa_auth->primary_auth)
201 ctx->wpa_auth = wpa_auth;
209 wpa_get_primary_auth(struct wpa_authenticator *wpa_auth)
214 if (!wpa_auth || !wpa_auth->is_ml || wpa_auth->primary_auth)
215 return wpa_auth;
217 ctx.addr = wpa_auth->mld_addr;
218 ctx.wpa_auth = NULL;
219 wpa_auth_for_each_auth(wpa_auth, wpa_get_primary_auth_cb, &ctx);
221 return ctx.wpa_auth;
223 return wpa_auth;
229 struct wpa_authenticator *wpa_auth, const u8 *addr)
231 if (wpa_auth->cb->mic_failure_report)
232 return wpa_auth->cb->mic_failure_report(wpa_auth->cb_ctx, addr);
238 struct wpa_authenticator *wpa_auth, const u8 *addr)
240 if (wpa_auth->cb->psk_failure_report)
241 wpa_auth->cb->psk_failure_report(wpa_auth->cb_ctx, addr);
245 static inline void wpa_auth_set_eapol(struct wpa_authenticator *wpa_auth,
249 if (wpa_auth->cb->set_eapol)
250 wpa_auth->cb->set_eapol(wpa_auth->cb_ctx, addr, var, value);
254 static inline int wpa_auth_get_eapol(struct wpa_authenticator *wpa_auth,
257 if (!wpa_auth->cb->get_eapol)
259 return wpa_auth->cb->get_eapol(wpa_auth->cb_ctx, addr, var);
263 static inline const u8 * wpa_auth_get_psk(struct wpa_authenticator *wpa_auth,
269 if (!wpa_auth->cb->get_psk)
271 return wpa_auth->cb->get_psk(wpa_auth->cb_ctx, addr, p2p_dev_addr,
276 static inline int wpa_auth_get_msk(struct wpa_authenticator *wpa_auth,
279 if (!wpa_auth->cb->get_msk)
281 return wpa_auth->cb->get_msk(wpa_auth->cb_ctx, addr, msk, len);
285 static inline int wpa_auth_set_key(struct wpa_authenticator *wpa_auth,
291 if (!wpa_auth->cb->set_key)
293 return wpa_auth->cb->set_key(wpa_auth->cb_ctx, vlan_id, alg, addr, idx,
299 static inline int wpa_auth_set_ltf_keyseed(struct wpa_authenticator *wpa_auth,
304 if (!wpa_auth->cb->set_ltf_keyseed)
306 return wpa_auth->cb->set_ltf_keyseed(wpa_auth->cb_ctx, peer_addr,
312 static inline int wpa_auth_get_seqnum(struct wpa_authenticator *wpa_auth,
317 if (!wpa_auth->cb->get_seqnum)
322 res = wpa_auth->cb->get_seqnum(wpa_auth->cb_ctx, addr, idx, seq);
324 if (!addr && idx < 4 && wpa_auth->conf.gtk_rsc_override_set) {
329 WPA_GET_LE64(wpa_auth->conf.gtk_rsc_override));
330 os_memcpy(seq, wpa_auth->conf.gtk_rsc_override,
334 wpa_auth->conf.igtk_rsc_override_set) {
339 WPA_GET_LE64(wpa_auth->conf.igtk_rsc_override));
340 os_memcpy(seq, wpa_auth->conf.igtk_rsc_override,
349 wpa_auth_send_eapol(struct wpa_authenticator *wpa_auth, const u8 *addr,
352 if (!wpa_auth->cb->send_eapol)
354 return wpa_auth->cb->send_eapol(wpa_auth->cb_ctx, addr, data, data_len,
360 static inline int wpa_auth_start_ampe(struct wpa_authenticator *wpa_auth,
363 if (!wpa_auth->cb->start_ampe)
365 return wpa_auth->cb->start_ampe(wpa_auth->cb_ctx, addr);
370 int wpa_auth_for_each_sta(struct wpa_authenticator *wpa_auth,
374 if (!wpa_auth->cb->for_each_sta)
376 return wpa_auth->cb->for_each_sta(wpa_auth->cb_ctx, cb, cb_ctx);
380 int wpa_auth_for_each_auth(struct wpa_authenticator *wpa_auth,
384 if (!wpa_auth->cb->for_each_auth)
386 return wpa_auth->cb->for_each_auth(wpa_auth->cb_ctx, cb, cb_ctx);
390 void wpa_auth_store_ptksa(struct wpa_authenticator *wpa_auth,
394 if (wpa_auth->cb->store_ptksa)
395 wpa_auth->cb->store_ptksa(wpa_auth->cb_ctx, addr, cipher,
400 static void wpa_auth_remove_ptksa(struct wpa_authenticator *wpa_auth,
403 if (wpa_auth->cb->clear_ptksa)
404 wpa_auth->cb->clear_ptksa(wpa_auth->cb_ctx, addr, cipher);
408 void wpa_auth_logger(struct wpa_authenticator *wpa_auth, const u8 *addr,
411 if (!wpa_auth->cb->logger)
413 wpa_auth->cb->logger(wpa_auth->cb_ctx, addr, level, txt);
417 void wpa_auth_vlogger(struct wpa_authenticator *wpa_auth, const u8 *addr,
424 if (!wpa_auth->cb->logger)
436 wpa_auth_logger(wpa_auth, addr, level, format);
442 static void wpa_sta_disconnect(struct wpa_authenticator *wpa_auth,
445 if (!wpa_auth->cb->disconnect)
449 wpa_auth->cb->disconnect(wpa_auth->cb_ctx, addr, reason);
454 static int wpa_channel_info(struct wpa_authenticator *wpa_auth,
457 if (!wpa_auth->cb->channel_info)
459 return wpa_auth->cb->channel_info(wpa_auth->cb_ctx, ci);
464 static int wpa_auth_update_vlan(struct wpa_authenticator *wpa_auth,
467 if (!wpa_auth->cb->update_vlan)
469 return wpa_auth->cb->update_vlan(wpa_auth->cb_ctx, addr, vlan_id);
475 struct wpa_authenticator *wpa_auth = eloop_ctx;
477 if (random_get_bytes(wpa_auth->group->GMK, WPA_GMK_LEN)) {
481 wpa_auth_logger(wpa_auth, NULL, LOGGER_DEBUG, "GMK rekeyd");
483 wpa_auth->group->GMK, WPA_GMK_LEN);
486 if (wpa_auth->conf.wpa_gmk_rekey) {
487 eloop_register_timeout(wpa_auth->conf.wpa_gmk_rekey, 0,
488 wpa_rekey_gmk, wpa_auth, NULL);
493 static void wpa_rekey_all_groups(struct wpa_authenticator *wpa_auth)
497 wpa_auth_logger(wpa_auth, NULL, LOGGER_DEBUG, "rekeying GTK");
498 group = wpa_auth->group;
502 MAC2STR(wpa_auth->addr), group->vlan_id);
503 wpa_group_get(wpa_auth, group);
508 wpa_group_sm_step(wpa_auth, group);
512 wpa_group_put(wpa_auth, group);
520 static void wpa_update_all_gtks(struct wpa_authenticator *wpa_auth)
524 group = wpa_auth->group;
526 wpa_group_get(wpa_auth, group);
528 wpa_group_update_gtk(wpa_auth, group);
530 wpa_group_put(wpa_auth, group);
536 static int wpa_update_all_gtks_cb(struct wpa_authenticator *wpa_auth, void *ctx)
540 if (!ether_addr_equal(wpa_auth->mld_addr, mld_addr))
543 wpa_update_all_gtks(wpa_auth);
548 static int wpa_rekey_all_groups_cb(struct wpa_authenticator *wpa_auth,
553 if (!ether_addr_equal(wpa_auth->mld_addr, mld_addr))
556 wpa_rekey_all_groups(wpa_auth);
565 struct wpa_authenticator *wpa_auth = eloop_ctx;
568 if (wpa_auth->is_ml) {
572 if (!wpa_auth->primary_auth) {
579 wpa_auth_for_each_auth(wpa_auth, wpa_update_all_gtks_cb,
580 wpa_auth->mld_addr);
584 wpa_auth_for_each_auth(wpa_auth, wpa_rekey_all_groups_cb,
585 wpa_auth->mld_addr);
587 wpa_rekey_all_groups(wpa_auth);
590 wpa_rekey_all_groups(wpa_auth);
593 if (wpa_auth->conf.wpa_group_rekey) {
594 eloop_register_timeout(wpa_auth->conf.wpa_group_rekey,
595 0, wpa_rekey_gtk, wpa_auth, NULL);
602 struct wpa_authenticator *wpa_auth = eloop_ctx;
605 wpa_auth_logger(wpa_auth, wpa_auth_get_spa(sm), LOGGER_DEBUG,
614 if (sm && sm->wpa_auth->conf.wpa_ptk_rekey) {
618 sm->wpa_auth->conf.wpa_ptk_rekey);
619 eloop_cancel_timeout(wpa_rekey_ptk, sm->wpa_auth, sm);
620 eloop_register_timeout(sm->wpa_auth->conf.wpa_ptk_rekey, 0,
621 wpa_rekey_ptk, sm->wpa_auth, sm);
637 struct wpa_authenticator *wpa_auth = ctx;
638 wpa_auth_for_each_sta(wpa_auth, wpa_auth_pmksa_clear_cb, entry);
642 static int wpa_group_init_gmk_and_counter(struct wpa_authenticator *wpa_auth,
657 os_memcpy(buf, wpa_auth->addr, ETH_ALEN);
678 static struct wpa_group * wpa_group_init(struct wpa_authenticator *wpa_auth,
689 group->GTK_len = wpa_cipher_key_len(wpa_auth->conf.wpa_group);
702 if (wpa_group_init_gmk_and_counter(wpa_auth, group) < 0) {
715 wpa_group_sm_step(wpa_auth, group);
717 wpa_group_sm_step(wpa_auth, group);
736 struct wpa_authenticator *wpa_auth;
738 wpa_auth = os_zalloc(sizeof(struct wpa_authenticator));
739 if (!wpa_auth)
742 os_memcpy(wpa_auth->addr, addr, ETH_ALEN);
743 os_memcpy(&wpa_auth->conf, conf, sizeof(*conf));
747 wpa_auth->is_ml = true;
748 wpa_auth->link_id = conf->link_id;
749 wpa_auth->primary_auth = !conf->first_link_auth;
750 os_memcpy(wpa_auth->mld_addr, conf->mld_addr, ETH_ALEN);
754 wpa_auth->cb = cb;
755 wpa_auth->cb_ctx = cb_ctx;
757 if (wpa_auth_gen_wpa_ie(wpa_auth)) {
759 os_free(wpa_auth);
763 wpa_auth->group = wpa_group_init(wpa_auth, 0, 1);
764 if (!wpa_auth->group) {
765 os_free(wpa_auth->wpa_ie);
766 os_free(wpa_auth);
770 wpa_auth->pmksa = pmksa_cache_auth_init(wpa_auth_pmksa_free_cb,
771 wpa_auth);
772 if (!wpa_auth->pmksa) {
774 os_free(wpa_auth->group);
775 os_free(wpa_auth->wpa_ie);
776 os_free(wpa_auth);
781 wpa_auth->ft_pmk_cache = wpa_ft_pmk_cache_init();
782 if (!wpa_auth->ft_pmk_cache) {
784 os_free(wpa_auth->group);
785 os_free(wpa_auth->wpa_ie);
786 pmksa_cache_auth_deinit(wpa_auth->pmksa);
787 os_free(wpa_auth);
792 if (wpa_auth->conf.wpa_gmk_rekey) {
793 eloop_register_timeout(wpa_auth->conf.wpa_gmk_rekey, 0,
794 wpa_rekey_gmk, wpa_auth, NULL);
801 if ((!wpa_auth->is_ml || !conf->first_link_auth) &&
802 wpa_auth->conf.wpa_group_rekey) {
804 if (wpa_auth->conf.wpa_group_rekey) {
806 eloop_register_timeout(wpa_auth->conf.wpa_group_rekey, 0,
807 wpa_rekey_gtk, wpa_auth, NULL);
817 wpa_auth->ip_pool = bitfield_alloc(count);
830 return wpa_auth;
834 int wpa_init_keys(struct wpa_authenticator *wpa_auth)
836 struct wpa_group *group = wpa_auth->group;
840 wpa_group_sm_step(wpa_auth, group);
842 wpa_group_sm_step(wpa_auth, group);
862 * @wpa_auth: Pointer to WPA authenticator data from wpa_init()
864 void wpa_deinit(struct wpa_authenticator *wpa_auth)
868 eloop_cancel_timeout(wpa_rekey_gmk, wpa_auth, NULL);
872 eloop_cancel_timeout(wpa_rekey_gtk, wpa_auth, NULL);
874 pmksa_cache_auth_deinit(wpa_auth->pmksa);
877 wpa_ft_pmk_cache_deinit(wpa_auth->ft_pmk_cache);
878 wpa_auth->ft_pmk_cache = NULL;
879 wpa_ft_deinit(wpa_auth);
883 bitfield_free(wpa_auth->ip_pool);
887 os_free(wpa_auth->wpa_ie);
889 group = wpa_auth->group;
896 wpa_auth_free_conf(&wpa_auth->conf);
897 os_free(wpa_auth);
903 * @wpa_auth: Pointer to WPA authenticator data from wpa_init()
906 int wpa_reconfig(struct wpa_authenticator *wpa_auth,
911 if (!wpa_auth)
914 wpa_auth_free_conf(&wpa_auth->conf);
915 os_memcpy(&wpa_auth->conf, conf, sizeof(*conf));
916 if (wpa_auth_gen_wpa_ie(wpa_auth)) {
925 group = wpa_auth->group;
926 group->GTK_len = wpa_cipher_key_len(wpa_auth->conf.wpa_group);
928 wpa_group_sm_step(wpa_auth, group);
930 wpa_group_sm_step(wpa_auth, group);
937 wpa_auth_sta_init(struct wpa_authenticator *wpa_auth, const u8 *addr,
942 if (wpa_auth->group->wpa_group_state == WPA_GROUP_FATAL_FAILURE)
952 sm->wpa_auth = wpa_auth;
953 sm->group = wpa_auth->group;
954 wpa_group_get(sm->wpa_auth, sm->group);
963 int wpa_auth_sta_associated(struct wpa_authenticator *wpa_auth,
966 if (!wpa_auth || !wpa_auth->conf.wpa || !sm)
971 wpa_auth_logger(wpa_auth, wpa_auth_get_spa(sm), LOGGER_DEBUG,
982 wpa_auth_logger(wpa_auth, wpa_auth_get_spa(sm), LOGGER_DEBUG,
997 wpa_auth_logger(wpa_auth, wpa_auth_get_spa(sm), LOGGER_DEBUG,
1037 bitfield_clear(sm->wpa_auth->ip_pool, sm->ip_addr_bit);
1051 wpa_group_put(sm->mld_links[link_id].wpa_auth,
1052 sm->mld_links[link_id].wpa_auth->group);
1053 sm->mld_links[link_id].wpa_auth = NULL;
1056 wpa_group_put(sm->wpa_auth, sm->group);
1066 struct wpa_authenticator *wpa_auth;
1071 wpa_auth = sm->wpa_auth;
1072 if (wpa_auth->conf.wpa_strict_rekey && sm->has_GTK) {
1073 struct wpa_authenticator *primary_auth = wpa_auth;
1075 wpa_auth_logger(wpa_auth, wpa_auth_get_spa(sm), LOGGER_DEBUG,
1079 if (wpa_auth->is_ml && !wpa_auth->primary_auth)
1080 primary_auth = wpa_get_primary_auth(wpa_auth);
1089 eloop_cancel_timeout(wpa_send_eapol_timeout, wpa_auth, sm);
1092 eloop_cancel_timeout(wpa_rekey_ptk, wpa_auth, sm);
1113 if (!sm->use_ext_key_id && sm->wpa_auth->conf.wpa_deny_ptk0_rekey) {
1160 static int ft_check_msg_2_of_4(struct wpa_authenticator *wpa_auth,
1218 wpa_auth_logger(sm->wpa_auth, wpa_auth_get_spa(sm),
1238 os_memcmp(wpa_auth->conf.mobility_domain, mdie->mobility_domain,
1261 static int wpa_receive_error_report(struct wpa_authenticator *wpa_auth,
1265 wpa_auth_vlogger(wpa_auth, wpa_auth_get_spa(sm), LOGGER_INFO,
1269 if (group && wpa_auth->conf.wpa_group != WPA_CIPHER_TKIP) {
1270 wpa_auth_logger(wpa_auth, wpa_auth_get_spa(sm), LOGGER_INFO,
1273 wpa_auth_logger(wpa_auth, wpa_auth_get_spa(sm), LOGGER_INFO,
1276 if (wpa_auth_mic_failure_report(wpa_auth,
1280 wpa_auth->dot11RSNAStatsTKIPRemoteMICFailures++;
1309 pmk = wpa_auth_get_psk(sm->wpa_auth, sm->addr,
1356 wpa_auth_update_vlan(sm->wpa_auth, sm->addr, vlan_id) < 0)
1380 static bool wpa_auth_gtk_rekey_in_process(struct wpa_authenticator *wpa_auth)
1384 for (group = wpa_auth->group; group; group = group->next) {
1394 static bool wpa_auth_valid_key_desc_ver(struct wpa_authenticator *wpa_auth,
1407 wpa_auth_logger(wpa_auth, wpa_auth_get_spa(sm),
1417 wpa_auth_logger(wpa_auth, wpa_auth_get_spa(sm),
1425 wpa_auth_logger(wpa_auth, wpa_auth_get_spa(sm),
1435 static bool wpa_auth_valid_request_counter(struct wpa_authenticator *wpa_auth,
1443 wpa_auth_logger(wpa_auth, wpa_auth_get_spa(sm),
1453 static bool wpa_auth_valid_counter(struct wpa_authenticator *wpa_auth,
1462 return wpa_auth_valid_request_counter(wpa_auth, sm,
1480 wpa_auth_vlogger(wpa_auth, wpa_auth_get_spa(sm),
1501 wpa_auth_vlogger(wpa_auth, wpa_auth_get_spa(sm),
1511 wpa_auth_vlogger(wpa_auth, wpa_auth_get_spa(sm),
1516 wpa_auth_vlogger(wpa_auth, wpa_auth_get_spa(sm),
1534 void wpa_receive(struct wpa_authenticator *wpa_auth,
1549 if (!wpa_auth || !wpa_auth->conf.wpa || !sm)
1622 if (!wpa_auth_valid_key_desc_ver(wpa_auth, sm, ver))
1667 if (!wpa_auth_valid_counter(wpa_auth, sm, key, msg, msgtxt))
1673 wpa_auth_vlogger(wpa_auth, wpa_auth_get_spa(sm), LOGGER_DEBUG,
1685 wpa_auth_vlogger(wpa_auth, wpa_auth_get_spa(sm),
1705 wpa_sta_disconnect(wpa_auth, sm->addr,
1713 wpa_auth_vlogger(wpa_auth, wpa_auth_get_spa(sm),
1723 wpa_auth_vlogger(wpa_auth, wpa_auth_get_spa(sm),
1735 wpa_auth_vlogger(wpa_auth, wpa_auth_get_spa(sm),
1744 wpa_auth_vlogger(wpa_auth, wpa_auth_get_spa(sm), LOGGER_DEBUG,
1748 wpa_auth_logger(wpa_auth, wpa_auth_get_spa(sm), LOGGER_INFO,
1755 wpa_auth_logger(wpa_auth, wpa_auth_get_spa(sm), LOGGER_INFO,
1763 wpa_auth_logger(wpa_auth, wpa_auth_get_spa(sm), LOGGER_INFO,
1776 wpa_auth_logger(wpa_auth, wpa_auth_get_spa(sm),
1790 wpa_auth_logger(wpa_auth, wpa_auth_get_spa(sm),
1805 eloop_cancel_timeout(wpa_send_eapol_timeout, wpa_auth, sm);
1811 wpa_auth_logger(wpa_auth, wpa_auth_get_spa(sm),
1821 wpa_auth_logger(wpa_auth, wpa_auth_get_spa(sm),
1829 wpa_auth, sm,
1833 wpa_auth_logger(wpa_auth, wpa_auth_get_spa(sm),
1838 wpa_auth_logger(wpa_auth, wpa_auth_get_spa(sm),
1843 wpa_get_primary_auth(wpa_auth),
1845 if (wpa_auth_gtk_rekey_in_process(wpa_auth))
1846 wpa_auth_logger(wpa_auth, NULL, LOGGER_DEBUG,
1849 wpa_rekey_gtk(wpa_get_primary_auth(wpa_auth),
1947 struct wpa_authenticator *wpa_auth = eloop_ctx;
1951 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG,
1957 wpa_auth_logger(wpa_auth, wpa_auth_get_spa(sm), LOGGER_DEBUG,
1964 void __wpa_send_eapol(struct wpa_authenticator *wpa_auth,
1970 struct wpa_auth_config *conf = &wpa_auth->conf;
2150 wpa_auth_logger(wpa_auth, wpa_auth_get_spa(sm),
2167 wpa_auth_logger(wpa_auth, wpa_auth_get_spa(sm),
2175 wpa_auth_set_eapol(wpa_auth, sm->addr, WPA_EAPOL_inc_EapolFramesTx, 1);
2177 wpa_auth_send_eapol(wpa_auth, sm->addr, (u8 *) hdr, len,
2183 static int wpa_auth_get_sta_count(struct wpa_authenticator *wpa_auth)
2185 if (!wpa_auth->cb->get_sta_count)
2188 return wpa_auth->cb->get_sta_count(wpa_auth->cb_ctx);
2192 static void wpa_send_eapol(struct wpa_authenticator *wpa_auth,
2211 if (wpa_auth->conf.delay_eapol_tx &&
2212 ctr != wpa_auth->conf.wpa_pairwise_update_count) {
2213 wpa_msg(sm->wpa_auth->conf.msg_ctx, MSG_INFO,
2218 __wpa_send_eapol(wpa_auth, sm, key_info, key_rsc, nonce, kde, kde_len,
2224 if (ctr == 1 && wpa_auth->conf.tx_status) {
2227 else if (wpa_auth_get_sta_count(wpa_auth) > 100)
2234 if (wpa_auth->conf.wpa_disable_eapol_key_retries &&
2246 wpa_send_eapol_timeout, wpa_auth, sm);
2284 wpa_auth_remove_ptksa(sm->wpa_auth, sm->addr, sm->pairwise);
2286 if (wpa_auth_set_key(sm->wpa_auth, 0, WPA_ALG_NONE, sm->addr, 0, NULL,
2291 wpa_auth_set_key(sm->wpa_auth, 0, WPA_ALG_NONE, sm->addr, 1, NULL,
2296 eloop_cancel_timeout(wpa_rekey_ptk, sm->wpa_auth, sm);
2307 wpa_auth_vlogger(sm->wpa_auth, wpa_auth_get_spa(sm), LOGGER_DEBUG,
2314 if (wpa_auth_start_ampe(sm->wpa_auth, sm->addr)) {
2364 sm->wpa_auth->conf.wpa_deny_ptk0_rekey) {
2466 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portEnabled, 0);
2468 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portValid, 0);
2473 wpa_auth_set_eapol(sm->wpa_auth, sm->addr,
2488 wpa_sta_disconnect(sm->wpa_auth, sm->addr, reason);
2504 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portControl_Auto,
2506 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portEnabled, 1);
2511 static void wpa_group_ensure_init(struct wpa_authenticator *wpa_auth,
2534 if (wpa_group_init_gmk_and_counter(wpa_auth, group) < 0 ||
2535 wpa_gtk_update(wpa_auth, group) < 0 ||
2536 wpa_group_config_group_keys(wpa_auth, group) < 0) {
2548 wpa_group_ensure_init(sm->wpa_auth, sm->group);
2612 } else if (wpa_auth_get_msk(sm->wpa_auth, wpa_auth_get_spa(sm),
2645 sm->wpa_auth->cb->get_msk);
2660 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_keyRun, false);
2670 psk = wpa_auth_get_psk(sm->wpa_auth, sm->addr, sm->p2p_dev_addr, NULL,
2710 struct wpa_auth_config *conf = &sm->wpa_auth->conf;
2720 if (sm->TimeoutCtr > sm->wpa_auth->conf.wpa_pairwise_update_count) {
2739 wpa_auth_logger(sm->wpa_auth, wpa_auth_get_spa(sm), LOGGER_DEBUG,
2837 sm->wpa_auth->mld_addr, ETH_ALEN, NULL, 0);
2853 wpa_send_eapol(sm->wpa_auth, sm, key_info, NULL,
2870 if (sm->wpa_auth->conf.force_kdk_derivation ||
2871 (!no_kdk && sm->wpa_auth->conf.secure_ltf &&
2900 if (!no_kdk && sm->wpa_auth->conf.secure_ltf &&
2936 if (!no_kdk && sm->wpa_auth->conf.secure_ltf &&
2962 if (sm->wpa_auth->conf.force_kdk_derivation ||
2963 (sm->wpa_auth->conf.secure_ltf &&
2979 if (sm->wpa_auth->conf.secure_ltf &&
2995 struct wpa_authenticator *wpa_auth = sm->wpa_auth;
2996 struct wpa_auth_config *conf = &wpa_auth->conf;
3061 wpa_auth_logger(sm->wpa_auth, wpa_auth_get_spa(sm), LOGGER_INFO,
3077 wpa_auth_logger(sm->wpa_auth, wpa_auth_get_spa(sm), LOGGER_INFO,
3372 struct wpa_auth_config *conf = &sm->wpa_auth->conf;
3401 wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN,
3443 if (wpa_channel_info(sm->wpa_auth, &ci) != 0) {
3489 if (wpa_auth_set_key(sm->wpa_auth, 0, alg, sm->addr, 0,
3496 if (sm->wpa_auth->conf.secure_ltf &&
3498 wpa_auth_set_ltf_keyseed(sm->wpa_auth, sm->addr,
3510 wpa_auth_store_ptksa(sm->wpa_auth, sm->addr, sm->pairwise,
3553 struct wpa_authenticator *wpa_auth = sm->wpa_auth;
3555 if (!wpa_auth->cb->get_sta_tx_params)
3557 return wpa_auth->cb->get_sta_tx_params(wpa_auth->cb_ctx, sm->addr,
3628 struct wpa_authenticator *wpa_auth = sm->wpa_auth;
3641 int owe_ptk_workaround = !!wpa_auth->conf.owe_ptk_workaround;
3656 derive_kdk = sm->wpa_auth->conf.secure_ltf &&
3665 pmk = wpa_auth_get_psk(sm->wpa_auth, sm->addr,
3730 if (!sm->wpa_auth->conf.force_kdk_derivation &&
3752 wpa_auth->conf.radius_psk && wpa_auth->cb->request_radius_psk &&
3755 wpa_auth->cb->request_radius_psk(wpa_auth->cb_ctx, sm->addr,
3765 wpa_auth_logger(sm->wpa_auth, wpa_auth_get_spa(sm),
3769 wpa_auth_psk_failure_report(sm->wpa_auth, sm->addr);
3821 wpa_auth_vlogger(wpa_auth, wpa_auth_get_spa(sm), LOGGER_INFO,
3839 wpa_auth_logger(wpa_auth, wpa_auth_get_spa(sm), LOGGER_INFO,
3848 wpa_sta_disconnect(wpa_auth, sm->addr,
3857 wpa_auth_logger(wpa_auth, wpa_auth_get_spa(sm), LOGGER_INFO,
3864 wpa_sta_disconnect(wpa_auth, sm->addr,
3875 if (wpa_channel_info(wpa_auth, &ci) != 0) {
3876 wpa_auth_logger(wpa_auth, wpa_auth_get_spa(sm),
3892 wpa_auth_vlogger(wpa_auth, wpa_auth_get_spa(sm),
3897 wpa_auth_vlogger(wpa_auth, wpa_auth_get_spa(sm),
3900 if (wpa_auth->conf.msg_ctx)
3901 wpa_msg(wpa_auth->conf.msg_ctx, MSG_INFO,
3911 if (ft && ft_check_msg_2_of_4(wpa_auth, sm, &kde) < 0) {
3912 wpa_sta_disconnect(wpa_auth, sm->addr,
3919 wpa_auth->ip_pool && WPA_GET_BE32(sm->ip_addr) == 0) {
3923 idx = bitfield_get_first_zero(wpa_auth->ip_pool);
3925 u32 start = WPA_GET_BE32(wpa_auth->conf.ip_addr_start);
3926 bitfield_set(wpa_auth->ip_pool, idx);
3946 wpa_auth->conf.dpp_pfs != 2 &&
3951 wpa_sta_disconnect(wpa_auth, sm->addr,
3959 wpa_sta_disconnect(wpa_auth, sm->addr,
3965 wpa_auth_update_vlan(wpa_auth, sm->addr, vlan_id) < 0) {
3966 wpa_sta_disconnect(wpa_auth, sm->addr,
3972 eloop_cancel_timeout(wpa_send_eapol_timeout, sm->wpa_auth, sm);
4012 struct wpa_authenticator *wpa_auth = sm->wpa_auth;
4016 len += wpa_cipher_key_len(wpa_auth->conf.group_mgmt_cipher);
4019 if (wpa_auth->conf.tx_bss_auth)
4020 wpa_auth = wpa_auth->conf.tx_bss_auth;
4021 if (sm->mgmt_frame_prot && sm->wpa_auth->conf.beacon_prot) {
4023 len += wpa_cipher_key_len(wpa_auth->conf.group_mgmt_cipher);
4036 struct wpa_authenticator *wpa_auth = sm->wpa_auth;
4037 struct wpa_auth_config *conf = &wpa_auth->conf;
4051 wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN_igtk, rsc) < 0)
4069 if (wpa_auth->conf.tx_bss_auth) {
4070 wpa_auth = wpa_auth->conf.tx_bss_auth;
4071 conf = &wpa_auth->conf;
4073 gsm = wpa_auth->group;
4076 if (!sm->wpa_auth->conf.beacon_prot)
4082 wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN_bigtk, rsc) < 0)
4123 if (wpa_channel_info(sm->wpa_auth, &ci) != 0) {
4228 static void wpa_auth_get_ml_key_info(struct wpa_authenticator *wpa_auth,
4231 if (!wpa_auth->cb->get_ml_key_info)
4234 wpa_auth->cb->get_ml_key_info(wpa_auth->cb_ctx, info);
4240 struct wpa_authenticator *wpa_auth;
4251 wpa_auth = sm->mld_links[link_id].wpa_auth;
4252 if (!wpa_auth || !wpa_auth->group)
4258 kde_len += wpa_auth->group->GTK_len;
4263 if (wpa_auth->conf.tx_bss_auth)
4264 wpa_auth = wpa_auth->conf.tx_bss_auth;
4269 kde_len += wpa_cipher_key_len(wpa_auth->conf.group_mgmt_cipher);
4271 if (!wpa_auth->conf.beacon_prot)
4277 kde_len += wpa_cipher_key_len(wpa_auth->conf.group_mgmt_cipher);
4301 ml_key_info.beacon_prot = sm->wpa_auth->conf.beacon_prot;
4310 wpa_auth_get_ml_key_info(sm->wpa_auth, &ml_key_info);
4385 if (!sm->wpa_auth->conf.beacon_prot) {
4451 struct wpa_authenticator *wpa_auth;
4454 wpa_auth = wpa_get_link_auth(sm->wpa_auth, link_id);
4455 if (!wpa_auth)
4459 ie = get_ie(wpa_auth->wpa_ie, wpa_auth->wpa_ie_len,
4463 ie = get_ie(wpa_auth->wpa_ie, wpa_auth->wpa_ie_len,
4487 sm->wpa_auth->mld_addr, ETH_ALEN, NULL, 0);
4490 struct wpa_authenticator *wpa_auth;
4494 wpa_auth = wpa_get_link_auth(sm->wpa_auth, link_id);
4495 if (!wpa_auth)
4498 rsne = get_ie(wpa_auth->wpa_ie, wpa_auth->wpa_ie_len,
4502 rsnxe = get_ie(wpa_auth->wpa_ie, wpa_auth->wpa_ie_len,
4526 os_memcpy(pos, wpa_auth->addr, ETH_ALEN);
4557 struct wpa_auth_config *conf = &sm->wpa_auth->conf;
4582 wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN, rsc);
4583 /* If FT is used, wpa_auth->wpa_ie includes both RSNIE and MDIE */
4584 wpa_ie = sm->wpa_auth->wpa_ie;
4585 wpa_ie_len = sm->wpa_auth->wpa_ie_len;
4616 wpa_auth_logger(sm->wpa_auth, wpa_auth_get_spa(sm), LOGGER_DEBUG,
4620 wpa_auth_set_key(sm->wpa_auth, 0,
4626 wpa_sta_disconnect(sm->wpa_auth, sm->addr,
4632 if (sm->wpa_auth->conf.secure_ltf &&
4635 wpa_auth_set_ltf_keyseed(sm->wpa_auth, sm->addr,
4640 wpa_sta_disconnect(sm->wpa_auth, sm->addr,
4679 wpa_auth_logger(sm->wpa_auth, wpa_auth_get_spa(sm),
4854 wpa_send_eapol(sm->wpa_auth, sm,
4897 wpa_auth_vlogger(sm->wpa_auth, wpa_auth_get_spa(sm),
4925 wpa_sta_disconnect(sm->wpa_auth, sm->addr,
4936 res = wpa_auth_set_key(sm->wpa_auth, 0, 0, sm->addr,
4940 res = wpa_auth_set_key(sm->wpa_auth, 0, alg, sm->addr,
4944 wpa_sta_disconnect(sm->wpa_auth, sm->addr,
4950 if (sm->wpa_auth->conf.secure_ltf &&
4953 wpa_auth_set_ltf_keyseed(sm->wpa_auth, sm->addr,
4958 wpa_sta_disconnect(sm->wpa_auth, sm->addr,
4968 wpa_auth_store_ptksa(sm->wpa_auth, sm->addr, sm->pairwise,
4974 wpa_auth_set_eapol(sm->wpa_auth, sm->addr,
4982 wpa_auth_set_eapol(sm->wpa_auth, sm->addr,
4986 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portValid,
4989 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_keyAvailable,
4991 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_keyDone, true);
4996 wpa_auth_vlogger(sm->wpa_auth, wpa_auth_get_spa(sm), LOGGER_INFO,
4999 wpa_msg(sm->wpa_auth->conf.msg_ctx, MSG_INFO, "EAPOL-4WAY-HS-COMPLETED "
5003 wpa_ft_push_pmk_r1(sm->wpa_auth, wpa_auth_get_spa(sm));
5012 struct wpa_authenticator *wpa_auth = sm->wpa_auth;
5013 struct wpa_auth_config *conf = &wpa_auth->conf;
5019 wpa_auth_logger(wpa_auth, wpa_auth_get_spa(sm), LOGGER_DEBUG,
5048 wpa_auth_get_eapol(wpa_auth, sm->addr,
5059 if (wpa_auth_get_eapol(wpa_auth, sm->addr,
5067 wpa_auth->dot11RSNA4WayHandshakeFailures++;
5068 wpa_auth_logger(wpa_auth, wpa_auth_get_spa(sm),
5075 if (wpa_auth_get_psk(wpa_auth, sm->addr, sm->p2p_dev_addr,
5083 wpa_auth->conf.radius_psk) {
5088 wpa_auth_logger(wpa_auth, wpa_auth_get_spa(sm),
5091 wpa_auth->dot11RSNA4WayHandshakeFailures++;
5100 wpa_auth->dot11RSNA4WayHandshakeFailures++;
5101 wpa_auth_vlogger(wpa_auth, wpa_auth_get_spa(sm),
5133 wpa_auth->dot11RSNA4WayHandshakeFailures++;
5134 wpa_auth_vlogger(wpa_auth, wpa_auth_get_spa(sm),
5170 struct wpa_auth_config *conf = &sm->wpa_auth->conf;
5196 wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN, rsc);
5197 wpa_auth_logger(sm->wpa_auth, wpa_auth_get_spa(sm), LOGGER_DEBUG,
5248 wpa_send_eapol(sm->wpa_auth, sm,
5262 struct wpa_authenticator *wpa_auth = sm->wpa_auth;
5292 wpa_auth_vlogger(wpa_auth, wpa_auth_get_spa(sm), LOGGER_INFO,
5302 if (wpa_channel_info(wpa_auth, &ci) != 0) {
5303 wpa_auth_logger(wpa_auth, wpa_auth_get_spa(sm),
5318 wpa_auth_vlogger(wpa_auth, wpa_auth_get_spa(sm),
5321 if (wpa_auth->conf.msg_ctx)
5322 wpa_msg(wpa_auth->conf.msg_ctx, MSG_INFO,
5336 wpa_auth_vlogger(wpa_auth, wpa_auth_get_spa(sm), LOGGER_INFO,
5348 if (sm->wpa_auth->conf.no_disconnect_on_group_keyerror &&
5350 wpa_auth_vlogger(sm->wpa_auth, wpa_auth_get_spa(sm),
5353 sm->wpa_auth->conf.wpa_group_update_count);
5358 wpa_auth_vlogger(sm->wpa_auth, wpa_auth_get_spa(sm), LOGGER_INFO,
5361 sm->wpa_auth->conf.wpa_group_update_count);
5381 sm->wpa_auth->conf.wpa_group_update_count ||
5382 (sm->wpa_auth->conf.wpa_disable_eapol_key_retries &&
5398 static int wpa_gtk_update(struct wpa_authenticator *wpa_auth,
5401 struct wpa_auth_config *conf = &wpa_auth->conf;
5408 wpa_auth->addr, group->GNonce,
5419 wpa_auth->addr, group->GNonce,
5426 if (!wpa_auth->non_tx_beacon_prot &&
5432 if (wpa_auth->conf.tx_bss_auth) {
5433 group = wpa_auth->conf.tx_bss_auth->group;
5443 wpa_auth->addr, group->GNonce,
5454 static void wpa_group_gtk_init(struct wpa_authenticator *wpa_auth,
5472 wpa_gtk_update(wpa_auth, group);
5482 wpa_auth_logger(sm->wpa_auth, wpa_auth_get_spa(sm),
5494 wpa_auth_logger(sm->wpa_auth, wpa_auth_get_spa(sm),
5531 struct wpa_auth_config *conf = &sm->wpa_auth->conf;
5546 if (wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN, pos) != 0)
5571 struct wpa_auth_config *conf = &sm->wpa_auth->conf;
5574 size_t len = wpa_cipher_key_len(sm->wpa_auth->conf.group_mgmt_cipher);
5584 if (wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN_igtk, pos) != 0)
5610 struct wpa_authenticator *wpa_auth = sm->wpa_auth;
5611 struct wpa_group *gsm = wpa_auth->group;
5613 size_t len = wpa_cipher_key_len(wpa_auth->conf.group_mgmt_cipher);
5623 if (wpa_auth_get_seqnum(wpa_auth, NULL, gsm->GN_bigtk, pos) != 0)
5649 static void wpa_group_update_gtk(struct wpa_authenticator *wpa_auth,
5666 wpa_gtk_update(wpa_auth, group);
5670 static void wpa_group_setkeys(struct wpa_authenticator *wpa_auth,
5681 if (wpa_auth->is_ml)
5685 wpa_group_update_gtk(wpa_auth, group);
5697 wpa_auth_for_each_sta(wpa_auth, wpa_group_update_sta, group);
5703 static int wpa_group_config_group_keys(struct wpa_authenticator *wpa_auth,
5706 struct wpa_auth_config *conf = &wpa_auth->conf;
5709 if (wpa_auth_set_key(wpa_auth, group->vlan_id,
5724 wpa_auth_set_key(wpa_auth, group->vlan_id, alg,
5732 if (wpa_auth->conf.tx_bss_auth) {
5733 wpa_auth = wpa_auth->conf.tx_bss_auth;
5734 group = wpa_auth->group;
5738 if (wpa_auth_set_key(wpa_auth, group->vlan_id, alg,
5764 static void wpa_group_fatal_failure(struct wpa_authenticator *wpa_auth,
5771 wpa_auth_for_each_sta(wpa_auth, wpa_group_disconnect_cb, group);
5775 static int wpa_group_setkeysdone(struct wpa_authenticator *wpa_auth,
5784 if (wpa_group_config_group_keys(wpa_auth, group) < 0) {
5785 wpa_group_fatal_failure(wpa_auth, group);
5793 static void wpa_group_sm_step(struct wpa_authenticator *wpa_auth,
5797 wpa_group_gtk_init(wpa_auth, group);
5802 wpa_group_setkeysdone(wpa_auth, group);
5805 wpa_group_setkeys(wpa_auth, group);
5808 wpa_group_setkeysdone(wpa_auth, group);
5810 wpa_group_setkeys(wpa_auth, group);
5822 sm->wpa_auth->group->changed = false;
5826 sm->mld_links[link_id].wpa_auth->group->changed = false;
5837 if (!sm || !sm->wpa_auth)
5839 wpa_group_sm_step(sm->wpa_auth, sm->wpa_auth->group);
5843 wpa_group_sm_step(sm->mld_links[link_id].wpa_auth,
5844 sm->mld_links[link_id].wpa_auth->group);
5857 if (!sm || !sm->wpa_auth)
5859 changed = sm->wpa_auth->group->changed;
5863 changed |= sm->mld_links[link_id].wpa_auth->group->changed;
5926 void wpa_gtk_rekey(struct wpa_authenticator *wpa_auth)
5931 if (!wpa_auth)
5934 group = wpa_auth->group;
5943 if (!wpa_auth->conf.tx_bss_auth) {
5948 wpa_gtk_update(wpa_auth, group);
5949 wpa_group_config_group_keys(wpa_auth, group);
5964 int wpa_get_mib(struct wpa_authenticator *wpa_auth, char *buf, size_t buflen)
5975 if (!wpa_auth)
5977 conf = &wpa_auth->conf;
5992 wpa_auth->dot11RSNAPMKIDUsed, PMKID_LEN);
6028 RSN_SUITE_ARG(wpa_auth->dot11RSNAAuthenticationSuiteSelected),
6029 RSN_SUITE_ARG(wpa_auth->dot11RSNAPairwiseCipherSelected),
6030 RSN_SUITE_ARG(wpa_auth->dot11RSNAGroupCipherSelected),
6032 RSN_SUITE_ARG(wpa_auth->dot11RSNAAuthenticationSuiteRequested),
6033 RSN_SUITE_ARG(wpa_auth->dot11RSNAPairwiseCipherRequested),
6034 RSN_SUITE_ARG(wpa_auth->dot11RSNAGroupCipherRequested),
6035 wpa_auth->dot11RSNATKIPCounterMeasuresInvoked,
6036 wpa_auth->dot11RSNA4WayHandshakeFailures);
6046 wpa_auth->group->wpa_group_state);
6113 void wpa_auth_countermeasures_start(struct wpa_authenticator *wpa_auth)
6115 if (wpa_auth)
6116 wpa_auth->dot11RSNATKIPCounterMeasuresInvoked++;
6205 const u8 * wpa_auth_get_wpa_ie(struct wpa_authenticator *wpa_auth, size_t *len)
6207 if (!wpa_auth)
6209 *len = wpa_auth->wpa_ie_len;
6210 return wpa_auth->wpa_ie;
6219 sm->wpa_auth->conf.disable_pmksa_caching)
6239 if (pmksa_cache_auth_add(sm->wpa_auth->pmksa, pmk, pmk_len, NULL,
6250 int wpa_auth_pmksa_add_preauth(struct wpa_authenticator *wpa_auth,
6255 if (!wpa_auth)
6259 if (pmksa_cache_auth_add(wpa_auth->pmksa, pmk, len, NULL,
6261 wpa_auth->addr,
6270 int wpa_auth_pmksa_add_sae(struct wpa_authenticator *wpa_auth, const u8 *addr,
6274 if (wpa_auth->conf.disable_pmksa_caching)
6280 if (pmksa_cache_auth_add(wpa_auth->pmksa, pmk, pmk_len, pmkid,
6281 NULL, 0, wpa_auth->addr, addr, 0, NULL, akmp))
6295 int wpa_auth_pmksa_add2(struct wpa_authenticator *wpa_auth, const u8 *addr,
6301 if (!wpa_auth || wpa_auth->conf.disable_pmksa_caching)
6305 entry = pmksa_cache_auth_add(wpa_auth->pmksa, pmk, pmk_len, pmkid,
6306 NULL, 0, wpa_auth->addr, addr, session_timeout,
6318 void wpa_auth_pmksa_remove(struct wpa_authenticator *wpa_auth,
6323 if (!wpa_auth || !wpa_auth->pmksa)
6325 pmksa = pmksa_cache_auth_get(wpa_auth->pmksa, sta_addr, NULL);
6329 pmksa_cache_free_entry(wpa_auth->pmksa, pmksa);
6334 int wpa_auth_pmksa_list(struct wpa_authenticator *wpa_auth, char *buf,
6337 if (!wpa_auth || !wpa_auth->pmksa)
6339 return pmksa_cache_auth_list(wpa_auth->pmksa, buf, len);
6343 void wpa_auth_pmksa_flush(struct wpa_authenticator *wpa_auth)
6345 if (wpa_auth && wpa_auth->pmksa)
6346 pmksa_cache_auth_flush(wpa_auth->pmksa);
6353 int wpa_auth_pmksa_list_mesh(struct wpa_authenticator *wpa_auth, const u8 *addr,
6356 if (!wpa_auth || !wpa_auth->pmksa)
6359 return pmksa_cache_auth_list_mesh(wpa_auth->pmksa, addr, buf, len);
6382 int wpa_auth_pmksa_add_entry(struct wpa_authenticator *wpa_auth,
6387 if (!wpa_auth || !wpa_auth->pmksa)
6390 ret = pmksa_cache_auth_add_entry(wpa_auth->pmksa, entry);
6404 wpa_auth_get_pmksa_cache(struct wpa_authenticator *wpa_auth)
6406 if (!wpa_auth || !wpa_auth->pmksa)
6408 return wpa_auth->pmksa;
6413 wpa_auth_pmksa_get(struct wpa_authenticator *wpa_auth, const u8 *sta_addr,
6416 if (!wpa_auth || !wpa_auth->pmksa)
6418 return pmksa_cache_auth_get(wpa_auth->pmksa, sta_addr, pmkid);
6424 struct wpa_authenticator *wpa_auth,
6434 os_memcpy(wpa_auth->dot11RSNAPMKIDUsed, pmksa->pmkid, PMKID_LEN);
6443 static void wpa_group_free(struct wpa_authenticator *wpa_auth,
6446 struct wpa_group *prev = wpa_auth->group;
6465 static void wpa_group_get(struct wpa_authenticator *wpa_auth,
6469 if (wpa_auth->group == group)
6477 static void wpa_group_put(struct wpa_authenticator *wpa_auth,
6481 if (wpa_auth->group == group)
6487 wpa_group_free(wpa_auth, group);
6496 wpa_auth_add_group(struct wpa_authenticator *wpa_auth, int vlan_id)
6500 if (!wpa_auth || !wpa_auth->group)
6505 group = wpa_group_init(wpa_auth, vlan_id, 0);
6509 group->next = wpa_auth->group->next;
6510 wpa_auth->group->next = group;
6522 int wpa_auth_ensure_group(struct wpa_authenticator *wpa_auth, int vlan_id)
6526 if (!wpa_auth)
6529 group = wpa_auth->group;
6537 group = wpa_auth_add_group(wpa_auth, vlan_id);
6546 wpa_group_get(wpa_auth, group);
6562 int wpa_auth_release_group(struct wpa_authenticator *wpa_auth, int vlan_id)
6567 if (!wpa_auth)
6570 group = wpa_auth->group;
6602 wpa_group_put(wpa_auth, group);
6612 if (!sm || !sm->wpa_auth)
6615 group = sm->wpa_auth->group;
6623 group = wpa_auth_add_group(sm->wpa_auth, vlan_id);
6638 wpa_group_get(sm->wpa_auth, group);
6639 wpa_group_put(sm->wpa_auth, sm->group);
6646 void wpa_auth_eapol_key_tx_status(struct wpa_authenticator *wpa_auth,
6649 if (!wpa_auth || !sm)
6668 eloop_cancel_timeout(wpa_send_eapol_timeout, wpa_auth, sm);
6671 wpa_send_eapol_timeout, wpa_auth, sm);
6712 int wpa_auth_radius_das_disconnect_pmksa(struct wpa_authenticator *wpa_auth,
6715 return pmksa_cache_auth_radius_das_disconnect(wpa_auth->pmksa, attr);
6719 void wpa_auth_reconfig_group_keys(struct wpa_authenticator *wpa_auth)
6723 if (!wpa_auth)
6725 for (group = wpa_auth->group; group; group = group->next)
6726 wpa_group_config_group_keys(wpa_auth, group);
6755 wpa_auth_pmksa_get_fils_cache_id(struct wpa_authenticator *wpa_auth,
6760 if (!wpa_auth->conf.fils_cache_id_set)
6762 idata.auth = wpa_auth;
6763 idata.cache_id = wpa_auth->conf.fils_cache_id;
6767 wpa_auth_for_each_auth(wpa_auth, wpa_auth_fils_iter, &idata);
6773 int wpa_auth_write_fte(struct wpa_authenticator *wpa_auth,
6777 struct wpa_auth_config *conf = &wpa_auth->conf;
6834 void wpa_auth_set_transition_disable(struct wpa_authenticator *wpa_auth,
6837 if (wpa_auth)
6838 wpa_auth->conf.transition_disable = val;
6857 wpa_auth_logger(sm->wpa_auth, wpa_auth_get_spa(sm), LOGGER_DEBUG,
6859 wpa_send_eapol(sm->wpa_auth, sm,
6873 struct wpa_auth_config *conf = &sm->wpa_auth->conf;
6885 /* If FT is used, wpa_auth->wpa_ie includes both RSNIE and MDIE */
6886 wpa_ie = sm->wpa_auth->wpa_ie;
6887 wpa_ie_len = sm->wpa_auth->wpa_ie_len;
6889 (sm->wpa_auth->conf.wpa & WPA_PROTO_RSN) &&
6899 wpa_auth_logger(sm->wpa_auth, wpa_auth_get_spa(sm), LOGGER_DEBUG,
6924 wpa_auth_logger(sm->wpa_auth, wpa_auth_get_spa(sm),
7034 wpa_send_eapol(sm->wpa_auth, sm,
7051 struct wpa_auth_config *conf = &sm->wpa_auth->conf;
7062 wpa_auth_logger(sm->wpa_auth, wpa_auth_get_spa(sm), LOGGER_DEBUG,
7101 wpa_send_eapol(sm->wpa_auth, sm,
7114 int wpa_auth_rekey_gtk(struct wpa_authenticator *wpa_auth)
7116 if (!wpa_auth)
7119 wpa_get_primary_auth(wpa_auth), NULL);
7121 wpa_get_primary_auth(wpa_auth), NULL);
7125 int wpa_auth_rekey_ptk(struct wpa_authenticator *wpa_auth,
7128 if (!wpa_auth || !sm)
7130 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG, "rekeying PTK");
7137 void wpa_auth_set_ft_rsnxe_used(struct wpa_authenticator *wpa_auth, int val)
7139 if (wpa_auth)
7140 wpa_auth->conf.ft_rsnxe_used = val;
7144 void wpa_auth_set_ocv_override_freq(struct wpa_authenticator *wpa_auth,
7148 if (!wpa_auth)
7152 wpa_auth->conf.oci_freq_override_eapol_m3 = freq;
7155 wpa_auth->conf.oci_freq_override_eapol_g1 = freq;
7158 wpa_auth->conf.oci_freq_override_ft_assoc = freq;
7161 wpa_auth->conf.oci_freq_override_fils_assoc = freq;
7206 wpa_auth_logger(sm->wpa_auth, wpa_auth_get_spa(sm), LOGGER_DEBUG,
7234 ctx.wpa_auth = NULL;
7235 wpa_auth_for_each_auth(sm->wpa_auth,
7237 if (ctx.wpa_auth) {
7238 sm_link->wpa_auth = ctx.wpa_auth;
7239 wpa_group_get(sm_link->wpa_auth,
7240 sm_link->wpa_auth->group);
7243 sm_link->wpa_auth = sm->wpa_auth;
7246 if (!sm_link->wpa_auth)
7250 MAC2STR(sm->wpa_auth->mld_addr),