tests: sigma_dut controlled STA and beacon protection

[thirdparty/hostap.git] / wpa_supplicant / wpas_kay.c
diff --git a/wpa_supplicant/wpas_kay.c b/wpa_supplicant/wpas_kay.c

index d087e00ad71f83bd24ec4f34523c7e792905a0b6..41477d514d3f09e905273226d0f2b98d2a98a847 100644 (file)
--- a/wpa_supplicant/wpas_kay.c
+++ b/wpa_supplicant/wpas_kay.c
@@ -5,7 +5,7 @@
   * This software may be distributed under the terms of the BSD license.
   * See README for more details.
   */
-#include <openssl/ssl.h>
+
  #include "utils/includes.h"
  
  #include "utils/common.h"
@@ -92,6 +92,12 @@ static int wpas_set_transmit_next_pn(void *wpa_s, struct transmit_sa *sa)
  }
  
  
+static int wpas_set_receive_lowest_pn(void *wpa_s, struct receive_sa *sa)
+{
+       return wpa_drv_set_receive_lowest_pn(wpa_s, sa);
+}
+
+
  static unsigned int conf_offset_val(enum confidentiality_offset co)
  {
         switch (co) {
@@ -219,6 +225,7 @@ int ieee802_1x_alloc_kay_sm(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid)
         kay_ctx->get_receive_lowest_pn = wpas_get_receive_lowest_pn;
         kay_ctx->get_transmit_next_pn = wpas_get_transmit_next_pn;
         kay_ctx->set_transmit_next_pn = wpas_set_transmit_next_pn;
+       kay_ctx->set_receive_lowest_pn = wpas_set_receive_lowest_pn;
         kay_ctx->create_receive_sc = wpas_create_receive_sc;
         kay_ctx->delete_receive_sc = wpas_delete_receive_sc;
         kay_ctx->create_receive_sa = wpas_create_receive_sa;
@@ -232,13 +239,13 @@ int ieee802_1x_alloc_kay_sm(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid)
         kay_ctx->enable_transmit_sa = wpas_enable_transmit_sa;
         kay_ctx->disable_transmit_sa = wpas_disable_transmit_sa;
  
-       res = ieee802_1x_kay_init(kay_ctx, policy, ssid->macsec_port,
+       res = ieee802_1x_kay_init(kay_ctx, policy, ssid->macsec_replay_protect,
+                                 ssid->macsec_replay_window, ssid->macsec_port,
                                   ssid->mka_priority, wpa_s->ifname,
                                   wpa_s->own_addr);
-       if (res == NULL) {
-               os_free(kay_ctx);
+       /* ieee802_1x_kay_init() frees kay_ctx on failure */
+       if (res == NULL)
                 return -1;
-       }
  
         wpa_s->kay = res;
  
@@ -269,7 +276,7 @@ static int ieee802_1x_auth_get_session_id(struct wpa_supplicant *wpa_s,
                 return -1;
         }
  
-       need_len = 1 + 2 * SSL3_RANDOM_SIZE;
+       need_len = 1 + 2 * 32 /* random size */;
         if (need_len > id_len) {
                 wpa_printf(MSG_DEBUG, "EAP Session-Id not long enough");
                 return -1;
@@ -350,8 +357,8 @@ void * ieee802_1x_notify_create_actor(struct wpa_supplicant *wpa_s,
  
         /* Derive CAK from MSK */
         cak->len = DEFAULT_KEY_LEN;
-       if (ieee802_1x_cak_128bits_aes_cmac(msk->key, wpa_s->own_addr,
-                                           peer_addr, cak->key)) {
+       if (ieee802_1x_cak_aes_cmac(msk->key, msk->len, wpa_s->own_addr,
+                                   peer_addr, cak->key, cak->len)) {
                 wpa_printf(MSG_ERROR,
                            "IEEE 802.1X: Deriving CAK failed");
                 goto fail;
@@ -360,9 +367,8 @@ void * ieee802_1x_notify_create_actor(struct wpa_supplicant *wpa_s,
  
         /* Derive CKN from MSK */
         ckn->len = DEFAULT_CKN_LEN;
-       if (ieee802_1x_ckn_128bits_aes_cmac(msk->key, wpa_s->own_addr,
-                                           peer_addr, sid, sid_len,
-                                           ckn->name)) {
+       if (ieee802_1x_ckn_aes_cmac(msk->key, msk->len, wpa_s->own_addr,
+                                   peer_addr, sid, sid_len, ckn->name)) {
                 wpa_printf(MSG_ERROR,
                            "IEEE 802.1X: Deriving CKN failed");
                 goto fail;
@@ -393,44 +399,42 @@ void * ieee802_1x_create_preshared_mka(struct wpa_supplicant *wpa_s,
  {
         struct mka_key *cak;
         struct mka_key_name *ckn;
-       void *res;
+       void *res = NULL;
  
         if ((ssid->mka_psk_set & MKA_PSK_SET) != MKA_PSK_SET)
-               return NULL;
-
-       if (ieee802_1x_alloc_kay_sm(wpa_s, ssid) < 0)
-               return NULL;
-
-       if (!wpa_s->kay || wpa_s->kay->policy == DO_NOT_SECURE)
-               return NULL;
+               goto end;
  
         ckn = os_zalloc(sizeof(*ckn));
         if (!ckn)
-               goto dealloc;
+               goto end;
  
         cak = os_zalloc(sizeof(*cak));
         if (!cak)
                 goto free_ckn;
  
-       cak->len = MACSEC_CAK_LEN;
+       if (ieee802_1x_alloc_kay_sm(wpa_s, ssid) < 0 || !wpa_s->kay)
+               goto free_cak;
+
+       if (wpa_s->kay->policy == DO_NOT_SECURE)
+               goto dealloc;
+
+       cak->len = ssid->mka_cak_len;
         os_memcpy(cak->key, ssid->mka_cak, cak->len);
  
-       ckn->len = MACSEC_CKN_LEN;
+       ckn->len = ssid->mka_ckn_len;
         os_memcpy(ckn->name, ssid->mka_ckn, ckn->len);
  
         res = ieee802_1x_kay_create_mka(wpa_s->kay, ckn, cak, 0, PSK, FALSE);
         if (res)
-               return res;
+               goto free_cak;
  
+dealloc:
         /* Failed to create MKA */
+       ieee802_1x_dealloc_kay_sm(wpa_s);
+free_cak:
         os_free(cak);
-
-       /* fallthrough */
-
  free_ckn:
         os_free(ckn);
-dealloc:
-       ieee802_1x_dealloc_kay_sm(wpa_s);
-
-       return NULL;
+end:
+       return res;
  }