feat(wifi): Refactor and update wpa_supplicant with upstream

components/wpa_supplicant/src/rsn_supp/wpa.c

@@ -260,7 +260,7 @@ void wpa_eapol_key_send(struct wpa_sm *sm, const u8 *kck, size_t kck_len,
         goto out;
     }
     wpa_hexdump_key(MSG_DEBUG, "WPA: KCK", kck, kck_len);
-    wpa_hexdump(MSG_DEBUG, "WPA: Derived Key MIC", key_mic, wpa_mic_len(sm->key_mgmt));
+    wpa_hexdump(MSG_DEBUG, "WPA: Derived Key MIC", key_mic, wpa_mic_len(sm->key_mgmt, sm->pmk_len));
     wpa_hexdump(MSG_MSGDUMP, "WPA: TX EAPOL-Key", msg, msg_len);
     wpa_sm_ether_send(sm, dest, proto, msg, msg_len);
 out:
@@ -302,7 +302,7 @@ static void wpa_sm_key_request(struct wpa_sm *sm, int error, int pairwise)
         return;
     }
 
-    mic_len = wpa_mic_len(sm->key_mgmt);
+    mic_len = wpa_mic_len(sm->key_mgmt, sm->pmk_len);
     hdrlen = mic_len == 24 ? sizeof(*reply192) : sizeof(*reply);
     rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL,
                   hdrlen, &rlen, (void *) &reply);
@@ -424,11 +424,23 @@ static int wpa_supplicant_get_pmk(struct wpa_sm *sm,
         //eapol_sm_notify_cached(sm->eapol);
 #ifdef CONFIG_IEEE80211R
         sm->xxkey_len = 0;
+#ifdef CONFIG_WPA3_SAE
+        if ((sm->key_mgmt == WPA_KEY_MGMT_FT_SAE) &&
+             sm->pmk_len == PMK_LEN) {
+            /* Need to allow FT key derivation to proceed with
+             * PMK from SAE being used as the XXKey in cases where
+             * the PMKID in msg 1/4 matches the PMKSA entry that was
+             * just added based on SAE authentication for the
+             * initial mobility domain association. */
+            os_memcpy(sm->xxkey, sm->pmk, sm->pmk_len);
+            sm->xxkey_len = sm->pmk_len;
+        }
+#endif /* CONFIG_WPA3_SAE */
 #endif /* CONFIG_IEEE80211R */
     } else if (wpa_key_mgmt_wpa_ieee8021x(sm->key_mgmt)) {
         int res = 0, pmk_len;
         /* For ESP_SUPPLICANT this is already set using wpa_set_pmk*/
-        //res = eapol_sm_get_key(sm->eapol, sm->pmk, PMK_LEN);
+        //res = eapol_sm_get_key(sm->eapol, 0, sm->pmk, PMK_LEN);
         if (wpa_key_mgmt_sha384(sm->key_mgmt))
             pmk_len = PMK_LEN_SUITE_B_192;
         else
@@ -586,7 +598,7 @@ int   wpa_supplicant_send_2_of_4(struct wpa_sm *sm, const unsigned char *dst,
 #endif /* CONFIG_IEEE80211R */
     wpa_hexdump(MSG_MSGDUMP, "WPA: WPA IE for msg 2/4\n", wpa_ie, wpa_ie_len);
 
-    mic_len = wpa_mic_len(sm->key_mgmt);
+    mic_len = wpa_mic_len(sm->key_mgmt, sm->pmk_len);
     hdrlen = mic_len == 24 ? sizeof(*reply192) : sizeof(*reply);
     rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY,
                   NULL, hdrlen + wpa_ie_len,
@@ -1205,7 +1217,7 @@ static int wpa_supplicant_send_4_of_4(struct wpa_sm *sm, const unsigned char *ds
     struct wpa_eapol_key_192 *reply192;
     u8 *rbuf, *key_mic;
 
-    mic_len = wpa_mic_len(sm->key_mgmt);
+    mic_len = wpa_mic_len(sm->key_mgmt, sm->pmk_len);
     hdrlen = mic_len == 24 ? sizeof(*reply192) : sizeof(*reply);
 
     rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL,
@@ -1574,7 +1586,7 @@ static int wpa_supplicant_send_2_of_2(struct wpa_sm *sm,
     struct wpa_eapol_key_192 *reply192;
     u8 *rbuf, *key_mic;
 
-    mic_len = wpa_mic_len(sm->key_mgmt);
+    mic_len = wpa_mic_len(sm->key_mgmt, sm->pmk_len);
     hdrlen = mic_len == 24 ? sizeof(*reply192) : sizeof(*reply);
 
     rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL,
@@ -1683,7 +1695,7 @@ static int wpa_supplicant_verify_eapol_key_mic(struct wpa_sm *sm,
 {
     u8 mic[WPA_EAPOL_KEY_MIC_MAX_LEN];
     int ok = 0;
-    size_t mic_len = wpa_mic_len(sm->key_mgmt);
+    size_t mic_len = wpa_mic_len(sm->key_mgmt, sm->pmk_len);
 
     os_memcpy(mic, key->key_mic, mic_len);
     if (sm->tptk_set) {
@@ -1754,10 +1766,7 @@ static int wpa_supplicant_decrypt_key_data(struct wpa_sm *sm,
         }
     } else if (ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES ||
                ver == WPA_KEY_INFO_TYPE_AES_128_CMAC ||
-               sm->key_mgmt == WPA_KEY_MGMT_OSEN ||
-               wpa_key_mgmt_suite_b(sm->key_mgmt) ||
-               sm->key_mgmt == WPA_KEY_MGMT_SAE ||
-               sm->key_mgmt == WPA_KEY_MGMT_OWE) {
+               wpa_use_aes_key_wrap(sm->key_mgmt)) {
         u8 *buf;
         if (*key_data_len < 8 || *key_data_len % 8) {
             wpa_printf(MSG_DEBUG, "WPA: Unsupported "
@@ -1860,7 +1869,7 @@ int wpa_sm_rx_eapol(u8 *src_addr, u8 *buf, u32 len)
     size_t mic_len, keyhdrlen;
     u8 *key_data;
 
-    mic_len = wpa_mic_len(sm->key_mgmt);
+    mic_len = wpa_mic_len(sm->key_mgmt, sm->pmk_len);
     keyhdrlen = mic_len == 24 ? sizeof(*key192) : sizeof(*key);
 
     if (len < sizeof(*hdr) + keyhdrlen) {
@@ -1924,20 +1933,14 @@ int wpa_sm_rx_eapol(u8 *src_addr, u8 *buf, u32 len)
     if (ver != WPA_KEY_INFO_TYPE_HMAC_MD5_RC4 &&
 #ifdef CONFIG_IEEE80211W
         ver != WPA_KEY_INFO_TYPE_AES_128_CMAC &&
-#ifdef CONFIG_WPA3_SAE
-        sm->key_mgmt != WPA_KEY_MGMT_SAE &&
 #endif
-        !wpa_key_mgmt_suite_b(sm->key_mgmt) &&
-#ifdef CONFIG_OWE_STA
-        sm->key_mgmt != WPA_KEY_MGMT_OWE &&
-#endif /* CONFIG_OWE_STA */
-#endif
-        ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
+        ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES &&
+        !wpa_use_akm_defined(sm->key_mgmt)) {
         wpa_printf(MSG_DEBUG, "WPA: Unsupported EAPOL-Key descriptor "
                "version %d.", ver);
         goto out;
     }
-    if (wpa_key_mgmt_suite_b(sm->key_mgmt) &&
+    if (wpa_use_akm_defined(sm->key_mgmt) &&
         ver != WPA_KEY_INFO_TYPE_AKM_DEFINED) {
         wpa_msg(NULL, MSG_INFO,
                 "RSN: Unsupported EAPOL-Key descriptor version %d (expected AKM defined = 0)",
@@ -1948,20 +1951,15 @@ int wpa_sm_rx_eapol(u8 *src_addr, u8 *buf, u32 len)
 #ifdef CONFIG_IEEE80211W
     if (wpa_key_mgmt_sha256(sm->key_mgmt)) {
         if (ver != WPA_KEY_INFO_TYPE_AES_128_CMAC &&
-            sm->key_mgmt != WPA_KEY_MGMT_OSEN &&
-            !wpa_key_mgmt_suite_b(sm->key_mgmt) &&
-            sm->key_mgmt != WPA_KEY_MGMT_SAE &&
-            sm->key_mgmt != WPA_KEY_MGMT_OWE) {
+            !wpa_use_akm_defined(sm->key_mgmt)) {
             goto out;
         }
     } else
 #endif
 
     if (sm->pairwise_cipher == WPA_CIPHER_CCMP &&
-        !wpa_key_mgmt_suite_b(sm->key_mgmt) &&
-        ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES &&
-        sm->key_mgmt != WPA_KEY_MGMT_SAE &&
-        sm->key_mgmt != WPA_KEY_MGMT_OWE) {
+        !wpa_use_akm_defined(sm->key_mgmt) &&
+        ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES ) {
         wpa_printf(MSG_DEBUG, "WPA: CCMP is used, but EAPOL-Key "
                "descriptor version (%d) is not 2.", ver);
         if (sm->group_cipher != WPA_CIPHER_CCMP &&
@@ -1982,7 +1980,7 @@ int wpa_sm_rx_eapol(u8 *src_addr, u8 *buf, u32 len)
 
 #ifdef CONFIG_GCMP
     if (sm->pairwise_cipher == WPA_CIPHER_GCMP &&
-        !wpa_key_mgmt_suite_b(sm->key_mgmt) &&
+        !wpa_use_akm_defined(sm->key_mgmt) &&
         ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
         wpa_msg(NULL, MSG_INFO,
                 "WPA: GCMP is used, but EAPOL-Key "