From patchwork Mon Aug  5 09:33:22 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Shivani Baranwal <quic_shivbara@quicinc.com>
X-Patchwork-Id: 1969022
Return-Path: 
 <hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@legolas.ozlabs.org
Authentication-Results: legolas.ozlabs.org;
	dkim=pass (2048-bit key;
 secure) header.d=lists.infradead.org header.i=@lists.infradead.org
 header.a=rsa-sha256 header.s=bombadil.20210309 header.b=PVlYf7fN;
	dkim=fail reason="signature verification failed" (2048-bit key;
 unprotected) header.d=quicinc.com header.i=@quicinc.com header.a=rsa-sha256
 header.s=qcppdkim1 header.b=ap1PvjIx;
	dkim-atps=neutral
Authentication-Results: legolas.ozlabs.org;
 spf=none (no SPF record) smtp.mailfrom=lists.infradead.org
 (client-ip=2607:7c80:54:3::133; helo=bombadil.infradead.org;
 envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org;
 receiver=patchwork.ozlabs.org)
Received: from bombadil.infradead.org (bombadil.infradead.org
 [IPv6:2607:7c80:54:3::133])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384)
	(No client certificate requested)
	by legolas.ozlabs.org (Postfix) with ESMTPS id 4WctQ34LJjz20Mq
	for <incoming@patchwork.ozlabs.org>; Mon,  5 Aug 2024 20:45:47 +1000 (AEST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.infradead.org; s=bombadil.20210309; h=Sender:
	Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post:
	List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:
	Message-ID:Date:Subject:CC:To:From:Reply-To:Content-ID:Content-Description:
	Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:
	List-Owner; bh=jZTk1Wur/L+lFKsYDu/E2VWy/A8t0YlmpasRs0YjQLc=; b=PVlYf7fNkz3Dg/
	IKq3fq9Lt9I0iFBoR/Lta/hCjvmlIuWf8PWFq2/Tdtn7tzRd5Tq0iMhb6j821xxht/1y7SSctDs0/
	yOw6VOsXcA77H5aOwDzAsNaad051B/62p3OjBESutJ8jP1w19+hDGzghWC+0Wz7V3WzTnuYm7ARAG
	8xqND11xqCoqzvAJ+cudiwozp4gckDp5C9ae/yk4r3OaohXv2cgkxaQ8lK7MzksP7LR58jKHnKAp9
	VxSkJCIhiecL/B6FtJHPZr0kIPgbXzv/uXfHlUSzaL8fho3GVlkcTHqyfzedXNXpt3HidB8V64EIk
	XNCXB3S605a3Ugq+up9w==;
Received: from localhost ([::1] helo=bombadil.infradead.org)
	by bombadil.infradead.org with esmtp (Exim 4.97.1 #2 (Red Hat Linux))
	id 1savDb-0000000FZDd-2XH4;
	Mon, 05 Aug 2024 10:45:35 +0000
Received: from mx0b-0031df01.pphosted.com ([205.220.180.131])
	by bombadil.infradead.org with esmtps (Exim 4.97.1 #2 (Red Hat Linux))
	id 1sau77-0000000FJ21-3ttH
	for hostap@lists.infradead.org;
	Mon, 05 Aug 2024 09:35:03 +0000
Received: from pps.filterd (m0279869.ppops.net [127.0.0.1])
	by mx0a-0031df01.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id
 4752VYoE011139
	for <hostap@lists.infradead.org>; Mon, 5 Aug 2024 09:34:49 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=quicinc.com; h=
	cc:content-type:date:from:in-reply-to:message-id:mime-version
	:references:subject:to; s=qcppdkim1; bh=2YQZEOSLbEKdGvO/uhVzLi63
	Hz3DNhJNrWdMCDSxtQA=; b=ap1PvjIxWhm/q5aZaYq4zGQ/yWN2VJOfkVNYFwks
	URgiTsJeCshgk7JFkrVnjo3sBFVmta4hQmMeep2OGo29ILZkJF6BiDY0HZz6tuMo
	obV5clLT4O3BrCmCPPj/Xln2tipM5EVoKF929PT/SzuA1Ovo55TaVF+NCBF7M1iS
	CbSAtS7YAYRbOxE/PFZ5klE9PQomm/c+zUPL8kv3yqkyzPiCi9lYzsIZIlE3Ojbi
	m/2d4ibSdmX++bUPFNkc987JnDXcvp5USmFx7QMnsg/iLyx1xgS9Sg6GCf+8JoOh
	cr4bO+CQGnt+0WtPuc5DW5nHCyyo1AMvHxJRwkW+ja4XNQ==
Received: from nalasppmta04.qualcomm.com (Global_NAT1.qualcomm.com
 [129.46.96.20])
	by mx0a-0031df01.pphosted.com (PPS) with ESMTPS id 40sbj6khs9-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT)
	for <hostap@lists.infradead.org>; Mon, 05 Aug 2024 09:34:48 +0000 (GMT)
Received: from nalasex01a.na.qualcomm.com (nalasex01a.na.qualcomm.com
 [10.47.209.196])
	by NALASPPMTA04.qualcomm.com (8.17.1.19/8.17.1.19) with ESMTPS id
 4759YllQ013142
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT)
	for <hostap@lists.infradead.org>; Mon, 5 Aug 2024 09:34:47 GMT
Received: from hu-shivbara-hyd.qualcomm.com (10.80.80.8) by
 nalasex01a.na.qualcomm.com (10.47.209.196) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.2.1544.9; Mon, 5 Aug 2024 02:34:46 -0700
From: Shivani Baranwal <quic_shivbara@quicinc.com>
To: <hostap@lists.infradead.org>
CC: <quic_shivbara@quicinc.com>
Subject: [PATCH v3 24/25] P2P: Add support to get PASN PTK
Date: Mon, 5 Aug 2024 15:03:22 +0530
Message-ID: <1722850403-8852-25-git-send-email-quic_shivbara@quicinc.com>
X-Mailer: git-send-email 2.7.4
In-Reply-To: <1722850403-8852-1-git-send-email-quic_shivbara@quicinc.com>
References: <1722850403-8852-1-git-send-email-quic_shivbara@quicinc.com>
MIME-Version: 1.0
X-Originating-IP: [10.80.80.8]
X-ClientProxiedBy: nasanex01b.na.qualcomm.com (10.46.141.250) To
 nalasex01a.na.qualcomm.com (10.47.209.196)
X-QCInternal: smtphost
X-Proofpoint-Virus-Version: vendor=nai engine=6200 definitions=5800
 signatures=585085
X-Proofpoint-ORIG-GUID: z6QclzR_7n2449sEOEFBmZkUaTH8rsbw
X-Proofpoint-GUID: z6QclzR_7n2449sEOEFBmZkUaTH8rsbw
X-Proofpoint-Virus-Version: vendor=baseguard
 engine=ICAP:2.0.293,Aquarius:18.0.1039,Hydra:6.0.680,FMLib:17.12.28.16
 definitions=2024-08-04_14,2024-08-02_01,2024-05-17_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0
 spamscore=0 suspectscore=0
 priorityscore=1501 adultscore=0 mlxscore=0 lowpriorityscore=0 bulkscore=0
 phishscore=0 mlxlogscore=915 clxscore=1015 malwarescore=0 impostorscore=0
 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2407110000
 definitions=main-2408050067
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20240805_023450_562711_468BB24D 
X-CRM114-Status: GOOD (  24.16  )
X-Spam-Score: -2.1 (--)
X-Spam-Report: Spam detection software,
 running on the system "bombadil.infradead.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 Content preview:  Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
    --- src/common/wpa_common.c | 2 ++ src/common/wpa_common.h | 1 +
 src/p2p/p2p.c
    | 54 +++++++++++++++++++++++++++++++++++++++-- src/p2p/p2p.h [...]
 Content analysis details:   (-2.1 points, 5.0 required)
  pts rule name              description
 ---- ----------------------
 --------------------------------------------------
  0.0 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE: The
                             query to Validity was blocked.  See
                             https://knowledge.validity.com/hc/en-us/articles/20961730681243
                              for more information.
                        [205.220.180.131 listed in
 sa-trusted.bondedsender.org]
  0.0 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to
                              Validity was blocked.  See
                             https://knowledge.validity.com/hc/en-us/articles/20961730681243
                              for more information.
                             [205.220.180.131 listed in
 sa-accredit.habeas.com]
  0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to
                              Validity was blocked.  See
                             https://knowledge.validity.com/hc/en-us/articles/20961730681243
                              for more information.
                           [205.220.180.131 listed in
 bl.score.senderscore.com]
 -0.0 SPF_PASS               SPF: sender matches SPF record
  0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
  0.1 DKIM_SIGNED            Message has a DKIM or DK signature,
 not necessarily valid
 -0.1 DKIM_VALID_AU          Message has a valid DKIM or DK signature from
 author's
                             domain
 -0.1 DKIM_VALID_EF          Message has a valid DKIM or DK signature from
                             envelope-from domain
 -0.1 DKIM_VALID             Message has at least one valid DKIM or DK
 signature
 -1.9 BAYES_00               BODY: Bayes spam probability is 0 to 1%
                             [score: 0.0000]
X-BeenThere: hostap@lists.infradead.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: <hostap.lists.infradead.org>
List-Unsubscribe: <http://lists.infradead.org/mailman/options/hostap>,
 <mailto:hostap-request@lists.infradead.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/hostap/>
List-Post: <mailto:hostap@lists.infradead.org>
List-Help: <mailto:hostap-request@lists.infradead.org?subject=help>
List-Subscribe: <http://lists.infradead.org/mailman/listinfo/hostap>,
 <mailto:hostap-request@lists.infradead.org?subject=subscribe>
Sender: "Hostap" <hostap-bounces@lists.infradead.org>
Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org

Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
---
 src/common/wpa_common.c         |  2 ++
 src/common/wpa_common.h         |  1 +
 src/p2p/p2p.c                   | 54 +++++++++++++++++++++++++++++++++++++++--
 src/p2p/p2p.h                   |  8 ++++++
 src/p2p/p2p_i.h                 | 10 ++++++++
 wpa_supplicant/ctrl_iface.c     | 23 ++++++++++++++++++
 wpa_supplicant/p2p_supplicant.c | 11 +++++++++
 wpa_supplicant/p2p_supplicant.h |  8 ++++++
 8 files changed, 115 insertions(+), 2 deletions(-)

diff --git a/src/common/wpa_common.c b/src/common/wpa_common.c
index 28f478c..ef8a0fa 100644
--- a/src/common/wpa_common.c
+++ b/src/common/wpa_common.c
@@ -582,6 +582,7 @@ int wpa_pmk_to_ptk(const u8 *pmk, size_t pmk_len, const char *label,
 	ptk->kek2_len = 0;
 	ptk->kck2_len = 0;
 
+	ptk->ptk_len = ptk_len;
 	os_memset(tmp, 0, sizeof(tmp));
 	os_memset(data, 0, data_len);
 	return 0;
@@ -1555,6 +1556,7 @@ int pasn_pmk_to_ptk(const u8 *pmk, size_t pmk_len,
 				ptk->kdk, ptk->kdk_len);
 	}
 
+	ptk->ptk_len = ptk_len;
 	forced_memzero(tmp, sizeof(tmp));
 	ret = 0;
 err:
diff --git a/src/common/wpa_common.h b/src/common/wpa_common.h
index 8f77d38..63196bc 100644
--- a/src/common/wpa_common.h
+++ b/src/common/wpa_common.h
@@ -270,6 +270,7 @@ struct wpa_ptk {
 	size_t kck2_len;
 	size_t kek2_len;
 	size_t kdk_len;
+	size_t ptk_len;
 	size_t ltf_keyseed_len;
 	int installed; /* 1 if key has already been installed to driver */
 };
diff --git a/src/p2p/p2p.c b/src/p2p/p2p.c
index 2c81ec5..59a15a8 100644
--- a/src/p2p/p2p.c
+++ b/src/p2p/p2p.c
@@ -3064,6 +3064,11 @@ void p2p_group_formation_failed(struct p2p_data *p2p)
 	p2p_clear_go_neg(p2p);
 }
 
+void p2p_set_store_pasn_ptk(struct p2p_data *p2p, u8 val)
+{
+	p2p->cfg->store_pasn_ptk = val;
+}
+
 
 bool is_p2p_6ghz_disabled(struct p2p_data *p2p)
 {
@@ -6875,6 +6880,7 @@ int p2p_handle_pasn_auth(struct p2p_data *p2p, struct p2p_device *dev,
 			p2p_dbg(p2p, "P2P PASN Responder: Handle PASN Auth3 failed");
 			return -1;
 		}
+		p2p_pasn_store_ptk(p2p, &pasn->ptk);
 		if (p2p_pasn_handle_action_wrapper(p2p, dev, mgmt, len, freq,
 						   auth_transaction)) {
 			p2p_dbg(p2p, "P2P PASN Responder: Handle Auth3 action wrapper failed");
@@ -6930,12 +6936,12 @@ int p2p_pasn_auth_rx(struct p2p_data *p2p, const struct ieee80211_mgmt *mgmt,
 			return -1;
 		}
 		ret = wpa_pasn_auth_rx(pasn, (const u8 *)mgmt, len, &pasn_data);
-		forced_memzero(pasn_get_ptk(pasn), sizeof(pasn->ptk));
-
 		if (ret < 0) {
 			p2p_dbg(p2p, "P2P PASN: wpa_pasn_auth_rx failed");
 			dev->role = P2P_ROLE_IDLE;
 		}
+		p2p_pasn_store_ptk(p2p, &pasn->ptk);
+		forced_memzero(pasn_get_ptk(pasn), sizeof(pasn->ptk));
 
 	} else {
 		ret = p2p_handle_pasn_auth(p2p, dev, mgmt, len, freq);
@@ -6952,4 +6958,48 @@ void p2p_pasn_pmksa_set_pmk(struct p2p_data *p2p, const u8 *src, const u8 *dst,
 	pasn_responder_pmksa_cache_add(p2p->responder_pmksa, src, dst, pmk,
 				       pmk_len, pmkid);
 }
+
+
+void p2p_pasn_store_ptk(struct p2p_data *p2p, struct wpa_ptk *ptk)
+{
+	u8 *pos;
+
+	if (!p2p->cfg->store_pasn_ptk)
+		return;
+
+	if (ptk->ptk_len > sizeof(p2p->pasn_ptk)) {
+		p2p_dbg(p2p, "P2P PASN PTK exceeds: (len=%ld)", ptk->ptk_len);
+		return;
+	}
+
+	pos = p2p->pasn_ptk;
+	p2p->pasn_ptk_len = ptk->ptk_len;
+	if (ptk->kck_len) {
+		os_memcpy(pos, ptk->kck, ptk->kck_len);
+		pos += ptk->kck_len;
+	}
+	if (ptk->kek_len) {
+		os_memcpy(pos, ptk->kek, ptk->kek_len);
+		pos += ptk->kek_len;
+	}
+	if (ptk->tk_len) {
+		os_memcpy(pos, ptk->tk, ptk->tk_len);
+		pos += ptk->tk_len;
+	}
+	if (ptk->kdk_len) {
+		os_memcpy(pos, ptk->kdk, ptk->kdk_len);
+		pos += ptk->kdk_len;
+	}
+}
+
+
+int p2p_pasn_get_ptk(struct p2p_data *p2p, const u8 **buf, size_t *buf_len)
+{
+	if (!p2p || !p2p->cfg->store_pasn_ptk || !p2p->pasn_ptk_len)
+		return -1;
+
+	*buf_len = p2p->pasn_ptk_len;
+	*buf = p2p->pasn_ptk;
+	return 0;
+}
 #endif
diff --git a/src/p2p/p2p.h b/src/p2p/p2p.h
index 6024370..5d798a0 100644
--- a/src/p2p/p2p.h
+++ b/src/p2p/p2p.h
@@ -752,6 +752,11 @@ struct p2p_config {
 	void *cb_ctx;
 
 	/**
+	 * store pasn ptk, Used for certification mode
+	 */
+	bool store_pasn_ptk;
+
+	/**
 	 * debug_print - Debug print
 	 * @ctx: Callback context from cb_ctx
 	 * @level: Debug verbosity level (MSG_*)
@@ -2716,4 +2721,7 @@ int p2p_pasn_auth_tx_status(struct p2p_data *p2p, const u8 *data,
 			    size_t data_len, u8 acked, bool verify);
 void p2p_pasn_pmksa_set_pmk(struct p2p_data *p2p, const u8 *src, const u8 *dst,
 			    u8 *pmk, u16 pmk_len, u8 *pmkid);
+void p2p_set_store_pasn_ptk(struct p2p_data *p2p, u8 val);
+void p2p_pasn_store_ptk(struct p2p_data *p2p, struct wpa_ptk *ptk);
+int p2p_pasn_get_ptk(struct p2p_data *p2p, const u8 **buf, size_t *buf_len);
 #endif /* P2P_H */
diff --git a/src/p2p/p2p_i.h b/src/p2p/p2p_i.h
index 3e9119b..32a8421 100644
--- a/src/p2p/p2p_i.h
+++ b/src/p2p/p2p_i.h
@@ -681,6 +681,16 @@ struct p2p_data {
 	 * Indicate that auto go is enabled for this device
 	 */
 	u8 auto_go;
+
+	/**
+	 * pasn ptk of recent auth when store_pasn_ptk enabled
+	 */
+	u8 pasn_ptk[128];
+
+	/**
+	 * pasn ptk length
+	 */
+	size_t pasn_ptk_len;
 };
 
 /**
diff --git a/wpa_supplicant/ctrl_iface.c b/wpa_supplicant/ctrl_iface.c
index 5a5b9e4..9c9e9a7 100644
--- a/wpa_supplicant/ctrl_iface.c
+++ b/wpa_supplicant/ctrl_iface.c
@@ -7748,6 +7748,11 @@ static int p2p_ctrl_set(struct wpa_supplicant *wpa_s, char *cmd)
 		return 0;
 	}
 
+	if (os_strcmp(cmd, "store_pasn_ptk") == 0) {
+		p2p_set_store_pasn_ptk(wpa_s->global->p2p, atoi(param));
+		return 0;
+	}
+
 	wpa_printf(MSG_DEBUG, "CTRL_IFACE: Unknown P2P_SET field value '%s'",
 		   cmd);
 
@@ -10905,6 +10910,20 @@ static void wpas_ctrl_iface_pmksa_flush(struct wpa_supplicant *wpa_s)
 #endif /* CONFIG_AP */
 }
 
+#ifdef CONFIG_PASN
+
+static int p2p_ctrl_get_pasn_ptk(struct wpa_supplicant *wpa_s, char *buf,
+				 size_t buflen)
+{
+	const u8 *ptk;
+	size_t ptk_len;
+
+	if (wpas_p2p_get_pasn_ptk(wpa_s, &ptk, &ptk_len))
+		return -1;
+	return wpa_snprintf_hex(buf, buflen, ptk, ptk_len);
+}
+
+#endif // CONFIG_PASN
 
 #ifdef CONFIG_PMKSA_CACHE_EXTERNAL
 
@@ -12918,6 +12937,10 @@ char * wpa_supplicant_ctrl_iface_process(struct wpa_supplicant *wpa_s,
 			reply_len = -1;
 	} else if (os_strcmp(buf, "P2P_GET_PASSPHRASE") == 0) {
 		reply_len = p2p_get_passphrase(wpa_s, reply, reply_size);
+#ifdef CONFIG_PASN
+	} else if (os_strcmp(buf, "P2P_GET_PASNPTK") == 0) {
+		reply_len = p2p_ctrl_get_pasn_ptk(wpa_s, reply, reply_size);
+#endif /* CONFIG_PASN */
 	} else if (os_strncmp(buf, "P2P_SERV_DISC_REQ ", 18) == 0) {
 		reply_len = p2p_ctrl_serv_disc_req(wpa_s, buf + 18, reply,
 						   reply_size);
diff --git a/wpa_supplicant/p2p_supplicant.c b/wpa_supplicant/p2p_supplicant.c
index 249390b..394beef 100644
--- a/wpa_supplicant/p2p_supplicant.c
+++ b/wpa_supplicant/p2p_supplicant.c
@@ -11159,4 +11159,15 @@ int wpas_p2p_pasn_auth_rx(struct wpa_supplicant *wpa_s,
 		return -2;
 	return p2p_pasn_auth_rx(p2p, mgmt, len, freq);
 }
+
+
+int wpas_p2p_get_pasn_ptk(struct wpa_supplicant *wpa_s, const u8 **ptk,
+			  size_t *ptk_len)
+{
+	struct p2p_data *p2p = wpa_s->global->p2p;
+
+	if (wpa_s->global->p2p_disabled || !p2p)
+		return -2;
+	return p2p_pasn_get_ptk(p2p, ptk, ptk_len);
+}
 #endif /* CONFIG_PASN */
diff --git a/wpa_supplicant/p2p_supplicant.h b/wpa_supplicant/p2p_supplicant.h
index c9e9c78..3dcc9e3 100644
--- a/wpa_supplicant/p2p_supplicant.h
+++ b/wpa_supplicant/p2p_supplicant.h
@@ -234,6 +234,8 @@ int wpas_p2p_pasn_auth_rx(struct wpa_supplicant *wpa_s,
 			  const struct ieee80211_mgmt *mgmt, size_t len,
 			  int freq);
 int wpas_p2p_remove_all_identity(struct wpa_supplicant *wpa_s);
+int wpas_p2p_get_pasn_ptk(struct wpa_supplicant *wpa_s, const u8 **ptk,
+			  size_t *ptk_len);
 #else /* CONFIG_P2P */
 
 static inline int
@@ -377,6 +379,12 @@ wpas_p2p_remove_all_identity(struct wpa_supplicant *wpa_s)
 	return 0;
 }
 
+static inline int wpas_p2p_get_pasn_ptk(struct wpa_supplicant *wpa_s,
+					const u8 **ptk, size_t *ptk_len)
+{
+	return 0;
+}
+
 #endif /* CONFIG_P2P */
 
 #endif /* P2P_SUPPLICANT_H */