From 0be131265a6f0597f7745715bc952b472d69f84d Mon Sep 17 00:00:00 2001
From: Vinay Gannevaram <quic_vganneva@quicinc.com>
Date: Sun, 18 Sep 2022 23:13:54 +0530
Subject: [PATCH] PASN: Remove wpa_s dependency for wpas_pasn_build_auth_1()

Obtain RSNXE capabilities from the driver flags as well and save them in
the wpas_pasn structure.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
---
 wpa_supplicant/pasn_supplicant.c  | 59 +++++++++++++++++--------------
 wpa_supplicant/wpa_supplicant_i.h |  1 +
 2 files changed, 33 insertions(+), 27 deletions(-)

diff --git a/wpa_supplicant/pasn_supplicant.c b/wpa_supplicant/pasn_supplicant.c
index c0731382b..f40770944 100644
--- a/wpa_supplicant/pasn_supplicant.c
+++ b/wpa_supplicant/pasn_supplicant.c
@@ -909,15 +909,13 @@ static u8 wpas_pasn_get_wrapped_data_format(struct wpas_pasn *pasn)
 }
 
 
-static struct wpabuf * wpas_pasn_build_auth_1(struct wpa_supplicant *wpa_s,
+static struct wpabuf * wpas_pasn_build_auth_1(struct wpas_pasn *pasn,
 					      const struct wpabuf *comeback)
 {
-	struct wpas_pasn *pasn = &wpa_s->pasn;
 	struct wpabuf *buf, *pubkey = NULL, *wrapped_data_buf = NULL;
 	const u8 *pmkid;
 	u8 wrapped_data;
 	int ret;
-	u16 capab;
 
 	wpa_printf(MSG_DEBUG, "PASN: Building frame 1");
 
@@ -945,17 +943,6 @@ static struct wpabuf * wpas_pasn_build_auth_1(struct wpa_supplicant *wpa_s,
 	pmkid = NULL;
 	if (wpa_key_mgmt_ft(pasn->akmp)) {
 #ifdef CONFIG_IEEE80211R
-		ret = wpa_pasn_ft_derive_pmk_r1(wpa_s->wpa, pasn->akmp,
-						pasn->bssid,
-						pasn->pmk_r1,
-						&pasn->pmk_r1_len,
-						pasn->pmk_r1_name);
-		if (ret) {
-			wpa_printf(MSG_DEBUG,
-				   "PASN: FT: Failed to derive keys");
-			goto fail;
-		}
-
 		pmkid = pasn->pmk_r1_name;
 #else /* CONFIG_IEEE80211R */
 		goto fail;
@@ -963,8 +950,8 @@ static struct wpabuf * wpas_pasn_build_auth_1(struct wpa_supplicant *wpa_s,
 	} else if (wrapped_data != WPA_PASN_WRAPPED_DATA_NO) {
 		struct rsn_pmksa_cache_entry *pmksa;
 
-		pmksa = wpa_sm_pmksa_cache_get(wpa_s->wpa, pasn->bssid,
-					       NULL, NULL, pasn->akmp);
+		pmksa = pmksa_cache_get(pasn->pmksa, pasn->bssid,
+					NULL, NULL, pasn->akmp);
 		if (pmksa)
 			pmkid = pmksa->pmkid;
 
@@ -987,16 +974,7 @@ static struct wpabuf * wpas_pasn_build_auth_1(struct wpa_supplicant *wpa_s,
 	if (wpa_pasn_add_wrapped_data(buf, wrapped_data_buf) < 0)
 		goto fail;
 
-	/* Add own RNSXE */
-	capab = 0;
-	capab |= BIT(WLAN_RSNX_CAPAB_SAE_H2E);
-	if (wpa_s->drv_flags2 & WPA_DRIVER_FLAGS2_SEC_LTF_STA)
-		capab |= BIT(WLAN_RSNX_CAPAB_SECURE_LTF);
-	if (wpa_s->drv_flags2 & WPA_DRIVER_FLAGS2_SEC_RTT_STA)
-		capab |= BIT(WLAN_RSNX_CAPAB_SECURE_RTT);
-	if (wpa_s->drv_flags2 & WPA_DRIVER_FLAGS2_PROT_RANGE_NEG_STA)
-		capab |= BIT(WLAN_RSNX_CAPAB_PROT_RANGE_NEG);
-	wpa_pasn_add_rsnxe(buf, capab);
+	wpa_pasn_add_rsnxe(buf, pasn->rsnxe_capab);
 
 	ret = pasn_auth_frame_hash(pasn->akmp, pasn->cipher,
 				   wpabuf_head_u8(buf) + IEEE80211_HDRLEN,
@@ -1376,7 +1354,7 @@ static int wpas_pasn_start(struct wpa_supplicant *wpa_s, const u8 *own_addr,
 		   MAC2STR(pasn->bssid), pasn->akmp, pasn->cipher,
 		   pasn->group);
 
-	frame = wpas_pasn_build_auth_1(wpa_s, comeback);
+	frame = wpas_pasn_build_auth_1(pasn, comeback);
 	if (!frame) {
 		wpa_printf(MSG_DEBUG, "PASN: Failed building 1st auth frame");
 		goto fail;
@@ -1451,6 +1429,7 @@ static void wpas_pasn_auth_start_cb(struct wpa_radio_work *work, int deinit)
 	const u8 *rsne, *rsnxe;
 	const u8 *indic;
 	u16 fils_info;
+	u16 capab = 0;
 	int ret;
 
 	wpa_printf(MSG_DEBUG, "PASN: auth_start_cb: deinit=%d", deinit);
@@ -1490,6 +1469,15 @@ static void wpas_pasn_auth_start_cb(struct wpa_radio_work *work, int deinit)
 	pasn->corrupt_mic = wpa_s->conf->pasn_corrupt_mic;
 #endif /* CONFIG_TESTING_OPTIONS */
 
+	capab |= BIT(WLAN_RSNX_CAPAB_SAE_H2E);
+	if (wpa_s->drv_flags2 & WPA_DRIVER_FLAGS2_SEC_LTF_STA)
+		capab |= BIT(WLAN_RSNX_CAPAB_SECURE_LTF);
+	if (wpa_s->drv_flags2 & WPA_DRIVER_FLAGS2_SEC_RTT_STA)
+		capab |= BIT(WLAN_RSNX_CAPAB_SECURE_RTT);
+	if (wpa_s->drv_flags2 & WPA_DRIVER_FLAGS2_PROT_RANGE_NEG_STA)
+		capab |= BIT(WLAN_RSNX_CAPAB_PROT_RANGE_NEG);
+	pasn->rsnxe_capab = capab;
+
 #ifdef CONFIG_FILS
 	/* Prepare needed information for wpas_pasn_wd_fils_auth(). */
 	if (awork->akmp == WPA_KEY_MGMT_FILS_SHA256 ||
@@ -1514,6 +1502,23 @@ static void wpas_pasn_auth_start_cb(struct wpa_radio_work *work, int deinit)
 
 	pasn->pmksa = wpa_sm_get_pmksa_cache(wpa_s->wpa);
 
+	if (wpa_key_mgmt_ft(awork->akmp)) {
+#ifdef CONFIG_IEEE80211R
+		ret = wpa_pasn_ft_derive_pmk_r1(wpa_s->wpa, awork->akmp,
+						awork->bssid,
+						pasn->pmk_r1,
+						&pasn->pmk_r1_len,
+						pasn->pmk_r1_name);
+		if (ret) {
+			wpa_printf(MSG_DEBUG,
+				   "PASN: FT: Failed to derive keys");
+			goto fail;
+		}
+#else /* CONFIG_IEEE80211R */
+		goto fail;
+#endif /* CONFIG_IEEE80211R */
+	}
+
 	ret = wpas_pasn_start(wpa_s, awork->own_addr, awork->bssid, awork->akmp,
 			      awork->cipher, awork->group, bss->freq,
 			      rsne, *(rsne + 1) + 2,
diff --git a/wpa_supplicant/wpa_supplicant_i.h b/wpa_supplicant/wpa_supplicant_i.h
index a7cdc930e..a60f3d975 100644
--- a/wpa_supplicant/wpa_supplicant_i.h
+++ b/wpa_supplicant/wpa_supplicant_i.h
@@ -599,6 +599,7 @@ struct wpas_pasn {
 	int corrupt_mic;
 #endif /* CONFIG_TESTING_OPTIONS */
 	void *cb_ctx;
+	u16 rsnxe_capab;
 };
 #endif /* CONFIG_PASN */