2 * WPA Supplicant - IEEE 802.11r - Fast BSS Transition
3 * Copyright (c) 2006-2018, Jouni Malinen <j@w1.fi>
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
12 #include "crypto/aes_wrap.h"
13 #include "crypto/sha384.h"
14 #include "crypto/random.h"
15 #include "common/ieee802_11_defs.h"
16 #include "common/ieee802_11_common.h"
17 #include "common/ocv.h"
18 #include "drivers/driver.h"
22 #include "pmksa_cache.h"
24 #ifdef CONFIG_IEEE80211R
26 int wpa_derive_ptk_ft(struct wpa_sm
*sm
, const unsigned char *src_addr
,
27 const struct wpa_eapol_key
*key
, struct wpa_ptk
*ptk
)
29 u8 ptk_name
[WPA_PMK_NAME_LEN
];
30 const u8
*anonce
= key
->key_nonce
;
31 int use_sha384
= wpa_key_mgmt_sha384(sm
->key_mgmt
);
35 if (sm
->xxkey_len
> 0) {
37 mpmk_len
= sm
->xxkey_len
;
38 } else if (sm
->cur_pmksa
) {
39 mpmk
= sm
->cur_pmksa
->pmk
;
40 mpmk_len
= sm
->cur_pmksa
->pmk_len
;
42 wpa_printf(MSG_DEBUG
, "FT: XXKey not available for key "
47 sm
->pmk_r0_len
= use_sha384
? SHA384_MAC_LEN
: PMK_LEN
;
48 if (wpa_derive_pmk_r0(mpmk
, mpmk_len
, sm
->ssid
,
49 sm
->ssid_len
, sm
->mobility_domain
,
50 sm
->r0kh_id
, sm
->r0kh_id_len
, sm
->own_addr
,
51 sm
->pmk_r0
, sm
->pmk_r0_name
, use_sha384
) < 0)
53 wpa_hexdump_key(MSG_DEBUG
, "FT: PMK-R0", sm
->pmk_r0
, sm
->pmk_r0_len
);
54 wpa_hexdump(MSG_DEBUG
, "FT: PMKR0Name",
55 sm
->pmk_r0_name
, WPA_PMK_NAME_LEN
);
56 sm
->pmk_r1_len
= sm
->pmk_r0_len
;
57 if (wpa_derive_pmk_r1(sm
->pmk_r0
, sm
->pmk_r0_len
, sm
->pmk_r0_name
,
58 sm
->r1kh_id
, sm
->own_addr
, sm
->pmk_r1
,
61 wpa_hexdump_key(MSG_DEBUG
, "FT: PMK-R1", sm
->pmk_r1
, sm
->pmk_r1_len
);
62 wpa_hexdump(MSG_DEBUG
, "FT: PMKR1Name", sm
->pmk_r1_name
,
64 return wpa_pmk_r1_to_ptk(sm
->pmk_r1
, sm
->pmk_r1_len
, sm
->snonce
, anonce
,
65 sm
->own_addr
, sm
->bssid
, sm
->pmk_r1_name
, ptk
,
66 ptk_name
, sm
->key_mgmt
, sm
->pairwise_cipher
);
71 * wpa_sm_set_ft_params - Set FT (IEEE 802.11r) parameters
72 * @sm: Pointer to WPA state machine data from wpa_sm_init()
73 * @ies: Association Response IEs or %NULL to clear FT parameters
74 * @ies_len: Length of ies buffer in octets
75 * Returns: 0 on success, -1 on failure
77 int wpa_sm_set_ft_params(struct wpa_sm
*sm
, const u8
*ies
, size_t ies_len
)
85 if (!get_ie(ies
, ies_len
, WLAN_EID_MOBILITY_DOMAIN
)) {
86 os_free(sm
->assoc_resp_ies
);
87 sm
->assoc_resp_ies
= NULL
;
88 sm
->assoc_resp_ies_len
= 0;
89 os_memset(sm
->mobility_domain
, 0, MOBILITY_DOMAIN_ID_LEN
);
90 os_memset(sm
->r0kh_id
, 0, FT_R0KH_ID_MAX_LEN
);
92 os_memset(sm
->r1kh_id
, 0, FT_R1KH_ID_LEN
);
96 use_sha384
= wpa_key_mgmt_sha384(sm
->key_mgmt
);
97 if (wpa_ft_parse_ies(ies
, ies_len
, &ft
, use_sha384
) < 0)
100 if (ft
.mdie_len
< MOBILITY_DOMAIN_ID_LEN
+ 1)
103 wpa_hexdump(MSG_DEBUG
, "FT: Mobility domain",
104 ft
.mdie
, MOBILITY_DOMAIN_ID_LEN
);
105 os_memcpy(sm
->mobility_domain
, ft
.mdie
, MOBILITY_DOMAIN_ID_LEN
);
106 sm
->mdie_ft_capab
= ft
.mdie
[MOBILITY_DOMAIN_ID_LEN
];
107 wpa_printf(MSG_DEBUG
, "FT: Capability and Policy: 0x%02x",
111 wpa_hexdump(MSG_DEBUG
, "FT: R0KH-ID",
112 ft
.r0kh_id
, ft
.r0kh_id_len
);
113 os_memcpy(sm
->r0kh_id
, ft
.r0kh_id
, ft
.r0kh_id_len
);
114 sm
->r0kh_id_len
= ft
.r0kh_id_len
;
116 /* FIX: When should R0KH-ID be cleared? We need to keep the
117 * old R0KH-ID in order to be able to use this during FT. */
119 * os_memset(sm->r0kh_id, 0, FT_R0KH_ID_LEN);
120 * sm->r0kh_id_len = 0;
125 wpa_hexdump(MSG_DEBUG
, "FT: R1KH-ID",
126 ft
.r1kh_id
, FT_R1KH_ID_LEN
);
127 os_memcpy(sm
->r1kh_id
, ft
.r1kh_id
, FT_R1KH_ID_LEN
);
129 os_memset(sm
->r1kh_id
, 0, FT_R1KH_ID_LEN
);
131 os_free(sm
->assoc_resp_ies
);
132 sm
->assoc_resp_ies
= os_malloc(ft
.mdie_len
+ 2 + ft
.ftie_len
+ 2);
133 if (sm
->assoc_resp_ies
) {
134 u8
*pos
= sm
->assoc_resp_ies
;
136 os_memcpy(pos
, ft
.mdie
- 2, ft
.mdie_len
+ 2);
137 pos
+= ft
.mdie_len
+ 2;
140 os_memcpy(pos
, ft
.ftie
- 2, ft
.ftie_len
+ 2);
141 pos
+= ft
.ftie_len
+ 2;
143 sm
->assoc_resp_ies_len
= pos
- sm
->assoc_resp_ies
;
144 wpa_hexdump(MSG_DEBUG
, "FT: Stored MDIE and FTIE from "
145 "(Re)Association Response",
146 sm
->assoc_resp_ies
, sm
->assoc_resp_ies_len
);
154 * wpa_ft_gen_req_ies - Generate FT (IEEE 802.11r) IEs for Auth/ReAssoc Request
155 * @sm: Pointer to WPA state machine data from wpa_sm_init()
156 * @len: Buffer for returning the length of the IEs
157 * @anonce: ANonce or %NULL if not yet available
158 * @pmk_name: PMKR0Name or PMKR1Name to be added into the RSN IE PMKID List
159 * @kck: 128-bit KCK for MIC or %NULL if no MIC is used
160 * @kck_len: KCK length in octets
161 * @target_ap: Target AP address
162 * @ric_ies: Optional IE(s), e.g., WMM TSPEC(s), for RIC-Request or %NULL
163 * @ric_ies_len: Length of ric_ies buffer in octets
164 * @ap_mdie: Mobility Domain IE from the target AP
165 * @omit_rsnxe: Whether RSNXE is omitted from Reassociation Request frame
166 * Returns: Pointer to buffer with IEs or %NULL on failure
168 * Caller is responsible for freeing the returned buffer with os_free();
170 static u8
* wpa_ft_gen_req_ies(struct wpa_sm
*sm
, size_t *len
,
171 const u8
*anonce
, const u8
*pmk_name
,
172 const u8
*kck
, size_t kck_len
,
174 const u8
*ric_ies
, size_t ric_ies_len
,
175 const u8
*ap_mdie
, int omit_rsnxe
)
178 u8
*buf
, *pos
, *ftie_len
, *ftie_pos
, *fte_mic
, *elem_count
;
179 struct rsn_mdie
*mdie
;
180 struct rsn_ie_hdr
*rsnie
;
188 sm
->ft_completed
= 0;
189 sm
->ft_reassoc_completed
= 0;
191 buf_len
= 2 + sizeof(struct rsn_mdie
) + 2 +
192 sizeof(struct rsn_ftie_sha384
) +
193 2 + sm
->r0kh_id_len
+ ric_ies_len
+ 100;
194 buf
= os_zalloc(buf_len
);
199 /* RSNIE[PMKR0Name/PMKR1Name] */
200 rsnie
= (struct rsn_ie_hdr
*) pos
;
201 rsnie
->elem_id
= WLAN_EID_RSN
;
202 WPA_PUT_LE16(rsnie
->version
, RSN_VERSION
);
203 pos
= (u8
*) (rsnie
+ 1);
205 /* Group Suite Selector */
206 if (!wpa_cipher_valid_group(sm
->group_cipher
)) {
207 wpa_printf(MSG_WARNING
, "FT: Invalid group cipher (%d)",
212 RSN_SELECTOR_PUT(pos
, wpa_cipher_to_suite(WPA_PROTO_RSN
,
214 pos
+= RSN_SELECTOR_LEN
;
216 /* Pairwise Suite Count */
217 WPA_PUT_LE16(pos
, 1);
220 /* Pairwise Suite List */
221 if (!wpa_cipher_valid_pairwise(sm
->pairwise_cipher
)) {
222 wpa_printf(MSG_WARNING
, "FT: Invalid pairwise cipher (%d)",
223 sm
->pairwise_cipher
);
227 RSN_SELECTOR_PUT(pos
, wpa_cipher_to_suite(WPA_PROTO_RSN
,
228 sm
->pairwise_cipher
));
229 pos
+= RSN_SELECTOR_LEN
;
231 /* Authenticated Key Management Suite Count */
232 WPA_PUT_LE16(pos
, 1);
235 /* Authenticated Key Management Suite List */
236 if (sm
->key_mgmt
== WPA_KEY_MGMT_FT_IEEE8021X
)
237 RSN_SELECTOR_PUT(pos
, RSN_AUTH_KEY_MGMT_FT_802_1X
);
239 else if (sm
->key_mgmt
== WPA_KEY_MGMT_FT_IEEE8021X_SHA384
)
240 RSN_SELECTOR_PUT(pos
, RSN_AUTH_KEY_MGMT_FT_802_1X_SHA384
);
241 #endif /* CONFIG_SHA384 */
242 else if (sm
->key_mgmt
== WPA_KEY_MGMT_FT_PSK
)
243 RSN_SELECTOR_PUT(pos
, RSN_AUTH_KEY_MGMT_FT_PSK
);
244 else if (sm
->key_mgmt
== WPA_KEY_MGMT_FT_SAE
)
245 RSN_SELECTOR_PUT(pos
, RSN_AUTH_KEY_MGMT_FT_SAE
);
247 else if (sm
->key_mgmt
== WPA_KEY_MGMT_FT_FILS_SHA256
)
248 RSN_SELECTOR_PUT(pos
, RSN_AUTH_KEY_MGMT_FT_FILS_SHA256
);
249 else if (sm
->key_mgmt
== WPA_KEY_MGMT_FT_FILS_SHA384
)
250 RSN_SELECTOR_PUT(pos
, RSN_AUTH_KEY_MGMT_FT_FILS_SHA384
);
251 #endif /* CONFIG_FILS */
253 wpa_printf(MSG_WARNING
, "FT: Invalid key management type (%d)",
258 pos
+= RSN_SELECTOR_LEN
;
260 /* RSN Capabilities */
263 capab
|= WPA_CAPABILITY_MFPC
;
265 capab
|= WPA_CAPABILITY_MFPR
;
267 capab
|= WPA_CAPABILITY_OCVC
;
268 WPA_PUT_LE16(pos
, capab
);
272 WPA_PUT_LE16(pos
, 1);
275 /* PMKID List [PMKR0Name/PMKR1Name] */
276 os_memcpy(pos
, pmk_name
, WPA_PMK_NAME_LEN
);
277 pos
+= WPA_PMK_NAME_LEN
;
279 /* Management Group Cipher Suite */
280 switch (sm
->mgmt_group_cipher
) {
281 case WPA_CIPHER_AES_128_CMAC
:
282 RSN_SELECTOR_PUT(pos
, RSN_CIPHER_SUITE_AES_128_CMAC
);
283 pos
+= RSN_SELECTOR_LEN
;
285 case WPA_CIPHER_BIP_GMAC_128
:
286 RSN_SELECTOR_PUT(pos
, RSN_CIPHER_SUITE_BIP_GMAC_128
);
287 pos
+= RSN_SELECTOR_LEN
;
289 case WPA_CIPHER_BIP_GMAC_256
:
290 RSN_SELECTOR_PUT(pos
, RSN_CIPHER_SUITE_BIP_GMAC_256
);
291 pos
+= RSN_SELECTOR_LEN
;
293 case WPA_CIPHER_BIP_CMAC_256
:
294 RSN_SELECTOR_PUT(pos
, RSN_CIPHER_SUITE_BIP_CMAC_256
);
295 pos
+= RSN_SELECTOR_LEN
;
299 rsnie
->len
= (pos
- (u8
*) rsnie
) - 2;
302 mdie_len
= wpa_ft_add_mdie(sm
, pos
, buf_len
- (pos
- buf
), ap_mdie
);
307 mdie
= (struct rsn_mdie
*) (pos
+ 2);
310 /* FTIE[SNonce, [R1KH-ID,] R0KH-ID ] */
312 *pos
++ = WLAN_EID_FAST_BSS_TRANSITION
;
314 rsnxe_used
= wpa_key_mgmt_sae(sm
->key_mgmt
) && anonce
&&
315 (sm
->sae_pwe
== 1 || sm
->sae_pwe
== 2);
316 if (wpa_key_mgmt_sha384(sm
->key_mgmt
)) {
317 struct rsn_ftie_sha384
*ftie
;
319 ftie
= (struct rsn_ftie_sha384
*) pos
;
320 ftie
->mic_control
[0] = !!rsnxe_used
;
322 elem_count
= &ftie
->mic_control
[1];
323 pos
+= sizeof(*ftie
);
324 os_memcpy(ftie
->snonce
, sm
->snonce
, WPA_NONCE_LEN
);
326 os_memcpy(ftie
->anonce
, anonce
, WPA_NONCE_LEN
);
328 struct rsn_ftie
*ftie
;
330 ftie
= (struct rsn_ftie
*) pos
;
331 ftie
->mic_control
[0] = !!rsnxe_used
;
333 elem_count
= &ftie
->mic_control
[1];
334 pos
+= sizeof(*ftie
);
335 os_memcpy(ftie
->snonce
, sm
->snonce
, WPA_NONCE_LEN
);
337 os_memcpy(ftie
->anonce
, anonce
, WPA_NONCE_LEN
);
340 /* R1KH-ID sub-element in third FT message */
341 *pos
++ = FTIE_SUBELEM_R1KH_ID
;
342 *pos
++ = FT_R1KH_ID_LEN
;
343 os_memcpy(pos
, sm
->r1kh_id
, FT_R1KH_ID_LEN
);
344 pos
+= FT_R1KH_ID_LEN
;
346 /* R0KH-ID sub-element */
347 *pos
++ = FTIE_SUBELEM_R0KH_ID
;
348 *pos
++ = sm
->r0kh_id_len
;
349 os_memcpy(pos
, sm
->r0kh_id
, sm
->r0kh_id_len
);
350 pos
+= sm
->r0kh_id_len
;
352 if (kck
&& wpa_sm_ocv_enabled(sm
)) {
353 /* OCI sub-element in the third FT message */
354 struct wpa_channel_info ci
;
356 if (wpa_sm_channel_info(sm
, &ci
) != 0) {
357 wpa_printf(MSG_WARNING
,
358 "Failed to get channel info for OCI element in FTE");
363 *pos
++ = FTIE_SUBELEM_OCI
;
364 *pos
++ = OCV_OCI_LEN
;
365 if (ocv_insert_oci(&ci
, &pos
) < 0) {
370 #endif /* CONFIG_OCV */
371 *ftie_len
= pos
- ftie_len
- 1;
375 os_memcpy(pos
, ric_ies
, ric_ies_len
);
382 res
= wpa_gen_rsnxe(sm
, rsnxe
, sizeof(rsnxe
));
392 * IEEE Std 802.11r-2008, 11A.8.4
393 * MIC shall be calculated over:
394 * non-AP STA MAC address
395 * Target AP MAC address
396 * Transaction seq number (5 for ReassocReq, 3 otherwise)
399 * FTIE (with MIC field set to 0)
400 * RIC-Request (if present)
403 /* Information element count */
404 *elem_count
= 3 + ieee802_11_ie_count(ric_ies
, ric_ies_len
);
407 if (wpa_ft_mic(kck
, kck_len
, sm
->own_addr
, target_ap
, 5,
408 ((u8
*) mdie
) - 2, 2 + sizeof(*mdie
),
409 ftie_pos
, 2 + *ftie_len
,
410 (u8
*) rsnie
, 2 + rsnie
->len
, ric_ies
,
411 ric_ies_len
, rsnxe_len
? rsnxe
: NULL
, rsnxe_len
,
413 wpa_printf(MSG_INFO
, "FT: Failed to calculate MIC");
425 static int wpa_ft_install_ptk(struct wpa_sm
*sm
, const u8
*bssid
)
429 u8 null_rsc
[6] = { 0, 0, 0, 0, 0, 0 };
431 wpa_printf(MSG_DEBUG
, "FT: Installing PTK to the driver.");
433 if (!wpa_cipher_valid_pairwise(sm
->pairwise_cipher
)) {
434 wpa_printf(MSG_WARNING
, "FT: Unsupported pairwise cipher %d",
435 sm
->pairwise_cipher
);
439 alg
= wpa_cipher_to_alg(sm
->pairwise_cipher
);
440 keylen
= wpa_cipher_key_len(sm
->pairwise_cipher
);
442 if (wpa_sm_set_key(sm
, alg
, bssid
, 0, 1, null_rsc
, sizeof(null_rsc
),
443 (u8
*) sm
->ptk
.tk
, keylen
,
444 KEY_FLAG_PAIRWISE_RX_TX
) < 0) {
445 wpa_printf(MSG_WARNING
, "FT: Failed to set PTK to the driver");
454 * wpa_ft_prepare_auth_request - Generate over-the-air auth request
455 * @sm: Pointer to WPA state machine data from wpa_sm_init()
456 * @mdie: Target AP MDIE
457 * Returns: 0 on success, -1 on failure
459 int wpa_ft_prepare_auth_request(struct wpa_sm
*sm
, const u8
*mdie
)
464 /* Generate a new SNonce */
465 if (random_get_bytes(sm
->snonce
, WPA_NONCE_LEN
)) {
466 wpa_printf(MSG_INFO
, "FT: Failed to generate a new SNonce");
470 ft_ies
= wpa_ft_gen_req_ies(sm
, &ft_ies_len
, NULL
, sm
->pmk_r0_name
,
471 NULL
, 0, sm
->bssid
, NULL
, 0, mdie
, 0);
473 wpa_sm_update_ft_ies(sm
, sm
->mobility_domain
,
482 int wpa_ft_add_mdie(struct wpa_sm
*sm
, u8
*buf
, size_t buf_len
,
486 struct rsn_mdie
*mdie
;
488 if (buf_len
< 2 + sizeof(*mdie
)) {
490 "FT: Failed to add MDIE: short buffer, length=%zu",
495 *pos
++ = WLAN_EID_MOBILITY_DOMAIN
;
496 *pos
++ = sizeof(*mdie
);
497 mdie
= (struct rsn_mdie
*) pos
;
498 os_memcpy(mdie
->mobility_domain
, sm
->mobility_domain
,
499 MOBILITY_DOMAIN_ID_LEN
);
500 mdie
->ft_capab
= ap_mdie
&& ap_mdie
[1] >= 3 ? ap_mdie
[4] :
503 return 2 + sizeof(*mdie
);
507 const u8
* wpa_sm_get_ft_md(struct wpa_sm
*sm
)
509 return sm
->mobility_domain
;
513 int wpa_ft_process_response(struct wpa_sm
*sm
, const u8
*ies
, size_t ies_len
,
514 int ft_action
, const u8
*target_ap
,
515 const u8
*ric_ies
, size_t ric_ies_len
)
519 struct wpa_ft_ies parse
;
520 struct rsn_mdie
*mdie
;
521 u8 ptk_name
[WPA_PMK_NAME_LEN
];
526 int use_sha384
= wpa_key_mgmt_sha384(sm
->key_mgmt
);
527 const u8
*anonce
, *snonce
;
529 wpa_hexdump(MSG_DEBUG
, "FT: Response IEs", ies
, ies_len
);
530 wpa_hexdump(MSG_DEBUG
, "FT: RIC IEs", ric_ies
, ric_ies_len
);
533 if (!sm
->over_the_ds_in_progress
) {
534 wpa_printf(MSG_DEBUG
, "FT: No over-the-DS in progress "
535 "- drop FT Action Response");
539 if (os_memcmp(target_ap
, sm
->target_ap
, ETH_ALEN
) != 0) {
540 wpa_printf(MSG_DEBUG
, "FT: No over-the-DS in progress "
541 "with this Target AP - drop FT Action "
547 if (!wpa_key_mgmt_ft(sm
->key_mgmt
)) {
548 wpa_printf(MSG_DEBUG
, "FT: Reject FT IEs since FT is not "
549 "enabled for this connection");
553 if (wpa_ft_parse_ies(ies
, ies_len
, &parse
, use_sha384
) < 0) {
554 wpa_printf(MSG_DEBUG
, "FT: Failed to parse IEs");
558 mdie
= (struct rsn_mdie
*) parse
.mdie
;
559 if (mdie
== NULL
|| parse
.mdie_len
< sizeof(*mdie
) ||
560 os_memcmp(mdie
->mobility_domain
, sm
->mobility_domain
,
561 MOBILITY_DOMAIN_ID_LEN
) != 0) {
562 wpa_printf(MSG_DEBUG
, "FT: Invalid MDIE");
567 struct rsn_ftie_sha384
*ftie
;
569 ftie
= (struct rsn_ftie_sha384
*) parse
.ftie
;
570 if (!ftie
|| parse
.ftie_len
< sizeof(*ftie
)) {
571 wpa_printf(MSG_DEBUG
, "FT: Invalid FTIE");
575 anonce
= ftie
->anonce
;
576 snonce
= ftie
->snonce
;
578 struct rsn_ftie
*ftie
;
580 ftie
= (struct rsn_ftie
*) parse
.ftie
;
581 if (!ftie
|| parse
.ftie_len
< sizeof(*ftie
)) {
582 wpa_printf(MSG_DEBUG
, "FT: Invalid FTIE");
586 anonce
= ftie
->anonce
;
587 snonce
= ftie
->snonce
;
590 if (os_memcmp(snonce
, sm
->snonce
, WPA_NONCE_LEN
) != 0) {
591 wpa_printf(MSG_DEBUG
, "FT: SNonce mismatch in FTIE");
592 wpa_hexdump(MSG_DEBUG
, "FT: Received SNonce",
593 snonce
, WPA_NONCE_LEN
);
594 wpa_hexdump(MSG_DEBUG
, "FT: Expected SNonce",
595 sm
->snonce
, WPA_NONCE_LEN
);
599 if (parse
.r0kh_id
== NULL
) {
600 wpa_printf(MSG_DEBUG
, "FT: No R0KH-ID subelem in FTIE");
604 if (parse
.r0kh_id_len
!= sm
->r0kh_id_len
||
605 os_memcmp_const(parse
.r0kh_id
, sm
->r0kh_id
, parse
.r0kh_id_len
) != 0)
607 wpa_printf(MSG_DEBUG
, "FT: R0KH-ID in FTIE did not match with "
608 "the current R0KH-ID");
609 wpa_hexdump(MSG_DEBUG
, "FT: R0KH-ID in FTIE",
610 parse
.r0kh_id
, parse
.r0kh_id_len
);
611 wpa_hexdump(MSG_DEBUG
, "FT: The current R0KH-ID",
612 sm
->r0kh_id
, sm
->r0kh_id_len
);
616 if (parse
.r1kh_id
== NULL
) {
617 wpa_printf(MSG_DEBUG
, "FT: No R1KH-ID subelem in FTIE");
621 if (parse
.rsn_pmkid
== NULL
||
622 os_memcmp_const(parse
.rsn_pmkid
, sm
->pmk_r0_name
, WPA_PMK_NAME_LEN
))
624 wpa_printf(MSG_DEBUG
, "FT: No matching PMKR0Name (PMKID) in "
629 if (sm
->mfp
== 2 && !(parse
.rsn_capab
& WPA_CAPABILITY_MFPC
)) {
631 "FT: Target AP does not support PMF, but local configuration requires that");
635 os_memcpy(sm
->r1kh_id
, parse
.r1kh_id
, FT_R1KH_ID_LEN
);
636 wpa_hexdump(MSG_DEBUG
, "FT: R1KH-ID", sm
->r1kh_id
, FT_R1KH_ID_LEN
);
637 wpa_hexdump(MSG_DEBUG
, "FT: SNonce", sm
->snonce
, WPA_NONCE_LEN
);
638 wpa_hexdump(MSG_DEBUG
, "FT: ANonce", anonce
, WPA_NONCE_LEN
);
639 os_memcpy(sm
->anonce
, anonce
, WPA_NONCE_LEN
);
640 if (wpa_derive_pmk_r1(sm
->pmk_r0
, sm
->pmk_r0_len
, sm
->pmk_r0_name
,
641 sm
->r1kh_id
, sm
->own_addr
, sm
->pmk_r1
,
642 sm
->pmk_r1_name
) < 0)
644 sm
->pmk_r1_len
= sm
->pmk_r0_len
;
645 wpa_hexdump_key(MSG_DEBUG
, "FT: PMK-R1", sm
->pmk_r1
, sm
->pmk_r1_len
);
646 wpa_hexdump(MSG_DEBUG
, "FT: PMKR1Name",
647 sm
->pmk_r1_name
, WPA_PMK_NAME_LEN
);
650 if (wpa_pmk_r1_to_ptk(sm
->pmk_r1
, sm
->pmk_r1_len
, sm
->snonce
,
651 anonce
, sm
->own_addr
, bssid
,
652 sm
->pmk_r1_name
, &sm
->ptk
, ptk_name
, sm
->key_mgmt
,
653 sm
->pairwise_cipher
) < 0)
656 if (wpa_key_mgmt_fils(sm
->key_mgmt
)) {
658 kck_len
= sm
->ptk
.kck2_len
;
661 kck_len
= sm
->ptk
.kck_len
;
663 ft_ies
= wpa_ft_gen_req_ies(sm
, &ft_ies_len
, anonce
,
666 ric_ies
, ric_ies_len
,
667 parse
.mdie
? parse
.mdie
- 2 : NULL
,
670 wpa_sm_update_ft_ies(sm
, sm
->mobility_domain
,
675 wpa_sm_mark_authenticated(sm
, bssid
);
676 ret
= wpa_ft_install_ptk(sm
, bssid
);
679 * Some drivers do not support key configuration when we are
680 * not associated with the target AP. Work around this by
681 * trying again after the following reassociation gets
684 wpa_printf(MSG_DEBUG
, "FT: Failed to set PTK prior to "
685 "association - try again after reassociation");
686 sm
->set_ptk_after_assoc
= 1;
688 sm
->set_ptk_after_assoc
= 0;
690 sm
->ft_completed
= 1;
693 * The caller is expected trigger re-association with the
696 os_memcpy(sm
->bssid
, target_ap
, ETH_ALEN
);
703 int wpa_ft_is_completed(struct wpa_sm
*sm
)
708 if (!wpa_key_mgmt_ft(sm
->key_mgmt
))
711 return sm
->ft_completed
;
715 void wpa_reset_ft_completed(struct wpa_sm
*sm
)
718 sm
->ft_completed
= 0;
722 static int wpa_ft_process_gtk_subelem(struct wpa_sm
*sm
, const u8
*gtk_elem
,
728 size_t gtk_len
, keylen
, rsc_len
;
732 if (wpa_key_mgmt_fils(sm
->key_mgmt
)) {
734 kek_len
= sm
->ptk
.kek2_len
;
737 kek_len
= sm
->ptk
.kek_len
;
740 if (gtk_elem
== NULL
) {
741 wpa_printf(MSG_DEBUG
, "FT: No GTK included in FTIE");
745 wpa_hexdump_key(MSG_DEBUG
, "FT: Received GTK in Reassoc Resp",
746 gtk_elem
, gtk_elem_len
);
748 if (gtk_elem_len
< 11 + 24 || (gtk_elem_len
- 11) % 8 ||
749 gtk_elem_len
- 19 > sizeof(gtk
)) {
750 wpa_printf(MSG_DEBUG
, "FT: Invalid GTK sub-elem "
751 "length %lu", (unsigned long) gtk_elem_len
);
754 gtk_len
= gtk_elem_len
- 19;
755 if (aes_unwrap(kek
, kek_len
, gtk_len
/ 8, gtk_elem
+ 11, gtk
)) {
756 wpa_printf(MSG_WARNING
, "FT: AES unwrap failed - could not "
761 keylen
= wpa_cipher_key_len(sm
->group_cipher
);
762 rsc_len
= wpa_cipher_rsc_len(sm
->group_cipher
);
763 alg
= wpa_cipher_to_alg(sm
->group_cipher
);
764 if (alg
== WPA_ALG_NONE
) {
765 wpa_printf(MSG_WARNING
, "WPA: Unsupported Group Cipher %d",
770 if (gtk_len
< keylen
) {
771 wpa_printf(MSG_DEBUG
, "FT: Too short GTK in FTIE");
775 /* Key Info[2] | Key Length[1] | RSC[8] | Key[5..32]. */
777 keyidx
= WPA_GET_LE16(gtk_elem
) & 0x03;
779 if (gtk_elem
[2] != keylen
) {
780 wpa_printf(MSG_DEBUG
, "FT: GTK length mismatch: received %d "
782 gtk_elem
[2], (unsigned long) keylen
);
786 wpa_hexdump_key(MSG_DEBUG
, "FT: GTK from Reassoc Resp", gtk
, keylen
);
787 if (sm
->group_cipher
== WPA_CIPHER_TKIP
) {
788 /* Swap Tx/Rx keys for Michael MIC */
790 os_memcpy(tmp
, gtk
+ 16, 8);
791 os_memcpy(gtk
+ 16, gtk
+ 24, 8);
792 os_memcpy(gtk
+ 24, tmp
, 8);
794 if (wpa_sm_set_key(sm
, alg
, broadcast_ether_addr
, keyidx
, 0,
795 gtk_elem
+ 3, rsc_len
, gtk
, keylen
,
796 KEY_FLAG_GROUP_RX
) < 0) {
797 wpa_printf(MSG_WARNING
, "WPA: Failed to set GTK to the "
806 static int wpa_ft_process_igtk_subelem(struct wpa_sm
*sm
, const u8
*igtk_elem
,
807 size_t igtk_elem_len
)
809 u8 igtk
[WPA_IGTK_MAX_LEN
];
815 if (wpa_key_mgmt_fils(sm
->key_mgmt
)) {
817 kek_len
= sm
->ptk
.kek2_len
;
820 kek_len
= sm
->ptk
.kek_len
;
823 if (sm
->mgmt_group_cipher
!= WPA_CIPHER_AES_128_CMAC
&&
824 sm
->mgmt_group_cipher
!= WPA_CIPHER_BIP_GMAC_128
&&
825 sm
->mgmt_group_cipher
!= WPA_CIPHER_BIP_GMAC_256
&&
826 sm
->mgmt_group_cipher
!= WPA_CIPHER_BIP_CMAC_256
)
829 if (igtk_elem
== NULL
) {
830 wpa_printf(MSG_DEBUG
, "FT: No IGTK included in FTIE");
834 wpa_hexdump_key(MSG_DEBUG
, "FT: Received IGTK in Reassoc Resp",
835 igtk_elem
, igtk_elem_len
);
837 igtk_len
= wpa_cipher_key_len(sm
->mgmt_group_cipher
);
838 if (igtk_elem_len
!= 2 + 6 + 1 + igtk_len
+ 8) {
839 wpa_printf(MSG_DEBUG
, "FT: Invalid IGTK sub-elem "
840 "length %lu", (unsigned long) igtk_elem_len
);
843 if (igtk_elem
[8] != igtk_len
) {
844 wpa_printf(MSG_DEBUG
, "FT: Invalid IGTK sub-elem Key Length "
849 if (aes_unwrap(kek
, kek_len
, igtk_len
/ 8, igtk_elem
+ 9, igtk
)) {
850 wpa_printf(MSG_WARNING
, "FT: AES unwrap failed - could not "
855 /* KeyID[2] | IPN[6] | Key Length[1] | Key[16+8] */
857 keyidx
= WPA_GET_LE16(igtk_elem
);
859 wpa_hexdump_key(MSG_DEBUG
, "FT: IGTK from Reassoc Resp", igtk
,
861 if (wpa_sm_set_key(sm
, wpa_cipher_to_alg(sm
->mgmt_group_cipher
),
862 broadcast_ether_addr
, keyidx
, 0,
863 igtk_elem
+ 2, 6, igtk
, igtk_len
,
864 KEY_FLAG_GROUP_RX
) < 0) {
865 wpa_printf(MSG_WARNING
, "WPA: Failed to set IGTK to the "
867 forced_memzero(igtk
, sizeof(igtk
));
870 forced_memzero(igtk
, sizeof(igtk
));
876 static int wpa_ft_process_bigtk_subelem(struct wpa_sm
*sm
, const u8
*bigtk_elem
,
877 size_t bigtk_elem_len
)
879 u8 bigtk
[WPA_BIGTK_MAX_LEN
];
885 if (!sm
->beacon_prot
|| !bigtk_elem
||
886 (sm
->mgmt_group_cipher
!= WPA_CIPHER_AES_128_CMAC
&&
887 sm
->mgmt_group_cipher
!= WPA_CIPHER_BIP_GMAC_128
&&
888 sm
->mgmt_group_cipher
!= WPA_CIPHER_BIP_GMAC_256
&&
889 sm
->mgmt_group_cipher
!= WPA_CIPHER_BIP_CMAC_256
))
892 if (wpa_key_mgmt_fils(sm
->key_mgmt
)) {
894 kek_len
= sm
->ptk
.kek2_len
;
897 kek_len
= sm
->ptk
.kek_len
;
900 wpa_hexdump_key(MSG_DEBUG
, "FT: Received BIGTK in Reassoc Resp",
901 bigtk_elem
, bigtk_elem_len
);
903 bigtk_len
= wpa_cipher_key_len(sm
->mgmt_group_cipher
);
904 if (bigtk_elem_len
!= 2 + 6 + 1 + bigtk_len
+ 8) {
905 wpa_printf(MSG_DEBUG
,
906 "FT: Invalid BIGTK sub-elem length %lu",
907 (unsigned long) bigtk_elem_len
);
910 if (bigtk_elem
[8] != bigtk_len
) {
911 wpa_printf(MSG_DEBUG
,
912 "FT: Invalid BIGTK sub-elem Key Length %d",
917 if (aes_unwrap(kek
, kek_len
, bigtk_len
/ 8, bigtk_elem
+ 9, bigtk
)) {
918 wpa_printf(MSG_WARNING
,
919 "FT: AES unwrap failed - could not decrypt BIGTK");
923 /* KeyID[2] | IPN[6] | Key Length[1] | Key[16+8] */
925 keyidx
= WPA_GET_LE16(bigtk_elem
);
927 wpa_hexdump_key(MSG_DEBUG
, "FT: BIGTK from Reassoc Resp", bigtk
,
929 if (wpa_sm_set_key(sm
, wpa_cipher_to_alg(sm
->mgmt_group_cipher
),
930 broadcast_ether_addr
, keyidx
, 0,
931 bigtk_elem
+ 2, 6, bigtk
, bigtk_len
,
932 KEY_FLAG_GROUP_RX
) < 0) {
933 wpa_printf(MSG_WARNING
,
934 "WPA: Failed to set BIGTK to the driver");
935 forced_memzero(bigtk
, sizeof(bigtk
));
938 forced_memzero(bigtk
, sizeof(bigtk
));
944 int wpa_ft_validate_reassoc_resp(struct wpa_sm
*sm
, const u8
*ies
,
945 size_t ies_len
, const u8
*src_addr
)
947 struct wpa_ft_ies parse
;
948 struct rsn_mdie
*mdie
;
950 u8 mic
[WPA_EAPOL_KEY_MIC_MAX_LEN
];
953 int use_sha384
= wpa_key_mgmt_sha384(sm
->key_mgmt
);
954 const u8
*anonce
, *snonce
, *fte_mic
;
956 int own_rsnxe_used
, rsnxe_used
;
958 wpa_hexdump(MSG_DEBUG
, "FT: Response IEs", ies
, ies_len
);
960 if (!wpa_key_mgmt_ft(sm
->key_mgmt
)) {
961 wpa_printf(MSG_DEBUG
, "FT: Reject FT IEs since FT is not "
962 "enabled for this connection");
966 if (sm
->ft_reassoc_completed
) {
967 wpa_printf(MSG_DEBUG
, "FT: Reassociation has already been completed for this FT protocol instance - ignore unexpected retransmission");
971 if (wpa_ft_parse_ies(ies
, ies_len
, &parse
, use_sha384
) < 0) {
972 wpa_printf(MSG_DEBUG
, "FT: Failed to parse IEs");
976 mdie
= (struct rsn_mdie
*) parse
.mdie
;
977 if (mdie
== NULL
|| parse
.mdie_len
< sizeof(*mdie
) ||
978 os_memcmp(mdie
->mobility_domain
, sm
->mobility_domain
,
979 MOBILITY_DOMAIN_ID_LEN
) != 0) {
980 wpa_printf(MSG_DEBUG
, "FT: Invalid MDIE");
985 struct rsn_ftie_sha384
*ftie
;
987 ftie
= (struct rsn_ftie_sha384
*) parse
.ftie
;
988 if (!ftie
|| parse
.ftie_len
< sizeof(*ftie
)) {
989 wpa_printf(MSG_DEBUG
, "FT: Invalid FTIE");
993 anonce
= ftie
->anonce
;
994 snonce
= ftie
->snonce
;
995 rsnxe_used
= ftie
->mic_control
[0] & 0x01;
996 fte_elem_count
= ftie
->mic_control
[1];
999 struct rsn_ftie
*ftie
;
1001 ftie
= (struct rsn_ftie
*) parse
.ftie
;
1002 if (!ftie
|| parse
.ftie_len
< sizeof(*ftie
)) {
1003 wpa_printf(MSG_DEBUG
, "FT: Invalid FTIE");
1007 anonce
= ftie
->anonce
;
1008 snonce
= ftie
->snonce
;
1009 rsnxe_used
= ftie
->mic_control
[0] & 0x01;
1010 fte_elem_count
= ftie
->mic_control
[1];
1011 fte_mic
= ftie
->mic
;
1014 if (os_memcmp(snonce
, sm
->snonce
, WPA_NONCE_LEN
) != 0) {
1015 wpa_printf(MSG_DEBUG
, "FT: SNonce mismatch in FTIE");
1016 wpa_hexdump(MSG_DEBUG
, "FT: Received SNonce",
1017 snonce
, WPA_NONCE_LEN
);
1018 wpa_hexdump(MSG_DEBUG
, "FT: Expected SNonce",
1019 sm
->snonce
, WPA_NONCE_LEN
);
1023 if (os_memcmp(anonce
, sm
->anonce
, WPA_NONCE_LEN
) != 0) {
1024 wpa_printf(MSG_DEBUG
, "FT: ANonce mismatch in FTIE");
1025 wpa_hexdump(MSG_DEBUG
, "FT: Received ANonce",
1026 anonce
, WPA_NONCE_LEN
);
1027 wpa_hexdump(MSG_DEBUG
, "FT: Expected ANonce",
1028 sm
->anonce
, WPA_NONCE_LEN
);
1032 if (parse
.r0kh_id
== NULL
) {
1033 wpa_printf(MSG_DEBUG
, "FT: No R0KH-ID subelem in FTIE");
1037 if (parse
.r0kh_id_len
!= sm
->r0kh_id_len
||
1038 os_memcmp_const(parse
.r0kh_id
, sm
->r0kh_id
, parse
.r0kh_id_len
) != 0)
1040 wpa_printf(MSG_DEBUG
, "FT: R0KH-ID in FTIE did not match with "
1041 "the current R0KH-ID");
1042 wpa_hexdump(MSG_DEBUG
, "FT: R0KH-ID in FTIE",
1043 parse
.r0kh_id
, parse
.r0kh_id_len
);
1044 wpa_hexdump(MSG_DEBUG
, "FT: The current R0KH-ID",
1045 sm
->r0kh_id
, sm
->r0kh_id_len
);
1049 if (parse
.r1kh_id
== NULL
) {
1050 wpa_printf(MSG_DEBUG
, "FT: No R1KH-ID subelem in FTIE");
1054 if (os_memcmp_const(parse
.r1kh_id
, sm
->r1kh_id
, FT_R1KH_ID_LEN
) != 0) {
1055 wpa_printf(MSG_DEBUG
, "FT: Unknown R1KH-ID used in "
1060 if (parse
.rsn_pmkid
== NULL
||
1061 os_memcmp_const(parse
.rsn_pmkid
, sm
->pmk_r1_name
, WPA_PMK_NAME_LEN
))
1063 wpa_printf(MSG_DEBUG
, "FT: No matching PMKR1Name (PMKID) in "
1064 "RSNIE (pmkid=%d)", !!parse
.rsn_pmkid
);
1070 count
+= ieee802_11_ie_count(parse
.ric
, parse
.ric_len
);
1073 if (fte_elem_count
!= count
) {
1074 wpa_printf(MSG_DEBUG
, "FT: Unexpected IE count in MIC "
1075 "Control: received %u expected %u",
1076 fte_elem_count
, count
);
1080 if (wpa_key_mgmt_fils(sm
->key_mgmt
)) {
1082 kck_len
= sm
->ptk
.kck2_len
;
1085 kck_len
= sm
->ptk
.kck_len
;
1088 if (wpa_ft_mic(kck
, kck_len
, sm
->own_addr
, src_addr
, 6,
1089 parse
.mdie
- 2, parse
.mdie_len
+ 2,
1090 parse
.ftie
- 2, parse
.ftie_len
+ 2,
1091 parse
.rsn
- 2, parse
.rsn_len
+ 2,
1092 parse
.ric
, parse
.ric_len
,
1093 parse
.rsnxe
? parse
.rsnxe
- 2 : NULL
,
1094 parse
.rsnxe
? parse
.rsnxe_len
+ 2 : 0,
1096 wpa_printf(MSG_DEBUG
, "FT: Failed to calculate MIC");
1100 if (os_memcmp_const(mic
, fte_mic
, 16) != 0) {
1101 wpa_printf(MSG_DEBUG
, "FT: Invalid MIC in FTIE");
1102 wpa_hexdump(MSG_MSGDUMP
, "FT: Received MIC", fte_mic
, 16);
1103 wpa_hexdump(MSG_MSGDUMP
, "FT: Calculated MIC", mic
, 16);
1107 if (rsnxe_used
&& !sm
->ap_rsnxe
) {
1108 wpa_printf(MSG_INFO
,
1109 "FT: FTE indicated that AP uses RSNXE, but RSNXE was not included in Beacon/Probe Response frames");
1113 if (!sm
->ap_rsn_ie
) {
1114 wpa_dbg(sm
->ctx
->msg_ctx
, MSG_DEBUG
,
1115 "FT: No RSNE for this AP known - trying to get from scan results");
1116 if (wpa_sm_get_beacon_ie(sm
) < 0) {
1117 wpa_msg(sm
->ctx
->msg_ctx
, MSG_WARNING
,
1118 "FT: Could not find AP from the scan results");
1121 wpa_msg(sm
->ctx
->msg_ctx
, MSG_DEBUG
,
1122 "FT: Found the current AP from updated scan results");
1125 if (sm
->ap_rsn_ie
&&
1126 wpa_compare_rsn_ie(wpa_key_mgmt_ft(sm
->key_mgmt
),
1127 sm
->ap_rsn_ie
, sm
->ap_rsn_ie_len
,
1128 parse
.rsn
- 2, parse
.rsn_len
+ 2)) {
1129 wpa_msg(sm
->ctx
->msg_ctx
, MSG_INFO
,
1130 "FT: RSNE mismatch between Beacon/ProbeResp and FT protocol Reassociation Response frame");
1131 wpa_hexdump(MSG_INFO
, "RSNE in Beacon/ProbeResp",
1132 sm
->ap_rsn_ie
, sm
->ap_rsn_ie_len
);
1133 wpa_hexdump(MSG_INFO
,
1134 "RSNE in FT protocol Reassociation Response frame",
1135 parse
.rsn
? parse
.rsn
- 2 : NULL
,
1136 parse
.rsn
? parse
.rsn_len
+ 2 : 0);
1140 own_rsnxe_used
= wpa_key_mgmt_sae(sm
->key_mgmt
) &&
1141 (sm
->sae_pwe
== 1 || sm
->sae_pwe
== 2);
1142 if ((sm
->ap_rsnxe
&& !parse
.rsnxe
&& own_rsnxe_used
) ||
1143 (!sm
->ap_rsnxe
&& parse
.rsnxe
) ||
1144 (sm
->ap_rsnxe
&& parse
.rsnxe
&&
1145 (sm
->ap_rsnxe_len
!= 2 + parse
.rsnxe_len
||
1146 os_memcmp(sm
->ap_rsnxe
, parse
.rsnxe
- 2,
1147 sm
->ap_rsnxe_len
) != 0))) {
1148 wpa_msg(sm
->ctx
->msg_ctx
, MSG_INFO
,
1149 "FT: RSNXE mismatch between Beacon/ProbeResp and FT protocol Reassociation Response frame");
1150 wpa_hexdump(MSG_INFO
, "RSNXE in Beacon/ProbeResp",
1151 sm
->ap_rsnxe
, sm
->ap_rsnxe_len
);
1152 wpa_hexdump(MSG_INFO
,
1153 "RSNXE in FT protocol Reassociation Response frame",
1154 parse
.rsnxe
? parse
.rsnxe
- 2 : NULL
,
1155 parse
.rsnxe
? parse
.rsnxe_len
+ 2 : 0);
1160 if (wpa_sm_ocv_enabled(sm
)) {
1161 struct wpa_channel_info ci
;
1163 if (wpa_sm_channel_info(sm
, &ci
) != 0) {
1164 wpa_printf(MSG_WARNING
,
1165 "Failed to get channel info to validate received OCI in (Re)Assoc Response");
1169 if (ocv_verify_tx_params(parse
.oci
, parse
.oci_len
, &ci
,
1170 channel_width_to_int(ci
.chanwidth
),
1171 ci
.seg1_idx
) != 0) {
1172 wpa_printf(MSG_WARNING
, "%s", ocv_errorstr
);
1176 #endif /* CONFIG_OCV */
1178 sm
->ft_reassoc_completed
= 1;
1180 if (wpa_ft_process_gtk_subelem(sm
, parse
.gtk
, parse
.gtk_len
) < 0 ||
1181 wpa_ft_process_igtk_subelem(sm
, parse
.igtk
, parse
.igtk_len
) < 0 ||
1182 wpa_ft_process_bigtk_subelem(sm
, parse
.bigtk
, parse
.bigtk_len
) < 0)
1185 if (sm
->set_ptk_after_assoc
) {
1186 wpa_printf(MSG_DEBUG
, "FT: Try to set PTK again now that we "
1188 if (wpa_ft_install_ptk(sm
, src_addr
) < 0)
1190 sm
->set_ptk_after_assoc
= 0;
1194 wpa_hexdump(MSG_MSGDUMP
, "FT: RIC Response",
1195 parse
.ric
, parse
.ric_len
);
1196 /* TODO: parse response and inform driver about results when
1197 * using wpa_supplicant SME */
1200 wpa_printf(MSG_DEBUG
, "FT: Completed successfully");
1207 * wpa_ft_start_over_ds - Generate over-the-DS auth request
1208 * @sm: Pointer to WPA state machine data from wpa_sm_init()
1209 * @target_ap: Target AP Address
1210 * @mdie: Mobility Domain IE from the target AP
1211 * Returns: 0 on success, -1 on failure
1213 int wpa_ft_start_over_ds(struct wpa_sm
*sm
, const u8
*target_ap
,
1219 wpa_printf(MSG_DEBUG
, "FT: Request over-the-DS with " MACSTR
,
1220 MAC2STR(target_ap
));
1222 /* Generate a new SNonce */
1223 if (random_get_bytes(sm
->snonce
, WPA_NONCE_LEN
)) {
1224 wpa_printf(MSG_INFO
, "FT: Failed to generate a new SNonce");
1228 ft_ies
= wpa_ft_gen_req_ies(sm
, &ft_ies_len
, NULL
, sm
->pmk_r0_name
,
1229 NULL
, 0, target_ap
, NULL
, 0, mdie
, 0);
1231 sm
->over_the_ds_in_progress
= 1;
1232 os_memcpy(sm
->target_ap
, target_ap
, ETH_ALEN
);
1233 wpa_sm_send_ft_action(sm
, 1, target_ap
, ft_ies
, ft_ies_len
);
1240 #endif /* CONFIG_IEEE80211R */