]> git.ipfire.org Git - thirdparty/hostap.git/blob - src/ap/wpa_auth_ft.c
projects / thirdparty / hostap.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
FT: SHA384-based AKM in RSNE processing
[thirdparty/hostap.git] / src / ap / wpa_auth_ft.c
1 /*
2 * hostapd - IEEE 802.11r - Fast BSS Transition
3 * Copyright (c) 2004-2018, Jouni Malinen <j@w1.fi>
4 *
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
7 */
8
9 #include "utils/includes.h"
10
11 #include "utils/common.h"
12 #include "utils/eloop.h"
13 #include "utils/list.h"
14 #include "common/ieee802_11_defs.h"
15 #include "common/ieee802_11_common.h"
16 #include "crypto/aes.h"
17 #include "crypto/aes_siv.h"
18 #include "crypto/aes_wrap.h"
19 #include "crypto/random.h"
20 #include "ap_config.h"
21 #include "ieee802_11.h"
22 #include "wmm.h"
23 #include "wpa_auth.h"
24 #include "wpa_auth_i.h"
25
26
27 #ifdef CONFIG_IEEE80211R_AP
28
29 const unsigned int ftRRBseqTimeout = 10;
30 const unsigned int ftRRBmaxQueueLen = 100;
31
32
33 static int wpa_ft_send_rrb_auth_resp(struct wpa_state_machine *sm,
34 const u8 *current_ap, const u8 *sta_addr,
35 u16 status, const u8 *resp_ies,
36 size_t resp_ies_len);
37 static void ft_finish_pull(struct wpa_state_machine *sm);
38 static void wpa_ft_expire_pull(void *eloop_ctx, void *timeout_ctx);
39 static void wpa_ft_rrb_seq_timeout(void *eloop_ctx, void *timeout_ctx);
40
41 struct tlv_list {
42 u16 type;
43 size_t len;
44 const u8 *data;
45 };
46
47
48 /**
49 * wpa_ft_rrb_decrypt - Decrypt FT RRB message
50 * @key: AES-SIV key for AEAD
51 * @key_len: Length of key in octets
52 * @enc: Pointer to encrypted TLVs
53 * @enc_len: Length of encrypted TLVs in octets
54 * @auth: Pointer to authenticated TLVs
55 * @auth_len: Length of authenticated TLVs in octets
56 * @src_addr: MAC address of the frame sender
57 * @type: Vendor-specific subtype of the RRB frame (FT_PACKET_*)
58 * @plain: Pointer to return the pointer to the allocated plaintext buffer;
59 * needs to be freed by the caller if not NULL;
60 * will only be returned on success
61 * @plain_len: Pointer to return the length of the allocated plaintext buffer
62 * in octets
63 * Returns: 0 on success, -1 on error
64 */
65 static int wpa_ft_rrb_decrypt(const u8 *key, const size_t key_len,
66 const u8 *enc, const size_t enc_len,
67 const u8 *auth, const size_t auth_len,
68 const u8 *src_addr, u8 type,
69 u8 **plain, size_t *plain_size)
70 {
71 const u8 *ad[3] = { src_addr, auth, &type };
72 size_t ad_len[3] = { ETH_ALEN, auth_len, sizeof(type) };
73
74 wpa_hexdump_key(MSG_DEBUG, "FT(RRB): decrypt using key", key, key_len);
75
76 if (!key) { /* skip decryption */
77 *plain = os_memdup(enc, enc_len);
78 if (enc_len > 0 && !*plain)
79 goto err;
80
81 *plain_size = enc_len;
82
83 return 0;
84 }
85
86 *plain = NULL;
87
88 /* SIV overhead */
89 if (enc_len < AES_BLOCK_SIZE)
90 goto err;
91
92 *plain = os_zalloc(enc_len - AES_BLOCK_SIZE);
93 if (!*plain)
94 goto err;
95
96 if (aes_siv_decrypt(key, key_len, enc, enc_len, 3, ad, ad_len,
97 *plain) < 0)
98 goto err;
99
100 *plain_size = enc_len - AES_BLOCK_SIZE;
101 wpa_hexdump_key(MSG_DEBUG, "FT(RRB): decrypted TLVs",
102 *plain, *plain_size);
103 return 0;
104 err:
105 os_free(*plain);
106 *plain = NULL;
107 *plain_size = 0;
108
109 wpa_printf(MSG_ERROR, "FT(RRB): Failed to decrypt");
110
111 return -1;
112 }
113
114
115 /* get first tlv record in packet matching type
116 * @data (decrypted) packet
117 * @return 0 on success else -1
118 */
119 static int wpa_ft_rrb_get_tlv(const u8 *plain, size_t plain_len,
120 u16 type, size_t *tlv_len, const u8 **tlv_data)
121 {
122 const struct ft_rrb_tlv *f;
123 size_t left;
124 le16 type16;
125 size_t len;
126
127 left = plain_len;
128 type16 = host_to_le16(type);
129
130 while (left >= sizeof(*f)) {
131 f = (const struct ft_rrb_tlv *) plain;
132
133 left -= sizeof(*f);
134 plain += sizeof(*f);
135 len = le_to_host16(f->len);
136
137 if (left < len) {
138 wpa_printf(MSG_DEBUG, "FT: RRB message truncated");
139 break;
140 }
141
142 if (f->type == type16) {
143 *tlv_len = len;
144 *tlv_data = plain;
145 return 0;
146 }
147
148 left -= len;
149 plain += len;
150 }
151
152 return -1;
153 }
154
155
156 static void wpa_ft_rrb_dump(const u8 *plain, const size_t plain_len)
157 {
158 const struct ft_rrb_tlv *f;
159 size_t left;
160 size_t len;
161
162 left = plain_len;
163
164 wpa_printf(MSG_DEBUG, "FT: RRB dump message");
165 while (left >= sizeof(*f)) {
166 f = (const struct ft_rrb_tlv *) plain;
167
168 left -= sizeof(*f);
169 plain += sizeof(*f);
170 len = le_to_host16(f->len);
171
172 wpa_printf(MSG_DEBUG, "FT: RRB TLV type = %d, len = %zu",
173 le_to_host16(f->type), len);
174
175 if (left < len) {
176 wpa_printf(MSG_DEBUG,
177 "FT: RRB message truncated: left %zu bytes, need %zu",
178 left, len);
179 break;
180 }
181
182 wpa_hexdump(MSG_DEBUG, "FT: RRB TLV data", plain, len);
183
184 left -= len;
185 plain += len;
186 }
187
188 if (left > 0)
189 wpa_hexdump(MSG_DEBUG, "FT: RRB TLV padding", plain, left);
190
191 wpa_printf(MSG_DEBUG, "FT: RRB dump message end");
192 }
193
194
195 static int cmp_int(const void *a, const void *b)
196 {
197 int x, y;
198
199 x = *((int *) a);
200 y = *((int *) b);
201 return x - y;
202 }
203
204
205 static int wpa_ft_rrb_get_tlv_vlan(const u8 *plain, const size_t plain_len,
206 struct vlan_description *vlan)
207 {
208 struct ft_rrb_tlv *f;
209 size_t left;
210 size_t len;
211 int taggedidx;
212 int vlan_id;
213 int type;
214
215 left = plain_len;
216 taggedidx = 0;
217 os_memset(vlan, 0, sizeof(*vlan));
218
219 while (left >= sizeof(*f)) {
220 f = (struct ft_rrb_tlv *) plain;
221
222 left -= sizeof(*f);
223 plain += sizeof(*f);
224
225 len = le_to_host16(f->len);
226 type = le_to_host16(f->type);
227
228 if (left < len) {
229 wpa_printf(MSG_DEBUG, "FT: RRB message truncated");
230 return -1;
231 }
232
233 if (type != FT_RRB_VLAN_UNTAGGED && type != FT_RRB_VLAN_TAGGED)
234 goto skip;
235
236 if (type == FT_RRB_VLAN_UNTAGGED && len != sizeof(le16)) {
237 wpa_printf(MSG_DEBUG,
238 "FT: RRB VLAN_UNTAGGED invalid length");
239 return -1;
240 }
241
242 if (type == FT_RRB_VLAN_TAGGED && len % sizeof(le16) != 0) {
243 wpa_printf(MSG_DEBUG,
244 "FT: RRB VLAN_TAGGED invalid length");
245 return -1;
246 }
247
248 while (len >= sizeof(le16)) {
249 vlan_id = WPA_GET_LE16(plain);
250 plain += sizeof(le16);
251 left -= sizeof(le16);
252 len -= sizeof(le16);
253
254 if (vlan_id <= 0 || vlan_id > MAX_VLAN_ID) {
255 wpa_printf(MSG_DEBUG,
256 "FT: RRB VLAN ID invalid %d",
257 vlan_id);
258 continue;
259 }
260
261 if (type == FT_RRB_VLAN_UNTAGGED)
262 vlan->untagged = vlan_id;
263
264 if (type == FT_RRB_VLAN_TAGGED &&
265 taggedidx < MAX_NUM_TAGGED_VLAN) {
266 vlan->tagged[taggedidx] = vlan_id;
267 taggedidx++;
268 } else if (type == FT_RRB_VLAN_TAGGED) {
269 wpa_printf(MSG_DEBUG, "FT: RRB too many VLANs");
270 }
271 }
272
273 skip:
274 left -= len;
275 plain += len;
276 }
277
278 if (taggedidx)
279 qsort(vlan->tagged, taggedidx, sizeof(int), cmp_int);
280
281 vlan->notempty = vlan->untagged || vlan->tagged[0];
282
283 return 0;
284 }
285
286
287 static size_t wpa_ft_tlv_len(const struct tlv_list *tlvs)
288 {
289 size_t tlv_len = 0;
290 int i;
291
292 if (!tlvs)
293 return 0;
294
295 for (i = 0; tlvs[i].type != FT_RRB_LAST_EMPTY; i++) {
296 tlv_len += sizeof(struct ft_rrb_tlv);
297 tlv_len += tlvs[i].len;
298 }
299
300 return tlv_len;
301 }
302
303
304 static size_t wpa_ft_tlv_lin(const struct tlv_list *tlvs, u8 *start,
305 u8 *endpos)
306 {
307 int i;
308 size_t tlv_len;
309 struct ft_rrb_tlv *hdr;
310 u8 *pos;
311
312 if (!tlvs)
313 return 0;
314
315 tlv_len = 0;
316 pos = start;
317 for (i = 0; tlvs[i].type != FT_RRB_LAST_EMPTY; i++) {
318 if (tlv_len + sizeof(*hdr) > (size_t) (endpos - start))
319 return tlv_len;
320 tlv_len += sizeof(*hdr);
321 hdr = (struct ft_rrb_tlv *) pos;
322 hdr->type = host_to_le16(tlvs[i].type);
323 hdr->len = host_to_le16(tlvs[i].len);
324 pos = start + tlv_len;
325
326 if (tlv_len + tlvs[i].len > (size_t) (endpos - start))
327 return tlv_len;
328 if (tlvs[i].len == 0)
329 continue;
330 tlv_len += tlvs[i].len;
331 os_memcpy(pos, tlvs[i].data, tlvs[i].len);
332 pos = start + tlv_len;
333 }
334
335 return tlv_len;
336 }
337
338
339 static size_t wpa_ft_vlan_len(const struct vlan_description *vlan)
340 {
341 size_t tlv_len = 0;
342 int i;
343
344 if (!vlan || !vlan->notempty)
345 return 0;
346
347 if (vlan->untagged) {
348 tlv_len += sizeof(struct ft_rrb_tlv);
349 tlv_len += sizeof(le16);
350 }
351 if (vlan->tagged[0])
352 tlv_len += sizeof(struct ft_rrb_tlv);
353 for (i = 0; i < MAX_NUM_TAGGED_VLAN && vlan->tagged[i]; i++)
354 tlv_len += sizeof(le16);
355
356 return tlv_len;
357 }
358
359
360 static size_t wpa_ft_vlan_lin(const struct vlan_description *vlan,
361 u8 *start, u8 *endpos)
362 {
363 size_t tlv_len;
364 int i, len;
365 struct ft_rrb_tlv *hdr;
366 u8 *pos = start;
367
368 if (!vlan || !vlan->notempty)
369 return 0;
370
371 tlv_len = 0;
372 if (vlan->untagged) {
373 tlv_len += sizeof(*hdr);
374 if (start + tlv_len > endpos)
375 return tlv_len;
376 hdr = (struct ft_rrb_tlv *) pos;
377 hdr->type = host_to_le16(FT_RRB_VLAN_UNTAGGED);
378 hdr->len = host_to_le16(sizeof(le16));
379 pos = start + tlv_len;
380
381 tlv_len += sizeof(le16);
382 if (start + tlv_len > endpos)
383 return tlv_len;
384 WPA_PUT_LE16(pos, vlan->untagged);
385 pos = start + tlv_len;
386 }
387
388 if (!vlan->tagged[0])
389 return tlv_len;
390
391 tlv_len += sizeof(*hdr);
392 if (start + tlv_len > endpos)
393 return tlv_len;
394 hdr = (struct ft_rrb_tlv *) pos;
395 hdr->type = host_to_le16(FT_RRB_VLAN_TAGGED);
396 len = 0; /* len is computed below */
397 pos = start + tlv_len;
398
399 for (i = 0; i < MAX_NUM_TAGGED_VLAN && vlan->tagged[i]; i++) {
400 tlv_len += sizeof(le16);
401 if (start + tlv_len > endpos)
402 break;
403 len += sizeof(le16);
404 WPA_PUT_LE16(pos, vlan->tagged[i]);
405 pos = start + tlv_len;
406 }
407
408 hdr->len = host_to_le16(len);
409
410 return tlv_len;
411 }
412
413
414 static int wpa_ft_rrb_lin(const struct tlv_list *tlvs1,
415 const struct tlv_list *tlvs2,
416 const struct vlan_description *vlan,
417 u8 **plain, size_t *plain_len)
418 {
419 u8 *pos, *endpos;
420 size_t tlv_len;
421
422 tlv_len = wpa_ft_tlv_len(tlvs1);
423 tlv_len += wpa_ft_tlv_len(tlvs2);
424 tlv_len += wpa_ft_vlan_len(vlan);
425
426 *plain_len = tlv_len;
427 *plain = os_zalloc(tlv_len);
428 if (!*plain) {
429 wpa_printf(MSG_ERROR, "FT: Failed to allocate plaintext");
430 goto err;
431 }
432
433 pos = *plain;
434 endpos = *plain + tlv_len;
435 pos += wpa_ft_tlv_lin(tlvs1, pos, endpos);
436 pos += wpa_ft_tlv_lin(tlvs2, pos, endpos);
437 pos += wpa_ft_vlan_lin(vlan, pos, endpos);
438
439 /* sanity check */
440 if (pos != endpos) {
441 wpa_printf(MSG_ERROR, "FT: Length error building RRB");
442 goto err;
443 }
444
445 return 0;
446
447 err:
448 os_free(*plain);
449 *plain = NULL;
450 *plain_len = 0;
451 return -1;
452 }
453
454
455 static int wpa_ft_rrb_encrypt(const u8 *key, const size_t key_len,
456 const u8 *plain, const size_t plain_len,
457 const u8 *auth, const size_t auth_len,
458 const u8 *src_addr, u8 type, u8 *enc)
459 {
460 const u8 *ad[3] = { src_addr, auth, &type };
461 size_t ad_len[3] = { ETH_ALEN, auth_len, sizeof(type) };
462
463 wpa_hexdump_key(MSG_DEBUG, "FT(RRB): plaintext message",
464 plain, plain_len);
465 wpa_hexdump_key(MSG_DEBUG, "FT(RRB): encrypt using key", key, key_len);
466
467 if (!key) {
468 /* encryption not needed, return plaintext as packet */
469 os_memcpy(enc, plain, plain_len);
470 } else if (aes_siv_encrypt(key, key_len, plain, plain_len,
471 3, ad, ad_len, enc) < 0) {
472 wpa_printf(MSG_ERROR, "FT: Failed to encrypt RRB-OUI message");
473 return -1;
474 }
475
476 return 0;
477 }
478
479
480 /**
481 * wpa_ft_rrb_build - Build and encrypt an FT RRB message
482 * @key: AES-SIV key for AEAD
483 * @key_len: Length of key in octets
484 * @tlvs_enc0: First set of to-be-encrypted TLVs
485 * @tlvs_enc1: Second set of to-be-encrypted TLVs
486 * @tlvs_auth: Set of to-be-authenticated TLVs
487 * @src_addr: MAC address of the frame sender
488 * @type: Vendor-specific subtype of the RRB frame (FT_PACKET_*)
489 * @packet Pointer to return the pointer to the allocated packet buffer;
490 * needs to be freed by the caller if not null;
491 * will only be returned on success
492 * @packet_len: Pointer to return the length of the allocated buffer in octets
493 * Returns: 0 on success, -1 on error
494 */
495 static int wpa_ft_rrb_build(const u8 *key, const size_t key_len,
496 const struct tlv_list *tlvs_enc0,
497 const struct tlv_list *tlvs_enc1,
498 const struct tlv_list *tlvs_auth,
499 const struct vlan_description *vlan,
500 const u8 *src_addr, u8 type,
501 u8 **packet, size_t *packet_len)
502 {
503 u8 *plain = NULL, *auth = NULL, *pos;
504 size_t plain_len = 0, auth_len = 0;
505 int ret = -1;
506
507 if (wpa_ft_rrb_lin(tlvs_enc0, tlvs_enc1, vlan, &plain, &plain_len) < 0)
508 goto out;
509
510 if (wpa_ft_rrb_lin(tlvs_auth, NULL, NULL, &auth, &auth_len) < 0)
511 goto out;
512
513 *packet_len = sizeof(u16) + auth_len + plain_len;
514 if (key)
515 *packet_len += AES_BLOCK_SIZE;
516 *packet = os_zalloc(*packet_len);
517 if (!*packet)
518 goto out;
519
520 pos = *packet;
521 WPA_PUT_LE16(pos, auth_len);
522 pos += 2;
523 os_memcpy(pos, auth, auth_len);
524 pos += auth_len;
525 if (wpa_ft_rrb_encrypt(key, key_len, plain, plain_len, auth,
526 auth_len, src_addr, type, pos) < 0)
527 goto out;
528
529 ret = 0;
530
531 out:
532 bin_clear_free(plain, plain_len);
533 os_free(auth);
534
535 if (ret) {
536 wpa_printf(MSG_ERROR, "FT: Failed to build RRB-OUI message");
537 os_free(*packet);
538 *packet = NULL;
539 *packet_len = 0;
540 }
541
542 return ret;
543 }
544
545
546 #define RRB_GET_SRC(srcfield, type, field, txt, checklength) do { \
547 if (wpa_ft_rrb_get_tlv(srcfield, srcfield##_len, type, \
548 &f_##field##_len, &f_##field) < 0 || \
549 (checklength > 0 && ((size_t) checklength) != f_##field##_len)) { \
550 wpa_printf(MSG_INFO, "FT: Missing required " #field \
551 " in %s from " MACSTR, txt, MAC2STR(src_addr)); \
552 wpa_ft_rrb_dump(srcfield, srcfield##_len); \
553 goto out; \
554 } \
555 } while (0)
556
557 #define RRB_GET(type, field, txt, checklength) \
558 RRB_GET_SRC(plain, type, field, txt, checklength)
559 #define RRB_GET_AUTH(type, field, txt, checklength) \
560 RRB_GET_SRC(auth, type, field, txt, checklength)
561
562 #define RRB_GET_OPTIONAL_SRC(srcfield, type, field, txt, checklength) do { \
563 if (wpa_ft_rrb_get_tlv(srcfield, srcfield##_len, type, \
564 &f_##field##_len, &f_##field) < 0 || \
565 (checklength > 0 && ((size_t) checklength) != f_##field##_len)) { \
566 wpa_printf(MSG_DEBUG, "FT: Missing optional " #field \
567 " in %s from " MACSTR, txt, MAC2STR(src_addr)); \
568 f_##field##_len = 0; \
569 f_##field = NULL; \
570 } \
571 } while (0)
572
573 #define RRB_GET_OPTIONAL(type, field, txt, checklength) \
574 RRB_GET_OPTIONAL_SRC(plain, type, field, txt, checklength)
575 #define RRB_GET_OPTIONAL_AUTH(type, field, txt, checklength) \
576 RRB_GET_OPTIONAL_SRC(auth, type, field, txt, checklength)
577
578 static int wpa_ft_rrb_send(struct wpa_authenticator *wpa_auth, const u8 *dst,
579 const u8 *data, size_t data_len)
580 {
581 if (wpa_auth->cb->send_ether == NULL)
582 return -1;
583 wpa_printf(MSG_DEBUG, "FT: RRB send to " MACSTR, MAC2STR(dst));
584 return wpa_auth->cb->send_ether(wpa_auth->cb_ctx, dst, ETH_P_RRB,
585 data, data_len);
586 }
587
588
589 static int wpa_ft_rrb_oui_send(struct wpa_authenticator *wpa_auth,
590 const u8 *dst, u8 oui_suffix,
591 const u8 *data, size_t data_len)
592 {
593 if (!wpa_auth->cb->send_oui)
594 return -1;
595 wpa_printf(MSG_DEBUG, "FT: RRB-OUI type %u send to " MACSTR,
596 oui_suffix, MAC2STR(dst));
597 return wpa_auth->cb->send_oui(wpa_auth->cb_ctx, dst, oui_suffix, data,
598 data_len);
599 }
600
601
602 static int wpa_ft_action_send(struct wpa_authenticator *wpa_auth,
603 const u8 *dst, const u8 *data, size_t data_len)
604 {
605 if (wpa_auth->cb->send_ft_action == NULL)
606 return -1;
607 return wpa_auth->cb->send_ft_action(wpa_auth->cb_ctx, dst,
608 data, data_len);
609 }
610
611
612 static const u8 * wpa_ft_get_psk(struct wpa_authenticator *wpa_auth,
613 const u8 *addr, const u8 *p2p_dev_addr,
614 const u8 *prev_psk)
615 {
616 if (wpa_auth->cb->get_psk == NULL)
617 return NULL;
618 return wpa_auth->cb->get_psk(wpa_auth->cb_ctx, addr, p2p_dev_addr,
619 prev_psk, NULL);
620 }
621
622
623 static struct wpa_state_machine *
624 wpa_ft_add_sta(struct wpa_authenticator *wpa_auth, const u8 *sta_addr)
625 {
626 if (wpa_auth->cb->add_sta == NULL)
627 return NULL;
628 return wpa_auth->cb->add_sta(wpa_auth->cb_ctx, sta_addr);
629 }
630
631
632 static int wpa_ft_set_vlan(struct wpa_authenticator *wpa_auth,
633 const u8 *sta_addr, struct vlan_description *vlan)
634 {
635 if (!wpa_auth->cb->set_vlan)
636 return -1;
637 return wpa_auth->cb->set_vlan(wpa_auth->cb_ctx, sta_addr, vlan);
638 }
639
640
641 static int wpa_ft_get_vlan(struct wpa_authenticator *wpa_auth,
642 const u8 *sta_addr, struct vlan_description *vlan)
643 {
644 if (!wpa_auth->cb->get_vlan)
645 return -1;
646 return wpa_auth->cb->get_vlan(wpa_auth->cb_ctx, sta_addr, vlan);
647 }
648
649
650 static int
651 wpa_ft_set_identity(struct wpa_authenticator *wpa_auth, const u8 *sta_addr,
652 const u8 *identity, size_t identity_len)
653 {
654 if (!wpa_auth->cb->set_identity)
655 return -1;
656 return wpa_auth->cb->set_identity(wpa_auth->cb_ctx, sta_addr, identity,
657 identity_len);
658 }
659
660
661 static size_t
662 wpa_ft_get_identity(struct wpa_authenticator *wpa_auth, const u8 *sta_addr,
663 const u8 **buf)
664 {
665 *buf = NULL;
666 if (!wpa_auth->cb->get_identity)
667 return 0;
668 return wpa_auth->cb->get_identity(wpa_auth->cb_ctx, sta_addr, buf);
669 }
670
671
672 static int
673 wpa_ft_set_radius_cui(struct wpa_authenticator *wpa_auth, const u8 *sta_addr,
674 const u8 *radius_cui, size_t radius_cui_len)
675 {
676 if (!wpa_auth->cb->set_radius_cui)
677 return -1;
678 return wpa_auth->cb->set_radius_cui(wpa_auth->cb_ctx, sta_addr,
679 radius_cui, radius_cui_len);
680 }
681
682
683 static size_t
684 wpa_ft_get_radius_cui(struct wpa_authenticator *wpa_auth, const u8 *sta_addr,
685 const u8 **buf)
686 {
687 *buf = NULL;
688 if (!wpa_auth->cb->get_radius_cui)
689 return 0;
690 return wpa_auth->cb->get_radius_cui(wpa_auth->cb_ctx, sta_addr, buf);
691 }
692
693
694 static void
695 wpa_ft_set_session_timeout(struct wpa_authenticator *wpa_auth,
696 const u8 *sta_addr, int session_timeout)
697 {
698 if (!wpa_auth->cb->set_session_timeout)
699 return;
700 wpa_auth->cb->set_session_timeout(wpa_auth->cb_ctx, sta_addr,
701 session_timeout);
702 }
703
704
705 static int
706 wpa_ft_get_session_timeout(struct wpa_authenticator *wpa_auth,
707 const u8 *sta_addr)
708 {
709 if (!wpa_auth->cb->get_session_timeout)
710 return 0;
711 return wpa_auth->cb->get_session_timeout(wpa_auth->cb_ctx, sta_addr);
712 }
713
714
715 static int wpa_ft_add_tspec(struct wpa_authenticator *wpa_auth,
716 const u8 *sta_addr,
717 u8 *tspec_ie, size_t tspec_ielen)
718 {
719 if (wpa_auth->cb->add_tspec == NULL) {
720 wpa_printf(MSG_DEBUG, "FT: add_tspec is not initialized");
721 return -1;
722 }
723 return wpa_auth->cb->add_tspec(wpa_auth->cb_ctx, sta_addr, tspec_ie,
724 tspec_ielen);
725 }
726
727
728 int wpa_write_mdie(struct wpa_auth_config *conf, u8 *buf, size_t len)
729 {
730 u8 *pos = buf;
731 u8 capab;
732 if (len < 2 + sizeof(struct rsn_mdie))
733 return -1;
734
735 *pos++ = WLAN_EID_MOBILITY_DOMAIN;
736 *pos++ = MOBILITY_DOMAIN_ID_LEN + 1;
737 os_memcpy(pos, conf->mobility_domain, MOBILITY_DOMAIN_ID_LEN);
738 pos += MOBILITY_DOMAIN_ID_LEN;
739 capab = 0;
740 if (conf->ft_over_ds)
741 capab |= RSN_FT_CAPAB_FT_OVER_DS;
742 *pos++ = capab;
743
744 return pos - buf;
745 }
746
747
748 int wpa_write_ftie(struct wpa_auth_config *conf, const u8 *r0kh_id,
749 size_t r0kh_id_len,
750 const u8 *anonce, const u8 *snonce,
751 u8 *buf, size_t len, const u8 *subelem,
752 size_t subelem_len)
753 {
754 u8 *pos = buf, *ielen;
755 struct rsn_ftie *hdr;
756
757 if (len < 2 + sizeof(*hdr) + 2 + FT_R1KH_ID_LEN + 2 + r0kh_id_len +
758 subelem_len)
759 return -1;
760
761 *pos++ = WLAN_EID_FAST_BSS_TRANSITION;
762 ielen = pos++;
763
764 hdr = (struct rsn_ftie *) pos;
765 os_memset(hdr, 0, sizeof(*hdr));
766 pos += sizeof(*hdr);
767 WPA_PUT_LE16(hdr->mic_control, 0);
768 if (anonce)
769 os_memcpy(hdr->anonce, anonce, WPA_NONCE_LEN);
770 if (snonce)
771 os_memcpy(hdr->snonce, snonce, WPA_NONCE_LEN);
772
773 /* Optional Parameters */
774 *pos++ = FTIE_SUBELEM_R1KH_ID;
775 *pos++ = FT_R1KH_ID_LEN;
776 os_memcpy(pos, conf->r1_key_holder, FT_R1KH_ID_LEN);
777 pos += FT_R1KH_ID_LEN;
778
779 if (r0kh_id) {
780 *pos++ = FTIE_SUBELEM_R0KH_ID;
781 *pos++ = r0kh_id_len;
782 os_memcpy(pos, r0kh_id, r0kh_id_len);
783 pos += r0kh_id_len;
784 }
785
786 if (subelem) {
787 os_memcpy(pos, subelem, subelem_len);
788 pos += subelem_len;
789 }
790
791 *ielen = pos - buf - 2;
792
793 return pos - buf;
794 }
795
796
797 /* A packet to be handled after seq response */
798 struct ft_remote_item {
799 struct dl_list list;
800
801 u8 nonce[FT_RRB_NONCE_LEN];
802 struct os_reltime nonce_ts;
803
804 u8 src_addr[ETH_ALEN];
805 u8 *enc;
806 size_t enc_len;
807 u8 *auth;
808 size_t auth_len;
809 int (*cb)(struct wpa_authenticator *wpa_auth,
810 const u8 *src_addr,
811 const u8 *enc, size_t enc_len,
812 const u8 *auth, size_t auth_len,
813 int no_defer);
814 };
815
816
817 static void wpa_ft_rrb_seq_free(struct ft_remote_item *item)
818 {
819 eloop_cancel_timeout(wpa_ft_rrb_seq_timeout, ELOOP_ALL_CTX, item);
820 dl_list_del(&item->list);
821 bin_clear_free(item->enc, item->enc_len);
822 os_free(item->auth);
823 os_free(item);
824 }
825
826
827 static void wpa_ft_rrb_seq_flush(struct wpa_authenticator *wpa_auth,
828 struct ft_remote_seq *rkh_seq, int cb)
829 {
830 struct ft_remote_item *item, *n;
831
832 dl_list_for_each_safe(item, n, &rkh_seq->rx.queue,
833 struct ft_remote_item, list) {
834 if (cb && item->cb)
835 item->cb(wpa_auth, item->src_addr, item->enc,
836 item->enc_len, item->auth, item->auth_len, 1);
837 wpa_ft_rrb_seq_free(item);
838 }
839 }
840
841
842 static void wpa_ft_rrb_seq_timeout(void *eloop_ctx, void *timeout_ctx)
843 {
844 struct ft_remote_item *item = timeout_ctx;
845
846 wpa_ft_rrb_seq_free(item);
847 }
848
849
850 static int
851 wpa_ft_rrb_seq_req(struct wpa_authenticator *wpa_auth,
852 struct ft_remote_seq *rkh_seq, const u8 *src_addr,
853 const u8 *f_r0kh_id, size_t f_r0kh_id_len,
854 const u8 *f_r1kh_id, const u8 *key, size_t key_len,
855 const u8 *enc, size_t enc_len,
856 const u8 *auth, size_t auth_len,
857 int (*cb)(struct wpa_authenticator *wpa_auth,
858 const u8 *src_addr,
859 const u8 *enc, size_t enc_len,
860 const u8 *auth, size_t auth_len,
861 int no_defer))
862 {
863 struct ft_remote_item *item = NULL;
864 u8 *packet = NULL;
865 size_t packet_len;
866 struct tlv_list seq_req_auth[] = {
867 { .type = FT_RRB_NONCE, .len = FT_RRB_NONCE_LEN,
868 .data = NULL /* to be filled: item->nonce */ },
869 { .type = FT_RRB_R0KH_ID, .len = f_r0kh_id_len,
870 .data = f_r0kh_id },
871 { .type = FT_RRB_R1KH_ID, .len = FT_R1KH_ID_LEN,
872 .data = f_r1kh_id },
873 { .type = FT_RRB_LAST_EMPTY, .len = 0, .data = NULL },
874 };
875
876 if (dl_list_len(&rkh_seq->rx.queue) >= ftRRBmaxQueueLen) {
877 wpa_printf(MSG_DEBUG, "FT: Sequence number queue too long");
878 goto err;
879 }
880
881 item = os_zalloc(sizeof(*item));
882 if (!item)
883 goto err;
884
885 os_memcpy(item->src_addr, src_addr, ETH_ALEN);
886 item->cb = cb;
887
888 if (random_get_bytes(item->nonce, FT_RRB_NONCE_LEN) < 0) {
889 wpa_printf(MSG_DEBUG, "FT: Seq num nonce: out of random bytes");
890 goto err;
891 }
892
893 if (os_get_reltime(&item->nonce_ts) < 0)
894 goto err;
895
896 if (enc && enc_len > 0) {
897 item->enc = os_memdup(enc, enc_len);
898 item->enc_len = enc_len;
899 if (!item->enc)
900 goto err;
901 }
902
903 if (auth && auth_len > 0) {
904 item->auth = os_memdup(auth, auth_len);
905 item->auth_len = auth_len;
906 if (!item->auth)
907 goto err;
908 }
909
910 eloop_register_timeout(ftRRBseqTimeout, 0, wpa_ft_rrb_seq_timeout,
911 wpa_auth, item);
912
913 seq_req_auth[0].data = item->nonce;
914
915 if (wpa_ft_rrb_build(key, key_len, NULL, NULL, seq_req_auth, NULL,
916 wpa_auth->addr, FT_PACKET_R0KH_R1KH_SEQ_REQ,
917 &packet, &packet_len) < 0) {
918 item = NULL; /* some other seq resp might still accept this */
919 goto err;
920 }
921
922 dl_list_add(&rkh_seq->rx.queue, &item->list);
923
924 wpa_ft_rrb_oui_send(wpa_auth, src_addr, FT_PACKET_R0KH_R1KH_SEQ_REQ,
925 packet, packet_len);
926
927 os_free(packet);
928
929 return 0;
930 err:
931 wpa_printf(MSG_DEBUG, "FT: Failed to send sequence number request");
932 if (item) {
933 os_free(item->auth);
934 bin_clear_free(item->enc, item->enc_len);
935 os_free(item);
936 }
937
938 return -1;
939 }
940
941
942 #define FT_RRB_SEQ_OK 0
943 #define FT_RRB_SEQ_DROP 1
944 #define FT_RRB_SEQ_DEFER 2
945
946 static int
947 wpa_ft_rrb_seq_chk(struct ft_remote_seq *rkh_seq, const u8 *src_addr,
948 const u8 *enc, size_t enc_len,
949 const u8 *auth, size_t auth_len,
950 const char *msgtype, int no_defer)
951 {
952 const u8 *f_seq;
953 size_t f_seq_len;
954 const struct ft_rrb_seq *msg_both;
955 u32 msg_seq, msg_off, rkh_off;
956 struct os_reltime now;
957 unsigned int i;
958
959 RRB_GET_AUTH(FT_RRB_SEQ, seq, msgtype, sizeof(*msg_both));
960 wpa_hexdump(MSG_DEBUG, "FT: sequence number", f_seq, f_seq_len);
961 msg_both = (const struct ft_rrb_seq *) f_seq;
962
963 if (rkh_seq->rx.num_last == 0) {
964 /* first packet from remote */
965 goto defer;
966 }
967
968 if (le_to_host32(msg_both->dom) != rkh_seq->rx.dom) {
969 /* remote might have rebooted */
970 goto defer;
971 }
972
973 if (os_get_reltime(&now) == 0) {
974 u32 msg_ts_now_remote, msg_ts_off;
975 struct os_reltime now_remote;
976
977 os_reltime_sub(&now, &rkh_seq->rx.time_offset, &now_remote);
978 msg_ts_now_remote = now_remote.sec;
979 msg_ts_off = le_to_host32(msg_both->ts) -
980 (msg_ts_now_remote - ftRRBseqTimeout);
981 if (msg_ts_off > 2 * ftRRBseqTimeout)
982 goto defer;
983 }
984
985 msg_seq = le_to_host32(msg_both->seq);
986 rkh_off = rkh_seq->rx.last[rkh_seq->rx.offsetidx];
987 msg_off = msg_seq - rkh_off;
988 if (msg_off > 0xC0000000)
989 goto out; /* too old message, drop it */
990
991 if (msg_off <= 0x40000000) {
992 for (i = 0; i < rkh_seq->rx.num_last; i++) {
993 if (rkh_seq->rx.last[i] == msg_seq)
994 goto out; /* duplicate message, drop it */
995 }
996
997 return FT_RRB_SEQ_OK;
998 }
999
1000 defer:
1001 if (no_defer)
1002 goto out;
1003
1004 wpa_printf(MSG_DEBUG, "FT: Possibly invalid sequence number in %s from "
1005 MACSTR, msgtype, MAC2STR(src_addr));
1006
1007 return FT_RRB_SEQ_DEFER;
1008 out:
1009 wpa_printf(MSG_DEBUG, "FT: Invalid sequence number in %s from " MACSTR,
1010 msgtype, MAC2STR(src_addr));
1011
1012 return FT_RRB_SEQ_DROP;
1013 }
1014
1015
1016 static void
1017 wpa_ft_rrb_seq_accept(struct wpa_authenticator *wpa_auth,
1018 struct ft_remote_seq *rkh_seq, const u8 *src_addr,
1019 const u8 *auth, size_t auth_len,
1020 const char *msgtype)
1021 {
1022 const u8 *f_seq;
1023 size_t f_seq_len;
1024 const struct ft_rrb_seq *msg_both;
1025 u32 msg_seq, msg_off, min_off, rkh_off;
1026 int minidx = 0;
1027 unsigned int i;
1028
1029 RRB_GET_AUTH(FT_RRB_SEQ, seq, msgtype, sizeof(*msg_both));
1030 msg_both = (const struct ft_rrb_seq *) f_seq;
1031
1032 msg_seq = le_to_host32(msg_both->seq);
1033
1034 if (rkh_seq->rx.num_last < FT_REMOTE_SEQ_BACKLOG) {
1035 rkh_seq->rx.last[rkh_seq->rx.num_last] = msg_seq;
1036 rkh_seq->rx.num_last++;
1037 return;
1038 }
1039
1040 rkh_off = rkh_seq->rx.last[rkh_seq->rx.offsetidx];
1041 for (i = 0; i < rkh_seq->rx.num_last; i++) {
1042 msg_off = rkh_seq->rx.last[i] - rkh_off;
1043 min_off = rkh_seq->rx.last[minidx] - rkh_off;
1044 if (msg_off < min_off && i != rkh_seq->rx.offsetidx)
1045 minidx = i;
1046 }
1047 rkh_seq->rx.last[rkh_seq->rx.offsetidx] = msg_seq;
1048 rkh_seq->rx.offsetidx = minidx;
1049
1050 return;
1051 out:
1052 /* RRB_GET_AUTH should never fail here as
1053 * wpa_ft_rrb_seq_chk() verified FT_RRB_SEQ presence. */
1054 wpa_printf(MSG_ERROR, "FT: %s() failed", __func__);
1055 }
1056
1057
1058 static int wpa_ft_new_seq(struct ft_remote_seq *rkh_seq,
1059 struct ft_rrb_seq *f_seq)
1060 {
1061 struct os_reltime now;
1062
1063 if (os_get_reltime(&now) < 0)
1064 return -1;
1065
1066 if (!rkh_seq->tx.dom) {
1067 if (random_get_bytes((u8 *) &rkh_seq->tx.seq,
1068 sizeof(rkh_seq->tx.seq))) {
1069 wpa_printf(MSG_ERROR,
1070 "FT: Failed to get random data for sequence number initialization");
1071 rkh_seq->tx.seq = now.usec;
1072 }
1073 if (random_get_bytes((u8 *) &rkh_seq->tx.dom,
1074 sizeof(rkh_seq->tx.dom))) {
1075 wpa_printf(MSG_ERROR,
1076 "FT: Failed to get random data for sequence number initialization");
1077 rkh_seq->tx.dom = now.usec;
1078 }
1079 rkh_seq->tx.dom |= 1;
1080 }
1081
1082 f_seq->dom = host_to_le32(rkh_seq->tx.dom);
1083 f_seq->seq = host_to_le32(rkh_seq->tx.seq);
1084 f_seq->ts = host_to_le32(now.sec);
1085
1086 rkh_seq->tx.seq++;
1087
1088 return 0;
1089 }
1090
1091
1092 struct wpa_ft_pmk_r0_sa {
1093 struct dl_list list;
1094 u8 pmk_r0[PMK_LEN];
1095 u8 pmk_r0_name[WPA_PMK_NAME_LEN];
1096 u8 spa[ETH_ALEN];
1097 int pairwise; /* Pairwise cipher suite, WPA_CIPHER_* */
1098 struct vlan_description *vlan;
1099 os_time_t expiration; /* 0 for no expiration */
1100 u8 *identity;
1101 size_t identity_len;
1102 u8 *radius_cui;
1103 size_t radius_cui_len;
1104 os_time_t session_timeout; /* 0 for no expiration */
1105 /* TODO: radius_class, EAP type */
1106 int pmk_r1_pushed;
1107 };
1108
1109 struct wpa_ft_pmk_r1_sa {
1110 struct dl_list list;
1111 u8 pmk_r1[PMK_LEN];
1112 u8 pmk_r1_name[WPA_PMK_NAME_LEN];
1113 u8 spa[ETH_ALEN];
1114 int pairwise; /* Pairwise cipher suite, WPA_CIPHER_* */
1115 struct vlan_description *vlan;
1116 u8 *identity;
1117 size_t identity_len;
1118 u8 *radius_cui;
1119 size_t radius_cui_len;
1120 os_time_t session_timeout; /* 0 for no expiration */
1121 /* TODO: radius_class, EAP type */
1122 };
1123
1124 struct wpa_ft_pmk_cache {
1125 struct dl_list pmk_r0; /* struct wpa_ft_pmk_r0_sa */
1126 struct dl_list pmk_r1; /* struct wpa_ft_pmk_r1_sa */
1127 };
1128
1129
1130 static void wpa_ft_expire_pmk_r0(void *eloop_ctx, void *timeout_ctx);
1131 static void wpa_ft_expire_pmk_r1(void *eloop_ctx, void *timeout_ctx);
1132
1133
1134 static void wpa_ft_free_pmk_r0(struct wpa_ft_pmk_r0_sa *r0)
1135 {
1136 if (!r0)
1137 return;
1138
1139 dl_list_del(&r0->list);
1140 eloop_cancel_timeout(wpa_ft_expire_pmk_r0, r0, NULL);
1141
1142 os_memset(r0->pmk_r0, 0, PMK_LEN);
1143 os_free(r0->vlan);
1144 os_free(r0->identity);
1145 os_free(r0->radius_cui);
1146 os_free(r0);
1147 }
1148
1149
1150 static void wpa_ft_expire_pmk_r0(void *eloop_ctx, void *timeout_ctx)
1151 {
1152 struct wpa_ft_pmk_r0_sa *r0 = eloop_ctx;
1153 struct os_reltime now;
1154 int expires_in;
1155 int session_timeout;
1156
1157 os_get_reltime(&now);
1158
1159 if (!r0)
1160 return;
1161
1162 expires_in = r0->expiration - now.sec;
1163 session_timeout = r0->session_timeout - now.sec;
1164 /* conditions to remove from cache:
1165 * a) r0->expiration is set and hit
1166 * -or-
1167 * b) r0->session_timeout is set and hit
1168 */
1169 if ((!r0->expiration || expires_in > 0) &&
1170 (!r0->session_timeout || session_timeout > 0)) {
1171 wpa_printf(MSG_ERROR,
1172 "FT: %s() called for non-expired entry %p",
1173 __func__, r0);
1174 eloop_cancel_timeout(wpa_ft_expire_pmk_r0, r0, NULL);
1175 if (r0->expiration && expires_in > 0)
1176 eloop_register_timeout(expires_in + 1, 0,
1177 wpa_ft_expire_pmk_r0, r0, NULL);
1178 if (r0->session_timeout && session_timeout > 0)
1179 eloop_register_timeout(session_timeout + 1, 0,
1180 wpa_ft_expire_pmk_r0, r0, NULL);
1181 return;
1182 }
1183
1184 wpa_ft_free_pmk_r0(r0);
1185 }
1186
1187
1188 static void wpa_ft_free_pmk_r1(struct wpa_ft_pmk_r1_sa *r1)
1189 {
1190 if (!r1)
1191 return;
1192
1193 dl_list_del(&r1->list);
1194 eloop_cancel_timeout(wpa_ft_expire_pmk_r1, r1, NULL);
1195
1196 os_memset(r1->pmk_r1, 0, PMK_LEN);
1197 os_free(r1->vlan);
1198 os_free(r1->identity);
1199 os_free(r1->radius_cui);
1200 os_free(r1);
1201 }
1202
1203
1204 static void wpa_ft_expire_pmk_r1(void *eloop_ctx, void *timeout_ctx)
1205 {
1206 struct wpa_ft_pmk_r1_sa *r1 = eloop_ctx;
1207
1208 wpa_ft_free_pmk_r1(r1);
1209 }
1210
1211
1212 struct wpa_ft_pmk_cache * wpa_ft_pmk_cache_init(void)
1213 {
1214 struct wpa_ft_pmk_cache *cache;
1215
1216 cache = os_zalloc(sizeof(*cache));
1217 if (cache) {
1218 dl_list_init(&cache->pmk_r0);
1219 dl_list_init(&cache->pmk_r1);
1220 }
1221
1222 return cache;
1223 }
1224
1225
1226 void wpa_ft_pmk_cache_deinit(struct wpa_ft_pmk_cache *cache)
1227 {
1228 struct wpa_ft_pmk_r0_sa *r0, *r0prev;
1229 struct wpa_ft_pmk_r1_sa *r1, *r1prev;
1230
1231 dl_list_for_each_safe(r0, r0prev, &cache->pmk_r0,
1232 struct wpa_ft_pmk_r0_sa, list)
1233 wpa_ft_free_pmk_r0(r0);
1234
1235 dl_list_for_each_safe(r1, r1prev, &cache->pmk_r1,
1236 struct wpa_ft_pmk_r1_sa, list)
1237 wpa_ft_free_pmk_r1(r1);
1238
1239 os_free(cache);
1240 }
1241
1242
1243 static int wpa_ft_store_pmk_r0(struct wpa_authenticator *wpa_auth,
1244 const u8 *spa, const u8 *pmk_r0,
1245 const u8 *pmk_r0_name, int pairwise,
1246 const struct vlan_description *vlan,
1247 int expires_in, int session_timeout,
1248 const u8 *identity, size_t identity_len,
1249 const u8 *radius_cui, size_t radius_cui_len)
1250 {
1251 struct wpa_ft_pmk_cache *cache = wpa_auth->ft_pmk_cache;
1252 struct wpa_ft_pmk_r0_sa *r0;
1253 struct os_reltime now;
1254
1255 /* TODO: add limit on number of entries in cache */
1256 os_get_reltime(&now);
1257
1258 r0 = os_zalloc(sizeof(*r0));
1259 if (r0 == NULL)
1260 return -1;
1261
1262 os_memcpy(r0->pmk_r0, pmk_r0, PMK_LEN);
1263 os_memcpy(r0->pmk_r0_name, pmk_r0_name, WPA_PMK_NAME_LEN);
1264 os_memcpy(r0->spa, spa, ETH_ALEN);
1265 r0->pairwise = pairwise;
1266 if (expires_in > 0)
1267 r0->expiration = now.sec + expires_in;
1268 if (vlan && vlan->notempty) {
1269 r0->vlan = os_zalloc(sizeof(*vlan));
1270 if (!r0->vlan) {
1271 bin_clear_free(r0, sizeof(*r0));
1272 return -1;
1273 }
1274 *r0->vlan = *vlan;
1275 }
1276 if (identity) {
1277 r0->identity = os_malloc(identity_len);
1278 if (r0->identity) {
1279 os_memcpy(r0->identity, identity, identity_len);
1280 r0->identity_len = identity_len;
1281 }
1282 }
1283 if (radius_cui) {
1284 r0->radius_cui = os_malloc(radius_cui_len);
1285 if (r0->radius_cui) {
1286 os_memcpy(r0->radius_cui, radius_cui, radius_cui_len);
1287 r0->radius_cui_len = radius_cui_len;
1288 }
1289 }
1290 if (session_timeout > 0)
1291 r0->session_timeout = now.sec + session_timeout;
1292
1293 dl_list_add(&cache->pmk_r0, &r0->list);
1294 if (expires_in > 0)
1295 eloop_register_timeout(expires_in + 1, 0, wpa_ft_expire_pmk_r0,
1296 r0, NULL);
1297 if (session_timeout > 0)
1298 eloop_register_timeout(session_timeout + 1, 0,
1299 wpa_ft_expire_pmk_r0, r0, NULL);
1300
1301 return 0;
1302 }
1303
1304
1305 static int wpa_ft_fetch_pmk_r0(struct wpa_authenticator *wpa_auth,
1306 const u8 *spa, const u8 *pmk_r0_name,
1307 const struct wpa_ft_pmk_r0_sa **r0_out)
1308 {
1309 struct wpa_ft_pmk_cache *cache = wpa_auth->ft_pmk_cache;
1310 struct wpa_ft_pmk_r0_sa *r0;
1311 struct os_reltime now;
1312
1313 os_get_reltime(&now);
1314 dl_list_for_each(r0, &cache->pmk_r0, struct wpa_ft_pmk_r0_sa, list) {
1315 if (os_memcmp(r0->spa, spa, ETH_ALEN) == 0 &&
1316 os_memcmp_const(r0->pmk_r0_name, pmk_r0_name,
1317 WPA_PMK_NAME_LEN) == 0) {
1318 *r0_out = r0;
1319 return 0;
1320 }
1321 }
1322
1323 *r0_out = NULL;
1324 return -1;
1325 }
1326
1327
1328 static int wpa_ft_store_pmk_r1(struct wpa_authenticator *wpa_auth,
1329 const u8 *spa, const u8 *pmk_r1,
1330 const u8 *pmk_r1_name, int pairwise,
1331 const struct vlan_description *vlan,
1332 int expires_in, int session_timeout,
1333 const u8 *identity, size_t identity_len,
1334 const u8 *radius_cui, size_t radius_cui_len)
1335 {
1336 struct wpa_ft_pmk_cache *cache = wpa_auth->ft_pmk_cache;
1337 int max_expires_in = wpa_auth->conf.r1_max_key_lifetime;
1338 struct wpa_ft_pmk_r1_sa *r1;
1339 struct os_reltime now;
1340
1341 /* TODO: limit on number of entries in cache */
1342 os_get_reltime(&now);
1343
1344 if (max_expires_in && (max_expires_in < expires_in || expires_in == 0))
1345 expires_in = max_expires_in;
1346
1347 r1 = os_zalloc(sizeof(*r1));
1348 if (r1 == NULL)
1349 return -1;
1350
1351 os_memcpy(r1->pmk_r1, pmk_r1, PMK_LEN);
1352 os_memcpy(r1->pmk_r1_name, pmk_r1_name, WPA_PMK_NAME_LEN);
1353 os_memcpy(r1->spa, spa, ETH_ALEN);
1354 r1->pairwise = pairwise;
1355 if (vlan && vlan->notempty) {
1356 r1->vlan = os_zalloc(sizeof(*vlan));
1357 if (!r1->vlan) {
1358 bin_clear_free(r1, sizeof(*r1));
1359 return -1;
1360 }
1361 *r1->vlan = *vlan;
1362 }
1363 if (identity) {
1364 r1->identity = os_malloc(identity_len);
1365 if (r1->identity) {
1366 os_memcpy(r1->identity, identity, identity_len);
1367 r1->identity_len = identity_len;
1368 }
1369 }
1370 if (radius_cui) {
1371 r1->radius_cui = os_malloc(radius_cui_len);
1372 if (r1->radius_cui) {
1373 os_memcpy(r1->radius_cui, radius_cui, radius_cui_len);
1374 r1->radius_cui_len = radius_cui_len;
1375 }
1376 }
1377 if (session_timeout > 0)
1378 r1->session_timeout = now.sec + session_timeout;
1379
1380 dl_list_add(&cache->pmk_r1, &r1->list);
1381
1382 if (expires_in > 0)
1383 eloop_register_timeout(expires_in + 1, 0, wpa_ft_expire_pmk_r1,
1384 r1, NULL);
1385 if (session_timeout > 0)
1386 eloop_register_timeout(session_timeout + 1, 0,
1387 wpa_ft_expire_pmk_r1, r1, NULL);
1388
1389 return 0;
1390 }
1391
1392
1393 static int wpa_ft_fetch_pmk_r1(struct wpa_authenticator *wpa_auth,
1394 const u8 *spa, const u8 *pmk_r1_name,
1395 u8 *pmk_r1, int *pairwise,
1396 struct vlan_description *vlan,
1397 const u8 **identity, size_t *identity_len,
1398 const u8 **radius_cui, size_t *radius_cui_len,
1399 int *session_timeout)
1400 {
1401 struct wpa_ft_pmk_cache *cache = wpa_auth->ft_pmk_cache;
1402 struct wpa_ft_pmk_r1_sa *r1;
1403 struct os_reltime now;
1404
1405 os_get_reltime(&now);
1406
1407 dl_list_for_each(r1, &cache->pmk_r1, struct wpa_ft_pmk_r1_sa, list) {
1408 if (os_memcmp(r1->spa, spa, ETH_ALEN) == 0 &&
1409 os_memcmp_const(r1->pmk_r1_name, pmk_r1_name,
1410 WPA_PMK_NAME_LEN) == 0) {
1411 os_memcpy(pmk_r1, r1->pmk_r1, PMK_LEN);
1412 if (pairwise)
1413 *pairwise = r1->pairwise;
1414 if (vlan && r1->vlan)
1415 *vlan = *r1->vlan;
1416 if (vlan && !r1->vlan)
1417 os_memset(vlan, 0, sizeof(*vlan));
1418 if (identity && identity_len) {
1419 *identity = r1->identity;
1420 *identity_len = r1->identity_len;
1421 }
1422 if (radius_cui && radius_cui_len) {
1423 *radius_cui = r1->radius_cui;
1424 *radius_cui_len = r1->radius_cui_len;
1425 }
1426 if (session_timeout && r1->session_timeout > now.sec)
1427 *session_timeout = r1->session_timeout -
1428 now.sec;
1429 else if (session_timeout && r1->session_timeout)
1430 *session_timeout = 1;
1431 else
1432 *session_timeout = 0;
1433 return 0;
1434 }
1435 }
1436
1437 return -1;
1438 }
1439
1440
1441 static int wpa_ft_rrb_init_r0kh_seq(struct ft_remote_r0kh *r0kh)
1442 {
1443 if (r0kh->seq)
1444 return 0;
1445
1446 r0kh->seq = os_zalloc(sizeof(*r0kh->seq));
1447 if (!r0kh->seq) {
1448 wpa_printf(MSG_DEBUG, "FT: Failed to allocate r0kh->seq");
1449 return -1;
1450 }
1451
1452 dl_list_init(&r0kh->seq->rx.queue);
1453
1454 return 0;
1455 }
1456
1457
1458 static void wpa_ft_rrb_lookup_r0kh(struct wpa_authenticator *wpa_auth,
1459 const u8 *f_r0kh_id, size_t f_r0kh_id_len,
1460 struct ft_remote_r0kh **r0kh_out,
1461 struct ft_remote_r0kh **r0kh_wildcard)
1462 {
1463 struct ft_remote_r0kh *r0kh;
1464
1465 *r0kh_wildcard = NULL;
1466 *r0kh_out = NULL;
1467
1468 if (wpa_auth->conf.r0kh_list)
1469 r0kh = *wpa_auth->conf.r0kh_list;
1470 else
1471 r0kh = NULL;
1472 for (; r0kh; r0kh = r0kh->next) {
1473 if (r0kh->id_len == 1 && r0kh->id[0] == '*')
1474 *r0kh_wildcard = r0kh;
1475 if (f_r0kh_id && r0kh->id_len == f_r0kh_id_len &&
1476 os_memcmp_const(f_r0kh_id, r0kh->id, f_r0kh_id_len) == 0)
1477 *r0kh_out = r0kh;
1478 }
1479
1480 if (!*r0kh_out && !*r0kh_wildcard)
1481 wpa_printf(MSG_DEBUG, "FT: No matching R0KH found");
1482
1483 if (*r0kh_out && wpa_ft_rrb_init_r0kh_seq(*r0kh_out) < 0)
1484 *r0kh_out = NULL;
1485 }
1486
1487
1488 static int wpa_ft_rrb_init_r1kh_seq(struct ft_remote_r1kh *r1kh)
1489 {
1490 if (r1kh->seq)
1491 return 0;
1492
1493 r1kh->seq = os_zalloc(sizeof(*r1kh->seq));
1494 if (!r1kh->seq) {
1495 wpa_printf(MSG_DEBUG, "FT: Failed to allocate r1kh->seq");
1496 return -1;
1497 }
1498
1499 dl_list_init(&r1kh->seq->rx.queue);
1500
1501 return 0;
1502 }
1503
1504
1505 static void wpa_ft_rrb_lookup_r1kh(struct wpa_authenticator *wpa_auth,
1506 const u8 *f_r1kh_id,
1507 struct ft_remote_r1kh **r1kh_out,
1508 struct ft_remote_r1kh **r1kh_wildcard)
1509 {
1510 struct ft_remote_r1kh *r1kh;
1511
1512 *r1kh_wildcard = NULL;
1513 *r1kh_out = NULL;
1514
1515 if (wpa_auth->conf.r1kh_list)
1516 r1kh = *wpa_auth->conf.r1kh_list;
1517 else
1518 r1kh = NULL;
1519 for (; r1kh; r1kh = r1kh->next) {
1520 if (is_zero_ether_addr(r1kh->addr) &&
1521 is_zero_ether_addr(r1kh->id))
1522 *r1kh_wildcard = r1kh;
1523 if (f_r1kh_id &&
1524 os_memcmp_const(r1kh->id, f_r1kh_id, FT_R1KH_ID_LEN) == 0)
1525 *r1kh_out = r1kh;
1526 }
1527
1528 if (!*r1kh_out && !*r1kh_wildcard)
1529 wpa_printf(MSG_DEBUG, "FT: No matching R1KH found");
1530
1531 if (*r1kh_out && wpa_ft_rrb_init_r1kh_seq(*r1kh_out) < 0)
1532 *r1kh_out = NULL;
1533 }
1534
1535
1536 static int wpa_ft_rrb_check_r0kh(struct wpa_authenticator *wpa_auth,
1537 const u8 *f_r0kh_id, size_t f_r0kh_id_len)
1538 {
1539 if (f_r0kh_id_len != wpa_auth->conf.r0_key_holder_len ||
1540 os_memcmp_const(f_r0kh_id, wpa_auth->conf.r0_key_holder,
1541 f_r0kh_id_len) != 0)
1542 return -1;
1543
1544 return 0;
1545 }
1546
1547
1548 static int wpa_ft_rrb_check_r1kh(struct wpa_authenticator *wpa_auth,
1549 const u8 *f_r1kh_id)
1550 {
1551 if (os_memcmp_const(f_r1kh_id, wpa_auth->conf.r1_key_holder,
1552 FT_R1KH_ID_LEN) != 0)
1553 return -1;
1554
1555 return 0;
1556 }
1557
1558
1559 static void wpa_ft_rrb_del_r0kh(void *eloop_ctx, void *timeout_ctx)
1560 {
1561 struct wpa_authenticator *wpa_auth = eloop_ctx;
1562 struct ft_remote_r0kh *r0kh, *prev = NULL;
1563
1564 if (!wpa_auth->conf.r0kh_list)
1565 return;
1566
1567 for (r0kh = *wpa_auth->conf.r0kh_list; r0kh; r0kh = r0kh->next) {
1568 if (r0kh == timeout_ctx)
1569 break;
1570 prev = r0kh;
1571 }
1572 if (!r0kh)
1573 return;
1574 if (prev)
1575 prev->next = r0kh->next;
1576 else
1577 *wpa_auth->conf.r0kh_list = r0kh->next;
1578 if (r0kh->seq)
1579 wpa_ft_rrb_seq_flush(wpa_auth, r0kh->seq, 0);
1580 os_free(r0kh->seq);
1581 os_free(r0kh);
1582 }
1583
1584
1585 static void wpa_ft_rrb_r0kh_replenish(struct wpa_authenticator *wpa_auth,
1586 struct ft_remote_r0kh *r0kh, int timeout)
1587 {
1588 if (timeout > 0)
1589 eloop_replenish_timeout(timeout, 0, wpa_ft_rrb_del_r0kh,
1590 wpa_auth, r0kh);
1591 }
1592
1593
1594 static void wpa_ft_rrb_r0kh_timeout(struct wpa_authenticator *wpa_auth,
1595 struct ft_remote_r0kh *r0kh, int timeout)
1596 {
1597 eloop_cancel_timeout(wpa_ft_rrb_del_r0kh, wpa_auth, r0kh);
1598
1599 if (timeout > 0)
1600 eloop_register_timeout(timeout, 0, wpa_ft_rrb_del_r0kh,
1601 wpa_auth, r0kh);
1602 }
1603
1604
1605 static struct ft_remote_r0kh *
1606 wpa_ft_rrb_add_r0kh(struct wpa_authenticator *wpa_auth,
1607 struct ft_remote_r0kh *r0kh_wildcard,
1608 const u8 *src_addr, const u8 *r0kh_id, size_t id_len,
1609 int timeout)
1610 {
1611 struct ft_remote_r0kh *r0kh;
1612
1613 if (!wpa_auth->conf.r0kh_list)
1614 return NULL;
1615
1616 r0kh = os_zalloc(sizeof(*r0kh));
1617 if (!r0kh)
1618 return NULL;
1619
1620 if (src_addr)
1621 os_memcpy(r0kh->addr, src_addr, sizeof(r0kh->addr));
1622
1623 if (id_len > FT_R0KH_ID_MAX_LEN)
1624 id_len = FT_R0KH_ID_MAX_LEN;
1625 os_memcpy(r0kh->id, r0kh_id, id_len);
1626 r0kh->id_len = id_len;
1627
1628 os_memcpy(r0kh->key, r0kh_wildcard->key, sizeof(r0kh->key));
1629
1630 r0kh->next = *wpa_auth->conf.r0kh_list;
1631 *wpa_auth->conf.r0kh_list = r0kh;
1632
1633 if (timeout > 0)
1634 eloop_register_timeout(timeout, 0, wpa_ft_rrb_del_r0kh,
1635 wpa_auth, r0kh);
1636
1637 if (wpa_ft_rrb_init_r0kh_seq(r0kh) < 0)
1638 return NULL;
1639
1640 return r0kh;
1641 }
1642
1643
1644 static void wpa_ft_rrb_del_r1kh(void *eloop_ctx, void *timeout_ctx)
1645 {
1646 struct wpa_authenticator *wpa_auth = eloop_ctx;
1647 struct ft_remote_r1kh *r1kh, *prev = NULL;
1648
1649 if (!wpa_auth->conf.r1kh_list)
1650 return;
1651
1652 for (r1kh = *wpa_auth->conf.r1kh_list; r1kh; r1kh = r1kh->next) {
1653 if (r1kh == timeout_ctx)
1654 break;
1655 prev = r1kh;
1656 }
1657 if (!r1kh)
1658 return;
1659 if (prev)
1660 prev->next = r1kh->next;
1661 else
1662 *wpa_auth->conf.r1kh_list = r1kh->next;
1663 if (r1kh->seq)
1664 wpa_ft_rrb_seq_flush(wpa_auth, r1kh->seq, 0);
1665 os_free(r1kh->seq);
1666 os_free(r1kh);
1667 }
1668
1669
1670 static void wpa_ft_rrb_r1kh_replenish(struct wpa_authenticator *wpa_auth,
1671 struct ft_remote_r1kh *r1kh, int timeout)
1672 {
1673 if (timeout > 0)
1674 eloop_replenish_timeout(timeout, 0, wpa_ft_rrb_del_r1kh,
1675 wpa_auth, r1kh);
1676 }
1677
1678
1679 static struct ft_remote_r1kh *
1680 wpa_ft_rrb_add_r1kh(struct wpa_authenticator *wpa_auth,
1681 struct ft_remote_r1kh *r1kh_wildcard,
1682 const u8 *src_addr, const u8 *r1kh_id, int timeout)
1683 {
1684 struct ft_remote_r1kh *r1kh;
1685
1686 if (!wpa_auth->conf.r1kh_list)
1687 return NULL;
1688
1689 r1kh = os_zalloc(sizeof(*r1kh));
1690 if (!r1kh)
1691 return NULL;
1692
1693 os_memcpy(r1kh->addr, src_addr, sizeof(r1kh->addr));
1694 os_memcpy(r1kh->id, r1kh_id, sizeof(r1kh->id));
1695 os_memcpy(r1kh->key, r1kh_wildcard->key, sizeof(r1kh->key));
1696 r1kh->next = *wpa_auth->conf.r1kh_list;
1697 *wpa_auth->conf.r1kh_list = r1kh;
1698
1699 if (timeout > 0)
1700 eloop_register_timeout(timeout, 0, wpa_ft_rrb_del_r1kh,
1701 wpa_auth, r1kh);
1702
1703 if (wpa_ft_rrb_init_r1kh_seq(r1kh) < 0)
1704 return NULL;
1705
1706 return r1kh;
1707 }
1708
1709
1710 void wpa_ft_sta_deinit(struct wpa_state_machine *sm)
1711 {
1712 eloop_cancel_timeout(wpa_ft_expire_pull, sm, NULL);
1713 }
1714
1715
1716 static void wpa_ft_deinit_seq(struct wpa_authenticator *wpa_auth)
1717 {
1718 struct ft_remote_r0kh *r0kh;
1719 struct ft_remote_r1kh *r1kh;
1720
1721 eloop_cancel_timeout(wpa_ft_rrb_seq_timeout, wpa_auth, ELOOP_ALL_CTX);
1722
1723 if (wpa_auth->conf.r0kh_list)
1724 r0kh = *wpa_auth->conf.r0kh_list;
1725 else
1726 r0kh = NULL;
1727 for (; r0kh; r0kh = r0kh->next) {
1728 if (!r0kh->seq)
1729 continue;
1730 wpa_ft_rrb_seq_flush(wpa_auth, r0kh->seq, 0);
1731 os_free(r0kh->seq);
1732 r0kh->seq = NULL;
1733 }
1734
1735 if (wpa_auth->conf.r1kh_list)
1736 r1kh = *wpa_auth->conf.r1kh_list;
1737 else
1738 r1kh = NULL;
1739 for (; r1kh; r1kh = r1kh->next) {
1740 if (!r1kh->seq)
1741 continue;
1742 wpa_ft_rrb_seq_flush(wpa_auth, r1kh->seq, 0);
1743 os_free(r1kh->seq);
1744 r1kh->seq = NULL;
1745 }
1746 }
1747
1748
1749 static void wpa_ft_deinit_rkh_tmp(struct wpa_authenticator *wpa_auth)
1750 {
1751 struct ft_remote_r0kh *r0kh, *r0kh_next, *r0kh_prev = NULL;
1752 struct ft_remote_r1kh *r1kh, *r1kh_next, *r1kh_prev = NULL;
1753
1754 if (wpa_auth->conf.r0kh_list)
1755 r0kh = *wpa_auth->conf.r0kh_list;
1756 else
1757 r0kh = NULL;
1758 while (r0kh) {
1759 r0kh_next = r0kh->next;
1760 if (eloop_cancel_timeout(wpa_ft_rrb_del_r0kh, wpa_auth,
1761 r0kh) > 0) {
1762 if (r0kh_prev)
1763 r0kh_prev->next = r0kh_next;
1764 else
1765 *wpa_auth->conf.r0kh_list = r0kh_next;
1766 os_free(r0kh);
1767 } else {
1768 r0kh_prev = r0kh;
1769 }
1770 r0kh = r0kh_next;
1771 }
1772
1773 if (wpa_auth->conf.r1kh_list)
1774 r1kh = *wpa_auth->conf.r1kh_list;
1775 else
1776 r1kh = NULL;
1777 while (r1kh) {
1778 r1kh_next = r1kh->next;
1779 if (eloop_cancel_timeout(wpa_ft_rrb_del_r1kh, wpa_auth,
1780 r1kh) > 0) {
1781 if (r1kh_prev)
1782 r1kh_prev->next = r1kh_next;
1783 else
1784 *wpa_auth->conf.r1kh_list = r1kh_next;
1785 os_free(r1kh);
1786 } else {
1787 r1kh_prev = r1kh;
1788 }
1789 r1kh = r1kh_next;
1790 }
1791 }
1792
1793
1794 void wpa_ft_deinit(struct wpa_authenticator *wpa_auth)
1795 {
1796 wpa_ft_deinit_seq(wpa_auth);
1797 wpa_ft_deinit_rkh_tmp(wpa_auth);
1798 }
1799
1800
1801 static void wpa_ft_block_r0kh(struct wpa_authenticator *wpa_auth,
1802 const u8 *f_r0kh_id, size_t f_r0kh_id_len)
1803 {
1804 struct ft_remote_r0kh *r0kh, *r0kh_wildcard;
1805
1806 if (!wpa_auth->conf.rkh_neg_timeout)
1807 return;
1808
1809 wpa_ft_rrb_lookup_r0kh(wpa_auth, f_r0kh_id, f_r0kh_id_len,
1810 &r0kh, &r0kh_wildcard);
1811
1812 if (!r0kh_wildcard) {
1813 /* r0kh removed after neg_timeout and might need re-adding */
1814 return;
1815 }
1816
1817 wpa_hexdump(MSG_DEBUG, "FT: Blacklist R0KH-ID",
1818 f_r0kh_id, f_r0kh_id_len);
1819
1820 if (r0kh) {
1821 wpa_ft_rrb_r0kh_timeout(wpa_auth, r0kh,
1822 wpa_auth->conf.rkh_neg_timeout);
1823 os_memset(r0kh->addr, 0, ETH_ALEN);
1824 } else
1825 wpa_ft_rrb_add_r0kh(wpa_auth, r0kh_wildcard, NULL, f_r0kh_id,
1826 f_r0kh_id_len,
1827 wpa_auth->conf.rkh_neg_timeout);
1828 }
1829
1830
1831 static void wpa_ft_expire_pull(void *eloop_ctx, void *timeout_ctx)
1832 {
1833 struct wpa_state_machine *sm = eloop_ctx;
1834
1835 wpa_printf(MSG_DEBUG, "FT: Timeout pending pull request for " MACSTR,
1836 MAC2STR(sm->addr));
1837 if (sm->ft_pending_pull_left_retries <= 0)
1838 wpa_ft_block_r0kh(sm->wpa_auth, sm->r0kh_id, sm->r0kh_id_len);
1839
1840 /* cancel multiple timeouts */
1841 eloop_cancel_timeout(wpa_ft_expire_pull, sm, NULL);
1842 ft_finish_pull(sm);
1843 }
1844
1845
1846 static int wpa_ft_pull_pmk_r1(struct wpa_state_machine *sm,
1847 const u8 *ies, size_t ies_len,
1848 const u8 *pmk_r0_name)
1849 {
1850 struct ft_remote_r0kh *r0kh, *r0kh_wildcard;
1851 u8 *packet = NULL;
1852 const u8 *key, *f_r1kh_id = sm->wpa_auth->conf.r1_key_holder;
1853 size_t packet_len, key_len;
1854 struct ft_rrb_seq f_seq;
1855 int tsecs, tusecs, first;
1856 struct wpabuf *ft_pending_req_ies;
1857 int r0kh_timeout;
1858 struct tlv_list req_enc[] = {
1859 { .type = FT_RRB_PMK_R0_NAME, .len = WPA_PMK_NAME_LEN,
1860 .data = pmk_r0_name },
1861 { .type = FT_RRB_S1KH_ID, .len = ETH_ALEN,
1862 .data = sm->addr },
1863 { .type = FT_RRB_LAST_EMPTY, .len = 0, .data = NULL },
1864 };
1865 struct tlv_list req_auth[] = {
1866 { .type = FT_RRB_NONCE, .len = FT_RRB_NONCE_LEN,
1867 .data = sm->ft_pending_pull_nonce },
1868 { .type = FT_RRB_SEQ, .len = sizeof(f_seq),
1869 .data = (u8 *) &f_seq },
1870 { .type = FT_RRB_R0KH_ID, .len = sm->r0kh_id_len,
1871 .data = sm->r0kh_id },
1872 { .type = FT_RRB_R1KH_ID, .len = FT_R1KH_ID_LEN,
1873 .data = f_r1kh_id },
1874 { .type = FT_RRB_LAST_EMPTY, .len = 0, .data = NULL },
1875 };
1876
1877 if (sm->ft_pending_pull_left_retries <= 0)
1878 return -1;
1879 first = sm->ft_pending_pull_left_retries ==
1880 sm->wpa_auth->conf.rkh_pull_retries;
1881 sm->ft_pending_pull_left_retries--;
1882
1883 wpa_ft_rrb_lookup_r0kh(sm->wpa_auth, sm->r0kh_id, sm->r0kh_id_len,
1884 &r0kh, &r0kh_wildcard);
1885
1886 /* Keep r0kh sufficiently long in the list for seq num check */
1887 r0kh_timeout = sm->wpa_auth->conf.rkh_pull_timeout / 1000 +
1888 1 + ftRRBseqTimeout;
1889 if (r0kh) {
1890 wpa_ft_rrb_r0kh_replenish(sm->wpa_auth, r0kh, r0kh_timeout);
1891 } else if (r0kh_wildcard) {
1892 wpa_printf(MSG_DEBUG, "FT: Using wildcard R0KH-ID");
1893 /* r0kh->addr: updated by SEQ_RESP and wpa_ft_expire_pull */
1894 r0kh = wpa_ft_rrb_add_r0kh(sm->wpa_auth, r0kh_wildcard,
1895 r0kh_wildcard->addr,
1896 sm->r0kh_id, sm->r0kh_id_len,
1897 r0kh_timeout);
1898 }
1899 if (r0kh == NULL) {
1900 wpa_hexdump(MSG_DEBUG, "FT: Did not find R0KH-ID",
1901 sm->r0kh_id, sm->r0kh_id_len);
1902 return -1;
1903 }
1904 if (is_zero_ether_addr(r0kh->addr)) {
1905 wpa_hexdump(MSG_DEBUG, "FT: R0KH-ID is blacklisted",
1906 sm->r0kh_id, sm->r0kh_id_len);
1907 return -1;
1908 }
1909 if (os_memcmp(r0kh->addr, sm->wpa_auth->addr, ETH_ALEN) == 0) {
1910 wpa_printf(MSG_DEBUG,
1911 "FT: R0KH-ID points to self - no matching key available");
1912 return -1;
1913 }
1914
1915 key = r0kh->key;
1916 key_len = sizeof(r0kh->key);
1917
1918 wpa_printf(MSG_DEBUG, "FT: Send PMK-R1 pull request to remote R0KH "
1919 "address " MACSTR, MAC2STR(r0kh->addr));
1920
1921 if (r0kh->seq->rx.num_last == 0) {
1922 /* A sequence request will be sent out anyway when pull
1923 * response is received. Send it out now to avoid one RTT. */
1924 wpa_ft_rrb_seq_req(sm->wpa_auth, r0kh->seq, r0kh->addr,
1925 r0kh->id, r0kh->id_len, f_r1kh_id, key,
1926 key_len, NULL, 0, NULL, 0, NULL);
1927 }
1928
1929 if (first &&
1930 random_get_bytes(sm->ft_pending_pull_nonce, FT_RRB_NONCE_LEN) < 0) {
1931 wpa_printf(MSG_DEBUG, "FT: Failed to get random data for "
1932 "nonce");
1933 return -1;
1934 }
1935
1936 if (wpa_ft_new_seq(r0kh->seq, &f_seq) < 0) {
1937 wpa_printf(MSG_DEBUG, "FT: Failed to get seq num");
1938 return -1;
1939 }
1940
1941 if (wpa_ft_rrb_build(key, key_len, req_enc, NULL, req_auth, NULL,
1942 sm->wpa_auth->addr, FT_PACKET_R0KH_R1KH_PULL,
1943 &packet, &packet_len) < 0)
1944 return -1;
1945
1946 ft_pending_req_ies = wpabuf_alloc_copy(ies, ies_len);
1947 wpabuf_free(sm->ft_pending_req_ies);
1948 sm->ft_pending_req_ies = ft_pending_req_ies;
1949 if (!sm->ft_pending_req_ies) {
1950 os_free(packet);
1951 return -1;
1952 }
1953
1954 tsecs = sm->wpa_auth->conf.rkh_pull_timeout / 1000;
1955 tusecs = (sm->wpa_auth->conf.rkh_pull_timeout % 1000) * 1000;
1956 eloop_register_timeout(tsecs, tusecs, wpa_ft_expire_pull, sm, NULL);
1957
1958 wpa_ft_rrb_oui_send(sm->wpa_auth, r0kh->addr, FT_PACKET_R0KH_R1KH_PULL,
1959 packet, packet_len);
1960
1961 os_free(packet);
1962
1963 return 0;
1964 }
1965
1966
1967 int wpa_ft_store_pmk_fils(struct wpa_state_machine *sm,
1968 const u8 *pmk_r0, const u8 *pmk_r0_name)
1969 {
1970 int expires_in = sm->wpa_auth->conf.r0_key_lifetime;
1971 struct vlan_description vlan;
1972 const u8 *identity, *radius_cui;
1973 size_t identity_len, radius_cui_len;
1974 int session_timeout;
1975
1976 if (wpa_ft_get_vlan(sm->wpa_auth, sm->addr, &vlan) < 0) {
1977 wpa_printf(MSG_DEBUG, "FT: vlan not available for STA " MACSTR,
1978 MAC2STR(sm->addr));
1979 return -1;
1980 }
1981
1982 identity_len = wpa_ft_get_identity(sm->wpa_auth, sm->addr, &identity);
1983 radius_cui_len = wpa_ft_get_radius_cui(sm->wpa_auth, sm->addr,
1984 &radius_cui);
1985 session_timeout = wpa_ft_get_session_timeout(sm->wpa_auth, sm->addr);
1986
1987 return wpa_ft_store_pmk_r0(sm->wpa_auth, sm->addr, pmk_r0, pmk_r0_name,
1988 sm->pairwise, &vlan, expires_in,
1989 session_timeout, identity, identity_len,
1990 radius_cui, radius_cui_len);
1991 }
1992
1993
1994 int wpa_auth_derive_ptk_ft(struct wpa_state_machine *sm, const u8 *pmk,
1995 struct wpa_ptk *ptk)
1996 {
1997 u8 pmk_r0[PMK_LEN], pmk_r0_name[WPA_PMK_NAME_LEN];
1998 u8 pmk_r1[PMK_LEN];
1999 u8 ptk_name[WPA_PMK_NAME_LEN];
2000 const u8 *mdid = sm->wpa_auth->conf.mobility_domain;
2001 const u8 *r0kh = sm->wpa_auth->conf.r0_key_holder;
2002 size_t r0kh_len = sm->wpa_auth->conf.r0_key_holder_len;
2003 const u8 *r1kh = sm->wpa_auth->conf.r1_key_holder;
2004 const u8 *ssid = sm->wpa_auth->conf.ssid;
2005 size_t ssid_len = sm->wpa_auth->conf.ssid_len;
2006 int psk_local = sm->wpa_auth->conf.ft_psk_generate_local;
2007 int expires_in = sm->wpa_auth->conf.r0_key_lifetime;
2008 struct vlan_description vlan;
2009 const u8 *identity, *radius_cui;
2010 size_t identity_len, radius_cui_len;
2011 int session_timeout;
2012
2013 if (sm->xxkey_len == 0) {
2014 wpa_printf(MSG_DEBUG, "FT: XXKey not available for key "
2015 "derivation");
2016 return -1;
2017 }
2018
2019 if (wpa_ft_get_vlan(sm->wpa_auth, sm->addr, &vlan) < 0) {
2020 wpa_printf(MSG_DEBUG, "FT: vlan not available for STA " MACSTR,
2021 MAC2STR(sm->addr));
2022 return -1;
2023 }
2024
2025 identity_len = wpa_ft_get_identity(sm->wpa_auth, sm->addr, &identity);
2026 radius_cui_len = wpa_ft_get_radius_cui(sm->wpa_auth, sm->addr,
2027 &radius_cui);
2028 session_timeout = wpa_ft_get_session_timeout(sm->wpa_auth, sm->addr);
2029
2030 if (wpa_derive_pmk_r0(sm->xxkey, sm->xxkey_len, ssid, ssid_len, mdid,
2031 r0kh, r0kh_len, sm->addr,
2032 pmk_r0, pmk_r0_name) < 0)
2033 return -1;
2034 wpa_hexdump_key(MSG_DEBUG, "FT: PMK-R0", pmk_r0, PMK_LEN);
2035 wpa_hexdump(MSG_DEBUG, "FT: PMKR0Name", pmk_r0_name, WPA_PMK_NAME_LEN);
2036 if (!psk_local || !wpa_key_mgmt_ft_psk(sm->wpa_key_mgmt))
2037 wpa_ft_store_pmk_r0(sm->wpa_auth, sm->addr, pmk_r0, pmk_r0_name,
2038 sm->pairwise, &vlan, expires_in,
2039 session_timeout, identity, identity_len,
2040 radius_cui, radius_cui_len);
2041
2042 if (wpa_derive_pmk_r1(pmk_r0, pmk_r0_name, r1kh, sm->addr,
2043 pmk_r1, sm->pmk_r1_name) < 0)
2044 return -1;
2045 wpa_hexdump_key(MSG_DEBUG, "FT: PMK-R1", pmk_r1, PMK_LEN);
2046 wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name", sm->pmk_r1_name,
2047 WPA_PMK_NAME_LEN);
2048 if (!psk_local || !wpa_key_mgmt_ft_psk(sm->wpa_key_mgmt))
2049 wpa_ft_store_pmk_r1(sm->wpa_auth, sm->addr, pmk_r1,
2050 sm->pmk_r1_name, sm->pairwise, &vlan,
2051 expires_in, session_timeout, identity,
2052 identity_len, radius_cui, radius_cui_len);
2053
2054 return wpa_pmk_r1_to_ptk(pmk_r1, sm->SNonce, sm->ANonce, sm->addr,
2055 sm->wpa_auth->addr, sm->pmk_r1_name,
2056 ptk, ptk_name, sm->wpa_key_mgmt, sm->pairwise);
2057 }
2058
2059
2060 static inline int wpa_auth_get_seqnum(struct wpa_authenticator *wpa_auth,
2061 const u8 *addr, int idx, u8 *seq)
2062 {
2063 if (wpa_auth->cb->get_seqnum == NULL)
2064 return -1;
2065 return wpa_auth->cb->get_seqnum(wpa_auth->cb_ctx, addr, idx, seq);
2066 }
2067
2068
2069 static u8 * wpa_ft_gtk_subelem(struct wpa_state_machine *sm, size_t *len)
2070 {
2071 u8 *subelem;
2072 struct wpa_group *gsm = sm->group;
2073 size_t subelem_len, pad_len;
2074 const u8 *key;
2075 size_t key_len;
2076 u8 keybuf[32];
2077
2078 key_len = gsm->GTK_len;
2079 if (key_len > sizeof(keybuf))
2080 return NULL;
2081
2082 /*
2083 * Pad key for AES Key Wrap if it is not multiple of 8 bytes or is less
2084 * than 16 bytes.
2085 */
2086 pad_len = key_len % 8;
2087 if (pad_len)
2088 pad_len = 8 - pad_len;
2089 if (key_len + pad_len < 16)
2090 pad_len += 8;
2091 if (pad_len && key_len < sizeof(keybuf)) {
2092 os_memcpy(keybuf, gsm->GTK[gsm->GN - 1], key_len);
2093 os_memset(keybuf + key_len, 0, pad_len);
2094 keybuf[key_len] = 0xdd;
2095 key_len += pad_len;
2096 key = keybuf;
2097 } else
2098 key = gsm->GTK[gsm->GN - 1];
2099
2100 /*
2101 * Sub-elem ID[1] | Length[1] | Key Info[2] | Key Length[1] | RSC[8] |
2102 * Key[5..32].
2103 */
2104 subelem_len = 13 + key_len + 8;
2105 subelem = os_zalloc(subelem_len);
2106 if (subelem == NULL)
2107 return NULL;
2108
2109 subelem[0] = FTIE_SUBELEM_GTK;
2110 subelem[1] = 11 + key_len + 8;
2111 /* Key ID in B0-B1 of Key Info */
2112 WPA_PUT_LE16(&subelem[2], gsm->GN & 0x03);
2113 subelem[4] = gsm->GTK_len;
2114 wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN, subelem + 5);
2115 if (aes_wrap(sm->PTK.kek, sm->PTK.kek_len, key_len / 8, key,
2116 subelem + 13)) {
2117 os_free(subelem);
2118 return NULL;
2119 }
2120
2121 *len = subelem_len;
2122 return subelem;
2123 }
2124
2125
2126 #ifdef CONFIG_IEEE80211W
2127 static u8 * wpa_ft_igtk_subelem(struct wpa_state_machine *sm, size_t *len)
2128 {
2129 u8 *subelem, *pos;
2130 struct wpa_group *gsm = sm->group;
2131 size_t subelem_len;
2132
2133 /* Sub-elem ID[1] | Length[1] | KeyID[2] | IPN[6] | Key Length[1] |
2134 * Key[16+8] */
2135 subelem_len = 1 + 1 + 2 + 6 + 1 + WPA_IGTK_LEN + 8;
2136 subelem = os_zalloc(subelem_len);
2137 if (subelem == NULL)
2138 return NULL;
2139
2140 pos = subelem;
2141 *pos++ = FTIE_SUBELEM_IGTK;
2142 *pos++ = subelem_len - 2;
2143 WPA_PUT_LE16(pos, gsm->GN_igtk);
2144 pos += 2;
2145 wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN_igtk, pos);
2146 pos += 6;
2147 *pos++ = WPA_IGTK_LEN;
2148 if (aes_wrap(sm->PTK.kek, sm->PTK.kek_len, WPA_IGTK_LEN / 8,
2149 gsm->IGTK[gsm->GN_igtk - 4], pos)) {
2150 os_free(subelem);
2151 return NULL;
2152 }
2153
2154 *len = subelem_len;
2155 return subelem;
2156 }
2157 #endif /* CONFIG_IEEE80211W */
2158
2159
2160 static u8 * wpa_ft_process_rdie(struct wpa_state_machine *sm,
2161 u8 *pos, u8 *end, u8 id, u8 descr_count,
2162 const u8 *ies, size_t ies_len)
2163 {
2164 struct ieee802_11_elems parse;
2165 struct rsn_rdie *rdie;
2166
2167 wpa_printf(MSG_DEBUG, "FT: Resource Request: id=%d descr_count=%d",
2168 id, descr_count);
2169 wpa_hexdump(MSG_MSGDUMP, "FT: Resource descriptor IE(s)",
2170 ies, ies_len);
2171
2172 if (end - pos < (int) sizeof(*rdie)) {
2173 wpa_printf(MSG_ERROR, "FT: Not enough room for response RDIE");
2174 return pos;
2175 }
2176
2177 *pos++ = WLAN_EID_RIC_DATA;
2178 *pos++ = sizeof(*rdie);
2179 rdie = (struct rsn_rdie *) pos;
2180 rdie->id = id;
2181 rdie->descr_count = 0;
2182 rdie->status_code = host_to_le16(WLAN_STATUS_SUCCESS);
2183 pos += sizeof(*rdie);
2184
2185 if (ieee802_11_parse_elems((u8 *) ies, ies_len, &parse, 1) ==
2186 ParseFailed) {
2187 wpa_printf(MSG_DEBUG, "FT: Failed to parse request IEs");
2188 rdie->status_code =
2189 host_to_le16(WLAN_STATUS_UNSPECIFIED_FAILURE);
2190 return pos;
2191 }
2192
2193 if (parse.wmm_tspec) {
2194 struct wmm_tspec_element *tspec;
2195
2196 if (parse.wmm_tspec_len + 2 < (int) sizeof(*tspec)) {
2197 wpa_printf(MSG_DEBUG, "FT: Too short WMM TSPEC IE "
2198 "(%d)", (int) parse.wmm_tspec_len);
2199 rdie->status_code =
2200 host_to_le16(WLAN_STATUS_UNSPECIFIED_FAILURE);
2201 return pos;
2202 }
2203 if (end - pos < (int) sizeof(*tspec)) {
2204 wpa_printf(MSG_ERROR, "FT: Not enough room for "
2205 "response TSPEC");
2206 rdie->status_code =
2207 host_to_le16(WLAN_STATUS_UNSPECIFIED_FAILURE);
2208 return pos;
2209 }
2210 tspec = (struct wmm_tspec_element *) pos;
2211 os_memcpy(tspec, parse.wmm_tspec - 2, sizeof(*tspec));
2212 }
2213
2214 #ifdef NEED_AP_MLME
2215 if (parse.wmm_tspec && sm->wpa_auth->conf.ap_mlme) {
2216 int res;
2217
2218 res = wmm_process_tspec((struct wmm_tspec_element *) pos);
2219 wpa_printf(MSG_DEBUG, "FT: ADDTS processing result: %d", res);
2220 if (res == WMM_ADDTS_STATUS_INVALID_PARAMETERS)
2221 rdie->status_code =
2222 host_to_le16(WLAN_STATUS_INVALID_PARAMETERS);
2223 else if (res == WMM_ADDTS_STATUS_REFUSED)
2224 rdie->status_code =
2225 host_to_le16(WLAN_STATUS_REQUEST_DECLINED);
2226 else {
2227 /* TSPEC accepted; include updated TSPEC in response */
2228 rdie->descr_count = 1;
2229 pos += sizeof(struct wmm_tspec_element);
2230 }
2231 return pos;
2232 }
2233 #endif /* NEED_AP_MLME */
2234
2235 if (parse.wmm_tspec && !sm->wpa_auth->conf.ap_mlme) {
2236 int res;
2237
2238 res = wpa_ft_add_tspec(sm->wpa_auth, sm->addr, pos,
2239 sizeof(struct wmm_tspec_element));
2240 if (res >= 0) {
2241 if (res)
2242 rdie->status_code = host_to_le16(res);
2243 else {
2244 /* TSPEC accepted; include updated TSPEC in
2245 * response */
2246 rdie->descr_count = 1;
2247 pos += sizeof(struct wmm_tspec_element);
2248 }
2249 return pos;
2250 }
2251 }
2252
2253 wpa_printf(MSG_DEBUG, "FT: No supported resource requested");
2254 rdie->status_code = host_to_le16(WLAN_STATUS_UNSPECIFIED_FAILURE);
2255 return pos;
2256 }
2257
2258
2259 static u8 * wpa_ft_process_ric(struct wpa_state_machine *sm, u8 *pos, u8 *end,
2260 const u8 *ric, size_t ric_len)
2261 {
2262 const u8 *rpos, *start;
2263 const struct rsn_rdie *rdie;
2264
2265 wpa_hexdump(MSG_MSGDUMP, "FT: RIC Request", ric, ric_len);
2266
2267 rpos = ric;
2268 while (rpos + sizeof(*rdie) < ric + ric_len) {
2269 if (rpos[0] != WLAN_EID_RIC_DATA || rpos[1] < sizeof(*rdie) ||
2270 rpos + 2 + rpos[1] > ric + ric_len)
2271 break;
2272 rdie = (const struct rsn_rdie *) (rpos + 2);
2273 rpos += 2 + rpos[1];
2274 start = rpos;
2275
2276 while (rpos + 2 <= ric + ric_len &&
2277 rpos + 2 + rpos[1] <= ric + ric_len) {
2278 if (rpos[0] == WLAN_EID_RIC_DATA)
2279 break;
2280 rpos += 2 + rpos[1];
2281 }
2282 pos = wpa_ft_process_rdie(sm, pos, end, rdie->id,
2283 rdie->descr_count,
2284 start, rpos - start);
2285 }
2286
2287 return pos;
2288 }
2289
2290
2291 u8 * wpa_sm_write_assoc_resp_ies(struct wpa_state_machine *sm, u8 *pos,
2292 size_t max_len, int auth_alg,
2293 const u8 *req_ies, size_t req_ies_len)
2294 {
2295 u8 *end, *mdie, *ftie, *rsnie = NULL, *r0kh_id, *subelem = NULL;
2296 size_t mdie_len, ftie_len, rsnie_len = 0, r0kh_id_len, subelem_len = 0;
2297 int res;
2298 struct wpa_auth_config *conf;
2299 struct rsn_ftie *_ftie;
2300 struct wpa_ft_ies parse;
2301 u8 *ric_start;
2302 u8 *anonce, *snonce;
2303 const u8 *kck;
2304 size_t kck_len;
2305
2306 if (sm == NULL)
2307 return pos;
2308
2309 conf = &sm->wpa_auth->conf;
2310
2311 if (!wpa_key_mgmt_ft(sm->wpa_key_mgmt))
2312 return pos;
2313
2314 end = pos + max_len;
2315
2316 if (auth_alg == WLAN_AUTH_FT) {
2317 /*
2318 * RSN (only present if this is a Reassociation Response and
2319 * part of a fast BSS transition)
2320 */
2321 res = wpa_write_rsn_ie(conf, pos, end - pos, sm->pmk_r1_name);
2322 if (res < 0)
2323 return pos;
2324 rsnie = pos;
2325 rsnie_len = res;
2326 pos += res;
2327 }
2328
2329 /* Mobility Domain Information */
2330 res = wpa_write_mdie(conf, pos, end - pos);
2331 if (res < 0)
2332 return pos;
2333 mdie = pos;
2334 mdie_len = res;
2335 pos += res;
2336
2337 /* Fast BSS Transition Information */
2338 if (auth_alg == WLAN_AUTH_FT) {
2339 subelem = wpa_ft_gtk_subelem(sm, &subelem_len);
2340 r0kh_id = sm->r0kh_id;
2341 r0kh_id_len = sm->r0kh_id_len;
2342 anonce = sm->ANonce;
2343 snonce = sm->SNonce;
2344 #ifdef CONFIG_IEEE80211W
2345 if (sm->mgmt_frame_prot) {
2346 u8 *igtk;
2347 size_t igtk_len;
2348 u8 *nbuf;
2349 igtk = wpa_ft_igtk_subelem(sm, &igtk_len);
2350 if (igtk == NULL) {
2351 os_free(subelem);
2352 return pos;
2353 }
2354 nbuf = os_realloc(subelem, subelem_len + igtk_len);
2355 if (nbuf == NULL) {
2356 os_free(subelem);
2357 os_free(igtk);
2358 return pos;
2359 }
2360 subelem = nbuf;
2361 os_memcpy(subelem + subelem_len, igtk, igtk_len);
2362 subelem_len += igtk_len;
2363 os_free(igtk);
2364 }
2365 #endif /* CONFIG_IEEE80211W */
2366 } else {
2367 r0kh_id = conf->r0_key_holder;
2368 r0kh_id_len = conf->r0_key_holder_len;
2369 anonce = NULL;
2370 snonce = NULL;
2371 }
2372 res = wpa_write_ftie(conf, r0kh_id, r0kh_id_len, anonce, snonce, pos,
2373 end - pos, subelem, subelem_len);
2374 os_free(subelem);
2375 if (res < 0)
2376 return pos;
2377 ftie = pos;
2378 ftie_len = res;
2379 pos += res;
2380
2381 _ftie = (struct rsn_ftie *) (ftie + 2);
2382 if (auth_alg == WLAN_AUTH_FT)
2383 _ftie->mic_control[1] = 3; /* Information element count */
2384
2385 ric_start = pos;
2386 if (wpa_ft_parse_ies(req_ies, req_ies_len, &parse) == 0 && parse.ric) {
2387 pos = wpa_ft_process_ric(sm, pos, end, parse.ric,
2388 parse.ric_len);
2389 if (auth_alg == WLAN_AUTH_FT)
2390 _ftie->mic_control[1] +=
2391 ieee802_11_ie_count(ric_start,
2392 pos - ric_start);
2393 }
2394 if (ric_start == pos)
2395 ric_start = NULL;
2396
2397 if (wpa_key_mgmt_fils(sm->wpa_key_mgmt)) {
2398 kck = sm->PTK.kck2;
2399 kck_len = sm->PTK.kck2_len;
2400 } else {
2401 kck = sm->PTK.kck;
2402 kck_len = sm->PTK.kck_len;
2403 }
2404 if (auth_alg == WLAN_AUTH_FT &&
2405 wpa_ft_mic(kck, kck_len, sm->addr, sm->wpa_auth->addr, 6,
2406 mdie, mdie_len, ftie, ftie_len,
2407 rsnie, rsnie_len,
2408 ric_start, ric_start ? pos - ric_start : 0,
2409 _ftie->mic) < 0)
2410 wpa_printf(MSG_DEBUG, "FT: Failed to calculate MIC");
2411
2412 os_free(sm->assoc_resp_ftie);
2413 sm->assoc_resp_ftie = os_malloc(ftie_len);
2414 if (sm->assoc_resp_ftie)
2415 os_memcpy(sm->assoc_resp_ftie, ftie, ftie_len);
2416
2417 return pos;
2418 }
2419
2420
2421 static inline int wpa_auth_set_key(struct wpa_authenticator *wpa_auth,
2422 int vlan_id,
2423 enum wpa_alg alg, const u8 *addr, int idx,
2424 u8 *key, size_t key_len)
2425 {
2426 if (wpa_auth->cb->set_key == NULL)
2427 return -1;
2428 return wpa_auth->cb->set_key(wpa_auth->cb_ctx, vlan_id, alg, addr, idx,
2429 key, key_len);
2430 }
2431
2432
2433 void wpa_ft_install_ptk(struct wpa_state_machine *sm)
2434 {
2435 enum wpa_alg alg;
2436 int klen;
2437
2438 /* MLME-SETKEYS.request(PTK) */
2439 alg = wpa_cipher_to_alg(sm->pairwise);
2440 klen = wpa_cipher_key_len(sm->pairwise);
2441 if (!wpa_cipher_valid_pairwise(sm->pairwise)) {
2442 wpa_printf(MSG_DEBUG, "FT: Unknown pairwise alg 0x%x - skip "
2443 "PTK configuration", sm->pairwise);
2444 return;
2445 }
2446
2447 if (sm->tk_already_set) {
2448 /* Must avoid TK reconfiguration to prevent clearing of TX/RX
2449 * PN in the driver */
2450 wpa_printf(MSG_DEBUG,
2451 "FT: Do not re-install same PTK to the driver");
2452 return;
2453 }
2454
2455 /* FIX: add STA entry to kernel/driver here? The set_key will fail
2456 * most likely without this.. At the moment, STA entry is added only
2457 * after association has been completed. This function will be called
2458 * again after association to get the PTK configured, but that could be
2459 * optimized by adding the STA entry earlier.
2460 */
2461 if (wpa_auth_set_key(sm->wpa_auth, 0, alg, sm->addr, 0,
2462 sm->PTK.tk, klen))
2463 return;
2464
2465 /* FIX: MLME-SetProtection.Request(TA, Tx_Rx) */
2466 sm->pairwise_set = TRUE;
2467 sm->tk_already_set = TRUE;
2468 }
2469
2470
2471 /* Derive PMK-R1 from PSK, check all available PSK */
2472 static int wpa_ft_psk_pmk_r1(struct wpa_state_machine *sm,
2473 const u8 *req_pmk_r1_name,
2474 u8 *out_pmk_r1, int *out_pairwise,
2475 struct vlan_description *out_vlan,
2476 const u8 **out_identity, size_t *out_identity_len,
2477 const u8 **out_radius_cui,
2478 size_t *out_radius_cui_len,
2479 int *out_session_timeout)
2480 {
2481 const u8 *pmk = NULL;
2482 u8 pmk_r0[PMK_LEN], pmk_r0_name[WPA_PMK_NAME_LEN];
2483 u8 pmk_r1[PMK_LEN], pmk_r1_name[WPA_PMK_NAME_LEN];
2484 struct wpa_authenticator *wpa_auth = sm->wpa_auth;
2485 const u8 *mdid = wpa_auth->conf.mobility_domain;
2486 const u8 *r0kh = sm->r0kh_id;
2487 size_t r0kh_len = sm->r0kh_id_len;
2488 const u8 *r1kh = wpa_auth->conf.r1_key_holder;
2489 const u8 *ssid = wpa_auth->conf.ssid;
2490 size_t ssid_len = wpa_auth->conf.ssid_len;
2491 int pairwise;
2492
2493 pairwise = sm->pairwise;
2494
2495 for (;;) {
2496 pmk = wpa_ft_get_psk(wpa_auth, sm->addr, sm->p2p_dev_addr,
2497 pmk);
2498 if (pmk == NULL)
2499 break;
2500
2501 if (wpa_derive_pmk_r0(pmk, PMK_LEN, ssid, ssid_len, mdid, r0kh,
2502 r0kh_len, sm->addr,
2503 pmk_r0, pmk_r0_name) < 0 ||
2504 wpa_derive_pmk_r1(pmk_r0, pmk_r0_name, r1kh, sm->addr,
2505 pmk_r1, pmk_r1_name) < 0 ||
2506 os_memcmp_const(pmk_r1_name, req_pmk_r1_name,
2507 WPA_PMK_NAME_LEN) != 0)
2508 continue;
2509
2510 /* We found a PSK that matches the requested pmk_r1_name */
2511 wpa_printf(MSG_DEBUG,
2512 "FT: Found PSK to generate PMK-R1 locally");
2513 os_memcpy(out_pmk_r1, pmk_r1, PMK_LEN);
2514 if (out_pairwise)
2515 *out_pairwise = pairwise;
2516 if (out_vlan &&
2517 wpa_ft_get_vlan(sm->wpa_auth, sm->addr, out_vlan) < 0) {
2518 wpa_printf(MSG_DEBUG, "FT: vlan not available for STA "
2519 MACSTR, MAC2STR(sm->addr));
2520 return -1;
2521 }
2522
2523 if (out_identity && out_identity_len) {
2524 *out_identity_len = wpa_ft_get_identity(
2525 sm->wpa_auth, sm->addr, out_identity);
2526 }
2527
2528 if (out_radius_cui && out_radius_cui_len) {
2529 *out_radius_cui_len = wpa_ft_get_radius_cui(
2530 sm->wpa_auth, sm->addr, out_radius_cui);
2531 }
2532
2533 if (out_session_timeout) {
2534 *out_session_timeout = wpa_ft_get_session_timeout(
2535 sm->wpa_auth, sm->addr);
2536 }
2537
2538 return 0;
2539 }
2540
2541 wpa_printf(MSG_DEBUG,
2542 "FT: Did not find PSK to generate PMK-R1 locally");
2543 return -1;
2544 }
2545
2546
2547 /* Detect the configuration the station asked for.
2548 * Required to detect FT-PSK and pairwise cipher.
2549 */
2550 static int wpa_ft_set_key_mgmt(struct wpa_state_machine *sm,
2551 struct wpa_ft_ies *parse)
2552 {
2553 int key_mgmt, ciphers;
2554
2555 if (sm->wpa_key_mgmt)
2556 return 0;
2557
2558 key_mgmt = parse->key_mgmt & sm->wpa_auth->conf.wpa_key_mgmt;
2559 if (!key_mgmt) {
2560 wpa_printf(MSG_DEBUG, "FT: Invalid key mgmt (0x%x) from "
2561 MACSTR, parse->key_mgmt, MAC2STR(sm->addr));
2562 return -1;
2563 }
2564 if (key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X)
2565 sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_IEEE8021X;
2566 #ifdef CONFIG_SHA384
2567 else if (key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X_SHA384)
2568 sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_IEEE8021X_SHA384;
2569 #endif /* CONFIG_SHA384 */
2570 else if (key_mgmt & WPA_KEY_MGMT_FT_PSK)
2571 sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_PSK;
2572 #ifdef CONFIG_FILS
2573 else if (key_mgmt & WPA_KEY_MGMT_FT_FILS_SHA256)
2574 sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_FILS_SHA256;
2575 else if (key_mgmt & WPA_KEY_MGMT_FT_FILS_SHA384)
2576 sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_FILS_SHA384;
2577 #endif /* CONFIG_FILS */
2578 ciphers = parse->pairwise_cipher & sm->wpa_auth->conf.rsn_pairwise;
2579 if (!ciphers) {
2580 wpa_printf(MSG_DEBUG, "FT: Invalid pairwise cipher (0x%x) from "
2581 MACSTR,
2582 parse->pairwise_cipher, MAC2STR(sm->addr));
2583 return -1;
2584 }
2585 sm->pairwise = wpa_pick_pairwise_cipher(ciphers, 0);
2586
2587 return 0;
2588 }
2589
2590
2591 static int wpa_ft_local_derive_pmk_r1(struct wpa_authenticator *wpa_auth,
2592 struct wpa_state_machine *sm,
2593 const u8 *r0kh_id, size_t r0kh_id_len,
2594 const u8 *req_pmk_r0_name,
2595 const u8 *req_pmk_r1_name,
2596 u8 *out_pmk_r1, int *out_pairwise,
2597 struct vlan_description *vlan,
2598 const u8 **identity, size_t *identity_len,
2599 const u8 **radius_cui,
2600 size_t *radius_cui_len,
2601 int *out_session_timeout)
2602 {
2603 struct wpa_auth_config *conf = &wpa_auth->conf;
2604 const struct wpa_ft_pmk_r0_sa *r0;
2605 u8 pmk_r1_name[WPA_PMK_NAME_LEN];
2606 int expires_in = 0;
2607 int session_timeout = 0;
2608 struct os_reltime now;
2609
2610 if (conf->r0_key_holder_len != r0kh_id_len ||
2611 os_memcmp(conf->r0_key_holder, r0kh_id, conf->r0_key_holder_len) !=
2612 0)
2613 return -1; /* not our R0KH-ID */
2614
2615 wpa_printf(MSG_DEBUG, "FT: STA R0KH-ID matching local configuration");
2616 if (wpa_ft_fetch_pmk_r0(sm->wpa_auth, sm->addr, req_pmk_r0_name, &r0) <
2617 0)
2618 return -1; /* no matching PMKR0Name in local cache */
2619
2620 wpa_printf(MSG_DEBUG, "FT: Requested PMKR0Name found in local cache");
2621
2622 if (wpa_derive_pmk_r1(r0->pmk_r0, r0->pmk_r0_name, conf->r1_key_holder,
2623 sm->addr, out_pmk_r1, pmk_r1_name) < 0)
2624 return -1;
2625 wpa_hexdump_key(MSG_DEBUG, "FT: PMK-R1", out_pmk_r1, PMK_LEN);
2626 wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name", pmk_r1_name, WPA_PMK_NAME_LEN);
2627
2628 os_get_reltime(&now);
2629 if (r0->expiration)
2630 expires_in = r0->expiration - now.sec;
2631
2632 if (r0->session_timeout)
2633 session_timeout = r0->session_timeout - now.sec;
2634
2635 wpa_ft_store_pmk_r1(wpa_auth, sm->addr, out_pmk_r1, pmk_r1_name,
2636 sm->pairwise, r0->vlan, expires_in, session_timeout,
2637 r0->identity, r0->identity_len,
2638 r0->radius_cui, r0->radius_cui_len);
2639
2640 *out_pairwise = sm->pairwise;
2641 if (vlan) {
2642 if (r0->vlan)
2643 *vlan = *r0->vlan;
2644 else
2645 os_memset(vlan, 0, sizeof(*vlan));
2646 }
2647
2648 if (identity && identity_len) {
2649 *identity = r0->identity;
2650 *identity_len = r0->identity_len;
2651 }
2652
2653 if (radius_cui && radius_cui_len) {
2654 *radius_cui = r0->radius_cui;
2655 *radius_cui_len = r0->radius_cui_len;
2656 }
2657
2658 *out_session_timeout = session_timeout;
2659
2660 return 0;
2661 }
2662
2663
2664 static int wpa_ft_process_auth_req(struct wpa_state_machine *sm,
2665 const u8 *ies, size_t ies_len,
2666 u8 **resp_ies, size_t *resp_ies_len)
2667 {
2668 struct rsn_mdie *mdie;
2669 struct rsn_ftie *ftie;
2670 u8 pmk_r1[PMK_LEN], pmk_r1_name[WPA_PMK_NAME_LEN];
2671 u8 ptk_name[WPA_PMK_NAME_LEN];
2672 struct wpa_auth_config *conf;
2673 struct wpa_ft_ies parse;
2674 size_t buflen;
2675 int ret;
2676 u8 *pos, *end;
2677 int pairwise, session_timeout = 0;
2678 struct vlan_description vlan;
2679 const u8 *identity, *radius_cui;
2680 size_t identity_len = 0, radius_cui_len = 0;
2681
2682 *resp_ies = NULL;
2683 *resp_ies_len = 0;
2684
2685 sm->pmk_r1_name_valid = 0;
2686 conf = &sm->wpa_auth->conf;
2687
2688 wpa_hexdump(MSG_DEBUG, "FT: Received authentication frame IEs",
2689 ies, ies_len);
2690
2691 if (wpa_ft_parse_ies(ies, ies_len, &parse) < 0) {
2692 wpa_printf(MSG_DEBUG, "FT: Failed to parse FT IEs");
2693 return WLAN_STATUS_UNSPECIFIED_FAILURE;
2694 }
2695
2696 mdie = (struct rsn_mdie *) parse.mdie;
2697 if (mdie == NULL || parse.mdie_len < sizeof(*mdie) ||
2698 os_memcmp(mdie->mobility_domain,
2699 sm->wpa_auth->conf.mobility_domain,
2700 MOBILITY_DOMAIN_ID_LEN) != 0) {
2701 wpa_printf(MSG_DEBUG, "FT: Invalid MDIE");
2702 return WLAN_STATUS_INVALID_MDIE;
2703 }
2704
2705 ftie = (struct rsn_ftie *) parse.ftie;
2706 if (ftie == NULL || parse.ftie_len < sizeof(*ftie)) {
2707 wpa_printf(MSG_DEBUG, "FT: Invalid FTIE");
2708 return WLAN_STATUS_INVALID_FTIE;
2709 }
2710
2711 os_memcpy(sm->SNonce, ftie->snonce, WPA_NONCE_LEN);
2712
2713 if (parse.r0kh_id == NULL) {
2714 wpa_printf(MSG_DEBUG, "FT: Invalid FTIE - no R0KH-ID");
2715 return WLAN_STATUS_INVALID_FTIE;
2716 }
2717
2718 wpa_hexdump(MSG_DEBUG, "FT: STA R0KH-ID",
2719 parse.r0kh_id, parse.r0kh_id_len);
2720 os_memcpy(sm->r0kh_id, parse.r0kh_id, parse.r0kh_id_len);
2721 sm->r0kh_id_len = parse.r0kh_id_len;
2722
2723 if (parse.rsn_pmkid == NULL) {
2724 wpa_printf(MSG_DEBUG, "FT: No PMKID in RSNIE");
2725 return WLAN_STATUS_INVALID_PMKID;
2726 }
2727
2728 if (wpa_ft_set_key_mgmt(sm, &parse) < 0)
2729 return WLAN_STATUS_UNSPECIFIED_FAILURE;
2730
2731 wpa_hexdump(MSG_DEBUG, "FT: Requested PMKR0Name",
2732 parse.rsn_pmkid, WPA_PMK_NAME_LEN);
2733 if (wpa_derive_pmk_r1_name(parse.rsn_pmkid,
2734 sm->wpa_auth->conf.r1_key_holder, sm->addr,
2735 pmk_r1_name) < 0)
2736 return WLAN_STATUS_UNSPECIFIED_FAILURE;
2737 wpa_hexdump(MSG_DEBUG, "FT: Derived requested PMKR1Name",
2738 pmk_r1_name, WPA_PMK_NAME_LEN);
2739
2740 if (conf->ft_psk_generate_local &&
2741 wpa_key_mgmt_ft_psk(sm->wpa_key_mgmt)) {
2742 if (wpa_ft_psk_pmk_r1(sm, pmk_r1_name, pmk_r1, &pairwise,
2743 &vlan, &identity, &identity_len,
2744 &radius_cui, &radius_cui_len,
2745 &session_timeout) < 0)
2746 return WLAN_STATUS_INVALID_PMKID;
2747 wpa_printf(MSG_DEBUG,
2748 "FT: Generated PMK-R1 for FT-PSK locally");
2749 } else if (wpa_ft_fetch_pmk_r1(sm->wpa_auth, sm->addr, pmk_r1_name,
2750 pmk_r1, &pairwise, &vlan, &identity,
2751 &identity_len, &radius_cui,
2752 &radius_cui_len, &session_timeout) < 0) {
2753 wpa_printf(MSG_DEBUG,
2754 "FT: No PMK-R1 available in local cache for the requested PMKR1Name");
2755 if (wpa_ft_local_derive_pmk_r1(sm->wpa_auth, sm,
2756 parse.r0kh_id, parse.r0kh_id_len,
2757 parse.rsn_pmkid,
2758 pmk_r1_name, pmk_r1, &pairwise,
2759 &vlan, &identity, &identity_len,
2760 &radius_cui, &radius_cui_len,
2761 &session_timeout) == 0) {
2762 wpa_printf(MSG_DEBUG,
2763 "FT: Generated PMK-R1 based on local PMK-R0");
2764 goto pmk_r1_derived;
2765 }
2766
2767 if (wpa_ft_pull_pmk_r1(sm, ies, ies_len, parse.rsn_pmkid) < 0) {
2768 wpa_printf(MSG_DEBUG,
2769 "FT: Did not have matching PMK-R1 and either unknown or blocked R0KH-ID or NAK from R0KH");
2770 return WLAN_STATUS_INVALID_PMKID;
2771 }
2772
2773 return -1; /* Status pending */
2774 } else {
2775 wpa_printf(MSG_DEBUG, "FT: Found PMKR1Name from local cache");
2776 }
2777
2778 pmk_r1_derived:
2779 wpa_hexdump_key(MSG_DEBUG, "FT: Selected PMK-R1", pmk_r1, PMK_LEN);
2780 sm->pmk_r1_name_valid = 1;
2781 os_memcpy(sm->pmk_r1_name, pmk_r1_name, WPA_PMK_NAME_LEN);
2782
2783 if (random_get_bytes(sm->ANonce, WPA_NONCE_LEN)) {
2784 wpa_printf(MSG_DEBUG, "FT: Failed to get random data for "
2785 "ANonce");
2786 return WLAN_STATUS_UNSPECIFIED_FAILURE;
2787 }
2788
2789 wpa_hexdump(MSG_DEBUG, "FT: Received SNonce",
2790 sm->SNonce, WPA_NONCE_LEN);
2791 wpa_hexdump(MSG_DEBUG, "FT: Generated ANonce",
2792 sm->ANonce, WPA_NONCE_LEN);
2793
2794 if (wpa_pmk_r1_to_ptk(pmk_r1, sm->SNonce, sm->ANonce, sm->addr,
2795 sm->wpa_auth->addr, pmk_r1_name,
2796 &sm->PTK, ptk_name, sm->wpa_key_mgmt,
2797 pairwise) < 0)
2798 return WLAN_STATUS_UNSPECIFIED_FAILURE;
2799
2800 sm->pairwise = pairwise;
2801 sm->PTK_valid = TRUE;
2802 sm->tk_already_set = FALSE;
2803 wpa_ft_install_ptk(sm);
2804
2805 if (wpa_ft_set_vlan(sm->wpa_auth, sm->addr, &vlan) < 0) {
2806 wpa_printf(MSG_DEBUG, "FT: Failed to configure VLAN");
2807 return WLAN_STATUS_UNSPECIFIED_FAILURE;
2808 }
2809 if (wpa_ft_set_identity(sm->wpa_auth, sm->addr,
2810 identity, identity_len) < 0 ||
2811 wpa_ft_set_radius_cui(sm->wpa_auth, sm->addr,
2812 radius_cui, radius_cui_len) < 0) {
2813 wpa_printf(MSG_DEBUG, "FT: Failed to configure identity/CUI");
2814 return WLAN_STATUS_UNSPECIFIED_FAILURE;
2815 }
2816 wpa_ft_set_session_timeout(sm->wpa_auth, sm->addr, session_timeout);
2817
2818 buflen = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) +
2819 2 + FT_R1KH_ID_LEN + 200;
2820 *resp_ies = os_zalloc(buflen);
2821 if (*resp_ies == NULL)
2822 goto fail;
2823
2824 pos = *resp_ies;
2825 end = *resp_ies + buflen;
2826
2827 ret = wpa_write_rsn_ie(conf, pos, end - pos, parse.rsn_pmkid);
2828 if (ret < 0)
2829 goto fail;
2830 pos += ret;
2831
2832 ret = wpa_write_mdie(conf, pos, end - pos);
2833 if (ret < 0)
2834 goto fail;
2835 pos += ret;
2836
2837 ret = wpa_write_ftie(conf, parse.r0kh_id, parse.r0kh_id_len,
2838 sm->ANonce, sm->SNonce, pos, end - pos, NULL, 0);
2839 if (ret < 0)
2840 goto fail;
2841 pos += ret;
2842
2843 *resp_ies_len = pos - *resp_ies;
2844
2845 return WLAN_STATUS_SUCCESS;
2846 fail:
2847 os_free(*resp_ies);
2848 *resp_ies = NULL;
2849 return WLAN_STATUS_UNSPECIFIED_FAILURE;
2850 }
2851
2852
2853 void wpa_ft_process_auth(struct wpa_state_machine *sm, const u8 *bssid,
2854 u16 auth_transaction, const u8 *ies, size_t ies_len,
2855 void (*cb)(void *ctx, const u8 *dst, const u8 *bssid,
2856 u16 auth_transaction, u16 status,
2857 const u8 *ies, size_t ies_len),
2858 void *ctx)
2859 {
2860 u16 status;
2861 u8 *resp_ies;
2862 size_t resp_ies_len;
2863 int res;
2864
2865 if (sm == NULL) {
2866 wpa_printf(MSG_DEBUG, "FT: Received authentication frame, but "
2867 "WPA SM not available");
2868 return;
2869 }
2870
2871 wpa_printf(MSG_DEBUG, "FT: Received authentication frame: STA=" MACSTR
2872 " BSSID=" MACSTR " transaction=%d",
2873 MAC2STR(sm->addr), MAC2STR(bssid), auth_transaction);
2874 sm->ft_pending_cb = cb;
2875 sm->ft_pending_cb_ctx = ctx;
2876 sm->ft_pending_auth_transaction = auth_transaction;
2877 sm->ft_pending_pull_left_retries = sm->wpa_auth->conf.rkh_pull_retries;
2878 res = wpa_ft_process_auth_req(sm, ies, ies_len, &resp_ies,
2879 &resp_ies_len);
2880 if (res < 0) {
2881 wpa_printf(MSG_DEBUG, "FT: Callback postponed until response is available");
2882 return;
2883 }
2884 status = res;
2885
2886 wpa_printf(MSG_DEBUG, "FT: FT authentication response: dst=" MACSTR
2887 " auth_transaction=%d status=%d",
2888 MAC2STR(sm->addr), auth_transaction + 1, status);
2889 wpa_hexdump(MSG_DEBUG, "FT: Response IEs", resp_ies, resp_ies_len);
2890 cb(ctx, sm->addr, bssid, auth_transaction + 1, status,
2891 resp_ies, resp_ies_len);
2892 os_free(resp_ies);
2893 }
2894
2895
2896 u16 wpa_ft_validate_reassoc(struct wpa_state_machine *sm, const u8 *ies,
2897 size_t ies_len)
2898 {
2899 struct wpa_ft_ies parse;
2900 struct rsn_mdie *mdie;
2901 struct rsn_ftie *ftie;
2902 u8 mic[WPA_EAPOL_KEY_MIC_MAX_LEN];
2903 size_t mic_len = 16;
2904 unsigned int count;
2905 const u8 *kck;
2906 size_t kck_len;
2907
2908 if (sm == NULL)
2909 return WLAN_STATUS_UNSPECIFIED_FAILURE;
2910
2911 wpa_hexdump(MSG_DEBUG, "FT: Reassoc Req IEs", ies, ies_len);
2912
2913 if (wpa_ft_parse_ies(ies, ies_len, &parse) < 0) {
2914 wpa_printf(MSG_DEBUG, "FT: Failed to parse FT IEs");
2915 return WLAN_STATUS_UNSPECIFIED_FAILURE;
2916 }
2917
2918 if (parse.rsn == NULL) {
2919 wpa_printf(MSG_DEBUG, "FT: No RSNIE in Reassoc Req");
2920 return WLAN_STATUS_UNSPECIFIED_FAILURE;
2921 }
2922
2923 if (parse.rsn_pmkid == NULL) {
2924 wpa_printf(MSG_DEBUG, "FT: No PMKID in RSNIE");
2925 return WLAN_STATUS_INVALID_PMKID;
2926 }
2927
2928 if (os_memcmp_const(parse.rsn_pmkid, sm->pmk_r1_name, WPA_PMK_NAME_LEN)
2929 != 0) {
2930 wpa_printf(MSG_DEBUG, "FT: PMKID in Reassoc Req did not match "
2931 "with the PMKR1Name derived from auth request");
2932 return WLAN_STATUS_INVALID_PMKID;
2933 }
2934
2935 mdie = (struct rsn_mdie *) parse.mdie;
2936 if (mdie == NULL || parse.mdie_len < sizeof(*mdie) ||
2937 os_memcmp(mdie->mobility_domain,
2938 sm->wpa_auth->conf.mobility_domain,
2939 MOBILITY_DOMAIN_ID_LEN) != 0) {
2940 wpa_printf(MSG_DEBUG, "FT: Invalid MDIE");
2941 return WLAN_STATUS_INVALID_MDIE;
2942 }
2943
2944 ftie = (struct rsn_ftie *) parse.ftie;
2945 if (ftie == NULL || parse.ftie_len < sizeof(*ftie)) {
2946 wpa_printf(MSG_DEBUG, "FT: Invalid FTIE");
2947 return WLAN_STATUS_INVALID_FTIE;
2948 }
2949
2950 if (os_memcmp(ftie->snonce, sm->SNonce, WPA_NONCE_LEN) != 0) {
2951 wpa_printf(MSG_DEBUG, "FT: SNonce mismatch in FTIE");
2952 wpa_hexdump(MSG_DEBUG, "FT: Received SNonce",
2953 ftie->snonce, WPA_NONCE_LEN);
2954 wpa_hexdump(MSG_DEBUG, "FT: Expected SNonce",
2955 sm->SNonce, WPA_NONCE_LEN);
2956 return WLAN_STATUS_INVALID_FTIE;
2957 }
2958
2959 if (os_memcmp(ftie->anonce, sm->ANonce, WPA_NONCE_LEN) != 0) {
2960 wpa_printf(MSG_DEBUG, "FT: ANonce mismatch in FTIE");
2961 wpa_hexdump(MSG_DEBUG, "FT: Received ANonce",
2962 ftie->anonce, WPA_NONCE_LEN);
2963 wpa_hexdump(MSG_DEBUG, "FT: Expected ANonce",
2964 sm->ANonce, WPA_NONCE_LEN);
2965 return WLAN_STATUS_INVALID_FTIE;
2966 }
2967
2968
2969 if (parse.r0kh_id == NULL) {
2970 wpa_printf(MSG_DEBUG, "FT: No R0KH-ID subelem in FTIE");
2971 return WLAN_STATUS_INVALID_FTIE;
2972 }
2973
2974 if (parse.r0kh_id_len != sm->r0kh_id_len ||
2975 os_memcmp_const(parse.r0kh_id, sm->r0kh_id, parse.r0kh_id_len) != 0)
2976 {
2977 wpa_printf(MSG_DEBUG, "FT: R0KH-ID in FTIE did not match with "
2978 "the current R0KH-ID");
2979 wpa_hexdump(MSG_DEBUG, "FT: R0KH-ID in FTIE",
2980 parse.r0kh_id, parse.r0kh_id_len);
2981 wpa_hexdump(MSG_DEBUG, "FT: The current R0KH-ID",
2982 sm->r0kh_id, sm->r0kh_id_len);
2983 return WLAN_STATUS_INVALID_FTIE;
2984 }
2985
2986 if (parse.r1kh_id == NULL) {
2987 wpa_printf(MSG_DEBUG, "FT: No R1KH-ID subelem in FTIE");
2988 return WLAN_STATUS_INVALID_FTIE;
2989 }
2990
2991 if (os_memcmp_const(parse.r1kh_id, sm->wpa_auth->conf.r1_key_holder,
2992 FT_R1KH_ID_LEN) != 0) {
2993 wpa_printf(MSG_DEBUG, "FT: Unknown R1KH-ID used in "
2994 "ReassocReq");
2995 wpa_hexdump(MSG_DEBUG, "FT: R1KH-ID in FTIE",
2996 parse.r1kh_id, FT_R1KH_ID_LEN);
2997 wpa_hexdump(MSG_DEBUG, "FT: Expected R1KH-ID",
2998 sm->wpa_auth->conf.r1_key_holder, FT_R1KH_ID_LEN);
2999 return WLAN_STATUS_INVALID_FTIE;
3000 }
3001
3002 if (parse.rsn_pmkid == NULL ||
3003 os_memcmp_const(parse.rsn_pmkid, sm->pmk_r1_name, WPA_PMK_NAME_LEN))
3004 {
3005 wpa_printf(MSG_DEBUG, "FT: No matching PMKR1Name (PMKID) in "
3006 "RSNIE (pmkid=%d)", !!parse.rsn_pmkid);
3007 return WLAN_STATUS_INVALID_PMKID;
3008 }
3009
3010 count = 3;
3011 if (parse.ric)
3012 count += ieee802_11_ie_count(parse.ric, parse.ric_len);
3013 if (ftie->mic_control[1] != count) {
3014 wpa_printf(MSG_DEBUG, "FT: Unexpected IE count in MIC "
3015 "Control: received %u expected %u",
3016 ftie->mic_control[1], count);
3017 return WLAN_STATUS_UNSPECIFIED_FAILURE;
3018 }
3019
3020 if (wpa_key_mgmt_fils(sm->wpa_key_mgmt)) {
3021 kck = sm->PTK.kck2;
3022 kck_len = sm->PTK.kck2_len;
3023 } else {
3024 kck = sm->PTK.kck;
3025 kck_len = sm->PTK.kck_len;
3026 }
3027 if (wpa_ft_mic(kck, kck_len, sm->addr, sm->wpa_auth->addr, 5,
3028 parse.mdie - 2, parse.mdie_len + 2,
3029 parse.ftie - 2, parse.ftie_len + 2,
3030 parse.rsn - 2, parse.rsn_len + 2,
3031 parse.ric, parse.ric_len,
3032 mic) < 0) {
3033 wpa_printf(MSG_DEBUG, "FT: Failed to calculate MIC");
3034 return WLAN_STATUS_UNSPECIFIED_FAILURE;
3035 }
3036
3037 if (os_memcmp_const(mic, ftie->mic, mic_len) != 0) {
3038 wpa_printf(MSG_DEBUG, "FT: Invalid MIC in FTIE");
3039 wpa_printf(MSG_DEBUG, "FT: addr=" MACSTR " auth_addr=" MACSTR,
3040 MAC2STR(sm->addr), MAC2STR(sm->wpa_auth->addr));
3041 wpa_hexdump(MSG_MSGDUMP, "FT: Received MIC",
3042 ftie->mic, mic_len);
3043 wpa_hexdump(MSG_MSGDUMP, "FT: Calculated MIC", mic, mic_len);
3044 wpa_hexdump(MSG_MSGDUMP, "FT: MDIE",
3045 parse.mdie - 2, parse.mdie_len + 2);
3046 wpa_hexdump(MSG_MSGDUMP, "FT: FTIE",
3047 parse.ftie - 2, parse.ftie_len + 2);
3048 wpa_hexdump(MSG_MSGDUMP, "FT: RSN",
3049 parse.rsn - 2, parse.rsn_len + 2);
3050 return WLAN_STATUS_INVALID_FTIE;
3051 }
3052
3053 return WLAN_STATUS_SUCCESS;
3054 }
3055
3056
3057 int wpa_ft_action_rx(struct wpa_state_machine *sm, const u8 *data, size_t len)
3058 {
3059 const u8 *sta_addr, *target_ap;
3060 const u8 *ies;
3061 size_t ies_len;
3062 u8 action;
3063 struct ft_rrb_frame *frame;
3064
3065 if (sm == NULL)
3066 return -1;
3067
3068 /*
3069 * data: Category[1] Action[1] STA_Address[6] Target_AP_Address[6]
3070 * FT Request action frame body[variable]
3071 */
3072
3073 if (len < 14) {
3074 wpa_printf(MSG_DEBUG, "FT: Too short FT Action frame "
3075 "(len=%lu)", (unsigned long) len);
3076 return -1;
3077 }
3078
3079 action = data[1];
3080 sta_addr = data + 2;
3081 target_ap = data + 8;
3082 ies = data + 14;
3083 ies_len = len - 14;
3084
3085 wpa_printf(MSG_DEBUG, "FT: Received FT Action frame (STA=" MACSTR
3086 " Target AP=" MACSTR " Action=%d)",
3087 MAC2STR(sta_addr), MAC2STR(target_ap), action);
3088
3089 if (os_memcmp(sta_addr, sm->addr, ETH_ALEN) != 0) {
3090 wpa_printf(MSG_DEBUG, "FT: Mismatch in FT Action STA address: "
3091 "STA=" MACSTR " STA-Address=" MACSTR,
3092 MAC2STR(sm->addr), MAC2STR(sta_addr));
3093 return -1;
3094 }
3095
3096 /*
3097 * Do some sanity checking on the target AP address (not own and not
3098 * broadcast. This could be extended to filter based on a list of known
3099 * APs in the MD (if such a list were configured).
3100 */
3101 if ((target_ap[0] & 0x01) ||
3102 os_memcmp(target_ap, sm->wpa_auth->addr, ETH_ALEN) == 0) {
3103 wpa_printf(MSG_DEBUG, "FT: Invalid Target AP in FT Action "
3104 "frame");
3105 return -1;
3106 }
3107
3108 wpa_hexdump(MSG_MSGDUMP, "FT: Action frame body", ies, ies_len);
3109
3110 if (!sm->wpa_auth->conf.ft_over_ds) {
3111 wpa_printf(MSG_DEBUG, "FT: Over-DS option disabled - reject");
3112 return -1;
3113 }
3114
3115 /* RRB - Forward action frame to the target AP */
3116 frame = os_malloc(sizeof(*frame) + len);
3117 if (frame == NULL)
3118 return -1;
3119 frame->frame_type = RSN_REMOTE_FRAME_TYPE_FT_RRB;
3120 frame->packet_type = FT_PACKET_REQUEST;
3121 frame->action_length = host_to_le16(len);
3122 os_memcpy(frame->ap_address, sm->wpa_auth->addr, ETH_ALEN);
3123 os_memcpy(frame + 1, data, len);
3124
3125 wpa_ft_rrb_send(sm->wpa_auth, target_ap, (u8 *) frame,
3126 sizeof(*frame) + len);
3127 os_free(frame);
3128
3129 return 0;
3130 }
3131
3132
3133 static void wpa_ft_rrb_rx_request_cb(void *ctx, const u8 *dst, const u8 *bssid,
3134 u16 auth_transaction, u16 resp,
3135 const u8 *ies, size_t ies_len)
3136 {
3137 struct wpa_state_machine *sm = ctx;
3138 wpa_printf(MSG_DEBUG, "FT: Over-the-DS RX request cb for " MACSTR,
3139 MAC2STR(sm->addr));
3140 wpa_ft_send_rrb_auth_resp(sm, sm->ft_pending_current_ap, sm->addr,
3141 WLAN_STATUS_SUCCESS, ies, ies_len);
3142 }
3143
3144
3145 static int wpa_ft_rrb_rx_request(struct wpa_authenticator *wpa_auth,
3146 const u8 *current_ap, const u8 *sta_addr,
3147 const u8 *body, size_t len)
3148 {
3149 struct wpa_state_machine *sm;
3150 u16 status;
3151 u8 *resp_ies;
3152 size_t resp_ies_len;
3153 int res;
3154
3155 sm = wpa_ft_add_sta(wpa_auth, sta_addr);
3156 if (sm == NULL) {
3157 wpa_printf(MSG_DEBUG, "FT: Failed to add new STA based on "
3158 "RRB Request");
3159 return -1;
3160 }
3161
3162 wpa_hexdump(MSG_MSGDUMP, "FT: RRB Request Frame body", body, len);
3163
3164 sm->ft_pending_cb = wpa_ft_rrb_rx_request_cb;
3165 sm->ft_pending_cb_ctx = sm;
3166 os_memcpy(sm->ft_pending_current_ap, current_ap, ETH_ALEN);
3167 sm->ft_pending_pull_left_retries = sm->wpa_auth->conf.rkh_pull_retries;
3168 res = wpa_ft_process_auth_req(sm, body, len, &resp_ies,
3169 &resp_ies_len);
3170 if (res < 0) {
3171 wpa_printf(MSG_DEBUG, "FT: No immediate response available - wait for pull response");
3172 return 0;
3173 }
3174 status = res;
3175
3176 res = wpa_ft_send_rrb_auth_resp(sm, current_ap, sta_addr, status,
3177 resp_ies, resp_ies_len);
3178 os_free(resp_ies);
3179 return res;
3180 }
3181
3182
3183 static int wpa_ft_send_rrb_auth_resp(struct wpa_state_machine *sm,
3184 const u8 *current_ap, const u8 *sta_addr,
3185 u16 status, const u8 *resp_ies,
3186 size_t resp_ies_len)
3187 {
3188 struct wpa_authenticator *wpa_auth = sm->wpa_auth;
3189 size_t rlen;
3190 struct ft_rrb_frame *frame;
3191 u8 *pos;
3192
3193 wpa_printf(MSG_DEBUG, "FT: RRB authentication response: STA=" MACSTR
3194 " CurrentAP=" MACSTR " status=%d",
3195 MAC2STR(sm->addr), MAC2STR(current_ap), status);
3196 wpa_hexdump(MSG_DEBUG, "FT: Response IEs", resp_ies, resp_ies_len);
3197
3198 /* RRB - Forward action frame response to the Current AP */
3199
3200 /*
3201 * data: Category[1] Action[1] STA_Address[6] Target_AP_Address[6]
3202 * Status_Code[2] FT Request action frame body[variable]
3203 */
3204 rlen = 2 + 2 * ETH_ALEN + 2 + resp_ies_len;
3205
3206 frame = os_malloc(sizeof(*frame) + rlen);
3207 if (frame == NULL)
3208 return -1;
3209 frame->frame_type = RSN_REMOTE_FRAME_TYPE_FT_RRB;
3210 frame->packet_type = FT_PACKET_RESPONSE;
3211 frame->action_length = host_to_le16(rlen);
3212 os_memcpy(frame->ap_address, wpa_auth->addr, ETH_ALEN);
3213 pos = (u8 *) (frame + 1);
3214 *pos++ = WLAN_ACTION_FT;
3215 *pos++ = 2; /* Action: Response */
3216 os_memcpy(pos, sta_addr, ETH_ALEN);
3217 pos += ETH_ALEN;
3218 os_memcpy(pos, wpa_auth->addr, ETH_ALEN);
3219 pos += ETH_ALEN;
3220 WPA_PUT_LE16(pos, status);
3221 pos += 2;
3222 if (resp_ies)
3223 os_memcpy(pos, resp_ies, resp_ies_len);
3224
3225 wpa_ft_rrb_send(wpa_auth, current_ap, (u8 *) frame,
3226 sizeof(*frame) + rlen);
3227 os_free(frame);
3228
3229 return 0;
3230 }
3231
3232
3233 static int wpa_ft_rrb_build_r0(const u8 *key, const size_t key_len,
3234 const struct tlv_list *tlvs,
3235 const struct wpa_ft_pmk_r0_sa *pmk_r0,
3236 const u8 *r1kh_id, const u8 *s1kh_id,
3237 const struct tlv_list *tlv_auth,
3238 const u8 *src_addr, u8 type,
3239 u8 **packet, size_t *packet_len)
3240 {
3241 u8 pmk_r1[PMK_LEN];
3242 u8 pmk_r1_name[WPA_PMK_NAME_LEN];
3243 u8 f_pairwise[sizeof(le16)];
3244 u8 f_expires_in[sizeof(le16)];
3245 u8 f_session_timeout[sizeof(le32)];
3246 int expires_in;
3247 int session_timeout;
3248 struct os_reltime now;
3249 int ret;
3250 struct tlv_list sess_tlv[] = {
3251 { .type = FT_RRB_PMK_R1, .len = sizeof(pmk_r1),
3252 .data = pmk_r1 },
3253 { .type = FT_RRB_PMK_R1_NAME, .len = sizeof(pmk_r1_name),
3254 .data = pmk_r1_name },
3255 { .type = FT_RRB_PAIRWISE, .len = sizeof(f_pairwise),
3256 .data = f_pairwise },
3257 { .type = FT_RRB_EXPIRES_IN, .len = sizeof(f_expires_in),
3258 .data = f_expires_in },
3259 { .type = FT_RRB_IDENTITY, .len = pmk_r0->identity_len,
3260 .data = pmk_r0->identity },
3261 { .type = FT_RRB_RADIUS_CUI, .len = pmk_r0->radius_cui_len,
3262 .data = pmk_r0->radius_cui },
3263 { .type = FT_RRB_SESSION_TIMEOUT,
3264 .len = sizeof(f_session_timeout),
3265 .data = f_session_timeout },
3266 { .type = FT_RRB_LAST_EMPTY, .len = 0, .data = NULL },
3267 };
3268
3269 if (wpa_derive_pmk_r1(pmk_r0->pmk_r0, pmk_r0->pmk_r0_name, r1kh_id,
3270 s1kh_id, pmk_r1, pmk_r1_name) < 0)
3271 return -1;
3272 wpa_hexdump_key(MSG_DEBUG, "FT: PMK-R1", pmk_r1, PMK_LEN);
3273 wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name", pmk_r1_name, WPA_PMK_NAME_LEN);
3274 WPA_PUT_LE16(f_pairwise, pmk_r0->pairwise);
3275
3276 os_get_reltime(&now);
3277 if (pmk_r0->expiration > now.sec)
3278 expires_in = pmk_r0->expiration - now.sec;
3279 else if (pmk_r0->expiration)
3280 expires_in = 1;
3281 else
3282 expires_in = 0;
3283 WPA_PUT_LE16(f_expires_in, expires_in);
3284
3285 if (pmk_r0->session_timeout > now.sec)
3286 session_timeout = pmk_r0->session_timeout - now.sec;
3287 else if (pmk_r0->session_timeout)
3288 session_timeout = 1;
3289 else
3290 session_timeout = 0;
3291 WPA_PUT_LE32(f_session_timeout, session_timeout);
3292
3293 ret = wpa_ft_rrb_build(key, key_len, tlvs, sess_tlv, tlv_auth,
3294 pmk_r0->vlan, src_addr, type,
3295 packet, packet_len);
3296
3297 os_memset(pmk_r1, 0, sizeof(pmk_r1));
3298
3299 return ret;
3300 }
3301
3302
3303 static int wpa_ft_rrb_rx_pull(struct wpa_authenticator *wpa_auth,
3304 const u8 *src_addr,
3305 const u8 *enc, size_t enc_len,
3306 const u8 *auth, size_t auth_len,
3307 int no_defer)
3308 {
3309 const char *msgtype = "pull request";
3310 u8 *plain = NULL, *packet = NULL;
3311 size_t plain_len = 0, packet_len = 0;
3312 struct ft_remote_r1kh *r1kh, *r1kh_wildcard;
3313 const u8 *key;
3314 size_t key_len;
3315 int seq_ret;
3316 const u8 *f_nonce, *f_r0kh_id, *f_r1kh_id, *f_s1kh_id, *f_pmk_r0_name;
3317 size_t f_nonce_len, f_r0kh_id_len, f_r1kh_id_len, f_s1kh_id_len;
3318 size_t f_pmk_r0_name_len;
3319 const struct wpa_ft_pmk_r0_sa *r0;
3320 int ret;
3321 struct tlv_list resp[2];
3322 struct tlv_list resp_auth[5];
3323 struct ft_rrb_seq f_seq;
3324
3325 wpa_printf(MSG_DEBUG, "FT: Received PMK-R1 pull");
3326
3327 RRB_GET_AUTH(FT_RRB_R0KH_ID, r0kh_id, msgtype, -1);
3328 wpa_hexdump(MSG_DEBUG, "FT: R0KH-ID", f_r0kh_id, f_r0kh_id_len);
3329
3330 if (wpa_ft_rrb_check_r0kh(wpa_auth, f_r0kh_id, f_r0kh_id_len)) {
3331 wpa_printf(MSG_DEBUG, "FT: R0KH-ID mismatch");
3332 goto out;
3333 }
3334
3335 RRB_GET_AUTH(FT_RRB_R1KH_ID, r1kh_id, msgtype, FT_R1KH_ID_LEN);
3336 wpa_printf(MSG_DEBUG, "FT: R1KH-ID=" MACSTR, MAC2STR(f_r1kh_id));
3337
3338 wpa_ft_rrb_lookup_r1kh(wpa_auth, f_r1kh_id, &r1kh, &r1kh_wildcard);
3339 if (r1kh) {
3340 key = r1kh->key;
3341 key_len = sizeof(r1kh->key);
3342 } else if (r1kh_wildcard) {
3343 wpa_printf(MSG_DEBUG, "FT: Using wildcard R1KH-ID");
3344 key = r1kh_wildcard->key;
3345 key_len = sizeof(r1kh_wildcard->key);
3346 } else {
3347 goto out;
3348 }
3349
3350 RRB_GET_AUTH(FT_RRB_NONCE, nonce, "pull request", FT_RRB_NONCE_LEN);
3351 wpa_hexdump(MSG_DEBUG, "FT: nonce", f_nonce, f_nonce_len);
3352
3353 seq_ret = FT_RRB_SEQ_DROP;
3354 if (r1kh)
3355 seq_ret = wpa_ft_rrb_seq_chk(r1kh->seq, src_addr, enc, enc_len,
3356 auth, auth_len, msgtype, no_defer);
3357 if (!no_defer && r1kh_wildcard &&
3358 (!r1kh || os_memcmp(r1kh->addr, src_addr, ETH_ALEN) != 0)) {
3359 /* wildcard: r1kh-id unknown or changed addr -> do a seq req */
3360 seq_ret = FT_RRB_SEQ_DEFER;
3361 }
3362
3363 if (seq_ret == FT_RRB_SEQ_DROP)
3364 goto out;
3365
3366 if (wpa_ft_rrb_decrypt(key, key_len, enc, enc_len, auth, auth_len,
3367 src_addr, FT_PACKET_R0KH_R1KH_PULL,
3368 &plain, &plain_len) < 0)
3369 goto out;
3370
3371 if (!r1kh)
3372 r1kh = wpa_ft_rrb_add_r1kh(wpa_auth, r1kh_wildcard, src_addr,
3373 f_r1kh_id,
3374 wpa_auth->conf.rkh_pos_timeout);
3375 if (!r1kh)
3376 goto out;
3377
3378 if (seq_ret == FT_RRB_SEQ_DEFER) {
3379 wpa_ft_rrb_seq_req(wpa_auth, r1kh->seq, src_addr, f_r0kh_id,
3380 f_r0kh_id_len, f_r1kh_id, key, key_len,
3381 enc, enc_len, auth, auth_len,
3382 &wpa_ft_rrb_rx_pull);
3383 goto out;
3384 }
3385
3386 wpa_ft_rrb_seq_accept(wpa_auth, r1kh->seq, src_addr, auth, auth_len,
3387 msgtype);
3388 wpa_ft_rrb_r1kh_replenish(wpa_auth, r1kh,
3389 wpa_auth->conf.rkh_pos_timeout);
3390
3391 RRB_GET(FT_RRB_PMK_R0_NAME, pmk_r0_name, msgtype, WPA_PMK_NAME_LEN);
3392 wpa_hexdump(MSG_DEBUG, "FT: PMKR0Name", f_pmk_r0_name,
3393 f_pmk_r0_name_len);
3394
3395 RRB_GET(FT_RRB_S1KH_ID, s1kh_id, msgtype, ETH_ALEN);
3396 wpa_printf(MSG_DEBUG, "FT: S1KH-ID=" MACSTR, MAC2STR(f_s1kh_id));
3397
3398 if (wpa_ft_new_seq(r1kh->seq, &f_seq) < 0) {
3399 wpa_printf(MSG_DEBUG, "FT: Failed to get seq num");
3400 goto out;
3401 }
3402
3403 resp[0].type = FT_RRB_S1KH_ID;
3404 resp[0].len = f_s1kh_id_len;
3405 resp[0].data = f_s1kh_id;
3406 resp[1].type = FT_RRB_LAST_EMPTY;
3407 resp[1].len = 0;
3408 resp[1].data = NULL;
3409
3410 resp_auth[0].type = FT_RRB_NONCE;
3411 resp_auth[0].len = f_nonce_len;
3412 resp_auth[0].data = f_nonce;
3413 resp_auth[1].type = FT_RRB_SEQ;
3414 resp_auth[1].len = sizeof(f_seq);
3415 resp_auth[1].data = (u8 *) &f_seq;
3416 resp_auth[2].type = FT_RRB_R0KH_ID;
3417 resp_auth[2].len = f_r0kh_id_len;
3418 resp_auth[2].data = f_r0kh_id;
3419 resp_auth[3].type = FT_RRB_R1KH_ID;
3420 resp_auth[3].len = f_r1kh_id_len;
3421 resp_auth[3].data = f_r1kh_id;
3422 resp_auth[4].type = FT_RRB_LAST_EMPTY;
3423 resp_auth[4].len = 0;
3424 resp_auth[4].data = NULL;
3425
3426 if (wpa_ft_fetch_pmk_r0(wpa_auth, f_s1kh_id, f_pmk_r0_name, &r0) < 0) {
3427 wpa_printf(MSG_DEBUG, "FT: No matching PMK-R0-Name found");
3428 ret = wpa_ft_rrb_build(key, key_len, resp, NULL, resp_auth,
3429 NULL, wpa_auth->addr,
3430 FT_PACKET_R0KH_R1KH_RESP,
3431 &packet, &packet_len);
3432 } else {
3433 ret = wpa_ft_rrb_build_r0(key, key_len, resp, r0, f_r1kh_id,
3434 f_s1kh_id, resp_auth, wpa_auth->addr,
3435 FT_PACKET_R0KH_R1KH_RESP,
3436 &packet, &packet_len);
3437 }
3438
3439 if (!ret)
3440 wpa_ft_rrb_oui_send(wpa_auth, src_addr,
3441 FT_PACKET_R0KH_R1KH_RESP, packet,
3442 packet_len);
3443
3444 out:
3445 os_free(plain);
3446 os_free(packet);
3447
3448 return 0;
3449 }
3450
3451
3452 /* @returns 0 on success
3453 * -1 on error
3454 * -2 if FR_RRB_PAIRWISE is missing
3455 */
3456 static int wpa_ft_rrb_rx_r1(struct wpa_authenticator *wpa_auth,
3457 const u8 *src_addr, u8 type,
3458 const u8 *enc, size_t enc_len,
3459 const u8 *auth, size_t auth_len,
3460 const char *msgtype, u8 *s1kh_id_out,
3461 int (*cb)(struct wpa_authenticator *wpa_auth,
3462 const u8 *src_addr,
3463 const u8 *enc, size_t enc_len,
3464 const u8 *auth, size_t auth_len,
3465 int no_defer))
3466 {
3467 u8 *plain = NULL;
3468 size_t plain_len = 0;
3469 struct ft_remote_r0kh *r0kh, *r0kh_wildcard;
3470 const u8 *key;
3471 size_t key_len;
3472 int seq_ret;
3473 const u8 *f_r1kh_id, *f_s1kh_id, *f_r0kh_id;
3474 const u8 *f_pmk_r1_name, *f_pairwise, *f_pmk_r1;
3475 const u8 *f_expires_in;
3476 size_t f_r1kh_id_len, f_s1kh_id_len, f_r0kh_id_len;
3477 const u8 *f_identity, *f_radius_cui;
3478 const u8 *f_session_timeout;
3479 size_t f_pmk_r1_name_len, f_pairwise_len, f_pmk_r1_len;
3480 size_t f_expires_in_len;
3481 size_t f_identity_len, f_radius_cui_len;
3482 size_t f_session_timeout_len;
3483 int pairwise;
3484 int ret = -1;
3485 int expires_in;
3486 int session_timeout;
3487 struct vlan_description vlan;
3488
3489 RRB_GET_AUTH(FT_RRB_R0KH_ID, r0kh_id, msgtype, -1);
3490 wpa_hexdump(MSG_DEBUG, "FT: R0KH-ID", f_r0kh_id, f_r0kh_id_len);
3491
3492 RRB_GET_AUTH(FT_RRB_R1KH_ID, r1kh_id, msgtype, FT_R1KH_ID_LEN);
3493 wpa_printf(MSG_DEBUG, "FT: R1KH-ID=" MACSTR, MAC2STR(f_r1kh_id));
3494
3495 if (wpa_ft_rrb_check_r1kh(wpa_auth, f_r1kh_id)) {
3496 wpa_printf(MSG_DEBUG, "FT: R1KH-ID mismatch");
3497 goto out;
3498 }
3499
3500 wpa_ft_rrb_lookup_r0kh(wpa_auth, f_r0kh_id, f_r0kh_id_len, &r0kh,
3501 &r0kh_wildcard);
3502 if (r0kh) {
3503 key = r0kh->key;
3504 key_len = sizeof(r0kh->key);
3505 } else if (r0kh_wildcard) {
3506 wpa_printf(MSG_DEBUG, "FT: Using wildcard R0KH-ID");
3507 key = r0kh_wildcard->key;
3508 key_len = sizeof(r0kh_wildcard->key);
3509 } else {
3510 goto out;
3511 }
3512
3513 seq_ret = FT_RRB_SEQ_DROP;
3514 if (r0kh) {
3515 seq_ret = wpa_ft_rrb_seq_chk(r0kh->seq, src_addr, enc, enc_len,
3516 auth, auth_len, msgtype,
3517 cb ? 0 : 1);
3518 }
3519 if (cb && r0kh_wildcard &&
3520 (!r0kh || os_memcmp(r0kh->addr, src_addr, ETH_ALEN) != 0)) {
3521 /* wildcard: r0kh-id unknown or changed addr -> do a seq req */
3522 seq_ret = FT_RRB_SEQ_DEFER;
3523 }
3524
3525 if (seq_ret == FT_RRB_SEQ_DROP)
3526 goto out;
3527
3528 if (wpa_ft_rrb_decrypt(key, key_len, enc, enc_len, auth, auth_len,
3529 src_addr, type, &plain, &plain_len) < 0)
3530 goto out;
3531
3532 if (!r0kh)
3533 r0kh = wpa_ft_rrb_add_r0kh(wpa_auth, r0kh_wildcard, src_addr,
3534 f_r0kh_id, f_r0kh_id_len,
3535 wpa_auth->conf.rkh_pos_timeout);
3536 if (!r0kh)
3537 goto out;
3538
3539 if (seq_ret == FT_RRB_SEQ_DEFER) {
3540 wpa_ft_rrb_seq_req(wpa_auth, r0kh->seq, src_addr, f_r0kh_id,
3541 f_r0kh_id_len, f_r1kh_id, key, key_len,
3542 enc, enc_len, auth, auth_len, cb);
3543 goto out;
3544 }
3545
3546 wpa_ft_rrb_seq_accept(wpa_auth, r0kh->seq, src_addr, auth, auth_len,
3547 msgtype);
3548 wpa_ft_rrb_r0kh_replenish(wpa_auth, r0kh,
3549 wpa_auth->conf.rkh_pos_timeout);
3550
3551 RRB_GET(FT_RRB_S1KH_ID, s1kh_id, msgtype, ETH_ALEN);
3552 wpa_printf(MSG_DEBUG, "FT: S1KH-ID=" MACSTR, MAC2STR(f_s1kh_id));
3553
3554 if (s1kh_id_out)
3555 os_memcpy(s1kh_id_out, f_s1kh_id, ETH_ALEN);
3556
3557 ret = -2;
3558 RRB_GET(FT_RRB_PAIRWISE, pairwise, msgtype, sizeof(le16));
3559 wpa_hexdump(MSG_DEBUG, "FT: pairwise", f_pairwise, f_pairwise_len);
3560
3561 ret = -1;
3562 RRB_GET(FT_RRB_PMK_R1_NAME, pmk_r1_name, msgtype, WPA_PMK_NAME_LEN);
3563 wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name",
3564 f_pmk_r1_name, WPA_PMK_NAME_LEN);
3565
3566 RRB_GET(FT_RRB_PMK_R1, pmk_r1, msgtype, PMK_LEN);
3567 wpa_hexdump_key(MSG_DEBUG, "FT: PMK-R1", f_pmk_r1, PMK_LEN);
3568
3569 pairwise = WPA_GET_LE16(f_pairwise);
3570
3571 RRB_GET_OPTIONAL(FT_RRB_EXPIRES_IN, expires_in, msgtype,
3572 sizeof(le16));
3573 if (f_expires_in)
3574 expires_in = WPA_GET_LE16(f_expires_in);
3575 else
3576 expires_in = 0;
3577
3578 wpa_printf(MSG_DEBUG, "FT: PMK-R1 %s - expires_in=%d", msgtype,
3579 expires_in);
3580
3581 if (wpa_ft_rrb_get_tlv_vlan(plain, plain_len, &vlan) < 0) {
3582 wpa_printf(MSG_DEBUG, "FT: Cannot parse vlan");
3583 wpa_ft_rrb_dump(plain, plain_len);
3584 goto out;
3585 }
3586
3587 wpa_printf(MSG_DEBUG, "FT: vlan %d%s",
3588 le_to_host16(vlan.untagged), vlan.tagged[0] ? "+" : "");
3589
3590 RRB_GET_OPTIONAL(FT_RRB_IDENTITY, identity, msgtype, -1);
3591 if (f_identity)
3592 wpa_hexdump_ascii(MSG_DEBUG, "FT: Identity", f_identity,
3593 f_identity_len);
3594
3595 RRB_GET_OPTIONAL(FT_RRB_RADIUS_CUI, radius_cui, msgtype, -1);
3596 if (f_radius_cui)
3597 wpa_hexdump_ascii(MSG_DEBUG, "FT: CUI", f_radius_cui,
3598 f_radius_cui_len);
3599
3600 RRB_GET_OPTIONAL(FT_RRB_SESSION_TIMEOUT, session_timeout, msgtype,
3601 sizeof(le32));
3602 if (f_session_timeout)
3603 session_timeout = WPA_GET_LE32(f_session_timeout);
3604 else
3605 session_timeout = 0;
3606 wpa_printf(MSG_DEBUG, "FT: session_timeout %d", session_timeout);
3607
3608 if (wpa_ft_store_pmk_r1(wpa_auth, f_s1kh_id, f_pmk_r1, f_pmk_r1_name,
3609 pairwise, &vlan, expires_in, session_timeout,
3610 f_identity, f_identity_len, f_radius_cui,
3611 f_radius_cui_len) < 0)
3612 goto out;
3613
3614 ret = 0;
3615 out:
3616 if (plain) {
3617 os_memset(plain, 0, plain_len);
3618 os_free(plain);
3619 }
3620
3621 return ret;
3622
3623 }
3624
3625
3626 static void ft_finish_pull(struct wpa_state_machine *sm)
3627 {
3628 int res;
3629 u8 *resp_ies;
3630 size_t resp_ies_len;
3631 u16 status;
3632
3633 if (!sm->ft_pending_cb || !sm->ft_pending_req_ies)
3634 return;
3635
3636 res = wpa_ft_process_auth_req(sm, wpabuf_head(sm->ft_pending_req_ies),
3637 wpabuf_len(sm->ft_pending_req_ies),
3638 &resp_ies, &resp_ies_len);
3639 if (res < 0) {
3640 /* this loop is broken by ft_pending_pull_left_retries */
3641 wpa_printf(MSG_DEBUG,
3642 "FT: Callback postponed until response is available");
3643 return;
3644 }
3645 wpabuf_free(sm->ft_pending_req_ies);
3646 sm->ft_pending_req_ies = NULL;
3647 status = res;
3648 wpa_printf(MSG_DEBUG, "FT: Postponed auth callback result for " MACSTR
3649 " - status %u", MAC2STR(sm->addr), status);
3650
3651 sm->ft_pending_cb(sm->ft_pending_cb_ctx, sm->addr, sm->wpa_auth->addr,
3652 sm->ft_pending_auth_transaction + 1, status,
3653 resp_ies, resp_ies_len);
3654 os_free(resp_ies);
3655 }
3656
3657
3658 struct ft_get_sta_ctx {
3659 const u8 *nonce;
3660 const u8 *s1kh_id;
3661 struct wpa_state_machine *sm;
3662 };
3663
3664
3665 static int ft_get_sta_cb(struct wpa_state_machine *sm, void *ctx)
3666 {
3667 struct ft_get_sta_ctx *info = ctx;
3668
3669 if ((info->s1kh_id &&
3670 os_memcmp(info->s1kh_id, sm->addr, ETH_ALEN) != 0) ||
3671 os_memcmp(info->nonce, sm->ft_pending_pull_nonce,
3672 FT_RRB_NONCE_LEN) != 0 ||
3673 sm->ft_pending_cb == NULL || sm->ft_pending_req_ies == NULL)
3674 return 0;
3675
3676 info->sm = sm;
3677
3678 return 1;
3679 }
3680
3681
3682 static int wpa_ft_rrb_rx_resp(struct wpa_authenticator *wpa_auth,
3683 const u8 *src_addr,
3684 const u8 *enc, size_t enc_len,
3685 const u8 *auth, size_t auth_len,
3686 int no_defer)
3687 {
3688 const char *msgtype = "pull response";
3689 int nak, ret = -1;
3690 struct ft_get_sta_ctx ctx;
3691 u8 s1kh_id[ETH_ALEN];
3692 const u8 *f_nonce;
3693 size_t f_nonce_len;
3694
3695 wpa_printf(MSG_DEBUG, "FT: Received PMK-R1 pull response");
3696
3697 RRB_GET_AUTH(FT_RRB_NONCE, nonce, msgtype, FT_RRB_NONCE_LEN);
3698 wpa_hexdump(MSG_DEBUG, "FT: nonce", f_nonce, f_nonce_len);
3699
3700 os_memset(&ctx, 0, sizeof(ctx));
3701 ctx.nonce = f_nonce;
3702 if (!wpa_auth_for_each_sta(wpa_auth, ft_get_sta_cb, &ctx)) {
3703 /* nonce not found */
3704 wpa_printf(MSG_DEBUG, "FT: Invalid nonce");
3705 return -1;
3706 }
3707
3708 ret = wpa_ft_rrb_rx_r1(wpa_auth, src_addr, FT_PACKET_R0KH_R1KH_RESP,
3709 enc, enc_len, auth, auth_len, msgtype, s1kh_id,
3710 no_defer ? NULL : &wpa_ft_rrb_rx_resp);
3711 if (ret == -2) {
3712 ret = 0;
3713 nak = 1;
3714 } else {
3715 nak = 0;
3716 }
3717 if (ret < 0)
3718 return -1;
3719
3720 ctx.s1kh_id = s1kh_id;
3721 if (wpa_auth_for_each_sta(wpa_auth, ft_get_sta_cb, &ctx)) {
3722 wpa_printf(MSG_DEBUG,
3723 "FT: Response to a pending pull request for " MACSTR,
3724 MAC2STR(ctx.sm->addr));
3725 eloop_cancel_timeout(wpa_ft_expire_pull, ctx.sm, NULL);
3726 if (nak)
3727 ctx.sm->ft_pending_pull_left_retries = 0;
3728 ft_finish_pull(ctx.sm);
3729 }
3730
3731 out:
3732 return ret;
3733 }
3734
3735
3736 static int wpa_ft_rrb_rx_push(struct wpa_authenticator *wpa_auth,
3737 const u8 *src_addr,
3738 const u8 *enc, size_t enc_len,
3739 const u8 *auth, size_t auth_len, int no_defer)
3740 {
3741 const char *msgtype = "push";
3742
3743 wpa_printf(MSG_DEBUG, "FT: Received PMK-R1 push");
3744
3745 if (wpa_ft_rrb_rx_r1(wpa_auth, src_addr, FT_PACKET_R0KH_R1KH_PUSH,
3746 enc, enc_len, auth, auth_len, msgtype, NULL,
3747 no_defer ? NULL : wpa_ft_rrb_rx_push) < 0)
3748 return -1;
3749
3750 return 0;
3751 }
3752
3753
3754 static int wpa_ft_rrb_rx_seq(struct wpa_authenticator *wpa_auth,
3755 const u8 *src_addr, int type,
3756 const u8 *enc, size_t enc_len,
3757 const u8 *auth, size_t auth_len,
3758 struct ft_remote_seq **rkh_seq,
3759 u8 **key, size_t *key_len,
3760 struct ft_remote_r0kh **r0kh_out,
3761 struct ft_remote_r1kh **r1kh_out,
3762 struct ft_remote_r0kh **r0kh_wildcard_out,
3763 struct ft_remote_r1kh **r1kh_wildcard_out)
3764 {
3765 struct ft_remote_r0kh *r0kh = NULL;
3766 struct ft_remote_r1kh *r1kh = NULL;
3767 const u8 *f_r0kh_id, *f_r1kh_id;
3768 size_t f_r0kh_id_len, f_r1kh_id_len;
3769 int to_r0kh, to_r1kh;
3770 u8 *plain = NULL;
3771 size_t plain_len = 0;
3772 struct ft_remote_r0kh *r0kh_wildcard;
3773 struct ft_remote_r1kh *r1kh_wildcard;
3774
3775 RRB_GET_AUTH(FT_RRB_R0KH_ID, r0kh_id, "seq", -1);
3776 RRB_GET_AUTH(FT_RRB_R1KH_ID, r1kh_id, "seq", FT_R1KH_ID_LEN);
3777
3778 to_r0kh = !wpa_ft_rrb_check_r0kh(wpa_auth, f_r0kh_id, f_r0kh_id_len);
3779 to_r1kh = !wpa_ft_rrb_check_r1kh(wpa_auth, f_r1kh_id);
3780
3781 if (to_r0kh && to_r1kh) {
3782 wpa_printf(MSG_DEBUG, "FT: seq - local R0KH-ID and R1KH-ID");
3783 goto out;
3784 }
3785
3786 if (!to_r0kh && !to_r1kh) {
3787 wpa_printf(MSG_DEBUG, "FT: seq - remote R0KH-ID and R1KH-ID");
3788 goto out;
3789 }
3790
3791 if (!to_r0kh) {
3792 wpa_ft_rrb_lookup_r0kh(wpa_auth, f_r0kh_id, f_r0kh_id_len,
3793 &r0kh, &r0kh_wildcard);
3794 if (!r0kh_wildcard &&
3795 (!r0kh || os_memcmp(r0kh->addr, src_addr, ETH_ALEN) != 0)) {
3796 wpa_hexdump(MSG_DEBUG, "FT: Did not find R0KH-ID",
3797 f_r0kh_id, f_r0kh_id_len);
3798 goto out;
3799 }
3800 if (r0kh) {
3801 *key = r0kh->key;
3802 *key_len = sizeof(r0kh->key);
3803 } else {
3804 *key = r0kh_wildcard->key;
3805 *key_len = sizeof(r0kh_wildcard->key);
3806 }
3807 }
3808
3809 if (!to_r1kh) {
3810 wpa_ft_rrb_lookup_r1kh(wpa_auth, f_r1kh_id, &r1kh,
3811 &r1kh_wildcard);
3812 if (!r1kh_wildcard &&
3813 (!r1kh || os_memcmp(r1kh->addr, src_addr, ETH_ALEN) != 0)) {
3814 wpa_hexdump(MSG_DEBUG, "FT: Did not find R1KH-ID",
3815 f_r1kh_id, FT_R1KH_ID_LEN);
3816 goto out;
3817 }
3818 if (r1kh) {
3819 *key = r1kh->key;
3820 *key_len = sizeof(r1kh->key);
3821 } else {
3822 *key = r1kh_wildcard->key;
3823 *key_len = sizeof(r1kh_wildcard->key);
3824 }
3825 }
3826
3827 if (wpa_ft_rrb_decrypt(*key, *key_len, enc, enc_len, auth, auth_len,
3828 src_addr, type, &plain, &plain_len) < 0)
3829 goto out;
3830
3831 os_free(plain);
3832
3833 if (!to_r0kh) {
3834 if (!r0kh)
3835 r0kh = wpa_ft_rrb_add_r0kh(wpa_auth, r0kh_wildcard,
3836 src_addr, f_r0kh_id,
3837 f_r0kh_id_len,
3838 ftRRBseqTimeout);
3839 if (!r0kh)
3840 goto out;
3841
3842 wpa_ft_rrb_r0kh_replenish(wpa_auth, r0kh, ftRRBseqTimeout);
3843 *rkh_seq = r0kh->seq;
3844 if (r0kh_out)
3845 *r0kh_out = r0kh;
3846 if (r0kh_wildcard_out)
3847 *r0kh_wildcard_out = r0kh_wildcard;
3848 }
3849
3850 if (!to_r1kh) {
3851 if (!r1kh)
3852 r1kh = wpa_ft_rrb_add_r1kh(wpa_auth, r1kh_wildcard,
3853 src_addr, f_r1kh_id,
3854 ftRRBseqTimeout);
3855 if (!r1kh)
3856 goto out;
3857
3858 wpa_ft_rrb_r1kh_replenish(wpa_auth, r1kh, ftRRBseqTimeout);
3859 *rkh_seq = r1kh->seq;
3860 if (r1kh_out)
3861 *r1kh_out = r1kh;
3862 if (r1kh_wildcard_out)
3863 *r1kh_wildcard_out = r1kh_wildcard;
3864 }
3865
3866 return 0;
3867 out:
3868 return -1;
3869 }
3870
3871
3872 static int wpa_ft_rrb_rx_seq_req(struct wpa_authenticator *wpa_auth,
3873 const u8 *src_addr,
3874 const u8 *enc, size_t enc_len,
3875 const u8 *auth, size_t auth_len,
3876 int no_defer)
3877 {
3878 int ret = -1;
3879 struct ft_rrb_seq f_seq;
3880 const u8 *f_nonce, *f_r0kh_id, *f_r1kh_id;
3881 size_t f_nonce_len, f_r0kh_id_len, f_r1kh_id_len;
3882 struct ft_remote_seq *rkh_seq = NULL;
3883 u8 *packet = NULL, *key = NULL;
3884 size_t packet_len = 0, key_len = 0;
3885 struct tlv_list seq_resp_auth[5];
3886
3887 wpa_printf(MSG_DEBUG, "FT: Received sequence number request");
3888
3889 if (wpa_ft_rrb_rx_seq(wpa_auth, src_addr, FT_PACKET_R0KH_R1KH_SEQ_REQ,
3890 enc, enc_len, auth, auth_len, &rkh_seq, &key,
3891 &key_len, NULL, NULL, NULL, NULL) < 0)
3892 goto out;
3893
3894 RRB_GET_AUTH(FT_RRB_NONCE, nonce, "seq request", FT_RRB_NONCE_LEN);
3895 wpa_hexdump(MSG_DEBUG, "FT: seq request - nonce", f_nonce, f_nonce_len);
3896
3897 RRB_GET_AUTH(FT_RRB_R0KH_ID, r0kh_id, "seq", -1);
3898 RRB_GET_AUTH(FT_RRB_R1KH_ID, r1kh_id, "seq", FT_R1KH_ID_LEN);
3899
3900 if (wpa_ft_new_seq(rkh_seq, &f_seq) < 0) {
3901 wpa_printf(MSG_DEBUG, "FT: Failed to get seq num");
3902 goto out;
3903 }
3904
3905 seq_resp_auth[0].type = FT_RRB_NONCE;
3906 seq_resp_auth[0].len = f_nonce_len;
3907 seq_resp_auth[0].data = f_nonce;
3908 seq_resp_auth[1].type = FT_RRB_SEQ;
3909 seq_resp_auth[1].len = sizeof(f_seq);
3910 seq_resp_auth[1].data = (u8 *) &f_seq;
3911 seq_resp_auth[2].type = FT_RRB_R0KH_ID;
3912 seq_resp_auth[2].len = f_r0kh_id_len;
3913 seq_resp_auth[2].data = f_r0kh_id;
3914 seq_resp_auth[3].type = FT_RRB_R1KH_ID;
3915 seq_resp_auth[3].len = FT_R1KH_ID_LEN;
3916 seq_resp_auth[3].data = f_r1kh_id;
3917 seq_resp_auth[4].type = FT_RRB_LAST_EMPTY;
3918 seq_resp_auth[4].len = 0;
3919 seq_resp_auth[4].data = NULL;
3920
3921 if (wpa_ft_rrb_build(key, key_len, NULL, NULL, seq_resp_auth, NULL,
3922 wpa_auth->addr, FT_PACKET_R0KH_R1KH_SEQ_RESP,
3923 &packet, &packet_len) < 0)
3924 goto out;
3925
3926 wpa_ft_rrb_oui_send(wpa_auth, src_addr,
3927 FT_PACKET_R0KH_R1KH_SEQ_RESP, packet,
3928 packet_len);
3929
3930 out:
3931 os_free(packet);
3932
3933 return ret;
3934 }
3935
3936
3937 static int wpa_ft_rrb_rx_seq_resp(struct wpa_authenticator *wpa_auth,
3938 const u8 *src_addr,
3939 const u8 *enc, size_t enc_len,
3940 const u8 *auth, size_t auth_len,
3941 int no_defer)
3942 {
3943 u8 *key = NULL;
3944 size_t key_len = 0;
3945 struct ft_remote_r0kh *r0kh = NULL, *r0kh_wildcard = NULL;
3946 struct ft_remote_r1kh *r1kh = NULL, *r1kh_wildcard = NULL;
3947 const u8 *f_nonce, *f_seq;
3948 size_t f_nonce_len, f_seq_len;
3949 struct ft_remote_seq *rkh_seq = NULL;
3950 struct ft_remote_item *item;
3951 struct os_reltime now, now_remote;
3952 int seq_ret, found;
3953 const struct ft_rrb_seq *msg_both;
3954 u32 msg_dom, msg_seq;
3955
3956 wpa_printf(MSG_DEBUG, "FT: Received sequence number response");
3957
3958 if (wpa_ft_rrb_rx_seq(wpa_auth, src_addr, FT_PACKET_R0KH_R1KH_SEQ_RESP,
3959 enc, enc_len, auth, auth_len, &rkh_seq, &key,
3960 &key_len, &r0kh, &r1kh, &r0kh_wildcard,
3961 &r1kh_wildcard) < 0)
3962 goto out;
3963
3964 RRB_GET_AUTH(FT_RRB_NONCE, nonce, "seq response", FT_RRB_NONCE_LEN);
3965 wpa_hexdump(MSG_DEBUG, "FT: seq response - nonce", f_nonce,
3966 f_nonce_len);
3967
3968 found = 0;
3969 dl_list_for_each(item, &rkh_seq->rx.queue, struct ft_remote_item,
3970 list) {
3971 if (os_memcmp_const(f_nonce, item->nonce,
3972 FT_RRB_NONCE_LEN) != 0 ||
3973 os_get_reltime(&now) < 0 ||
3974 os_reltime_expired(&now, &item->nonce_ts, ftRRBseqTimeout))
3975 continue;
3976
3977 found = 1;
3978 break;
3979 }
3980 if (!found) {
3981 wpa_printf(MSG_DEBUG, "FT: seq response - bad nonce");
3982 goto out;
3983 }
3984
3985 if (r0kh) {
3986 wpa_ft_rrb_r0kh_replenish(wpa_auth, r0kh,
3987 wpa_auth->conf.rkh_pos_timeout);
3988 if (r0kh_wildcard)
3989 os_memcpy(r0kh->addr, src_addr, ETH_ALEN);
3990 }
3991
3992 if (r1kh) {
3993 wpa_ft_rrb_r1kh_replenish(wpa_auth, r1kh,
3994 wpa_auth->conf.rkh_pos_timeout);
3995 if (r1kh_wildcard)
3996 os_memcpy(r1kh->addr, src_addr, ETH_ALEN);
3997 }
3998
3999 seq_ret = wpa_ft_rrb_seq_chk(rkh_seq, src_addr, enc, enc_len, auth,
4000 auth_len, "seq response", 1);
4001 if (seq_ret == FT_RRB_SEQ_OK) {
4002 wpa_printf(MSG_DEBUG, "FT: seq response - valid seq number");
4003 wpa_ft_rrb_seq_accept(wpa_auth, rkh_seq, src_addr, auth,
4004 auth_len, "seq response");
4005 } else {
4006 wpa_printf(MSG_DEBUG, "FT: seq response - reset seq number");
4007
4008 RRB_GET_AUTH(FT_RRB_SEQ, seq, "seq response",
4009 sizeof(*msg_both));
4010 msg_both = (const struct ft_rrb_seq *) f_seq;
4011
4012 msg_dom = le_to_host32(msg_both->dom);
4013 msg_seq = le_to_host32(msg_both->seq);
4014 now_remote.sec = le_to_host32(msg_both->ts);
4015 now_remote.usec = 0;
4016
4017 rkh_seq->rx.num_last = 2;
4018 rkh_seq->rx.dom = msg_dom;
4019 rkh_seq->rx.offsetidx = 0;
4020 /* Accept some older, possibly cached packets as well */
4021 rkh_seq->rx.last[0] = msg_seq - FT_REMOTE_SEQ_BACKLOG -
4022 dl_list_len(&rkh_seq->rx.queue);
4023 rkh_seq->rx.last[1] = msg_seq;
4024
4025 /* local time - offset = remote time
4026 * <=> local time - remote time = offset */
4027 os_reltime_sub(&now, &now_remote, &rkh_seq->rx.time_offset);
4028 }
4029
4030 wpa_ft_rrb_seq_flush(wpa_auth, rkh_seq, 1);
4031
4032 return 0;
4033 out:
4034 return -1;
4035 }
4036
4037
4038 int wpa_ft_rrb_rx(struct wpa_authenticator *wpa_auth, const u8 *src_addr,
4039 const u8 *data, size_t data_len)
4040 {
4041 struct ft_rrb_frame *frame;
4042 u16 alen;
4043 const u8 *pos, *end, *start;
4044 u8 action;
4045 const u8 *sta_addr, *target_ap_addr;
4046
4047 wpa_printf(MSG_DEBUG, "FT: RRB received frame from remote AP " MACSTR,
4048 MAC2STR(src_addr));
4049
4050 if (data_len < sizeof(*frame)) {
4051 wpa_printf(MSG_DEBUG, "FT: Too short RRB frame (data_len=%lu)",
4052 (unsigned long) data_len);
4053 return -1;
4054 }
4055
4056 pos = data;
4057 frame = (struct ft_rrb_frame *) pos;
4058 pos += sizeof(*frame);
4059
4060 alen = le_to_host16(frame->action_length);
4061 wpa_printf(MSG_DEBUG, "FT: RRB frame - frame_type=%d packet_type=%d "
4062 "action_length=%d ap_address=" MACSTR,
4063 frame->frame_type, frame->packet_type, alen,
4064 MAC2STR(frame->ap_address));
4065
4066 if (frame->frame_type != RSN_REMOTE_FRAME_TYPE_FT_RRB) {
4067 /* Discard frame per IEEE Std 802.11r-2008, 11A.10.3 */
4068 wpa_printf(MSG_DEBUG, "FT: RRB discarded frame with "
4069 "unrecognized type %d", frame->frame_type);
4070 return -1;
4071 }
4072
4073 if (alen > data_len - sizeof(*frame)) {
4074 wpa_printf(MSG_DEBUG, "FT: RRB frame too short for action "
4075 "frame");
4076 return -1;
4077 }
4078
4079 wpa_hexdump(MSG_MSGDUMP, "FT: RRB - FT Action frame", pos, alen);
4080
4081 if (alen < 1 + 1 + 2 * ETH_ALEN) {
4082 wpa_printf(MSG_DEBUG, "FT: Too short RRB frame (not enough "
4083 "room for Action Frame body); alen=%lu",
4084 (unsigned long) alen);
4085 return -1;
4086 }
4087 start = pos;
4088 end = pos + alen;
4089
4090 if (*pos != WLAN_ACTION_FT) {
4091 wpa_printf(MSG_DEBUG, "FT: Unexpected Action frame category "
4092 "%d", *pos);
4093 return -1;
4094 }
4095
4096 pos++;
4097 action = *pos++;
4098 sta_addr = pos;
4099 pos += ETH_ALEN;
4100 target_ap_addr = pos;
4101 pos += ETH_ALEN;
4102 wpa_printf(MSG_DEBUG, "FT: RRB Action Frame: action=%d sta_addr="
4103 MACSTR " target_ap_addr=" MACSTR,
4104 action, MAC2STR(sta_addr), MAC2STR(target_ap_addr));
4105
4106 if (frame->packet_type == FT_PACKET_REQUEST) {
4107 wpa_printf(MSG_DEBUG, "FT: FT Packet Type - Request");
4108
4109 if (action != 1) {
4110 wpa_printf(MSG_DEBUG, "FT: Unexpected Action %d in "
4111 "RRB Request", action);
4112 return -1;
4113 }
4114
4115 if (os_memcmp(target_ap_addr, wpa_auth->addr, ETH_ALEN) != 0) {
4116 wpa_printf(MSG_DEBUG, "FT: Target AP address in the "
4117 "RRB Request does not match with own "
4118 "address");
4119 return -1;
4120 }
4121
4122 if (wpa_ft_rrb_rx_request(wpa_auth, frame->ap_address,
4123 sta_addr, pos, end - pos) < 0)
4124 return -1;
4125 } else if (frame->packet_type == FT_PACKET_RESPONSE) {
4126 u16 status_code;
4127
4128 if (end - pos < 2) {
4129 wpa_printf(MSG_DEBUG, "FT: Not enough room for status "
4130 "code in RRB Response");
4131 return -1;
4132 }
4133 status_code = WPA_GET_LE16(pos);
4134 pos += 2;
4135
4136 wpa_printf(MSG_DEBUG, "FT: FT Packet Type - Response "
4137 "(status_code=%d)", status_code);
4138
4139 if (wpa_ft_action_send(wpa_auth, sta_addr, start, alen) < 0)
4140 return -1;
4141 } else {
4142 wpa_printf(MSG_DEBUG, "FT: RRB discarded frame with unknown "
4143 "packet_type %d", frame->packet_type);
4144 return -1;
4145 }
4146
4147 if (end > pos) {
4148 wpa_hexdump(MSG_DEBUG, "FT: Ignore extra data in end",
4149 pos, end - pos);
4150 }
4151
4152 return 0;
4153 }
4154
4155
4156 void wpa_ft_rrb_oui_rx(struct wpa_authenticator *wpa_auth, const u8 *src_addr,
4157 const u8 *dst_addr, u8 oui_suffix, const u8 *data,
4158 size_t data_len)
4159 {
4160 const u8 *auth, *enc;
4161 size_t alen, elen;
4162 int no_defer = 0;
4163
4164 wpa_printf(MSG_DEBUG, "FT: RRB-OUI received frame from remote AP "
4165 MACSTR, MAC2STR(src_addr));
4166 wpa_printf(MSG_DEBUG, "FT: RRB-OUI frame - oui_suffix=%d", oui_suffix);
4167
4168 if (is_multicast_ether_addr(src_addr)) {
4169 wpa_printf(MSG_DEBUG,
4170 "FT: RRB-OUI received frame from multicast address "
4171 MACSTR, MAC2STR(src_addr));
4172 return;
4173 }
4174
4175 if (is_multicast_ether_addr(dst_addr)) {
4176 wpa_printf(MSG_DEBUG,
4177 "FT: RRB-OUI received frame from remote AP " MACSTR
4178 " to multicast address " MACSTR,
4179 MAC2STR(src_addr), MAC2STR(dst_addr));
4180 no_defer = 1;
4181 }
4182
4183 if (data_len < sizeof(u16)) {
4184 wpa_printf(MSG_DEBUG, "FT: RRB-OUI frame too short");
4185 return;
4186 }
4187
4188 alen = WPA_GET_LE16(data);
4189 if (data_len < sizeof(u16) + alen) {
4190 wpa_printf(MSG_DEBUG, "FT: RRB-OUI frame too short");
4191 return;
4192 }
4193
4194 auth = data + sizeof(u16);
4195 enc = data + sizeof(u16) + alen;
4196 elen = data_len - sizeof(u16) - alen;
4197
4198 switch (oui_suffix) {
4199 case FT_PACKET_R0KH_R1KH_PULL:
4200 wpa_ft_rrb_rx_pull(wpa_auth, src_addr, enc, elen, auth, alen,
4201 no_defer);
4202 break;
4203 case FT_PACKET_R0KH_R1KH_RESP:
4204 wpa_ft_rrb_rx_resp(wpa_auth, src_addr, enc, elen, auth, alen,
4205 no_defer);
4206 break;
4207 case FT_PACKET_R0KH_R1KH_PUSH:
4208 wpa_ft_rrb_rx_push(wpa_auth, src_addr, enc, elen, auth, alen,
4209 no_defer);
4210 break;
4211 case FT_PACKET_R0KH_R1KH_SEQ_REQ:
4212 wpa_ft_rrb_rx_seq_req(wpa_auth, src_addr, enc, elen, auth, alen,
4213 no_defer);
4214 break;
4215 case FT_PACKET_R0KH_R1KH_SEQ_RESP:
4216 wpa_ft_rrb_rx_seq_resp(wpa_auth, src_addr, enc, elen, auth,
4217 alen, no_defer);
4218 break;
4219 }
4220 }
4221
4222
4223 static int wpa_ft_generate_pmk_r1(struct wpa_authenticator *wpa_auth,
4224 struct wpa_ft_pmk_r0_sa *pmk_r0,
4225 struct ft_remote_r1kh *r1kh,
4226 const u8 *s1kh_id)
4227 {
4228 u8 *packet;
4229 size_t packet_len;
4230 struct ft_rrb_seq f_seq;
4231 struct tlv_list push[] = {
4232 { .type = FT_RRB_S1KH_ID, .len = ETH_ALEN,
4233 .data = s1kh_id },
4234 { .type = FT_RRB_PMK_R0_NAME, .len = WPA_PMK_NAME_LEN,
4235 .data = pmk_r0->pmk_r0_name },
4236 { .type = FT_RRB_LAST_EMPTY, .len = 0, .data = NULL },
4237 };
4238 struct tlv_list push_auth[] = {
4239 { .type = FT_RRB_SEQ, .len = sizeof(f_seq),
4240 .data = (u8 *) &f_seq },
4241 { .type = FT_RRB_R0KH_ID,
4242 .len = wpa_auth->conf.r0_key_holder_len,
4243 .data = wpa_auth->conf.r0_key_holder },
4244 { .type = FT_RRB_R1KH_ID, .len = FT_R1KH_ID_LEN,
4245 .data = r1kh->id },
4246 { .type = FT_RRB_LAST_EMPTY, .len = 0, .data = NULL },
4247 };
4248
4249 if (wpa_ft_new_seq(r1kh->seq, &f_seq) < 0) {
4250 wpa_printf(MSG_DEBUG, "FT: Failed to get seq num");
4251 return -1;
4252 }
4253
4254 if (wpa_ft_rrb_build_r0(r1kh->key, sizeof(r1kh->key), push, pmk_r0,
4255 r1kh->id, s1kh_id, push_auth, wpa_auth->addr,
4256 FT_PACKET_R0KH_R1KH_PUSH,
4257 &packet, &packet_len) < 0)
4258 return -1;
4259
4260 wpa_ft_rrb_oui_send(wpa_auth, r1kh->addr, FT_PACKET_R0KH_R1KH_PUSH,
4261 packet, packet_len);
4262
4263 os_free(packet);
4264 return 0;
4265 }
4266
4267
4268 void wpa_ft_push_pmk_r1(struct wpa_authenticator *wpa_auth, const u8 *addr)
4269 {
4270 struct wpa_ft_pmk_cache *cache = wpa_auth->ft_pmk_cache;
4271 struct wpa_ft_pmk_r0_sa *r0, *r0found = NULL;
4272 struct ft_remote_r1kh *r1kh;
4273
4274 if (!wpa_auth->conf.pmk_r1_push)
4275 return;
4276 if (!wpa_auth->conf.r1kh_list)
4277 return;
4278
4279 dl_list_for_each(r0, &cache->pmk_r0, struct wpa_ft_pmk_r0_sa, list) {
4280 if (os_memcmp(r0->spa, addr, ETH_ALEN) == 0) {
4281 r0found = r0;
4282 break;
4283 }
4284 }
4285
4286 r0 = r0found;
4287 if (r0 == NULL || r0->pmk_r1_pushed)
4288 return;
4289 r0->pmk_r1_pushed = 1;
4290
4291 wpa_printf(MSG_DEBUG, "FT: Deriving and pushing PMK-R1 keys to R1KHs "
4292 "for STA " MACSTR, MAC2STR(addr));
4293
4294 for (r1kh = *wpa_auth->conf.r1kh_list; r1kh; r1kh = r1kh->next) {
4295 if (is_zero_ether_addr(r1kh->addr) ||
4296 is_zero_ether_addr(r1kh->id))
4297 continue;
4298 if (wpa_ft_rrb_init_r1kh_seq(r1kh) < 0)
4299 continue;
4300 wpa_ft_generate_pmk_r1(wpa_auth, r0, r1kh, addr);
4301 }
4302 }
4303
4304 #endif /* CONFIG_IEEE80211R_AP */
Unnamed repository; edit this file 'description' to name the repository.