]> git.ipfire.org Git - thirdparty/hostap.git/blob - src/rsn_supp/wpa_ft.c
projects / thirdparty / hostap.git / blob
? search:


baa185ffe7f2bf35fe674fe0fa79639031e95191
[thirdparty/hostap.git] / src / rsn_supp / wpa_ft.c
1 /*
2 * WPA Supplicant - IEEE 802.11r - Fast BSS Transition
3 * Copyright (c) 2006-2018, Jouni Malinen <j@w1.fi>
4 *
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
7 */
8
9 #include "includes.h"
10
11 #include "common.h"
12 #include "crypto/aes_wrap.h"
13 #include "crypto/sha384.h"
14 #include "crypto/random.h"
15 #include "common/ieee802_11_defs.h"
16 #include "common/ieee802_11_common.h"
17 #include "common/ocv.h"
18 #include "drivers/driver.h"
19 #include "wpa.h"
20 #include "wpa_i.h"
21 #include "wpa_ie.h"
22 #include "pmksa_cache.h"
23
24 #ifdef CONFIG_IEEE80211R
25
26 int wpa_derive_ptk_ft(struct wpa_sm *sm, const unsigned char *src_addr,
27 const struct wpa_eapol_key *key, struct wpa_ptk *ptk)
28 {
29 u8 ptk_name[WPA_PMK_NAME_LEN];
30 const u8 *anonce = key->key_nonce;
31 int use_sha384 = wpa_key_mgmt_sha384(sm->key_mgmt);
32 const u8 *mpmk;
33 size_t mpmk_len;
34
35 if (sm->xxkey_len > 0) {
36 mpmk = sm->xxkey;
37 mpmk_len = sm->xxkey_len;
38 } else if (sm->cur_pmksa) {
39 mpmk = sm->cur_pmksa->pmk;
40 mpmk_len = sm->cur_pmksa->pmk_len;
41 } else {
42 wpa_printf(MSG_DEBUG, "FT: XXKey not available for key "
43 "derivation");
44 return -1;
45 }
46
47 sm->pmk_r0_len = use_sha384 ? SHA384_MAC_LEN : PMK_LEN;
48 if (wpa_derive_pmk_r0(mpmk, mpmk_len, sm->ssid,
49 sm->ssid_len, sm->mobility_domain,
50 sm->r0kh_id, sm->r0kh_id_len, sm->own_addr,
51 sm->pmk_r0, sm->pmk_r0_name, use_sha384) < 0)
52 return -1;
53 wpa_hexdump_key(MSG_DEBUG, "FT: PMK-R0", sm->pmk_r0, sm->pmk_r0_len);
54 wpa_hexdump(MSG_DEBUG, "FT: PMKR0Name",
55 sm->pmk_r0_name, WPA_PMK_NAME_LEN);
56 sm->pmk_r1_len = sm->pmk_r0_len;
57 if (wpa_derive_pmk_r1(sm->pmk_r0, sm->pmk_r0_len, sm->pmk_r0_name,
58 sm->r1kh_id, sm->own_addr, sm->pmk_r1,
59 sm->pmk_r1_name) < 0)
60 return -1;
61 wpa_hexdump_key(MSG_DEBUG, "FT: PMK-R1", sm->pmk_r1, sm->pmk_r1_len);
62 wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name", sm->pmk_r1_name,
63 WPA_PMK_NAME_LEN);
64 return wpa_pmk_r1_to_ptk(sm->pmk_r1, sm->pmk_r1_len, sm->snonce, anonce,
65 sm->own_addr, sm->bssid, sm->pmk_r1_name, ptk,
66 ptk_name, sm->key_mgmt, sm->pairwise_cipher);
67 }
68
69
70 /**
71 * wpa_sm_set_ft_params - Set FT (IEEE 802.11r) parameters
72 * @sm: Pointer to WPA state machine data from wpa_sm_init()
73 * @ies: Association Response IEs or %NULL to clear FT parameters
74 * @ies_len: Length of ies buffer in octets
75 * Returns: 0 on success, -1 on failure
76 */
77 int wpa_sm_set_ft_params(struct wpa_sm *sm, const u8 *ies, size_t ies_len)
78 {
79 struct wpa_ft_ies ft;
80 int use_sha384;
81
82 if (sm == NULL)
83 return 0;
84
85 if (!get_ie(ies, ies_len, WLAN_EID_MOBILITY_DOMAIN)) {
86 os_free(sm->assoc_resp_ies);
87 sm->assoc_resp_ies = NULL;
88 sm->assoc_resp_ies_len = 0;
89 os_memset(sm->mobility_domain, 0, MOBILITY_DOMAIN_ID_LEN);
90 os_memset(sm->r0kh_id, 0, FT_R0KH_ID_MAX_LEN);
91 sm->r0kh_id_len = 0;
92 os_memset(sm->r1kh_id, 0, FT_R1KH_ID_LEN);
93 return 0;
94 }
95
96 use_sha384 = wpa_key_mgmt_sha384(sm->key_mgmt);
97 if (wpa_ft_parse_ies(ies, ies_len, &ft, use_sha384) < 0)
98 return -1;
99
100 if (ft.mdie_len < MOBILITY_DOMAIN_ID_LEN + 1)
101 return -1;
102
103 wpa_hexdump(MSG_DEBUG, "FT: Mobility domain",
104 ft.mdie, MOBILITY_DOMAIN_ID_LEN);
105 os_memcpy(sm->mobility_domain, ft.mdie, MOBILITY_DOMAIN_ID_LEN);
106 sm->mdie_ft_capab = ft.mdie[MOBILITY_DOMAIN_ID_LEN];
107 wpa_printf(MSG_DEBUG, "FT: Capability and Policy: 0x%02x",
108 sm->mdie_ft_capab);
109
110 if (ft.r0kh_id) {
111 wpa_hexdump(MSG_DEBUG, "FT: R0KH-ID",
112 ft.r0kh_id, ft.r0kh_id_len);
113 os_memcpy(sm->r0kh_id, ft.r0kh_id, ft.r0kh_id_len);
114 sm->r0kh_id_len = ft.r0kh_id_len;
115 } else {
116 /* FIX: When should R0KH-ID be cleared? We need to keep the
117 * old R0KH-ID in order to be able to use this during FT. */
118 /*
119 * os_memset(sm->r0kh_id, 0, FT_R0KH_ID_LEN);
120 * sm->r0kh_id_len = 0;
121 */
122 }
123
124 if (ft.r1kh_id) {
125 wpa_hexdump(MSG_DEBUG, "FT: R1KH-ID",
126 ft.r1kh_id, FT_R1KH_ID_LEN);
127 os_memcpy(sm->r1kh_id, ft.r1kh_id, FT_R1KH_ID_LEN);
128 } else
129 os_memset(sm->r1kh_id, 0, FT_R1KH_ID_LEN);
130
131 os_free(sm->assoc_resp_ies);
132 sm->assoc_resp_ies = os_malloc(ft.mdie_len + 2 + ft.ftie_len + 2);
133 if (sm->assoc_resp_ies) {
134 u8 *pos = sm->assoc_resp_ies;
135
136 os_memcpy(pos, ft.mdie - 2, ft.mdie_len + 2);
137 pos += ft.mdie_len + 2;
138
139 if (ft.ftie) {
140 os_memcpy(pos, ft.ftie - 2, ft.ftie_len + 2);
141 pos += ft.ftie_len + 2;
142 }
143 sm->assoc_resp_ies_len = pos - sm->assoc_resp_ies;
144 wpa_hexdump(MSG_DEBUG, "FT: Stored MDIE and FTIE from "
145 "(Re)Association Response",
146 sm->assoc_resp_ies, sm->assoc_resp_ies_len);
147 }
148
149 return 0;
150 }
151
152
153 /**
154 * wpa_ft_gen_req_ies - Generate FT (IEEE 802.11r) IEs for Auth/ReAssoc Request
155 * @sm: Pointer to WPA state machine data from wpa_sm_init()
156 * @len: Buffer for returning the length of the IEs
157 * @anonce: ANonce or %NULL if not yet available
158 * @pmk_name: PMKR0Name or PMKR1Name to be added into the RSN IE PMKID List
159 * @kck: 128-bit KCK for MIC or %NULL if no MIC is used
160 * @kck_len: KCK length in octets
161 * @target_ap: Target AP address
162 * @ric_ies: Optional IE(s), e.g., WMM TSPEC(s), for RIC-Request or %NULL
163 * @ric_ies_len: Length of ric_ies buffer in octets
164 * @ap_mdie: Mobility Domain IE from the target AP
165 * Returns: Pointer to buffer with IEs or %NULL on failure
166 *
167 * Caller is responsible for freeing the returned buffer with os_free();
168 */
169 static u8 * wpa_ft_gen_req_ies(struct wpa_sm *sm, size_t *len,
170 const u8 *anonce, const u8 *pmk_name,
171 const u8 *kck, size_t kck_len,
172 const u8 *target_ap,
173 const u8 *ric_ies, size_t ric_ies_len,
174 const u8 *ap_mdie)
175 {
176 size_t buf_len;
177 u8 *buf, *pos, *ftie_len, *ftie_pos, *fte_mic, *elem_count;
178 struct rsn_mdie *mdie;
179 struct rsn_ie_hdr *rsnie;
180 u16 capab;
181 int mdie_len;
182 u8 rsnxe[10];
183 size_t rsnxe_len;
184 int res;
185
186 sm->ft_completed = 0;
187 sm->ft_reassoc_completed = 0;
188
189 buf_len = 2 + sizeof(struct rsn_mdie) + 2 +
190 sizeof(struct rsn_ftie_sha384) +
191 2 + sm->r0kh_id_len + ric_ies_len + 100;
192 buf = os_zalloc(buf_len);
193 if (buf == NULL)
194 return NULL;
195 pos = buf;
196
197 /* RSNIE[PMKR0Name/PMKR1Name] */
198 rsnie = (struct rsn_ie_hdr *) pos;
199 rsnie->elem_id = WLAN_EID_RSN;
200 WPA_PUT_LE16(rsnie->version, RSN_VERSION);
201 pos = (u8 *) (rsnie + 1);
202
203 /* Group Suite Selector */
204 if (!wpa_cipher_valid_group(sm->group_cipher)) {
205 wpa_printf(MSG_WARNING, "FT: Invalid group cipher (%d)",
206 sm->group_cipher);
207 os_free(buf);
208 return NULL;
209 }
210 RSN_SELECTOR_PUT(pos, wpa_cipher_to_suite(WPA_PROTO_RSN,
211 sm->group_cipher));
212 pos += RSN_SELECTOR_LEN;
213
214 /* Pairwise Suite Count */
215 WPA_PUT_LE16(pos, 1);
216 pos += 2;
217
218 /* Pairwise Suite List */
219 if (!wpa_cipher_valid_pairwise(sm->pairwise_cipher)) {
220 wpa_printf(MSG_WARNING, "FT: Invalid pairwise cipher (%d)",
221 sm->pairwise_cipher);
222 os_free(buf);
223 return NULL;
224 }
225 RSN_SELECTOR_PUT(pos, wpa_cipher_to_suite(WPA_PROTO_RSN,
226 sm->pairwise_cipher));
227 pos += RSN_SELECTOR_LEN;
228
229 /* Authenticated Key Management Suite Count */
230 WPA_PUT_LE16(pos, 1);
231 pos += 2;
232
233 /* Authenticated Key Management Suite List */
234 if (sm->key_mgmt == WPA_KEY_MGMT_FT_IEEE8021X)
235 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_802_1X);
236 #ifdef CONFIG_SHA384
237 else if (sm->key_mgmt == WPA_KEY_MGMT_FT_IEEE8021X_SHA384)
238 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_802_1X_SHA384);
239 #endif /* CONFIG_SHA384 */
240 else if (sm->key_mgmt == WPA_KEY_MGMT_FT_PSK)
241 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_PSK);
242 else if (sm->key_mgmt == WPA_KEY_MGMT_FT_SAE)
243 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_SAE);
244 #ifdef CONFIG_FILS
245 else if (sm->key_mgmt == WPA_KEY_MGMT_FT_FILS_SHA256)
246 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_FILS_SHA256);
247 else if (sm->key_mgmt == WPA_KEY_MGMT_FT_FILS_SHA384)
248 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_FILS_SHA384);
249 #endif /* CONFIG_FILS */
250 else {
251 wpa_printf(MSG_WARNING, "FT: Invalid key management type (%d)",
252 sm->key_mgmt);
253 os_free(buf);
254 return NULL;
255 }
256 pos += RSN_SELECTOR_LEN;
257
258 /* RSN Capabilities */
259 capab = 0;
260 if (sm->mfp)
261 capab |= WPA_CAPABILITY_MFPC;
262 if (sm->mfp == 2)
263 capab |= WPA_CAPABILITY_MFPR;
264 if (sm->ocv)
265 capab |= WPA_CAPABILITY_OCVC;
266 WPA_PUT_LE16(pos, capab);
267 pos += 2;
268
269 /* PMKID Count */
270 WPA_PUT_LE16(pos, 1);
271 pos += 2;
272
273 /* PMKID List [PMKR0Name/PMKR1Name] */
274 os_memcpy(pos, pmk_name, WPA_PMK_NAME_LEN);
275 pos += WPA_PMK_NAME_LEN;
276
277 /* Management Group Cipher Suite */
278 switch (sm->mgmt_group_cipher) {
279 case WPA_CIPHER_AES_128_CMAC:
280 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_AES_128_CMAC);
281 pos += RSN_SELECTOR_LEN;
282 break;
283 case WPA_CIPHER_BIP_GMAC_128:
284 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_BIP_GMAC_128);
285 pos += RSN_SELECTOR_LEN;
286 break;
287 case WPA_CIPHER_BIP_GMAC_256:
288 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_BIP_GMAC_256);
289 pos += RSN_SELECTOR_LEN;
290 break;
291 case WPA_CIPHER_BIP_CMAC_256:
292 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_BIP_CMAC_256);
293 pos += RSN_SELECTOR_LEN;
294 break;
295 }
296
297 rsnie->len = (pos - (u8 *) rsnie) - 2;
298
299 /* MDIE */
300 mdie_len = wpa_ft_add_mdie(sm, pos, buf_len - (pos - buf), ap_mdie);
301 if (mdie_len <= 0) {
302 os_free(buf);
303 return NULL;
304 }
305 mdie = (struct rsn_mdie *) (pos + 2);
306 pos += mdie_len;
307
308 /* FTIE[SNonce, [R1KH-ID,] R0KH-ID ] */
309 ftie_pos = pos;
310 *pos++ = WLAN_EID_FAST_BSS_TRANSITION;
311 ftie_len = pos++;
312 if (wpa_key_mgmt_sha384(sm->key_mgmt)) {
313 struct rsn_ftie_sha384 *ftie;
314
315 ftie = (struct rsn_ftie_sha384 *) pos;
316 fte_mic = ftie->mic;
317 elem_count = &ftie->mic_control[1];
318 pos += sizeof(*ftie);
319 os_memcpy(ftie->snonce, sm->snonce, WPA_NONCE_LEN);
320 if (anonce)
321 os_memcpy(ftie->anonce, anonce, WPA_NONCE_LEN);
322 } else {
323 struct rsn_ftie *ftie;
324
325 ftie = (struct rsn_ftie *) pos;
326 fte_mic = ftie->mic;
327 elem_count = &ftie->mic_control[1];
328 pos += sizeof(*ftie);
329 os_memcpy(ftie->snonce, sm->snonce, WPA_NONCE_LEN);
330 if (anonce)
331 os_memcpy(ftie->anonce, anonce, WPA_NONCE_LEN);
332 }
333 if (kck) {
334 /* R1KH-ID sub-element in third FT message */
335 *pos++ = FTIE_SUBELEM_R1KH_ID;
336 *pos++ = FT_R1KH_ID_LEN;
337 os_memcpy(pos, sm->r1kh_id, FT_R1KH_ID_LEN);
338 pos += FT_R1KH_ID_LEN;
339 }
340 /* R0KH-ID sub-element */
341 *pos++ = FTIE_SUBELEM_R0KH_ID;
342 *pos++ = sm->r0kh_id_len;
343 os_memcpy(pos, sm->r0kh_id, sm->r0kh_id_len);
344 pos += sm->r0kh_id_len;
345 #ifdef CONFIG_OCV
346 if (kck && wpa_sm_ocv_enabled(sm)) {
347 /* OCI sub-element in the third FT message */
348 struct wpa_channel_info ci;
349
350 if (wpa_sm_channel_info(sm, &ci) != 0) {
351 wpa_printf(MSG_WARNING,
352 "Failed to get channel info for OCI element in FTE");
353 os_free(buf);
354 return NULL;
355 }
356
357 *pos++ = FTIE_SUBELEM_OCI;
358 *pos++ = OCV_OCI_LEN;
359 if (ocv_insert_oci(&ci, &pos) < 0) {
360 os_free(buf);
361 return NULL;
362 }
363 }
364 #endif /* CONFIG_OCV */
365 *ftie_len = pos - ftie_len - 1;
366
367 if (ric_ies) {
368 /* RIC Request */
369 os_memcpy(pos, ric_ies, ric_ies_len);
370 pos += ric_ies_len;
371 }
372
373 res = wpa_gen_rsnxe(sm, rsnxe, sizeof(rsnxe));
374 if (res < 0) {
375 os_free(buf);
376 return NULL;
377 }
378 rsnxe_len = res;
379
380 if (kck) {
381 /*
382 * IEEE Std 802.11r-2008, 11A.8.4
383 * MIC shall be calculated over:
384 * non-AP STA MAC address
385 * Target AP MAC address
386 * Transaction seq number (5 for ReassocReq, 3 otherwise)
387 * RSN IE
388 * MDIE
389 * FTIE (with MIC field set to 0)
390 * RIC-Request (if present)
391 * RSNXE (if present)
392 */
393 /* Information element count */
394 *elem_count = 3 + ieee802_11_ie_count(ric_ies, ric_ies_len);
395 if (rsnxe_len)
396 *elem_count += 1;
397 if (wpa_ft_mic(kck, kck_len, sm->own_addr, target_ap, 5,
398 ((u8 *) mdie) - 2, 2 + sizeof(*mdie),
399 ftie_pos, 2 + *ftie_len,
400 (u8 *) rsnie, 2 + rsnie->len, ric_ies,
401 ric_ies_len, rsnxe_len ? rsnxe : NULL, rsnxe_len,
402 fte_mic) < 0) {
403 wpa_printf(MSG_INFO, "FT: Failed to calculate MIC");
404 os_free(buf);
405 return NULL;
406 }
407 }
408
409 *len = pos - buf;
410
411 return buf;
412 }
413
414
415 static int wpa_ft_install_ptk(struct wpa_sm *sm, const u8 *bssid)
416 {
417 int keylen;
418 enum wpa_alg alg;
419 u8 null_rsc[6] = { 0, 0, 0, 0, 0, 0 };
420
421 wpa_printf(MSG_DEBUG, "FT: Installing PTK to the driver.");
422
423 if (!wpa_cipher_valid_pairwise(sm->pairwise_cipher)) {
424 wpa_printf(MSG_WARNING, "FT: Unsupported pairwise cipher %d",
425 sm->pairwise_cipher);
426 return -1;
427 }
428
429 alg = wpa_cipher_to_alg(sm->pairwise_cipher);
430 keylen = wpa_cipher_key_len(sm->pairwise_cipher);
431
432 if (wpa_sm_set_key(sm, alg, bssid, 0, 1, null_rsc, sizeof(null_rsc),
433 (u8 *) sm->ptk.tk, keylen,
434 KEY_FLAG_PAIRWISE_RX_TX) < 0) {
435 wpa_printf(MSG_WARNING, "FT: Failed to set PTK to the driver");
436 return -1;
437 }
438
439 return 0;
440 }
441
442
443 /**
444 * wpa_ft_prepare_auth_request - Generate over-the-air auth request
445 * @sm: Pointer to WPA state machine data from wpa_sm_init()
446 * @mdie: Target AP MDIE
447 * Returns: 0 on success, -1 on failure
448 */
449 int wpa_ft_prepare_auth_request(struct wpa_sm *sm, const u8 *mdie)
450 {
451 u8 *ft_ies;
452 size_t ft_ies_len;
453
454 /* Generate a new SNonce */
455 if (random_get_bytes(sm->snonce, WPA_NONCE_LEN)) {
456 wpa_printf(MSG_INFO, "FT: Failed to generate a new SNonce");
457 return -1;
458 }
459
460 ft_ies = wpa_ft_gen_req_ies(sm, &ft_ies_len, NULL, sm->pmk_r0_name,
461 NULL, 0, sm->bssid, NULL, 0, mdie);
462 if (ft_ies) {
463 wpa_sm_update_ft_ies(sm, sm->mobility_domain,
464 ft_ies, ft_ies_len);
465 os_free(ft_ies);
466 }
467
468 return 0;
469 }
470
471
472 int wpa_ft_add_mdie(struct wpa_sm *sm, u8 *buf, size_t buf_len,
473 const u8 *ap_mdie)
474 {
475 u8 *pos = buf;
476 struct rsn_mdie *mdie;
477
478 if (buf_len < 2 + sizeof(*mdie)) {
479 wpa_printf(MSG_INFO,
480 "FT: Failed to add MDIE: short buffer, length=%zu",
481 buf_len);
482 return 0;
483 }
484
485 *pos++ = WLAN_EID_MOBILITY_DOMAIN;
486 *pos++ = sizeof(*mdie);
487 mdie = (struct rsn_mdie *) pos;
488 os_memcpy(mdie->mobility_domain, sm->mobility_domain,
489 MOBILITY_DOMAIN_ID_LEN);
490 mdie->ft_capab = ap_mdie && ap_mdie[1] >= 3 ? ap_mdie[4] :
491 sm->mdie_ft_capab;
492
493 return 2 + sizeof(*mdie);
494 }
495
496
497 const u8 * wpa_sm_get_ft_md(struct wpa_sm *sm)
498 {
499 return sm->mobility_domain;
500 }
501
502
503 int wpa_ft_process_response(struct wpa_sm *sm, const u8 *ies, size_t ies_len,
504 int ft_action, const u8 *target_ap,
505 const u8 *ric_ies, size_t ric_ies_len)
506 {
507 u8 *ft_ies;
508 size_t ft_ies_len;
509 struct wpa_ft_ies parse;
510 struct rsn_mdie *mdie;
511 u8 ptk_name[WPA_PMK_NAME_LEN];
512 int ret;
513 const u8 *bssid;
514 const u8 *kck;
515 size_t kck_len;
516 int use_sha384 = wpa_key_mgmt_sha384(sm->key_mgmt);
517 const u8 *anonce, *snonce;
518
519 wpa_hexdump(MSG_DEBUG, "FT: Response IEs", ies, ies_len);
520 wpa_hexdump(MSG_DEBUG, "FT: RIC IEs", ric_ies, ric_ies_len);
521
522 if (ft_action) {
523 if (!sm->over_the_ds_in_progress) {
524 wpa_printf(MSG_DEBUG, "FT: No over-the-DS in progress "
525 "- drop FT Action Response");
526 return -1;
527 }
528
529 if (os_memcmp(target_ap, sm->target_ap, ETH_ALEN) != 0) {
530 wpa_printf(MSG_DEBUG, "FT: No over-the-DS in progress "
531 "with this Target AP - drop FT Action "
532 "Response");
533 return -1;
534 }
535 }
536
537 if (!wpa_key_mgmt_ft(sm->key_mgmt)) {
538 wpa_printf(MSG_DEBUG, "FT: Reject FT IEs since FT is not "
539 "enabled for this connection");
540 return -1;
541 }
542
543 if (wpa_ft_parse_ies(ies, ies_len, &parse, use_sha384) < 0) {
544 wpa_printf(MSG_DEBUG, "FT: Failed to parse IEs");
545 return -1;
546 }
547
548 mdie = (struct rsn_mdie *) parse.mdie;
549 if (mdie == NULL || parse.mdie_len < sizeof(*mdie) ||
550 os_memcmp(mdie->mobility_domain, sm->mobility_domain,
551 MOBILITY_DOMAIN_ID_LEN) != 0) {
552 wpa_printf(MSG_DEBUG, "FT: Invalid MDIE");
553 return -1;
554 }
555
556 if (use_sha384) {
557 struct rsn_ftie_sha384 *ftie;
558
559 ftie = (struct rsn_ftie_sha384 *) parse.ftie;
560 if (!ftie || parse.ftie_len < sizeof(*ftie)) {
561 wpa_printf(MSG_DEBUG, "FT: Invalid FTIE");
562 return -1;
563 }
564
565 anonce = ftie->anonce;
566 snonce = ftie->snonce;
567 } else {
568 struct rsn_ftie *ftie;
569
570 ftie = (struct rsn_ftie *) parse.ftie;
571 if (!ftie || parse.ftie_len < sizeof(*ftie)) {
572 wpa_printf(MSG_DEBUG, "FT: Invalid FTIE");
573 return -1;
574 }
575
576 anonce = ftie->anonce;
577 snonce = ftie->snonce;
578 }
579
580 if (os_memcmp(snonce, sm->snonce, WPA_NONCE_LEN) != 0) {
581 wpa_printf(MSG_DEBUG, "FT: SNonce mismatch in FTIE");
582 wpa_hexdump(MSG_DEBUG, "FT: Received SNonce",
583 snonce, WPA_NONCE_LEN);
584 wpa_hexdump(MSG_DEBUG, "FT: Expected SNonce",
585 sm->snonce, WPA_NONCE_LEN);
586 return -1;
587 }
588
589 if (parse.r0kh_id == NULL) {
590 wpa_printf(MSG_DEBUG, "FT: No R0KH-ID subelem in FTIE");
591 return -1;
592 }
593
594 if (parse.r0kh_id_len != sm->r0kh_id_len ||
595 os_memcmp_const(parse.r0kh_id, sm->r0kh_id, parse.r0kh_id_len) != 0)
596 {
597 wpa_printf(MSG_DEBUG, "FT: R0KH-ID in FTIE did not match with "
598 "the current R0KH-ID");
599 wpa_hexdump(MSG_DEBUG, "FT: R0KH-ID in FTIE",
600 parse.r0kh_id, parse.r0kh_id_len);
601 wpa_hexdump(MSG_DEBUG, "FT: The current R0KH-ID",
602 sm->r0kh_id, sm->r0kh_id_len);
603 return -1;
604 }
605
606 if (parse.r1kh_id == NULL) {
607 wpa_printf(MSG_DEBUG, "FT: No R1KH-ID subelem in FTIE");
608 return -1;
609 }
610
611 if (parse.rsn_pmkid == NULL ||
612 os_memcmp_const(parse.rsn_pmkid, sm->pmk_r0_name, WPA_PMK_NAME_LEN))
613 {
614 wpa_printf(MSG_DEBUG, "FT: No matching PMKR0Name (PMKID) in "
615 "RSNIE");
616 return -1;
617 }
618
619 if (sm->mfp == 2 && !(parse.rsn_capab & WPA_CAPABILITY_MFPC)) {
620 wpa_printf(MSG_INFO,
621 "FT: Target AP does not support PMF, but local configuration requires that");
622 return -1;
623 }
624
625 os_memcpy(sm->r1kh_id, parse.r1kh_id, FT_R1KH_ID_LEN);
626 wpa_hexdump(MSG_DEBUG, "FT: R1KH-ID", sm->r1kh_id, FT_R1KH_ID_LEN);
627 wpa_hexdump(MSG_DEBUG, "FT: SNonce", sm->snonce, WPA_NONCE_LEN);
628 wpa_hexdump(MSG_DEBUG, "FT: ANonce", anonce, WPA_NONCE_LEN);
629 os_memcpy(sm->anonce, anonce, WPA_NONCE_LEN);
630 if (wpa_derive_pmk_r1(sm->pmk_r0, sm->pmk_r0_len, sm->pmk_r0_name,
631 sm->r1kh_id, sm->own_addr, sm->pmk_r1,
632 sm->pmk_r1_name) < 0)
633 return -1;
634 sm->pmk_r1_len = sm->pmk_r0_len;
635 wpa_hexdump_key(MSG_DEBUG, "FT: PMK-R1", sm->pmk_r1, sm->pmk_r1_len);
636 wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name",
637 sm->pmk_r1_name, WPA_PMK_NAME_LEN);
638
639 bssid = target_ap;
640 if (wpa_pmk_r1_to_ptk(sm->pmk_r1, sm->pmk_r1_len, sm->snonce,
641 anonce, sm->own_addr, bssid,
642 sm->pmk_r1_name, &sm->ptk, ptk_name, sm->key_mgmt,
643 sm->pairwise_cipher) < 0)
644 return -1;
645
646 if (wpa_key_mgmt_fils(sm->key_mgmt)) {
647 kck = sm->ptk.kck2;
648 kck_len = sm->ptk.kck2_len;
649 } else {
650 kck = sm->ptk.kck;
651 kck_len = sm->ptk.kck_len;
652 }
653 ft_ies = wpa_ft_gen_req_ies(sm, &ft_ies_len, anonce,
654 sm->pmk_r1_name,
655 kck, kck_len, bssid,
656 ric_ies, ric_ies_len,
657 parse.mdie ? parse.mdie - 2 : NULL);
658 if (ft_ies) {
659 wpa_sm_update_ft_ies(sm, sm->mobility_domain,
660 ft_ies, ft_ies_len);
661 os_free(ft_ies);
662 }
663
664 wpa_sm_mark_authenticated(sm, bssid);
665 ret = wpa_ft_install_ptk(sm, bssid);
666 if (ret) {
667 /*
668 * Some drivers do not support key configuration when we are
669 * not associated with the target AP. Work around this by
670 * trying again after the following reassociation gets
671 * completed.
672 */
673 wpa_printf(MSG_DEBUG, "FT: Failed to set PTK prior to "
674 "association - try again after reassociation");
675 sm->set_ptk_after_assoc = 1;
676 } else
677 sm->set_ptk_after_assoc = 0;
678
679 sm->ft_completed = 1;
680 if (ft_action) {
681 /*
682 * The caller is expected trigger re-association with the
683 * Target AP.
684 */
685 os_memcpy(sm->bssid, target_ap, ETH_ALEN);
686 }
687
688 return 0;
689 }
690
691
692 int wpa_ft_is_completed(struct wpa_sm *sm)
693 {
694 if (sm == NULL)
695 return 0;
696
697 if (!wpa_key_mgmt_ft(sm->key_mgmt))
698 return 0;
699
700 return sm->ft_completed;
701 }
702
703
704 void wpa_reset_ft_completed(struct wpa_sm *sm)
705 {
706 if (sm != NULL)
707 sm->ft_completed = 0;
708 }
709
710
711 static int wpa_ft_process_gtk_subelem(struct wpa_sm *sm, const u8 *gtk_elem,
712 size_t gtk_elem_len)
713 {
714 u8 gtk[32];
715 int keyidx;
716 enum wpa_alg alg;
717 size_t gtk_len, keylen, rsc_len;
718 const u8 *kek;
719 size_t kek_len;
720
721 if (wpa_key_mgmt_fils(sm->key_mgmt)) {
722 kek = sm->ptk.kek2;
723 kek_len = sm->ptk.kek2_len;
724 } else {
725 kek = sm->ptk.kek;
726 kek_len = sm->ptk.kek_len;
727 }
728
729 if (gtk_elem == NULL) {
730 wpa_printf(MSG_DEBUG, "FT: No GTK included in FTIE");
731 return 0;
732 }
733
734 wpa_hexdump_key(MSG_DEBUG, "FT: Received GTK in Reassoc Resp",
735 gtk_elem, gtk_elem_len);
736
737 if (gtk_elem_len < 11 + 24 || (gtk_elem_len - 11) % 8 ||
738 gtk_elem_len - 19 > sizeof(gtk)) {
739 wpa_printf(MSG_DEBUG, "FT: Invalid GTK sub-elem "
740 "length %lu", (unsigned long) gtk_elem_len);
741 return -1;
742 }
743 gtk_len = gtk_elem_len - 19;
744 if (aes_unwrap(kek, kek_len, gtk_len / 8, gtk_elem + 11, gtk)) {
745 wpa_printf(MSG_WARNING, "FT: AES unwrap failed - could not "
746 "decrypt GTK");
747 return -1;
748 }
749
750 keylen = wpa_cipher_key_len(sm->group_cipher);
751 rsc_len = wpa_cipher_rsc_len(sm->group_cipher);
752 alg = wpa_cipher_to_alg(sm->group_cipher);
753 if (alg == WPA_ALG_NONE) {
754 wpa_printf(MSG_WARNING, "WPA: Unsupported Group Cipher %d",
755 sm->group_cipher);
756 return -1;
757 }
758
759 if (gtk_len < keylen) {
760 wpa_printf(MSG_DEBUG, "FT: Too short GTK in FTIE");
761 return -1;
762 }
763
764 /* Key Info[2] | Key Length[1] | RSC[8] | Key[5..32]. */
765
766 keyidx = WPA_GET_LE16(gtk_elem) & 0x03;
767
768 if (gtk_elem[2] != keylen) {
769 wpa_printf(MSG_DEBUG, "FT: GTK length mismatch: received %d "
770 "negotiated %lu",
771 gtk_elem[2], (unsigned long) keylen);
772 return -1;
773 }
774
775 wpa_hexdump_key(MSG_DEBUG, "FT: GTK from Reassoc Resp", gtk, keylen);
776 if (sm->group_cipher == WPA_CIPHER_TKIP) {
777 /* Swap Tx/Rx keys for Michael MIC */
778 u8 tmp[8];
779 os_memcpy(tmp, gtk + 16, 8);
780 os_memcpy(gtk + 16, gtk + 24, 8);
781 os_memcpy(gtk + 24, tmp, 8);
782 }
783 if (wpa_sm_set_key(sm, alg, broadcast_ether_addr, keyidx, 0,
784 gtk_elem + 3, rsc_len, gtk, keylen,
785 KEY_FLAG_GROUP_RX) < 0) {
786 wpa_printf(MSG_WARNING, "WPA: Failed to set GTK to the "
787 "driver.");
788 return -1;
789 }
790
791 return 0;
792 }
793
794
795 static int wpa_ft_process_igtk_subelem(struct wpa_sm *sm, const u8 *igtk_elem,
796 size_t igtk_elem_len)
797 {
798 u8 igtk[WPA_IGTK_MAX_LEN];
799 size_t igtk_len;
800 u16 keyidx;
801 const u8 *kek;
802 size_t kek_len;
803
804 if (wpa_key_mgmt_fils(sm->key_mgmt)) {
805 kek = sm->ptk.kek2;
806 kek_len = sm->ptk.kek2_len;
807 } else {
808 kek = sm->ptk.kek;
809 kek_len = sm->ptk.kek_len;
810 }
811
812 if (sm->mgmt_group_cipher != WPA_CIPHER_AES_128_CMAC &&
813 sm->mgmt_group_cipher != WPA_CIPHER_BIP_GMAC_128 &&
814 sm->mgmt_group_cipher != WPA_CIPHER_BIP_GMAC_256 &&
815 sm->mgmt_group_cipher != WPA_CIPHER_BIP_CMAC_256)
816 return 0;
817
818 if (igtk_elem == NULL) {
819 wpa_printf(MSG_DEBUG, "FT: No IGTK included in FTIE");
820 return 0;
821 }
822
823 wpa_hexdump_key(MSG_DEBUG, "FT: Received IGTK in Reassoc Resp",
824 igtk_elem, igtk_elem_len);
825
826 igtk_len = wpa_cipher_key_len(sm->mgmt_group_cipher);
827 if (igtk_elem_len != 2 + 6 + 1 + igtk_len + 8) {
828 wpa_printf(MSG_DEBUG, "FT: Invalid IGTK sub-elem "
829 "length %lu", (unsigned long) igtk_elem_len);
830 return -1;
831 }
832 if (igtk_elem[8] != igtk_len) {
833 wpa_printf(MSG_DEBUG, "FT: Invalid IGTK sub-elem Key Length "
834 "%d", igtk_elem[8]);
835 return -1;
836 }
837
838 if (aes_unwrap(kek, kek_len, igtk_len / 8, igtk_elem + 9, igtk)) {
839 wpa_printf(MSG_WARNING, "FT: AES unwrap failed - could not "
840 "decrypt IGTK");
841 return -1;
842 }
843
844 /* KeyID[2] | IPN[6] | Key Length[1] | Key[16+8] */
845
846 keyidx = WPA_GET_LE16(igtk_elem);
847
848 wpa_hexdump_key(MSG_DEBUG, "FT: IGTK from Reassoc Resp", igtk,
849 igtk_len);
850 if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher),
851 broadcast_ether_addr, keyidx, 0,
852 igtk_elem + 2, 6, igtk, igtk_len,
853 KEY_FLAG_GROUP_RX) < 0) {
854 wpa_printf(MSG_WARNING, "WPA: Failed to set IGTK to the "
855 "driver.");
856 forced_memzero(igtk, sizeof(igtk));
857 return -1;
858 }
859 forced_memzero(igtk, sizeof(igtk));
860
861 return 0;
862 }
863
864
865 static int wpa_ft_process_bigtk_subelem(struct wpa_sm *sm, const u8 *bigtk_elem,
866 size_t bigtk_elem_len)
867 {
868 u8 bigtk[WPA_BIGTK_MAX_LEN];
869 size_t bigtk_len;
870 u16 keyidx;
871 const u8 *kek;
872 size_t kek_len;
873
874 if (!sm->beacon_prot || !bigtk_elem ||
875 (sm->mgmt_group_cipher != WPA_CIPHER_AES_128_CMAC &&
876 sm->mgmt_group_cipher != WPA_CIPHER_BIP_GMAC_128 &&
877 sm->mgmt_group_cipher != WPA_CIPHER_BIP_GMAC_256 &&
878 sm->mgmt_group_cipher != WPA_CIPHER_BIP_CMAC_256))
879 return 0;
880
881 if (wpa_key_mgmt_fils(sm->key_mgmt)) {
882 kek = sm->ptk.kek2;
883 kek_len = sm->ptk.kek2_len;
884 } else {
885 kek = sm->ptk.kek;
886 kek_len = sm->ptk.kek_len;
887 }
888
889 wpa_hexdump_key(MSG_DEBUG, "FT: Received BIGTK in Reassoc Resp",
890 bigtk_elem, bigtk_elem_len);
891
892 bigtk_len = wpa_cipher_key_len(sm->mgmt_group_cipher);
893 if (bigtk_elem_len != 2 + 6 + 1 + bigtk_len + 8) {
894 wpa_printf(MSG_DEBUG,
895 "FT: Invalid BIGTK sub-elem length %lu",
896 (unsigned long) bigtk_elem_len);
897 return -1;
898 }
899 if (bigtk_elem[8] != bigtk_len) {
900 wpa_printf(MSG_DEBUG,
901 "FT: Invalid BIGTK sub-elem Key Length %d",
902 bigtk_elem[8]);
903 return -1;
904 }
905
906 if (aes_unwrap(kek, kek_len, bigtk_len / 8, bigtk_elem + 9, bigtk)) {
907 wpa_printf(MSG_WARNING,
908 "FT: AES unwrap failed - could not decrypt BIGTK");
909 return -1;
910 }
911
912 /* KeyID[2] | IPN[6] | Key Length[1] | Key[16+8] */
913
914 keyidx = WPA_GET_LE16(bigtk_elem);
915
916 wpa_hexdump_key(MSG_DEBUG, "FT: BIGTK from Reassoc Resp", bigtk,
917 bigtk_len);
918 if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher),
919 broadcast_ether_addr, keyidx, 0,
920 bigtk_elem + 2, 6, bigtk, bigtk_len,
921 KEY_FLAG_GROUP_RX) < 0) {
922 wpa_printf(MSG_WARNING,
923 "WPA: Failed to set BIGTK to the driver");
924 forced_memzero(bigtk, sizeof(bigtk));
925 return -1;
926 }
927 forced_memzero(bigtk, sizeof(bigtk));
928
929 return 0;
930 }
931
932
933 int wpa_ft_validate_reassoc_resp(struct wpa_sm *sm, const u8 *ies,
934 size_t ies_len, const u8 *src_addr)
935 {
936 struct wpa_ft_ies parse;
937 struct rsn_mdie *mdie;
938 unsigned int count;
939 u8 mic[WPA_EAPOL_KEY_MIC_MAX_LEN];
940 const u8 *kck;
941 size_t kck_len;
942 int use_sha384 = wpa_key_mgmt_sha384(sm->key_mgmt);
943 const u8 *anonce, *snonce, *fte_mic;
944 u8 fte_elem_count;
945
946 wpa_hexdump(MSG_DEBUG, "FT: Response IEs", ies, ies_len);
947
948 if (!wpa_key_mgmt_ft(sm->key_mgmt)) {
949 wpa_printf(MSG_DEBUG, "FT: Reject FT IEs since FT is not "
950 "enabled for this connection");
951 return -1;
952 }
953
954 if (sm->ft_reassoc_completed) {
955 wpa_printf(MSG_DEBUG, "FT: Reassociation has already been completed for this FT protocol instance - ignore unexpected retransmission");
956 return 0;
957 }
958
959 if (wpa_ft_parse_ies(ies, ies_len, &parse, use_sha384) < 0) {
960 wpa_printf(MSG_DEBUG, "FT: Failed to parse IEs");
961 return -1;
962 }
963
964 mdie = (struct rsn_mdie *) parse.mdie;
965 if (mdie == NULL || parse.mdie_len < sizeof(*mdie) ||
966 os_memcmp(mdie->mobility_domain, sm->mobility_domain,
967 MOBILITY_DOMAIN_ID_LEN) != 0) {
968 wpa_printf(MSG_DEBUG, "FT: Invalid MDIE");
969 return -1;
970 }
971
972 if (use_sha384) {
973 struct rsn_ftie_sha384 *ftie;
974
975 ftie = (struct rsn_ftie_sha384 *) parse.ftie;
976 if (!ftie || parse.ftie_len < sizeof(*ftie)) {
977 wpa_printf(MSG_DEBUG, "FT: Invalid FTIE");
978 return -1;
979 }
980
981 anonce = ftie->anonce;
982 snonce = ftie->snonce;
983 fte_elem_count = ftie->mic_control[1];
984 fte_mic = ftie->mic;
985 } else {
986 struct rsn_ftie *ftie;
987
988 ftie = (struct rsn_ftie *) parse.ftie;
989 if (!ftie || parse.ftie_len < sizeof(*ftie)) {
990 wpa_printf(MSG_DEBUG, "FT: Invalid FTIE");
991 return -1;
992 }
993
994 anonce = ftie->anonce;
995 snonce = ftie->snonce;
996 fte_elem_count = ftie->mic_control[1];
997 fte_mic = ftie->mic;
998 }
999
1000 if (os_memcmp(snonce, sm->snonce, WPA_NONCE_LEN) != 0) {
1001 wpa_printf(MSG_DEBUG, "FT: SNonce mismatch in FTIE");
1002 wpa_hexdump(MSG_DEBUG, "FT: Received SNonce",
1003 snonce, WPA_NONCE_LEN);
1004 wpa_hexdump(MSG_DEBUG, "FT: Expected SNonce",
1005 sm->snonce, WPA_NONCE_LEN);
1006 return -1;
1007 }
1008
1009 if (os_memcmp(anonce, sm->anonce, WPA_NONCE_LEN) != 0) {
1010 wpa_printf(MSG_DEBUG, "FT: ANonce mismatch in FTIE");
1011 wpa_hexdump(MSG_DEBUG, "FT: Received ANonce",
1012 anonce, WPA_NONCE_LEN);
1013 wpa_hexdump(MSG_DEBUG, "FT: Expected ANonce",
1014 sm->anonce, WPA_NONCE_LEN);
1015 return -1;
1016 }
1017
1018 if (parse.r0kh_id == NULL) {
1019 wpa_printf(MSG_DEBUG, "FT: No R0KH-ID subelem in FTIE");
1020 return -1;
1021 }
1022
1023 if (parse.r0kh_id_len != sm->r0kh_id_len ||
1024 os_memcmp_const(parse.r0kh_id, sm->r0kh_id, parse.r0kh_id_len) != 0)
1025 {
1026 wpa_printf(MSG_DEBUG, "FT: R0KH-ID in FTIE did not match with "
1027 "the current R0KH-ID");
1028 wpa_hexdump(MSG_DEBUG, "FT: R0KH-ID in FTIE",
1029 parse.r0kh_id, parse.r0kh_id_len);
1030 wpa_hexdump(MSG_DEBUG, "FT: The current R0KH-ID",
1031 sm->r0kh_id, sm->r0kh_id_len);
1032 return -1;
1033 }
1034
1035 if (parse.r1kh_id == NULL) {
1036 wpa_printf(MSG_DEBUG, "FT: No R1KH-ID subelem in FTIE");
1037 return -1;
1038 }
1039
1040 if (os_memcmp_const(parse.r1kh_id, sm->r1kh_id, FT_R1KH_ID_LEN) != 0) {
1041 wpa_printf(MSG_DEBUG, "FT: Unknown R1KH-ID used in "
1042 "ReassocResp");
1043 return -1;
1044 }
1045
1046 if (parse.rsn_pmkid == NULL ||
1047 os_memcmp_const(parse.rsn_pmkid, sm->pmk_r1_name, WPA_PMK_NAME_LEN))
1048 {
1049 wpa_printf(MSG_DEBUG, "FT: No matching PMKR1Name (PMKID) in "
1050 "RSNIE (pmkid=%d)", !!parse.rsn_pmkid);
1051 return -1;
1052 }
1053
1054 count = 3;
1055 if (parse.ric)
1056 count += ieee802_11_ie_count(parse.ric, parse.ric_len);
1057 if (parse.rsnxe)
1058 count++;
1059 if (fte_elem_count != count) {
1060 wpa_printf(MSG_DEBUG, "FT: Unexpected IE count in MIC "
1061 "Control: received %u expected %u",
1062 fte_elem_count, count);
1063 return -1;
1064 }
1065
1066 if (wpa_key_mgmt_fils(sm->key_mgmt)) {
1067 kck = sm->ptk.kck2;
1068 kck_len = sm->ptk.kck2_len;
1069 } else {
1070 kck = sm->ptk.kck;
1071 kck_len = sm->ptk.kck_len;
1072 }
1073
1074 if (wpa_ft_mic(kck, kck_len, sm->own_addr, src_addr, 6,
1075 parse.mdie - 2, parse.mdie_len + 2,
1076 parse.ftie - 2, parse.ftie_len + 2,
1077 parse.rsn - 2, parse.rsn_len + 2,
1078 parse.ric, parse.ric_len,
1079 parse.rsnxe ? parse.rsnxe - 2 : NULL,
1080 parse.rsnxe ? parse.rsnxe_len + 2 : 0,
1081 mic) < 0) {
1082 wpa_printf(MSG_DEBUG, "FT: Failed to calculate MIC");
1083 return -1;
1084 }
1085
1086 if (os_memcmp_const(mic, fte_mic, 16) != 0) {
1087 wpa_printf(MSG_DEBUG, "FT: Invalid MIC in FTIE");
1088 wpa_hexdump(MSG_MSGDUMP, "FT: Received MIC", fte_mic, 16);
1089 wpa_hexdump(MSG_MSGDUMP, "FT: Calculated MIC", mic, 16);
1090 return -1;
1091 }
1092
1093 if (!sm->ap_rsn_ie) {
1094 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1095 "FT: No RSNE for this AP known - trying to get from scan results");
1096 if (wpa_sm_get_beacon_ie(sm) < 0) {
1097 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1098 "FT: Could not find AP from the scan results");
1099 return -1;
1100 }
1101 wpa_msg(sm->ctx->msg_ctx, MSG_DEBUG,
1102 "FT: Found the current AP from updated scan results");
1103 }
1104
1105 if (sm->ap_rsn_ie &&
1106 wpa_compare_rsn_ie(wpa_key_mgmt_ft(sm->key_mgmt),
1107 sm->ap_rsn_ie, sm->ap_rsn_ie_len,
1108 parse.rsn - 2, parse.rsn_len + 2)) {
1109 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1110 "FT: RSNE mismatch between Beacon/ProbeResp and FT protocol Reassociation Response frame");
1111 wpa_hexdump(MSG_INFO, "RSNE in Beacon/ProbeResp",
1112 sm->ap_rsn_ie, sm->ap_rsn_ie_len);
1113 wpa_hexdump(MSG_INFO,
1114 "RSNE in FT protocol Reassociation Response frame",
1115 parse.rsn ? parse.rsn - 2 : NULL,
1116 parse.rsn ? parse.rsn_len + 2 : 0);
1117 return -1;
1118 }
1119
1120 if ((sm->ap_rsnxe && !parse.rsnxe) ||
1121 (!sm->ap_rsnxe && parse.rsnxe) ||
1122 (sm->ap_rsnxe && parse.rsnxe &&
1123 (sm->ap_rsnxe_len != 2 + parse.rsnxe_len ||
1124 os_memcmp(sm->ap_rsnxe, parse.rsnxe - 2,
1125 sm->ap_rsnxe_len) != 0))) {
1126 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1127 "FT: RSNXE mismatch between Beacon/ProbeResp and FT protocol Reassociation Response frame");
1128 wpa_hexdump(MSG_INFO, "RSNXE in Beacon/ProbeResp",
1129 sm->ap_rsnxe, sm->ap_rsnxe_len);
1130 wpa_hexdump(MSG_INFO,
1131 "RSNXE in FT protocol Reassociation Response frame",
1132 parse.rsnxe ? parse.rsnxe - 2 : NULL,
1133 parse.rsnxe ? parse.rsnxe_len + 2 : 0);
1134 return -1;
1135 }
1136
1137 #ifdef CONFIG_OCV
1138 if (wpa_sm_ocv_enabled(sm)) {
1139 struct wpa_channel_info ci;
1140
1141 if (wpa_sm_channel_info(sm, &ci) != 0) {
1142 wpa_printf(MSG_WARNING,
1143 "Failed to get channel info to validate received OCI in (Re)Assoc Response");
1144 return -1;
1145 }
1146
1147 if (ocv_verify_tx_params(parse.oci, parse.oci_len, &ci,
1148 channel_width_to_int(ci.chanwidth),
1149 ci.seg1_idx) != 0) {
1150 wpa_printf(MSG_WARNING, "%s", ocv_errorstr);
1151 return -1;
1152 }
1153 }
1154 #endif /* CONFIG_OCV */
1155
1156 sm->ft_reassoc_completed = 1;
1157
1158 if (wpa_ft_process_gtk_subelem(sm, parse.gtk, parse.gtk_len) < 0 ||
1159 wpa_ft_process_igtk_subelem(sm, parse.igtk, parse.igtk_len) < 0 ||
1160 wpa_ft_process_bigtk_subelem(sm, parse.bigtk, parse.bigtk_len) < 0)
1161 return -1;
1162
1163 if (sm->set_ptk_after_assoc) {
1164 wpa_printf(MSG_DEBUG, "FT: Try to set PTK again now that we "
1165 "are associated");
1166 if (wpa_ft_install_ptk(sm, src_addr) < 0)
1167 return -1;
1168 sm->set_ptk_after_assoc = 0;
1169 }
1170
1171 if (parse.ric) {
1172 wpa_hexdump(MSG_MSGDUMP, "FT: RIC Response",
1173 parse.ric, parse.ric_len);
1174 /* TODO: parse response and inform driver about results when
1175 * using wpa_supplicant SME */
1176 }
1177
1178 wpa_printf(MSG_DEBUG, "FT: Completed successfully");
1179
1180 return 0;
1181 }
1182
1183
1184 /**
1185 * wpa_ft_start_over_ds - Generate over-the-DS auth request
1186 * @sm: Pointer to WPA state machine data from wpa_sm_init()
1187 * @target_ap: Target AP Address
1188 * @mdie: Mobility Domain IE from the target AP
1189 * Returns: 0 on success, -1 on failure
1190 */
1191 int wpa_ft_start_over_ds(struct wpa_sm *sm, const u8 *target_ap,
1192 const u8 *mdie)
1193 {
1194 u8 *ft_ies;
1195 size_t ft_ies_len;
1196
1197 wpa_printf(MSG_DEBUG, "FT: Request over-the-DS with " MACSTR,
1198 MAC2STR(target_ap));
1199
1200 /* Generate a new SNonce */
1201 if (random_get_bytes(sm->snonce, WPA_NONCE_LEN)) {
1202 wpa_printf(MSG_INFO, "FT: Failed to generate a new SNonce");
1203 return -1;
1204 }
1205
1206 ft_ies = wpa_ft_gen_req_ies(sm, &ft_ies_len, NULL, sm->pmk_r0_name,
1207 NULL, 0, target_ap, NULL, 0, mdie);
1208 if (ft_ies) {
1209 sm->over_the_ds_in_progress = 1;
1210 os_memcpy(sm->target_ap, target_ap, ETH_ALEN);
1211 wpa_sm_send_ft_action(sm, 1, target_ap, ft_ies, ft_ies_len);
1212 os_free(ft_ies);
1213 }
1214
1215 return 0;
1216 }
1217
1218 #endif /* CONFIG_IEEE80211R */
Unnamed repository; edit this file 'description' to name the repository.