1 /* 2 * hostapd - IEEE 802.11r - Fast BSS Transition 3 * Copyright (c) 2004-2018, Jouni Malinen <j (at) w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9 #include "utils/includes.h" 10 11 #include "utils/common.h" 12 #include "utils/eloop.h" 13 #include "utils/list.h" 14 #include "common/ieee802_11_defs.h" 15 #include "common/ieee802_11_common.h" 16 #include "common/ocv.h" 17 #include "drivers/driver.h" 18 #include "crypto/aes.h" 19 #include "crypto/aes_siv.h" 20 #include "crypto/aes_wrap.h" 21 #include "crypto/sha384.h" 22 #include "crypto/random.h" 23 #include "ap_config.h" 24 #include "ieee802_11.h" 25 #include "wmm.h" 26 #include "wpa_auth.h" 27 #include "wpa_auth_i.h" 28 29 30 #ifdef CONFIG_IEEE80211R_AP 31 32 const unsigned int ftRRBseqTimeout = 10; 33 const unsigned int ftRRBmaxQueueLen = 100; 34 35 36 static int wpa_ft_send_rrb_auth_resp(struct wpa_state_machine *sm, 37 const u8 *current_ap, const u8 *sta_addr, 38 u16 status, const u8 *resp_ies, 39 size_t resp_ies_len); 40 static void ft_finish_pull(struct wpa_state_machine *sm); 41 static void wpa_ft_expire_pull(void *eloop_ctx, void *timeout_ctx); 42 static void wpa_ft_rrb_seq_timeout(void *eloop_ctx, void *timeout_ctx); 43 44 struct tlv_list { 45 u16 type; 46 size_t len; 47 const u8 *data; 48 }; 49 50 51 /** 52 * wpa_ft_rrb_decrypt - Decrypt FT RRB message 53 * @key: AES-SIV key for AEAD 54 * @key_len: Length of key in octets 55 * @enc: Pointer to encrypted TLVs 56 * @enc_len: Length of encrypted TLVs in octets 57 * @auth: Pointer to authenticated TLVs 58 * @auth_len: Length of authenticated TLVs in octets 59 * @src_addr: MAC address of the frame sender 60 * @type: Vendor-specific subtype of the RRB frame (FT_PACKET_*) 61 * @plain: Pointer to return the pointer to the allocated plaintext buffer; 62 * needs to be freed by the caller if not NULL; 63 * will only be returned on success 64 * @plain_len: Pointer to return the length of the allocated plaintext buffer 65 * in octets 66 * Returns: 0 on success, -1 on error 67 */ 68 static int wpa_ft_rrb_decrypt(const u8 *key, const size_t key_len, 69 const u8 *enc, size_t enc_len, 70 const u8 *auth, const size_t auth_len, 71 const u8 *src_addr, u8 type, 72 u8 **plain, size_t *plain_size) 73 { 74 const u8 *ad[3] = { src_addr, auth, &type }; 75 size_t ad_len[3] = { ETH_ALEN, auth_len, sizeof(type) }; 76 77 wpa_printf(MSG_DEBUG, "FT(RRB): src_addr=" MACSTR " type=%u", 78 MAC2STR(src_addr), type); 79 wpa_hexdump_key(MSG_DEBUG, "FT(RRB): decrypt using key", key, key_len); 80 wpa_hexdump(MSG_DEBUG, "FT(RRB): encrypted TLVs", enc, enc_len); 81 wpa_hexdump(MSG_DEBUG, "FT(RRB): authenticated TLVs", auth, auth_len); 82 83 if (!key) { /* skip decryption */ 84 *plain = os_memdup(enc, enc_len); 85 if (enc_len > 0 && !*plain) 86 goto err; 87 88 *plain_size = enc_len; 89 90 return 0; 91 } 92 93 *plain = NULL; 94 95 /* SIV overhead */ 96 if (enc_len < AES_BLOCK_SIZE) 97 goto err; 98 99 *plain = os_zalloc(enc_len - AES_BLOCK_SIZE); 100 if (!*plain) 101 goto err; 102 103 if (aes_siv_decrypt(key, key_len, enc, enc_len, 3, ad, ad_len, 104 *plain) < 0) { 105 if (enc_len < AES_BLOCK_SIZE + 2) 106 goto err; 107 108 /* Try to work around Ethernet devices that add extra 109 * two octet padding even if the frame is longer than 110 * the minimum Ethernet frame. */ 111 enc_len -= 2; 112 if (aes_siv_decrypt(key, key_len, enc, enc_len, 3, ad, ad_len, 113 *plain) < 0) 114 goto err; 115 } 116 117 *plain_size = enc_len - AES_BLOCK_SIZE; 118 wpa_hexdump_key(MSG_DEBUG, "FT(RRB): decrypted TLVs", 119 *plain, *plain_size); 120 return 0; 121 err: 122 os_free(*plain); 123 *plain = NULL; 124 *plain_size = 0; 125 126 wpa_printf(MSG_ERROR, "FT(RRB): Failed to decrypt"); 127 128 return -1; 129 } 130 131 132 /* get first tlv record in packet matching type 133 * @data (decrypted) packet 134 * @return 0 on success else -1 135 */ 136 static int wpa_ft_rrb_get_tlv(const u8 *plain, size_t plain_len, 137 u16 type, size_t *tlv_len, const u8 **tlv_data) 138 { 139 const struct ft_rrb_tlv *f; 140 size_t left; 141 le16 type16; 142 size_t len; 143 144 left = plain_len; 145 type16 = host_to_le16(type); 146 147 while (left >= sizeof(*f)) { 148 f = (const struct ft_rrb_tlv *) plain; 149 150 left -= sizeof(*f); 151 plain += sizeof(*f); 152 len = le_to_host16(f->len); 153 154 if (left < len) { 155 wpa_printf(MSG_DEBUG, "FT: RRB message truncated"); 156 break; 157 } 158 159 if (f->type == type16) { 160 *tlv_len = len; 161 *tlv_data = plain; 162 return 0; 163 } 164 165 left -= len; 166 plain += len; 167 } 168 169 return -1; 170 } 171 172 173 static void wpa_ft_rrb_dump(const u8 *plain, const size_t plain_len) 174 { 175 const struct ft_rrb_tlv *f; 176 size_t left; 177 size_t len; 178 179 left = plain_len; 180 181 wpa_printf(MSG_DEBUG, "FT: RRB dump message"); 182 while (left >= sizeof(*f)) { 183 f = (const struct ft_rrb_tlv *) plain; 184 185 left -= sizeof(*f); 186 plain += sizeof(*f); 187 len = le_to_host16(f->len); 188 189 wpa_printf(MSG_DEBUG, "FT: RRB TLV type = %d, len = %zu", 190 le_to_host16(f->type), len); 191 192 if (left < len) { 193 wpa_printf(MSG_DEBUG, 194 "FT: RRB message truncated: left %zu bytes, need %zu", 195 left, len); 196 break; 197 } 198 199 wpa_hexdump(MSG_DEBUG, "FT: RRB TLV data", plain, len); 200 201 left -= len; 202 plain += len; 203 } 204 205 if (left > 0) 206 wpa_hexdump(MSG_DEBUG, "FT: RRB TLV padding", plain, left); 207 208 wpa_printf(MSG_DEBUG, "FT: RRB dump message end"); 209 } 210 211 212 static int cmp_int(const void *a, const void *b) 213 { 214 int x, y; 215 216 x = *((int *) a); 217 y = *((int *) b); 218 return x - y; 219 } 220 221 222 static int wpa_ft_rrb_get_tlv_vlan(const u8 *plain, const size_t plain_len, 223 struct vlan_description *vlan) 224 { 225 struct ft_rrb_tlv *f; 226 size_t left; 227 size_t len; 228 int taggedidx; 229 int vlan_id; 230 int type; 231 232 left = plain_len; 233 taggedidx = 0; 234 os_memset(vlan, 0, sizeof(*vlan)); 235 236 while (left >= sizeof(*f)) { 237 f = (struct ft_rrb_tlv *) plain; 238 239 left -= sizeof(*f); 240 plain += sizeof(*f); 241 242 len = le_to_host16(f->len); 243 type = le_to_host16(f->type); 244 245 if (left < len) { 246 wpa_printf(MSG_DEBUG, "FT: RRB message truncated"); 247 return -1; 248 } 249 250 if (type != FT_RRB_VLAN_UNTAGGED && type != FT_RRB_VLAN_TAGGED) 251 goto skip; 252 253 if (type == FT_RRB_VLAN_UNTAGGED && len != sizeof(le16)) { 254 wpa_printf(MSG_DEBUG, 255 "FT: RRB VLAN_UNTAGGED invalid length"); 256 return -1; 257 } 258 259 if (type == FT_RRB_VLAN_TAGGED && len % sizeof(le16) != 0) { 260 wpa_printf(MSG_DEBUG, 261 "FT: RRB VLAN_TAGGED invalid length"); 262 return -1; 263 } 264 265 while (len >= sizeof(le16)) { 266 vlan_id = WPA_GET_LE16(plain); 267 plain += sizeof(le16); 268 left -= sizeof(le16); 269 len -= sizeof(le16); 270 271 if (vlan_id <= 0 || vlan_id > MAX_VLAN_ID) { 272 wpa_printf(MSG_DEBUG, 273 "FT: RRB VLAN ID invalid %d", 274 vlan_id); 275 continue; 276 } 277 278 if (type == FT_RRB_VLAN_UNTAGGED) 279 vlan->untagged = vlan_id; 280 281 if (type == FT_RRB_VLAN_TAGGED && 282 taggedidx < MAX_NUM_TAGGED_VLAN) { 283 vlan->tagged[taggedidx] = vlan_id; 284 taggedidx++; 285 } else if (type == FT_RRB_VLAN_TAGGED) { 286 wpa_printf(MSG_DEBUG, "FT: RRB too many VLANs"); 287 } 288 } 289 290 skip: 291 left -= len; 292 plain += len; 293 } 294 295 if (taggedidx) 296 qsort(vlan->tagged, taggedidx, sizeof(int), cmp_int); 297 298 vlan->notempty = vlan->untagged || vlan->tagged[0]; 299 300 return 0; 301 } 302 303 304 static size_t wpa_ft_tlv_len(const struct tlv_list *tlvs) 305 { 306 size_t tlv_len = 0; 307 int i; 308 309 if (!tlvs) 310 return 0; 311 312 for (i = 0; tlvs[i].type != FT_RRB_LAST_EMPTY; i++) { 313 tlv_len += sizeof(struct ft_rrb_tlv); 314 tlv_len += tlvs[i].len; 315 } 316 317 return tlv_len; 318 } 319 320 321 static size_t wpa_ft_tlv_lin(const struct tlv_list *tlvs, u8 *start, 322 u8 *endpos) 323 { 324 int i; 325 size_t tlv_len; 326 struct ft_rrb_tlv *hdr; 327 u8 *pos; 328 329 if (!tlvs) 330 return 0; 331 332 tlv_len = 0; 333 pos = start; 334 for (i = 0; tlvs[i].type != FT_RRB_LAST_EMPTY; i++) { 335 if (tlv_len + sizeof(*hdr) > (size_t) (endpos - start)) 336 return tlv_len; 337 tlv_len += sizeof(*hdr); 338 hdr = (struct ft_rrb_tlv *) pos; 339 hdr->type = host_to_le16(tlvs[i].type); 340 hdr->len = host_to_le16(tlvs[i].len); 341 pos = start + tlv_len; 342 343 if (tlv_len + tlvs[i].len > (size_t) (endpos - start)) 344 return tlv_len; 345 if (tlvs[i].len == 0) 346 continue; 347 tlv_len += tlvs[i].len; 348 os_memcpy(pos, tlvs[i].data, tlvs[i].len); 349 pos = start + tlv_len; 350 } 351 352 return tlv_len; 353 } 354 355 356 static size_t wpa_ft_vlan_len(const struct vlan_description *vlan) 357 { 358 size_t tlv_len = 0; 359 int i; 360 361 if (!vlan || !vlan->notempty) 362 return 0; 363 364 if (vlan->untagged) { 365 tlv_len += sizeof(struct ft_rrb_tlv); 366 tlv_len += sizeof(le16); 367 } 368 if (vlan->tagged[0]) 369 tlv_len += sizeof(struct ft_rrb_tlv); 370 for (i = 0; i < MAX_NUM_TAGGED_VLAN && vlan->tagged[i]; i++) 371 tlv_len += sizeof(le16); 372 373 return tlv_len; 374 } 375 376 377 static size_t wpa_ft_vlan_lin(const struct vlan_description *vlan, 378 u8 *start, u8 *endpos) 379 { 380 size_t tlv_len; 381 int i, len; 382 struct ft_rrb_tlv *hdr; 383 u8 *pos = start; 384 385 if (!vlan || !vlan->notempty) 386 return 0; 387 388 tlv_len = 0; 389 if (vlan->untagged) { 390 tlv_len += sizeof(*hdr); 391 if (start + tlv_len > endpos) 392 return tlv_len; 393 hdr = (struct ft_rrb_tlv *) pos; 394 hdr->type = host_to_le16(FT_RRB_VLAN_UNTAGGED); 395 hdr->len = host_to_le16(sizeof(le16)); 396 pos = start + tlv_len; 397 398 tlv_len += sizeof(le16); 399 if (start + tlv_len > endpos) 400 return tlv_len; 401 WPA_PUT_LE16(pos, vlan->untagged); 402 pos = start + tlv_len; 403 } 404 405 if (!vlan->tagged[0]) 406 return tlv_len; 407 408 tlv_len += sizeof(*hdr); 409 if (start + tlv_len > endpos) 410 return tlv_len; 411 hdr = (struct ft_rrb_tlv *) pos; 412 hdr->type = host_to_le16(FT_RRB_VLAN_TAGGED); 413 len = 0; /* len is computed below */ 414 pos = start + tlv_len; 415 416 for (i = 0; i < MAX_NUM_TAGGED_VLAN && vlan->tagged[i]; i++) { 417 tlv_len += sizeof(le16); 418 if (start + tlv_len > endpos) 419 break; 420 len += sizeof(le16); 421 WPA_PUT_LE16(pos, vlan->tagged[i]); 422 pos = start + tlv_len; 423 } 424 425 hdr->len = host_to_le16(len); 426 427 return tlv_len; 428 } 429 430 431 static int wpa_ft_rrb_lin(const struct tlv_list *tlvs1, 432 const struct tlv_list *tlvs2, 433 const struct vlan_description *vlan, 434 u8 **plain, size_t *plain_len) 435 { 436 u8 *pos, *endpos; 437 size_t tlv_len; 438 439 tlv_len = wpa_ft_tlv_len(tlvs1); 440 tlv_len += wpa_ft_tlv_len(tlvs2); 441 tlv_len += wpa_ft_vlan_len(vlan); 442 443 *plain_len = tlv_len; 444 *plain = os_zalloc(tlv_len); 445 if (!*plain) { 446 wpa_printf(MSG_ERROR, "FT: Failed to allocate plaintext"); 447 goto err; 448 } 449 450 pos = *plain; 451 endpos = *plain + tlv_len; 452 pos += wpa_ft_tlv_lin(tlvs1, pos, endpos); 453 pos += wpa_ft_tlv_lin(tlvs2, pos, endpos); 454 pos += wpa_ft_vlan_lin(vlan, pos, endpos); 455 456 /* sanity check */ 457 if (pos != endpos) { 458 wpa_printf(MSG_ERROR, "FT: Length error building RRB"); 459 goto err; 460 } 461 462 return 0; 463 464 err: 465 os_free(*plain); 466 *plain = NULL; 467 *plain_len = 0; 468 return -1; 469 } 470 471 472 static int wpa_ft_rrb_encrypt(const u8 *key, const size_t key_len, 473 const u8 *plain, const size_t plain_len, 474 const u8 *auth, const size_t auth_len, 475 const u8 *src_addr, u8 type, u8 *enc) 476 { 477 const u8 *ad[3] = { src_addr, auth, &type }; 478 size_t ad_len[3] = { ETH_ALEN, auth_len, sizeof(type) }; 479 480 wpa_printf(MSG_DEBUG, "FT(RRB): src_addr=" MACSTR " type=%u", 481 MAC2STR(src_addr), type); 482 wpa_hexdump_key(MSG_DEBUG, "FT(RRB): plaintext message", 483 plain, plain_len); 484 wpa_hexdump_key(MSG_DEBUG, "FT(RRB): encrypt using key", key, key_len); 485 wpa_hexdump(MSG_DEBUG, "FT(RRB): authenticated TLVs", auth, auth_len); 486 487 if (!key) { 488 /* encryption not needed, return plaintext as packet */ 489 os_memcpy(enc, plain, plain_len); 490 } else if (aes_siv_encrypt(key, key_len, plain, plain_len, 491 3, ad, ad_len, enc) < 0) { 492 wpa_printf(MSG_ERROR, "FT: Failed to encrypt RRB-OUI message"); 493 return -1; 494 } 495 wpa_hexdump(MSG_DEBUG, "FT(RRB): encrypted TLVs", 496 enc, plain_len + AES_BLOCK_SIZE); 497 498 return 0; 499 } 500 501 502 /** 503 * wpa_ft_rrb_build - Build and encrypt an FT RRB message 504 * @key: AES-SIV key for AEAD 505 * @key_len: Length of key in octets 506 * @tlvs_enc0: First set of to-be-encrypted TLVs 507 * @tlvs_enc1: Second set of to-be-encrypted TLVs 508 * @tlvs_auth: Set of to-be-authenticated TLVs 509 * @src_addr: MAC address of the frame sender 510 * @type: Vendor-specific subtype of the RRB frame (FT_PACKET_*) 511 * @packet Pointer to return the pointer to the allocated packet buffer; 512 * needs to be freed by the caller if not null; 513 * will only be returned on success 514 * @packet_len: Pointer to return the length of the allocated buffer in octets 515 * Returns: 0 on success, -1 on error 516 */ 517 static int wpa_ft_rrb_build(const u8 *key, const size_t key_len, 518 const struct tlv_list *tlvs_enc0, 519 const struct tlv_list *tlvs_enc1, 520 const struct tlv_list *tlvs_auth, 521 const struct vlan_description *vlan, 522 const u8 *src_addr, u8 type, 523 u8 **packet, size_t *packet_len) 524 { 525 u8 *plain = NULL, *auth = NULL, *pos, *tmp; 526 size_t plain_len = 0, auth_len = 0; 527 int ret = -1; 528 size_t pad_len = 0; 529 530 *packet = NULL; 531 if (wpa_ft_rrb_lin(tlvs_enc0, tlvs_enc1, vlan, &plain, &plain_len) < 0) 532 goto out; 533 534 if (wpa_ft_rrb_lin(tlvs_auth, NULL, NULL, &auth, &auth_len) < 0) 535 goto out; 536 537 *packet_len = sizeof(u16) + auth_len + plain_len; 538 if (key) 539 *packet_len += AES_BLOCK_SIZE; 540 #define RRB_MIN_MSG_LEN 64 541 if (*packet_len < RRB_MIN_MSG_LEN) { 542 pad_len = RRB_MIN_MSG_LEN - *packet_len; 543 if (pad_len < sizeof(struct ft_rrb_tlv)) 544 pad_len = sizeof(struct ft_rrb_tlv); 545 wpa_printf(MSG_DEBUG, 546 "FT: Pad message to minimum Ethernet frame length (%d --> %d)", 547 (int) *packet_len, (int) (*packet_len + pad_len)); 548 *packet_len += pad_len; 549 tmp = os_realloc(auth, auth_len + pad_len); 550 if (!tmp) 551 goto out; 552 auth = tmp; 553 pos = auth + auth_len; 554 WPA_PUT_LE16(pos, FT_RRB_LAST_EMPTY); 555 pos += 2; 556 WPA_PUT_LE16(pos, pad_len - sizeof(struct ft_rrb_tlv)); 557 pos += 2; 558 os_memset(pos, 0, pad_len - sizeof(struct ft_rrb_tlv)); 559 auth_len += pad_len; 560 561 } 562 *packet = os_zalloc(*packet_len); 563 if (!*packet) 564 goto out; 565 566 pos = *packet; 567 WPA_PUT_LE16(pos, auth_len); 568 pos += 2; 569 os_memcpy(pos, auth, auth_len); 570 pos += auth_len; 571 if (wpa_ft_rrb_encrypt(key, key_len, plain, plain_len, auth, 572 auth_len, src_addr, type, pos) < 0) 573 goto out; 574 wpa_hexdump(MSG_MSGDUMP, "FT: RRB frame payload", *packet, *packet_len); 575 576 ret = 0; 577 578 out: 579 bin_clear_free(plain, plain_len); 580 os_free(auth); 581 582 if (ret) { 583 wpa_printf(MSG_ERROR, "FT: Failed to build RRB-OUI message"); 584 os_free(*packet); 585 *packet = NULL; 586 *packet_len = 0; 587 } 588 589 return ret; 590 } 591 592 593 #define RRB_GET_SRC(srcfield, type, field, txt, checklength) do { \ 594 if (wpa_ft_rrb_get_tlv(srcfield, srcfield##_len, type, \ 595 &f_##field##_len, &f_##field) < 0 || \ 596 (checklength > 0 && ((size_t) checklength) != f_##field##_len)) { \ 597 wpa_printf(MSG_INFO, "FT: Missing required " #field \ 598 " in %s from " MACSTR, txt, MAC2STR(src_addr)); \ 599 wpa_ft_rrb_dump(srcfield, srcfield##_len); \ 600 goto out; \ 601 } \ 602 } while (0) 603 604 #define RRB_GET(type, field, txt, checklength) \ 605 RRB_GET_SRC(plain, type, field, txt, checklength) 606 #define RRB_GET_AUTH(type, field, txt, checklength) \ 607 RRB_GET_SRC(auth, type, field, txt, checklength) 608 609 #define RRB_GET_OPTIONAL_SRC(srcfield, type, field, txt, checklength) do { \ 610 if (wpa_ft_rrb_get_tlv(srcfield, srcfield##_len, type, \ 611 &f_##field##_len, &f_##field) < 0 || \ 612 (checklength > 0 && ((size_t) checklength) != f_##field##_len)) { \ 613 wpa_printf(MSG_DEBUG, "FT: Missing optional " #field \ 614 " in %s from " MACSTR, txt, MAC2STR(src_addr)); \ 615 f_##field##_len = 0; \ 616 f_##field = NULL; \ 617 } \ 618 } while (0) 619 620 #define RRB_GET_OPTIONAL(type, field, txt, checklength) \ 621 RRB_GET_OPTIONAL_SRC(plain, type, field, txt, checklength) 622 #define RRB_GET_OPTIONAL_AUTH(type, field, txt, checklength) \ 623 RRB_GET_OPTIONAL_SRC(auth, type, field, txt, checklength) 624 625 static int wpa_ft_rrb_send(struct wpa_authenticator *wpa_auth, const u8 *dst, 626 const u8 *data, size_t data_len) 627 { 628 if (wpa_auth->cb->send_ether == NULL) 629 return -1; 630 wpa_printf(MSG_DEBUG, "FT: RRB send to " MACSTR, MAC2STR(dst)); 631 return wpa_auth->cb->send_ether(wpa_auth->cb_ctx, dst, ETH_P_RRB, 632 data, data_len); 633 } 634 635 636 static int wpa_ft_rrb_oui_send(struct wpa_authenticator *wpa_auth, 637 const u8 *dst, u8 oui_suffix, 638 const u8 *data, size_t data_len) 639 { 640 if (!wpa_auth->cb->send_oui) 641 return -1; 642 wpa_printf(MSG_DEBUG, "FT: RRB-OUI type %u send to " MACSTR " (len=%u)", 643 oui_suffix, MAC2STR(dst), (unsigned int) data_len); 644 return wpa_auth->cb->send_oui(wpa_auth->cb_ctx, dst, oui_suffix, data, 645 data_len); 646 } 647 648 649 static int wpa_ft_action_send(struct wpa_authenticator *wpa_auth, 650 const u8 *dst, const u8 *data, size_t data_len) 651 { 652 if (wpa_auth->cb->send_ft_action == NULL) 653 return -1; 654 return wpa_auth->cb->send_ft_action(wpa_auth->cb_ctx, dst, 655 data, data_len); 656 } 657 658 659 static const u8 * wpa_ft_get_psk(struct wpa_authenticator *wpa_auth, 660 const u8 *addr, const u8 *p2p_dev_addr, 661 const u8 *prev_psk) 662 { 663 if (wpa_auth->cb->get_psk == NULL) 664 return NULL; 665 return wpa_auth->cb->get_psk(wpa_auth->cb_ctx, addr, p2p_dev_addr, 666 prev_psk, NULL, NULL); 667 } 668 669 670 static struct wpa_state_machine * 671 wpa_ft_add_sta(struct wpa_authenticator *wpa_auth, const u8 *sta_addr) 672 { 673 if (wpa_auth->cb->add_sta == NULL) 674 return NULL; 675 return wpa_auth->cb->add_sta(wpa_auth->cb_ctx, sta_addr); 676 } 677 678 679 static int wpa_ft_set_vlan(struct wpa_authenticator *wpa_auth, 680 const u8 *sta_addr, struct vlan_description *vlan) 681 { 682 if (!wpa_auth->cb->set_vlan) 683 return -1; 684 return wpa_auth->cb->set_vlan(wpa_auth->cb_ctx, sta_addr, vlan); 685 } 686 687 688 static int wpa_ft_get_vlan(struct wpa_authenticator *wpa_auth, 689 const u8 *sta_addr, struct vlan_description *vlan) 690 { 691 if (!wpa_auth->cb->get_vlan) 692 return -1; 693 return wpa_auth->cb->get_vlan(wpa_auth->cb_ctx, sta_addr, vlan); 694 } 695 696 697 static int 698 wpa_ft_set_identity(struct wpa_authenticator *wpa_auth, const u8 *sta_addr, 699 const u8 *identity, size_t identity_len) 700 { 701 if (!wpa_auth->cb->set_identity) 702 return -1; 703 return wpa_auth->cb->set_identity(wpa_auth->cb_ctx, sta_addr, identity, 704 identity_len); 705 } 706 707 708 static size_t 709 wpa_ft_get_identity(struct wpa_authenticator *wpa_auth, const u8 *sta_addr, 710 const u8 **buf) 711 { 712 *buf = NULL; 713 if (!wpa_auth->cb->get_identity) 714 return 0; 715 return wpa_auth->cb->get_identity(wpa_auth->cb_ctx, sta_addr, buf); 716 } 717 718 719 static int 720 wpa_ft_set_radius_cui(struct wpa_authenticator *wpa_auth, const u8 *sta_addr, 721 const u8 *radius_cui, size_t radius_cui_len) 722 { 723 if (!wpa_auth->cb->set_radius_cui) 724 return -1; 725 return wpa_auth->cb->set_radius_cui(wpa_auth->cb_ctx, sta_addr, 726 radius_cui, radius_cui_len); 727 } 728 729 730 static size_t 731 wpa_ft_get_radius_cui(struct wpa_authenticator *wpa_auth, const u8 *sta_addr, 732 const u8 **buf) 733 { 734 *buf = NULL; 735 if (!wpa_auth->cb->get_radius_cui) 736 return 0; 737 return wpa_auth->cb->get_radius_cui(wpa_auth->cb_ctx, sta_addr, buf); 738 } 739 740 741 static void 742 wpa_ft_set_session_timeout(struct wpa_authenticator *wpa_auth, 743 const u8 *sta_addr, int session_timeout) 744 { 745 if (!wpa_auth->cb->set_session_timeout) 746 return; 747 wpa_auth->cb->set_session_timeout(wpa_auth->cb_ctx, sta_addr, 748 session_timeout); 749 } 750 751 752 static int 753 wpa_ft_get_session_timeout(struct wpa_authenticator *wpa_auth, 754 const u8 *sta_addr) 755 { 756 if (!wpa_auth->cb->get_session_timeout) 757 return 0; 758 return wpa_auth->cb->get_session_timeout(wpa_auth->cb_ctx, sta_addr); 759 } 760 761 762 static int wpa_ft_add_tspec(struct wpa_authenticator *wpa_auth, 763 const u8 *sta_addr, 764 u8 *tspec_ie, size_t tspec_ielen) 765 { 766 if (wpa_auth->cb->add_tspec == NULL) { 767 wpa_printf(MSG_DEBUG, "FT: add_tspec is not initialized"); 768 return -1; 769 } 770 return wpa_auth->cb->add_tspec(wpa_auth->cb_ctx, sta_addr, tspec_ie, 771 tspec_ielen); 772 } 773 774 775 #ifdef CONFIG_OCV 776 static int wpa_channel_info(struct wpa_authenticator *wpa_auth, 777 struct wpa_channel_info *ci) 778 { 779 if (!wpa_auth->cb->channel_info) 780 return -1; 781 return wpa_auth->cb->channel_info(wpa_auth->cb_ctx, ci); 782 } 783 #endif /* CONFIG_OCV */ 784 785 786 int wpa_write_mdie(struct wpa_auth_config *conf, u8 *buf, size_t len) 787 { 788 u8 *pos = buf; 789 u8 capab; 790 if (len < 2 + sizeof(struct rsn_mdie)) 791 return -1; 792 793 *pos++ = WLAN_EID_MOBILITY_DOMAIN; 794 *pos++ = MOBILITY_DOMAIN_ID_LEN + 1; 795 os_memcpy(pos, conf->mobility_domain, MOBILITY_DOMAIN_ID_LEN); 796 pos += MOBILITY_DOMAIN_ID_LEN; 797 capab = 0; 798 if (conf->ft_over_ds) 799 capab |= RSN_FT_CAPAB_FT_OVER_DS; 800 *pos++ = capab; 801 802 return pos - buf; 803 } 804 805 806 int wpa_write_ftie(struct wpa_auth_config *conf, int use_sha384, 807 const u8 *r0kh_id, size_t r0kh_id_len, 808 const u8 *anonce, const u8 *snonce, 809 u8 *buf, size_t len, const u8 *subelem, 810 size_t subelem_len) 811 { 812 u8 *pos = buf, *ielen; 813 size_t hdrlen = use_sha384 ? sizeof(struct rsn_ftie_sha384) : 814 sizeof(struct rsn_ftie); 815 816 if (len < 2 + hdrlen + 2 + FT_R1KH_ID_LEN + 2 + r0kh_id_len + 817 subelem_len) 818 return -1; 819 820 *pos++ = WLAN_EID_FAST_BSS_TRANSITION; 821 ielen = pos++; 822 823 if (use_sha384) { 824 struct rsn_ftie_sha384 *hdr = (struct rsn_ftie_sha384 *) pos; 825 826 os_memset(hdr, 0, sizeof(*hdr)); 827 pos += sizeof(*hdr); 828 WPA_PUT_LE16(hdr->mic_control, 0); 829 if (anonce) 830 os_memcpy(hdr->anonce, anonce, WPA_NONCE_LEN); 831 if (snonce) 832 os_memcpy(hdr->snonce, snonce, WPA_NONCE_LEN); 833 } else { 834 struct rsn_ftie *hdr = (struct rsn_ftie *) pos; 835 836 os_memset(hdr, 0, sizeof(*hdr)); 837 pos += sizeof(*hdr); 838 WPA_PUT_LE16(hdr->mic_control, 0); 839 if (anonce) 840 os_memcpy(hdr->anonce, anonce, WPA_NONCE_LEN); 841 if (snonce) 842 os_memcpy(hdr->snonce, snonce, WPA_NONCE_LEN); 843 } 844 845 /* Optional Parameters */ 846 *pos++ = FTIE_SUBELEM_R1KH_ID; 847 *pos++ = FT_R1KH_ID_LEN; 848 os_memcpy(pos, conf->r1_key_holder, FT_R1KH_ID_LEN); 849 pos += FT_R1KH_ID_LEN; 850 851 if (r0kh_id) { 852 *pos++ = FTIE_SUBELEM_R0KH_ID; 853 *pos++ = r0kh_id_len; 854 os_memcpy(pos, r0kh_id, r0kh_id_len); 855 pos += r0kh_id_len; 856 } 857 858 if (subelem) { 859 os_memcpy(pos, subelem, subelem_len); 860 pos += subelem_len; 861 } 862 863 *ielen = pos - buf - 2; 864 865 return pos - buf; 866 } 867 868 869 /* A packet to be handled after seq response */ 870 struct ft_remote_item { 871 struct dl_list list; 872 873 u8 nonce[FT_RRB_NONCE_LEN]; 874 struct os_reltime nonce_ts; 875 876 u8 src_addr[ETH_ALEN]; 877 u8 *enc; 878 size_t enc_len; 879 u8 *auth; 880 size_t auth_len; 881 int (*cb)(struct wpa_authenticator *wpa_auth, 882 const u8 *src_addr, 883 const u8 *enc, size_t enc_len, 884 const u8 *auth, size_t auth_len, 885 int no_defer); 886 }; 887 888 889 static void wpa_ft_rrb_seq_free(struct ft_remote_item *item) 890 { 891 eloop_cancel_timeout(wpa_ft_rrb_seq_timeout, ELOOP_ALL_CTX, item); 892 dl_list_del(&item->list); 893 bin_clear_free(item->enc, item->enc_len); 894 os_free(item->auth); 895 os_free(item); 896 } 897 898 899 static void wpa_ft_rrb_seq_flush(struct wpa_authenticator *wpa_auth, 900 struct ft_remote_seq *rkh_seq, int cb) 901 { 902 struct ft_remote_item *item, *n; 903 904 dl_list_for_each_safe(item, n, &rkh_seq->rx.queue, 905 struct ft_remote_item, list) { 906 if (cb && item->cb) 907 item->cb(wpa_auth, item->src_addr, item->enc, 908 item->enc_len, item->auth, item->auth_len, 1); 909 wpa_ft_rrb_seq_free(item); 910 } 911 } 912 913 914 static void wpa_ft_rrb_seq_timeout(void *eloop_ctx, void *timeout_ctx) 915 { 916 struct ft_remote_item *item = timeout_ctx; 917 918 wpa_ft_rrb_seq_free(item); 919 } 920 921 922 static int 923 wpa_ft_rrb_seq_req(struct wpa_authenticator *wpa_auth, 924 struct ft_remote_seq *rkh_seq, const u8 *src_addr, 925 const u8 *f_r0kh_id, size_t f_r0kh_id_len, 926 const u8 *f_r1kh_id, const u8 *key, size_t key_len, 927 const u8 *enc, size_t enc_len, 928 const u8 *auth, size_t auth_len, 929 int (*cb)(struct wpa_authenticator *wpa_auth, 930 const u8 *src_addr, 931 const u8 *enc, size_t enc_len, 932 const u8 *auth, size_t auth_len, 933 int no_defer)) 934 { 935 struct ft_remote_item *item = NULL; 936 u8 *packet = NULL; 937 size_t packet_len; 938 struct tlv_list seq_req_auth[] = { 939 { .type = FT_RRB_NONCE, .len = FT_RRB_NONCE_LEN, 940 .data = NULL /* to be filled: item->nonce */ }, 941 { .type = FT_RRB_R0KH_ID, .len = f_r0kh_id_len, 942 .data = f_r0kh_id }, 943 { .type = FT_RRB_R1KH_ID, .len = FT_R1KH_ID_LEN, 944 .data = f_r1kh_id }, 945 { .type = FT_RRB_LAST_EMPTY, .len = 0, .data = NULL }, 946 }; 947 948 if (dl_list_len(&rkh_seq->rx.queue) >= ftRRBmaxQueueLen) { 949 wpa_printf(MSG_DEBUG, "FT: Sequence number queue too long"); 950 goto err; 951 } 952 953 wpa_printf(MSG_DEBUG, "FT: Send out sequence number request to " MACSTR, 954 MAC2STR(src_addr)); 955 item = os_zalloc(sizeof(*item)); 956 if (!item) 957 goto err; 958 959 os_memcpy(item->src_addr, src_addr, ETH_ALEN); 960 item->cb = cb; 961 962 if (random_get_bytes(item->nonce, FT_RRB_NONCE_LEN) < 0) { 963 wpa_printf(MSG_DEBUG, "FT: Seq num nonce: out of random bytes"); 964 goto err; 965 } 966 967 if (os_get_reltime(&item->nonce_ts) < 0) 968 goto err; 969 970 if (enc && enc_len > 0) { 971 item->enc = os_memdup(enc, enc_len); 972 item->enc_len = enc_len; 973 if (!item->enc) 974 goto err; 975 } 976 977 if (auth && auth_len > 0) { 978 item->auth = os_memdup(auth, auth_len); 979 item->auth_len = auth_len; 980 if (!item->auth) 981 goto err; 982 } 983 984 eloop_register_timeout(ftRRBseqTimeout, 0, wpa_ft_rrb_seq_timeout, 985 wpa_auth, item); 986 987 seq_req_auth[0].data = item->nonce; 988 989 if (wpa_ft_rrb_build(key, key_len, NULL, NULL, seq_req_auth, NULL, 990 wpa_auth->addr, FT_PACKET_R0KH_R1KH_SEQ_REQ, 991 &packet, &packet_len) < 0) { 992 item = NULL; /* some other seq resp might still accept this */ 993 goto err; 994 } 995 996 dl_list_add(&rkh_seq->rx.queue, &item->list); 997 998 wpa_ft_rrb_oui_send(wpa_auth, src_addr, FT_PACKET_R0KH_R1KH_SEQ_REQ, 999 packet, packet_len); 1000 1001 os_free(packet); 1002 1003 return 0; 1004 err: 1005 wpa_printf(MSG_DEBUG, "FT: Failed to send sequence number request"); 1006 if (item) { 1007 os_free(item->auth); 1008 bin_clear_free(item->enc, item->enc_len); 1009 os_free(item); 1010 } 1011 1012 return -1; 1013 } 1014 1015 1016 #define FT_RRB_SEQ_OK 0 1017 #define FT_RRB_SEQ_DROP 1 1018 #define FT_RRB_SEQ_DEFER 2 1019 1020 static int 1021 wpa_ft_rrb_seq_chk(struct ft_remote_seq *rkh_seq, const u8 *src_addr, 1022 const u8 *enc, size_t enc_len, 1023 const u8 *auth, size_t auth_len, 1024 const char *msgtype, int no_defer) 1025 { 1026 const u8 *f_seq; 1027 size_t f_seq_len; 1028 const struct ft_rrb_seq *msg_both; 1029 u32 msg_seq, msg_off, rkh_off; 1030 struct os_reltime now; 1031 unsigned int i; 1032 1033 RRB_GET_AUTH(FT_RRB_SEQ, seq, msgtype, sizeof(*msg_both)); 1034 wpa_hexdump(MSG_DEBUG, "FT: sequence number", f_seq, f_seq_len); 1035 msg_both = (const struct ft_rrb_seq *) f_seq; 1036 1037 if (rkh_seq->rx.num_last == 0) { 1038 /* first packet from remote */ 1039 goto defer; 1040 } 1041 1042 if (le_to_host32(msg_both->dom) != rkh_seq->rx.dom) { 1043 /* remote might have rebooted */ 1044 goto defer; 1045 } 1046 1047 if (os_get_reltime(&now) == 0) { 1048 u32 msg_ts_now_remote, msg_ts_off; 1049 struct os_reltime now_remote; 1050 1051 os_reltime_sub(&now, &rkh_seq->rx.time_offset, &now_remote); 1052 msg_ts_now_remote = now_remote.sec; 1053 msg_ts_off = le_to_host32(msg_both->ts) - 1054 (msg_ts_now_remote - ftRRBseqTimeout); 1055 if (msg_ts_off > 2 * ftRRBseqTimeout) 1056 goto defer; 1057 } 1058 1059 msg_seq = le_to_host32(msg_both->seq); 1060 rkh_off = rkh_seq->rx.last[rkh_seq->rx.offsetidx]; 1061 msg_off = msg_seq - rkh_off; 1062 if (msg_off > 0xC0000000) 1063 goto out; /* too old message, drop it */ 1064 1065 if (msg_off <= 0x40000000) { 1066 for (i = 0; i < rkh_seq->rx.num_last; i++) { 1067 if (rkh_seq->rx.last[i] == msg_seq) 1068 goto out; /* duplicate message, drop it */ 1069 } 1070 1071 return FT_RRB_SEQ_OK; 1072 } 1073 1074 defer: 1075 if (no_defer) 1076 goto out; 1077 1078 wpa_printf(MSG_DEBUG, "FT: Possibly invalid sequence number in %s from " 1079 MACSTR, msgtype, MAC2STR(src_addr)); 1080 1081 return FT_RRB_SEQ_DEFER; 1082 out: 1083 wpa_printf(MSG_DEBUG, "FT: Invalid sequence number in %s from " MACSTR, 1084 msgtype, MAC2STR(src_addr)); 1085 1086 return FT_RRB_SEQ_DROP; 1087 } 1088 1089 1090 static void 1091 wpa_ft_rrb_seq_accept(struct wpa_authenticator *wpa_auth, 1092 struct ft_remote_seq *rkh_seq, const u8 *src_addr, 1093 const u8 *auth, size_t auth_len, 1094 const char *msgtype) 1095 { 1096 const u8 *f_seq; 1097 size_t f_seq_len; 1098 const struct ft_rrb_seq *msg_both; 1099 u32 msg_seq, msg_off, min_off, rkh_off; 1100 int minidx = 0; 1101 unsigned int i; 1102 1103 RRB_GET_AUTH(FT_RRB_SEQ, seq, msgtype, sizeof(*msg_both)); 1104 msg_both = (const struct ft_rrb_seq *) f_seq; 1105 1106 msg_seq = le_to_host32(msg_both->seq); 1107 1108 if (rkh_seq->rx.num_last < FT_REMOTE_SEQ_BACKLOG) { 1109 rkh_seq->rx.last[rkh_seq->rx.num_last] = msg_seq; 1110 rkh_seq->rx.num_last++; 1111 return; 1112 } 1113 1114 rkh_off = rkh_seq->rx.last[rkh_seq->rx.offsetidx]; 1115 for (i = 0; i < rkh_seq->rx.num_last; i++) { 1116 msg_off = rkh_seq->rx.last[i] - rkh_off; 1117 min_off = rkh_seq->rx.last[minidx] - rkh_off; 1118 if (msg_off < min_off && i != rkh_seq->rx.offsetidx) 1119 minidx = i; 1120 } 1121 rkh_seq->rx.last[rkh_seq->rx.offsetidx] = msg_seq; 1122 rkh_seq->rx.offsetidx = minidx; 1123 1124 return; 1125 out: 1126 /* RRB_GET_AUTH should never fail here as 1127 * wpa_ft_rrb_seq_chk() verified FT_RRB_SEQ presence. */ 1128 wpa_printf(MSG_ERROR, "FT: %s() failed", __func__); 1129 } 1130 1131 1132 static int wpa_ft_new_seq(struct ft_remote_seq *rkh_seq, 1133 struct ft_rrb_seq *f_seq) 1134 { 1135 struct os_reltime now; 1136 1137 if (os_get_reltime(&now) < 0) 1138 return -1; 1139 1140 if (!rkh_seq->tx.dom) { 1141 if (random_get_bytes((u8 *) &rkh_seq->tx.seq, 1142 sizeof(rkh_seq->tx.seq))) { 1143 wpa_printf(MSG_ERROR, 1144 "FT: Failed to get random data for sequence number initialization"); 1145 rkh_seq->tx.seq = now.usec; 1146 } 1147 if (random_get_bytes((u8 *) &rkh_seq->tx.dom, 1148 sizeof(rkh_seq->tx.dom))) { 1149 wpa_printf(MSG_ERROR, 1150 "FT: Failed to get random data for sequence number initialization"); 1151 rkh_seq->tx.dom = now.usec; 1152 } 1153 rkh_seq->tx.dom |= 1; 1154 } 1155 1156 f_seq->dom = host_to_le32(rkh_seq->tx.dom); 1157 f_seq->seq = host_to_le32(rkh_seq->tx.seq); 1158 f_seq->ts = host_to_le32(now.sec); 1159 1160 rkh_seq->tx.seq++; 1161 1162 return 0; 1163 } 1164 1165 1166 struct wpa_ft_pmk_r0_sa { 1167 struct dl_list list; 1168 u8 pmk_r0[PMK_LEN_MAX]; 1169 size_t pmk_r0_len; 1170 u8 pmk_r0_name[WPA_PMK_NAME_LEN]; 1171 u8 spa[ETH_ALEN]; 1172 int pairwise; /* Pairwise cipher suite, WPA_CIPHER_* */ 1173 struct vlan_description *vlan; 1174 os_time_t expiration; /* 0 for no expiration */ 1175 u8 *identity; 1176 size_t identity_len; 1177 u8 *radius_cui; 1178 size_t radius_cui_len; 1179 os_time_t session_timeout; /* 0 for no expiration */ 1180 /* TODO: radius_class, EAP type */ 1181 int pmk_r1_pushed; 1182 }; 1183 1184 struct wpa_ft_pmk_r1_sa { 1185 struct dl_list list; 1186 u8 pmk_r1[PMK_LEN_MAX]; 1187 size_t pmk_r1_len; 1188 u8 pmk_r1_name[WPA_PMK_NAME_LEN]; 1189 u8 spa[ETH_ALEN]; 1190 int pairwise; /* Pairwise cipher suite, WPA_CIPHER_* */ 1191 struct vlan_description *vlan; 1192 u8 *identity; 1193 size_t identity_len; 1194 u8 *radius_cui; 1195 size_t radius_cui_len; 1196 os_time_t session_timeout; /* 0 for no expiration */ 1197 /* TODO: radius_class, EAP type */ 1198 }; 1199 1200 struct wpa_ft_pmk_cache { 1201 struct dl_list pmk_r0; /* struct wpa_ft_pmk_r0_sa */ 1202 struct dl_list pmk_r1; /* struct wpa_ft_pmk_r1_sa */ 1203 }; 1204 1205 1206 static void wpa_ft_expire_pmk_r0(void *eloop_ctx, void *timeout_ctx); 1207 static void wpa_ft_expire_pmk_r1(void *eloop_ctx, void *timeout_ctx); 1208 1209 1210 static void wpa_ft_free_pmk_r0(struct wpa_ft_pmk_r0_sa *r0) 1211 { 1212 if (!r0) 1213 return; 1214 1215 dl_list_del(&r0->list); 1216 eloop_cancel_timeout(wpa_ft_expire_pmk_r0, r0, NULL); 1217 1218 os_memset(r0->pmk_r0, 0, PMK_LEN_MAX); 1219 os_free(r0->vlan); 1220 os_free(r0->identity); 1221 os_free(r0->radius_cui); 1222 os_free(r0); 1223 } 1224 1225 1226 static void wpa_ft_expire_pmk_r0(void *eloop_ctx, void *timeout_ctx) 1227 { 1228 struct wpa_ft_pmk_r0_sa *r0 = eloop_ctx; 1229 struct os_reltime now; 1230 int expires_in; 1231 int session_timeout; 1232 1233 os_get_reltime(&now); 1234 1235 if (!r0) 1236 return; 1237 1238 expires_in = r0->expiration - now.sec; 1239 session_timeout = r0->session_timeout - now.sec; 1240 /* conditions to remove from cache: 1241 * a) r0->expiration is set and hit 1242 * -or- 1243 * b) r0->session_timeout is set and hit 1244 */ 1245 if ((!r0->expiration || expires_in > 0) && 1246 (!r0->session_timeout || session_timeout > 0)) { 1247 wpa_printf(MSG_ERROR, 1248 "FT: %s() called for non-expired entry %p", 1249 __func__, r0); 1250 eloop_cancel_timeout(wpa_ft_expire_pmk_r0, r0, NULL); 1251 if (r0->expiration && expires_in > 0) 1252 eloop_register_timeout(expires_in + 1, 0, 1253 wpa_ft_expire_pmk_r0, r0, NULL); 1254 if (r0->session_timeout && session_timeout > 0) 1255 eloop_register_timeout(session_timeout + 1, 0, 1256 wpa_ft_expire_pmk_r0, r0, NULL); 1257 return; 1258 } 1259 1260 wpa_ft_free_pmk_r0(r0); 1261 } 1262 1263 1264 static void wpa_ft_free_pmk_r1(struct wpa_ft_pmk_r1_sa *r1) 1265 { 1266 if (!r1) 1267 return; 1268 1269 dl_list_del(&r1->list); 1270 eloop_cancel_timeout(wpa_ft_expire_pmk_r1, r1, NULL); 1271 1272 os_memset(r1->pmk_r1, 0, PMK_LEN_MAX); 1273 os_free(r1->vlan); 1274 os_free(r1->identity); 1275 os_free(r1->radius_cui); 1276 os_free(r1); 1277 } 1278 1279 1280 static void wpa_ft_expire_pmk_r1(void *eloop_ctx, void *timeout_ctx) 1281 { 1282 struct wpa_ft_pmk_r1_sa *r1 = eloop_ctx; 1283 1284 wpa_ft_free_pmk_r1(r1); 1285 } 1286 1287 1288 struct wpa_ft_pmk_cache * wpa_ft_pmk_cache_init(void) 1289 { 1290 struct wpa_ft_pmk_cache *cache; 1291 1292 cache = os_zalloc(sizeof(*cache)); 1293 if (cache) { 1294 dl_list_init(&cache->pmk_r0); 1295 dl_list_init(&cache->pmk_r1); 1296 } 1297 1298 return cache; 1299 } 1300 1301 1302 void wpa_ft_pmk_cache_deinit(struct wpa_ft_pmk_cache *cache) 1303 { 1304 struct wpa_ft_pmk_r0_sa *r0, *r0prev; 1305 struct wpa_ft_pmk_r1_sa *r1, *r1prev; 1306 1307 dl_list_for_each_safe(r0, r0prev, &cache->pmk_r0, 1308 struct wpa_ft_pmk_r0_sa, list) 1309 wpa_ft_free_pmk_r0(r0); 1310 1311 dl_list_for_each_safe(r1, r1prev, &cache->pmk_r1, 1312 struct wpa_ft_pmk_r1_sa, list) 1313 wpa_ft_free_pmk_r1(r1); 1314 1315 os_free(cache); 1316 } 1317 1318 1319 static int wpa_ft_store_pmk_r0(struct wpa_authenticator *wpa_auth, 1320 const u8 *spa, const u8 *pmk_r0, 1321 size_t pmk_r0_len, 1322 const u8 *pmk_r0_name, int pairwise, 1323 const struct vlan_description *vlan, 1324 int expires_in, int session_timeout, 1325 const u8 *identity, size_t identity_len, 1326 const u8 *radius_cui, size_t radius_cui_len) 1327 { 1328 struct wpa_ft_pmk_cache *cache = wpa_auth->ft_pmk_cache; 1329 struct wpa_ft_pmk_r0_sa *r0; 1330 struct os_reltime now; 1331 1332 /* TODO: add limit on number of entries in cache */ 1333 os_get_reltime(&now); 1334 1335 r0 = os_zalloc(sizeof(*r0)); 1336 if (r0 == NULL) 1337 return -1; 1338 1339 os_memcpy(r0->pmk_r0, pmk_r0, pmk_r0_len); 1340 r0->pmk_r0_len = pmk_r0_len; 1341 os_memcpy(r0->pmk_r0_name, pmk_r0_name, WPA_PMK_NAME_LEN); 1342 os_memcpy(r0->spa, spa, ETH_ALEN); 1343 r0->pairwise = pairwise; 1344 if (expires_in > 0) 1345 r0->expiration = now.sec + expires_in; 1346 if (vlan && vlan->notempty) { 1347 r0->vlan = os_zalloc(sizeof(*vlan)); 1348 if (!r0->vlan) { 1349 bin_clear_free(r0, sizeof(*r0)); 1350 return -1; 1351 } 1352 *r0->vlan = *vlan; 1353 } 1354 if (identity) { 1355 r0->identity = os_malloc(identity_len); 1356 if (r0->identity) { 1357 os_memcpy(r0->identity, identity, identity_len); 1358 r0->identity_len = identity_len; 1359 } 1360 } 1361 if (radius_cui) { 1362 r0->radius_cui = os_malloc(radius_cui_len); 1363 if (r0->radius_cui) { 1364 os_memcpy(r0->radius_cui, radius_cui, radius_cui_len); 1365 r0->radius_cui_len = radius_cui_len; 1366 } 1367 } 1368 if (session_timeout > 0) 1369 r0->session_timeout = now.sec + session_timeout; 1370 1371 dl_list_add(&cache->pmk_r0, &r0->list); 1372 if (expires_in > 0) 1373 eloop_register_timeout(expires_in + 1, 0, wpa_ft_expire_pmk_r0, 1374 r0, NULL); 1375 if (session_timeout > 0) 1376 eloop_register_timeout(session_timeout + 1, 0, 1377 wpa_ft_expire_pmk_r0, r0, NULL); 1378 1379 return 0; 1380 } 1381 1382 1383 static int wpa_ft_fetch_pmk_r0(struct wpa_authenticator *wpa_auth, 1384 const u8 *spa, const u8 *pmk_r0_name, 1385 const struct wpa_ft_pmk_r0_sa **r0_out) 1386 { 1387 struct wpa_ft_pmk_cache *cache = wpa_auth->ft_pmk_cache; 1388 struct wpa_ft_pmk_r0_sa *r0; 1389 struct os_reltime now; 1390 1391 os_get_reltime(&now); 1392 dl_list_for_each(r0, &cache->pmk_r0, struct wpa_ft_pmk_r0_sa, list) { 1393 if (os_memcmp(r0->spa, spa, ETH_ALEN) == 0 && 1394 os_memcmp_const(r0->pmk_r0_name, pmk_r0_name, 1395 WPA_PMK_NAME_LEN) == 0) { 1396 *r0_out = r0; 1397 return 0; 1398 } 1399 } 1400 1401 *r0_out = NULL; 1402 return -1; 1403 } 1404 1405 1406 static int wpa_ft_store_pmk_r1(struct wpa_authenticator *wpa_auth, 1407 const u8 *spa, const u8 *pmk_r1, 1408 size_t pmk_r1_len, 1409 const u8 *pmk_r1_name, int pairwise, 1410 const struct vlan_description *vlan, 1411 int expires_in, int session_timeout, 1412 const u8 *identity, size_t identity_len, 1413 const u8 *radius_cui, size_t radius_cui_len) 1414 { 1415 struct wpa_ft_pmk_cache *cache = wpa_auth->ft_pmk_cache; 1416 int max_expires_in = wpa_auth->conf.r1_max_key_lifetime; 1417 struct wpa_ft_pmk_r1_sa *r1; 1418 struct os_reltime now; 1419 1420 /* TODO: limit on number of entries in cache */ 1421 os_get_reltime(&now); 1422 1423 if (max_expires_in && (max_expires_in < expires_in || expires_in == 0)) 1424 expires_in = max_expires_in; 1425 1426 r1 = os_zalloc(sizeof(*r1)); 1427 if (r1 == NULL) 1428 return -1; 1429 1430 os_memcpy(r1->pmk_r1, pmk_r1, pmk_r1_len); 1431 r1->pmk_r1_len = pmk_r1_len; 1432 os_memcpy(r1->pmk_r1_name, pmk_r1_name, WPA_PMK_NAME_LEN); 1433 os_memcpy(r1->spa, spa, ETH_ALEN); 1434 r1->pairwise = pairwise; 1435 if (vlan && vlan->notempty) { 1436 r1->vlan = os_zalloc(sizeof(*vlan)); 1437 if (!r1->vlan) { 1438 bin_clear_free(r1, sizeof(*r1)); 1439 return -1; 1440 } 1441 *r1->vlan = *vlan; 1442 } 1443 if (identity) { 1444 r1->identity = os_malloc(identity_len); 1445 if (r1->identity) { 1446 os_memcpy(r1->identity, identity, identity_len); 1447 r1->identity_len = identity_len; 1448 } 1449 } 1450 if (radius_cui) { 1451 r1->radius_cui = os_malloc(radius_cui_len); 1452 if (r1->radius_cui) { 1453 os_memcpy(r1->radius_cui, radius_cui, radius_cui_len); 1454 r1->radius_cui_len = radius_cui_len; 1455 } 1456 } 1457 if (session_timeout > 0) 1458 r1->session_timeout = now.sec + session_timeout; 1459 1460 dl_list_add(&cache->pmk_r1, &r1->list); 1461 1462 if (expires_in > 0) 1463 eloop_register_timeout(expires_in + 1, 0, wpa_ft_expire_pmk_r1, 1464 r1, NULL); 1465 if (session_timeout > 0) 1466 eloop_register_timeout(session_timeout + 1, 0, 1467 wpa_ft_expire_pmk_r1, r1, NULL); 1468 1469 return 0; 1470 } 1471 1472 1473 static int wpa_ft_fetch_pmk_r1(struct wpa_authenticator *wpa_auth, 1474 const u8 *spa, const u8 *pmk_r1_name, 1475 u8 *pmk_r1, size_t *pmk_r1_len, int *pairwise, 1476 struct vlan_description *vlan, 1477 const u8 **identity, size_t *identity_len, 1478 const u8 **radius_cui, size_t *radius_cui_len, 1479 int *session_timeout) 1480 { 1481 struct wpa_ft_pmk_cache *cache = wpa_auth->ft_pmk_cache; 1482 struct wpa_ft_pmk_r1_sa *r1; 1483 struct os_reltime now; 1484 1485 os_get_reltime(&now); 1486 1487 dl_list_for_each(r1, &cache->pmk_r1, struct wpa_ft_pmk_r1_sa, list) { 1488 if (os_memcmp(r1->spa, spa, ETH_ALEN) == 0 && 1489 os_memcmp_const(r1->pmk_r1_name, pmk_r1_name, 1490 WPA_PMK_NAME_LEN) == 0) { 1491 os_memcpy(pmk_r1, r1->pmk_r1, r1->pmk_r1_len); 1492 *pmk_r1_len = r1->pmk_r1_len; 1493 if (pairwise) 1494 *pairwise = r1->pairwise; 1495 if (vlan && r1->vlan) 1496 *vlan = *r1->vlan; 1497 if (vlan && !r1->vlan) 1498 os_memset(vlan, 0, sizeof(*vlan)); 1499 if (identity && identity_len) { 1500 *identity = r1->identity; 1501 *identity_len = r1->identity_len; 1502 } 1503 if (radius_cui && radius_cui_len) { 1504 *radius_cui = r1->radius_cui; 1505 *radius_cui_len = r1->radius_cui_len; 1506 } 1507 if (session_timeout && r1->session_timeout > now.sec) 1508 *session_timeout = r1->session_timeout - 1509 now.sec; 1510 else if (session_timeout && r1->session_timeout) 1511 *session_timeout = 1; 1512 else if (session_timeout) 1513 *session_timeout = 0; 1514 return 0; 1515 } 1516 } 1517 1518 return -1; 1519 } 1520 1521 1522 static int wpa_ft_rrb_init_r0kh_seq(struct ft_remote_r0kh *r0kh) 1523 { 1524 if (r0kh->seq) 1525 return 0; 1526 1527 r0kh->seq = os_zalloc(sizeof(*r0kh->seq)); 1528 if (!r0kh->seq) { 1529 wpa_printf(MSG_DEBUG, "FT: Failed to allocate r0kh->seq"); 1530 return -1; 1531 } 1532 1533 dl_list_init(&r0kh->seq->rx.queue); 1534 1535 return 0; 1536 } 1537 1538 1539 static void wpa_ft_rrb_lookup_r0kh(struct wpa_authenticator *wpa_auth, 1540 const u8 *f_r0kh_id, size_t f_r0kh_id_len, 1541 struct ft_remote_r0kh **r0kh_out, 1542 struct ft_remote_r0kh **r0kh_wildcard) 1543 { 1544 struct ft_remote_r0kh *r0kh; 1545 1546 *r0kh_wildcard = NULL; 1547 *r0kh_out = NULL; 1548 1549 if (wpa_auth->conf.r0kh_list) 1550 r0kh = *wpa_auth->conf.r0kh_list; 1551 else 1552 r0kh = NULL; 1553 for (; r0kh; r0kh = r0kh->next) { 1554 if (r0kh->id_len == 1 && r0kh->id[0] == '*') 1555 *r0kh_wildcard = r0kh; 1556 if (f_r0kh_id && r0kh->id_len == f_r0kh_id_len && 1557 os_memcmp_const(f_r0kh_id, r0kh->id, f_r0kh_id_len) == 0) 1558 *r0kh_out = r0kh; 1559 } 1560 1561 if (!*r0kh_out && !*r0kh_wildcard) 1562 wpa_printf(MSG_DEBUG, "FT: No matching R0KH found"); 1563 1564 if (*r0kh_out && wpa_ft_rrb_init_r0kh_seq(*r0kh_out) < 0) 1565 *r0kh_out = NULL; 1566 } 1567 1568 1569 static int wpa_ft_rrb_init_r1kh_seq(struct ft_remote_r1kh *r1kh) 1570 { 1571 if (r1kh->seq) 1572 return 0; 1573 1574 r1kh->seq = os_zalloc(sizeof(*r1kh->seq)); 1575 if (!r1kh->seq) { 1576 wpa_printf(MSG_DEBUG, "FT: Failed to allocate r1kh->seq"); 1577 return -1; 1578 } 1579 1580 dl_list_init(&r1kh->seq->rx.queue); 1581 1582 return 0; 1583 } 1584 1585 1586 static void wpa_ft_rrb_lookup_r1kh(struct wpa_authenticator *wpa_auth, 1587 const u8 *f_r1kh_id, 1588 struct ft_remote_r1kh **r1kh_out, 1589 struct ft_remote_r1kh **r1kh_wildcard) 1590 { 1591 struct ft_remote_r1kh *r1kh; 1592 1593 *r1kh_wildcard = NULL; 1594 *r1kh_out = NULL; 1595 1596 if (wpa_auth->conf.r1kh_list) 1597 r1kh = *wpa_auth->conf.r1kh_list; 1598 else 1599 r1kh = NULL; 1600 for (; r1kh; r1kh = r1kh->next) { 1601 if (is_zero_ether_addr(r1kh->addr) && 1602 is_zero_ether_addr(r1kh->id)) 1603 *r1kh_wildcard = r1kh; 1604 if (f_r1kh_id && 1605 os_memcmp_const(r1kh->id, f_r1kh_id, FT_R1KH_ID_LEN) == 0) 1606 *r1kh_out = r1kh; 1607 } 1608 1609 if (!*r1kh_out && !*r1kh_wildcard) 1610 wpa_printf(MSG_DEBUG, "FT: No matching R1KH found"); 1611 1612 if (*r1kh_out && wpa_ft_rrb_init_r1kh_seq(*r1kh_out) < 0) 1613 *r1kh_out = NULL; 1614 } 1615 1616 1617 static int wpa_ft_rrb_check_r0kh(struct wpa_authenticator *wpa_auth, 1618 const u8 *f_r0kh_id, size_t f_r0kh_id_len) 1619 { 1620 if (f_r0kh_id_len != wpa_auth->conf.r0_key_holder_len || 1621 os_memcmp_const(f_r0kh_id, wpa_auth->conf.r0_key_holder, 1622 f_r0kh_id_len) != 0) 1623 return -1; 1624 1625 return 0; 1626 } 1627 1628 1629 static int wpa_ft_rrb_check_r1kh(struct wpa_authenticator *wpa_auth, 1630 const u8 *f_r1kh_id) 1631 { 1632 if (os_memcmp_const(f_r1kh_id, wpa_auth->conf.r1_key_holder, 1633 FT_R1KH_ID_LEN) != 0) 1634 return -1; 1635 1636 return 0; 1637 } 1638 1639 1640 static void wpa_ft_rrb_del_r0kh(void *eloop_ctx, void *timeout_ctx) 1641 { 1642 struct wpa_authenticator *wpa_auth = eloop_ctx; 1643 struct ft_remote_r0kh *r0kh, *prev = NULL; 1644 1645 if (!wpa_auth->conf.r0kh_list) 1646 return; 1647 1648 for (r0kh = *wpa_auth->conf.r0kh_list; r0kh; r0kh = r0kh->next) { 1649 if (r0kh == timeout_ctx) 1650 break; 1651 prev = r0kh; 1652 } 1653 if (!r0kh) 1654 return; 1655 if (prev) 1656 prev->next = r0kh->next; 1657 else 1658 *wpa_auth->conf.r0kh_list = r0kh->next; 1659 if (r0kh->seq) 1660 wpa_ft_rrb_seq_flush(wpa_auth, r0kh->seq, 0); 1661 os_free(r0kh->seq); 1662 os_free(r0kh); 1663 } 1664 1665 1666 static void wpa_ft_rrb_r0kh_replenish(struct wpa_authenticator *wpa_auth, 1667 struct ft_remote_r0kh *r0kh, int timeout) 1668 { 1669 if (timeout > 0) 1670 eloop_replenish_timeout(timeout, 0, wpa_ft_rrb_del_r0kh, 1671 wpa_auth, r0kh); 1672 } 1673 1674 1675 static void wpa_ft_rrb_r0kh_timeout(struct wpa_authenticator *wpa_auth, 1676 struct ft_remote_r0kh *r0kh, int timeout) 1677 { 1678 eloop_cancel_timeout(wpa_ft_rrb_del_r0kh, wpa_auth, r0kh); 1679 1680 if (timeout > 0) 1681 eloop_register_timeout(timeout, 0, wpa_ft_rrb_del_r0kh, 1682 wpa_auth, r0kh); 1683 } 1684 1685 1686 static struct ft_remote_r0kh * 1687 wpa_ft_rrb_add_r0kh(struct wpa_authenticator *wpa_auth, 1688 struct ft_remote_r0kh *r0kh_wildcard, 1689 const u8 *src_addr, const u8 *r0kh_id, size_t id_len, 1690 int timeout) 1691 { 1692 struct ft_remote_r0kh *r0kh; 1693 1694 if (!wpa_auth->conf.r0kh_list) 1695 return NULL; 1696 1697 r0kh = os_zalloc(sizeof(*r0kh)); 1698 if (!r0kh) 1699 return NULL; 1700 1701 if (src_addr) 1702 os_memcpy(r0kh->addr, src_addr, sizeof(r0kh->addr)); 1703 1704 if (id_len > FT_R0KH_ID_MAX_LEN) 1705 id_len = FT_R0KH_ID_MAX_LEN; 1706 os_memcpy(r0kh->id, r0kh_id, id_len); 1707 r0kh->id_len = id_len; 1708 1709 os_memcpy(r0kh->key, r0kh_wildcard->key, sizeof(r0kh->key)); 1710 1711 r0kh->next = *wpa_auth->conf.r0kh_list; 1712 *wpa_auth->conf.r0kh_list = r0kh; 1713 1714 if (timeout > 0) 1715 eloop_register_timeout(timeout, 0, wpa_ft_rrb_del_r0kh, 1716 wpa_auth, r0kh); 1717 1718 if (wpa_ft_rrb_init_r0kh_seq(r0kh) < 0) 1719 return NULL; 1720 1721 return r0kh; 1722 } 1723 1724 1725 static void wpa_ft_rrb_del_r1kh(void *eloop_ctx, void *timeout_ctx) 1726 { 1727 struct wpa_authenticator *wpa_auth = eloop_ctx; 1728 struct ft_remote_r1kh *r1kh, *prev = NULL; 1729 1730 if (!wpa_auth->conf.r1kh_list) 1731 return; 1732 1733 for (r1kh = *wpa_auth->conf.r1kh_list; r1kh; r1kh = r1kh->next) { 1734 if (r1kh == timeout_ctx) 1735 break; 1736 prev = r1kh; 1737 } 1738 if (!r1kh) 1739 return; 1740 if (prev) 1741 prev->next = r1kh->next; 1742 else 1743 *wpa_auth->conf.r1kh_list = r1kh->next; 1744 if (r1kh->seq) 1745 wpa_ft_rrb_seq_flush(wpa_auth, r1kh->seq, 0); 1746 os_free(r1kh->seq); 1747 os_free(r1kh); 1748 } 1749 1750 1751 static void wpa_ft_rrb_r1kh_replenish(struct wpa_authenticator *wpa_auth, 1752 struct ft_remote_r1kh *r1kh, int timeout) 1753 { 1754 if (timeout > 0) 1755 eloop_replenish_timeout(timeout, 0, wpa_ft_rrb_del_r1kh, 1756 wpa_auth, r1kh); 1757 } 1758 1759 1760 static struct ft_remote_r1kh * 1761 wpa_ft_rrb_add_r1kh(struct wpa_authenticator *wpa_auth, 1762 struct ft_remote_r1kh *r1kh_wildcard, 1763 const u8 *src_addr, const u8 *r1kh_id, int timeout) 1764 { 1765 struct ft_remote_r1kh *r1kh; 1766 1767 if (!wpa_auth->conf.r1kh_list) 1768 return NULL; 1769 1770 r1kh = os_zalloc(sizeof(*r1kh)); 1771 if (!r1kh) 1772 return NULL; 1773 1774 os_memcpy(r1kh->addr, src_addr, sizeof(r1kh->addr)); 1775 os_memcpy(r1kh->id, r1kh_id, sizeof(r1kh->id)); 1776 os_memcpy(r1kh->key, r1kh_wildcard->key, sizeof(r1kh->key)); 1777 r1kh->next = *wpa_auth->conf.r1kh_list; 1778 *wpa_auth->conf.r1kh_list = r1kh; 1779 1780 if (timeout > 0) 1781 eloop_register_timeout(timeout, 0, wpa_ft_rrb_del_r1kh, 1782 wpa_auth, r1kh); 1783 1784 if (wpa_ft_rrb_init_r1kh_seq(r1kh) < 0) 1785 return NULL; 1786 1787 return r1kh; 1788 } 1789 1790 1791 void wpa_ft_sta_deinit(struct wpa_state_machine *sm) 1792 { 1793 eloop_cancel_timeout(wpa_ft_expire_pull, sm, NULL); 1794 } 1795 1796 1797 static void wpa_ft_deinit_seq(struct wpa_authenticator *wpa_auth) 1798 { 1799 struct ft_remote_r0kh *r0kh; 1800 struct ft_remote_r1kh *r1kh; 1801 1802 eloop_cancel_timeout(wpa_ft_rrb_seq_timeout, wpa_auth, ELOOP_ALL_CTX); 1803 1804 if (wpa_auth->conf.r0kh_list) 1805 r0kh = *wpa_auth->conf.r0kh_list; 1806 else 1807 r0kh = NULL; 1808 for (; r0kh; r0kh = r0kh->next) { 1809 if (!r0kh->seq) 1810 continue; 1811 wpa_ft_rrb_seq_flush(wpa_auth, r0kh->seq, 0); 1812 os_free(r0kh->seq); 1813 r0kh->seq = NULL; 1814 } 1815 1816 if (wpa_auth->conf.r1kh_list) 1817 r1kh = *wpa_auth->conf.r1kh_list; 1818 else 1819 r1kh = NULL; 1820 for (; r1kh; r1kh = r1kh->next) { 1821 if (!r1kh->seq) 1822 continue; 1823 wpa_ft_rrb_seq_flush(wpa_auth, r1kh->seq, 0); 1824 os_free(r1kh->seq); 1825 r1kh->seq = NULL; 1826 } 1827 } 1828 1829 1830 static void wpa_ft_deinit_rkh_tmp(struct wpa_authenticator *wpa_auth) 1831 { 1832 struct ft_remote_r0kh *r0kh, *r0kh_next, *r0kh_prev = NULL; 1833 struct ft_remote_r1kh *r1kh, *r1kh_next, *r1kh_prev = NULL; 1834 1835 if (wpa_auth->conf.r0kh_list) 1836 r0kh = *wpa_auth->conf.r0kh_list; 1837 else 1838 r0kh = NULL; 1839 while (r0kh) { 1840 r0kh_next = r0kh->next; 1841 if (eloop_cancel_timeout(wpa_ft_rrb_del_r0kh, wpa_auth, 1842 r0kh) > 0) { 1843 if (r0kh_prev) 1844 r0kh_prev->next = r0kh_next; 1845 else 1846 *wpa_auth->conf.r0kh_list = r0kh_next; 1847 os_free(r0kh); 1848 } else { 1849 r0kh_prev = r0kh; 1850 } 1851 r0kh = r0kh_next; 1852 } 1853 1854 if (wpa_auth->conf.r1kh_list) 1855 r1kh = *wpa_auth->conf.r1kh_list; 1856 else 1857 r1kh = NULL; 1858 while (r1kh) { 1859 r1kh_next = r1kh->next; 1860 if (eloop_cancel_timeout(wpa_ft_rrb_del_r1kh, wpa_auth, 1861 r1kh) > 0) { 1862 if (r1kh_prev) 1863 r1kh_prev->next = r1kh_next; 1864 else 1865 *wpa_auth->conf.r1kh_list = r1kh_next; 1866 os_free(r1kh); 1867 } else { 1868 r1kh_prev = r1kh; 1869 } 1870 r1kh = r1kh_next; 1871 } 1872 } 1873 1874 1875 void wpa_ft_deinit(struct wpa_authenticator *wpa_auth) 1876 { 1877 wpa_ft_deinit_seq(wpa_auth); 1878 wpa_ft_deinit_rkh_tmp(wpa_auth); 1879 } 1880 1881 1882 static void wpa_ft_block_r0kh(struct wpa_authenticator *wpa_auth, 1883 const u8 *f_r0kh_id, size_t f_r0kh_id_len) 1884 { 1885 struct ft_remote_r0kh *r0kh, *r0kh_wildcard; 1886 1887 if (!wpa_auth->conf.rkh_neg_timeout) 1888 return; 1889 1890 wpa_ft_rrb_lookup_r0kh(wpa_auth, f_r0kh_id, f_r0kh_id_len, 1891 &r0kh, &r0kh_wildcard); 1892 1893 if (!r0kh_wildcard) { 1894 /* r0kh removed after neg_timeout and might need re-adding */ 1895 return; 1896 } 1897 1898 wpa_hexdump(MSG_DEBUG, "FT: Blacklist R0KH-ID", 1899 f_r0kh_id, f_r0kh_id_len); 1900 1901 if (r0kh) { 1902 wpa_ft_rrb_r0kh_timeout(wpa_auth, r0kh, 1903 wpa_auth->conf.rkh_neg_timeout); 1904 os_memset(r0kh->addr, 0, ETH_ALEN); 1905 } else 1906 wpa_ft_rrb_add_r0kh(wpa_auth, r0kh_wildcard, NULL, f_r0kh_id, 1907 f_r0kh_id_len, 1908 wpa_auth->conf.rkh_neg_timeout); 1909 } 1910 1911 1912 static void wpa_ft_expire_pull(void *eloop_ctx, void *timeout_ctx) 1913 { 1914 struct wpa_state_machine *sm = eloop_ctx; 1915 1916 wpa_printf(MSG_DEBUG, "FT: Timeout pending pull request for " MACSTR, 1917 MAC2STR(sm->addr)); 1918 if (sm->ft_pending_pull_left_retries <= 0) 1919 wpa_ft_block_r0kh(sm->wpa_auth, sm->r0kh_id, sm->r0kh_id_len); 1920 1921 /* cancel multiple timeouts */ 1922 eloop_cancel_timeout(wpa_ft_expire_pull, sm, NULL); 1923 ft_finish_pull(sm); 1924 } 1925 1926 1927 static int wpa_ft_pull_pmk_r1(struct wpa_state_machine *sm, 1928 const u8 *ies, size_t ies_len, 1929 const u8 *pmk_r0_name) 1930 { 1931 struct ft_remote_r0kh *r0kh, *r0kh_wildcard; 1932 u8 *packet = NULL; 1933 const u8 *key, *f_r1kh_id = sm->wpa_auth->conf.r1_key_holder; 1934 size_t packet_len, key_len; 1935 struct ft_rrb_seq f_seq; 1936 int tsecs, tusecs, first; 1937 struct wpabuf *ft_pending_req_ies; 1938 int r0kh_timeout; 1939 struct tlv_list req_enc[] = { 1940 { .type = FT_RRB_PMK_R0_NAME, .len = WPA_PMK_NAME_LEN, 1941 .data = pmk_r0_name }, 1942 { .type = FT_RRB_S1KH_ID, .len = ETH_ALEN, 1943 .data = sm->addr }, 1944 { .type = FT_RRB_LAST_EMPTY, .len = 0, .data = NULL }, 1945 }; 1946 struct tlv_list req_auth[] = { 1947 { .type = FT_RRB_NONCE, .len = FT_RRB_NONCE_LEN, 1948 .data = sm->ft_pending_pull_nonce }, 1949 { .type = FT_RRB_SEQ, .len = sizeof(f_seq), 1950 .data = (u8 *) &f_seq }, 1951 { .type = FT_RRB_R0KH_ID, .len = sm->r0kh_id_len, 1952 .data = sm->r0kh_id }, 1953 { .type = FT_RRB_R1KH_ID, .len = FT_R1KH_ID_LEN, 1954 .data = f_r1kh_id }, 1955 { .type = FT_RRB_LAST_EMPTY, .len = 0, .data = NULL }, 1956 }; 1957 1958 if (sm->ft_pending_pull_left_retries <= 0) 1959 return -1; 1960 first = sm->ft_pending_pull_left_retries == 1961 sm->wpa_auth->conf.rkh_pull_retries; 1962 sm->ft_pending_pull_left_retries--; 1963 1964 wpa_ft_rrb_lookup_r0kh(sm->wpa_auth, sm->r0kh_id, sm->r0kh_id_len, 1965 &r0kh, &r0kh_wildcard); 1966 1967 /* Keep r0kh sufficiently long in the list for seq num check */ 1968 r0kh_timeout = sm->wpa_auth->conf.rkh_pull_timeout / 1000 + 1969 1 + ftRRBseqTimeout; 1970 if (r0kh) { 1971 wpa_ft_rrb_r0kh_replenish(sm->wpa_auth, r0kh, r0kh_timeout); 1972 } else if (r0kh_wildcard) { 1973 wpa_printf(MSG_DEBUG, "FT: Using wildcard R0KH-ID"); 1974 /* r0kh->addr: updated by SEQ_RESP and wpa_ft_expire_pull */ 1975 r0kh = wpa_ft_rrb_add_r0kh(sm->wpa_auth, r0kh_wildcard, 1976 r0kh_wildcard->addr, 1977 sm->r0kh_id, sm->r0kh_id_len, 1978 r0kh_timeout); 1979 } 1980 if (r0kh == NULL) { 1981 wpa_hexdump(MSG_DEBUG, "FT: Did not find R0KH-ID", 1982 sm->r0kh_id, sm->r0kh_id_len); 1983 return -1; 1984 } 1985 if (is_zero_ether_addr(r0kh->addr)) { 1986 wpa_hexdump(MSG_DEBUG, "FT: R0KH-ID is blacklisted", 1987 sm->r0kh_id, sm->r0kh_id_len); 1988 return -1; 1989 } 1990 if (os_memcmp(r0kh->addr, sm->wpa_auth->addr, ETH_ALEN) == 0) { 1991 wpa_printf(MSG_DEBUG, 1992 "FT: R0KH-ID points to self - no matching key available"); 1993 return -1; 1994 } 1995 1996 key = r0kh->key; 1997 key_len = sizeof(r0kh->key); 1998 1999 wpa_printf(MSG_DEBUG, "FT: Send PMK-R1 pull request to remote R0KH " 2000 "address " MACSTR, MAC2STR(r0kh->addr)); 2001 2002 if (r0kh->seq->rx.num_last == 0) { 2003 /* A sequence request will be sent out anyway when pull 2004 * response is received. Send it out now to avoid one RTT. */ 2005 wpa_ft_rrb_seq_req(sm->wpa_auth, r0kh->seq, r0kh->addr, 2006 r0kh->id, r0kh->id_len, f_r1kh_id, key, 2007 key_len, NULL, 0, NULL, 0, NULL); 2008 } 2009 2010 if (first && 2011 random_get_bytes(sm->ft_pending_pull_nonce, FT_RRB_NONCE_LEN) < 0) { 2012 wpa_printf(MSG_DEBUG, "FT: Failed to get random data for " 2013 "nonce"); 2014 return -1; 2015 } 2016 2017 if (wpa_ft_new_seq(r0kh->seq, &f_seq) < 0) { 2018 wpa_printf(MSG_DEBUG, "FT: Failed to get seq num"); 2019 return -1; 2020 } 2021 2022 if (wpa_ft_rrb_build(key, key_len, req_enc, NULL, req_auth, NULL, 2023 sm->wpa_auth->addr, FT_PACKET_R0KH_R1KH_PULL, 2024 &packet, &packet_len) < 0) 2025 return -1; 2026 2027 ft_pending_req_ies = wpabuf_alloc_copy(ies, ies_len); 2028 wpabuf_free(sm->ft_pending_req_ies); 2029 sm->ft_pending_req_ies = ft_pending_req_ies; 2030 if (!sm->ft_pending_req_ies) { 2031 os_free(packet); 2032 return -1; 2033 } 2034 2035 tsecs = sm->wpa_auth->conf.rkh_pull_timeout / 1000; 2036 tusecs = (sm->wpa_auth->conf.rkh_pull_timeout % 1000) * 1000; 2037 eloop_register_timeout(tsecs, tusecs, wpa_ft_expire_pull, sm, NULL); 2038 2039 wpa_ft_rrb_oui_send(sm->wpa_auth, r0kh->addr, FT_PACKET_R0KH_R1KH_PULL, 2040 packet, packet_len); 2041 2042 os_free(packet); 2043 2044 return 0; 2045 } 2046 2047 2048 int wpa_ft_store_pmk_fils(struct wpa_state_machine *sm, 2049 const u8 *pmk_r0, const u8 *pmk_r0_name) 2050 { 2051 int expires_in = sm->wpa_auth->conf.r0_key_lifetime; 2052 struct vlan_description vlan; 2053 const u8 *identity, *radius_cui; 2054 size_t identity_len, radius_cui_len; 2055 int session_timeout; 2056 size_t pmk_r0_len = wpa_key_mgmt_sha384(sm->wpa_key_mgmt) ? 2057 SHA384_MAC_LEN : PMK_LEN; 2058 2059 if (wpa_ft_get_vlan(sm->wpa_auth, sm->addr, &vlan) < 0) { 2060 wpa_printf(MSG_DEBUG, "FT: vlan not available for STA " MACSTR, 2061 MAC2STR(sm->addr)); 2062 return -1; 2063 } 2064 2065 identity_len = wpa_ft_get_identity(sm->wpa_auth, sm->addr, &identity); 2066 radius_cui_len = wpa_ft_get_radius_cui(sm->wpa_auth, sm->addr, 2067 &radius_cui); 2068 session_timeout = wpa_ft_get_session_timeout(sm->wpa_auth, sm->addr); 2069 2070 return wpa_ft_store_pmk_r0(sm->wpa_auth, sm->addr, pmk_r0, pmk_r0_len, 2071 pmk_r0_name, sm->pairwise, &vlan, expires_in, 2072 session_timeout, identity, identity_len, 2073 radius_cui, radius_cui_len); 2074 } 2075 2076 2077 int wpa_auth_derive_ptk_ft(struct wpa_state_machine *sm, const u8 *pmk, 2078 struct wpa_ptk *ptk) 2079 { 2080 u8 pmk_r0[PMK_LEN_MAX], pmk_r0_name[WPA_PMK_NAME_LEN]; 2081 size_t pmk_r0_len = wpa_key_mgmt_sha384(sm->wpa_key_mgmt) ? 2082 SHA384_MAC_LEN : PMK_LEN; 2083 size_t pmk_r1_len = pmk_r0_len; 2084 u8 pmk_r1[PMK_LEN_MAX]; 2085 u8 ptk_name[WPA_PMK_NAME_LEN]; 2086 const u8 *mdid = sm->wpa_auth->conf.mobility_domain; 2087 const u8 *r0kh = sm->wpa_auth->conf.r0_key_holder; 2088 size_t r0kh_len = sm->wpa_auth->conf.r0_key_holder_len; 2089 const u8 *r1kh = sm->wpa_auth->conf.r1_key_holder; 2090 const u8 *ssid = sm->wpa_auth->conf.ssid; 2091 size_t ssid_len = sm->wpa_auth->conf.ssid_len; 2092 int psk_local = sm->wpa_auth->conf.ft_psk_generate_local; 2093 int expires_in = sm->wpa_auth->conf.r0_key_lifetime; 2094 struct vlan_description vlan; 2095 const u8 *identity, *radius_cui; 2096 size_t identity_len, radius_cui_len; 2097 int session_timeout; 2098 2099 if (sm->xxkey_len == 0) { 2100 wpa_printf(MSG_DEBUG, "FT: XXKey not available for key " 2101 "derivation"); 2102 return -1; 2103 } 2104 2105 if (wpa_ft_get_vlan(sm->wpa_auth, sm->addr, &vlan) < 0) { 2106 wpa_printf(MSG_DEBUG, "FT: vlan not available for STA " MACSTR, 2107 MAC2STR(sm->addr)); 2108 return -1; 2109 } 2110 2111 identity_len = wpa_ft_get_identity(sm->wpa_auth, sm->addr, &identity); 2112 radius_cui_len = wpa_ft_get_radius_cui(sm->wpa_auth, sm->addr, 2113 &radius_cui); 2114 session_timeout = wpa_ft_get_session_timeout(sm->wpa_auth, sm->addr); 2115 2116 if (wpa_derive_pmk_r0(sm->xxkey, sm->xxkey_len, ssid, ssid_len, mdid, 2117 r0kh, r0kh_len, sm->addr, 2118 pmk_r0, pmk_r0_name, 2119 wpa_key_mgmt_sha384(sm->wpa_key_mgmt)) < 0) 2120 return -1; 2121 wpa_hexdump_key(MSG_DEBUG, "FT: PMK-R0", pmk_r0, pmk_r0_len); 2122 wpa_hexdump(MSG_DEBUG, "FT: PMKR0Name", pmk_r0_name, WPA_PMK_NAME_LEN); 2123 if (!psk_local || !wpa_key_mgmt_ft_psk(sm->wpa_key_mgmt)) 2124 wpa_ft_store_pmk_r0(sm->wpa_auth, sm->addr, pmk_r0, pmk_r0_len, 2125 pmk_r0_name, 2126 sm->pairwise, &vlan, expires_in, 2127 session_timeout, identity, identity_len, 2128 radius_cui, radius_cui_len); 2129 2130 if (wpa_derive_pmk_r1(pmk_r0, pmk_r0_len, pmk_r0_name, r1kh, sm->addr, 2131 pmk_r1, sm->pmk_r1_name) < 0) 2132 return -1; 2133 wpa_hexdump_key(MSG_DEBUG, "FT: PMK-R1", pmk_r1, pmk_r1_len); 2134 wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name", sm->pmk_r1_name, 2135 WPA_PMK_NAME_LEN); 2136 if (!psk_local || !wpa_key_mgmt_ft_psk(sm->wpa_key_mgmt)) 2137 wpa_ft_store_pmk_r1(sm->wpa_auth, sm->addr, pmk_r1, pmk_r1_len, 2138 sm->pmk_r1_name, sm->pairwise, &vlan, 2139 expires_in, session_timeout, identity, 2140 identity_len, radius_cui, radius_cui_len); 2141 2142 return wpa_pmk_r1_to_ptk(pmk_r1, pmk_r1_len, sm->SNonce, sm->ANonce, 2143 sm->addr, sm->wpa_auth->addr, sm->pmk_r1_name, 2144 ptk, ptk_name, sm->wpa_key_mgmt, sm->pairwise); 2145 } 2146 2147 2148 static inline int wpa_auth_get_seqnum(struct wpa_authenticator *wpa_auth, 2149 const u8 *addr, int idx, u8 *seq) 2150 { 2151 if (wpa_auth->cb->get_seqnum == NULL) 2152 return -1; 2153 return wpa_auth->cb->get_seqnum(wpa_auth->cb_ctx, addr, idx, seq); 2154 } 2155 2156 2157 static u8 * wpa_ft_gtk_subelem(struct wpa_state_machine *sm, size_t *len) 2158 { 2159 u8 *subelem; 2160 struct wpa_group *gsm = sm->group; 2161 size_t subelem_len, pad_len; 2162 const u8 *key; 2163 size_t key_len; 2164 u8 keybuf[32]; 2165 const u8 *kek; 2166 size_t kek_len; 2167 2168 if (wpa_key_mgmt_fils(sm->wpa_key_mgmt)) { 2169 kek = sm->PTK.kek2; 2170 kek_len = sm->PTK.kek2_len; 2171 } else { 2172 kek = sm->PTK.kek; 2173 kek_len = sm->PTK.kek_len; 2174 } 2175 2176 key_len = gsm->GTK_len; 2177 if (key_len > sizeof(keybuf)) 2178 return NULL; 2179 2180 /* 2181 * Pad key for AES Key Wrap if it is not multiple of 8 bytes or is less 2182 * than 16 bytes. 2183 */ 2184 pad_len = key_len % 8; 2185 if (pad_len) 2186 pad_len = 8 - pad_len; 2187 if (key_len + pad_len < 16) 2188 pad_len += 8; 2189 if (pad_len && key_len < sizeof(keybuf)) { 2190 os_memcpy(keybuf, gsm->GTK[gsm->GN - 1], key_len); 2191 os_memset(keybuf + key_len, 0, pad_len); 2192 keybuf[key_len] = 0xdd; 2193 key_len += pad_len; 2194 key = keybuf; 2195 } else 2196 key = gsm->GTK[gsm->GN - 1]; 2197 2198 /* 2199 * Sub-elem ID[1] | Length[1] | Key Info[2] | Key Length[1] | RSC[8] | 2200 * Key[5..32]. 2201 */ 2202 subelem_len = 13 + key_len + 8; 2203 subelem = os_zalloc(subelem_len); 2204 if (subelem == NULL) 2205 return NULL; 2206 2207 subelem[0] = FTIE_SUBELEM_GTK; 2208 subelem[1] = 11 + key_len + 8; 2209 /* Key ID in B0-B1 of Key Info */ 2210 WPA_PUT_LE16(&subelem[2], gsm->GN & 0x03); 2211 subelem[4] = gsm->GTK_len; 2212 wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN, subelem + 5); 2213 if (aes_wrap(kek, kek_len, key_len / 8, key, subelem + 13)) { 2214 wpa_printf(MSG_DEBUG, 2215 "FT: GTK subelem encryption failed: kek_len=%d", 2216 (int) kek_len); 2217 os_free(subelem); 2218 return NULL; 2219 } 2220 2221 *len = subelem_len; 2222 return subelem; 2223 } 2224 2225 2226 #ifdef CONFIG_IEEE80211W 2227 static u8 * wpa_ft_igtk_subelem(struct wpa_state_machine *sm, size_t *len) 2228 { 2229 u8 *subelem, *pos; 2230 struct wpa_group *gsm = sm->group; 2231 size_t subelem_len; 2232 const u8 *kek; 2233 size_t kek_len; 2234 size_t igtk_len; 2235 2236 if (wpa_key_mgmt_fils(sm->wpa_key_mgmt)) { 2237 kek = sm->PTK.kek2; 2238 kek_len = sm->PTK.kek2_len; 2239 } else { 2240 kek = sm->PTK.kek; 2241 kek_len = sm->PTK.kek_len; 2242 } 2243 2244 igtk_len = wpa_cipher_key_len(sm->wpa_auth->conf.group_mgmt_cipher); 2245 2246 /* Sub-elem ID[1] | Length[1] | KeyID[2] | IPN[6] | Key Length[1] | 2247 * Key[16+8] */ 2248 subelem_len = 1 + 1 + 2 + 6 + 1 + igtk_len + 8; 2249 subelem = os_zalloc(subelem_len); 2250 if (subelem == NULL) 2251 return NULL; 2252 2253 pos = subelem; 2254 *pos++ = FTIE_SUBELEM_IGTK; 2255 *pos++ = subelem_len - 2; 2256 WPA_PUT_LE16(pos, gsm->GN_igtk); 2257 pos += 2; 2258 wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN_igtk, pos); 2259 pos += 6; 2260 *pos++ = igtk_len; 2261 if (aes_wrap(kek, kek_len, igtk_len / 8, 2262 gsm->IGTK[gsm->GN_igtk - 4], pos)) { 2263 wpa_printf(MSG_DEBUG, 2264 "FT: IGTK subelem encryption failed: kek_len=%d", 2265 (int) kek_len); 2266 os_free(subelem); 2267 return NULL; 2268 } 2269 2270 *len = subelem_len; 2271 return subelem; 2272 } 2273 #endif /* CONFIG_IEEE80211W */ 2274 2275 2276 static u8 * wpa_ft_process_rdie(struct wpa_state_machine *sm, 2277 u8 *pos, u8 *end, u8 id, u8 descr_count, 2278 const u8 *ies, size_t ies_len) 2279 { 2280 struct ieee802_11_elems parse; 2281 struct rsn_rdie *rdie; 2282 2283 wpa_printf(MSG_DEBUG, "FT: Resource Request: id=%d descr_count=%d", 2284 id, descr_count); 2285 wpa_hexdump(MSG_MSGDUMP, "FT: Resource descriptor IE(s)", 2286 ies, ies_len); 2287 2288 if (end - pos < (int) sizeof(*rdie)) { 2289 wpa_printf(MSG_ERROR, "FT: Not enough room for response RDIE"); 2290 return pos; 2291 } 2292 2293 *pos++ = WLAN_EID_RIC_DATA; 2294 *pos++ = sizeof(*rdie); 2295 rdie = (struct rsn_rdie *) pos; 2296 rdie->id = id; 2297 rdie->descr_count = 0; 2298 rdie->status_code = host_to_le16(WLAN_STATUS_SUCCESS); 2299 pos += sizeof(*rdie); 2300 2301 if (ieee802_11_parse_elems((u8 *) ies, ies_len, &parse, 1) == 2302 ParseFailed) { 2303 wpa_printf(MSG_DEBUG, "FT: Failed to parse request IEs"); 2304 rdie->status_code = 2305 host_to_le16(WLAN_STATUS_UNSPECIFIED_FAILURE); 2306 return pos; 2307 } 2308 2309 if (parse.wmm_tspec) { 2310 struct wmm_tspec_element *tspec; 2311 2312 if (parse.wmm_tspec_len + 2 < (int) sizeof(*tspec)) { 2313 wpa_printf(MSG_DEBUG, "FT: Too short WMM TSPEC IE " 2314 "(%d)", (int) parse.wmm_tspec_len); 2315 rdie->status_code = 2316 host_to_le16(WLAN_STATUS_UNSPECIFIED_FAILURE); 2317 return pos; 2318 } 2319 if (end - pos < (int) sizeof(*tspec)) { 2320 wpa_printf(MSG_ERROR, "FT: Not enough room for " 2321 "response TSPEC"); 2322 rdie->status_code = 2323 host_to_le16(WLAN_STATUS_UNSPECIFIED_FAILURE); 2324 return pos; 2325 } 2326 tspec = (struct wmm_tspec_element *) pos; 2327 os_memcpy(tspec, parse.wmm_tspec - 2, sizeof(*tspec)); 2328 } 2329 2330 #ifdef NEED_AP_MLME 2331 if (parse.wmm_tspec && sm->wpa_auth->conf.ap_mlme) { 2332 int res; 2333 2334 res = wmm_process_tspec((struct wmm_tspec_element *) pos); 2335 wpa_printf(MSG_DEBUG, "FT: ADDTS processing result: %d", res); 2336 if (res == WMM_ADDTS_STATUS_INVALID_PARAMETERS) 2337 rdie->status_code = 2338 host_to_le16(WLAN_STATUS_INVALID_PARAMETERS); 2339 else if (res == WMM_ADDTS_STATUS_REFUSED) 2340 rdie->status_code = 2341 host_to_le16(WLAN_STATUS_REQUEST_DECLINED); 2342 else { 2343 /* TSPEC accepted; include updated TSPEC in response */ 2344 rdie->descr_count = 1; 2345 pos += sizeof(struct wmm_tspec_element); 2346 } 2347 return pos; 2348 } 2349 #endif /* NEED_AP_MLME */ 2350 2351 if (parse.wmm_tspec && !sm->wpa_auth->conf.ap_mlme) { 2352 int res; 2353 2354 res = wpa_ft_add_tspec(sm->wpa_auth, sm->addr, pos, 2355 sizeof(struct wmm_tspec_element)); 2356 if (res >= 0) { 2357 if (res) 2358 rdie->status_code = host_to_le16(res); 2359 else { 2360 /* TSPEC accepted; include updated TSPEC in 2361 * response */ 2362 rdie->descr_count = 1; 2363 pos += sizeof(struct wmm_tspec_element); 2364 } 2365 return pos; 2366 } 2367 } 2368 2369 wpa_printf(MSG_DEBUG, "FT: No supported resource requested"); 2370 rdie->status_code = host_to_le16(WLAN_STATUS_UNSPECIFIED_FAILURE); 2371 return pos; 2372 } 2373 2374 2375 static u8 * wpa_ft_process_ric(struct wpa_state_machine *sm, u8 *pos, u8 *end, 2376 const u8 *ric, size_t ric_len) 2377 { 2378 const u8 *rpos, *start; 2379 const struct rsn_rdie *rdie; 2380 2381 wpa_hexdump(MSG_MSGDUMP, "FT: RIC Request", ric, ric_len); 2382 2383 rpos = ric; 2384 while (rpos + sizeof(*rdie) < ric + ric_len) { 2385 if (rpos[0] != WLAN_EID_RIC_DATA || rpos[1] < sizeof(*rdie) || 2386 rpos + 2 + rpos[1] > ric + ric_len) 2387 break; 2388 rdie = (const struct rsn_rdie *) (rpos + 2); 2389 rpos += 2 + rpos[1]; 2390 start = rpos; 2391 2392 while (rpos + 2 <= ric + ric_len && 2393 rpos + 2 + rpos[1] <= ric + ric_len) { 2394 if (rpos[0] == WLAN_EID_RIC_DATA) 2395 break; 2396 rpos += 2 + rpos[1]; 2397 } 2398 pos = wpa_ft_process_rdie(sm, pos, end, rdie->id, 2399 rdie->descr_count, 2400 start, rpos - start); 2401 } 2402 2403 return pos; 2404 } 2405 2406 2407 u8 * wpa_sm_write_assoc_resp_ies(struct wpa_state_machine *sm, u8 *pos, 2408 size_t max_len, int auth_alg, 2409 const u8 *req_ies, size_t req_ies_len) 2410 { 2411 u8 *end, *mdie, *ftie, *rsnie = NULL, *r0kh_id, *subelem = NULL; 2412 u8 *fte_mic, *elem_count; 2413 size_t mdie_len, ftie_len, rsnie_len = 0, r0kh_id_len, subelem_len = 0; 2414 int res; 2415 struct wpa_auth_config *conf; 2416 struct wpa_ft_ies parse; 2417 u8 *ric_start; 2418 u8 *anonce, *snonce; 2419 const u8 *kck; 2420 size_t kck_len; 2421 int use_sha384; 2422 2423 if (sm == NULL) 2424 return pos; 2425 2426 use_sha384 = wpa_key_mgmt_sha384(sm->wpa_key_mgmt); 2427 conf = &sm->wpa_auth->conf; 2428 2429 if (!wpa_key_mgmt_ft(sm->wpa_key_mgmt)) 2430 return pos; 2431 2432 end = pos + max_len; 2433 2434 if (auth_alg == WLAN_AUTH_FT || 2435 ((auth_alg == WLAN_AUTH_FILS_SK || 2436 auth_alg == WLAN_AUTH_FILS_SK_PFS || 2437 auth_alg == WLAN_AUTH_FILS_PK) && 2438 (sm->wpa_key_mgmt & (WPA_KEY_MGMT_FT_FILS_SHA256 | 2439 WPA_KEY_MGMT_FT_FILS_SHA384)))) { 2440 if (!sm->pmk_r1_name_valid) { 2441 wpa_printf(MSG_ERROR, 2442 "FT: PMKR1Name is not valid for Assoc Resp RSNE"); 2443 return NULL; 2444 } 2445 wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name for Assoc Resp RSNE", 2446 sm->pmk_r1_name, WPA_PMK_NAME_LEN); 2447 /* 2448 * RSN (only present if this is a Reassociation Response and 2449 * part of a fast BSS transition; or if this is a 2450 * (Re)Association Response frame during an FT initial mobility 2451 * domain association using FILS) 2452 */ 2453 res = wpa_write_rsn_ie(conf, pos, end - pos, sm->pmk_r1_name); 2454 if (res < 0) 2455 return NULL; 2456 rsnie = pos; 2457 rsnie_len = res; 2458 pos += res; 2459 } 2460 2461 /* Mobility Domain Information */ 2462 res = wpa_write_mdie(conf, pos, end - pos); 2463 if (res < 0) 2464 return NULL; 2465 mdie = pos; 2466 mdie_len = res; 2467 pos += res; 2468 2469 /* Fast BSS Transition Information */ 2470 if (auth_alg == WLAN_AUTH_FT) { 2471 subelem = wpa_ft_gtk_subelem(sm, &subelem_len); 2472 if (!subelem) { 2473 wpa_printf(MSG_DEBUG, 2474 "FT: Failed to add GTK subelement"); 2475 return NULL; 2476 } 2477 r0kh_id = sm->r0kh_id; 2478 r0kh_id_len = sm->r0kh_id_len; 2479 anonce = sm->ANonce; 2480 snonce = sm->SNonce; 2481 #ifdef CONFIG_IEEE80211W 2482 if (sm->mgmt_frame_prot) { 2483 u8 *igtk; 2484 size_t igtk_len; 2485 u8 *nbuf; 2486 igtk = wpa_ft_igtk_subelem(sm, &igtk_len); 2487 if (igtk == NULL) { 2488 wpa_printf(MSG_DEBUG, 2489 "FT: Failed to add IGTK subelement"); 2490 os_free(subelem); 2491 return NULL; 2492 } 2493 nbuf = os_realloc(subelem, subelem_len + igtk_len); 2494 if (nbuf == NULL) { 2495 os_free(subelem); 2496 os_free(igtk); 2497 return NULL; 2498 } 2499 subelem = nbuf; 2500 os_memcpy(subelem + subelem_len, igtk, igtk_len); 2501 subelem_len += igtk_len; 2502 os_free(igtk); 2503 } 2504 #endif /* CONFIG_IEEE80211W */ 2505 #ifdef CONFIG_OCV 2506 if (wpa_auth_uses_ocv(sm)) { 2507 struct wpa_channel_info ci; 2508 u8 *nbuf, *ocipos; 2509 2510 if (wpa_channel_info(sm->wpa_auth, &ci) != 0) { 2511 wpa_printf(MSG_WARNING, 2512 "Failed to get channel info for OCI element"); 2513 os_free(subelem); 2514 return NULL; 2515 } 2516 2517 subelem_len += 2 + OCV_OCI_LEN; 2518 nbuf = os_realloc(subelem, subelem_len); 2519 if (!nbuf) { 2520 os_free(subelem); 2521 return NULL; 2522 } 2523 subelem = nbuf; 2524 2525 ocipos = subelem + subelem_len - 2 - OCV_OCI_LEN; 2526 *ocipos++ = FTIE_SUBELEM_OCI; 2527 *ocipos++ = OCV_OCI_LEN; 2528 if (ocv_insert_oci(&ci, &ocipos) < 0) { 2529 os_free(subelem); 2530 return NULL; 2531 } 2532 } 2533 #endif /* CONFIG_OCV */ 2534 } else { 2535 r0kh_id = conf->r0_key_holder; 2536 r0kh_id_len = conf->r0_key_holder_len; 2537 anonce = NULL; 2538 snonce = NULL; 2539 } 2540 res = wpa_write_ftie(conf, use_sha384, r0kh_id, r0kh_id_len, 2541 anonce, snonce, pos, end - pos, 2542 subelem, subelem_len); 2543 os_free(subelem); 2544 if (res < 0) 2545 return NULL; 2546 ftie = pos; 2547 ftie_len = res; 2548 pos += res; 2549 2550 if (use_sha384) { 2551 struct rsn_ftie_sha384 *_ftie = 2552 (struct rsn_ftie_sha384 *) (ftie + 2); 2553 2554 fte_mic = _ftie->mic; 2555 elem_count = &_ftie->mic_control[1]; 2556 } else { 2557 struct rsn_ftie *_ftie = (struct rsn_ftie *) (ftie + 2); 2558 2559 fte_mic = _ftie->mic; 2560 elem_count = &_ftie->mic_control[1]; 2561 } 2562 if (auth_alg == WLAN_AUTH_FT) 2563 *elem_count = 3; /* Information element count */ 2564 2565 ric_start = pos; 2566 if (wpa_ft_parse_ies(req_ies, req_ies_len, &parse, use_sha384) == 0 2567 && parse.ric) { 2568 pos = wpa_ft_process_ric(sm, pos, end, parse.ric, 2569 parse.ric_len); 2570 if (auth_alg == WLAN_AUTH_FT) 2571 *elem_count += 2572 ieee802_11_ie_count(ric_start, 2573 pos - ric_start); 2574 } 2575 if (ric_start == pos) 2576 ric_start = NULL; 2577 2578 if (wpa_key_mgmt_fils(sm->wpa_key_mgmt)) { 2579 kck = sm->PTK.kck2; 2580 kck_len = sm->PTK.kck2_len; 2581 } else { 2582 kck = sm->PTK.kck; 2583 kck_len = sm->PTK.kck_len; 2584 } 2585 if (auth_alg == WLAN_AUTH_FT && 2586 wpa_ft_mic(kck, kck_len, sm->addr, sm->wpa_auth->addr, 6, 2587 mdie, mdie_len, ftie, ftie_len, 2588 rsnie, rsnie_len, 2589 ric_start, ric_start ? pos - ric_start : 0, 2590 fte_mic) < 0) { 2591 wpa_printf(MSG_DEBUG, "FT: Failed to calculate MIC"); 2592 return NULL; 2593 } 2594 2595 os_free(sm->assoc_resp_ftie); 2596 sm->assoc_resp_ftie = os_malloc(ftie_len); 2597 if (!sm->assoc_resp_ftie) 2598 return NULL; 2599 os_memcpy(sm->assoc_resp_ftie, ftie, ftie_len); 2600 2601 return pos; 2602 } 2603 2604 2605 static inline int wpa_auth_set_key(struct wpa_authenticator *wpa_auth, 2606 int vlan_id, 2607 enum wpa_alg alg, const u8 *addr, int idx, 2608 u8 *key, size_t key_len) 2609 { 2610 if (wpa_auth->cb->set_key == NULL) 2611 return -1; 2612 return wpa_auth->cb->set_key(wpa_auth->cb_ctx, vlan_id, alg, addr, idx, 2613 key, key_len); 2614 } 2615 2616 2617 void wpa_ft_install_ptk(struct wpa_state_machine *sm) 2618 { 2619 enum wpa_alg alg; 2620 int klen; 2621 2622 /* MLME-SETKEYS.request(PTK) */ 2623 alg = wpa_cipher_to_alg(sm->pairwise); 2624 klen = wpa_cipher_key_len(sm->pairwise); 2625 if (!wpa_cipher_valid_pairwise(sm->pairwise)) { 2626 wpa_printf(MSG_DEBUG, "FT: Unknown pairwise alg 0x%x - skip " 2627 "PTK configuration", sm->pairwise); 2628 return; 2629 } 2630 2631 if (sm->tk_already_set) { 2632 /* Must avoid TK reconfiguration to prevent clearing of TX/RX 2633 * PN in the driver */ 2634 wpa_printf(MSG_DEBUG, 2635 "FT: Do not re-install same PTK to the driver"); 2636 return; 2637 } 2638 2639 /* FIX: add STA entry to kernel/driver here? The set_key will fail 2640 * most likely without this.. At the moment, STA entry is added only 2641 * after association has been completed. This function will be called 2642 * again after association to get the PTK configured, but that could be 2643 * optimized by adding the STA entry earlier. 2644 */ 2645 if (wpa_auth_set_key(sm->wpa_auth, 0, alg, sm->addr, 0, 2646 sm->PTK.tk, klen)) 2647 return; 2648 2649 /* FIX: MLME-SetProtection.Request(TA, Tx_Rx) */ 2650 sm->pairwise_set = TRUE; 2651 sm->tk_already_set = TRUE; 2652 } 2653 2654 2655 /* Derive PMK-R1 from PSK, check all available PSK */ 2656 static int wpa_ft_psk_pmk_r1(struct wpa_state_machine *sm, 2657 const u8 *req_pmk_r1_name, 2658 u8 *out_pmk_r1, int *out_pairwise, 2659 struct vlan_description *out_vlan, 2660 const u8 **out_identity, size_t *out_identity_len, 2661 const u8 **out_radius_cui, 2662 size_t *out_radius_cui_len, 2663 int *out_session_timeout) 2664 { 2665 const u8 *pmk = NULL; 2666 u8 pmk_r0[PMK_LEN], pmk_r0_name[WPA_PMK_NAME_LEN]; 2667 u8 pmk_r1[PMK_LEN], pmk_r1_name[WPA_PMK_NAME_LEN]; 2668 struct wpa_authenticator *wpa_auth = sm->wpa_auth; 2669 const u8 *mdid = wpa_auth->conf.mobility_domain; 2670 const u8 *r0kh = sm->r0kh_id; 2671 size_t r0kh_len = sm->r0kh_id_len; 2672 const u8 *r1kh = wpa_auth->conf.r1_key_holder; 2673 const u8 *ssid = wpa_auth->conf.ssid; 2674 size_t ssid_len = wpa_auth->conf.ssid_len; 2675 int pairwise; 2676 2677 pairwise = sm->pairwise; 2678 2679 for (;;) { 2680 pmk = wpa_ft_get_psk(wpa_auth, sm->addr, sm->p2p_dev_addr, 2681 pmk); 2682 if (pmk == NULL) 2683 break; 2684 2685 if (wpa_derive_pmk_r0(pmk, PMK_LEN, ssid, ssid_len, mdid, r0kh, 2686 r0kh_len, sm->addr, 2687 pmk_r0, pmk_r0_name, 0) < 0 || 2688 wpa_derive_pmk_r1(pmk_r0, PMK_LEN, pmk_r0_name, r1kh, 2689 sm->addr, pmk_r1, pmk_r1_name) < 0 || 2690 os_memcmp_const(pmk_r1_name, req_pmk_r1_name, 2691 WPA_PMK_NAME_LEN) != 0) 2692 continue; 2693 2694 /* We found a PSK that matches the requested pmk_r1_name */ 2695 wpa_printf(MSG_DEBUG, 2696 "FT: Found PSK to generate PMK-R1 locally"); 2697 os_memcpy(out_pmk_r1, pmk_r1, PMK_LEN); 2698 if (out_pairwise) 2699 *out_pairwise = pairwise; 2700 os_memcpy(sm->PMK, pmk, PMK_LEN); 2701 sm->pmk_len = PMK_LEN; 2702 if (out_vlan && 2703 wpa_ft_get_vlan(sm->wpa_auth, sm->addr, out_vlan) < 0) { 2704 wpa_printf(MSG_DEBUG, "FT: vlan not available for STA " 2705 MACSTR, MAC2STR(sm->addr)); 2706 return -1; 2707 } 2708 2709 if (out_identity && out_identity_len) { 2710 *out_identity_len = wpa_ft_get_identity( 2711 sm->wpa_auth, sm->addr, out_identity); 2712 } 2713 2714 if (out_radius_cui && out_radius_cui_len) { 2715 *out_radius_cui_len = wpa_ft_get_radius_cui( 2716 sm->wpa_auth, sm->addr, out_radius_cui); 2717 } 2718 2719 if (out_session_timeout) { 2720 *out_session_timeout = wpa_ft_get_session_timeout( 2721 sm->wpa_auth, sm->addr); 2722 } 2723 2724 return 0; 2725 } 2726 2727 wpa_printf(MSG_DEBUG, 2728 "FT: Did not find PSK to generate PMK-R1 locally"); 2729 return -1; 2730 } 2731 2732 2733 /* Detect the configuration the station asked for. 2734 * Required to detect FT-PSK and pairwise cipher. 2735 */ 2736 static int wpa_ft_set_key_mgmt(struct wpa_state_machine *sm, 2737 struct wpa_ft_ies *parse) 2738 { 2739 int key_mgmt, ciphers; 2740 2741 if (sm->wpa_key_mgmt) 2742 return 0; 2743 2744 key_mgmt = parse->key_mgmt & sm->wpa_auth->conf.wpa_key_mgmt; 2745 if (!key_mgmt) { 2746 wpa_printf(MSG_DEBUG, "FT: Invalid key mgmt (0x%x) from " 2747 MACSTR, parse->key_mgmt, MAC2STR(sm->addr)); 2748 return -1; 2749 } 2750 if (key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X) 2751 sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_IEEE8021X; 2752 #ifdef CONFIG_SHA384 2753 else if (key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X_SHA384) 2754 sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_IEEE8021X_SHA384; 2755 #endif /* CONFIG_SHA384 */ 2756 else if (key_mgmt & WPA_KEY_MGMT_FT_PSK) 2757 sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_PSK; 2758 #ifdef CONFIG_FILS 2759 else if (key_mgmt & WPA_KEY_MGMT_FT_FILS_SHA256) 2760 sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_FILS_SHA256; 2761 else if (key_mgmt & WPA_KEY_MGMT_FT_FILS_SHA384) 2762 sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_FILS_SHA384; 2763 #endif /* CONFIG_FILS */ 2764 ciphers = parse->pairwise_cipher & sm->wpa_auth->conf.rsn_pairwise; 2765 if (!ciphers) { 2766 wpa_printf(MSG_DEBUG, "FT: Invalid pairwise cipher (0x%x) from " 2767 MACSTR, 2768 parse->pairwise_cipher, MAC2STR(sm->addr)); 2769 return -1; 2770 } 2771 sm->pairwise = wpa_pick_pairwise_cipher(ciphers, 0); 2772 2773 return 0; 2774 } 2775 2776 2777 static int wpa_ft_local_derive_pmk_r1(struct wpa_authenticator *wpa_auth, 2778 struct wpa_state_machine *sm, 2779 const u8 *r0kh_id, size_t r0kh_id_len, 2780 const u8 *req_pmk_r0_name, 2781 const u8 *req_pmk_r1_name, 2782 u8 *out_pmk_r1, int *out_pairwise, 2783 struct vlan_description *vlan, 2784 const u8 **identity, size_t *identity_len, 2785 const u8 **radius_cui, 2786 size_t *radius_cui_len, 2787 int *out_session_timeout) 2788 { 2789 struct wpa_auth_config *conf = &wpa_auth->conf; 2790 const struct wpa_ft_pmk_r0_sa *r0; 2791 u8 pmk_r1_name[WPA_PMK_NAME_LEN]; 2792 int expires_in = 0; 2793 int session_timeout = 0; 2794 struct os_reltime now; 2795 2796 if (conf->r0_key_holder_len != r0kh_id_len || 2797 os_memcmp(conf->r0_key_holder, r0kh_id, conf->r0_key_holder_len) != 2798 0) 2799 return -1; /* not our R0KH-ID */ 2800 2801 wpa_printf(MSG_DEBUG, "FT: STA R0KH-ID matching local configuration"); 2802 if (wpa_ft_fetch_pmk_r0(sm->wpa_auth, sm->addr, req_pmk_r0_name, &r0) < 2803 0) 2804 return -1; /* no matching PMKR0Name in local cache */ 2805 2806 wpa_printf(MSG_DEBUG, "FT: Requested PMKR0Name found in local cache"); 2807 2808 if (wpa_derive_pmk_r1(r0->pmk_r0, r0->pmk_r0_len, r0->pmk_r0_name, 2809 conf->r1_key_holder, 2810 sm->addr, out_pmk_r1, pmk_r1_name) < 0) 2811 return -1; 2812 wpa_hexdump_key(MSG_DEBUG, "FT: PMK-R1", out_pmk_r1, r0->pmk_r0_len); 2813 wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name", pmk_r1_name, WPA_PMK_NAME_LEN); 2814 2815 os_get_reltime(&now); 2816 if (r0->expiration) 2817 expires_in = r0->expiration - now.sec; 2818 2819 if (r0->session_timeout) 2820 session_timeout = r0->session_timeout - now.sec; 2821 2822 wpa_ft_store_pmk_r1(wpa_auth, sm->addr, out_pmk_r1, r0->pmk_r0_len, 2823 pmk_r1_name, 2824 sm->pairwise, r0->vlan, expires_in, session_timeout, 2825 r0->identity, r0->identity_len, 2826 r0->radius_cui, r0->radius_cui_len); 2827 2828 *out_pairwise = sm->pairwise; 2829 if (vlan) { 2830 if (r0->vlan) 2831 *vlan = *r0->vlan; 2832 else 2833 os_memset(vlan, 0, sizeof(*vlan)); 2834 } 2835 2836 if (identity && identity_len) { 2837 *identity = r0->identity; 2838 *identity_len = r0->identity_len; 2839 } 2840 2841 if (radius_cui && radius_cui_len) { 2842 *radius_cui = r0->radius_cui; 2843 *radius_cui_len = r0->radius_cui_len; 2844 } 2845 2846 *out_session_timeout = session_timeout; 2847 2848 return 0; 2849 } 2850 2851 2852 static int wpa_ft_process_auth_req(struct wpa_state_machine *sm, 2853 const u8 *ies, size_t ies_len, 2854 u8 **resp_ies, size_t *resp_ies_len) 2855 { 2856 struct rsn_mdie *mdie; 2857 u8 pmk_r1[PMK_LEN_MAX], pmk_r1_name[WPA_PMK_NAME_LEN]; 2858 u8 ptk_name[WPA_PMK_NAME_LEN]; 2859 struct wpa_auth_config *conf; 2860 struct wpa_ft_ies parse; 2861 size_t buflen; 2862 int ret; 2863 u8 *pos, *end; 2864 int pairwise, session_timeout = 0; 2865 struct vlan_description vlan; 2866 const u8 *identity, *radius_cui; 2867 size_t identity_len = 0, radius_cui_len = 0; 2868 int use_sha384; 2869 size_t pmk_r1_len; 2870 2871 *resp_ies = NULL; 2872 *resp_ies_len = 0; 2873 2874 sm->pmk_r1_name_valid = 0; 2875 conf = &sm->wpa_auth->conf; 2876 2877 wpa_hexdump(MSG_DEBUG, "FT: Received authentication frame IEs", 2878 ies, ies_len); 2879 2880 if (wpa_ft_parse_ies(ies, ies_len, &parse, -1)) { 2881 wpa_printf(MSG_DEBUG, "FT: Failed to parse FT IEs"); 2882 return WLAN_STATUS_UNSPECIFIED_FAILURE; 2883 } 2884 use_sha384 = wpa_key_mgmt_sha384(parse.key_mgmt); 2885 pmk_r1_len = use_sha384 ? SHA384_MAC_LEN : PMK_LEN; 2886 2887 mdie = (struct rsn_mdie *) parse.mdie; 2888 if (mdie == NULL || parse.mdie_len < sizeof(*mdie) || 2889 os_memcmp(mdie->mobility_domain, 2890 sm->wpa_auth->conf.mobility_domain, 2891 MOBILITY_DOMAIN_ID_LEN) != 0) { 2892 wpa_printf(MSG_DEBUG, "FT: Invalid MDIE"); 2893 return WLAN_STATUS_INVALID_MDIE; 2894 } 2895 2896 if (use_sha384) { 2897 struct rsn_ftie_sha384 *ftie; 2898 2899 ftie = (struct rsn_ftie_sha384 *) parse.ftie; 2900 if (!ftie || parse.ftie_len < sizeof(*ftie)) { 2901 wpa_printf(MSG_DEBUG, "FT: Invalid FTIE"); 2902 return WLAN_STATUS_INVALID_FTIE; 2903 } 2904 2905 os_memcpy(sm->SNonce, ftie->snonce, WPA_NONCE_LEN); 2906 } else { 2907 struct rsn_ftie *ftie; 2908 2909 ftie = (struct rsn_ftie *) parse.ftie; 2910 if (!ftie || parse.ftie_len < sizeof(*ftie)) { 2911 wpa_printf(MSG_DEBUG, "FT: Invalid FTIE"); 2912 return WLAN_STATUS_INVALID_FTIE; 2913 } 2914 2915 os_memcpy(sm->SNonce, ftie->snonce, WPA_NONCE_LEN); 2916 } 2917 2918 if (parse.r0kh_id == NULL) { 2919 wpa_printf(MSG_DEBUG, "FT: Invalid FTIE - no R0KH-ID"); 2920 return WLAN_STATUS_INVALID_FTIE; 2921 } 2922 2923 wpa_hexdump(MSG_DEBUG, "FT: STA R0KH-ID", 2924 parse.r0kh_id, parse.r0kh_id_len); 2925 os_memcpy(sm->r0kh_id, parse.r0kh_id, parse.r0kh_id_len); 2926 sm->r0kh_id_len = parse.r0kh_id_len; 2927 2928 if (parse.rsn_pmkid == NULL) { 2929 wpa_printf(MSG_DEBUG, "FT: No PMKID in RSNIE"); 2930 return WLAN_STATUS_INVALID_PMKID; 2931 } 2932 2933 if (wpa_ft_set_key_mgmt(sm, &parse) < 0) 2934 return WLAN_STATUS_UNSPECIFIED_FAILURE; 2935 2936 wpa_hexdump(MSG_DEBUG, "FT: Requested PMKR0Name", 2937 parse.rsn_pmkid, WPA_PMK_NAME_LEN); 2938 if (wpa_derive_pmk_r1_name(parse.rsn_pmkid, 2939 sm->wpa_auth->conf.r1_key_holder, sm->addr, 2940 pmk_r1_name, use_sha384) < 0) 2941 return WLAN_STATUS_UNSPECIFIED_FAILURE; 2942 wpa_hexdump(MSG_DEBUG, "FT: Derived requested PMKR1Name", 2943 pmk_r1_name, WPA_PMK_NAME_LEN); 2944 2945 if (conf->ft_psk_generate_local && 2946 wpa_key_mgmt_ft_psk(sm->wpa_key_mgmt)) { 2947 if (wpa_ft_psk_pmk_r1(sm, pmk_r1_name, pmk_r1, &pairwise, 2948 &vlan, &identity, &identity_len, 2949 &radius_cui, &radius_cui_len, 2950 &session_timeout) < 0) 2951 return WLAN_STATUS_INVALID_PMKID; 2952 wpa_printf(MSG_DEBUG, 2953 "FT: Generated PMK-R1 for FT-PSK locally"); 2954 } else if (wpa_ft_fetch_pmk_r1(sm->wpa_auth, sm->addr, pmk_r1_name, 2955 pmk_r1, &pmk_r1_len, &pairwise, &vlan, 2956 &identity, &identity_len, &radius_cui, 2957 &radius_cui_len, &session_timeout) < 0) { 2958 wpa_printf(MSG_DEBUG, 2959 "FT: No PMK-R1 available in local cache for the requested PMKR1Name"); 2960 if (wpa_ft_local_derive_pmk_r1(sm->wpa_auth, sm, 2961 parse.r0kh_id, parse.r0kh_id_len, 2962 parse.rsn_pmkid, 2963 pmk_r1_name, pmk_r1, &pairwise, 2964 &vlan, &identity, &identity_len, 2965 &radius_cui, &radius_cui_len, 2966 &session_timeout) == 0) { 2967 wpa_printf(MSG_DEBUG, 2968 "FT: Generated PMK-R1 based on local PMK-R0"); 2969 goto pmk_r1_derived; 2970 } 2971 2972 if (wpa_ft_pull_pmk_r1(sm, ies, ies_len, parse.rsn_pmkid) < 0) { 2973 wpa_printf(MSG_DEBUG, 2974 "FT: Did not have matching PMK-R1 and either unknown or blocked R0KH-ID or NAK from R0KH"); 2975 return WLAN_STATUS_INVALID_PMKID; 2976 } 2977 2978 return -1; /* Status pending */ 2979 } else { 2980 wpa_printf(MSG_DEBUG, "FT: Found PMKR1Name from local cache"); 2981 } 2982 2983 pmk_r1_derived: 2984 wpa_hexdump_key(MSG_DEBUG, "FT: Selected PMK-R1", pmk_r1, pmk_r1_len); 2985 sm->pmk_r1_name_valid = 1; 2986 os_memcpy(sm->pmk_r1_name, pmk_r1_name, WPA_PMK_NAME_LEN); 2987 2988 if (random_get_bytes(sm->ANonce, WPA_NONCE_LEN)) { 2989 wpa_printf(MSG_DEBUG, "FT: Failed to get random data for " 2990 "ANonce"); 2991 return WLAN_STATUS_UNSPECIFIED_FAILURE; 2992 } 2993 2994 wpa_hexdump(MSG_DEBUG, "FT: Received SNonce", 2995 sm->SNonce, WPA_NONCE_LEN); 2996 wpa_hexdump(MSG_DEBUG, "FT: Generated ANonce", 2997 sm->ANonce, WPA_NONCE_LEN); 2998 2999 if (wpa_pmk_r1_to_ptk(pmk_r1, pmk_r1_len, sm->SNonce, sm->ANonce, 3000 sm->addr, sm->wpa_auth->addr, pmk_r1_name, 3001 &sm->PTK, ptk_name, sm->wpa_key_mgmt, 3002 pairwise) < 0) 3003 return WLAN_STATUS_UNSPECIFIED_FAILURE; 3004 3005 sm->pairwise = pairwise; 3006 sm->PTK_valid = TRUE; 3007 sm->tk_already_set = FALSE; 3008 wpa_ft_install_ptk(sm); 3009 3010 if (wpa_ft_set_vlan(sm->wpa_auth, sm->addr, &vlan) < 0) { 3011 wpa_printf(MSG_DEBUG, "FT: Failed to configure VLAN"); 3012 return WLAN_STATUS_UNSPECIFIED_FAILURE; 3013 } 3014 if (wpa_ft_set_identity(sm->wpa_auth, sm->addr, 3015 identity, identity_len) < 0 || 3016 wpa_ft_set_radius_cui(sm->wpa_auth, sm->addr, 3017 radius_cui, radius_cui_len) < 0) { 3018 wpa_printf(MSG_DEBUG, "FT: Failed to configure identity/CUI"); 3019 return WLAN_STATUS_UNSPECIFIED_FAILURE; 3020 } 3021 wpa_ft_set_session_timeout(sm->wpa_auth, sm->addr, session_timeout); 3022 3023 buflen = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) + 3024 2 + FT_R1KH_ID_LEN + 200; 3025 *resp_ies = os_zalloc(buflen); 3026 if (*resp_ies == NULL) 3027 goto fail; 3028 3029 pos = *resp_ies; 3030 end = *resp_ies + buflen; 3031 3032 ret = wpa_write_rsn_ie(conf, pos, end - pos, parse.rsn_pmkid); 3033 if (ret < 0) 3034 goto fail; 3035 pos += ret; 3036 3037 ret = wpa_write_mdie(conf, pos, end - pos); 3038 if (ret < 0) 3039 goto fail; 3040 pos += ret; 3041 3042 ret = wpa_write_ftie(conf, use_sha384, parse.r0kh_id, parse.r0kh_id_len, 3043 sm->ANonce, sm->SNonce, pos, end - pos, NULL, 0); 3044 if (ret < 0) 3045 goto fail; 3046 pos += ret; 3047 3048 *resp_ies_len = pos - *resp_ies; 3049 3050 return WLAN_STATUS_SUCCESS; 3051 fail: 3052 os_free(*resp_ies); 3053 *resp_ies = NULL; 3054 return WLAN_STATUS_UNSPECIFIED_FAILURE; 3055 } 3056 3057 3058 void wpa_ft_process_auth(struct wpa_state_machine *sm, const u8 *bssid, 3059 u16 auth_transaction, const u8 *ies, size_t ies_len, 3060 void (*cb)(void *ctx, const u8 *dst, const u8 *bssid, 3061 u16 auth_transaction, u16 status, 3062 const u8 *ies, size_t ies_len), 3063 void *ctx) 3064 { 3065 u16 status; 3066 u8 *resp_ies; 3067 size_t resp_ies_len; 3068 int res; 3069 3070 if (sm == NULL) { 3071 wpa_printf(MSG_DEBUG, "FT: Received authentication frame, but " 3072 "WPA SM not available"); 3073 return; 3074 } 3075 3076 wpa_printf(MSG_DEBUG, "FT: Received authentication frame: STA=" MACSTR 3077 " BSSID=" MACSTR " transaction=%d", 3078 MAC2STR(sm->addr), MAC2STR(bssid), auth_transaction); 3079 sm->ft_pending_cb = cb; 3080 sm->ft_pending_cb_ctx = ctx; 3081 sm->ft_pending_auth_transaction = auth_transaction; 3082 sm->ft_pending_pull_left_retries = sm->wpa_auth->conf.rkh_pull_retries; 3083 res = wpa_ft_process_auth_req(sm, ies, ies_len, &resp_ies, 3084 &resp_ies_len); 3085 if (res < 0) { 3086 wpa_printf(MSG_DEBUG, "FT: Callback postponed until response is available"); 3087 return; 3088 } 3089 status = res; 3090 3091 wpa_printf(MSG_DEBUG, "FT: FT authentication response: dst=" MACSTR 3092 " auth_transaction=%d status=%d", 3093 MAC2STR(sm->addr), auth_transaction + 1, status); 3094 wpa_hexdump(MSG_DEBUG, "FT: Response IEs", resp_ies, resp_ies_len); 3095 cb(ctx, sm->addr, bssid, auth_transaction + 1, status, 3096 resp_ies, resp_ies_len); 3097 os_free(resp_ies); 3098 } 3099 3100 3101 u16 wpa_ft_validate_reassoc(struct wpa_state_machine *sm, const u8 *ies, 3102 size_t ies_len) 3103 { 3104 struct wpa_ft_ies parse; 3105 struct rsn_mdie *mdie; 3106 u8 mic[WPA_EAPOL_KEY_MIC_MAX_LEN]; 3107 size_t mic_len = 16; 3108 unsigned int count; 3109 const u8 *kck; 3110 size_t kck_len; 3111 int use_sha384; 3112 const u8 *anonce, *snonce, *fte_mic; 3113 u8 fte_elem_count; 3114 3115 if (sm == NULL) 3116 return WLAN_STATUS_UNSPECIFIED_FAILURE; 3117 3118 use_sha384 = wpa_key_mgmt_sha384(sm->wpa_key_mgmt); 3119 3120 wpa_hexdump(MSG_DEBUG, "FT: Reassoc Req IEs", ies, ies_len); 3121 3122 if (wpa_ft_parse_ies(ies, ies_len, &parse, use_sha384) < 0) { 3123 wpa_printf(MSG_DEBUG, "FT: Failed to parse FT IEs"); 3124 return WLAN_STATUS_UNSPECIFIED_FAILURE; 3125 } 3126 3127 if (parse.rsn == NULL) { 3128 wpa_printf(MSG_DEBUG, "FT: No RSNIE in Reassoc Req"); 3129 return WLAN_STATUS_UNSPECIFIED_FAILURE; 3130 } 3131 3132 if (parse.rsn_pmkid == NULL) { 3133 wpa_printf(MSG_DEBUG, "FT: No PMKID in RSNIE"); 3134 return WLAN_STATUS_INVALID_PMKID; 3135 } 3136 3137 if (os_memcmp_const(parse.rsn_pmkid, sm->pmk_r1_name, WPA_PMK_NAME_LEN) 3138 != 0) { 3139 wpa_printf(MSG_DEBUG, "FT: PMKID in Reassoc Req did not match " 3140 "with the PMKR1Name derived from auth request"); 3141 return WLAN_STATUS_INVALID_PMKID; 3142 } 3143 3144 mdie = (struct rsn_mdie *) parse.mdie; 3145 if (mdie == NULL || parse.mdie_len < sizeof(*mdie) || 3146 os_memcmp(mdie->mobility_domain, 3147 sm->wpa_auth->conf.mobility_domain, 3148 MOBILITY_DOMAIN_ID_LEN) != 0) { 3149 wpa_printf(MSG_DEBUG, "FT: Invalid MDIE"); 3150 return WLAN_STATUS_INVALID_MDIE; 3151 } 3152 3153 if (use_sha384) { 3154 struct rsn_ftie_sha384 *ftie; 3155 3156 ftie = (struct rsn_ftie_sha384 *) parse.ftie; 3157 if (ftie == NULL || parse.ftie_len < sizeof(*ftie)) { 3158 wpa_printf(MSG_DEBUG, "FT: Invalid FTIE"); 3159 return WLAN_STATUS_INVALID_FTIE; 3160 } 3161 3162 anonce = ftie->anonce; 3163 snonce = ftie->snonce; 3164 fte_elem_count = ftie->mic_control[1]; 3165 fte_mic = ftie->mic; 3166 } else { 3167 struct rsn_ftie *ftie; 3168 3169 ftie = (struct rsn_ftie *) parse.ftie; 3170 if (ftie == NULL || parse.ftie_len < sizeof(*ftie)) { 3171 wpa_printf(MSG_DEBUG, "FT: Invalid FTIE"); 3172 return WLAN_STATUS_INVALID_FTIE; 3173 } 3174 3175 anonce = ftie->anonce; 3176 snonce = ftie->snonce; 3177 fte_elem_count = ftie->mic_control[1]; 3178 fte_mic = ftie->mic; 3179 } 3180 3181 if (os_memcmp(snonce, sm->SNonce, WPA_NONCE_LEN) != 0) { 3182 wpa_printf(MSG_DEBUG, "FT: SNonce mismatch in FTIE"); 3183 wpa_hexdump(MSG_DEBUG, "FT: Received SNonce", 3184 snonce, WPA_NONCE_LEN); 3185 wpa_hexdump(MSG_DEBUG, "FT: Expected SNonce", 3186 sm->SNonce, WPA_NONCE_LEN); 3187 return WLAN_STATUS_INVALID_FTIE; 3188 } 3189 3190 if (os_memcmp(anonce, sm->ANonce, WPA_NONCE_LEN) != 0) { 3191 wpa_printf(MSG_DEBUG, "FT: ANonce mismatch in FTIE"); 3192 wpa_hexdump(MSG_DEBUG, "FT: Received ANonce", 3193 anonce, WPA_NONCE_LEN); 3194 wpa_hexdump(MSG_DEBUG, "FT: Expected ANonce", 3195 sm->ANonce, WPA_NONCE_LEN); 3196 return WLAN_STATUS_INVALID_FTIE; 3197 } 3198 3199 3200 if (parse.r0kh_id == NULL) { 3201 wpa_printf(MSG_DEBUG, "FT: No R0KH-ID subelem in FTIE"); 3202 return WLAN_STATUS_INVALID_FTIE; 3203 } 3204 3205 if (parse.r0kh_id_len != sm->r0kh_id_len || 3206 os_memcmp_const(parse.r0kh_id, sm->r0kh_id, parse.r0kh_id_len) != 0) 3207 { 3208 wpa_printf(MSG_DEBUG, "FT: R0KH-ID in FTIE did not match with " 3209 "the current R0KH-ID"); 3210 wpa_hexdump(MSG_DEBUG, "FT: R0KH-ID in FTIE", 3211 parse.r0kh_id, parse.r0kh_id_len); 3212 wpa_hexdump(MSG_DEBUG, "FT: The current R0KH-ID", 3213 sm->r0kh_id, sm->r0kh_id_len); 3214 return WLAN_STATUS_INVALID_FTIE; 3215 } 3216 3217 if (parse.r1kh_id == NULL) { 3218 wpa_printf(MSG_DEBUG, "FT: No R1KH-ID subelem in FTIE"); 3219 return WLAN_STATUS_INVALID_FTIE; 3220 } 3221 3222 if (os_memcmp_const(parse.r1kh_id, sm->wpa_auth->conf.r1_key_holder, 3223 FT_R1KH_ID_LEN) != 0) { 3224 wpa_printf(MSG_DEBUG, "FT: Unknown R1KH-ID used in " 3225 "ReassocReq"); 3226 wpa_hexdump(MSG_DEBUG, "FT: R1KH-ID in FTIE", 3227 parse.r1kh_id, FT_R1KH_ID_LEN); 3228 wpa_hexdump(MSG_DEBUG, "FT: Expected R1KH-ID", 3229 sm->wpa_auth->conf.r1_key_holder, FT_R1KH_ID_LEN); 3230 return WLAN_STATUS_INVALID_FTIE; 3231 } 3232 3233 if (parse.rsn_pmkid == NULL || 3234 os_memcmp_const(parse.rsn_pmkid, sm->pmk_r1_name, WPA_PMK_NAME_LEN)) 3235 { 3236 wpa_printf(MSG_DEBUG, "FT: No matching PMKR1Name (PMKID) in " 3237 "RSNIE (pmkid=%d)", !!parse.rsn_pmkid); 3238 return WLAN_STATUS_INVALID_PMKID; 3239 } 3240 3241 count = 3; 3242 if (parse.ric) 3243 count += ieee802_11_ie_count(parse.ric, parse.ric_len); 3244 if (fte_elem_count != count) { 3245 wpa_printf(MSG_DEBUG, "FT: Unexpected IE count in MIC " 3246 "Control: received %u expected %u", 3247 fte_elem_count, count); 3248 return WLAN_STATUS_UNSPECIFIED_FAILURE; 3249 } 3250 3251 if (wpa_key_mgmt_fils(sm->wpa_key_mgmt)) { 3252 kck = sm->PTK.kck2; 3253 kck_len = sm->PTK.kck2_len; 3254 } else { 3255 kck = sm->PTK.kck; 3256 kck_len = sm->PTK.kck_len; 3257 } 3258 if (wpa_ft_mic(kck, kck_len, sm->addr, sm->wpa_auth->addr, 5, 3259 parse.mdie - 2, parse.mdie_len + 2, 3260 parse.ftie - 2, parse.ftie_len + 2, 3261 parse.rsn - 2, parse.rsn_len + 2, 3262 parse.ric, parse.ric_len, 3263 mic) < 0) { 3264 wpa_printf(MSG_DEBUG, "FT: Failed to calculate MIC"); 3265 return WLAN_STATUS_UNSPECIFIED_FAILURE; 3266 } 3267 3268 if (os_memcmp_const(mic, fte_mic, mic_len) != 0) { 3269 wpa_printf(MSG_DEBUG, "FT: Invalid MIC in FTIE"); 3270 wpa_printf(MSG_DEBUG, "FT: addr=" MACSTR " auth_addr=" MACSTR, 3271 MAC2STR(sm->addr), MAC2STR(sm->wpa_auth->addr)); 3272 wpa_hexdump(MSG_MSGDUMP, "FT: Received MIC", 3273 fte_mic, mic_len); 3274 wpa_hexdump(MSG_MSGDUMP, "FT: Calculated MIC", mic, mic_len); 3275 wpa_hexdump(MSG_MSGDUMP, "FT: MDIE", 3276 parse.mdie - 2, parse.mdie_len + 2); 3277 wpa_hexdump(MSG_MSGDUMP, "FT: FTIE", 3278 parse.ftie - 2, parse.ftie_len + 2); 3279 wpa_hexdump(MSG_MSGDUMP, "FT: RSN", 3280 parse.rsn - 2, parse.rsn_len + 2); 3281 return WLAN_STATUS_INVALID_FTIE; 3282 } 3283 3284 #ifdef CONFIG_OCV 3285 if (wpa_auth_uses_ocv(sm)) { 3286 struct wpa_channel_info ci; 3287 int tx_chanwidth; 3288 int tx_seg1_idx; 3289 3290 if (wpa_channel_info(sm->wpa_auth, &ci) != 0) { 3291 wpa_printf(MSG_WARNING, 3292 "Failed to get channel info to validate received OCI in (Re)Assoc Request"); 3293 return WLAN_STATUS_UNSPECIFIED_FAILURE; 3294 } 3295 3296 if (get_sta_tx_parameters(sm, 3297 channel_width_to_int(ci.chanwidth), 3298 ci.seg1_idx, &tx_chanwidth, 3299 &tx_seg1_idx) < 0) 3300 return WLAN_STATUS_UNSPECIFIED_FAILURE; 3301 3302 if (ocv_verify_tx_params(parse.oci, parse.oci_len, &ci, 3303 tx_chanwidth, tx_seg1_idx) != 0) { 3304 wpa_printf(MSG_WARNING, "%s", ocv_errorstr); 3305 return WLAN_STATUS_UNSPECIFIED_FAILURE; 3306 } 3307 } 3308 #endif /* CONFIG_OCV */ 3309 3310 return WLAN_STATUS_SUCCESS; 3311 } 3312 3313 3314 int wpa_ft_action_rx(struct wpa_state_machine *sm, const u8 *data, size_t len) 3315 { 3316 const u8 *sta_addr, *target_ap; 3317 const u8 *ies; 3318 size_t ies_len; 3319 u8 action; 3320 struct ft_rrb_frame *frame; 3321 3322 if (sm == NULL) 3323 return -1; 3324 3325 /* 3326 * data: Category[1] Action[1] STA_Address[6] Target_AP_Address[6] 3327 * FT Request action frame body[variable] 3328 */ 3329 3330 if (len < 14) { 3331 wpa_printf(MSG_DEBUG, "FT: Too short FT Action frame " 3332 "(len=%lu)", (unsigned long) len); 3333 return -1; 3334 } 3335 3336 action = data[1]; 3337 sta_addr = data + 2; 3338 target_ap = data + 8; 3339 ies = data + 14; 3340 ies_len = len - 14; 3341 3342 wpa_printf(MSG_DEBUG, "FT: Received FT Action frame (STA=" MACSTR 3343 " Target AP=" MACSTR " Action=%d)", 3344 MAC2STR(sta_addr), MAC2STR(target_ap), action); 3345 3346 if (os_memcmp(sta_addr, sm->addr, ETH_ALEN) != 0) { 3347 wpa_printf(MSG_DEBUG, "FT: Mismatch in FT Action STA address: " 3348 "STA=" MACSTR " STA-Address=" MACSTR, 3349 MAC2STR(sm->addr), MAC2STR(sta_addr)); 3350 return -1; 3351 } 3352 3353 /* 3354 * Do some sanity checking on the target AP address (not own and not 3355 * broadcast. This could be extended to filter based on a list of known 3356 * APs in the MD (if such a list were configured). 3357 */ 3358 if ((target_ap[0] & 0x01) || 3359 os_memcmp(target_ap, sm->wpa_auth->addr, ETH_ALEN) == 0) { 3360 wpa_printf(MSG_DEBUG, "FT: Invalid Target AP in FT Action " 3361 "frame"); 3362 return -1; 3363 } 3364 3365 wpa_hexdump(MSG_MSGDUMP, "FT: Action frame body", ies, ies_len); 3366 3367 if (!sm->wpa_auth->conf.ft_over_ds) { 3368 wpa_printf(MSG_DEBUG, "FT: Over-DS option disabled - reject"); 3369 return -1; 3370 } 3371 3372 /* RRB - Forward action frame to the target AP */ 3373 frame = os_malloc(sizeof(*frame) + len); 3374 if (frame == NULL) 3375 return -1; 3376 frame->frame_type = RSN_REMOTE_FRAME_TYPE_FT_RRB; 3377 frame->packet_type = FT_PACKET_REQUEST; 3378 frame->action_length = host_to_le16(len); 3379 os_memcpy(frame->ap_address, sm->wpa_auth->addr, ETH_ALEN); 3380 os_memcpy(frame + 1, data, len); 3381 3382 wpa_ft_rrb_send(sm->wpa_auth, target_ap, (u8 *) frame, 3383 sizeof(*frame) + len); 3384 os_free(frame); 3385 3386 return 0; 3387 } 3388 3389 3390 static void wpa_ft_rrb_rx_request_cb(void *ctx, const u8 *dst, const u8 *bssid, 3391 u16 auth_transaction, u16 resp, 3392 const u8 *ies, size_t ies_len) 3393 { 3394 struct wpa_state_machine *sm = ctx; 3395 wpa_printf(MSG_DEBUG, "FT: Over-the-DS RX request cb for " MACSTR, 3396 MAC2STR(sm->addr)); 3397 wpa_ft_send_rrb_auth_resp(sm, sm->ft_pending_current_ap, sm->addr, 3398 WLAN_STATUS_SUCCESS, ies, ies_len); 3399 } 3400 3401 3402 static int wpa_ft_rrb_rx_request(struct wpa_authenticator *wpa_auth, 3403 const u8 *current_ap, const u8 *sta_addr, 3404 const u8 *body, size_t len) 3405 { 3406 struct wpa_state_machine *sm; 3407 u16 status; 3408 u8 *resp_ies; 3409 size_t resp_ies_len; 3410 int res; 3411 3412 sm = wpa_ft_add_sta(wpa_auth, sta_addr); 3413 if (sm == NULL) { 3414 wpa_printf(MSG_DEBUG, "FT: Failed to add new STA based on " 3415 "RRB Request"); 3416 return -1; 3417 } 3418 3419 wpa_hexdump(MSG_MSGDUMP, "FT: RRB Request Frame body", body, len); 3420 3421 sm->ft_pending_cb = wpa_ft_rrb_rx_request_cb; 3422 sm->ft_pending_cb_ctx = sm; 3423 os_memcpy(sm->ft_pending_current_ap, current_ap, ETH_ALEN); 3424 sm->ft_pending_pull_left_retries = sm->wpa_auth->conf.rkh_pull_retries; 3425 res = wpa_ft_process_auth_req(sm, body, len, &resp_ies, 3426 &resp_ies_len); 3427 if (res < 0) { 3428 wpa_printf(MSG_DEBUG, "FT: No immediate response available - wait for pull response"); 3429 return 0; 3430 } 3431 status = res; 3432 3433 res = wpa_ft_send_rrb_auth_resp(sm, current_ap, sta_addr, status, 3434 resp_ies, resp_ies_len); 3435 os_free(resp_ies); 3436 return res; 3437 } 3438 3439 3440 static int wpa_ft_send_rrb_auth_resp(struct wpa_state_machine *sm, 3441 const u8 *current_ap, const u8 *sta_addr, 3442 u16 status, const u8 *resp_ies, 3443 size_t resp_ies_len) 3444 { 3445 struct wpa_authenticator *wpa_auth = sm->wpa_auth; 3446 size_t rlen; 3447 struct ft_rrb_frame *frame; 3448 u8 *pos; 3449 3450 wpa_printf(MSG_DEBUG, "FT: RRB authentication response: STA=" MACSTR 3451 " CurrentAP=" MACSTR " status=%d", 3452 MAC2STR(sm->addr), MAC2STR(current_ap), status); 3453 wpa_hexdump(MSG_DEBUG, "FT: Response IEs", resp_ies, resp_ies_len); 3454 3455 /* RRB - Forward action frame response to the Current AP */ 3456 3457 /* 3458 * data: Category[1] Action[1] STA_Address[6] Target_AP_Address[6] 3459 * Status_Code[2] FT Request action frame body[variable] 3460 */ 3461 rlen = 2 + 2 * ETH_ALEN + 2 + resp_ies_len; 3462 3463 frame = os_malloc(sizeof(*frame) + rlen); 3464 if (frame == NULL) 3465 return -1; 3466 frame->frame_type = RSN_REMOTE_FRAME_TYPE_FT_RRB; 3467 frame->packet_type = FT_PACKET_RESPONSE; 3468 frame->action_length = host_to_le16(rlen); 3469 os_memcpy(frame->ap_address, wpa_auth->addr, ETH_ALEN); 3470 pos = (u8 *) (frame + 1); 3471 *pos++ = WLAN_ACTION_FT; 3472 *pos++ = 2; /* Action: Response */ 3473 os_memcpy(pos, sta_addr, ETH_ALEN); 3474 pos += ETH_ALEN; 3475 os_memcpy(pos, wpa_auth->addr, ETH_ALEN); 3476 pos += ETH_ALEN; 3477 WPA_PUT_LE16(pos, status); 3478 pos += 2; 3479 if (resp_ies) 3480 os_memcpy(pos, resp_ies, resp_ies_len); 3481 3482 wpa_ft_rrb_send(wpa_auth, current_ap, (u8 *) frame, 3483 sizeof(*frame) + rlen); 3484 os_free(frame); 3485 3486 return 0; 3487 } 3488 3489 3490 static int wpa_ft_rrb_build_r0(const u8 *key, const size_t key_len, 3491 const struct tlv_list *tlvs, 3492 const struct wpa_ft_pmk_r0_sa *pmk_r0, 3493 const u8 *r1kh_id, const u8 *s1kh_id, 3494 const struct tlv_list *tlv_auth, 3495 const u8 *src_addr, u8 type, 3496 u8 **packet, size_t *packet_len) 3497 { 3498 u8 pmk_r1[PMK_LEN_MAX]; 3499 size_t pmk_r1_len = pmk_r0->pmk_r0_len; 3500 u8 pmk_r1_name[WPA_PMK_NAME_LEN]; 3501 u8 f_pairwise[sizeof(le16)]; 3502 u8 f_expires_in[sizeof(le16)]; 3503 u8 f_session_timeout[sizeof(le32)]; 3504 int expires_in; 3505 int session_timeout; 3506 struct os_reltime now; 3507 int ret; 3508 struct tlv_list sess_tlv[] = { 3509 { .type = FT_RRB_PMK_R1, .len = pmk_r1_len, 3510 .data = pmk_r1 }, 3511 { .type = FT_RRB_PMK_R1_NAME, .len = sizeof(pmk_r1_name), 3512 .data = pmk_r1_name }, 3513 { .type = FT_RRB_PAIRWISE, .len = sizeof(f_pairwise), 3514 .data = f_pairwise }, 3515 { .type = FT_RRB_EXPIRES_IN, .len = sizeof(f_expires_in), 3516 .data = f_expires_in }, 3517 { .type = FT_RRB_IDENTITY, .len = pmk_r0->identity_len, 3518 .data = pmk_r0->identity }, 3519 { .type = FT_RRB_RADIUS_CUI, .len = pmk_r0->radius_cui_len, 3520 .data = pmk_r0->radius_cui }, 3521 { .type = FT_RRB_SESSION_TIMEOUT, 3522 .len = sizeof(f_session_timeout), 3523 .data = f_session_timeout }, 3524 { .type = FT_RRB_LAST_EMPTY, .len = 0, .data = NULL }, 3525 }; 3526 3527 if (wpa_derive_pmk_r1(pmk_r0->pmk_r0, pmk_r0->pmk_r0_len, 3528 pmk_r0->pmk_r0_name, r1kh_id, 3529 s1kh_id, pmk_r1, pmk_r1_name) < 0) 3530 return -1; 3531 wpa_hexdump_key(MSG_DEBUG, "FT: PMK-R1 (for peer AP)", 3532 pmk_r1, pmk_r1_len); 3533 wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name (for peer AP)", 3534 pmk_r1_name, WPA_PMK_NAME_LEN); 3535 WPA_PUT_LE16(f_pairwise, pmk_r0->pairwise); 3536 3537 os_get_reltime(&now); 3538 if (pmk_r0->expiration > now.sec) 3539 expires_in = pmk_r0->expiration - now.sec; 3540 else if (pmk_r0->expiration) 3541 expires_in = 1; 3542 else 3543 expires_in = 0; 3544 WPA_PUT_LE16(f_expires_in, expires_in); 3545 3546 if (pmk_r0->session_timeout > now.sec) 3547 session_timeout = pmk_r0->session_timeout - now.sec; 3548 else if (pmk_r0->session_timeout) 3549 session_timeout = 1; 3550 else 3551 session_timeout = 0; 3552 WPA_PUT_LE32(f_session_timeout, session_timeout); 3553 3554 ret = wpa_ft_rrb_build(key, key_len, tlvs, sess_tlv, tlv_auth, 3555 pmk_r0->vlan, src_addr, type, 3556 packet, packet_len); 3557 3558 os_memset(pmk_r1, 0, sizeof(pmk_r1)); 3559 3560 return ret; 3561 } 3562 3563 3564 static int wpa_ft_rrb_rx_pull(struct wpa_authenticator *wpa_auth, 3565 const u8 *src_addr, 3566 const u8 *enc, size_t enc_len, 3567 const u8 *auth, size_t auth_len, 3568 int no_defer) 3569 { 3570 const char *msgtype = "pull request"; 3571 u8 *plain = NULL, *packet = NULL; 3572 size_t plain_len = 0, packet_len = 0; 3573 struct ft_remote_r1kh *r1kh, *r1kh_wildcard; 3574 const u8 *key; 3575 size_t key_len; 3576 int seq_ret; 3577 const u8 *f_nonce, *f_r0kh_id, *f_r1kh_id, *f_s1kh_id, *f_pmk_r0_name; 3578 size_t f_nonce_len, f_r0kh_id_len, f_r1kh_id_len, f_s1kh_id_len; 3579 size_t f_pmk_r0_name_len; 3580 const struct wpa_ft_pmk_r0_sa *r0; 3581 int ret; 3582 struct tlv_list resp[2]; 3583 struct tlv_list resp_auth[5]; 3584 struct ft_rrb_seq f_seq; 3585 3586 wpa_printf(MSG_DEBUG, "FT: Received PMK-R1 pull"); 3587 3588 RRB_GET_AUTH(FT_RRB_R0KH_ID, r0kh_id, msgtype, -1); 3589 wpa_hexdump(MSG_DEBUG, "FT: R0KH-ID", f_r0kh_id, f_r0kh_id_len); 3590 3591 if (wpa_ft_rrb_check_r0kh(wpa_auth, f_r0kh_id, f_r0kh_id_len)) { 3592 wpa_printf(MSG_DEBUG, "FT: R0KH-ID mismatch"); 3593 goto out; 3594 } 3595 3596 RRB_GET_AUTH(FT_RRB_R1KH_ID, r1kh_id, msgtype, FT_R1KH_ID_LEN); 3597 wpa_printf(MSG_DEBUG, "FT: R1KH-ID=" MACSTR, MAC2STR(f_r1kh_id)); 3598 3599 wpa_ft_rrb_lookup_r1kh(wpa_auth, f_r1kh_id, &r1kh, &r1kh_wildcard); 3600 if (r1kh) { 3601 key = r1kh->key; 3602 key_len = sizeof(r1kh->key); 3603 } else if (r1kh_wildcard) { 3604 wpa_printf(MSG_DEBUG, "FT: Using wildcard R1KH-ID"); 3605 key = r1kh_wildcard->key; 3606 key_len = sizeof(r1kh_wildcard->key); 3607 } else { 3608 goto out; 3609 } 3610 3611 RRB_GET_AUTH(FT_RRB_NONCE, nonce, "pull request", FT_RRB_NONCE_LEN); 3612 wpa_hexdump(MSG_DEBUG, "FT: nonce", f_nonce, f_nonce_len); 3613 3614 seq_ret = FT_RRB_SEQ_DROP; 3615 if (r1kh) 3616 seq_ret = wpa_ft_rrb_seq_chk(r1kh->seq, src_addr, enc, enc_len, 3617 auth, auth_len, msgtype, no_defer); 3618 if (!no_defer && r1kh_wildcard && 3619 (!r1kh || os_memcmp(r1kh->addr, src_addr, ETH_ALEN) != 0)) { 3620 /* wildcard: r1kh-id unknown or changed addr -> do a seq req */ 3621 seq_ret = FT_RRB_SEQ_DEFER; 3622 } 3623 3624 if (seq_ret == FT_RRB_SEQ_DROP) 3625 goto out; 3626 3627 if (wpa_ft_rrb_decrypt(key, key_len, enc, enc_len, auth, auth_len, 3628 src_addr, FT_PACKET_R0KH_R1KH_PULL, 3629 &plain, &plain_len) < 0) 3630 goto out; 3631 3632 if (!r1kh) 3633 r1kh = wpa_ft_rrb_add_r1kh(wpa_auth, r1kh_wildcard, src_addr, 3634 f_r1kh_id, 3635 wpa_auth->conf.rkh_pos_timeout); 3636 if (!r1kh) 3637 goto out; 3638 3639 if (seq_ret == FT_RRB_SEQ_DEFER) { 3640 wpa_ft_rrb_seq_req(wpa_auth, r1kh->seq, src_addr, f_r0kh_id, 3641 f_r0kh_id_len, f_r1kh_id, key, key_len, 3642 enc, enc_len, auth, auth_len, 3643 &wpa_ft_rrb_rx_pull); 3644 goto out; 3645 } 3646 3647 wpa_ft_rrb_seq_accept(wpa_auth, r1kh->seq, src_addr, auth, auth_len, 3648 msgtype); 3649 wpa_ft_rrb_r1kh_replenish(wpa_auth, r1kh, 3650 wpa_auth->conf.rkh_pos_timeout); 3651 3652 RRB_GET(FT_RRB_PMK_R0_NAME, pmk_r0_name, msgtype, WPA_PMK_NAME_LEN); 3653 wpa_hexdump(MSG_DEBUG, "FT: PMKR0Name", f_pmk_r0_name, 3654 f_pmk_r0_name_len); 3655 3656 RRB_GET(FT_RRB_S1KH_ID, s1kh_id, msgtype, ETH_ALEN); 3657 wpa_printf(MSG_DEBUG, "FT: S1KH-ID=" MACSTR, MAC2STR(f_s1kh_id)); 3658 3659 if (wpa_ft_new_seq(r1kh->seq, &f_seq) < 0) { 3660 wpa_printf(MSG_DEBUG, "FT: Failed to get seq num"); 3661 goto out; 3662 } 3663 3664 resp[0].type = FT_RRB_S1KH_ID; 3665 resp[0].len = f_s1kh_id_len; 3666 resp[0].data = f_s1kh_id; 3667 resp[1].type = FT_RRB_LAST_EMPTY; 3668 resp[1].len = 0; 3669 resp[1].data = NULL; 3670 3671 resp_auth[0].type = FT_RRB_NONCE; 3672 resp_auth[0].len = f_nonce_len; 3673 resp_auth[0].data = f_nonce; 3674 resp_auth[1].type = FT_RRB_SEQ; 3675 resp_auth[1].len = sizeof(f_seq); 3676 resp_auth[1].data = (u8 *) &f_seq; 3677 resp_auth[2].type = FT_RRB_R0KH_ID; 3678 resp_auth[2].len = f_r0kh_id_len; 3679 resp_auth[2].data = f_r0kh_id; 3680 resp_auth[3].type = FT_RRB_R1KH_ID; 3681 resp_auth[3].len = f_r1kh_id_len; 3682 resp_auth[3].data = f_r1kh_id; 3683 resp_auth[4].type = FT_RRB_LAST_EMPTY; 3684 resp_auth[4].len = 0; 3685 resp_auth[4].data = NULL; 3686 3687 if (wpa_ft_fetch_pmk_r0(wpa_auth, f_s1kh_id, f_pmk_r0_name, &r0) < 0) { 3688 wpa_printf(MSG_DEBUG, "FT: No matching PMK-R0-Name found"); 3689 ret = wpa_ft_rrb_build(key, key_len, resp, NULL, resp_auth, 3690 NULL, wpa_auth->addr, 3691 FT_PACKET_R0KH_R1KH_RESP, 3692 &packet, &packet_len); 3693 } else { 3694 ret = wpa_ft_rrb_build_r0(key, key_len, resp, r0, f_r1kh_id, 3695 f_s1kh_id, resp_auth, wpa_auth->addr, 3696 FT_PACKET_R0KH_R1KH_RESP, 3697 &packet, &packet_len); 3698 } 3699 3700 if (!ret) 3701 wpa_ft_rrb_oui_send(wpa_auth, src_addr, 3702 FT_PACKET_R0KH_R1KH_RESP, packet, 3703 packet_len); 3704 3705 out: 3706 os_free(plain); 3707 os_free(packet); 3708 3709 return 0; 3710 } 3711 3712 3713 /* @returns 0 on success 3714 * -1 on error 3715 * -2 if FR_RRB_PAIRWISE is missing 3716 */ 3717 static int wpa_ft_rrb_rx_r1(struct wpa_authenticator *wpa_auth, 3718 const u8 *src_addr, u8 type, 3719 const u8 *enc, size_t enc_len, 3720 const u8 *auth, size_t auth_len, 3721 const char *msgtype, u8 *s1kh_id_out, 3722 int (*cb)(struct wpa_authenticator *wpa_auth, 3723 const u8 *src_addr, 3724 const u8 *enc, size_t enc_len, 3725 const u8 *auth, size_t auth_len, 3726 int no_defer)) 3727 { 3728 u8 *plain = NULL; 3729 size_t plain_len = 0; 3730 struct ft_remote_r0kh *r0kh, *r0kh_wildcard; 3731 const u8 *key; 3732 size_t key_len; 3733 int seq_ret; 3734 const u8 *f_r1kh_id, *f_s1kh_id, *f_r0kh_id; 3735 const u8 *f_pmk_r1_name, *f_pairwise, *f_pmk_r1; 3736 const u8 *f_expires_in; 3737 size_t f_r1kh_id_len, f_s1kh_id_len, f_r0kh_id_len; 3738 const u8 *f_identity, *f_radius_cui; 3739 const u8 *f_session_timeout; 3740 size_t f_pmk_r1_name_len, f_pairwise_len, f_pmk_r1_len; 3741 size_t f_expires_in_len; 3742 size_t f_identity_len, f_radius_cui_len; 3743 size_t f_session_timeout_len; 3744 int pairwise; 3745 int ret = -1; 3746 int expires_in; 3747 int session_timeout; 3748 struct vlan_description vlan; 3749 size_t pmk_r1_len; 3750 3751 RRB_GET_AUTH(FT_RRB_R0KH_ID, r0kh_id, msgtype, -1); 3752 wpa_hexdump(MSG_DEBUG, "FT: R0KH-ID", f_r0kh_id, f_r0kh_id_len); 3753 3754 RRB_GET_AUTH(FT_RRB_R1KH_ID, r1kh_id, msgtype, FT_R1KH_ID_LEN); 3755 wpa_printf(MSG_DEBUG, "FT: R1KH-ID=" MACSTR, MAC2STR(f_r1kh_id)); 3756 3757 if (wpa_ft_rrb_check_r1kh(wpa_auth, f_r1kh_id)) { 3758 wpa_printf(MSG_DEBUG, "FT: R1KH-ID mismatch"); 3759 goto out; 3760 } 3761 3762 wpa_ft_rrb_lookup_r0kh(wpa_auth, f_r0kh_id, f_r0kh_id_len, &r0kh, 3763 &r0kh_wildcard); 3764 if (r0kh) { 3765 key = r0kh->key; 3766 key_len = sizeof(r0kh->key); 3767 } else if (r0kh_wildcard) { 3768 wpa_printf(MSG_DEBUG, "FT: Using wildcard R0KH-ID"); 3769 key = r0kh_wildcard->key; 3770 key_len = sizeof(r0kh_wildcard->key); 3771 } else { 3772 goto out; 3773 } 3774 3775 seq_ret = FT_RRB_SEQ_DROP; 3776 if (r0kh) { 3777 seq_ret = wpa_ft_rrb_seq_chk(r0kh->seq, src_addr, enc, enc_len, 3778 auth, auth_len, msgtype, 3779 cb ? 0 : 1); 3780 } 3781 if (cb && r0kh_wildcard && 3782 (!r0kh || os_memcmp(r0kh->addr, src_addr, ETH_ALEN) != 0)) { 3783 /* wildcard: r0kh-id unknown or changed addr -> do a seq req */ 3784 seq_ret = FT_RRB_SEQ_DEFER; 3785 } 3786 3787 if (seq_ret == FT_RRB_SEQ_DROP) 3788 goto out; 3789 3790 if (wpa_ft_rrb_decrypt(key, key_len, enc, enc_len, auth, auth_len, 3791 src_addr, type, &plain, &plain_len) < 0) 3792 goto out; 3793 3794 if (!r0kh) 3795 r0kh = wpa_ft_rrb_add_r0kh(wpa_auth, r0kh_wildcard, src_addr, 3796 f_r0kh_id, f_r0kh_id_len, 3797 wpa_auth->conf.rkh_pos_timeout); 3798 if (!r0kh) 3799 goto out; 3800 3801 if (seq_ret == FT_RRB_SEQ_DEFER) { 3802 wpa_ft_rrb_seq_req(wpa_auth, r0kh->seq, src_addr, f_r0kh_id, 3803 f_r0kh_id_len, f_r1kh_id, key, key_len, 3804 enc, enc_len, auth, auth_len, cb); 3805 goto out; 3806 } 3807 3808 wpa_ft_rrb_seq_accept(wpa_auth, r0kh->seq, src_addr, auth, auth_len, 3809 msgtype); 3810 wpa_ft_rrb_r0kh_replenish(wpa_auth, r0kh, 3811 wpa_auth->conf.rkh_pos_timeout); 3812 3813 RRB_GET(FT_RRB_S1KH_ID, s1kh_id, msgtype, ETH_ALEN); 3814 wpa_printf(MSG_DEBUG, "FT: S1KH-ID=" MACSTR, MAC2STR(f_s1kh_id)); 3815 3816 if (s1kh_id_out) 3817 os_memcpy(s1kh_id_out, f_s1kh_id, ETH_ALEN); 3818 3819 ret = -2; 3820 RRB_GET(FT_RRB_PAIRWISE, pairwise, msgtype, sizeof(le16)); 3821 wpa_hexdump(MSG_DEBUG, "FT: pairwise", f_pairwise, f_pairwise_len); 3822 3823 ret = -1; 3824 RRB_GET(FT_RRB_PMK_R1_NAME, pmk_r1_name, msgtype, WPA_PMK_NAME_LEN); 3825 wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name", 3826 f_pmk_r1_name, WPA_PMK_NAME_LEN); 3827 3828 pmk_r1_len = PMK_LEN; 3829 if (wpa_ft_rrb_get_tlv(plain, plain_len, FT_RRB_PMK_R1, &f_pmk_r1_len, 3830 &f_pmk_r1) == 0 && 3831 (f_pmk_r1_len == PMK_LEN || f_pmk_r1_len == SHA384_MAC_LEN)) 3832 pmk_r1_len = f_pmk_r1_len; 3833 RRB_GET(FT_RRB_PMK_R1, pmk_r1, msgtype, pmk_r1_len); 3834 wpa_hexdump_key(MSG_DEBUG, "FT: PMK-R1", f_pmk_r1, pmk_r1_len); 3835 3836 pairwise = WPA_GET_LE16(f_pairwise); 3837 3838 RRB_GET_OPTIONAL(FT_RRB_EXPIRES_IN, expires_in, msgtype, 3839 sizeof(le16)); 3840 if (f_expires_in) 3841 expires_in = WPA_GET_LE16(f_expires_in); 3842 else 3843 expires_in = 0; 3844 3845 wpa_printf(MSG_DEBUG, "FT: PMK-R1 %s - expires_in=%d", msgtype, 3846 expires_in); 3847 3848 if (wpa_ft_rrb_get_tlv_vlan(plain, plain_len, &vlan) < 0) { 3849 wpa_printf(MSG_DEBUG, "FT: Cannot parse vlan"); 3850 wpa_ft_rrb_dump(plain, plain_len); 3851 goto out; 3852 } 3853 3854 wpa_printf(MSG_DEBUG, "FT: vlan %d%s", 3855 le_to_host16(vlan.untagged), vlan.tagged[0] ? "+" : ""); 3856 3857 RRB_GET_OPTIONAL(FT_RRB_IDENTITY, identity, msgtype, -1); 3858 if (f_identity) 3859 wpa_hexdump_ascii(MSG_DEBUG, "FT: Identity", f_identity, 3860 f_identity_len); 3861 3862 RRB_GET_OPTIONAL(FT_RRB_RADIUS_CUI, radius_cui, msgtype, -1); 3863 if (f_radius_cui) 3864 wpa_hexdump_ascii(MSG_DEBUG, "FT: CUI", f_radius_cui, 3865 f_radius_cui_len); 3866 3867 RRB_GET_OPTIONAL(FT_RRB_SESSION_TIMEOUT, session_timeout, msgtype, 3868 sizeof(le32)); 3869 if (f_session_timeout) 3870 session_timeout = WPA_GET_LE32(f_session_timeout); 3871 else 3872 session_timeout = 0; 3873 wpa_printf(MSG_DEBUG, "FT: session_timeout %d", session_timeout); 3874 3875 if (wpa_ft_store_pmk_r1(wpa_auth, f_s1kh_id, f_pmk_r1, pmk_r1_len, 3876 f_pmk_r1_name, 3877 pairwise, &vlan, expires_in, session_timeout, 3878 f_identity, f_identity_len, f_radius_cui, 3879 f_radius_cui_len) < 0) 3880 goto out; 3881 3882 ret = 0; 3883 out: 3884 if (plain) { 3885 os_memset(plain, 0, plain_len); 3886 os_free(plain); 3887 } 3888 3889 return ret; 3890 3891 } 3892 3893 3894 static void ft_finish_pull(struct wpa_state_machine *sm) 3895 { 3896 int res; 3897 u8 *resp_ies; 3898 size_t resp_ies_len; 3899 u16 status; 3900 3901 if (!sm->ft_pending_cb || !sm->ft_pending_req_ies) 3902 return; 3903 3904 res = wpa_ft_process_auth_req(sm, wpabuf_head(sm->ft_pending_req_ies), 3905 wpabuf_len(sm->ft_pending_req_ies), 3906 &resp_ies, &resp_ies_len); 3907 if (res < 0) { 3908 /* this loop is broken by ft_pending_pull_left_retries */ 3909 wpa_printf(MSG_DEBUG, 3910 "FT: Callback postponed until response is available"); 3911 return; 3912 } 3913 wpabuf_free(sm->ft_pending_req_ies); 3914 sm->ft_pending_req_ies = NULL; 3915 status = res; 3916 wpa_printf(MSG_DEBUG, "FT: Postponed auth callback result for " MACSTR 3917 " - status %u", MAC2STR(sm->addr), status); 3918 3919 sm->ft_pending_cb(sm->ft_pending_cb_ctx, sm->addr, sm->wpa_auth->addr, 3920 sm->ft_pending_auth_transaction + 1, status, 3921 resp_ies, resp_ies_len); 3922 os_free(resp_ies); 3923 } 3924 3925 3926 struct ft_get_sta_ctx { 3927 const u8 *nonce; 3928 const u8 *s1kh_id; 3929 struct wpa_state_machine *sm; 3930 }; 3931 3932 3933 static int ft_get_sta_cb(struct wpa_state_machine *sm, void *ctx) 3934 { 3935 struct ft_get_sta_ctx *info = ctx; 3936 3937 if ((info->s1kh_id && 3938 os_memcmp(info->s1kh_id, sm->addr, ETH_ALEN) != 0) || 3939 os_memcmp(info->nonce, sm->ft_pending_pull_nonce, 3940 FT_RRB_NONCE_LEN) != 0 || 3941 sm->ft_pending_cb == NULL || sm->ft_pending_req_ies == NULL) 3942 return 0; 3943 3944 info->sm = sm; 3945 3946 return 1; 3947 } 3948 3949 3950 static int wpa_ft_rrb_rx_resp(struct wpa_authenticator *wpa_auth, 3951 const u8 *src_addr, 3952 const u8 *enc, size_t enc_len, 3953 const u8 *auth, size_t auth_len, 3954 int no_defer) 3955 { 3956 const char *msgtype = "pull response"; 3957 int nak, ret = -1; 3958 struct ft_get_sta_ctx ctx; 3959 u8 s1kh_id[ETH_ALEN]; 3960 const u8 *f_nonce; 3961 size_t f_nonce_len; 3962 3963 wpa_printf(MSG_DEBUG, "FT: Received PMK-R1 pull response"); 3964 3965 RRB_GET_AUTH(FT_RRB_NONCE, nonce, msgtype, FT_RRB_NONCE_LEN); 3966 wpa_hexdump(MSG_DEBUG, "FT: nonce", f_nonce, f_nonce_len); 3967 3968 os_memset(&ctx, 0, sizeof(ctx)); 3969 ctx.nonce = f_nonce; 3970 if (!wpa_auth_for_each_sta(wpa_auth, ft_get_sta_cb, &ctx)) { 3971 /* nonce not found */ 3972 wpa_printf(MSG_DEBUG, "FT: Invalid nonce"); 3973 return -1; 3974 } 3975 3976 ret = wpa_ft_rrb_rx_r1(wpa_auth, src_addr, FT_PACKET_R0KH_R1KH_RESP, 3977 enc, enc_len, auth, auth_len, msgtype, s1kh_id, 3978 no_defer ? NULL : &wpa_ft_rrb_rx_resp); 3979 if (ret == -2) { 3980 ret = 0; 3981 nak = 1; 3982 } else { 3983 nak = 0; 3984 } 3985 if (ret < 0) 3986 return -1; 3987 3988 ctx.s1kh_id = s1kh_id; 3989 if (wpa_auth_for_each_sta(wpa_auth, ft_get_sta_cb, &ctx)) { 3990 wpa_printf(MSG_DEBUG, 3991 "FT: Response to a pending pull request for " MACSTR, 3992 MAC2STR(ctx.sm->addr)); 3993 eloop_cancel_timeout(wpa_ft_expire_pull, ctx.sm, NULL); 3994 if (nak) 3995 ctx.sm->ft_pending_pull_left_retries = 0; 3996 ft_finish_pull(ctx.sm); 3997 } 3998 3999 out: 4000 return ret; 4001 } 4002 4003 4004 static int wpa_ft_rrb_rx_push(struct wpa_authenticator *wpa_auth, 4005 const u8 *src_addr, 4006 const u8 *enc, size_t enc_len, 4007 const u8 *auth, size_t auth_len, int no_defer) 4008 { 4009 const char *msgtype = "push"; 4010 4011 wpa_printf(MSG_DEBUG, "FT: Received PMK-R1 push"); 4012 4013 if (wpa_ft_rrb_rx_r1(wpa_auth, src_addr, FT_PACKET_R0KH_R1KH_PUSH, 4014 enc, enc_len, auth, auth_len, msgtype, NULL, 4015 no_defer ? NULL : wpa_ft_rrb_rx_push) < 0) 4016 return -1; 4017 4018 return 0; 4019 } 4020 4021 4022 static int wpa_ft_rrb_rx_seq(struct wpa_authenticator *wpa_auth, 4023 const u8 *src_addr, int type, 4024 const u8 *enc, size_t enc_len, 4025 const u8 *auth, size_t auth_len, 4026 struct ft_remote_seq **rkh_seq, 4027 u8 **key, size_t *key_len, 4028 struct ft_remote_r0kh **r0kh_out, 4029 struct ft_remote_r1kh **r1kh_out, 4030 struct ft_remote_r0kh **r0kh_wildcard_out, 4031 struct ft_remote_r1kh **r1kh_wildcard_out) 4032 { 4033 struct ft_remote_r0kh *r0kh = NULL; 4034 struct ft_remote_r1kh *r1kh = NULL; 4035 const u8 *f_r0kh_id, *f_r1kh_id; 4036 size_t f_r0kh_id_len, f_r1kh_id_len; 4037 int to_r0kh, to_r1kh; 4038 u8 *plain = NULL; 4039 size_t plain_len = 0; 4040 struct ft_remote_r0kh *r0kh_wildcard; 4041 struct ft_remote_r1kh *r1kh_wildcard; 4042 4043 RRB_GET_AUTH(FT_RRB_R0KH_ID, r0kh_id, "seq", -1); 4044 RRB_GET_AUTH(FT_RRB_R1KH_ID, r1kh_id, "seq", FT_R1KH_ID_LEN); 4045 4046 to_r0kh = !wpa_ft_rrb_check_r0kh(wpa_auth, f_r0kh_id, f_r0kh_id_len); 4047 to_r1kh = !wpa_ft_rrb_check_r1kh(wpa_auth, f_r1kh_id); 4048 4049 if (to_r0kh && to_r1kh) { 4050 wpa_printf(MSG_DEBUG, "FT: seq - local R0KH-ID and R1KH-ID"); 4051 goto out; 4052 } 4053 4054 if (!to_r0kh && !to_r1kh) { 4055 wpa_printf(MSG_DEBUG, "FT: seq - remote R0KH-ID and R1KH-ID"); 4056 goto out; 4057 } 4058 4059 if (!to_r0kh) { 4060 wpa_ft_rrb_lookup_r0kh(wpa_auth, f_r0kh_id, f_r0kh_id_len, 4061 &r0kh, &r0kh_wildcard); 4062 if (!r0kh_wildcard && 4063 (!r0kh || os_memcmp(r0kh->addr, src_addr, ETH_ALEN) != 0)) { 4064 wpa_hexdump(MSG_DEBUG, "FT: Did not find R0KH-ID", 4065 f_r0kh_id, f_r0kh_id_len); 4066 goto out; 4067 } 4068 if (r0kh) { 4069 *key = r0kh->key; 4070 *key_len = sizeof(r0kh->key); 4071 } else { 4072 *key = r0kh_wildcard->key; 4073 *key_len = sizeof(r0kh_wildcard->key); 4074 } 4075 } 4076 4077 if (!to_r1kh) { 4078 wpa_ft_rrb_lookup_r1kh(wpa_auth, f_r1kh_id, &r1kh, 4079 &r1kh_wildcard); 4080 if (!r1kh_wildcard && 4081 (!r1kh || os_memcmp(r1kh->addr, src_addr, ETH_ALEN) != 0)) { 4082 wpa_hexdump(MSG_DEBUG, "FT: Did not find R1KH-ID", 4083 f_r1kh_id, FT_R1KH_ID_LEN); 4084 goto out; 4085 } 4086 if (r1kh) { 4087 *key = r1kh->key; 4088 *key_len = sizeof(r1kh->key); 4089 } else { 4090 *key = r1kh_wildcard->key; 4091 *key_len = sizeof(r1kh_wildcard->key); 4092 } 4093 } 4094 4095 if (wpa_ft_rrb_decrypt(*key, *key_len, enc, enc_len, auth, auth_len, 4096 src_addr, type, &plain, &plain_len) < 0) 4097 goto out; 4098 4099 os_free(plain); 4100 4101 if (!to_r0kh) { 4102 if (!r0kh) 4103 r0kh = wpa_ft_rrb_add_r0kh(wpa_auth, r0kh_wildcard, 4104 src_addr, f_r0kh_id, 4105 f_r0kh_id_len, 4106 ftRRBseqTimeout); 4107 if (!r0kh) 4108 goto out; 4109 4110 wpa_ft_rrb_r0kh_replenish(wpa_auth, r0kh, ftRRBseqTimeout); 4111 *rkh_seq = r0kh->seq; 4112 if (r0kh_out) 4113 *r0kh_out = r0kh; 4114 if (r0kh_wildcard_out) 4115 *r0kh_wildcard_out = r0kh_wildcard; 4116 } 4117 4118 if (!to_r1kh) { 4119 if (!r1kh) 4120 r1kh = wpa_ft_rrb_add_r1kh(wpa_auth, r1kh_wildcard, 4121 src_addr, f_r1kh_id, 4122 ftRRBseqTimeout); 4123 if (!r1kh) 4124 goto out; 4125 4126 wpa_ft_rrb_r1kh_replenish(wpa_auth, r1kh, ftRRBseqTimeout); 4127 *rkh_seq = r1kh->seq; 4128 if (r1kh_out) 4129 *r1kh_out = r1kh; 4130 if (r1kh_wildcard_out) 4131 *r1kh_wildcard_out = r1kh_wildcard; 4132 } 4133 4134 return 0; 4135 out: 4136 return -1; 4137 } 4138 4139 4140 static int wpa_ft_rrb_rx_seq_req(struct wpa_authenticator *wpa_auth, 4141 const u8 *src_addr, 4142 const u8 *enc, size_t enc_len, 4143 const u8 *auth, size_t auth_len, 4144 int no_defer) 4145 { 4146 int ret = -1; 4147 struct ft_rrb_seq f_seq; 4148 const u8 *f_nonce, *f_r0kh_id, *f_r1kh_id; 4149 size_t f_nonce_len, f_r0kh_id_len, f_r1kh_id_len; 4150 struct ft_remote_seq *rkh_seq = NULL; 4151 u8 *packet = NULL, *key = NULL; 4152 size_t packet_len = 0, key_len = 0; 4153 struct tlv_list seq_resp_auth[5]; 4154 4155 wpa_printf(MSG_DEBUG, "FT: Received sequence number request"); 4156 4157 if (wpa_ft_rrb_rx_seq(wpa_auth, src_addr, FT_PACKET_R0KH_R1KH_SEQ_REQ, 4158 enc, enc_len, auth, auth_len, &rkh_seq, &key, 4159 &key_len, NULL, NULL, NULL, NULL) < 0) 4160 goto out; 4161 4162 RRB_GET_AUTH(FT_RRB_NONCE, nonce, "seq request", FT_RRB_NONCE_LEN); 4163 wpa_hexdump(MSG_DEBUG, "FT: seq request - nonce", f_nonce, f_nonce_len); 4164 4165 RRB_GET_AUTH(FT_RRB_R0KH_ID, r0kh_id, "seq", -1); 4166 RRB_GET_AUTH(FT_RRB_R1KH_ID, r1kh_id, "seq", FT_R1KH_ID_LEN); 4167 4168 if (wpa_ft_new_seq(rkh_seq, &f_seq) < 0) { 4169 wpa_printf(MSG_DEBUG, "FT: Failed to get seq num"); 4170 goto out; 4171 } 4172 4173 seq_resp_auth[0].type = FT_RRB_NONCE; 4174 seq_resp_auth[0].len = f_nonce_len; 4175 seq_resp_auth[0].data = f_nonce; 4176 seq_resp_auth[1].type = FT_RRB_SEQ; 4177 seq_resp_auth[1].len = sizeof(f_seq); 4178 seq_resp_auth[1].data = (u8 *) &f_seq; 4179 seq_resp_auth[2].type = FT_RRB_R0KH_ID; 4180 seq_resp_auth[2].len = f_r0kh_id_len; 4181 seq_resp_auth[2].data = f_r0kh_id; 4182 seq_resp_auth[3].type = FT_RRB_R1KH_ID; 4183 seq_resp_auth[3].len = FT_R1KH_ID_LEN; 4184 seq_resp_auth[3].data = f_r1kh_id; 4185 seq_resp_auth[4].type = FT_RRB_LAST_EMPTY; 4186 seq_resp_auth[4].len = 0; 4187 seq_resp_auth[4].data = NULL; 4188 4189 if (wpa_ft_rrb_build(key, key_len, NULL, NULL, seq_resp_auth, NULL, 4190 wpa_auth->addr, FT_PACKET_R0KH_R1KH_SEQ_RESP, 4191 &packet, &packet_len) < 0) 4192 goto out; 4193 4194 wpa_ft_rrb_oui_send(wpa_auth, src_addr, 4195 FT_PACKET_R0KH_R1KH_SEQ_RESP, packet, 4196 packet_len); 4197 4198 out: 4199 os_free(packet); 4200 4201 return ret; 4202 } 4203 4204 4205 static int wpa_ft_rrb_rx_seq_resp(struct wpa_authenticator *wpa_auth, 4206 const u8 *src_addr, 4207 const u8 *enc, size_t enc_len, 4208 const u8 *auth, size_t auth_len, 4209 int no_defer) 4210 { 4211 u8 *key = NULL; 4212 size_t key_len = 0; 4213 struct ft_remote_r0kh *r0kh = NULL, *r0kh_wildcard = NULL; 4214 struct ft_remote_r1kh *r1kh = NULL, *r1kh_wildcard = NULL; 4215 const u8 *f_nonce, *f_seq; 4216 size_t f_nonce_len, f_seq_len; 4217 struct ft_remote_seq *rkh_seq = NULL; 4218 struct ft_remote_item *item; 4219 struct os_reltime now, now_remote; 4220 int seq_ret, found; 4221 const struct ft_rrb_seq *msg_both; 4222 u32 msg_dom, msg_seq; 4223 4224 wpa_printf(MSG_DEBUG, "FT: Received sequence number response"); 4225 4226 if (wpa_ft_rrb_rx_seq(wpa_auth, src_addr, FT_PACKET_R0KH_R1KH_SEQ_RESP, 4227 enc, enc_len, auth, auth_len, &rkh_seq, &key, 4228 &key_len, &r0kh, &r1kh, &r0kh_wildcard, 4229 &r1kh_wildcard) < 0) 4230 goto out; 4231 4232 RRB_GET_AUTH(FT_RRB_NONCE, nonce, "seq response", FT_RRB_NONCE_LEN); 4233 wpa_hexdump(MSG_DEBUG, "FT: seq response - nonce", f_nonce, 4234 f_nonce_len); 4235 4236 found = 0; 4237 dl_list_for_each(item, &rkh_seq->rx.queue, struct ft_remote_item, 4238 list) { 4239 if (os_memcmp_const(f_nonce, item->nonce, 4240 FT_RRB_NONCE_LEN) != 0 || 4241 os_get_reltime(&now) < 0 || 4242 os_reltime_expired(&now, &item->nonce_ts, ftRRBseqTimeout)) 4243 continue; 4244 4245 found = 1; 4246 break; 4247 } 4248 if (!found) { 4249 wpa_printf(MSG_DEBUG, "FT: seq response - bad nonce"); 4250 goto out; 4251 } 4252 4253 if (r0kh) { 4254 wpa_ft_rrb_r0kh_replenish(wpa_auth, r0kh, 4255 wpa_auth->conf.rkh_pos_timeout); 4256 if (r0kh_wildcard) 4257 os_memcpy(r0kh->addr, src_addr, ETH_ALEN); 4258 } 4259 4260 if (r1kh) { 4261 wpa_ft_rrb_r1kh_replenish(wpa_auth, r1kh, 4262 wpa_auth->conf.rkh_pos_timeout); 4263 if (r1kh_wildcard) 4264 os_memcpy(r1kh->addr, src_addr, ETH_ALEN); 4265 } 4266 4267 seq_ret = wpa_ft_rrb_seq_chk(rkh_seq, src_addr, enc, enc_len, auth, 4268 auth_len, "seq response", 1); 4269 if (seq_ret == FT_RRB_SEQ_OK) { 4270 wpa_printf(MSG_DEBUG, "FT: seq response - valid seq number"); 4271 wpa_ft_rrb_seq_accept(wpa_auth, rkh_seq, src_addr, auth, 4272 auth_len, "seq response"); 4273 } else { 4274 wpa_printf(MSG_DEBUG, "FT: seq response - reset seq number"); 4275 4276 RRB_GET_AUTH(FT_RRB_SEQ, seq, "seq response", 4277 sizeof(*msg_both)); 4278 msg_both = (const struct ft_rrb_seq *) f_seq; 4279 4280 msg_dom = le_to_host32(msg_both->dom); 4281 msg_seq = le_to_host32(msg_both->seq); 4282 now_remote.sec = le_to_host32(msg_both->ts); 4283 now_remote.usec = 0; 4284 4285 rkh_seq->rx.num_last = 2; 4286 rkh_seq->rx.dom = msg_dom; 4287 rkh_seq->rx.offsetidx = 0; 4288 /* Accept some older, possibly cached packets as well */ 4289 rkh_seq->rx.last[0] = msg_seq - FT_REMOTE_SEQ_BACKLOG - 4290 dl_list_len(&rkh_seq->rx.queue); 4291 rkh_seq->rx.last[1] = msg_seq; 4292 4293 /* local time - offset = remote time 4294 * <=> local time - remote time = offset */ 4295 os_reltime_sub(&now, &now_remote, &rkh_seq->rx.time_offset); 4296 } 4297 4298 wpa_ft_rrb_seq_flush(wpa_auth, rkh_seq, 1); 4299 4300 return 0; 4301 out: 4302 return -1; 4303 } 4304 4305 4306 int wpa_ft_rrb_rx(struct wpa_authenticator *wpa_auth, const u8 *src_addr, 4307 const u8 *data, size_t data_len) 4308 { 4309 struct ft_rrb_frame *frame; 4310 u16 alen; 4311 const u8 *pos, *end, *start; 4312 u8 action; 4313 const u8 *sta_addr, *target_ap_addr; 4314 4315 wpa_printf(MSG_DEBUG, "FT: RRB received frame from remote AP " MACSTR, 4316 MAC2STR(src_addr)); 4317 4318 if (data_len < sizeof(*frame)) { 4319 wpa_printf(MSG_DEBUG, "FT: Too short RRB frame (data_len=%lu)", 4320 (unsigned long) data_len); 4321 return -1; 4322 } 4323 4324 pos = data; 4325 frame = (struct ft_rrb_frame *) pos; 4326 pos += sizeof(*frame); 4327 4328 alen = le_to_host16(frame->action_length); 4329 wpa_printf(MSG_DEBUG, "FT: RRB frame - frame_type=%d packet_type=%d " 4330 "action_length=%d ap_address=" MACSTR, 4331 frame->frame_type, frame->packet_type, alen, 4332 MAC2STR(frame->ap_address)); 4333 4334 if (frame->frame_type != RSN_REMOTE_FRAME_TYPE_FT_RRB) { 4335 /* Discard frame per IEEE Std 802.11r-2008, 11A.10.3 */ 4336 wpa_printf(MSG_DEBUG, "FT: RRB discarded frame with " 4337 "unrecognized type %d", frame->frame_type); 4338 return -1; 4339 } 4340 4341 if (alen > data_len - sizeof(*frame)) { 4342 wpa_printf(MSG_DEBUG, "FT: RRB frame too short for action " 4343 "frame"); 4344 return -1; 4345 } 4346 4347 wpa_hexdump(MSG_MSGDUMP, "FT: RRB - FT Action frame", pos, alen); 4348 4349 if (alen < 1 + 1 + 2 * ETH_ALEN) { 4350 wpa_printf(MSG_DEBUG, "FT: Too short RRB frame (not enough " 4351 "room for Action Frame body); alen=%lu", 4352 (unsigned long) alen); 4353 return -1; 4354 } 4355 start = pos; 4356 end = pos + alen; 4357 4358 if (*pos != WLAN_ACTION_FT) { 4359 wpa_printf(MSG_DEBUG, "FT: Unexpected Action frame category " 4360 "%d", *pos); 4361 return -1; 4362 } 4363 4364 pos++; 4365 action = *pos++; 4366 sta_addr = pos; 4367 pos += ETH_ALEN; 4368 target_ap_addr = pos; 4369 pos += ETH_ALEN; 4370 wpa_printf(MSG_DEBUG, "FT: RRB Action Frame: action=%d sta_addr=" 4371 MACSTR " target_ap_addr=" MACSTR, 4372 action, MAC2STR(sta_addr), MAC2STR(target_ap_addr)); 4373 4374 if (frame->packet_type == FT_PACKET_REQUEST) { 4375 wpa_printf(MSG_DEBUG, "FT: FT Packet Type - Request"); 4376 4377 if (action != 1) { 4378 wpa_printf(MSG_DEBUG, "FT: Unexpected Action %d in " 4379 "RRB Request", action); 4380 return -1; 4381 } 4382 4383 if (os_memcmp(target_ap_addr, wpa_auth->addr, ETH_ALEN) != 0) { 4384 wpa_printf(MSG_DEBUG, "FT: Target AP address in the " 4385 "RRB Request does not match with own " 4386 "address"); 4387 return -1; 4388 } 4389 4390 if (wpa_ft_rrb_rx_request(wpa_auth, frame->ap_address, 4391 sta_addr, pos, end - pos) < 0) 4392 return -1; 4393 } else if (frame->packet_type == FT_PACKET_RESPONSE) { 4394 u16 status_code; 4395 4396 if (end - pos < 2) { 4397 wpa_printf(MSG_DEBUG, "FT: Not enough room for status " 4398 "code in RRB Response"); 4399 return -1; 4400 } 4401 status_code = WPA_GET_LE16(pos); 4402 pos += 2; 4403 4404 wpa_printf(MSG_DEBUG, "FT: FT Packet Type - Response " 4405 "(status_code=%d)", status_code); 4406 4407 if (wpa_ft_action_send(wpa_auth, sta_addr, start, alen) < 0) 4408 return -1; 4409 } else { 4410 wpa_printf(MSG_DEBUG, "FT: RRB discarded frame with unknown " 4411 "packet_type %d", frame->packet_type); 4412 return -1; 4413 } 4414 4415 if (end > pos) { 4416 wpa_hexdump(MSG_DEBUG, "FT: Ignore extra data in end", 4417 pos, end - pos); 4418 } 4419 4420 return 0; 4421 } 4422 4423 4424 void wpa_ft_rrb_oui_rx(struct wpa_authenticator *wpa_auth, const u8 *src_addr, 4425 const u8 *dst_addr, u8 oui_suffix, const u8 *data, 4426 size_t data_len) 4427 { 4428 const u8 *auth, *enc; 4429 size_t alen, elen; 4430 int no_defer = 0; 4431 4432 wpa_printf(MSG_DEBUG, "FT: RRB-OUI received frame from remote AP " 4433 MACSTR, MAC2STR(src_addr)); 4434 wpa_printf(MSG_DEBUG, "FT: RRB-OUI frame - oui_suffix=%d", oui_suffix); 4435 wpa_hexdump(MSG_MSGDUMP, "FT: RRB frame payload", data, data_len); 4436 4437 if (is_multicast_ether_addr(src_addr)) { 4438 wpa_printf(MSG_DEBUG, 4439 "FT: RRB-OUI received frame from multicast address " 4440 MACSTR, MAC2STR(src_addr)); 4441 return; 4442 } 4443 4444 if (is_multicast_ether_addr(dst_addr)) { 4445 wpa_printf(MSG_DEBUG, 4446 "FT: RRB-OUI received frame from remote AP " MACSTR 4447 " to multicast address " MACSTR, 4448 MAC2STR(src_addr), MAC2STR(dst_addr)); 4449 no_defer = 1; 4450 } 4451 4452 if (data_len < sizeof(u16)) { 4453 wpa_printf(MSG_DEBUG, "FT: RRB-OUI frame too short"); 4454 return; 4455 } 4456 4457 alen = WPA_GET_LE16(data); 4458 if (data_len < sizeof(u16) + alen) { 4459 wpa_printf(MSG_DEBUG, "FT: RRB-OUI frame too short"); 4460 return; 4461 } 4462 4463 auth = data + sizeof(u16); 4464 wpa_hexdump(MSG_MSGDUMP, "FT: Authenticated payload", auth, alen); 4465 enc = data + sizeof(u16) + alen; 4466 elen = data_len - sizeof(u16) - alen; 4467 wpa_hexdump(MSG_MSGDUMP, "FT: Encrypted payload", enc, elen); 4468 4469 switch (oui_suffix) { 4470 case FT_PACKET_R0KH_R1KH_PULL: 4471 wpa_ft_rrb_rx_pull(wpa_auth, src_addr, enc, elen, auth, alen, 4472 no_defer); 4473 break; 4474 case FT_PACKET_R0KH_R1KH_RESP: 4475 wpa_ft_rrb_rx_resp(wpa_auth, src_addr, enc, elen, auth, alen, 4476 no_defer); 4477 break; 4478 case FT_PACKET_R0KH_R1KH_PUSH: 4479 wpa_ft_rrb_rx_push(wpa_auth, src_addr, enc, elen, auth, alen, 4480 no_defer); 4481 break; 4482 case FT_PACKET_R0KH_R1KH_SEQ_REQ: 4483 wpa_ft_rrb_rx_seq_req(wpa_auth, src_addr, enc, elen, auth, alen, 4484 no_defer); 4485 break; 4486 case FT_PACKET_R0KH_R1KH_SEQ_RESP: 4487 wpa_ft_rrb_rx_seq_resp(wpa_auth, src_addr, enc, elen, auth, 4488 alen, no_defer); 4489 break; 4490 } 4491 } 4492 4493 4494 static int wpa_ft_generate_pmk_r1(struct wpa_authenticator *wpa_auth, 4495 struct wpa_ft_pmk_r0_sa *pmk_r0, 4496 struct ft_remote_r1kh *r1kh, 4497 const u8 *s1kh_id) 4498 { 4499 u8 *packet; 4500 size_t packet_len; 4501 struct ft_rrb_seq f_seq; 4502 struct tlv_list push[] = { 4503 { .type = FT_RRB_S1KH_ID, .len = ETH_ALEN, 4504 .data = s1kh_id }, 4505 { .type = FT_RRB_PMK_R0_NAME, .len = WPA_PMK_NAME_LEN, 4506 .data = pmk_r0->pmk_r0_name }, 4507 { .type = FT_RRB_LAST_EMPTY, .len = 0, .data = NULL }, 4508 }; 4509 struct tlv_list push_auth[] = { 4510 { .type = FT_RRB_SEQ, .len = sizeof(f_seq), 4511 .data = (u8 *) &f_seq }, 4512 { .type = FT_RRB_R0KH_ID, 4513 .len = wpa_auth->conf.r0_key_holder_len, 4514 .data = wpa_auth->conf.r0_key_holder }, 4515 { .type = FT_RRB_R1KH_ID, .len = FT_R1KH_ID_LEN, 4516 .data = r1kh->id }, 4517 { .type = FT_RRB_LAST_EMPTY, .len = 0, .data = NULL }, 4518 }; 4519 4520 if (wpa_ft_new_seq(r1kh->seq, &f_seq) < 0) { 4521 wpa_printf(MSG_DEBUG, "FT: Failed to get seq num"); 4522 return -1; 4523 } 4524 4525 if (wpa_ft_rrb_build_r0(r1kh->key, sizeof(r1kh->key), push, pmk_r0, 4526 r1kh->id, s1kh_id, push_auth, wpa_auth->addr, 4527 FT_PACKET_R0KH_R1KH_PUSH, 4528 &packet, &packet_len) < 0) 4529 return -1; 4530 4531 wpa_ft_rrb_oui_send(wpa_auth, r1kh->addr, FT_PACKET_R0KH_R1KH_PUSH, 4532 packet, packet_len); 4533 4534 os_free(packet); 4535 return 0; 4536 } 4537 4538 4539 void wpa_ft_push_pmk_r1(struct wpa_authenticator *wpa_auth, const u8 *addr) 4540 { 4541 struct wpa_ft_pmk_cache *cache = wpa_auth->ft_pmk_cache; 4542 struct wpa_ft_pmk_r0_sa *r0, *r0found = NULL; 4543 struct ft_remote_r1kh *r1kh; 4544 4545 if (!wpa_auth->conf.pmk_r1_push) 4546 return; 4547 if (!wpa_auth->conf.r1kh_list) 4548 return; 4549 4550 dl_list_for_each(r0, &cache->pmk_r0, struct wpa_ft_pmk_r0_sa, list) { 4551 if (os_memcmp(r0->spa, addr, ETH_ALEN) == 0) { 4552 r0found = r0; 4553 break; 4554 } 4555 } 4556 4557 r0 = r0found; 4558 if (r0 == NULL || r0->pmk_r1_pushed) 4559 return; 4560 r0->pmk_r1_pushed = 1; 4561 4562 wpa_printf(MSG_DEBUG, "FT: Deriving and pushing PMK-R1 keys to R1KHs " 4563 "for STA " MACSTR, MAC2STR(addr)); 4564 4565 for (r1kh = *wpa_auth->conf.r1kh_list; r1kh; r1kh = r1kh->next) { 4566 if (is_zero_ether_addr(r1kh->addr) || 4567 is_zero_ether_addr(r1kh->id)) 4568 continue; 4569 if (wpa_ft_rrb_init_r1kh_seq(r1kh) < 0) 4570 continue; 4571 wpa_ft_generate_pmk_r1(wpa_auth, r0, r1kh, addr); 4572 } 4573 } 4574 4575 #endif /* CONFIG_IEEE80211R_AP */ 4576
