Home | History | Annotate | Download | only in ap
      1 /*
      2  * hostapd - IEEE 802.11r - Fast BSS Transition
      3  * Copyright (c) 2004-2009, Jouni Malinen <j (at) w1.fi>
      4  *
      5  * This software may be distributed under the terms of the BSD license.
      6  * See README for more details.
      7  */
      8 
      9 #include "utils/includes.h"
     10 
     11 #include "utils/common.h"
     12 #include "common/ieee802_11_defs.h"
     13 #include "common/ieee802_11_common.h"
     14 #include "crypto/aes_wrap.h"
     15 #include "crypto/random.h"
     16 #include "ap_config.h"
     17 #include "ieee802_11.h"
     18 #include "wmm.h"
     19 #include "wpa_auth.h"
     20 #include "wpa_auth_i.h"
     21 
     22 
     23 #ifdef CONFIG_IEEE80211R
     24 
     25 static int wpa_ft_rrb_send(struct wpa_authenticator *wpa_auth, const u8 *dst,
     26 			   const u8 *data, size_t data_len)
     27 {
     28 	if (wpa_auth->cb.send_ether == NULL)
     29 		return -1;
     30 	wpa_printf(MSG_DEBUG, "FT: RRB send to " MACSTR, MAC2STR(dst));
     31 	return wpa_auth->cb.send_ether(wpa_auth->cb.ctx, dst, ETH_P_RRB,
     32 				       data, data_len);
     33 }
     34 
     35 
     36 static int wpa_ft_action_send(struct wpa_authenticator *wpa_auth,
     37 			      const u8 *dst, const u8 *data, size_t data_len)
     38 {
     39 	if (wpa_auth->cb.send_ft_action == NULL)
     40 		return -1;
     41 	return wpa_auth->cb.send_ft_action(wpa_auth->cb.ctx, dst,
     42 					   data, data_len);
     43 }
     44 
     45 
     46 static struct wpa_state_machine *
     47 wpa_ft_add_sta(struct wpa_authenticator *wpa_auth, const u8 *sta_addr)
     48 {
     49 	if (wpa_auth->cb.add_sta == NULL)
     50 		return NULL;
     51 	return wpa_auth->cb.add_sta(wpa_auth->cb.ctx, sta_addr);
     52 }
     53 
     54 
     55 static int wpa_ft_add_tspec(struct wpa_authenticator *wpa_auth,
     56 			    const u8 *sta_addr,
     57 			    u8 *tspec_ie, size_t tspec_ielen)
     58 {
     59 	if (wpa_auth->cb.add_tspec == NULL) {
     60 	        wpa_printf(MSG_DEBUG, "FT: add_tspec is not initialized");
     61 		return -1;
     62 	}
     63 	return wpa_auth->cb.add_tspec(wpa_auth->cb.ctx, sta_addr, tspec_ie,
     64 				      tspec_ielen);
     65 }
     66 
     67 
     68 int wpa_write_mdie(struct wpa_auth_config *conf, u8 *buf, size_t len)
     69 {
     70 	u8 *pos = buf;
     71 	u8 capab;
     72 	if (len < 2 + sizeof(struct rsn_mdie))
     73 		return -1;
     74 
     75 	*pos++ = WLAN_EID_MOBILITY_DOMAIN;
     76 	*pos++ = MOBILITY_DOMAIN_ID_LEN + 1;
     77 	os_memcpy(pos, conf->mobility_domain, MOBILITY_DOMAIN_ID_LEN);
     78 	pos += MOBILITY_DOMAIN_ID_LEN;
     79 	capab = 0;
     80 	if (conf->ft_over_ds)
     81 		capab |= RSN_FT_CAPAB_FT_OVER_DS;
     82 	*pos++ = capab;
     83 
     84 	return pos - buf;
     85 }
     86 
     87 
     88 int wpa_write_ftie(struct wpa_auth_config *conf, const u8 *r0kh_id,
     89 		   size_t r0kh_id_len,
     90 		   const u8 *anonce, const u8 *snonce,
     91 		   u8 *buf, size_t len, const u8 *subelem,
     92 		   size_t subelem_len)
     93 {
     94 	u8 *pos = buf, *ielen;
     95 	struct rsn_ftie *hdr;
     96 
     97 	if (len < 2 + sizeof(*hdr) + 2 + FT_R1KH_ID_LEN + 2 + r0kh_id_len +
     98 	    subelem_len)
     99 		return -1;
    100 
    101 	*pos++ = WLAN_EID_FAST_BSS_TRANSITION;
    102 	ielen = pos++;
    103 
    104 	hdr = (struct rsn_ftie *) pos;
    105 	os_memset(hdr, 0, sizeof(*hdr));
    106 	pos += sizeof(*hdr);
    107 	WPA_PUT_LE16(hdr->mic_control, 0);
    108 	if (anonce)
    109 		os_memcpy(hdr->anonce, anonce, WPA_NONCE_LEN);
    110 	if (snonce)
    111 		os_memcpy(hdr->snonce, snonce, WPA_NONCE_LEN);
    112 
    113 	/* Optional Parameters */
    114 	*pos++ = FTIE_SUBELEM_R1KH_ID;
    115 	*pos++ = FT_R1KH_ID_LEN;
    116 	os_memcpy(pos, conf->r1_key_holder, FT_R1KH_ID_LEN);
    117 	pos += FT_R1KH_ID_LEN;
    118 
    119 	if (r0kh_id) {
    120 		*pos++ = FTIE_SUBELEM_R0KH_ID;
    121 		*pos++ = r0kh_id_len;
    122 		os_memcpy(pos, r0kh_id, r0kh_id_len);
    123 		pos += r0kh_id_len;
    124 	}
    125 
    126 	if (subelem) {
    127 		os_memcpy(pos, subelem, subelem_len);
    128 		pos += subelem_len;
    129 	}
    130 
    131 	*ielen = pos - buf - 2;
    132 
    133 	return pos - buf;
    134 }
    135 
    136 
    137 struct wpa_ft_pmk_r0_sa {
    138 	struct wpa_ft_pmk_r0_sa *next;
    139 	u8 pmk_r0[PMK_LEN];
    140 	u8 pmk_r0_name[WPA_PMK_NAME_LEN];
    141 	u8 spa[ETH_ALEN];
    142 	int pairwise; /* Pairwise cipher suite, WPA_CIPHER_* */
    143 	/* TODO: expiration, identity, radius_class, EAP type, VLAN ID */
    144 	int pmk_r1_pushed;
    145 };
    146 
    147 struct wpa_ft_pmk_r1_sa {
    148 	struct wpa_ft_pmk_r1_sa *next;
    149 	u8 pmk_r1[PMK_LEN];
    150 	u8 pmk_r1_name[WPA_PMK_NAME_LEN];
    151 	u8 spa[ETH_ALEN];
    152 	int pairwise; /* Pairwise cipher suite, WPA_CIPHER_* */
    153 	/* TODO: expiration, identity, radius_class, EAP type, VLAN ID */
    154 };
    155 
    156 struct wpa_ft_pmk_cache {
    157 	struct wpa_ft_pmk_r0_sa *pmk_r0;
    158 	struct wpa_ft_pmk_r1_sa *pmk_r1;
    159 };
    160 
    161 struct wpa_ft_pmk_cache * wpa_ft_pmk_cache_init(void)
    162 {
    163 	struct wpa_ft_pmk_cache *cache;
    164 
    165 	cache = os_zalloc(sizeof(*cache));
    166 
    167 	return cache;
    168 }
    169 
    170 
    171 void wpa_ft_pmk_cache_deinit(struct wpa_ft_pmk_cache *cache)
    172 {
    173 	struct wpa_ft_pmk_r0_sa *r0, *r0prev;
    174 	struct wpa_ft_pmk_r1_sa *r1, *r1prev;
    175 
    176 	r0 = cache->pmk_r0;
    177 	while (r0) {
    178 		r0prev = r0;
    179 		r0 = r0->next;
    180 		os_memset(r0prev->pmk_r0, 0, PMK_LEN);
    181 		os_free(r0prev);
    182 	}
    183 
    184 	r1 = cache->pmk_r1;
    185 	while (r1) {
    186 		r1prev = r1;
    187 		r1 = r1->next;
    188 		os_memset(r1prev->pmk_r1, 0, PMK_LEN);
    189 		os_free(r1prev);
    190 	}
    191 
    192 	os_free(cache);
    193 }
    194 
    195 
    196 static int wpa_ft_store_pmk_r0(struct wpa_authenticator *wpa_auth,
    197 			       const u8 *spa, const u8 *pmk_r0,
    198 			       const u8 *pmk_r0_name, int pairwise)
    199 {
    200 	struct wpa_ft_pmk_cache *cache = wpa_auth->ft_pmk_cache;
    201 	struct wpa_ft_pmk_r0_sa *r0;
    202 
    203 	/* TODO: add expiration and limit on number of entries in cache */
    204 
    205 	r0 = os_zalloc(sizeof(*r0));
    206 	if (r0 == NULL)
    207 		return -1;
    208 
    209 	os_memcpy(r0->pmk_r0, pmk_r0, PMK_LEN);
    210 	os_memcpy(r0->pmk_r0_name, pmk_r0_name, WPA_PMK_NAME_LEN);
    211 	os_memcpy(r0->spa, spa, ETH_ALEN);
    212 	r0->pairwise = pairwise;
    213 
    214 	r0->next = cache->pmk_r0;
    215 	cache->pmk_r0 = r0;
    216 
    217 	return 0;
    218 }
    219 
    220 
    221 static int wpa_ft_fetch_pmk_r0(struct wpa_authenticator *wpa_auth,
    222 			       const u8 *spa, const u8 *pmk_r0_name,
    223 			       u8 *pmk_r0, int *pairwise)
    224 {
    225 	struct wpa_ft_pmk_cache *cache = wpa_auth->ft_pmk_cache;
    226 	struct wpa_ft_pmk_r0_sa *r0;
    227 
    228 	r0 = cache->pmk_r0;
    229 	while (r0) {
    230 		if (os_memcmp(r0->spa, spa, ETH_ALEN) == 0 &&
    231 		    os_memcmp(r0->pmk_r0_name, pmk_r0_name, WPA_PMK_NAME_LEN)
    232 		    == 0) {
    233 			os_memcpy(pmk_r0, r0->pmk_r0, PMK_LEN);
    234 			if (pairwise)
    235 				*pairwise = r0->pairwise;
    236 			return 0;
    237 		}
    238 
    239 		r0 = r0->next;
    240 	}
    241 
    242 	return -1;
    243 }
    244 
    245 
    246 static int wpa_ft_store_pmk_r1(struct wpa_authenticator *wpa_auth,
    247 			       const u8 *spa, const u8 *pmk_r1,
    248 			       const u8 *pmk_r1_name, int pairwise)
    249 {
    250 	struct wpa_ft_pmk_cache *cache = wpa_auth->ft_pmk_cache;
    251 	struct wpa_ft_pmk_r1_sa *r1;
    252 
    253 	/* TODO: add expiration and limit on number of entries in cache */
    254 
    255 	r1 = os_zalloc(sizeof(*r1));
    256 	if (r1 == NULL)
    257 		return -1;
    258 
    259 	os_memcpy(r1->pmk_r1, pmk_r1, PMK_LEN);
    260 	os_memcpy(r1->pmk_r1_name, pmk_r1_name, WPA_PMK_NAME_LEN);
    261 	os_memcpy(r1->spa, spa, ETH_ALEN);
    262 	r1->pairwise = pairwise;
    263 
    264 	r1->next = cache->pmk_r1;
    265 	cache->pmk_r1 = r1;
    266 
    267 	return 0;
    268 }
    269 
    270 
    271 static int wpa_ft_fetch_pmk_r1(struct wpa_authenticator *wpa_auth,
    272 			       const u8 *spa, const u8 *pmk_r1_name,
    273 			       u8 *pmk_r1, int *pairwise)
    274 {
    275 	struct wpa_ft_pmk_cache *cache = wpa_auth->ft_pmk_cache;
    276 	struct wpa_ft_pmk_r1_sa *r1;
    277 
    278 	r1 = cache->pmk_r1;
    279 	while (r1) {
    280 		if (os_memcmp(r1->spa, spa, ETH_ALEN) == 0 &&
    281 		    os_memcmp(r1->pmk_r1_name, pmk_r1_name, WPA_PMK_NAME_LEN)
    282 		    == 0) {
    283 			os_memcpy(pmk_r1, r1->pmk_r1, PMK_LEN);
    284 			if (pairwise)
    285 				*pairwise = r1->pairwise;
    286 			return 0;
    287 		}
    288 
    289 		r1 = r1->next;
    290 	}
    291 
    292 	return -1;
    293 }
    294 
    295 
    296 static int wpa_ft_pull_pmk_r1(struct wpa_authenticator *wpa_auth,
    297 			      const u8 *s1kh_id, const u8 *r0kh_id,
    298 			      size_t r0kh_id_len, const u8 *pmk_r0_name)
    299 {
    300 	struct ft_remote_r0kh *r0kh;
    301 	struct ft_r0kh_r1kh_pull_frame frame, f;
    302 
    303 	r0kh = wpa_auth->conf.r0kh_list;
    304 	while (r0kh) {
    305 		if (r0kh->id_len == r0kh_id_len &&
    306 		    os_memcmp(r0kh->id, r0kh_id, r0kh_id_len) == 0)
    307 			break;
    308 		r0kh = r0kh->next;
    309 	}
    310 	if (r0kh == NULL)
    311 		return -1;
    312 
    313 	wpa_printf(MSG_DEBUG, "FT: Send PMK-R1 pull request to remote R0KH "
    314 		   "address " MACSTR, MAC2STR(r0kh->addr));
    315 
    316 	os_memset(&frame, 0, sizeof(frame));
    317 	frame.frame_type = RSN_REMOTE_FRAME_TYPE_FT_RRB;
    318 	frame.packet_type = FT_PACKET_R0KH_R1KH_PULL;
    319 	frame.data_length = host_to_le16(FT_R0KH_R1KH_PULL_DATA_LEN);
    320 	os_memcpy(frame.ap_address, wpa_auth->addr, ETH_ALEN);
    321 
    322 	/* aes_wrap() does not support inplace encryption, so use a temporary
    323 	 * buffer for the data. */
    324 	if (random_get_bytes(f.nonce, sizeof(f.nonce))) {
    325 		wpa_printf(MSG_DEBUG, "FT: Failed to get random data for "
    326 			   "nonce");
    327 		return -1;
    328 	}
    329 	os_memcpy(f.pmk_r0_name, pmk_r0_name, WPA_PMK_NAME_LEN);
    330 	os_memcpy(f.r1kh_id, wpa_auth->conf.r1_key_holder, FT_R1KH_ID_LEN);
    331 	os_memcpy(f.s1kh_id, s1kh_id, ETH_ALEN);
    332 	os_memset(f.pad, 0, sizeof(f.pad));
    333 
    334 	if (aes_wrap(r0kh->key, (FT_R0KH_R1KH_PULL_DATA_LEN + 7) / 8,
    335 		     f.nonce, frame.nonce) < 0)
    336 		return -1;
    337 
    338 	wpa_ft_rrb_send(wpa_auth, r0kh->addr, (u8 *) &frame, sizeof(frame));
    339 
    340 	return 0;
    341 }
    342 
    343 
    344 int wpa_auth_derive_ptk_ft(struct wpa_state_machine *sm, const u8 *pmk,
    345 			   struct wpa_ptk *ptk, size_t ptk_len)
    346 {
    347 	u8 pmk_r0[PMK_LEN], pmk_r0_name[WPA_PMK_NAME_LEN];
    348 	u8 pmk_r1[PMK_LEN];
    349 	u8 ptk_name[WPA_PMK_NAME_LEN];
    350 	const u8 *mdid = sm->wpa_auth->conf.mobility_domain;
    351 	const u8 *r0kh = sm->wpa_auth->conf.r0_key_holder;
    352 	size_t r0kh_len = sm->wpa_auth->conf.r0_key_holder_len;
    353 	const u8 *r1kh = sm->wpa_auth->conf.r1_key_holder;
    354 	const u8 *ssid = sm->wpa_auth->conf.ssid;
    355 	size_t ssid_len = sm->wpa_auth->conf.ssid_len;
    356 
    357 
    358 	if (sm->xxkey_len == 0) {
    359 		wpa_printf(MSG_DEBUG, "FT: XXKey not available for key "
    360 			   "derivation");
    361 		return -1;
    362 	}
    363 
    364 	wpa_derive_pmk_r0(sm->xxkey, sm->xxkey_len, ssid, ssid_len, mdid,
    365 			  r0kh, r0kh_len, sm->addr, pmk_r0, pmk_r0_name);
    366 	wpa_hexdump_key(MSG_DEBUG, "FT: PMK-R0", pmk_r0, PMK_LEN);
    367 	wpa_hexdump(MSG_DEBUG, "FT: PMKR0Name", pmk_r0_name, WPA_PMK_NAME_LEN);
    368 	wpa_ft_store_pmk_r0(sm->wpa_auth, sm->addr, pmk_r0, pmk_r0_name,
    369 			    sm->pairwise);
    370 
    371 	wpa_derive_pmk_r1(pmk_r0, pmk_r0_name, r1kh, sm->addr,
    372 			  pmk_r1, sm->pmk_r1_name);
    373 	wpa_hexdump_key(MSG_DEBUG, "FT: PMK-R1", pmk_r1, PMK_LEN);
    374 	wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name", sm->pmk_r1_name,
    375 		    WPA_PMK_NAME_LEN);
    376 	wpa_ft_store_pmk_r1(sm->wpa_auth, sm->addr, pmk_r1, sm->pmk_r1_name,
    377 			    sm->pairwise);
    378 
    379 	wpa_pmk_r1_to_ptk(pmk_r1, sm->SNonce, sm->ANonce, sm->addr,
    380 			  sm->wpa_auth->addr, sm->pmk_r1_name,
    381 			  (u8 *) ptk, ptk_len, ptk_name);
    382 	wpa_hexdump_key(MSG_DEBUG, "FT: PTK", (u8 *) ptk, ptk_len);
    383 	wpa_hexdump(MSG_DEBUG, "FT: PTKName", ptk_name, WPA_PMK_NAME_LEN);
    384 
    385 	return 0;
    386 }
    387 
    388 
    389 static inline int wpa_auth_get_seqnum(struct wpa_authenticator *wpa_auth,
    390 				      const u8 *addr, int idx, u8 *seq)
    391 {
    392 	if (wpa_auth->cb.get_seqnum == NULL)
    393 		return -1;
    394 	return wpa_auth->cb.get_seqnum(wpa_auth->cb.ctx, addr, idx, seq);
    395 }
    396 
    397 
    398 static u8 * wpa_ft_gtk_subelem(struct wpa_state_machine *sm, size_t *len)
    399 {
    400 	u8 *subelem;
    401 	struct wpa_group *gsm = sm->group;
    402 	size_t subelem_len, pad_len;
    403 	const u8 *key;
    404 	size_t key_len;
    405 	u8 keybuf[32];
    406 
    407 	key_len = gsm->GTK_len;
    408 	if (key_len > sizeof(keybuf))
    409 		return NULL;
    410 
    411 	/*
    412 	 * Pad key for AES Key Wrap if it is not multiple of 8 bytes or is less
    413 	 * than 16 bytes.
    414 	 */
    415 	pad_len = key_len % 8;
    416 	if (pad_len)
    417 		pad_len = 8 - pad_len;
    418 	if (key_len + pad_len < 16)
    419 		pad_len += 8;
    420 	if (pad_len && key_len < sizeof(keybuf)) {
    421 		os_memcpy(keybuf, gsm->GTK[gsm->GN - 1], key_len);
    422 		os_memset(keybuf + key_len, 0, pad_len);
    423 		keybuf[key_len] = 0xdd;
    424 		key_len += pad_len;
    425 		key = keybuf;
    426 	} else
    427 		key = gsm->GTK[gsm->GN - 1];
    428 
    429 	/*
    430 	 * Sub-elem ID[1] | Length[1] | Key Info[2] | Key Length[1] | RSC[8] |
    431 	 * Key[5..32].
    432 	 */
    433 	subelem_len = 13 + key_len + 8;
    434 	subelem = os_zalloc(subelem_len);
    435 	if (subelem == NULL)
    436 		return NULL;
    437 
    438 	subelem[0] = FTIE_SUBELEM_GTK;
    439 	subelem[1] = 11 + key_len + 8;
    440 	/* Key ID in B0-B1 of Key Info */
    441 	WPA_PUT_LE16(&subelem[2], gsm->GN & 0x03);
    442 	subelem[4] = gsm->GTK_len;
    443 	wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN, subelem + 5);
    444 	if (aes_wrap(sm->PTK.kek, key_len / 8, key, subelem + 13)) {
    445 		os_free(subelem);
    446 		return NULL;
    447 	}
    448 
    449 	*len = subelem_len;
    450 	return subelem;
    451 }
    452 
    453 
    454 #ifdef CONFIG_IEEE80211W
    455 static u8 * wpa_ft_igtk_subelem(struct wpa_state_machine *sm, size_t *len)
    456 {
    457 	u8 *subelem, *pos;
    458 	struct wpa_group *gsm = sm->group;
    459 	size_t subelem_len;
    460 
    461 	/* Sub-elem ID[1] | Length[1] | KeyID[2] | IPN[6] | Key Length[1] |
    462 	 * Key[16+8] */
    463 	subelem_len = 1 + 1 + 2 + 6 + 1 + WPA_IGTK_LEN + 8;
    464 	subelem = os_zalloc(subelem_len);
    465 	if (subelem == NULL)
    466 		return NULL;
    467 
    468 	pos = subelem;
    469 	*pos++ = FTIE_SUBELEM_IGTK;
    470 	*pos++ = subelem_len - 2;
    471 	WPA_PUT_LE16(pos, gsm->GN_igtk);
    472 	pos += 2;
    473 	wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN_igtk, pos);
    474 	pos += 6;
    475 	*pos++ = WPA_IGTK_LEN;
    476 	if (aes_wrap(sm->PTK.kek, WPA_IGTK_LEN / 8,
    477 		     gsm->IGTK[gsm->GN_igtk - 4], pos)) {
    478 		os_free(subelem);
    479 		return NULL;
    480 	}
    481 
    482 	*len = subelem_len;
    483 	return subelem;
    484 }
    485 #endif /* CONFIG_IEEE80211W */
    486 
    487 
    488 static u8 * wpa_ft_process_rdie(struct wpa_state_machine *sm,
    489 				u8 *pos, u8 *end, u8 id, u8 descr_count,
    490 				const u8 *ies, size_t ies_len)
    491 {
    492 	struct ieee802_11_elems parse;
    493 	struct rsn_rdie *rdie;
    494 
    495 	wpa_printf(MSG_DEBUG, "FT: Resource Request: id=%d descr_count=%d",
    496 		   id, descr_count);
    497 	wpa_hexdump(MSG_MSGDUMP, "FT: Resource descriptor IE(s)",
    498 		    ies, ies_len);
    499 
    500 	if (end - pos < (int) sizeof(*rdie)) {
    501 		wpa_printf(MSG_ERROR, "FT: Not enough room for response RDIE");
    502 		return pos;
    503 	}
    504 
    505 	*pos++ = WLAN_EID_RIC_DATA;
    506 	*pos++ = sizeof(*rdie);
    507 	rdie = (struct rsn_rdie *) pos;
    508 	rdie->id = id;
    509 	rdie->descr_count = 0;
    510 	rdie->status_code = host_to_le16(WLAN_STATUS_SUCCESS);
    511 	pos += sizeof(*rdie);
    512 
    513 	if (ieee802_11_parse_elems((u8 *) ies, ies_len, &parse, 1) ==
    514 	    ParseFailed) {
    515 		wpa_printf(MSG_DEBUG, "FT: Failed to parse request IEs");
    516 		rdie->status_code =
    517 			host_to_le16(WLAN_STATUS_UNSPECIFIED_FAILURE);
    518 		return pos;
    519 	}
    520 
    521 #ifdef NEED_AP_MLME
    522 	if (parse.wmm_tspec && sm->wpa_auth->conf.ap_mlme) {
    523 		struct wmm_tspec_element *tspec;
    524 		int res;
    525 
    526 		if (parse.wmm_tspec_len + 2 < (int) sizeof(*tspec)) {
    527 			wpa_printf(MSG_DEBUG, "FT: Too short WMM TSPEC IE "
    528 				   "(%d)", (int) parse.wmm_tspec_len);
    529 			rdie->status_code =
    530 				host_to_le16(WLAN_STATUS_UNSPECIFIED_FAILURE);
    531 			return pos;
    532 		}
    533 		if (end - pos < (int) sizeof(*tspec)) {
    534 			wpa_printf(MSG_ERROR, "FT: Not enough room for "
    535 				   "response TSPEC");
    536 			rdie->status_code =
    537 				host_to_le16(WLAN_STATUS_UNSPECIFIED_FAILURE);
    538 			return pos;
    539 		}
    540 		tspec = (struct wmm_tspec_element *) pos;
    541 		os_memcpy(tspec, parse.wmm_tspec - 2, sizeof(*tspec));
    542 		res = wmm_process_tspec(tspec);
    543 		wpa_printf(MSG_DEBUG, "FT: ADDTS processing result: %d", res);
    544 		if (res == WMM_ADDTS_STATUS_INVALID_PARAMETERS)
    545 			rdie->status_code =
    546 				host_to_le16(WLAN_STATUS_INVALID_PARAMETERS);
    547 		else if (res == WMM_ADDTS_STATUS_REFUSED)
    548 			rdie->status_code =
    549 				host_to_le16(WLAN_STATUS_REQUEST_DECLINED);
    550 		else {
    551 			/* TSPEC accepted; include updated TSPEC in response */
    552 			rdie->descr_count = 1;
    553 			pos += sizeof(*tspec);
    554 		}
    555 		return pos;
    556 	}
    557 #endif /* NEED_AP_MLME */
    558 
    559 	if (parse.wmm_tspec && !sm->wpa_auth->conf.ap_mlme) {
    560 		struct wmm_tspec_element *tspec;
    561 		int res;
    562 
    563 		tspec = (struct wmm_tspec_element *) pos;
    564 		os_memcpy(tspec, parse.wmm_tspec - 2, sizeof(*tspec));
    565 		res = wpa_ft_add_tspec(sm->wpa_auth, sm->addr, pos,
    566 				       sizeof(*tspec));
    567 		if (res >= 0) {
    568 			if (res)
    569 				rdie->status_code = host_to_le16(res);
    570 			else {
    571 				/* TSPEC accepted; include updated TSPEC in
    572 				 * response */
    573 		                rdie->descr_count = 1;
    574 	                        pos += sizeof(*tspec);
    575 			}
    576 			return pos;
    577 		}
    578 	}
    579 
    580 	wpa_printf(MSG_DEBUG, "FT: No supported resource requested");
    581 	rdie->status_code = host_to_le16(WLAN_STATUS_UNSPECIFIED_FAILURE);
    582 	return pos;
    583 }
    584 
    585 
    586 static u8 * wpa_ft_process_ric(struct wpa_state_machine *sm, u8 *pos, u8 *end,
    587 			       const u8 *ric, size_t ric_len)
    588 {
    589 	const u8 *rpos, *start;
    590 	const struct rsn_rdie *rdie;
    591 
    592 	wpa_hexdump(MSG_MSGDUMP, "FT: RIC Request", ric, ric_len);
    593 
    594 	rpos = ric;
    595 	while (rpos + sizeof(*rdie) < ric + ric_len) {
    596 		if (rpos[0] != WLAN_EID_RIC_DATA || rpos[1] < sizeof(*rdie) ||
    597 		    rpos + 2 + rpos[1] > ric + ric_len)
    598 			break;
    599 		rdie = (const struct rsn_rdie *) (rpos + 2);
    600 		rpos += 2 + rpos[1];
    601 		start = rpos;
    602 
    603 		while (rpos + 2 <= ric + ric_len &&
    604 		       rpos + 2 + rpos[1] <= ric + ric_len) {
    605 			if (rpos[0] == WLAN_EID_RIC_DATA)
    606 				break;
    607 			rpos += 2 + rpos[1];
    608 		}
    609 		pos = wpa_ft_process_rdie(sm, pos, end, rdie->id,
    610 					  rdie->descr_count,
    611 					  start, rpos - start);
    612 	}
    613 
    614 	return pos;
    615 }
    616 
    617 
    618 u8 * wpa_sm_write_assoc_resp_ies(struct wpa_state_machine *sm, u8 *pos,
    619 				 size_t max_len, int auth_alg,
    620 				 const u8 *req_ies, size_t req_ies_len)
    621 {
    622 	u8 *end, *mdie, *ftie, *rsnie = NULL, *r0kh_id, *subelem = NULL;
    623 	size_t mdie_len, ftie_len, rsnie_len = 0, r0kh_id_len, subelem_len = 0;
    624 	int res;
    625 	struct wpa_auth_config *conf;
    626 	struct rsn_ftie *_ftie;
    627 	struct wpa_ft_ies parse;
    628 	u8 *ric_start;
    629 	u8 *anonce, *snonce;
    630 
    631 	if (sm == NULL)
    632 		return pos;
    633 
    634 	conf = &sm->wpa_auth->conf;
    635 
    636 	if (sm->wpa_key_mgmt != WPA_KEY_MGMT_FT_IEEE8021X &&
    637 	    sm->wpa_key_mgmt != WPA_KEY_MGMT_FT_PSK)
    638 		return pos;
    639 
    640 	end = pos + max_len;
    641 
    642 	if (auth_alg == WLAN_AUTH_FT) {
    643 		/*
    644 		 * RSN (only present if this is a Reassociation Response and
    645 		 * part of a fast BSS transition)
    646 		 */
    647 		res = wpa_write_rsn_ie(conf, pos, end - pos, sm->pmk_r1_name);
    648 		if (res < 0)
    649 			return pos;
    650 		rsnie = pos;
    651 		rsnie_len = res;
    652 		pos += res;
    653 	}
    654 
    655 	/* Mobility Domain Information */
    656 	res = wpa_write_mdie(conf, pos, end - pos);
    657 	if (res < 0)
    658 		return pos;
    659 	mdie = pos;
    660 	mdie_len = res;
    661 	pos += res;
    662 
    663 	/* Fast BSS Transition Information */
    664 	if (auth_alg == WLAN_AUTH_FT) {
    665 		subelem = wpa_ft_gtk_subelem(sm, &subelem_len);
    666 		r0kh_id = sm->r0kh_id;
    667 		r0kh_id_len = sm->r0kh_id_len;
    668 		anonce = sm->ANonce;
    669 		snonce = sm->SNonce;
    670 #ifdef CONFIG_IEEE80211W
    671 		if (sm->mgmt_frame_prot) {
    672 			u8 *igtk;
    673 			size_t igtk_len;
    674 			u8 *nbuf;
    675 			igtk = wpa_ft_igtk_subelem(sm, &igtk_len);
    676 			if (igtk == NULL) {
    677 				os_free(subelem);
    678 				return pos;
    679 			}
    680 			nbuf = os_realloc(subelem, subelem_len + igtk_len);
    681 			if (nbuf == NULL) {
    682 				os_free(subelem);
    683 				os_free(igtk);
    684 				return pos;
    685 			}
    686 			subelem = nbuf;
    687 			os_memcpy(subelem + subelem_len, igtk, igtk_len);
    688 			subelem_len += igtk_len;
    689 			os_free(igtk);
    690 		}
    691 #endif /* CONFIG_IEEE80211W */
    692 	} else {
    693 		r0kh_id = conf->r0_key_holder;
    694 		r0kh_id_len = conf->r0_key_holder_len;
    695 		anonce = NULL;
    696 		snonce = NULL;
    697 	}
    698 	res = wpa_write_ftie(conf, r0kh_id, r0kh_id_len, anonce, snonce, pos,
    699 			     end - pos, subelem, subelem_len);
    700 	os_free(subelem);
    701 	if (res < 0)
    702 		return pos;
    703 	ftie = pos;
    704 	ftie_len = res;
    705 	pos += res;
    706 
    707 	os_free(sm->assoc_resp_ftie);
    708 	sm->assoc_resp_ftie = os_malloc(ftie_len);
    709 	if (sm->assoc_resp_ftie)
    710 		os_memcpy(sm->assoc_resp_ftie, ftie, ftie_len);
    711 
    712 	_ftie = (struct rsn_ftie *) (ftie + 2);
    713 	if (auth_alg == WLAN_AUTH_FT)
    714 		_ftie->mic_control[1] = 3; /* Information element count */
    715 
    716 	ric_start = pos;
    717 	if (wpa_ft_parse_ies(req_ies, req_ies_len, &parse) == 0 && parse.ric) {
    718 		pos = wpa_ft_process_ric(sm, pos, end, parse.ric,
    719 					 parse.ric_len);
    720 		if (auth_alg == WLAN_AUTH_FT)
    721 			_ftie->mic_control[1] +=
    722 				ieee802_11_ie_count(ric_start,
    723 						    pos - ric_start);
    724 	}
    725 	if (ric_start == pos)
    726 		ric_start = NULL;
    727 
    728 	if (auth_alg == WLAN_AUTH_FT &&
    729 	    wpa_ft_mic(sm->PTK.kck, sm->addr, sm->wpa_auth->addr, 6,
    730 		       mdie, mdie_len, ftie, ftie_len,
    731 		       rsnie, rsnie_len,
    732 		       ric_start, ric_start ? pos - ric_start : 0,
    733 		       _ftie->mic) < 0)
    734 		wpa_printf(MSG_DEBUG, "FT: Failed to calculate MIC");
    735 
    736 	return pos;
    737 }
    738 
    739 
    740 static inline int wpa_auth_set_key(struct wpa_authenticator *wpa_auth,
    741 				   int vlan_id,
    742 				   enum wpa_alg alg, const u8 *addr, int idx,
    743 				   u8 *key, size_t key_len)
    744 {
    745 	if (wpa_auth->cb.set_key == NULL)
    746 		return -1;
    747 	return wpa_auth->cb.set_key(wpa_auth->cb.ctx, vlan_id, alg, addr, idx,
    748 				    key, key_len);
    749 }
    750 
    751 
    752 void wpa_ft_install_ptk(struct wpa_state_machine *sm)
    753 {
    754 	enum wpa_alg alg;
    755 	int klen;
    756 
    757 	/* MLME-SETKEYS.request(PTK) */
    758 	alg = wpa_cipher_to_alg(sm->pairwise);
    759 	klen = wpa_cipher_key_len(sm->pairwise);
    760 	if (!wpa_cipher_valid_pairwise(sm->pairwise)) {
    761 		wpa_printf(MSG_DEBUG, "FT: Unknown pairwise alg 0x%x - skip "
    762 			   "PTK configuration", sm->pairwise);
    763 		return;
    764 	}
    765 
    766 	/* FIX: add STA entry to kernel/driver here? The set_key will fail
    767 	 * most likely without this.. At the moment, STA entry is added only
    768 	 * after association has been completed. This function will be called
    769 	 * again after association to get the PTK configured, but that could be
    770 	 * optimized by adding the STA entry earlier.
    771 	 */
    772 	if (wpa_auth_set_key(sm->wpa_auth, 0, alg, sm->addr, 0,
    773 			     sm->PTK.tk1, klen))
    774 		return;
    775 
    776 	/* FIX: MLME-SetProtection.Request(TA, Tx_Rx) */
    777 	sm->pairwise_set = TRUE;
    778 }
    779 
    780 
    781 static u16 wpa_ft_process_auth_req(struct wpa_state_machine *sm,
    782 				   const u8 *ies, size_t ies_len,
    783 				   u8 **resp_ies, size_t *resp_ies_len)
    784 {
    785 	struct rsn_mdie *mdie;
    786 	struct rsn_ftie *ftie;
    787 	u8 pmk_r1[PMK_LEN], pmk_r1_name[WPA_PMK_NAME_LEN];
    788 	u8 ptk_name[WPA_PMK_NAME_LEN];
    789 	struct wpa_auth_config *conf;
    790 	struct wpa_ft_ies parse;
    791 	size_t buflen, ptk_len;
    792 	int ret;
    793 	u8 *pos, *end;
    794 	int pairwise;
    795 
    796 	*resp_ies = NULL;
    797 	*resp_ies_len = 0;
    798 
    799 	sm->pmk_r1_name_valid = 0;
    800 	conf = &sm->wpa_auth->conf;
    801 
    802 	wpa_hexdump(MSG_DEBUG, "FT: Received authentication frame IEs",
    803 		    ies, ies_len);
    804 
    805 	if (wpa_ft_parse_ies(ies, ies_len, &parse) < 0) {
    806 		wpa_printf(MSG_DEBUG, "FT: Failed to parse FT IEs");
    807 		return WLAN_STATUS_UNSPECIFIED_FAILURE;
    808 	}
    809 
    810 	mdie = (struct rsn_mdie *) parse.mdie;
    811 	if (mdie == NULL || parse.mdie_len < sizeof(*mdie) ||
    812 	    os_memcmp(mdie->mobility_domain,
    813 		      sm->wpa_auth->conf.mobility_domain,
    814 		      MOBILITY_DOMAIN_ID_LEN) != 0) {
    815 		wpa_printf(MSG_DEBUG, "FT: Invalid MDIE");
    816 		return WLAN_STATUS_INVALID_MDIE;
    817 	}
    818 
    819 	ftie = (struct rsn_ftie *) parse.ftie;
    820 	if (ftie == NULL || parse.ftie_len < sizeof(*ftie)) {
    821 		wpa_printf(MSG_DEBUG, "FT: Invalid FTIE");
    822 		return WLAN_STATUS_INVALID_FTIE;
    823 	}
    824 
    825 	os_memcpy(sm->SNonce, ftie->snonce, WPA_NONCE_LEN);
    826 
    827 	if (parse.r0kh_id == NULL) {
    828 		wpa_printf(MSG_DEBUG, "FT: Invalid FTIE - no R0KH-ID");
    829 		return WLAN_STATUS_INVALID_FTIE;
    830 	}
    831 
    832 	wpa_hexdump(MSG_DEBUG, "FT: STA R0KH-ID",
    833 		    parse.r0kh_id, parse.r0kh_id_len);
    834 	os_memcpy(sm->r0kh_id, parse.r0kh_id, parse.r0kh_id_len);
    835 	sm->r0kh_id_len = parse.r0kh_id_len;
    836 
    837 	if (parse.rsn_pmkid == NULL) {
    838 		wpa_printf(MSG_DEBUG, "FT: No PMKID in RSNIE");
    839 		return WLAN_STATUS_INVALID_PMKID;
    840 	}
    841 
    842 	wpa_hexdump(MSG_DEBUG, "FT: Requested PMKR0Name",
    843 		    parse.rsn_pmkid, WPA_PMK_NAME_LEN);
    844 	wpa_derive_pmk_r1_name(parse.rsn_pmkid,
    845 			       sm->wpa_auth->conf.r1_key_holder, sm->addr,
    846 			       pmk_r1_name);
    847 	wpa_hexdump(MSG_DEBUG, "FT: Derived requested PMKR1Name",
    848 		    pmk_r1_name, WPA_PMK_NAME_LEN);
    849 
    850 	if (wpa_ft_fetch_pmk_r1(sm->wpa_auth, sm->addr, pmk_r1_name, pmk_r1,
    851 		    &pairwise) < 0) {
    852 		if (wpa_ft_pull_pmk_r1(sm->wpa_auth, sm->addr, sm->r0kh_id,
    853 				       sm->r0kh_id_len, parse.rsn_pmkid) < 0) {
    854 			wpa_printf(MSG_DEBUG, "FT: Did not have matching "
    855 				   "PMK-R1 and unknown R0KH-ID");
    856 			return WLAN_STATUS_INVALID_PMKID;
    857 		}
    858 
    859 		/*
    860 		 * TODO: Should return "status pending" (and the caller should
    861 		 * not send out response now). The real response will be sent
    862 		 * once the response from R0KH is received.
    863 		 */
    864 		return WLAN_STATUS_INVALID_PMKID;
    865 	}
    866 
    867 	wpa_hexdump_key(MSG_DEBUG, "FT: Selected PMK-R1", pmk_r1, PMK_LEN);
    868 	sm->pmk_r1_name_valid = 1;
    869 	os_memcpy(sm->pmk_r1_name, pmk_r1_name, WPA_PMK_NAME_LEN);
    870 
    871 	if (random_get_bytes(sm->ANonce, WPA_NONCE_LEN)) {
    872 		wpa_printf(MSG_DEBUG, "FT: Failed to get random data for "
    873 			   "ANonce");
    874 		return WLAN_STATUS_UNSPECIFIED_FAILURE;
    875 	}
    876 
    877 	wpa_hexdump(MSG_DEBUG, "FT: Received SNonce",
    878 		    sm->SNonce, WPA_NONCE_LEN);
    879 	wpa_hexdump(MSG_DEBUG, "FT: Generated ANonce",
    880 		    sm->ANonce, WPA_NONCE_LEN);
    881 
    882 	ptk_len = pairwise == WPA_CIPHER_TKIP ? 64 : 48;
    883 	wpa_pmk_r1_to_ptk(pmk_r1, sm->SNonce, sm->ANonce, sm->addr,
    884 			  sm->wpa_auth->addr, pmk_r1_name,
    885 			  (u8 *) &sm->PTK, ptk_len, ptk_name);
    886 	wpa_hexdump_key(MSG_DEBUG, "FT: PTK",
    887 			(u8 *) &sm->PTK, ptk_len);
    888 	wpa_hexdump(MSG_DEBUG, "FT: PTKName", ptk_name, WPA_PMK_NAME_LEN);
    889 
    890 	sm->pairwise = pairwise;
    891 	wpa_ft_install_ptk(sm);
    892 
    893 	buflen = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) +
    894 		2 + FT_R1KH_ID_LEN + 200;
    895 	*resp_ies = os_zalloc(buflen);
    896 	if (*resp_ies == NULL) {
    897 		return WLAN_STATUS_UNSPECIFIED_FAILURE;
    898 	}
    899 
    900 	pos = *resp_ies;
    901 	end = *resp_ies + buflen;
    902 
    903 	ret = wpa_write_rsn_ie(conf, pos, end - pos, parse.rsn_pmkid);
    904 	if (ret < 0) {
    905 		os_free(*resp_ies);
    906 		*resp_ies = NULL;
    907 		return WLAN_STATUS_UNSPECIFIED_FAILURE;
    908 	}
    909 	pos += ret;
    910 
    911 	ret = wpa_write_mdie(conf, pos, end - pos);
    912 	if (ret < 0) {
    913 		os_free(*resp_ies);
    914 		*resp_ies = NULL;
    915 		return WLAN_STATUS_UNSPECIFIED_FAILURE;
    916 	}
    917 	pos += ret;
    918 
    919 	ret = wpa_write_ftie(conf, parse.r0kh_id, parse.r0kh_id_len,
    920 			     sm->ANonce, sm->SNonce, pos, end - pos, NULL, 0);
    921 	if (ret < 0) {
    922 		os_free(*resp_ies);
    923 		*resp_ies = NULL;
    924 		return WLAN_STATUS_UNSPECIFIED_FAILURE;
    925 	}
    926 	pos += ret;
    927 
    928 	*resp_ies_len = pos - *resp_ies;
    929 
    930 	return WLAN_STATUS_SUCCESS;
    931 }
    932 
    933 
    934 void wpa_ft_process_auth(struct wpa_state_machine *sm, const u8 *bssid,
    935 			 u16 auth_transaction, const u8 *ies, size_t ies_len,
    936 			 void (*cb)(void *ctx, const u8 *dst, const u8 *bssid,
    937 				    u16 auth_transaction, u16 status,
    938 				    const u8 *ies, size_t ies_len),
    939 			 void *ctx)
    940 {
    941 	u16 status;
    942 	u8 *resp_ies;
    943 	size_t resp_ies_len;
    944 
    945 	if (sm == NULL) {
    946 		wpa_printf(MSG_DEBUG, "FT: Received authentication frame, but "
    947 			   "WPA SM not available");
    948 		return;
    949 	}
    950 
    951 	wpa_printf(MSG_DEBUG, "FT: Received authentication frame: STA=" MACSTR
    952 		   " BSSID=" MACSTR " transaction=%d",
    953 		   MAC2STR(sm->addr), MAC2STR(bssid), auth_transaction);
    954 	status = wpa_ft_process_auth_req(sm, ies, ies_len, &resp_ies,
    955 					 &resp_ies_len);
    956 
    957 	wpa_printf(MSG_DEBUG, "FT: FT authentication response: dst=" MACSTR
    958 		   " auth_transaction=%d status=%d",
    959 		   MAC2STR(sm->addr), auth_transaction + 1, status);
    960 	wpa_hexdump(MSG_DEBUG, "FT: Response IEs", resp_ies, resp_ies_len);
    961 	cb(ctx, sm->addr, bssid, auth_transaction + 1, status,
    962 	   resp_ies, resp_ies_len);
    963 	os_free(resp_ies);
    964 }
    965 
    966 
    967 u16 wpa_ft_validate_reassoc(struct wpa_state_machine *sm, const u8 *ies,
    968 			    size_t ies_len)
    969 {
    970 	struct wpa_ft_ies parse;
    971 	struct rsn_mdie *mdie;
    972 	struct rsn_ftie *ftie;
    973 	u8 mic[16];
    974 	unsigned int count;
    975 
    976 	if (sm == NULL)
    977 		return WLAN_STATUS_UNSPECIFIED_FAILURE;
    978 
    979 	wpa_hexdump(MSG_DEBUG, "FT: Reassoc Req IEs", ies, ies_len);
    980 
    981 	if (wpa_ft_parse_ies(ies, ies_len, &parse) < 0) {
    982 		wpa_printf(MSG_DEBUG, "FT: Failed to parse FT IEs");
    983 		return WLAN_STATUS_UNSPECIFIED_FAILURE;
    984 	}
    985 
    986 	if (parse.rsn == NULL) {
    987 		wpa_printf(MSG_DEBUG, "FT: No RSNIE in Reassoc Req");
    988 		return WLAN_STATUS_UNSPECIFIED_FAILURE;
    989 	}
    990 
    991 	if (parse.rsn_pmkid == NULL) {
    992 		wpa_printf(MSG_DEBUG, "FT: No PMKID in RSNIE");
    993 		return WLAN_STATUS_INVALID_PMKID;
    994 	}
    995 
    996 	if (os_memcmp(parse.rsn_pmkid, sm->pmk_r1_name, WPA_PMK_NAME_LEN) != 0)
    997 	{
    998 		wpa_printf(MSG_DEBUG, "FT: PMKID in Reassoc Req did not match "
    999 			   "with the PMKR1Name derived from auth request");
   1000 		return WLAN_STATUS_INVALID_PMKID;
   1001 	}
   1002 
   1003 	mdie = (struct rsn_mdie *) parse.mdie;
   1004 	if (mdie == NULL || parse.mdie_len < sizeof(*mdie) ||
   1005 	    os_memcmp(mdie->mobility_domain,
   1006 		      sm->wpa_auth->conf.mobility_domain,
   1007 		      MOBILITY_DOMAIN_ID_LEN) != 0) {
   1008 		wpa_printf(MSG_DEBUG, "FT: Invalid MDIE");
   1009 		return WLAN_STATUS_INVALID_MDIE;
   1010 	}
   1011 
   1012 	ftie = (struct rsn_ftie *) parse.ftie;
   1013 	if (ftie == NULL || parse.ftie_len < sizeof(*ftie)) {
   1014 		wpa_printf(MSG_DEBUG, "FT: Invalid FTIE");
   1015 		return WLAN_STATUS_INVALID_FTIE;
   1016 	}
   1017 
   1018 	if (os_memcmp(ftie->snonce, sm->SNonce, WPA_NONCE_LEN) != 0) {
   1019 		wpa_printf(MSG_DEBUG, "FT: SNonce mismatch in FTIE");
   1020 		wpa_hexdump(MSG_DEBUG, "FT: Received SNonce",
   1021 			    ftie->snonce, WPA_NONCE_LEN);
   1022 		wpa_hexdump(MSG_DEBUG, "FT: Expected SNonce",
   1023 			    sm->SNonce, WPA_NONCE_LEN);
   1024 		return -1;
   1025 	}
   1026 
   1027 	if (os_memcmp(ftie->anonce, sm->ANonce, WPA_NONCE_LEN) != 0) {
   1028 		wpa_printf(MSG_DEBUG, "FT: ANonce mismatch in FTIE");
   1029 		wpa_hexdump(MSG_DEBUG, "FT: Received ANonce",
   1030 			    ftie->anonce, WPA_NONCE_LEN);
   1031 		wpa_hexdump(MSG_DEBUG, "FT: Expected ANonce",
   1032 			    sm->ANonce, WPA_NONCE_LEN);
   1033 		return -1;
   1034 	}
   1035 
   1036 
   1037 	if (parse.r0kh_id == NULL) {
   1038 		wpa_printf(MSG_DEBUG, "FT: No R0KH-ID subelem in FTIE");
   1039 		return -1;
   1040 	}
   1041 
   1042 	if (parse.r0kh_id_len != sm->r0kh_id_len ||
   1043 	    os_memcmp(parse.r0kh_id, sm->r0kh_id, parse.r0kh_id_len) != 0) {
   1044 		wpa_printf(MSG_DEBUG, "FT: R0KH-ID in FTIE did not match with "
   1045 			   "the current R0KH-ID");
   1046 		wpa_hexdump(MSG_DEBUG, "FT: R0KH-ID in FTIE",
   1047 			    parse.r0kh_id, parse.r0kh_id_len);
   1048 		wpa_hexdump(MSG_DEBUG, "FT: The current R0KH-ID",
   1049 			    sm->r0kh_id, sm->r0kh_id_len);
   1050 		return -1;
   1051 	}
   1052 
   1053 	if (parse.r1kh_id == NULL) {
   1054 		wpa_printf(MSG_DEBUG, "FT: No R1KH-ID subelem in FTIE");
   1055 		return -1;
   1056 	}
   1057 
   1058 	if (os_memcmp(parse.r1kh_id, sm->wpa_auth->conf.r1_key_holder,
   1059 		      FT_R1KH_ID_LEN) != 0) {
   1060 		wpa_printf(MSG_DEBUG, "FT: Unknown R1KH-ID used in "
   1061 			   "ReassocReq");
   1062 		wpa_hexdump(MSG_DEBUG, "FT: R1KH-ID in FTIE",
   1063 			    parse.r1kh_id, FT_R1KH_ID_LEN);
   1064 		wpa_hexdump(MSG_DEBUG, "FT: Expected R1KH-ID",
   1065 			    sm->wpa_auth->conf.r1_key_holder, FT_R1KH_ID_LEN);
   1066 		return -1;
   1067 	}
   1068 
   1069 	if (parse.rsn_pmkid == NULL ||
   1070 	    os_memcmp(parse.rsn_pmkid, sm->pmk_r1_name, WPA_PMK_NAME_LEN)) {
   1071 		wpa_printf(MSG_DEBUG, "FT: No matching PMKR1Name (PMKID) in "
   1072 			   "RSNIE (pmkid=%d)", !!parse.rsn_pmkid);
   1073 		return -1;
   1074 	}
   1075 
   1076 	count = 3;
   1077 	if (parse.ric)
   1078 		count += ieee802_11_ie_count(parse.ric, parse.ric_len);
   1079 	if (ftie->mic_control[1] != count) {
   1080 		wpa_printf(MSG_DEBUG, "FT: Unexpected IE count in MIC "
   1081 			   "Control: received %u expected %u",
   1082 			   ftie->mic_control[1], count);
   1083 		return -1;
   1084 	}
   1085 
   1086 	if (wpa_ft_mic(sm->PTK.kck, sm->addr, sm->wpa_auth->addr, 5,
   1087 		       parse.mdie - 2, parse.mdie_len + 2,
   1088 		       parse.ftie - 2, parse.ftie_len + 2,
   1089 		       parse.rsn - 2, parse.rsn_len + 2,
   1090 		       parse.ric, parse.ric_len,
   1091 		       mic) < 0) {
   1092 		wpa_printf(MSG_DEBUG, "FT: Failed to calculate MIC");
   1093 		return WLAN_STATUS_UNSPECIFIED_FAILURE;
   1094 	}
   1095 
   1096 	if (os_memcmp(mic, ftie->mic, 16) != 0) {
   1097 		wpa_printf(MSG_DEBUG, "FT: Invalid MIC in FTIE");
   1098 		wpa_printf(MSG_DEBUG, "FT: addr=" MACSTR " auth_addr=" MACSTR,
   1099 			   MAC2STR(sm->addr), MAC2STR(sm->wpa_auth->addr));
   1100 		wpa_hexdump(MSG_MSGDUMP, "FT: Received MIC", ftie->mic, 16);
   1101 		wpa_hexdump(MSG_MSGDUMP, "FT: Calculated MIC", mic, 16);
   1102 		wpa_hexdump(MSG_MSGDUMP, "FT: MDIE",
   1103 			    parse.mdie - 2, parse.mdie_len + 2);
   1104 		wpa_hexdump(MSG_MSGDUMP, "FT: FTIE",
   1105 			    parse.ftie - 2, parse.ftie_len + 2);
   1106 		wpa_hexdump(MSG_MSGDUMP, "FT: RSN",
   1107 			    parse.rsn - 2, parse.rsn_len + 2);
   1108 		return WLAN_STATUS_INVALID_FTIE;
   1109 	}
   1110 
   1111 	return WLAN_STATUS_SUCCESS;
   1112 }
   1113 
   1114 
   1115 int wpa_ft_action_rx(struct wpa_state_machine *sm, const u8 *data, size_t len)
   1116 {
   1117 	const u8 *sta_addr, *target_ap;
   1118 	const u8 *ies;
   1119 	size_t ies_len;
   1120 	u8 action;
   1121 	struct ft_rrb_frame *frame;
   1122 
   1123 	if (sm == NULL)
   1124 		return -1;
   1125 
   1126 	/*
   1127 	 * data: Category[1] Action[1] STA_Address[6] Target_AP_Address[6]
   1128 	 * FT Request action frame body[variable]
   1129 	 */
   1130 
   1131 	if (len < 14) {
   1132 		wpa_printf(MSG_DEBUG, "FT: Too short FT Action frame "
   1133 			   "(len=%lu)", (unsigned long) len);
   1134 		return -1;
   1135 	}
   1136 
   1137 	action = data[1];
   1138 	sta_addr = data + 2;
   1139 	target_ap = data + 8;
   1140 	ies = data + 14;
   1141 	ies_len = len - 14;
   1142 
   1143 	wpa_printf(MSG_DEBUG, "FT: Received FT Action frame (STA=" MACSTR
   1144 		   " Target AP=" MACSTR " Action=%d)",
   1145 		   MAC2STR(sta_addr), MAC2STR(target_ap), action);
   1146 
   1147 	if (os_memcmp(sta_addr, sm->addr, ETH_ALEN) != 0) {
   1148 		wpa_printf(MSG_DEBUG, "FT: Mismatch in FT Action STA address: "
   1149 			   "STA=" MACSTR " STA-Address=" MACSTR,
   1150 			   MAC2STR(sm->addr), MAC2STR(sta_addr));
   1151 		return -1;
   1152 	}
   1153 
   1154 	/*
   1155 	 * Do some sanity checking on the target AP address (not own and not
   1156 	 * broadcast. This could be extended to filter based on a list of known
   1157 	 * APs in the MD (if such a list were configured).
   1158 	 */
   1159 	if ((target_ap[0] & 0x01) ||
   1160 	    os_memcmp(target_ap, sm->wpa_auth->addr, ETH_ALEN) == 0) {
   1161 		wpa_printf(MSG_DEBUG, "FT: Invalid Target AP in FT Action "
   1162 			   "frame");
   1163 		return -1;
   1164 	}
   1165 
   1166 	wpa_hexdump(MSG_MSGDUMP, "FT: Action frame body", ies, ies_len);
   1167 
   1168 	/* RRB - Forward action frame to the target AP */
   1169 	frame = os_malloc(sizeof(*frame) + len);
   1170 	if (frame == NULL)
   1171 		return -1;
   1172 	frame->frame_type = RSN_REMOTE_FRAME_TYPE_FT_RRB;
   1173 	frame->packet_type = FT_PACKET_REQUEST;
   1174 	frame->action_length = host_to_le16(len);
   1175 	os_memcpy(frame->ap_address, sm->wpa_auth->addr, ETH_ALEN);
   1176 	os_memcpy(frame + 1, data, len);
   1177 
   1178 	wpa_ft_rrb_send(sm->wpa_auth, target_ap, (u8 *) frame,
   1179 			sizeof(*frame) + len);
   1180 	os_free(frame);
   1181 
   1182 	return 0;
   1183 }
   1184 
   1185 
   1186 static int wpa_ft_rrb_rx_request(struct wpa_authenticator *wpa_auth,
   1187 				 const u8 *current_ap, const u8 *sta_addr,
   1188 				 const u8 *body, size_t len)
   1189 {
   1190 	struct wpa_state_machine *sm;
   1191 	u16 status;
   1192 	u8 *resp_ies, *pos;
   1193 	size_t resp_ies_len, rlen;
   1194 	struct ft_rrb_frame *frame;
   1195 
   1196 	sm = wpa_ft_add_sta(wpa_auth, sta_addr);
   1197 	if (sm == NULL) {
   1198 		wpa_printf(MSG_DEBUG, "FT: Failed to add new STA based on "
   1199 			   "RRB Request");
   1200 		return -1;
   1201 	}
   1202 
   1203 	wpa_hexdump(MSG_MSGDUMP, "FT: RRB Request Frame body", body, len);
   1204 
   1205 	status = wpa_ft_process_auth_req(sm, body, len, &resp_ies,
   1206 					 &resp_ies_len);
   1207 
   1208 	wpa_printf(MSG_DEBUG, "FT: RRB authentication response: STA=" MACSTR
   1209 		   " CurrentAP=" MACSTR " status=%d",
   1210 		   MAC2STR(sm->addr), MAC2STR(current_ap), status);
   1211 	wpa_hexdump(MSG_DEBUG, "FT: Response IEs", resp_ies, resp_ies_len);
   1212 
   1213 	/* RRB - Forward action frame response to the Current AP */
   1214 
   1215 	/*
   1216 	 * data: Category[1] Action[1] STA_Address[6] Target_AP_Address[6]
   1217 	 * Status_Code[2] FT Request action frame body[variable]
   1218 	 */
   1219 	rlen = 2 + 2 * ETH_ALEN + 2 + resp_ies_len;
   1220 
   1221 	frame = os_malloc(sizeof(*frame) + rlen);
   1222 	if (frame == NULL) {
   1223 		os_free(resp_ies);
   1224 		return -1;
   1225 	}
   1226 	frame->frame_type = RSN_REMOTE_FRAME_TYPE_FT_RRB;
   1227 	frame->packet_type = FT_PACKET_RESPONSE;
   1228 	frame->action_length = host_to_le16(rlen);
   1229 	os_memcpy(frame->ap_address, wpa_auth->addr, ETH_ALEN);
   1230 	pos = (u8 *) (frame + 1);
   1231 	*pos++ = WLAN_ACTION_FT;
   1232 	*pos++ = 2; /* Action: Response */
   1233 	os_memcpy(pos, sta_addr, ETH_ALEN);
   1234 	pos += ETH_ALEN;
   1235 	os_memcpy(pos, wpa_auth->addr, ETH_ALEN);
   1236 	pos += ETH_ALEN;
   1237 	WPA_PUT_LE16(pos, status);
   1238 	pos += 2;
   1239 	if (resp_ies) {
   1240 		os_memcpy(pos, resp_ies, resp_ies_len);
   1241 		os_free(resp_ies);
   1242 	}
   1243 
   1244 	wpa_ft_rrb_send(wpa_auth, current_ap, (u8 *) frame,
   1245 			sizeof(*frame) + rlen);
   1246 	os_free(frame);
   1247 
   1248 	return 0;
   1249 }
   1250 
   1251 
   1252 static int wpa_ft_rrb_rx_pull(struct wpa_authenticator *wpa_auth,
   1253 			      const u8 *src_addr,
   1254 			      const u8 *data, size_t data_len)
   1255 {
   1256 	struct ft_r0kh_r1kh_pull_frame *frame, f;
   1257 	struct ft_remote_r1kh *r1kh;
   1258 	struct ft_r0kh_r1kh_resp_frame resp, r;
   1259 	u8 pmk_r0[PMK_LEN];
   1260 	int pairwise;
   1261 
   1262 	wpa_printf(MSG_DEBUG, "FT: Received PMK-R1 pull");
   1263 
   1264 	if (data_len < sizeof(*frame))
   1265 		return -1;
   1266 
   1267 	r1kh = wpa_auth->conf.r1kh_list;
   1268 	while (r1kh) {
   1269 		if (os_memcmp(r1kh->addr, src_addr, ETH_ALEN) == 0)
   1270 			break;
   1271 		r1kh = r1kh->next;
   1272 	}
   1273 	if (r1kh == NULL) {
   1274 		wpa_printf(MSG_DEBUG, "FT: No matching R1KH address found for "
   1275 			   "PMK-R1 pull source address " MACSTR,
   1276 			   MAC2STR(src_addr));
   1277 		return -1;
   1278 	}
   1279 
   1280 	frame = (struct ft_r0kh_r1kh_pull_frame *) data;
   1281 	/* aes_unwrap() does not support inplace decryption, so use a temporary
   1282 	 * buffer for the data. */
   1283 	if (aes_unwrap(r1kh->key, (FT_R0KH_R1KH_PULL_DATA_LEN + 7) / 8,
   1284 		       frame->nonce, f.nonce) < 0) {
   1285 		wpa_printf(MSG_DEBUG, "FT: Failed to decrypt PMK-R1 pull "
   1286 			   "request from " MACSTR, MAC2STR(src_addr));
   1287 		return -1;
   1288 	}
   1289 
   1290 	wpa_hexdump(MSG_DEBUG, "FT: PMK-R1 pull - nonce",
   1291 		    f.nonce, sizeof(f.nonce));
   1292 	wpa_hexdump(MSG_DEBUG, "FT: PMK-R1 pull - PMKR0Name",
   1293 		    f.pmk_r0_name, WPA_PMK_NAME_LEN);
   1294 	wpa_printf(MSG_DEBUG, "FT: PMK-R1 pull - R1KH-ID=" MACSTR "S1KH-ID="
   1295 		   MACSTR, MAC2STR(f.r1kh_id), MAC2STR(f.s1kh_id));
   1296 
   1297 	os_memset(&resp, 0, sizeof(resp));
   1298 	resp.frame_type = RSN_REMOTE_FRAME_TYPE_FT_RRB;
   1299 	resp.packet_type = FT_PACKET_R0KH_R1KH_RESP;
   1300 	resp.data_length = host_to_le16(FT_R0KH_R1KH_RESP_DATA_LEN);
   1301 	os_memcpy(resp.ap_address, wpa_auth->addr, ETH_ALEN);
   1302 
   1303 	/* aes_wrap() does not support inplace encryption, so use a temporary
   1304 	 * buffer for the data. */
   1305 	os_memcpy(r.nonce, f.nonce, sizeof(f.nonce));
   1306 	os_memcpy(r.r1kh_id, f.r1kh_id, FT_R1KH_ID_LEN);
   1307 	os_memcpy(r.s1kh_id, f.s1kh_id, ETH_ALEN);
   1308 	if (wpa_ft_fetch_pmk_r0(wpa_auth, f.s1kh_id, f.pmk_r0_name, pmk_r0,
   1309 				&pairwise) < 0) {
   1310 		wpa_printf(MSG_DEBUG, "FT: No matching PMKR0Name found for "
   1311 			   "PMK-R1 pull");
   1312 		return -1;
   1313 	}
   1314 
   1315 	wpa_derive_pmk_r1(pmk_r0, f.pmk_r0_name, f.r1kh_id, f.s1kh_id,
   1316 			  r.pmk_r1, r.pmk_r1_name);
   1317 	wpa_hexdump_key(MSG_DEBUG, "FT: PMK-R1", r.pmk_r1, PMK_LEN);
   1318 	wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name", r.pmk_r1_name,
   1319 		    WPA_PMK_NAME_LEN);
   1320 	r.pairwise = host_to_le16(pairwise);
   1321 	os_memset(r.pad, 0, sizeof(r.pad));
   1322 
   1323 	if (aes_wrap(r1kh->key, (FT_R0KH_R1KH_RESP_DATA_LEN + 7) / 8,
   1324 		     r.nonce, resp.nonce) < 0) {
   1325 		os_memset(pmk_r0, 0, PMK_LEN);
   1326 		return -1;
   1327 	}
   1328 
   1329 	os_memset(pmk_r0, 0, PMK_LEN);
   1330 
   1331 	wpa_ft_rrb_send(wpa_auth, src_addr, (u8 *) &resp, sizeof(resp));
   1332 
   1333 	return 0;
   1334 }
   1335 
   1336 
   1337 static int wpa_ft_rrb_rx_resp(struct wpa_authenticator *wpa_auth,
   1338 			      const u8 *src_addr,
   1339 			      const u8 *data, size_t data_len)
   1340 {
   1341 	struct ft_r0kh_r1kh_resp_frame *frame, f;
   1342 	struct ft_remote_r0kh *r0kh;
   1343 	int pairwise;
   1344 
   1345 	wpa_printf(MSG_DEBUG, "FT: Received PMK-R1 pull response");
   1346 
   1347 	if (data_len < sizeof(*frame))
   1348 		return -1;
   1349 
   1350 	r0kh = wpa_auth->conf.r0kh_list;
   1351 	while (r0kh) {
   1352 		if (os_memcmp(r0kh->addr, src_addr, ETH_ALEN) == 0)
   1353 			break;
   1354 		r0kh = r0kh->next;
   1355 	}
   1356 	if (r0kh == NULL) {
   1357 		wpa_printf(MSG_DEBUG, "FT: No matching R0KH address found for "
   1358 			   "PMK-R0 pull response source address " MACSTR,
   1359 			   MAC2STR(src_addr));
   1360 		return -1;
   1361 	}
   1362 
   1363 	frame = (struct ft_r0kh_r1kh_resp_frame *) data;
   1364 	/* aes_unwrap() does not support inplace decryption, so use a temporary
   1365 	 * buffer for the data. */
   1366 	if (aes_unwrap(r0kh->key, (FT_R0KH_R1KH_RESP_DATA_LEN + 7) / 8,
   1367 		       frame->nonce, f.nonce) < 0) {
   1368 		wpa_printf(MSG_DEBUG, "FT: Failed to decrypt PMK-R1 pull "
   1369 			   "response from " MACSTR, MAC2STR(src_addr));
   1370 		return -1;
   1371 	}
   1372 
   1373 	if (os_memcmp(f.r1kh_id, wpa_auth->conf.r1_key_holder, FT_R1KH_ID_LEN)
   1374 	    != 0) {
   1375 		wpa_printf(MSG_DEBUG, "FT: PMK-R1 pull response did not use a "
   1376 			   "matching R1KH-ID");
   1377 		return -1;
   1378 	}
   1379 
   1380 	/* TODO: verify that <nonce,s1kh_id> matches with a pending request
   1381 	 * and call this requests callback function to finish request
   1382 	 * processing */
   1383 
   1384 	pairwise = le_to_host16(f.pairwise);
   1385 	wpa_hexdump(MSG_DEBUG, "FT: PMK-R1 pull - nonce",
   1386 		    f.nonce, sizeof(f.nonce));
   1387 	wpa_printf(MSG_DEBUG, "FT: PMK-R1 pull - R1KH-ID=" MACSTR "S1KH-ID="
   1388 		   MACSTR " pairwise=0x%x",
   1389 		   MAC2STR(f.r1kh_id), MAC2STR(f.s1kh_id), pairwise);
   1390 	wpa_hexdump_key(MSG_DEBUG, "FT: PMK-R1 pull - PMK-R1",
   1391 			f.pmk_r1, PMK_LEN);
   1392 	wpa_hexdump(MSG_DEBUG, "FT: PMK-R1 pull - PMKR1Name",
   1393 			f.pmk_r1_name, WPA_PMK_NAME_LEN);
   1394 
   1395 	wpa_ft_store_pmk_r1(wpa_auth, f.s1kh_id, f.pmk_r1, f.pmk_r1_name,
   1396 			    pairwise);
   1397 	os_memset(f.pmk_r1, 0, PMK_LEN);
   1398 
   1399 	return 0;
   1400 }
   1401 
   1402 
   1403 static int wpa_ft_rrb_rx_push(struct wpa_authenticator *wpa_auth,
   1404 			      const u8 *src_addr,
   1405 			      const u8 *data, size_t data_len)
   1406 {
   1407 	struct ft_r0kh_r1kh_push_frame *frame, f;
   1408 	struct ft_remote_r0kh *r0kh;
   1409 	struct os_time now;
   1410 	os_time_t tsend;
   1411 	int pairwise;
   1412 
   1413 	wpa_printf(MSG_DEBUG, "FT: Received PMK-R1 push");
   1414 
   1415 	if (data_len < sizeof(*frame))
   1416 		return -1;
   1417 
   1418 	r0kh = wpa_auth->conf.r0kh_list;
   1419 	while (r0kh) {
   1420 		if (os_memcmp(r0kh->addr, src_addr, ETH_ALEN) == 0)
   1421 			break;
   1422 		r0kh = r0kh->next;
   1423 	}
   1424 	if (r0kh == NULL) {
   1425 		wpa_printf(MSG_DEBUG, "FT: No matching R0KH address found for "
   1426 			   "PMK-R0 push source address " MACSTR,
   1427 			   MAC2STR(src_addr));
   1428 		return -1;
   1429 	}
   1430 
   1431 	frame = (struct ft_r0kh_r1kh_push_frame *) data;
   1432 	/* aes_unwrap() does not support inplace decryption, so use a temporary
   1433 	 * buffer for the data. */
   1434 	if (aes_unwrap(r0kh->key, (FT_R0KH_R1KH_PUSH_DATA_LEN + 7) / 8,
   1435 		       frame->timestamp, f.timestamp) < 0) {
   1436 		wpa_printf(MSG_DEBUG, "FT: Failed to decrypt PMK-R1 push from "
   1437 			   MACSTR, MAC2STR(src_addr));
   1438 		return -1;
   1439 	}
   1440 
   1441 	os_get_time(&now);
   1442 	tsend = WPA_GET_LE32(f.timestamp);
   1443 	if ((now.sec > tsend && now.sec - tsend > 60) ||
   1444 	    (now.sec < tsend && tsend - now.sec > 60)) {
   1445 		wpa_printf(MSG_DEBUG, "FT: PMK-R1 push did not have a valid "
   1446 			   "timestamp: sender time %d own time %d\n",
   1447 			   (int) tsend, (int) now.sec);
   1448 		return -1;
   1449 	}
   1450 
   1451 	if (os_memcmp(f.r1kh_id, wpa_auth->conf.r1_key_holder, FT_R1KH_ID_LEN)
   1452 	    != 0) {
   1453 		wpa_printf(MSG_DEBUG, "FT: PMK-R1 push did not use a matching "
   1454 			   "R1KH-ID (received " MACSTR " own " MACSTR ")",
   1455 			   MAC2STR(f.r1kh_id),
   1456 			   MAC2STR(wpa_auth->conf.r1_key_holder));
   1457 		return -1;
   1458 	}
   1459 
   1460 	pairwise = le_to_host16(f.pairwise);
   1461 	wpa_printf(MSG_DEBUG, "FT: PMK-R1 push - R1KH-ID=" MACSTR " S1KH-ID="
   1462 		   MACSTR " pairwise=0x%x",
   1463 		   MAC2STR(f.r1kh_id), MAC2STR(f.s1kh_id), pairwise);
   1464 	wpa_hexdump_key(MSG_DEBUG, "FT: PMK-R1 push - PMK-R1",
   1465 			f.pmk_r1, PMK_LEN);
   1466 	wpa_hexdump(MSG_DEBUG, "FT: PMK-R1 push - PMKR1Name",
   1467 			f.pmk_r1_name, WPA_PMK_NAME_LEN);
   1468 
   1469 	wpa_ft_store_pmk_r1(wpa_auth, f.s1kh_id, f.pmk_r1, f.pmk_r1_name,
   1470 			    pairwise);
   1471 	os_memset(f.pmk_r1, 0, PMK_LEN);
   1472 
   1473 	return 0;
   1474 }
   1475 
   1476 
   1477 int wpa_ft_rrb_rx(struct wpa_authenticator *wpa_auth, const u8 *src_addr,
   1478 		  const u8 *data, size_t data_len)
   1479 {
   1480 	struct ft_rrb_frame *frame;
   1481 	u16 alen;
   1482 	const u8 *pos, *end, *start;
   1483 	u8 action;
   1484 	const u8 *sta_addr, *target_ap_addr;
   1485 
   1486 	wpa_printf(MSG_DEBUG, "FT: RRB received frame from remote AP " MACSTR,
   1487 		   MAC2STR(src_addr));
   1488 
   1489 	if (data_len < sizeof(*frame)) {
   1490 		wpa_printf(MSG_DEBUG, "FT: Too short RRB frame (data_len=%lu)",
   1491 			   (unsigned long) data_len);
   1492 		return -1;
   1493 	}
   1494 
   1495 	pos = data;
   1496 	frame = (struct ft_rrb_frame *) pos;
   1497 	pos += sizeof(*frame);
   1498 
   1499 	alen = le_to_host16(frame->action_length);
   1500 	wpa_printf(MSG_DEBUG, "FT: RRB frame - frame_type=%d packet_type=%d "
   1501 		   "action_length=%d ap_address=" MACSTR,
   1502 		   frame->frame_type, frame->packet_type, alen,
   1503 		   MAC2STR(frame->ap_address));
   1504 
   1505 	if (frame->frame_type != RSN_REMOTE_FRAME_TYPE_FT_RRB) {
   1506 		/* Discard frame per IEEE Std 802.11r-2008, 11A.10.3 */
   1507 		wpa_printf(MSG_DEBUG, "FT: RRB discarded frame with "
   1508 			   "unrecognized type %d", frame->frame_type);
   1509 		return -1;
   1510 	}
   1511 
   1512 	if (alen > data_len - sizeof(*frame)) {
   1513 		wpa_printf(MSG_DEBUG, "FT: RRB frame too short for action "
   1514 			   "frame");
   1515 		return -1;
   1516 	}
   1517 
   1518 	if (frame->packet_type == FT_PACKET_R0KH_R1KH_PULL)
   1519 		return wpa_ft_rrb_rx_pull(wpa_auth, src_addr, data, data_len);
   1520 	if (frame->packet_type == FT_PACKET_R0KH_R1KH_RESP)
   1521 		return wpa_ft_rrb_rx_resp(wpa_auth, src_addr, data, data_len);
   1522 	if (frame->packet_type == FT_PACKET_R0KH_R1KH_PUSH)
   1523 		return wpa_ft_rrb_rx_push(wpa_auth, src_addr, data, data_len);
   1524 
   1525 	wpa_hexdump(MSG_MSGDUMP, "FT: RRB - FT Action frame", pos, alen);
   1526 
   1527 	if (alen < 1 + 1 + 2 * ETH_ALEN) {
   1528 		wpa_printf(MSG_DEBUG, "FT: Too short RRB frame (not enough "
   1529 			   "room for Action Frame body); alen=%lu",
   1530 			   (unsigned long) alen);
   1531 		return -1;
   1532 	}
   1533 	start = pos;
   1534 	end = pos + alen;
   1535 
   1536 	if (*pos != WLAN_ACTION_FT) {
   1537 		wpa_printf(MSG_DEBUG, "FT: Unexpected Action frame category "
   1538 			   "%d", *pos);
   1539 		return -1;
   1540 	}
   1541 
   1542 	pos++;
   1543 	action = *pos++;
   1544 	sta_addr = pos;
   1545 	pos += ETH_ALEN;
   1546 	target_ap_addr = pos;
   1547 	pos += ETH_ALEN;
   1548 	wpa_printf(MSG_DEBUG, "FT: RRB Action Frame: action=%d sta_addr="
   1549 		   MACSTR " target_ap_addr=" MACSTR,
   1550 		   action, MAC2STR(sta_addr), MAC2STR(target_ap_addr));
   1551 
   1552 	if (frame->packet_type == FT_PACKET_REQUEST) {
   1553 		wpa_printf(MSG_DEBUG, "FT: FT Packet Type - Request");
   1554 
   1555 		if (action != 1) {
   1556 			wpa_printf(MSG_DEBUG, "FT: Unexpected Action %d in "
   1557 				   "RRB Request", action);
   1558 			return -1;
   1559 		}
   1560 
   1561 		if (os_memcmp(target_ap_addr, wpa_auth->addr, ETH_ALEN) != 0) {
   1562 			wpa_printf(MSG_DEBUG, "FT: Target AP address in the "
   1563 				   "RRB Request does not match with own "
   1564 				   "address");
   1565 			return -1;
   1566 		}
   1567 
   1568 		if (wpa_ft_rrb_rx_request(wpa_auth, frame->ap_address,
   1569 					  sta_addr, pos, end - pos) < 0)
   1570 			return -1;
   1571 	} else if (frame->packet_type == FT_PACKET_RESPONSE) {
   1572 		u16 status_code;
   1573 
   1574 		if (end - pos < 2) {
   1575 			wpa_printf(MSG_DEBUG, "FT: Not enough room for status "
   1576 				   "code in RRB Response");
   1577 			return -1;
   1578 		}
   1579 		status_code = WPA_GET_LE16(pos);
   1580 		pos += 2;
   1581 
   1582 		wpa_printf(MSG_DEBUG, "FT: FT Packet Type - Response "
   1583 			   "(status_code=%d)", status_code);
   1584 
   1585 		if (wpa_ft_action_send(wpa_auth, sta_addr, start, alen) < 0)
   1586 			return -1;
   1587 	} else {
   1588 		wpa_printf(MSG_DEBUG, "FT: RRB discarded frame with unknown "
   1589 			   "packet_type %d", frame->packet_type);
   1590 		return -1;
   1591 	}
   1592 
   1593 	return 0;
   1594 }
   1595 
   1596 
   1597 static void wpa_ft_generate_pmk_r1(struct wpa_authenticator *wpa_auth,
   1598 				   struct wpa_ft_pmk_r0_sa *pmk_r0,
   1599 				   struct ft_remote_r1kh *r1kh,
   1600 				   const u8 *s1kh_id, int pairwise)
   1601 {
   1602 	struct ft_r0kh_r1kh_push_frame frame, f;
   1603 	struct os_time now;
   1604 
   1605 	os_memset(&frame, 0, sizeof(frame));
   1606 	frame.frame_type = RSN_REMOTE_FRAME_TYPE_FT_RRB;
   1607 	frame.packet_type = FT_PACKET_R0KH_R1KH_PUSH;
   1608 	frame.data_length = host_to_le16(FT_R0KH_R1KH_PUSH_DATA_LEN);
   1609 	os_memcpy(frame.ap_address, wpa_auth->addr, ETH_ALEN);
   1610 
   1611 	/* aes_wrap() does not support inplace encryption, so use a temporary
   1612 	 * buffer for the data. */
   1613 	os_memcpy(f.r1kh_id, r1kh->id, FT_R1KH_ID_LEN);
   1614 	os_memcpy(f.s1kh_id, s1kh_id, ETH_ALEN);
   1615 	os_memcpy(f.pmk_r0_name, pmk_r0->pmk_r0_name, WPA_PMK_NAME_LEN);
   1616 	wpa_derive_pmk_r1(pmk_r0->pmk_r0, pmk_r0->pmk_r0_name, r1kh->id,
   1617 			  s1kh_id, f.pmk_r1, f.pmk_r1_name);
   1618 	wpa_printf(MSG_DEBUG, "FT: R1KH-ID " MACSTR, MAC2STR(r1kh->id));
   1619 	wpa_hexdump_key(MSG_DEBUG, "FT: PMK-R1", f.pmk_r1, PMK_LEN);
   1620 	wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name", f.pmk_r1_name,
   1621 		    WPA_PMK_NAME_LEN);
   1622 	os_get_time(&now);
   1623 	WPA_PUT_LE32(f.timestamp, now.sec);
   1624 	f.pairwise = host_to_le16(pairwise);
   1625 	os_memset(f.pad, 0, sizeof(f.pad));
   1626 	if (aes_wrap(r1kh->key, (FT_R0KH_R1KH_PUSH_DATA_LEN + 7) / 8,
   1627 		     f.timestamp, frame.timestamp) < 0)
   1628 		return;
   1629 
   1630 	wpa_ft_rrb_send(wpa_auth, r1kh->addr, (u8 *) &frame, sizeof(frame));
   1631 }
   1632 
   1633 
   1634 void wpa_ft_push_pmk_r1(struct wpa_authenticator *wpa_auth, const u8 *addr)
   1635 {
   1636 	struct wpa_ft_pmk_r0_sa *r0;
   1637 	struct ft_remote_r1kh *r1kh;
   1638 
   1639 	if (!wpa_auth->conf.pmk_r1_push)
   1640 		return;
   1641 
   1642 	r0 = wpa_auth->ft_pmk_cache->pmk_r0;
   1643 	while (r0) {
   1644 		if (os_memcmp(r0->spa, addr, ETH_ALEN) == 0)
   1645 			break;
   1646 		r0 = r0->next;
   1647 	}
   1648 
   1649 	if (r0 == NULL || r0->pmk_r1_pushed)
   1650 		return;
   1651 	r0->pmk_r1_pushed = 1;
   1652 
   1653 	wpa_printf(MSG_DEBUG, "FT: Deriving and pushing PMK-R1 keys to R1KHs "
   1654 		   "for STA " MACSTR, MAC2STR(addr));
   1655 
   1656 	r1kh = wpa_auth->conf.r1kh_list;
   1657 	while (r1kh) {
   1658 		wpa_ft_generate_pmk_r1(wpa_auth, r0, r1kh, addr, r0->pairwise);
   1659 		r1kh = r1kh->next;
   1660 	}
   1661 }
   1662 
   1663 #endif /* CONFIG_IEEE80211R */
   1664