1 /* 2 * hostapd - IEEE 802.11r - Fast BSS Transition 3 * Copyright (c) 2004-2015, Jouni Malinen <j (at) w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9 #include "utils/includes.h" 10 11 #include "utils/common.h" 12 #include "utils/eloop.h" 13 #include "utils/list.h" 14 #include "common/ieee802_11_defs.h" 15 #include "common/ieee802_11_common.h" 16 #include "crypto/aes.h" 17 #include "crypto/aes_siv.h" 18 #include "crypto/aes_wrap.h" 19 #include "crypto/random.h" 20 #include "ap_config.h" 21 #include "ieee802_11.h" 22 #include "wmm.h" 23 #include "wpa_auth.h" 24 #include "wpa_auth_i.h" 25 26 27 #ifdef CONFIG_IEEE80211R_AP 28 29 const unsigned int ftRRBseqTimeout = 10; 30 const unsigned int ftRRBmaxQueueLen = 100; 31 32 33 static int wpa_ft_send_rrb_auth_resp(struct wpa_state_machine *sm, 34 const u8 *current_ap, const u8 *sta_addr, 35 u16 status, const u8 *resp_ies, 36 size_t resp_ies_len); 37 static void ft_finish_pull(struct wpa_state_machine *sm); 38 static void wpa_ft_expire_pull(void *eloop_ctx, void *timeout_ctx); 39 static void wpa_ft_rrb_seq_timeout(void *eloop_ctx, void *timeout_ctx); 40 41 struct tlv_list { 42 u16 type; 43 size_t len; 44 const u8 *data; 45 }; 46 47 48 /** 49 * wpa_ft_rrb_decrypt - Decrypt FT RRB message 50 * @key: AES-SIV key for AEAD 51 * @key_len: Length of key in octets 52 * @enc: Pointer to encrypted TLVs 53 * @enc_len: Length of encrypted TLVs in octets 54 * @auth: Pointer to authenticated TLVs 55 * @auth_len: Length of authenticated TLVs in octets 56 * @src_addr: MAC address of the frame sender 57 * @type: Vendor-specific subtype of the RRB frame (FT_PACKET_*) 58 * @plain: Pointer to return the pointer to the allocated plaintext buffer; 59 * needs to be freed by the caller if not NULL; 60 * will only be returned on success 61 * @plain_len: Pointer to return the length of the allocated plaintext buffer 62 * in octets 63 * Returns: 0 on success, -1 on error 64 */ 65 static int wpa_ft_rrb_decrypt(const u8 *key, const size_t key_len, 66 const u8 *enc, const size_t enc_len, 67 const u8 *auth, const size_t auth_len, 68 const u8 *src_addr, u8 type, 69 u8 **plain, size_t *plain_size) 70 { 71 const u8 *ad[3] = { src_addr, auth, &type }; 72 size_t ad_len[3] = { ETH_ALEN, auth_len, sizeof(type) }; 73 74 wpa_hexdump_key(MSG_DEBUG, "FT(RRB): decrypt using key", key, key_len); 75 76 if (!key) { /* skip decryption */ 77 *plain = os_memdup(enc, enc_len); 78 if (enc_len > 0 && !*plain) 79 goto err; 80 81 *plain_size = enc_len; 82 83 return 0; 84 } 85 86 *plain = NULL; 87 88 /* SIV overhead */ 89 if (enc_len < AES_BLOCK_SIZE) 90 goto err; 91 92 *plain = os_zalloc(enc_len - AES_BLOCK_SIZE); 93 if (!*plain) 94 goto err; 95 96 if (aes_siv_decrypt(key, key_len, enc, enc_len, 3, ad, ad_len, 97 *plain) < 0) 98 goto err; 99 100 *plain_size = enc_len - AES_BLOCK_SIZE; 101 wpa_hexdump_key(MSG_DEBUG, "FT(RRB): decrypted TLVs", 102 *plain, *plain_size); 103 return 0; 104 err: 105 os_free(*plain); 106 *plain = NULL; 107 *plain_size = 0; 108 109 wpa_printf(MSG_ERROR, "FT(RRB): Failed to decrypt"); 110 111 return -1; 112 } 113 114 115 /* get first tlv record in packet matching type 116 * @data (decrypted) packet 117 * @return 0 on success else -1 118 */ 119 static int wpa_ft_rrb_get_tlv(const u8 *plain, size_t plain_len, 120 u16 type, size_t *tlv_len, const u8 **tlv_data) 121 { 122 const struct ft_rrb_tlv *f; 123 size_t left; 124 le16 type16; 125 size_t len; 126 127 left = plain_len; 128 type16 = host_to_le16(type); 129 130 while (left >= sizeof(*f)) { 131 f = (const struct ft_rrb_tlv *) plain; 132 133 left -= sizeof(*f); 134 plain += sizeof(*f); 135 len = le_to_host16(f->len); 136 137 if (left < len) { 138 wpa_printf(MSG_DEBUG, "FT: RRB message truncated"); 139 break; 140 } 141 142 if (f->type == type16) { 143 *tlv_len = len; 144 *tlv_data = plain; 145 return 0; 146 } 147 148 left -= len; 149 plain += len; 150 } 151 152 return -1; 153 } 154 155 156 static void wpa_ft_rrb_dump(const u8 *plain, const size_t plain_len) 157 { 158 const struct ft_rrb_tlv *f; 159 size_t left; 160 size_t len; 161 162 left = plain_len; 163 164 wpa_printf(MSG_DEBUG, "FT: RRB dump message"); 165 while (left >= sizeof(*f)) { 166 f = (const struct ft_rrb_tlv *) plain; 167 168 left -= sizeof(*f); 169 plain += sizeof(*f); 170 len = le_to_host16(f->len); 171 172 wpa_printf(MSG_DEBUG, "FT: RRB TLV type = %d, len = %zu", 173 le_to_host16(f->type), len); 174 175 if (left < len) { 176 wpa_printf(MSG_DEBUG, 177 "FT: RRB message truncated: left %zu bytes, need %zu", 178 left, len); 179 break; 180 } 181 182 wpa_hexdump(MSG_DEBUG, "FT: RRB TLV data", plain, len); 183 184 left -= len; 185 plain += len; 186 } 187 188 if (left > 0) 189 wpa_hexdump(MSG_DEBUG, "FT: RRB TLV padding", plain, left); 190 191 wpa_printf(MSG_DEBUG, "FT: RRB dump message end"); 192 } 193 194 195 static size_t wpa_ft_tlv_len(const struct tlv_list *tlvs) 196 { 197 size_t tlv_len = 0; 198 int i; 199 200 if (!tlvs) 201 return 0; 202 203 for (i = 0; tlvs[i].type != FT_RRB_LAST_EMPTY; i++) { 204 tlv_len += sizeof(struct ft_rrb_tlv); 205 tlv_len += tlvs[i].len; 206 } 207 208 return tlv_len; 209 } 210 211 212 static size_t wpa_ft_tlv_lin(const struct tlv_list *tlvs, u8 *start, 213 u8 *endpos) 214 { 215 int i; 216 size_t tlv_len; 217 struct ft_rrb_tlv *hdr; 218 u8 *pos; 219 220 if (!tlvs) 221 return 0; 222 223 tlv_len = 0; 224 pos = start; 225 for (i = 0; tlvs[i].type != FT_RRB_LAST_EMPTY; i++) { 226 if (tlv_len + sizeof(*hdr) > (size_t) (endpos - start)) 227 return tlv_len; 228 tlv_len += sizeof(*hdr); 229 hdr = (struct ft_rrb_tlv *) pos; 230 hdr->type = host_to_le16(tlvs[i].type); 231 hdr->len = host_to_le16(tlvs[i].len); 232 pos = start + tlv_len; 233 234 if (tlv_len + tlvs[i].len > (size_t) (endpos - start)) 235 return tlv_len; 236 tlv_len += tlvs[i].len; 237 os_memcpy(pos, tlvs[i].data, tlvs[i].len); 238 pos = start + tlv_len; 239 } 240 241 return tlv_len; 242 } 243 244 245 static int wpa_ft_rrb_lin(const struct tlv_list *tlvs1, 246 const struct tlv_list *tlvs2, 247 u8 **plain, size_t *plain_len) 248 { 249 u8 *pos, *endpos; 250 size_t tlv_len; 251 252 tlv_len = wpa_ft_tlv_len(tlvs1); 253 tlv_len += wpa_ft_tlv_len(tlvs2); 254 255 *plain_len = tlv_len; 256 *plain = os_zalloc(tlv_len); 257 if (!*plain) { 258 wpa_printf(MSG_ERROR, "FT: Failed to allocate plaintext"); 259 goto err; 260 } 261 262 pos = *plain; 263 endpos = *plain + tlv_len; 264 pos += wpa_ft_tlv_lin(tlvs1, pos, endpos); 265 pos += wpa_ft_tlv_lin(tlvs2, pos, endpos); 266 267 /* sanity check */ 268 if (pos != endpos) { 269 wpa_printf(MSG_ERROR, "FT: Length error building RRB"); 270 goto err; 271 } 272 273 return 0; 274 275 err: 276 os_free(*plain); 277 *plain = NULL; 278 *plain_len = 0; 279 return -1; 280 } 281 282 283 static int wpa_ft_rrb_encrypt(const u8 *key, const size_t key_len, 284 const u8 *plain, const size_t plain_len, 285 const u8 *auth, const size_t auth_len, 286 const u8 *src_addr, u8 type, u8 *enc) 287 { 288 const u8 *ad[3] = { src_addr, auth, &type }; 289 size_t ad_len[3] = { ETH_ALEN, auth_len, sizeof(type) }; 290 291 wpa_hexdump_key(MSG_DEBUG, "FT(RRB): plaintext message", 292 plain, plain_len); 293 wpa_hexdump_key(MSG_DEBUG, "FT(RRB): encrypt using key", key, key_len); 294 295 if (!key) { 296 /* encryption not needed, return plaintext as packet */ 297 os_memcpy(enc, plain, plain_len); 298 } else if (aes_siv_encrypt(key, key_len, plain, plain_len, 299 3, ad, ad_len, enc) < 0) { 300 wpa_printf(MSG_ERROR, "FT: Failed to encrypt RRB-OUI message"); 301 return -1; 302 } 303 304 return 0; 305 } 306 307 308 /** 309 * wpa_ft_rrb_build - Build and encrypt an FT RRB message 310 * @key: AES-SIV key for AEAD 311 * @key_len: Length of key in octets 312 * @tlvs_enc0: First set of to-be-encrypted TLVs 313 * @tlvs_enc1: Second set of to-be-encrypted TLVs 314 * @tlvs_auth: Set of to-be-authenticated TLVs 315 * @src_addr: MAC address of the frame sender 316 * @type: Vendor-specific subtype of the RRB frame (FT_PACKET_*) 317 * @packet Pointer to return the pointer to the allocated packet buffer; 318 * needs to be freed by the caller if not null; 319 * will only be returned on success 320 * @packet_len: Pointer to return the length of the allocated buffer in octets 321 * Returns: 0 on success, -1 on error 322 */ 323 static int wpa_ft_rrb_build(const u8 *key, const size_t key_len, 324 const struct tlv_list *tlvs_enc0, 325 const struct tlv_list *tlvs_enc1, 326 const struct tlv_list *tlvs_auth, 327 const u8 *src_addr, u8 type, 328 u8 **packet, size_t *packet_len) 329 { 330 u8 *plain = NULL, *auth = NULL, *pos; 331 size_t plain_len = 0, auth_len = 0; 332 int ret = -1; 333 334 if (wpa_ft_rrb_lin(tlvs_enc0, tlvs_enc1, &plain, &plain_len) < 0) 335 goto out; 336 337 if (wpa_ft_rrb_lin(tlvs_auth, NULL, &auth, &auth_len) < 0) 338 goto out; 339 340 *packet_len = sizeof(u16) + auth_len + plain_len; 341 if (key) 342 *packet_len += AES_BLOCK_SIZE; 343 *packet = os_zalloc(*packet_len); 344 if (!*packet) 345 goto out; 346 347 pos = *packet; 348 WPA_PUT_LE16(pos, auth_len); 349 pos += 2; 350 os_memcpy(pos, auth, auth_len); 351 pos += auth_len; 352 if (wpa_ft_rrb_encrypt(key, key_len, plain, plain_len, auth, 353 auth_len, src_addr, type, pos) < 0) 354 goto out; 355 356 ret = 0; 357 358 out: 359 bin_clear_free(plain, plain_len); 360 os_free(auth); 361 362 if (ret) { 363 wpa_printf(MSG_ERROR, "FT: Failed to build RRB-OUI message"); 364 os_free(*packet); 365 *packet = NULL; 366 *packet_len = 0; 367 } 368 369 return ret; 370 } 371 372 373 #define RRB_GET_SRC(srcfield, type, field, txt, checklength) do { \ 374 if (wpa_ft_rrb_get_tlv(srcfield, srcfield##_len, type, \ 375 &f_##field##_len, &f_##field) < 0 || \ 376 (checklength > 0 && ((size_t) checklength) != f_##field##_len)) { \ 377 wpa_printf(MSG_INFO, "FT: Missing required " #field \ 378 " in %s from " MACSTR, txt, MAC2STR(src_addr)); \ 379 wpa_ft_rrb_dump(srcfield, srcfield##_len); \ 380 goto out; \ 381 } \ 382 } while (0) 383 384 #define RRB_GET(type, field, txt, checklength) \ 385 RRB_GET_SRC(plain, type, field, txt, checklength) 386 #define RRB_GET_AUTH(type, field, txt, checklength) \ 387 RRB_GET_SRC(auth, type, field, txt, checklength) 388 389 #define RRB_GET_OPTIONAL_SRC(srcfield, type, field, txt, checklength) do { \ 390 if (wpa_ft_rrb_get_tlv(srcfield, srcfield##_len, type, \ 391 &f_##field##_len, &f_##field) < 0 || \ 392 (checklength > 0 && ((size_t) checklength) != f_##field##_len)) { \ 393 wpa_printf(MSG_DEBUG, "FT: Missing optional " #field \ 394 " in %s from " MACSTR, txt, MAC2STR(src_addr)); \ 395 f_##field##_len = 0; \ 396 f_##field = NULL; \ 397 } \ 398 } while (0) 399 400 #define RRB_GET_OPTIONAL(type, field, txt, checklength) \ 401 RRB_GET_OPTIONAL_SRC(plain, type, field, txt, checklength) 402 #define RRB_GET_OPTIONAL_AUTH(type, field, txt, checklength) \ 403 RRB_GET_OPTIONAL_SRC(auth, type, field, txt, checklength) 404 405 static int wpa_ft_rrb_send(struct wpa_authenticator *wpa_auth, const u8 *dst, 406 const u8 *data, size_t data_len) 407 { 408 if (wpa_auth->cb->send_ether == NULL) 409 return -1; 410 wpa_printf(MSG_DEBUG, "FT: RRB send to " MACSTR, MAC2STR(dst)); 411 return wpa_auth->cb->send_ether(wpa_auth->cb_ctx, dst, ETH_P_RRB, 412 data, data_len); 413 } 414 415 416 static int wpa_ft_rrb_oui_send(struct wpa_authenticator *wpa_auth, 417 const u8 *dst, u8 oui_suffix, 418 const u8 *data, size_t data_len) 419 { 420 if (!wpa_auth->cb->send_oui) 421 return -1; 422 wpa_printf(MSG_DEBUG, "FT: RRB-OUI type %u send to " MACSTR, 423 oui_suffix, MAC2STR(dst)); 424 return wpa_auth->cb->send_oui(wpa_auth->cb_ctx, dst, oui_suffix, data, 425 data_len); 426 } 427 428 429 static int wpa_ft_action_send(struct wpa_authenticator *wpa_auth, 430 const u8 *dst, const u8 *data, size_t data_len) 431 { 432 if (wpa_auth->cb->send_ft_action == NULL) 433 return -1; 434 return wpa_auth->cb->send_ft_action(wpa_auth->cb_ctx, dst, 435 data, data_len); 436 } 437 438 439 static const u8 * wpa_ft_get_psk(struct wpa_authenticator *wpa_auth, 440 const u8 *addr, const u8 *p2p_dev_addr, 441 const u8 *prev_psk) 442 { 443 if (wpa_auth->cb->get_psk == NULL) 444 return NULL; 445 return wpa_auth->cb->get_psk(wpa_auth->cb_ctx, addr, p2p_dev_addr, 446 prev_psk, NULL); 447 } 448 449 450 static struct wpa_state_machine * 451 wpa_ft_add_sta(struct wpa_authenticator *wpa_auth, const u8 *sta_addr) 452 { 453 if (wpa_auth->cb->add_sta == NULL) 454 return NULL; 455 return wpa_auth->cb->add_sta(wpa_auth->cb_ctx, sta_addr); 456 } 457 458 459 static int wpa_ft_add_tspec(struct wpa_authenticator *wpa_auth, 460 const u8 *sta_addr, 461 u8 *tspec_ie, size_t tspec_ielen) 462 { 463 if (wpa_auth->cb->add_tspec == NULL) { 464 wpa_printf(MSG_DEBUG, "FT: add_tspec is not initialized"); 465 return -1; 466 } 467 return wpa_auth->cb->add_tspec(wpa_auth->cb_ctx, sta_addr, tspec_ie, 468 tspec_ielen); 469 } 470 471 472 int wpa_write_mdie(struct wpa_auth_config *conf, u8 *buf, size_t len) 473 { 474 u8 *pos = buf; 475 u8 capab; 476 if (len < 2 + sizeof(struct rsn_mdie)) 477 return -1; 478 479 *pos++ = WLAN_EID_MOBILITY_DOMAIN; 480 *pos++ = MOBILITY_DOMAIN_ID_LEN + 1; 481 os_memcpy(pos, conf->mobility_domain, MOBILITY_DOMAIN_ID_LEN); 482 pos += MOBILITY_DOMAIN_ID_LEN; 483 capab = 0; 484 if (conf->ft_over_ds) 485 capab |= RSN_FT_CAPAB_FT_OVER_DS; 486 *pos++ = capab; 487 488 return pos - buf; 489 } 490 491 492 int wpa_write_ftie(struct wpa_auth_config *conf, const u8 *r0kh_id, 493 size_t r0kh_id_len, 494 const u8 *anonce, const u8 *snonce, 495 u8 *buf, size_t len, const u8 *subelem, 496 size_t subelem_len) 497 { 498 u8 *pos = buf, *ielen; 499 struct rsn_ftie *hdr; 500 501 if (len < 2 + sizeof(*hdr) + 2 + FT_R1KH_ID_LEN + 2 + r0kh_id_len + 502 subelem_len) 503 return -1; 504 505 *pos++ = WLAN_EID_FAST_BSS_TRANSITION; 506 ielen = pos++; 507 508 hdr = (struct rsn_ftie *) pos; 509 os_memset(hdr, 0, sizeof(*hdr)); 510 pos += sizeof(*hdr); 511 WPA_PUT_LE16(hdr->mic_control, 0); 512 if (anonce) 513 os_memcpy(hdr->anonce, anonce, WPA_NONCE_LEN); 514 if (snonce) 515 os_memcpy(hdr->snonce, snonce, WPA_NONCE_LEN); 516 517 /* Optional Parameters */ 518 *pos++ = FTIE_SUBELEM_R1KH_ID; 519 *pos++ = FT_R1KH_ID_LEN; 520 os_memcpy(pos, conf->r1_key_holder, FT_R1KH_ID_LEN); 521 pos += FT_R1KH_ID_LEN; 522 523 if (r0kh_id) { 524 *pos++ = FTIE_SUBELEM_R0KH_ID; 525 *pos++ = r0kh_id_len; 526 os_memcpy(pos, r0kh_id, r0kh_id_len); 527 pos += r0kh_id_len; 528 } 529 530 if (subelem) { 531 os_memcpy(pos, subelem, subelem_len); 532 pos += subelem_len; 533 } 534 535 *ielen = pos - buf - 2; 536 537 return pos - buf; 538 } 539 540 541 /* A packet to be handled after seq response */ 542 struct ft_remote_item { 543 struct dl_list list; 544 545 u8 nonce[FT_RRB_NONCE_LEN]; 546 struct os_reltime nonce_ts; 547 548 u8 src_addr[ETH_ALEN]; 549 u8 *enc; 550 size_t enc_len; 551 u8 *auth; 552 size_t auth_len; 553 int (*cb)(struct wpa_authenticator *wpa_auth, 554 const u8 *src_addr, 555 const u8 *enc, size_t enc_len, 556 const u8 *auth, size_t auth_len, 557 int no_defer); 558 }; 559 560 561 static void wpa_ft_rrb_seq_free(struct ft_remote_item *item) 562 { 563 eloop_cancel_timeout(wpa_ft_rrb_seq_timeout, ELOOP_ALL_CTX, item); 564 dl_list_del(&item->list); 565 bin_clear_free(item->enc, item->enc_len); 566 os_free(item->auth); 567 os_free(item); 568 } 569 570 571 static void wpa_ft_rrb_seq_flush(struct wpa_authenticator *wpa_auth, 572 struct ft_remote_seq *rkh_seq, int cb) 573 { 574 struct ft_remote_item *item, *n; 575 576 dl_list_for_each_safe(item, n, &rkh_seq->rx.queue, 577 struct ft_remote_item, list) { 578 if (cb && item->cb) 579 item->cb(wpa_auth, item->src_addr, item->enc, 580 item->enc_len, item->auth, item->auth_len, 1); 581 wpa_ft_rrb_seq_free(item); 582 } 583 } 584 585 586 static void wpa_ft_rrb_seq_timeout(void *eloop_ctx, void *timeout_ctx) 587 { 588 struct ft_remote_item *item = timeout_ctx; 589 590 wpa_ft_rrb_seq_free(item); 591 } 592 593 594 static int 595 wpa_ft_rrb_seq_req(struct wpa_authenticator *wpa_auth, 596 struct ft_remote_seq *rkh_seq, const u8 *src_addr, 597 const u8 *f_r0kh_id, size_t f_r0kh_id_len, 598 const u8 *f_r1kh_id, const u8 *key, size_t key_len, 599 const u8 *enc, size_t enc_len, 600 const u8 *auth, size_t auth_len, 601 int (*cb)(struct wpa_authenticator *wpa_auth, 602 const u8 *src_addr, 603 const u8 *enc, size_t enc_len, 604 const u8 *auth, size_t auth_len, 605 int no_defer)) 606 { 607 struct ft_remote_item *item = NULL; 608 u8 *packet = NULL; 609 size_t packet_len; 610 struct tlv_list seq_req_auth[] = { 611 { .type = FT_RRB_NONCE, .len = FT_RRB_NONCE_LEN, 612 .data = NULL /* to be filled: item->nonce */ }, 613 { .type = FT_RRB_R0KH_ID, .len = f_r0kh_id_len, 614 .data = f_r0kh_id }, 615 { .type = FT_RRB_R1KH_ID, .len = FT_R1KH_ID_LEN, 616 .data = f_r1kh_id }, 617 { .type = FT_RRB_LAST_EMPTY, .len = 0, .data = NULL }, 618 }; 619 620 if (dl_list_len(&rkh_seq->rx.queue) >= ftRRBmaxQueueLen) { 621 wpa_printf(MSG_DEBUG, "FT: Sequence number queue too long"); 622 goto err; 623 } 624 625 item = os_zalloc(sizeof(*item)); 626 if (!item) 627 goto err; 628 629 os_memcpy(item->src_addr, src_addr, ETH_ALEN); 630 item->cb = cb; 631 632 if (random_get_bytes(item->nonce, FT_RRB_NONCE_LEN) < 0) { 633 wpa_printf(MSG_DEBUG, "FT: Seq num nonce: out of random bytes"); 634 goto err; 635 } 636 637 if (os_get_reltime(&item->nonce_ts) < 0) 638 goto err; 639 640 if (enc && enc_len > 0) { 641 item->enc = os_memdup(enc, enc_len); 642 item->enc_len = enc_len; 643 if (!item->enc) 644 goto err; 645 } 646 647 if (auth && auth_len > 0) { 648 item->auth = os_memdup(auth, auth_len); 649 item->auth_len = auth_len; 650 if (!item->auth) 651 goto err; 652 } 653 654 eloop_register_timeout(ftRRBseqTimeout, 0, wpa_ft_rrb_seq_timeout, 655 wpa_auth, item); 656 657 seq_req_auth[0].data = item->nonce; 658 659 if (wpa_ft_rrb_build(key, key_len, NULL, NULL, seq_req_auth, 660 wpa_auth->addr, FT_PACKET_R0KH_R1KH_SEQ_REQ, 661 &packet, &packet_len) < 0) { 662 item = NULL; /* some other seq resp might still accept this */ 663 goto err; 664 } 665 666 dl_list_add(&rkh_seq->rx.queue, &item->list); 667 668 wpa_ft_rrb_oui_send(wpa_auth, src_addr, FT_PACKET_R0KH_R1KH_SEQ_REQ, 669 packet, packet_len); 670 671 os_free(packet); 672 673 return 0; 674 err: 675 wpa_printf(MSG_DEBUG, "FT: Failed to send sequence number request"); 676 if (item) { 677 os_free(item->auth); 678 bin_clear_free(item->enc, item->enc_len); 679 os_free(item); 680 } 681 682 return -1; 683 } 684 685 686 #define FT_RRB_SEQ_OK 0 687 #define FT_RRB_SEQ_DROP 1 688 #define FT_RRB_SEQ_DEFER 2 689 690 static int 691 wpa_ft_rrb_seq_chk(struct ft_remote_seq *rkh_seq, const u8 *src_addr, 692 const u8 *enc, size_t enc_len, 693 const u8 *auth, size_t auth_len, 694 const char *msgtype, int no_defer) 695 { 696 const u8 *f_seq; 697 size_t f_seq_len; 698 const struct ft_rrb_seq *msg_both; 699 u32 msg_seq, msg_off, rkh_off; 700 struct os_reltime now; 701 unsigned int i; 702 703 RRB_GET_AUTH(FT_RRB_SEQ, seq, msgtype, sizeof(*msg_both)); 704 wpa_hexdump(MSG_DEBUG, "FT: sequence number", f_seq, f_seq_len); 705 msg_both = (const struct ft_rrb_seq *) f_seq; 706 707 if (rkh_seq->rx.num_last == 0) { 708 /* first packet from remote */ 709 goto defer; 710 } 711 712 if (le_to_host32(msg_both->dom) != rkh_seq->rx.dom) { 713 /* remote might have rebooted */ 714 goto defer; 715 } 716 717 if (os_get_reltime(&now) == 0) { 718 u32 msg_ts_now_remote, msg_ts_off; 719 struct os_reltime now_remote; 720 721 os_reltime_sub(&now, &rkh_seq->rx.time_offset, &now_remote); 722 msg_ts_now_remote = now_remote.sec; 723 msg_ts_off = le_to_host32(msg_both->ts) - 724 (msg_ts_now_remote - ftRRBseqTimeout); 725 if (msg_ts_off > 2 * ftRRBseqTimeout) 726 goto defer; 727 } 728 729 msg_seq = le_to_host32(msg_both->seq); 730 rkh_off = rkh_seq->rx.last[rkh_seq->rx.offsetidx]; 731 msg_off = msg_seq - rkh_off; 732 if (msg_off > 0xC0000000) 733 goto out; /* too old message, drop it */ 734 735 if (msg_off <= 0x40000000) { 736 for (i = 0; i < rkh_seq->rx.num_last; i++) { 737 if (rkh_seq->rx.last[i] == msg_seq) 738 goto out; /* duplicate message, drop it */ 739 } 740 741 return FT_RRB_SEQ_OK; 742 } 743 744 defer: 745 if (no_defer) 746 goto out; 747 748 wpa_printf(MSG_DEBUG, "FT: Possibly invalid sequence number in %s from " 749 MACSTR, msgtype, MAC2STR(src_addr)); 750 751 return FT_RRB_SEQ_DEFER; 752 out: 753 wpa_printf(MSG_DEBUG, "FT: Invalid sequence number in %s from " MACSTR, 754 msgtype, MAC2STR(src_addr)); 755 756 return FT_RRB_SEQ_DROP; 757 } 758 759 760 static void 761 wpa_ft_rrb_seq_accept(struct wpa_authenticator *wpa_auth, 762 struct ft_remote_seq *rkh_seq, const u8 *src_addr, 763 const u8 *auth, size_t auth_len, 764 const char *msgtype) 765 { 766 const u8 *f_seq; 767 size_t f_seq_len; 768 const struct ft_rrb_seq *msg_both; 769 u32 msg_seq, msg_off, min_off, rkh_off; 770 int minidx = 0; 771 unsigned int i; 772 773 RRB_GET_AUTH(FT_RRB_SEQ, seq, msgtype, sizeof(*msg_both)); 774 msg_both = (const struct ft_rrb_seq *) f_seq; 775 776 msg_seq = le_to_host32(msg_both->seq); 777 778 if (rkh_seq->rx.num_last < FT_REMOTE_SEQ_BACKLOG) { 779 rkh_seq->rx.last[rkh_seq->rx.num_last] = msg_seq; 780 rkh_seq->rx.num_last++; 781 return; 782 } 783 784 rkh_off = rkh_seq->rx.last[rkh_seq->rx.offsetidx]; 785 for (i = 0; i < rkh_seq->rx.num_last; i++) { 786 msg_off = rkh_seq->rx.last[i] - rkh_off; 787 min_off = rkh_seq->rx.last[minidx] - rkh_off; 788 if (msg_off < min_off && i != rkh_seq->rx.offsetidx) 789 minidx = i; 790 } 791 rkh_seq->rx.last[rkh_seq->rx.offsetidx] = msg_seq; 792 rkh_seq->rx.offsetidx = minidx; 793 794 return; 795 out: 796 /* RRB_GET_AUTH should never fail here as 797 * wpa_ft_rrb_seq_chk() verified FT_RRB_SEQ presence. */ 798 wpa_printf(MSG_ERROR, "FT: %s() failed", __func__); 799 } 800 801 802 static int wpa_ft_new_seq(struct ft_remote_seq *rkh_seq, 803 struct ft_rrb_seq *f_seq) 804 { 805 struct os_reltime now; 806 807 if (os_get_reltime(&now) < 0) 808 return -1; 809 810 if (!rkh_seq->tx.dom) { 811 if (random_get_bytes((u8 *) &rkh_seq->tx.seq, 812 sizeof(rkh_seq->tx.seq))) { 813 wpa_printf(MSG_ERROR, 814 "FT: Failed to get random data for sequence number initialization"); 815 rkh_seq->tx.seq = now.usec; 816 } 817 if (random_get_bytes((u8 *) &rkh_seq->tx.dom, 818 sizeof(rkh_seq->tx.dom))) { 819 wpa_printf(MSG_ERROR, 820 "FT: Failed to get random data for sequence number initialization"); 821 rkh_seq->tx.dom = now.usec; 822 } 823 rkh_seq->tx.dom |= 1; 824 } 825 826 f_seq->dom = host_to_le32(rkh_seq->tx.dom); 827 f_seq->seq = host_to_le32(rkh_seq->tx.seq); 828 f_seq->ts = host_to_le32(now.sec); 829 830 rkh_seq->tx.seq++; 831 832 return 0; 833 } 834 835 836 struct wpa_ft_pmk_r0_sa { 837 struct wpa_ft_pmk_r0_sa *next; 838 u8 pmk_r0[PMK_LEN]; 839 u8 pmk_r0_name[WPA_PMK_NAME_LEN]; 840 u8 spa[ETH_ALEN]; 841 int pairwise; /* Pairwise cipher suite, WPA_CIPHER_* */ 842 /* TODO: expiration, identity, radius_class, EAP type, VLAN ID */ 843 int pmk_r1_pushed; 844 }; 845 846 struct wpa_ft_pmk_r1_sa { 847 struct wpa_ft_pmk_r1_sa *next; 848 u8 pmk_r1[PMK_LEN]; 849 u8 pmk_r1_name[WPA_PMK_NAME_LEN]; 850 u8 spa[ETH_ALEN]; 851 int pairwise; /* Pairwise cipher suite, WPA_CIPHER_* */ 852 /* TODO: expiration, identity, radius_class, EAP type, VLAN ID */ 853 }; 854 855 struct wpa_ft_pmk_cache { 856 struct wpa_ft_pmk_r0_sa *pmk_r0; 857 struct wpa_ft_pmk_r1_sa *pmk_r1; 858 }; 859 860 struct wpa_ft_pmk_cache * wpa_ft_pmk_cache_init(void) 861 { 862 struct wpa_ft_pmk_cache *cache; 863 864 cache = os_zalloc(sizeof(*cache)); 865 866 return cache; 867 } 868 869 870 void wpa_ft_pmk_cache_deinit(struct wpa_ft_pmk_cache *cache) 871 { 872 struct wpa_ft_pmk_r0_sa *r0, *r0prev; 873 struct wpa_ft_pmk_r1_sa *r1, *r1prev; 874 875 r0 = cache->pmk_r0; 876 while (r0) { 877 r0prev = r0; 878 r0 = r0->next; 879 os_memset(r0prev->pmk_r0, 0, PMK_LEN); 880 os_free(r0prev); 881 } 882 883 r1 = cache->pmk_r1; 884 while (r1) { 885 r1prev = r1; 886 r1 = r1->next; 887 os_memset(r1prev->pmk_r1, 0, PMK_LEN); 888 os_free(r1prev); 889 } 890 891 os_free(cache); 892 } 893 894 895 int wpa_ft_store_pmk_r0(struct wpa_authenticator *wpa_auth, 896 const u8 *spa, const u8 *pmk_r0, 897 const u8 *pmk_r0_name, int pairwise) 898 { 899 struct wpa_ft_pmk_cache *cache = wpa_auth->ft_pmk_cache; 900 struct wpa_ft_pmk_r0_sa *r0; 901 902 /* TODO: add expiration and limit on number of entries in cache */ 903 904 r0 = os_zalloc(sizeof(*r0)); 905 if (r0 == NULL) 906 return -1; 907 908 os_memcpy(r0->pmk_r0, pmk_r0, PMK_LEN); 909 os_memcpy(r0->pmk_r0_name, pmk_r0_name, WPA_PMK_NAME_LEN); 910 os_memcpy(r0->spa, spa, ETH_ALEN); 911 r0->pairwise = pairwise; 912 913 r0->next = cache->pmk_r0; 914 cache->pmk_r0 = r0; 915 916 return 0; 917 } 918 919 920 static int wpa_ft_fetch_pmk_r0(struct wpa_authenticator *wpa_auth, 921 const u8 *spa, const u8 *pmk_r0_name, 922 const struct wpa_ft_pmk_r0_sa **r0_out) 923 { 924 struct wpa_ft_pmk_cache *cache = wpa_auth->ft_pmk_cache; 925 struct wpa_ft_pmk_r0_sa *r0; 926 927 r0 = cache->pmk_r0; 928 while (r0) { 929 if (os_memcmp(r0->spa, spa, ETH_ALEN) == 0 && 930 os_memcmp_const(r0->pmk_r0_name, pmk_r0_name, 931 WPA_PMK_NAME_LEN) == 0) { 932 *r0_out = r0; 933 return 0; 934 } 935 936 r0 = r0->next; 937 } 938 939 *r0_out = NULL; 940 return -1; 941 } 942 943 944 static int wpa_ft_store_pmk_r1(struct wpa_authenticator *wpa_auth, 945 const u8 *spa, const u8 *pmk_r1, 946 const u8 *pmk_r1_name, int pairwise) 947 { 948 struct wpa_ft_pmk_cache *cache = wpa_auth->ft_pmk_cache; 949 struct wpa_ft_pmk_r1_sa *r1; 950 951 /* TODO: add expiration and limit on number of entries in cache */ 952 953 r1 = os_zalloc(sizeof(*r1)); 954 if (r1 == NULL) 955 return -1; 956 957 os_memcpy(r1->pmk_r1, pmk_r1, PMK_LEN); 958 os_memcpy(r1->pmk_r1_name, pmk_r1_name, WPA_PMK_NAME_LEN); 959 os_memcpy(r1->spa, spa, ETH_ALEN); 960 r1->pairwise = pairwise; 961 962 r1->next = cache->pmk_r1; 963 cache->pmk_r1 = r1; 964 965 return 0; 966 } 967 968 969 static int wpa_ft_fetch_pmk_r1(struct wpa_authenticator *wpa_auth, 970 const u8 *spa, const u8 *pmk_r1_name, 971 u8 *pmk_r1, int *pairwise) 972 { 973 struct wpa_ft_pmk_cache *cache = wpa_auth->ft_pmk_cache; 974 struct wpa_ft_pmk_r1_sa *r1; 975 976 r1 = cache->pmk_r1; 977 while (r1) { 978 if (os_memcmp(r1->spa, spa, ETH_ALEN) == 0 && 979 os_memcmp_const(r1->pmk_r1_name, pmk_r1_name, 980 WPA_PMK_NAME_LEN) == 0) { 981 os_memcpy(pmk_r1, r1->pmk_r1, PMK_LEN); 982 if (pairwise) 983 *pairwise = r1->pairwise; 984 return 0; 985 } 986 987 r1 = r1->next; 988 } 989 990 return -1; 991 } 992 993 994 static int wpa_ft_rrb_init_r0kh_seq(struct ft_remote_r0kh *r0kh) 995 { 996 if (r0kh->seq) 997 return 0; 998 999 r0kh->seq = os_zalloc(sizeof(*r0kh->seq)); 1000 if (!r0kh->seq) { 1001 wpa_printf(MSG_DEBUG, "FT: Failed to allocate r0kh->seq"); 1002 return -1; 1003 } 1004 1005 dl_list_init(&r0kh->seq->rx.queue); 1006 1007 return 0; 1008 } 1009 1010 1011 static void wpa_ft_rrb_lookup_r0kh(struct wpa_authenticator *wpa_auth, 1012 const u8 *f_r0kh_id, size_t f_r0kh_id_len, 1013 struct ft_remote_r0kh **r0kh_out, 1014 struct ft_remote_r0kh **r0kh_wildcard) 1015 { 1016 struct ft_remote_r0kh *r0kh; 1017 1018 *r0kh_wildcard = NULL; 1019 *r0kh_out = NULL; 1020 1021 if (wpa_auth->conf.r0kh_list) 1022 r0kh = *wpa_auth->conf.r0kh_list; 1023 else 1024 r0kh = NULL; 1025 for (; r0kh; r0kh = r0kh->next) { 1026 if (r0kh->id_len == 1 && r0kh->id[0] == '*') 1027 *r0kh_wildcard = r0kh; 1028 if (f_r0kh_id && r0kh->id_len == f_r0kh_id_len && 1029 os_memcmp_const(f_r0kh_id, r0kh->id, f_r0kh_id_len) == 0) 1030 *r0kh_out = r0kh; 1031 } 1032 1033 if (!*r0kh_out && !*r0kh_wildcard) 1034 wpa_printf(MSG_DEBUG, "FT: No matching R0KH found"); 1035 1036 if (*r0kh_out && wpa_ft_rrb_init_r0kh_seq(*r0kh_out) < 0) 1037 *r0kh_out = NULL; 1038 } 1039 1040 1041 static int wpa_ft_rrb_init_r1kh_seq(struct ft_remote_r1kh *r1kh) 1042 { 1043 if (r1kh->seq) 1044 return 0; 1045 1046 r1kh->seq = os_zalloc(sizeof(*r1kh->seq)); 1047 if (!r1kh->seq) { 1048 wpa_printf(MSG_DEBUG, "FT: Failed to allocate r1kh->seq"); 1049 return -1; 1050 } 1051 1052 dl_list_init(&r1kh->seq->rx.queue); 1053 1054 return 0; 1055 } 1056 1057 1058 static void wpa_ft_rrb_lookup_r1kh(struct wpa_authenticator *wpa_auth, 1059 const u8 *f_r1kh_id, 1060 struct ft_remote_r1kh **r1kh_out, 1061 struct ft_remote_r1kh **r1kh_wildcard) 1062 { 1063 struct ft_remote_r1kh *r1kh; 1064 1065 *r1kh_wildcard = NULL; 1066 *r1kh_out = NULL; 1067 1068 if (wpa_auth->conf.r1kh_list) 1069 r1kh = *wpa_auth->conf.r1kh_list; 1070 else 1071 r1kh = NULL; 1072 for (; r1kh; r1kh = r1kh->next) { 1073 if (is_zero_ether_addr(r1kh->addr) && 1074 is_zero_ether_addr(r1kh->id)) 1075 *r1kh_wildcard = r1kh; 1076 if (f_r1kh_id && 1077 os_memcmp_const(r1kh->id, f_r1kh_id, FT_R1KH_ID_LEN) == 0) 1078 *r1kh_out = r1kh; 1079 } 1080 1081 if (!*r1kh_out && !*r1kh_wildcard) 1082 wpa_printf(MSG_DEBUG, "FT: No matching R1KH found"); 1083 1084 if (*r1kh_out && wpa_ft_rrb_init_r1kh_seq(*r1kh_out) < 0) 1085 *r1kh_out = NULL; 1086 } 1087 1088 1089 static int wpa_ft_rrb_check_r0kh(struct wpa_authenticator *wpa_auth, 1090 const u8 *f_r0kh_id, size_t f_r0kh_id_len) 1091 { 1092 if (f_r0kh_id_len != wpa_auth->conf.r0_key_holder_len || 1093 os_memcmp_const(f_r0kh_id, wpa_auth->conf.r0_key_holder, 1094 f_r0kh_id_len) != 0) 1095 return -1; 1096 1097 return 0; 1098 } 1099 1100 1101 static int wpa_ft_rrb_check_r1kh(struct wpa_authenticator *wpa_auth, 1102 const u8 *f_r1kh_id) 1103 { 1104 if (os_memcmp_const(f_r1kh_id, wpa_auth->conf.r1_key_holder, 1105 FT_R1KH_ID_LEN) != 0) 1106 return -1; 1107 1108 return 0; 1109 } 1110 1111 1112 static void wpa_ft_rrb_del_r0kh(void *eloop_ctx, void *timeout_ctx) 1113 { 1114 struct wpa_authenticator *wpa_auth = eloop_ctx; 1115 struct ft_remote_r0kh *r0kh, *prev = NULL; 1116 1117 if (!wpa_auth->conf.r0kh_list) 1118 return; 1119 1120 for (r0kh = *wpa_auth->conf.r0kh_list; r0kh; r0kh = r0kh->next) { 1121 if (r0kh == timeout_ctx) 1122 break; 1123 prev = r0kh; 1124 } 1125 if (!r0kh) 1126 return; 1127 if (prev) 1128 prev->next = r0kh->next; 1129 else 1130 *wpa_auth->conf.r0kh_list = r0kh->next; 1131 if (r0kh->seq) 1132 wpa_ft_rrb_seq_flush(wpa_auth, r0kh->seq, 0); 1133 os_free(r0kh->seq); 1134 os_free(r0kh); 1135 } 1136 1137 1138 static void wpa_ft_rrb_r0kh_replenish(struct wpa_authenticator *wpa_auth, 1139 struct ft_remote_r0kh *r0kh, int timeout) 1140 { 1141 if (timeout > 0) 1142 eloop_replenish_timeout(timeout, 0, wpa_ft_rrb_del_r0kh, 1143 wpa_auth, r0kh); 1144 } 1145 1146 1147 static void wpa_ft_rrb_r0kh_timeout(struct wpa_authenticator *wpa_auth, 1148 struct ft_remote_r0kh *r0kh, int timeout) 1149 { 1150 eloop_cancel_timeout(wpa_ft_rrb_del_r0kh, wpa_auth, r0kh); 1151 1152 if (timeout > 0) 1153 eloop_register_timeout(timeout, 0, wpa_ft_rrb_del_r0kh, 1154 wpa_auth, r0kh); 1155 } 1156 1157 1158 static struct ft_remote_r0kh * 1159 wpa_ft_rrb_add_r0kh(struct wpa_authenticator *wpa_auth, 1160 struct ft_remote_r0kh *r0kh_wildcard, 1161 const u8 *src_addr, const u8 *r0kh_id, size_t id_len, 1162 int timeout) 1163 { 1164 struct ft_remote_r0kh *r0kh; 1165 1166 if (!wpa_auth->conf.r0kh_list) 1167 return NULL; 1168 1169 r0kh = os_zalloc(sizeof(*r0kh)); 1170 if (!r0kh) 1171 return NULL; 1172 1173 if (src_addr) 1174 os_memcpy(r0kh->addr, src_addr, sizeof(r0kh->addr)); 1175 1176 if (id_len > FT_R0KH_ID_MAX_LEN) 1177 id_len = FT_R0KH_ID_MAX_LEN; 1178 os_memcpy(r0kh->id, r0kh_id, id_len); 1179 r0kh->id_len = id_len; 1180 1181 os_memcpy(r0kh->key, r0kh_wildcard->key, sizeof(r0kh->key)); 1182 1183 r0kh->next = *wpa_auth->conf.r0kh_list; 1184 *wpa_auth->conf.r0kh_list = r0kh; 1185 1186 if (timeout > 0) 1187 eloop_register_timeout(timeout, 0, wpa_ft_rrb_del_r0kh, 1188 wpa_auth, r0kh); 1189 1190 if (wpa_ft_rrb_init_r0kh_seq(r0kh) < 0) 1191 return NULL; 1192 1193 return r0kh; 1194 } 1195 1196 1197 static void wpa_ft_rrb_del_r1kh(void *eloop_ctx, void *timeout_ctx) 1198 { 1199 struct wpa_authenticator *wpa_auth = eloop_ctx; 1200 struct ft_remote_r1kh *r1kh, *prev = NULL; 1201 1202 if (!wpa_auth->conf.r1kh_list) 1203 return; 1204 1205 for (r1kh = *wpa_auth->conf.r1kh_list; r1kh; r1kh = r1kh->next) { 1206 if (r1kh == timeout_ctx) 1207 break; 1208 prev = r1kh; 1209 } 1210 if (!r1kh) 1211 return; 1212 if (prev) 1213 prev->next = r1kh->next; 1214 else 1215 *wpa_auth->conf.r1kh_list = r1kh->next; 1216 if (r1kh->seq) 1217 wpa_ft_rrb_seq_flush(wpa_auth, r1kh->seq, 0); 1218 os_free(r1kh->seq); 1219 os_free(r1kh); 1220 } 1221 1222 1223 static void wpa_ft_rrb_r1kh_replenish(struct wpa_authenticator *wpa_auth, 1224 struct ft_remote_r1kh *r1kh, int timeout) 1225 { 1226 if (timeout > 0) 1227 eloop_replenish_timeout(timeout, 0, wpa_ft_rrb_del_r1kh, 1228 wpa_auth, r1kh); 1229 } 1230 1231 1232 static struct ft_remote_r1kh * 1233 wpa_ft_rrb_add_r1kh(struct wpa_authenticator *wpa_auth, 1234 struct ft_remote_r1kh *r1kh_wildcard, 1235 const u8 *src_addr, const u8 *r1kh_id, int timeout) 1236 { 1237 struct ft_remote_r1kh *r1kh; 1238 1239 if (!wpa_auth->conf.r1kh_list) 1240 return NULL; 1241 1242 r1kh = os_zalloc(sizeof(*r1kh)); 1243 if (!r1kh) 1244 return NULL; 1245 1246 os_memcpy(r1kh->addr, src_addr, sizeof(r1kh->addr)); 1247 os_memcpy(r1kh->id, r1kh_id, sizeof(r1kh->id)); 1248 os_memcpy(r1kh->key, r1kh_wildcard->key, sizeof(r1kh->key)); 1249 r1kh->next = *wpa_auth->conf.r1kh_list; 1250 *wpa_auth->conf.r1kh_list = r1kh; 1251 1252 if (timeout > 0) 1253 eloop_register_timeout(timeout, 0, wpa_ft_rrb_del_r1kh, 1254 wpa_auth, r1kh); 1255 1256 if (wpa_ft_rrb_init_r1kh_seq(r1kh) < 0) 1257 return NULL; 1258 1259 return r1kh; 1260 } 1261 1262 1263 void wpa_ft_sta_deinit(struct wpa_state_machine *sm) 1264 { 1265 eloop_cancel_timeout(wpa_ft_expire_pull, sm, NULL); 1266 } 1267 1268 1269 static void wpa_ft_deinit_seq(struct wpa_authenticator *wpa_auth) 1270 { 1271 struct ft_remote_r0kh *r0kh; 1272 struct ft_remote_r1kh *r1kh; 1273 1274 eloop_cancel_timeout(wpa_ft_rrb_seq_timeout, wpa_auth, ELOOP_ALL_CTX); 1275 1276 if (wpa_auth->conf.r0kh_list) 1277 r0kh = *wpa_auth->conf.r0kh_list; 1278 else 1279 r0kh = NULL; 1280 for (; r0kh; r0kh = r0kh->next) { 1281 if (!r0kh->seq) 1282 continue; 1283 wpa_ft_rrb_seq_flush(wpa_auth, r0kh->seq, 0); 1284 os_free(r0kh->seq); 1285 r0kh->seq = NULL; 1286 } 1287 1288 if (wpa_auth->conf.r1kh_list) 1289 r1kh = *wpa_auth->conf.r1kh_list; 1290 else 1291 r1kh = NULL; 1292 for (; r1kh; r1kh = r1kh->next) { 1293 if (!r1kh->seq) 1294 continue; 1295 wpa_ft_rrb_seq_flush(wpa_auth, r1kh->seq, 0); 1296 os_free(r1kh->seq); 1297 r1kh->seq = NULL; 1298 } 1299 } 1300 1301 1302 static void wpa_ft_deinit_rkh_tmp(struct wpa_authenticator *wpa_auth) 1303 { 1304 struct ft_remote_r0kh *r0kh, *r0kh_next, *r0kh_prev = NULL; 1305 struct ft_remote_r1kh *r1kh, *r1kh_next, *r1kh_prev = NULL; 1306 1307 if (wpa_auth->conf.r0kh_list) 1308 r0kh = *wpa_auth->conf.r0kh_list; 1309 else 1310 r0kh = NULL; 1311 while (r0kh) { 1312 r0kh_next = r0kh->next; 1313 if (eloop_cancel_timeout(wpa_ft_rrb_del_r0kh, wpa_auth, 1314 r0kh) > 0) { 1315 if (r0kh_prev) 1316 r0kh_prev->next = r0kh_next; 1317 else 1318 *wpa_auth->conf.r0kh_list = r0kh_next; 1319 os_free(r0kh); 1320 } else { 1321 r0kh_prev = r0kh; 1322 } 1323 r0kh = r0kh_next; 1324 } 1325 1326 if (wpa_auth->conf.r1kh_list) 1327 r1kh = *wpa_auth->conf.r1kh_list; 1328 else 1329 r1kh = NULL; 1330 while (r1kh) { 1331 r1kh_next = r1kh->next; 1332 if (eloop_cancel_timeout(wpa_ft_rrb_del_r1kh, wpa_auth, 1333 r1kh) > 0) { 1334 if (r1kh_prev) 1335 r1kh_prev->next = r1kh_next; 1336 else 1337 *wpa_auth->conf.r1kh_list = r1kh_next; 1338 os_free(r1kh); 1339 } else { 1340 r1kh_prev = r1kh; 1341 } 1342 r1kh = r1kh_next; 1343 } 1344 } 1345 1346 1347 void wpa_ft_deinit(struct wpa_authenticator *wpa_auth) 1348 { 1349 wpa_ft_deinit_seq(wpa_auth); 1350 wpa_ft_deinit_rkh_tmp(wpa_auth); 1351 } 1352 1353 1354 static void wpa_ft_block_r0kh(struct wpa_authenticator *wpa_auth, 1355 const u8 *f_r0kh_id, size_t f_r0kh_id_len) 1356 { 1357 struct ft_remote_r0kh *r0kh, *r0kh_wildcard; 1358 1359 if (!wpa_auth->conf.rkh_neg_timeout) 1360 return; 1361 1362 wpa_ft_rrb_lookup_r0kh(wpa_auth, f_r0kh_id, f_r0kh_id_len, 1363 &r0kh, &r0kh_wildcard); 1364 1365 if (!r0kh_wildcard) { 1366 /* r0kh removed after neg_timeout and might need re-adding */ 1367 return; 1368 } 1369 1370 wpa_hexdump(MSG_DEBUG, "FT: Blacklist R0KH-ID", 1371 f_r0kh_id, f_r0kh_id_len); 1372 1373 if (r0kh) { 1374 wpa_ft_rrb_r0kh_timeout(wpa_auth, r0kh, 1375 wpa_auth->conf.rkh_neg_timeout); 1376 os_memset(r0kh->addr, 0, ETH_ALEN); 1377 } else 1378 wpa_ft_rrb_add_r0kh(wpa_auth, r0kh_wildcard, NULL, f_r0kh_id, 1379 f_r0kh_id_len, 1380 wpa_auth->conf.rkh_neg_timeout); 1381 } 1382 1383 1384 static void wpa_ft_expire_pull(void *eloop_ctx, void *timeout_ctx) 1385 { 1386 struct wpa_state_machine *sm = eloop_ctx; 1387 1388 wpa_printf(MSG_DEBUG, "FT: Timeout pending pull request for " MACSTR, 1389 MAC2STR(sm->addr)); 1390 if (sm->ft_pending_pull_left_retries <= 0) 1391 wpa_ft_block_r0kh(sm->wpa_auth, sm->r0kh_id, sm->r0kh_id_len); 1392 1393 /* cancel multiple timeouts */ 1394 eloop_cancel_timeout(wpa_ft_expire_pull, sm, NULL); 1395 ft_finish_pull(sm); 1396 } 1397 1398 1399 static int wpa_ft_pull_pmk_r1(struct wpa_state_machine *sm, 1400 const u8 *ies, size_t ies_len, 1401 const u8 *pmk_r0_name) 1402 { 1403 struct ft_remote_r0kh *r0kh, *r0kh_wildcard; 1404 u8 *packet = NULL; 1405 const u8 *key, *f_r1kh_id = sm->wpa_auth->conf.r1_key_holder; 1406 size_t packet_len, key_len; 1407 struct ft_rrb_seq f_seq; 1408 int tsecs, tusecs, first; 1409 struct wpabuf *ft_pending_req_ies; 1410 int r0kh_timeout; 1411 struct tlv_list req_enc[] = { 1412 { .type = FT_RRB_PMK_R0_NAME, .len = WPA_PMK_NAME_LEN, 1413 .data = pmk_r0_name }, 1414 { .type = FT_RRB_S1KH_ID, .len = ETH_ALEN, 1415 .data = sm->addr }, 1416 { .type = FT_RRB_LAST_EMPTY, .len = 0, .data = NULL }, 1417 }; 1418 struct tlv_list req_auth[] = { 1419 { .type = FT_RRB_NONCE, .len = FT_RRB_NONCE_LEN, 1420 .data = sm->ft_pending_pull_nonce }, 1421 { .type = FT_RRB_SEQ, .len = sizeof(f_seq), 1422 .data = (u8 *) &f_seq }, 1423 { .type = FT_RRB_R0KH_ID, .len = sm->r0kh_id_len, 1424 .data = sm->r0kh_id }, 1425 { .type = FT_RRB_R1KH_ID, .len = FT_R1KH_ID_LEN, 1426 .data = f_r1kh_id }, 1427 { .type = FT_RRB_LAST_EMPTY, .len = 0, .data = NULL }, 1428 }; 1429 1430 if (sm->ft_pending_pull_left_retries <= 0) 1431 return -1; 1432 first = sm->ft_pending_pull_left_retries == 1433 sm->wpa_auth->conf.rkh_pull_retries; 1434 sm->ft_pending_pull_left_retries--; 1435 1436 wpa_ft_rrb_lookup_r0kh(sm->wpa_auth, sm->r0kh_id, sm->r0kh_id_len, 1437 &r0kh, &r0kh_wildcard); 1438 1439 /* Keep r0kh sufficiently long in the list for seq num check */ 1440 r0kh_timeout = sm->wpa_auth->conf.rkh_pull_timeout / 1000 + 1441 1 + ftRRBseqTimeout; 1442 if (r0kh) { 1443 wpa_ft_rrb_r0kh_replenish(sm->wpa_auth, r0kh, r0kh_timeout); 1444 } else if (r0kh_wildcard) { 1445 wpa_printf(MSG_DEBUG, "FT: Using wildcard R0KH-ID"); 1446 /* r0kh->addr: updated by SEQ_RESP and wpa_ft_expire_pull */ 1447 r0kh = wpa_ft_rrb_add_r0kh(sm->wpa_auth, r0kh_wildcard, 1448 r0kh_wildcard->addr, 1449 sm->r0kh_id, sm->r0kh_id_len, 1450 r0kh_timeout); 1451 } 1452 if (r0kh == NULL) { 1453 wpa_hexdump(MSG_DEBUG, "FT: Did not find R0KH-ID", 1454 sm->r0kh_id, sm->r0kh_id_len); 1455 return -1; 1456 } 1457 if (is_zero_ether_addr(r0kh->addr)) { 1458 wpa_hexdump(MSG_DEBUG, "FT: R0KH-ID is blacklisted", 1459 sm->r0kh_id, sm->r0kh_id_len); 1460 return -1; 1461 } 1462 1463 key = r0kh->key; 1464 key_len = sizeof(r0kh->key); 1465 1466 wpa_printf(MSG_DEBUG, "FT: Send PMK-R1 pull request to remote R0KH " 1467 "address " MACSTR, MAC2STR(r0kh->addr)); 1468 1469 if (r0kh->seq->rx.num_last == 0) { 1470 /* A sequence request will be sent out anyway when pull 1471 * response is received. Send it out now to avoid one RTT. */ 1472 wpa_ft_rrb_seq_req(sm->wpa_auth, r0kh->seq, r0kh->addr, 1473 r0kh->id, r0kh->id_len, f_r1kh_id, key, 1474 key_len, NULL, 0, NULL, 0, NULL); 1475 } 1476 1477 if (first && 1478 random_get_bytes(sm->ft_pending_pull_nonce, FT_RRB_NONCE_LEN) < 0) { 1479 wpa_printf(MSG_DEBUG, "FT: Failed to get random data for " 1480 "nonce"); 1481 return -1; 1482 } 1483 1484 if (wpa_ft_new_seq(r0kh->seq, &f_seq) < 0) { 1485 wpa_printf(MSG_DEBUG, "FT: Failed to get seq num"); 1486 return -1; 1487 } 1488 1489 if (wpa_ft_rrb_build(key, key_len, req_enc, NULL, req_auth, 1490 sm->wpa_auth->addr, FT_PACKET_R0KH_R1KH_PULL, 1491 &packet, &packet_len) < 0) 1492 return -1; 1493 1494 ft_pending_req_ies = wpabuf_alloc_copy(ies, ies_len); 1495 wpabuf_free(sm->ft_pending_req_ies); 1496 sm->ft_pending_req_ies = ft_pending_req_ies; 1497 if (!sm->ft_pending_req_ies) { 1498 os_free(packet); 1499 return -1; 1500 } 1501 1502 tsecs = sm->wpa_auth->conf.rkh_pull_timeout / 1000; 1503 tusecs = (sm->wpa_auth->conf.rkh_pull_timeout % 1000) * 1000; 1504 eloop_register_timeout(tsecs, tusecs, wpa_ft_expire_pull, sm, NULL); 1505 1506 wpa_ft_rrb_oui_send(sm->wpa_auth, r0kh->addr, FT_PACKET_R0KH_R1KH_PULL, 1507 packet, packet_len); 1508 1509 os_free(packet); 1510 1511 return 0; 1512 } 1513 1514 1515 int wpa_auth_derive_ptk_ft(struct wpa_state_machine *sm, const u8 *pmk, 1516 struct wpa_ptk *ptk) 1517 { 1518 u8 pmk_r0[PMK_LEN], pmk_r0_name[WPA_PMK_NAME_LEN]; 1519 u8 pmk_r1[PMK_LEN]; 1520 u8 ptk_name[WPA_PMK_NAME_LEN]; 1521 const u8 *mdid = sm->wpa_auth->conf.mobility_domain; 1522 const u8 *r0kh = sm->wpa_auth->conf.r0_key_holder; 1523 size_t r0kh_len = sm->wpa_auth->conf.r0_key_holder_len; 1524 const u8 *r1kh = sm->wpa_auth->conf.r1_key_holder; 1525 const u8 *ssid = sm->wpa_auth->conf.ssid; 1526 size_t ssid_len = sm->wpa_auth->conf.ssid_len; 1527 int psk_local = sm->wpa_auth->conf.ft_psk_generate_local; 1528 1529 if (sm->xxkey_len == 0) { 1530 wpa_printf(MSG_DEBUG, "FT: XXKey not available for key " 1531 "derivation"); 1532 return -1; 1533 } 1534 1535 if (wpa_derive_pmk_r0(sm->xxkey, sm->xxkey_len, ssid, ssid_len, mdid, 1536 r0kh, r0kh_len, sm->addr, 1537 pmk_r0, pmk_r0_name) < 0) 1538 return -1; 1539 wpa_hexdump_key(MSG_DEBUG, "FT: PMK-R0", pmk_r0, PMK_LEN); 1540 wpa_hexdump(MSG_DEBUG, "FT: PMKR0Name", pmk_r0_name, WPA_PMK_NAME_LEN); 1541 if (!psk_local || !wpa_key_mgmt_ft_psk(sm->wpa_key_mgmt)) 1542 wpa_ft_store_pmk_r0(sm->wpa_auth, sm->addr, pmk_r0, pmk_r0_name, 1543 sm->pairwise); 1544 1545 if (wpa_derive_pmk_r1(pmk_r0, pmk_r0_name, r1kh, sm->addr, 1546 pmk_r1, sm->pmk_r1_name) < 0) 1547 return -1; 1548 wpa_hexdump_key(MSG_DEBUG, "FT: PMK-R1", pmk_r1, PMK_LEN); 1549 wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name", sm->pmk_r1_name, 1550 WPA_PMK_NAME_LEN); 1551 if (!psk_local || !wpa_key_mgmt_ft_psk(sm->wpa_key_mgmt)) 1552 wpa_ft_store_pmk_r1(sm->wpa_auth, sm->addr, pmk_r1, 1553 sm->pmk_r1_name, sm->pairwise); 1554 1555 return wpa_pmk_r1_to_ptk(pmk_r1, sm->SNonce, sm->ANonce, sm->addr, 1556 sm->wpa_auth->addr, sm->pmk_r1_name, 1557 ptk, ptk_name, sm->wpa_key_mgmt, sm->pairwise); 1558 } 1559 1560 1561 static inline int wpa_auth_get_seqnum(struct wpa_authenticator *wpa_auth, 1562 const u8 *addr, int idx, u8 *seq) 1563 { 1564 if (wpa_auth->cb->get_seqnum == NULL) 1565 return -1; 1566 return wpa_auth->cb->get_seqnum(wpa_auth->cb_ctx, addr, idx, seq); 1567 } 1568 1569 1570 static u8 * wpa_ft_gtk_subelem(struct wpa_state_machine *sm, size_t *len) 1571 { 1572 u8 *subelem; 1573 struct wpa_group *gsm = sm->group; 1574 size_t subelem_len, pad_len; 1575 const u8 *key; 1576 size_t key_len; 1577 u8 keybuf[32]; 1578 1579 key_len = gsm->GTK_len; 1580 if (key_len > sizeof(keybuf)) 1581 return NULL; 1582 1583 /* 1584 * Pad key for AES Key Wrap if it is not multiple of 8 bytes or is less 1585 * than 16 bytes. 1586 */ 1587 pad_len = key_len % 8; 1588 if (pad_len) 1589 pad_len = 8 - pad_len; 1590 if (key_len + pad_len < 16) 1591 pad_len += 8; 1592 if (pad_len && key_len < sizeof(keybuf)) { 1593 os_memcpy(keybuf, gsm->GTK[gsm->GN - 1], key_len); 1594 os_memset(keybuf + key_len, 0, pad_len); 1595 keybuf[key_len] = 0xdd; 1596 key_len += pad_len; 1597 key = keybuf; 1598 } else 1599 key = gsm->GTK[gsm->GN - 1]; 1600 1601 /* 1602 * Sub-elem ID[1] | Length[1] | Key Info[2] | Key Length[1] | RSC[8] | 1603 * Key[5..32]. 1604 */ 1605 subelem_len = 13 + key_len + 8; 1606 subelem = os_zalloc(subelem_len); 1607 if (subelem == NULL) 1608 return NULL; 1609 1610 subelem[0] = FTIE_SUBELEM_GTK; 1611 subelem[1] = 11 + key_len + 8; 1612 /* Key ID in B0-B1 of Key Info */ 1613 WPA_PUT_LE16(&subelem[2], gsm->GN & 0x03); 1614 subelem[4] = gsm->GTK_len; 1615 wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN, subelem + 5); 1616 if (aes_wrap(sm->PTK.kek, sm->PTK.kek_len, key_len / 8, key, 1617 subelem + 13)) { 1618 os_free(subelem); 1619 return NULL; 1620 } 1621 1622 *len = subelem_len; 1623 return subelem; 1624 } 1625 1626 1627 #ifdef CONFIG_IEEE80211W 1628 static u8 * wpa_ft_igtk_subelem(struct wpa_state_machine *sm, size_t *len) 1629 { 1630 u8 *subelem, *pos; 1631 struct wpa_group *gsm = sm->group; 1632 size_t subelem_len; 1633 1634 /* Sub-elem ID[1] | Length[1] | KeyID[2] | IPN[6] | Key Length[1] | 1635 * Key[16+8] */ 1636 subelem_len = 1 + 1 + 2 + 6 + 1 + WPA_IGTK_LEN + 8; 1637 subelem = os_zalloc(subelem_len); 1638 if (subelem == NULL) 1639 return NULL; 1640 1641 pos = subelem; 1642 *pos++ = FTIE_SUBELEM_IGTK; 1643 *pos++ = subelem_len - 2; 1644 WPA_PUT_LE16(pos, gsm->GN_igtk); 1645 pos += 2; 1646 wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN_igtk, pos); 1647 pos += 6; 1648 *pos++ = WPA_IGTK_LEN; 1649 if (aes_wrap(sm->PTK.kek, sm->PTK.kek_len, WPA_IGTK_LEN / 8, 1650 gsm->IGTK[gsm->GN_igtk - 4], pos)) { 1651 os_free(subelem); 1652 return NULL; 1653 } 1654 1655 *len = subelem_len; 1656 return subelem; 1657 } 1658 #endif /* CONFIG_IEEE80211W */ 1659 1660 1661 static u8 * wpa_ft_process_rdie(struct wpa_state_machine *sm, 1662 u8 *pos, u8 *end, u8 id, u8 descr_count, 1663 const u8 *ies, size_t ies_len) 1664 { 1665 struct ieee802_11_elems parse; 1666 struct rsn_rdie *rdie; 1667 1668 wpa_printf(MSG_DEBUG, "FT: Resource Request: id=%d descr_count=%d", 1669 id, descr_count); 1670 wpa_hexdump(MSG_MSGDUMP, "FT: Resource descriptor IE(s)", 1671 ies, ies_len); 1672 1673 if (end - pos < (int) sizeof(*rdie)) { 1674 wpa_printf(MSG_ERROR, "FT: Not enough room for response RDIE"); 1675 return pos; 1676 } 1677 1678 *pos++ = WLAN_EID_RIC_DATA; 1679 *pos++ = sizeof(*rdie); 1680 rdie = (struct rsn_rdie *) pos; 1681 rdie->id = id; 1682 rdie->descr_count = 0; 1683 rdie->status_code = host_to_le16(WLAN_STATUS_SUCCESS); 1684 pos += sizeof(*rdie); 1685 1686 if (ieee802_11_parse_elems((u8 *) ies, ies_len, &parse, 1) == 1687 ParseFailed) { 1688 wpa_printf(MSG_DEBUG, "FT: Failed to parse request IEs"); 1689 rdie->status_code = 1690 host_to_le16(WLAN_STATUS_UNSPECIFIED_FAILURE); 1691 return pos; 1692 } 1693 1694 if (parse.wmm_tspec) { 1695 struct wmm_tspec_element *tspec; 1696 1697 if (parse.wmm_tspec_len + 2 < (int) sizeof(*tspec)) { 1698 wpa_printf(MSG_DEBUG, "FT: Too short WMM TSPEC IE " 1699 "(%d)", (int) parse.wmm_tspec_len); 1700 rdie->status_code = 1701 host_to_le16(WLAN_STATUS_UNSPECIFIED_FAILURE); 1702 return pos; 1703 } 1704 if (end - pos < (int) sizeof(*tspec)) { 1705 wpa_printf(MSG_ERROR, "FT: Not enough room for " 1706 "response TSPEC"); 1707 rdie->status_code = 1708 host_to_le16(WLAN_STATUS_UNSPECIFIED_FAILURE); 1709 return pos; 1710 } 1711 tspec = (struct wmm_tspec_element *) pos; 1712 os_memcpy(tspec, parse.wmm_tspec - 2, sizeof(*tspec)); 1713 } 1714 1715 #ifdef NEED_AP_MLME 1716 if (parse.wmm_tspec && sm->wpa_auth->conf.ap_mlme) { 1717 int res; 1718 1719 res = wmm_process_tspec((struct wmm_tspec_element *) pos); 1720 wpa_printf(MSG_DEBUG, "FT: ADDTS processing result: %d", res); 1721 if (res == WMM_ADDTS_STATUS_INVALID_PARAMETERS) 1722 rdie->status_code = 1723 host_to_le16(WLAN_STATUS_INVALID_PARAMETERS); 1724 else if (res == WMM_ADDTS_STATUS_REFUSED) 1725 rdie->status_code = 1726 host_to_le16(WLAN_STATUS_REQUEST_DECLINED); 1727 else { 1728 /* TSPEC accepted; include updated TSPEC in response */ 1729 rdie->descr_count = 1; 1730 pos += sizeof(struct wmm_tspec_element); 1731 } 1732 return pos; 1733 } 1734 #endif /* NEED_AP_MLME */ 1735 1736 if (parse.wmm_tspec && !sm->wpa_auth->conf.ap_mlme) { 1737 int res; 1738 1739 res = wpa_ft_add_tspec(sm->wpa_auth, sm->addr, pos, 1740 sizeof(struct wmm_tspec_element)); 1741 if (res >= 0) { 1742 if (res) 1743 rdie->status_code = host_to_le16(res); 1744 else { 1745 /* TSPEC accepted; include updated TSPEC in 1746 * response */ 1747 rdie->descr_count = 1; 1748 pos += sizeof(struct wmm_tspec_element); 1749 } 1750 return pos; 1751 } 1752 } 1753 1754 wpa_printf(MSG_DEBUG, "FT: No supported resource requested"); 1755 rdie->status_code = host_to_le16(WLAN_STATUS_UNSPECIFIED_FAILURE); 1756 return pos; 1757 } 1758 1759 1760 static u8 * wpa_ft_process_ric(struct wpa_state_machine *sm, u8 *pos, u8 *end, 1761 const u8 *ric, size_t ric_len) 1762 { 1763 const u8 *rpos, *start; 1764 const struct rsn_rdie *rdie; 1765 1766 wpa_hexdump(MSG_MSGDUMP, "FT: RIC Request", ric, ric_len); 1767 1768 rpos = ric; 1769 while (rpos + sizeof(*rdie) < ric + ric_len) { 1770 if (rpos[0] != WLAN_EID_RIC_DATA || rpos[1] < sizeof(*rdie) || 1771 rpos + 2 + rpos[1] > ric + ric_len) 1772 break; 1773 rdie = (const struct rsn_rdie *) (rpos + 2); 1774 rpos += 2 + rpos[1]; 1775 start = rpos; 1776 1777 while (rpos + 2 <= ric + ric_len && 1778 rpos + 2 + rpos[1] <= ric + ric_len) { 1779 if (rpos[0] == WLAN_EID_RIC_DATA) 1780 break; 1781 rpos += 2 + rpos[1]; 1782 } 1783 pos = wpa_ft_process_rdie(sm, pos, end, rdie->id, 1784 rdie->descr_count, 1785 start, rpos - start); 1786 } 1787 1788 return pos; 1789 } 1790 1791 1792 u8 * wpa_sm_write_assoc_resp_ies(struct wpa_state_machine *sm, u8 *pos, 1793 size_t max_len, int auth_alg, 1794 const u8 *req_ies, size_t req_ies_len) 1795 { 1796 u8 *end, *mdie, *ftie, *rsnie = NULL, *r0kh_id, *subelem = NULL; 1797 size_t mdie_len, ftie_len, rsnie_len = 0, r0kh_id_len, subelem_len = 0; 1798 int res; 1799 struct wpa_auth_config *conf; 1800 struct rsn_ftie *_ftie; 1801 struct wpa_ft_ies parse; 1802 u8 *ric_start; 1803 u8 *anonce, *snonce; 1804 1805 if (sm == NULL) 1806 return pos; 1807 1808 conf = &sm->wpa_auth->conf; 1809 1810 if (!wpa_key_mgmt_ft(sm->wpa_key_mgmt)) 1811 return pos; 1812 1813 end = pos + max_len; 1814 1815 if (auth_alg == WLAN_AUTH_FT) { 1816 /* 1817 * RSN (only present if this is a Reassociation Response and 1818 * part of a fast BSS transition) 1819 */ 1820 res = wpa_write_rsn_ie(conf, pos, end - pos, sm->pmk_r1_name); 1821 if (res < 0) 1822 return pos; 1823 rsnie = pos; 1824 rsnie_len = res; 1825 pos += res; 1826 } 1827 1828 /* Mobility Domain Information */ 1829 res = wpa_write_mdie(conf, pos, end - pos); 1830 if (res < 0) 1831 return pos; 1832 mdie = pos; 1833 mdie_len = res; 1834 pos += res; 1835 1836 /* Fast BSS Transition Information */ 1837 if (auth_alg == WLAN_AUTH_FT) { 1838 subelem = wpa_ft_gtk_subelem(sm, &subelem_len); 1839 r0kh_id = sm->r0kh_id; 1840 r0kh_id_len = sm->r0kh_id_len; 1841 anonce = sm->ANonce; 1842 snonce = sm->SNonce; 1843 #ifdef CONFIG_IEEE80211W 1844 if (sm->mgmt_frame_prot) { 1845 u8 *igtk; 1846 size_t igtk_len; 1847 u8 *nbuf; 1848 igtk = wpa_ft_igtk_subelem(sm, &igtk_len); 1849 if (igtk == NULL) { 1850 os_free(subelem); 1851 return pos; 1852 } 1853 nbuf = os_realloc(subelem, subelem_len + igtk_len); 1854 if (nbuf == NULL) { 1855 os_free(subelem); 1856 os_free(igtk); 1857 return pos; 1858 } 1859 subelem = nbuf; 1860 os_memcpy(subelem + subelem_len, igtk, igtk_len); 1861 subelem_len += igtk_len; 1862 os_free(igtk); 1863 } 1864 #endif /* CONFIG_IEEE80211W */ 1865 } else { 1866 r0kh_id = conf->r0_key_holder; 1867 r0kh_id_len = conf->r0_key_holder_len; 1868 anonce = NULL; 1869 snonce = NULL; 1870 } 1871 res = wpa_write_ftie(conf, r0kh_id, r0kh_id_len, anonce, snonce, pos, 1872 end - pos, subelem, subelem_len); 1873 os_free(subelem); 1874 if (res < 0) 1875 return pos; 1876 ftie = pos; 1877 ftie_len = res; 1878 pos += res; 1879 1880 _ftie = (struct rsn_ftie *) (ftie + 2); 1881 if (auth_alg == WLAN_AUTH_FT) 1882 _ftie->mic_control[1] = 3; /* Information element count */ 1883 1884 ric_start = pos; 1885 if (wpa_ft_parse_ies(req_ies, req_ies_len, &parse) == 0 && parse.ric) { 1886 pos = wpa_ft_process_ric(sm, pos, end, parse.ric, 1887 parse.ric_len); 1888 if (auth_alg == WLAN_AUTH_FT) 1889 _ftie->mic_control[1] += 1890 ieee802_11_ie_count(ric_start, 1891 pos - ric_start); 1892 } 1893 if (ric_start == pos) 1894 ric_start = NULL; 1895 1896 if (auth_alg == WLAN_AUTH_FT && 1897 wpa_ft_mic(sm->PTK.kck, sm->PTK.kck_len, sm->addr, 1898 sm->wpa_auth->addr, 6, 1899 mdie, mdie_len, ftie, ftie_len, 1900 rsnie, rsnie_len, 1901 ric_start, ric_start ? pos - ric_start : 0, 1902 _ftie->mic) < 0) 1903 wpa_printf(MSG_DEBUG, "FT: Failed to calculate MIC"); 1904 1905 os_free(sm->assoc_resp_ftie); 1906 sm->assoc_resp_ftie = os_malloc(ftie_len); 1907 if (sm->assoc_resp_ftie) 1908 os_memcpy(sm->assoc_resp_ftie, ftie, ftie_len); 1909 1910 return pos; 1911 } 1912 1913 1914 static inline int wpa_auth_set_key(struct wpa_authenticator *wpa_auth, 1915 int vlan_id, 1916 enum wpa_alg alg, const u8 *addr, int idx, 1917 u8 *key, size_t key_len) 1918 { 1919 if (wpa_auth->cb->set_key == NULL) 1920 return -1; 1921 return wpa_auth->cb->set_key(wpa_auth->cb_ctx, vlan_id, alg, addr, idx, 1922 key, key_len); 1923 } 1924 1925 1926 void wpa_ft_install_ptk(struct wpa_state_machine *sm) 1927 { 1928 enum wpa_alg alg; 1929 int klen; 1930 1931 /* MLME-SETKEYS.request(PTK) */ 1932 alg = wpa_cipher_to_alg(sm->pairwise); 1933 klen = wpa_cipher_key_len(sm->pairwise); 1934 if (!wpa_cipher_valid_pairwise(sm->pairwise)) { 1935 wpa_printf(MSG_DEBUG, "FT: Unknown pairwise alg 0x%x - skip " 1936 "PTK configuration", sm->pairwise); 1937 return; 1938 } 1939 1940 if (sm->tk_already_set) { 1941 /* Must avoid TK reconfiguration to prevent clearing of TX/RX 1942 * PN in the driver */ 1943 wpa_printf(MSG_DEBUG, 1944 "FT: Do not re-install same PTK to the driver"); 1945 return; 1946 } 1947 1948 /* FIX: add STA entry to kernel/driver here? The set_key will fail 1949 * most likely without this.. At the moment, STA entry is added only 1950 * after association has been completed. This function will be called 1951 * again after association to get the PTK configured, but that could be 1952 * optimized by adding the STA entry earlier. 1953 */ 1954 if (wpa_auth_set_key(sm->wpa_auth, 0, alg, sm->addr, 0, 1955 sm->PTK.tk, klen)) 1956 return; 1957 1958 /* FIX: MLME-SetProtection.Request(TA, Tx_Rx) */ 1959 sm->pairwise_set = TRUE; 1960 sm->tk_already_set = TRUE; 1961 } 1962 1963 1964 /* Derive PMK-R1 from PSK, check all available PSK */ 1965 static int wpa_ft_psk_pmk_r1(struct wpa_state_machine *sm, 1966 const u8 *req_pmk_r1_name, 1967 u8 *out_pmk_r1, int *out_pairwise) 1968 { 1969 const u8 *pmk = NULL; 1970 u8 pmk_r0[PMK_LEN], pmk_r0_name[WPA_PMK_NAME_LEN]; 1971 u8 pmk_r1[PMK_LEN], pmk_r1_name[WPA_PMK_NAME_LEN]; 1972 struct wpa_authenticator *wpa_auth = sm->wpa_auth; 1973 const u8 *mdid = wpa_auth->conf.mobility_domain; 1974 const u8 *r0kh = sm->r0kh_id; 1975 size_t r0kh_len = sm->r0kh_id_len; 1976 const u8 *r1kh = wpa_auth->conf.r1_key_holder; 1977 const u8 *ssid = wpa_auth->conf.ssid; 1978 size_t ssid_len = wpa_auth->conf.ssid_len; 1979 int pairwise; 1980 1981 pairwise = sm->pairwise; 1982 1983 for (;;) { 1984 pmk = wpa_ft_get_psk(wpa_auth, sm->addr, sm->p2p_dev_addr, 1985 pmk); 1986 if (pmk == NULL) 1987 break; 1988 1989 if (wpa_derive_pmk_r0(pmk, PMK_LEN, ssid, ssid_len, mdid, r0kh, 1990 r0kh_len, sm->addr, 1991 pmk_r0, pmk_r0_name) < 0 || 1992 wpa_derive_pmk_r1(pmk_r0, pmk_r0_name, r1kh, sm->addr, 1993 pmk_r1, pmk_r1_name) < 0 || 1994 os_memcmp_const(pmk_r1_name, req_pmk_r1_name, 1995 WPA_PMK_NAME_LEN) != 0) 1996 continue; 1997 1998 /* We found a PSK that matches the requested pmk_r1_name */ 1999 wpa_printf(MSG_DEBUG, 2000 "FT: Found PSK to generate PMK-R1 locally"); 2001 os_memcpy(out_pmk_r1, pmk_r1, PMK_LEN); 2002 if (out_pairwise) 2003 *out_pairwise = pairwise; 2004 return 0; 2005 } 2006 2007 wpa_printf(MSG_DEBUG, 2008 "FT: Did not find PSK to generate PMK-R1 locally"); 2009 return -1; 2010 } 2011 2012 2013 /* Detect the configuration the station asked for. 2014 * Required to detect FT-PSK and pairwise cipher. 2015 */ 2016 static int wpa_ft_set_key_mgmt(struct wpa_state_machine *sm, 2017 struct wpa_ft_ies *parse) 2018 { 2019 int key_mgmt, ciphers; 2020 2021 if (sm->wpa_key_mgmt) 2022 return 0; 2023 2024 key_mgmt = parse->key_mgmt & sm->wpa_auth->conf.wpa_key_mgmt; 2025 if (!key_mgmt) { 2026 wpa_printf(MSG_DEBUG, "FT: Invalid key mgmt (0x%x) from " 2027 MACSTR, parse->key_mgmt, MAC2STR(sm->addr)); 2028 return -1; 2029 } 2030 if (key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X) 2031 sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_IEEE8021X; 2032 else if (key_mgmt & WPA_KEY_MGMT_FT_PSK) 2033 sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_PSK; 2034 #ifdef CONFIG_FILS 2035 else if (key_mgmt & WPA_KEY_MGMT_FT_FILS_SHA256) 2036 sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_FILS_SHA256; 2037 else if (key_mgmt & WPA_KEY_MGMT_FT_FILS_SHA384) 2038 sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_FILS_SHA384; 2039 #endif /* CONFIG_FILS */ 2040 ciphers = parse->pairwise_cipher & sm->wpa_auth->conf.rsn_pairwise; 2041 if (!ciphers) { 2042 wpa_printf(MSG_DEBUG, "FT: Invalid pairwise cipher (0x%x) from " 2043 MACSTR, 2044 parse->pairwise_cipher, MAC2STR(sm->addr)); 2045 return -1; 2046 } 2047 sm->pairwise = wpa_pick_pairwise_cipher(ciphers, 0); 2048 2049 return 0; 2050 } 2051 2052 2053 static int wpa_ft_process_auth_req(struct wpa_state_machine *sm, 2054 const u8 *ies, size_t ies_len, 2055 u8 **resp_ies, size_t *resp_ies_len) 2056 { 2057 struct rsn_mdie *mdie; 2058 struct rsn_ftie *ftie; 2059 u8 pmk_r1[PMK_LEN], pmk_r1_name[WPA_PMK_NAME_LEN]; 2060 u8 ptk_name[WPA_PMK_NAME_LEN]; 2061 struct wpa_auth_config *conf; 2062 struct wpa_ft_ies parse; 2063 size_t buflen; 2064 int ret; 2065 u8 *pos, *end; 2066 int pairwise; 2067 2068 *resp_ies = NULL; 2069 *resp_ies_len = 0; 2070 2071 sm->pmk_r1_name_valid = 0; 2072 conf = &sm->wpa_auth->conf; 2073 2074 wpa_hexdump(MSG_DEBUG, "FT: Received authentication frame IEs", 2075 ies, ies_len); 2076 2077 if (wpa_ft_parse_ies(ies, ies_len, &parse) < 0) { 2078 wpa_printf(MSG_DEBUG, "FT: Failed to parse FT IEs"); 2079 return WLAN_STATUS_UNSPECIFIED_FAILURE; 2080 } 2081 2082 mdie = (struct rsn_mdie *) parse.mdie; 2083 if (mdie == NULL || parse.mdie_len < sizeof(*mdie) || 2084 os_memcmp(mdie->mobility_domain, 2085 sm->wpa_auth->conf.mobility_domain, 2086 MOBILITY_DOMAIN_ID_LEN) != 0) { 2087 wpa_printf(MSG_DEBUG, "FT: Invalid MDIE"); 2088 return WLAN_STATUS_INVALID_MDIE; 2089 } 2090 2091 ftie = (struct rsn_ftie *) parse.ftie; 2092 if (ftie == NULL || parse.ftie_len < sizeof(*ftie)) { 2093 wpa_printf(MSG_DEBUG, "FT: Invalid FTIE"); 2094 return WLAN_STATUS_INVALID_FTIE; 2095 } 2096 2097 os_memcpy(sm->SNonce, ftie->snonce, WPA_NONCE_LEN); 2098 2099 if (parse.r0kh_id == NULL) { 2100 wpa_printf(MSG_DEBUG, "FT: Invalid FTIE - no R0KH-ID"); 2101 return WLAN_STATUS_INVALID_FTIE; 2102 } 2103 2104 wpa_hexdump(MSG_DEBUG, "FT: STA R0KH-ID", 2105 parse.r0kh_id, parse.r0kh_id_len); 2106 os_memcpy(sm->r0kh_id, parse.r0kh_id, parse.r0kh_id_len); 2107 sm->r0kh_id_len = parse.r0kh_id_len; 2108 2109 if (parse.rsn_pmkid == NULL) { 2110 wpa_printf(MSG_DEBUG, "FT: No PMKID in RSNIE"); 2111 return WLAN_STATUS_INVALID_PMKID; 2112 } 2113 2114 if (wpa_ft_set_key_mgmt(sm, &parse) < 0) 2115 return WLAN_STATUS_UNSPECIFIED_FAILURE; 2116 2117 wpa_hexdump(MSG_DEBUG, "FT: Requested PMKR0Name", 2118 parse.rsn_pmkid, WPA_PMK_NAME_LEN); 2119 if (wpa_derive_pmk_r1_name(parse.rsn_pmkid, 2120 sm->wpa_auth->conf.r1_key_holder, sm->addr, 2121 pmk_r1_name) < 0) 2122 return WLAN_STATUS_UNSPECIFIED_FAILURE; 2123 wpa_hexdump(MSG_DEBUG, "FT: Derived requested PMKR1Name", 2124 pmk_r1_name, WPA_PMK_NAME_LEN); 2125 2126 if (conf->ft_psk_generate_local && 2127 wpa_key_mgmt_ft_psk(sm->wpa_key_mgmt)) { 2128 if (wpa_ft_psk_pmk_r1(sm, pmk_r1_name, pmk_r1, &pairwise) < 0) 2129 return WLAN_STATUS_INVALID_PMKID; 2130 } else if (wpa_ft_fetch_pmk_r1(sm->wpa_auth, sm->addr, pmk_r1_name, 2131 pmk_r1, &pairwise) < 0) { 2132 if (wpa_ft_pull_pmk_r1(sm, ies, ies_len, parse.rsn_pmkid) < 0) { 2133 wpa_printf(MSG_DEBUG, 2134 "FT: Did not have matching PMK-R1 and either unknown or blocked R0KH-ID or NAK from R0KH"); 2135 return WLAN_STATUS_INVALID_PMKID; 2136 } 2137 2138 return -1; /* Status pending */ 2139 } 2140 2141 wpa_hexdump_key(MSG_DEBUG, "FT: Selected PMK-R1", pmk_r1, PMK_LEN); 2142 sm->pmk_r1_name_valid = 1; 2143 os_memcpy(sm->pmk_r1_name, pmk_r1_name, WPA_PMK_NAME_LEN); 2144 2145 if (random_get_bytes(sm->ANonce, WPA_NONCE_LEN)) { 2146 wpa_printf(MSG_DEBUG, "FT: Failed to get random data for " 2147 "ANonce"); 2148 return WLAN_STATUS_UNSPECIFIED_FAILURE; 2149 } 2150 2151 wpa_hexdump(MSG_DEBUG, "FT: Received SNonce", 2152 sm->SNonce, WPA_NONCE_LEN); 2153 wpa_hexdump(MSG_DEBUG, "FT: Generated ANonce", 2154 sm->ANonce, WPA_NONCE_LEN); 2155 2156 if (wpa_pmk_r1_to_ptk(pmk_r1, sm->SNonce, sm->ANonce, sm->addr, 2157 sm->wpa_auth->addr, pmk_r1_name, 2158 &sm->PTK, ptk_name, sm->wpa_key_mgmt, 2159 pairwise) < 0) 2160 return WLAN_STATUS_UNSPECIFIED_FAILURE; 2161 2162 sm->pairwise = pairwise; 2163 sm->PTK_valid = TRUE; 2164 sm->tk_already_set = FALSE; 2165 wpa_ft_install_ptk(sm); 2166 2167 buflen = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) + 2168 2 + FT_R1KH_ID_LEN + 200; 2169 *resp_ies = os_zalloc(buflen); 2170 if (*resp_ies == NULL) 2171 goto fail; 2172 2173 pos = *resp_ies; 2174 end = *resp_ies + buflen; 2175 2176 ret = wpa_write_rsn_ie(conf, pos, end - pos, parse.rsn_pmkid); 2177 if (ret < 0) 2178 goto fail; 2179 pos += ret; 2180 2181 ret = wpa_write_mdie(conf, pos, end - pos); 2182 if (ret < 0) 2183 goto fail; 2184 pos += ret; 2185 2186 ret = wpa_write_ftie(conf, parse.r0kh_id, parse.r0kh_id_len, 2187 sm->ANonce, sm->SNonce, pos, end - pos, NULL, 0); 2188 if (ret < 0) 2189 goto fail; 2190 pos += ret; 2191 2192 *resp_ies_len = pos - *resp_ies; 2193 2194 return WLAN_STATUS_SUCCESS; 2195 fail: 2196 os_free(*resp_ies); 2197 *resp_ies = NULL; 2198 return WLAN_STATUS_UNSPECIFIED_FAILURE; 2199 } 2200 2201 2202 void wpa_ft_process_auth(struct wpa_state_machine *sm, const u8 *bssid, 2203 u16 auth_transaction, const u8 *ies, size_t ies_len, 2204 void (*cb)(void *ctx, const u8 *dst, const u8 *bssid, 2205 u16 auth_transaction, u16 status, 2206 const u8 *ies, size_t ies_len), 2207 void *ctx) 2208 { 2209 u16 status; 2210 u8 *resp_ies; 2211 size_t resp_ies_len; 2212 int res; 2213 2214 if (sm == NULL) { 2215 wpa_printf(MSG_DEBUG, "FT: Received authentication frame, but " 2216 "WPA SM not available"); 2217 return; 2218 } 2219 2220 wpa_printf(MSG_DEBUG, "FT: Received authentication frame: STA=" MACSTR 2221 " BSSID=" MACSTR " transaction=%d", 2222 MAC2STR(sm->addr), MAC2STR(bssid), auth_transaction); 2223 sm->ft_pending_cb = cb; 2224 sm->ft_pending_cb_ctx = ctx; 2225 sm->ft_pending_auth_transaction = auth_transaction; 2226 sm->ft_pending_pull_left_retries = sm->wpa_auth->conf.rkh_pull_retries; 2227 res = wpa_ft_process_auth_req(sm, ies, ies_len, &resp_ies, 2228 &resp_ies_len); 2229 if (res < 0) { 2230 wpa_printf(MSG_DEBUG, "FT: Callback postponed until response is available"); 2231 return; 2232 } 2233 status = res; 2234 2235 wpa_printf(MSG_DEBUG, "FT: FT authentication response: dst=" MACSTR 2236 " auth_transaction=%d status=%d", 2237 MAC2STR(sm->addr), auth_transaction + 1, status); 2238 wpa_hexdump(MSG_DEBUG, "FT: Response IEs", resp_ies, resp_ies_len); 2239 cb(ctx, sm->addr, bssid, auth_transaction + 1, status, 2240 resp_ies, resp_ies_len); 2241 os_free(resp_ies); 2242 } 2243 2244 2245 u16 wpa_ft_validate_reassoc(struct wpa_state_machine *sm, const u8 *ies, 2246 size_t ies_len) 2247 { 2248 struct wpa_ft_ies parse; 2249 struct rsn_mdie *mdie; 2250 struct rsn_ftie *ftie; 2251 u8 mic[WPA_EAPOL_KEY_MIC_MAX_LEN]; 2252 size_t mic_len = 16; 2253 unsigned int count; 2254 2255 if (sm == NULL) 2256 return WLAN_STATUS_UNSPECIFIED_FAILURE; 2257 2258 wpa_hexdump(MSG_DEBUG, "FT: Reassoc Req IEs", ies, ies_len); 2259 2260 if (wpa_ft_parse_ies(ies, ies_len, &parse) < 0) { 2261 wpa_printf(MSG_DEBUG, "FT: Failed to parse FT IEs"); 2262 return WLAN_STATUS_UNSPECIFIED_FAILURE; 2263 } 2264 2265 if (parse.rsn == NULL) { 2266 wpa_printf(MSG_DEBUG, "FT: No RSNIE in Reassoc Req"); 2267 return WLAN_STATUS_UNSPECIFIED_FAILURE; 2268 } 2269 2270 if (parse.rsn_pmkid == NULL) { 2271 wpa_printf(MSG_DEBUG, "FT: No PMKID in RSNIE"); 2272 return WLAN_STATUS_INVALID_PMKID; 2273 } 2274 2275 if (os_memcmp_const(parse.rsn_pmkid, sm->pmk_r1_name, WPA_PMK_NAME_LEN) 2276 != 0) { 2277 wpa_printf(MSG_DEBUG, "FT: PMKID in Reassoc Req did not match " 2278 "with the PMKR1Name derived from auth request"); 2279 return WLAN_STATUS_INVALID_PMKID; 2280 } 2281 2282 mdie = (struct rsn_mdie *) parse.mdie; 2283 if (mdie == NULL || parse.mdie_len < sizeof(*mdie) || 2284 os_memcmp(mdie->mobility_domain, 2285 sm->wpa_auth->conf.mobility_domain, 2286 MOBILITY_DOMAIN_ID_LEN) != 0) { 2287 wpa_printf(MSG_DEBUG, "FT: Invalid MDIE"); 2288 return WLAN_STATUS_INVALID_MDIE; 2289 } 2290 2291 ftie = (struct rsn_ftie *) parse.ftie; 2292 if (ftie == NULL || parse.ftie_len < sizeof(*ftie)) { 2293 wpa_printf(MSG_DEBUG, "FT: Invalid FTIE"); 2294 return WLAN_STATUS_INVALID_FTIE; 2295 } 2296 2297 if (os_memcmp(ftie->snonce, sm->SNonce, WPA_NONCE_LEN) != 0) { 2298 wpa_printf(MSG_DEBUG, "FT: SNonce mismatch in FTIE"); 2299 wpa_hexdump(MSG_DEBUG, "FT: Received SNonce", 2300 ftie->snonce, WPA_NONCE_LEN); 2301 wpa_hexdump(MSG_DEBUG, "FT: Expected SNonce", 2302 sm->SNonce, WPA_NONCE_LEN); 2303 return WLAN_STATUS_INVALID_FTIE; 2304 } 2305 2306 if (os_memcmp(ftie->anonce, sm->ANonce, WPA_NONCE_LEN) != 0) { 2307 wpa_printf(MSG_DEBUG, "FT: ANonce mismatch in FTIE"); 2308 wpa_hexdump(MSG_DEBUG, "FT: Received ANonce", 2309 ftie->anonce, WPA_NONCE_LEN); 2310 wpa_hexdump(MSG_DEBUG, "FT: Expected ANonce", 2311 sm->ANonce, WPA_NONCE_LEN); 2312 return WLAN_STATUS_INVALID_FTIE; 2313 } 2314 2315 2316 if (parse.r0kh_id == NULL) { 2317 wpa_printf(MSG_DEBUG, "FT: No R0KH-ID subelem in FTIE"); 2318 return WLAN_STATUS_INVALID_FTIE; 2319 } 2320 2321 if (parse.r0kh_id_len != sm->r0kh_id_len || 2322 os_memcmp_const(parse.r0kh_id, sm->r0kh_id, parse.r0kh_id_len) != 0) 2323 { 2324 wpa_printf(MSG_DEBUG, "FT: R0KH-ID in FTIE did not match with " 2325 "the current R0KH-ID"); 2326 wpa_hexdump(MSG_DEBUG, "FT: R0KH-ID in FTIE", 2327 parse.r0kh_id, parse.r0kh_id_len); 2328 wpa_hexdump(MSG_DEBUG, "FT: The current R0KH-ID", 2329 sm->r0kh_id, sm->r0kh_id_len); 2330 return WLAN_STATUS_INVALID_FTIE; 2331 } 2332 2333 if (parse.r1kh_id == NULL) { 2334 wpa_printf(MSG_DEBUG, "FT: No R1KH-ID subelem in FTIE"); 2335 return WLAN_STATUS_INVALID_FTIE; 2336 } 2337 2338 if (os_memcmp_const(parse.r1kh_id, sm->wpa_auth->conf.r1_key_holder, 2339 FT_R1KH_ID_LEN) != 0) { 2340 wpa_printf(MSG_DEBUG, "FT: Unknown R1KH-ID used in " 2341 "ReassocReq"); 2342 wpa_hexdump(MSG_DEBUG, "FT: R1KH-ID in FTIE", 2343 parse.r1kh_id, FT_R1KH_ID_LEN); 2344 wpa_hexdump(MSG_DEBUG, "FT: Expected R1KH-ID", 2345 sm->wpa_auth->conf.r1_key_holder, FT_R1KH_ID_LEN); 2346 return WLAN_STATUS_INVALID_FTIE; 2347 } 2348 2349 if (parse.rsn_pmkid == NULL || 2350 os_memcmp_const(parse.rsn_pmkid, sm->pmk_r1_name, WPA_PMK_NAME_LEN)) 2351 { 2352 wpa_printf(MSG_DEBUG, "FT: No matching PMKR1Name (PMKID) in " 2353 "RSNIE (pmkid=%d)", !!parse.rsn_pmkid); 2354 return WLAN_STATUS_INVALID_PMKID; 2355 } 2356 2357 count = 3; 2358 if (parse.ric) 2359 count += ieee802_11_ie_count(parse.ric, parse.ric_len); 2360 if (ftie->mic_control[1] != count) { 2361 wpa_printf(MSG_DEBUG, "FT: Unexpected IE count in MIC " 2362 "Control: received %u expected %u", 2363 ftie->mic_control[1], count); 2364 return WLAN_STATUS_UNSPECIFIED_FAILURE; 2365 } 2366 2367 if (wpa_ft_mic(sm->PTK.kck, sm->PTK.kck_len, sm->addr, 2368 sm->wpa_auth->addr, 5, 2369 parse.mdie - 2, parse.mdie_len + 2, 2370 parse.ftie - 2, parse.ftie_len + 2, 2371 parse.rsn - 2, parse.rsn_len + 2, 2372 parse.ric, parse.ric_len, 2373 mic) < 0) { 2374 wpa_printf(MSG_DEBUG, "FT: Failed to calculate MIC"); 2375 return WLAN_STATUS_UNSPECIFIED_FAILURE; 2376 } 2377 2378 if (os_memcmp_const(mic, ftie->mic, mic_len) != 0) { 2379 wpa_printf(MSG_DEBUG, "FT: Invalid MIC in FTIE"); 2380 wpa_printf(MSG_DEBUG, "FT: addr=" MACSTR " auth_addr=" MACSTR, 2381 MAC2STR(sm->addr), MAC2STR(sm->wpa_auth->addr)); 2382 wpa_hexdump(MSG_MSGDUMP, "FT: Received MIC", 2383 ftie->mic, mic_len); 2384 wpa_hexdump(MSG_MSGDUMP, "FT: Calculated MIC", mic, mic_len); 2385 wpa_hexdump(MSG_MSGDUMP, "FT: MDIE", 2386 parse.mdie - 2, parse.mdie_len + 2); 2387 wpa_hexdump(MSG_MSGDUMP, "FT: FTIE", 2388 parse.ftie - 2, parse.ftie_len + 2); 2389 wpa_hexdump(MSG_MSGDUMP, "FT: RSN", 2390 parse.rsn - 2, parse.rsn_len + 2); 2391 return WLAN_STATUS_INVALID_FTIE; 2392 } 2393 2394 return WLAN_STATUS_SUCCESS; 2395 } 2396 2397 2398 int wpa_ft_action_rx(struct wpa_state_machine *sm, const u8 *data, size_t len) 2399 { 2400 const u8 *sta_addr, *target_ap; 2401 const u8 *ies; 2402 size_t ies_len; 2403 u8 action; 2404 struct ft_rrb_frame *frame; 2405 2406 if (sm == NULL) 2407 return -1; 2408 2409 /* 2410 * data: Category[1] Action[1] STA_Address[6] Target_AP_Address[6] 2411 * FT Request action frame body[variable] 2412 */ 2413 2414 if (len < 14) { 2415 wpa_printf(MSG_DEBUG, "FT: Too short FT Action frame " 2416 "(len=%lu)", (unsigned long) len); 2417 return -1; 2418 } 2419 2420 action = data[1]; 2421 sta_addr = data + 2; 2422 target_ap = data + 8; 2423 ies = data + 14; 2424 ies_len = len - 14; 2425 2426 wpa_printf(MSG_DEBUG, "FT: Received FT Action frame (STA=" MACSTR 2427 " Target AP=" MACSTR " Action=%d)", 2428 MAC2STR(sta_addr), MAC2STR(target_ap), action); 2429 2430 if (os_memcmp(sta_addr, sm->addr, ETH_ALEN) != 0) { 2431 wpa_printf(MSG_DEBUG, "FT: Mismatch in FT Action STA address: " 2432 "STA=" MACSTR " STA-Address=" MACSTR, 2433 MAC2STR(sm->addr), MAC2STR(sta_addr)); 2434 return -1; 2435 } 2436 2437 /* 2438 * Do some sanity checking on the target AP address (not own and not 2439 * broadcast. This could be extended to filter based on a list of known 2440 * APs in the MD (if such a list were configured). 2441 */ 2442 if ((target_ap[0] & 0x01) || 2443 os_memcmp(target_ap, sm->wpa_auth->addr, ETH_ALEN) == 0) { 2444 wpa_printf(MSG_DEBUG, "FT: Invalid Target AP in FT Action " 2445 "frame"); 2446 return -1; 2447 } 2448 2449 wpa_hexdump(MSG_MSGDUMP, "FT: Action frame body", ies, ies_len); 2450 2451 if (!sm->wpa_auth->conf.ft_over_ds) { 2452 wpa_printf(MSG_DEBUG, "FT: Over-DS option disabled - reject"); 2453 return -1; 2454 } 2455 2456 /* RRB - Forward action frame to the target AP */ 2457 frame = os_malloc(sizeof(*frame) + len); 2458 if (frame == NULL) 2459 return -1; 2460 frame->frame_type = RSN_REMOTE_FRAME_TYPE_FT_RRB; 2461 frame->packet_type = FT_PACKET_REQUEST; 2462 frame->action_length = host_to_le16(len); 2463 os_memcpy(frame->ap_address, sm->wpa_auth->addr, ETH_ALEN); 2464 os_memcpy(frame + 1, data, len); 2465 2466 wpa_ft_rrb_send(sm->wpa_auth, target_ap, (u8 *) frame, 2467 sizeof(*frame) + len); 2468 os_free(frame); 2469 2470 return 0; 2471 } 2472 2473 2474 static void wpa_ft_rrb_rx_request_cb(void *ctx, const u8 *dst, const u8 *bssid, 2475 u16 auth_transaction, u16 resp, 2476 const u8 *ies, size_t ies_len) 2477 { 2478 struct wpa_state_machine *sm = ctx; 2479 wpa_printf(MSG_DEBUG, "FT: Over-the-DS RX request cb for " MACSTR, 2480 MAC2STR(sm->addr)); 2481 wpa_ft_send_rrb_auth_resp(sm, sm->ft_pending_current_ap, sm->addr, 2482 WLAN_STATUS_SUCCESS, ies, ies_len); 2483 } 2484 2485 2486 static int wpa_ft_rrb_rx_request(struct wpa_authenticator *wpa_auth, 2487 const u8 *current_ap, const u8 *sta_addr, 2488 const u8 *body, size_t len) 2489 { 2490 struct wpa_state_machine *sm; 2491 u16 status; 2492 u8 *resp_ies; 2493 size_t resp_ies_len; 2494 int res; 2495 2496 sm = wpa_ft_add_sta(wpa_auth, sta_addr); 2497 if (sm == NULL) { 2498 wpa_printf(MSG_DEBUG, "FT: Failed to add new STA based on " 2499 "RRB Request"); 2500 return -1; 2501 } 2502 2503 wpa_hexdump(MSG_MSGDUMP, "FT: RRB Request Frame body", body, len); 2504 2505 sm->ft_pending_cb = wpa_ft_rrb_rx_request_cb; 2506 sm->ft_pending_cb_ctx = sm; 2507 os_memcpy(sm->ft_pending_current_ap, current_ap, ETH_ALEN); 2508 sm->ft_pending_pull_left_retries = sm->wpa_auth->conf.rkh_pull_retries; 2509 res = wpa_ft_process_auth_req(sm, body, len, &resp_ies, 2510 &resp_ies_len); 2511 if (res < 0) { 2512 wpa_printf(MSG_DEBUG, "FT: No immediate response available - wait for pull response"); 2513 return 0; 2514 } 2515 status = res; 2516 2517 res = wpa_ft_send_rrb_auth_resp(sm, current_ap, sta_addr, status, 2518 resp_ies, resp_ies_len); 2519 os_free(resp_ies); 2520 return res; 2521 } 2522 2523 2524 static int wpa_ft_send_rrb_auth_resp(struct wpa_state_machine *sm, 2525 const u8 *current_ap, const u8 *sta_addr, 2526 u16 status, const u8 *resp_ies, 2527 size_t resp_ies_len) 2528 { 2529 struct wpa_authenticator *wpa_auth = sm->wpa_auth; 2530 size_t rlen; 2531 struct ft_rrb_frame *frame; 2532 u8 *pos; 2533 2534 wpa_printf(MSG_DEBUG, "FT: RRB authentication response: STA=" MACSTR 2535 " CurrentAP=" MACSTR " status=%d", 2536 MAC2STR(sm->addr), MAC2STR(current_ap), status); 2537 wpa_hexdump(MSG_DEBUG, "FT: Response IEs", resp_ies, resp_ies_len); 2538 2539 /* RRB - Forward action frame response to the Current AP */ 2540 2541 /* 2542 * data: Category[1] Action[1] STA_Address[6] Target_AP_Address[6] 2543 * Status_Code[2] FT Request action frame body[variable] 2544 */ 2545 rlen = 2 + 2 * ETH_ALEN + 2 + resp_ies_len; 2546 2547 frame = os_malloc(sizeof(*frame) + rlen); 2548 if (frame == NULL) 2549 return -1; 2550 frame->frame_type = RSN_REMOTE_FRAME_TYPE_FT_RRB; 2551 frame->packet_type = FT_PACKET_RESPONSE; 2552 frame->action_length = host_to_le16(rlen); 2553 os_memcpy(frame->ap_address, wpa_auth->addr, ETH_ALEN); 2554 pos = (u8 *) (frame + 1); 2555 *pos++ = WLAN_ACTION_FT; 2556 *pos++ = 2; /* Action: Response */ 2557 os_memcpy(pos, sta_addr, ETH_ALEN); 2558 pos += ETH_ALEN; 2559 os_memcpy(pos, wpa_auth->addr, ETH_ALEN); 2560 pos += ETH_ALEN; 2561 WPA_PUT_LE16(pos, status); 2562 pos += 2; 2563 if (resp_ies) 2564 os_memcpy(pos, resp_ies, resp_ies_len); 2565 2566 wpa_ft_rrb_send(wpa_auth, current_ap, (u8 *) frame, 2567 sizeof(*frame) + rlen); 2568 os_free(frame); 2569 2570 return 0; 2571 } 2572 2573 2574 static int wpa_ft_rrb_build_r0(const u8 *key, const size_t key_len, 2575 const struct tlv_list *tlvs, 2576 const struct wpa_ft_pmk_r0_sa *pmk_r0, 2577 const u8 *r1kh_id, const u8 *s1kh_id, 2578 const struct tlv_list *tlv_auth, 2579 const u8 *src_addr, u8 type, 2580 u8 **packet, size_t *packet_len) 2581 { 2582 u8 pmk_r1[PMK_LEN]; 2583 u8 pmk_r1_name[WPA_PMK_NAME_LEN]; 2584 u8 f_pairwise[sizeof(le16)]; 2585 int ret; 2586 struct tlv_list sess_tlv[] = { 2587 { .type = FT_RRB_PMK_R1, .len = sizeof(pmk_r1), 2588 .data = pmk_r1 }, 2589 { .type = FT_RRB_PMK_R1_NAME, .len = sizeof(pmk_r1_name), 2590 .data = pmk_r1_name }, 2591 { .type = FT_RRB_PAIRWISE, .len = sizeof(f_pairwise), 2592 .data = f_pairwise }, 2593 { .type = FT_RRB_LAST_EMPTY, .len = 0, .data = NULL }, 2594 }; 2595 2596 if (!pmk_r0) 2597 return wpa_ft_rrb_build(key, key_len, tlvs, NULL, tlv_auth, 2598 src_addr, type, packet, packet_len); 2599 2600 if (wpa_derive_pmk_r1(pmk_r0->pmk_r0, pmk_r0->pmk_r0_name, r1kh_id, 2601 s1kh_id, pmk_r1, pmk_r1_name) < 0) 2602 return -1; 2603 wpa_hexdump_key(MSG_DEBUG, "FT: PMK-R1", pmk_r1, PMK_LEN); 2604 wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name", pmk_r1_name, WPA_PMK_NAME_LEN); 2605 WPA_PUT_LE16(f_pairwise, pmk_r0->pairwise); 2606 2607 ret = wpa_ft_rrb_build(key, key_len, tlvs, sess_tlv, tlv_auth, 2608 src_addr, type, packet, packet_len); 2609 2610 os_memset(pmk_r1, 0, sizeof(pmk_r1)); 2611 2612 return ret; 2613 } 2614 2615 2616 static int wpa_ft_rrb_rx_pull(struct wpa_authenticator *wpa_auth, 2617 const u8 *src_addr, 2618 const u8 *enc, size_t enc_len, 2619 const u8 *auth, size_t auth_len, 2620 int no_defer) 2621 { 2622 const char *msgtype = "pull request"; 2623 u8 *plain = NULL, *packet = NULL; 2624 size_t plain_len = 0, packet_len = 0; 2625 struct ft_remote_r1kh *r1kh, *r1kh_wildcard; 2626 const u8 *key; 2627 size_t key_len; 2628 int seq_ret; 2629 const u8 *f_nonce, *f_r0kh_id, *f_r1kh_id, *f_s1kh_id, *f_pmk_r0_name; 2630 size_t f_nonce_len, f_r0kh_id_len, f_r1kh_id_len, f_s1kh_id_len; 2631 size_t f_pmk_r0_name_len; 2632 const struct wpa_ft_pmk_r0_sa *r0; 2633 int ret; 2634 struct tlv_list resp[2]; 2635 struct tlv_list resp_auth[5]; 2636 struct ft_rrb_seq f_seq; 2637 2638 wpa_printf(MSG_DEBUG, "FT: Received PMK-R1 pull"); 2639 2640 RRB_GET_AUTH(FT_RRB_R0KH_ID, r0kh_id, msgtype, -1); 2641 wpa_hexdump(MSG_DEBUG, "FT: R0KH-ID", f_r0kh_id, f_r0kh_id_len); 2642 2643 if (wpa_ft_rrb_check_r0kh(wpa_auth, f_r0kh_id, f_r0kh_id_len)) { 2644 wpa_printf(MSG_DEBUG, "FT: R0KH-ID mismatch"); 2645 goto out; 2646 } 2647 2648 RRB_GET_AUTH(FT_RRB_R1KH_ID, r1kh_id, msgtype, FT_R1KH_ID_LEN); 2649 wpa_printf(MSG_DEBUG, "FT: R1KH-ID=" MACSTR, MAC2STR(f_r1kh_id)); 2650 2651 wpa_ft_rrb_lookup_r1kh(wpa_auth, f_r1kh_id, &r1kh, &r1kh_wildcard); 2652 if (r1kh) { 2653 key = r1kh->key; 2654 key_len = sizeof(r1kh->key); 2655 } else if (r1kh_wildcard) { 2656 wpa_printf(MSG_DEBUG, "FT: Using wildcard R1KH-ID"); 2657 key = r1kh_wildcard->key; 2658 key_len = sizeof(r1kh_wildcard->key); 2659 } else { 2660 goto out; 2661 } 2662 2663 RRB_GET_AUTH(FT_RRB_NONCE, nonce, "pull request", FT_RRB_NONCE_LEN); 2664 wpa_hexdump(MSG_DEBUG, "FT: nonce", f_nonce, f_nonce_len); 2665 2666 seq_ret = FT_RRB_SEQ_DROP; 2667 if (r1kh) 2668 seq_ret = wpa_ft_rrb_seq_chk(r1kh->seq, src_addr, enc, enc_len, 2669 auth, auth_len, msgtype, no_defer); 2670 if (!no_defer && r1kh_wildcard && 2671 (!r1kh || os_memcmp(r1kh->addr, src_addr, ETH_ALEN) != 0)) { 2672 /* wildcard: r1kh-id unknown or changed addr -> do a seq req */ 2673 seq_ret = FT_RRB_SEQ_DEFER; 2674 } 2675 2676 if (seq_ret == FT_RRB_SEQ_DROP) 2677 goto out; 2678 2679 if (wpa_ft_rrb_decrypt(key, key_len, enc, enc_len, auth, auth_len, 2680 src_addr, FT_PACKET_R0KH_R1KH_PULL, 2681 &plain, &plain_len) < 0) 2682 goto out; 2683 2684 if (!r1kh) 2685 r1kh = wpa_ft_rrb_add_r1kh(wpa_auth, r1kh_wildcard, src_addr, 2686 f_r1kh_id, 2687 wpa_auth->conf.rkh_pos_timeout); 2688 if (!r1kh) 2689 goto out; 2690 2691 if (seq_ret == FT_RRB_SEQ_DEFER) { 2692 wpa_ft_rrb_seq_req(wpa_auth, r1kh->seq, src_addr, f_r0kh_id, 2693 f_r0kh_id_len, f_r1kh_id, key, key_len, 2694 enc, enc_len, auth, auth_len, 2695 &wpa_ft_rrb_rx_pull); 2696 goto out; 2697 } 2698 2699 wpa_ft_rrb_seq_accept(wpa_auth, r1kh->seq, src_addr, auth, auth_len, 2700 msgtype); 2701 wpa_ft_rrb_r1kh_replenish(wpa_auth, r1kh, 2702 wpa_auth->conf.rkh_pos_timeout); 2703 2704 RRB_GET(FT_RRB_PMK_R0_NAME, pmk_r0_name, msgtype, WPA_PMK_NAME_LEN); 2705 wpa_hexdump(MSG_DEBUG, "FT: PMKR0Name", f_pmk_r0_name, 2706 f_pmk_r0_name_len); 2707 2708 RRB_GET(FT_RRB_S1KH_ID, s1kh_id, msgtype, ETH_ALEN); 2709 wpa_printf(MSG_DEBUG, "FT: S1KH-ID=" MACSTR, MAC2STR(f_s1kh_id)); 2710 2711 if (wpa_ft_new_seq(r1kh->seq, &f_seq) < 0) { 2712 wpa_printf(MSG_DEBUG, "FT: Failed to get seq num"); 2713 goto out; 2714 } 2715 2716 resp[0].type = FT_RRB_S1KH_ID; 2717 resp[0].len = f_s1kh_id_len; 2718 resp[0].data = f_s1kh_id; 2719 resp[1].type = FT_RRB_LAST_EMPTY; 2720 resp[1].len = 0; 2721 resp[1].data = NULL; 2722 2723 resp_auth[0].type = FT_RRB_NONCE; 2724 resp_auth[0].len = f_nonce_len; 2725 resp_auth[0].data = f_nonce; 2726 resp_auth[1].type = FT_RRB_SEQ; 2727 resp_auth[1].len = sizeof(f_seq); 2728 resp_auth[1].data = (u8 *) &f_seq; 2729 resp_auth[2].type = FT_RRB_R0KH_ID; 2730 resp_auth[2].len = f_r0kh_id_len; 2731 resp_auth[2].data = f_r0kh_id; 2732 resp_auth[3].type = FT_RRB_R1KH_ID; 2733 resp_auth[3].len = f_r1kh_id_len; 2734 resp_auth[3].data = f_r1kh_id; 2735 resp_auth[4].type = FT_RRB_LAST_EMPTY; 2736 resp_auth[4].len = 0; 2737 resp_auth[4].data = NULL; 2738 2739 if (wpa_ft_fetch_pmk_r0(wpa_auth, f_s1kh_id, f_pmk_r0_name, &r0) < 0) 2740 wpa_printf(MSG_DEBUG, "FT: No matching PMK-R0-Name found"); 2741 2742 ret = wpa_ft_rrb_build_r0(key, key_len, resp, r0, f_r1kh_id, f_s1kh_id, 2743 resp_auth, wpa_auth->addr, 2744 FT_PACKET_R0KH_R1KH_RESP, 2745 &packet, &packet_len); 2746 2747 if (!ret) 2748 wpa_ft_rrb_oui_send(wpa_auth, src_addr, 2749 FT_PACKET_R0KH_R1KH_RESP, packet, 2750 packet_len); 2751 2752 out: 2753 os_free(plain); 2754 os_free(packet); 2755 2756 return 0; 2757 } 2758 2759 2760 /* @returns 0 on success 2761 * -1 on error 2762 * -2 if FR_RRB_PAIRWISE is missing 2763 */ 2764 static int wpa_ft_rrb_rx_r1(struct wpa_authenticator *wpa_auth, 2765 const u8 *src_addr, u8 type, 2766 const u8 *enc, size_t enc_len, 2767 const u8 *auth, size_t auth_len, 2768 const char *msgtype, u8 *s1kh_id_out, 2769 int (*cb)(struct wpa_authenticator *wpa_auth, 2770 const u8 *src_addr, 2771 const u8 *enc, size_t enc_len, 2772 const u8 *auth, size_t auth_len, 2773 int no_defer)) 2774 { 2775 u8 *plain = NULL; 2776 size_t plain_len = 0; 2777 struct ft_remote_r0kh *r0kh, *r0kh_wildcard; 2778 const u8 *key; 2779 size_t key_len; 2780 int seq_ret; 2781 const u8 *f_r1kh_id, *f_s1kh_id, *f_r0kh_id; 2782 const u8 *f_pmk_r1_name, *f_pairwise, *f_pmk_r1; 2783 size_t f_r1kh_id_len, f_s1kh_id_len, f_r0kh_id_len; 2784 size_t f_pmk_r1_name_len, f_pairwise_len, f_pmk_r1_len; 2785 int pairwise; 2786 int ret = -1; 2787 2788 RRB_GET_AUTH(FT_RRB_R0KH_ID, r0kh_id, msgtype, -1); 2789 wpa_hexdump(MSG_DEBUG, "FT: R0KH-ID", f_r0kh_id, f_r0kh_id_len); 2790 2791 RRB_GET_AUTH(FT_RRB_R1KH_ID, r1kh_id, msgtype, FT_R1KH_ID_LEN); 2792 wpa_printf(MSG_DEBUG, "FT: R1KH-ID=" MACSTR, MAC2STR(f_r1kh_id)); 2793 2794 if (wpa_ft_rrb_check_r1kh(wpa_auth, f_r1kh_id)) { 2795 wpa_printf(MSG_DEBUG, "FT: R1KH-ID mismatch"); 2796 goto out; 2797 } 2798 2799 wpa_ft_rrb_lookup_r0kh(wpa_auth, f_r0kh_id, f_r0kh_id_len, &r0kh, 2800 &r0kh_wildcard); 2801 if (r0kh) { 2802 key = r0kh->key; 2803 key_len = sizeof(r0kh->key); 2804 } else if (r0kh_wildcard) { 2805 wpa_printf(MSG_DEBUG, "FT: Using wildcard R0KH-ID"); 2806 key = r0kh_wildcard->key; 2807 key_len = sizeof(r0kh_wildcard->key); 2808 } else { 2809 goto out; 2810 } 2811 2812 seq_ret = FT_RRB_SEQ_DROP; 2813 if (r0kh) { 2814 seq_ret = wpa_ft_rrb_seq_chk(r0kh->seq, src_addr, enc, enc_len, 2815 auth, auth_len, msgtype, 2816 cb ? 0 : 1); 2817 } 2818 if (cb && r0kh_wildcard && 2819 (!r0kh || os_memcmp(r0kh->addr, src_addr, ETH_ALEN) != 0)) { 2820 /* wildcard: r0kh-id unknown or changed addr -> do a seq req */ 2821 seq_ret = FT_RRB_SEQ_DEFER; 2822 } 2823 2824 if (seq_ret == FT_RRB_SEQ_DROP) 2825 goto out; 2826 2827 if (wpa_ft_rrb_decrypt(key, key_len, enc, enc_len, auth, auth_len, 2828 src_addr, type, &plain, &plain_len) < 0) 2829 goto out; 2830 2831 if (!r0kh) 2832 r0kh = wpa_ft_rrb_add_r0kh(wpa_auth, r0kh_wildcard, src_addr, 2833 f_r0kh_id, f_r0kh_id_len, 2834 wpa_auth->conf.rkh_pos_timeout); 2835 if (!r0kh) 2836 goto out; 2837 2838 if (seq_ret == FT_RRB_SEQ_DEFER) { 2839 wpa_ft_rrb_seq_req(wpa_auth, r0kh->seq, src_addr, f_r0kh_id, 2840 f_r0kh_id_len, f_r1kh_id, key, key_len, 2841 enc, enc_len, auth, auth_len, cb); 2842 goto out; 2843 } 2844 2845 wpa_ft_rrb_seq_accept(wpa_auth, r0kh->seq, src_addr, auth, auth_len, 2846 msgtype); 2847 wpa_ft_rrb_r0kh_replenish(wpa_auth, r0kh, 2848 wpa_auth->conf.rkh_pos_timeout); 2849 2850 RRB_GET(FT_RRB_S1KH_ID, s1kh_id, msgtype, ETH_ALEN); 2851 wpa_printf(MSG_DEBUG, "FT: S1KH-ID=" MACSTR, MAC2STR(f_s1kh_id)); 2852 2853 if (s1kh_id_out) 2854 os_memcpy(s1kh_id_out, f_s1kh_id, ETH_ALEN); 2855 2856 ret = -2; 2857 RRB_GET(FT_RRB_PAIRWISE, pairwise, msgtype, sizeof(le16)); 2858 wpa_hexdump(MSG_DEBUG, "FT: pairwise", f_pairwise, f_pairwise_len); 2859 2860 ret = -1; 2861 RRB_GET(FT_RRB_PMK_R1_NAME, pmk_r1_name, msgtype, WPA_PMK_NAME_LEN); 2862 wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name", 2863 f_pmk_r1_name, WPA_PMK_NAME_LEN); 2864 2865 RRB_GET(FT_RRB_PMK_R1, pmk_r1, msgtype, PMK_LEN); 2866 wpa_hexdump_key(MSG_DEBUG, "FT: PMK-R1", f_pmk_r1, PMK_LEN); 2867 2868 pairwise = WPA_GET_LE16(f_pairwise); 2869 2870 if (wpa_ft_store_pmk_r1(wpa_auth, f_s1kh_id, f_pmk_r1, f_pmk_r1_name, 2871 pairwise) < 0) 2872 goto out; 2873 2874 ret = 0; 2875 out: 2876 if (plain) { 2877 os_memset(plain, 0, plain_len); 2878 os_free(plain); 2879 } 2880 2881 return ret; 2882 2883 } 2884 2885 2886 static void ft_finish_pull(struct wpa_state_machine *sm) 2887 { 2888 int res; 2889 u8 *resp_ies; 2890 size_t resp_ies_len; 2891 u16 status; 2892 2893 if (!sm->ft_pending_cb || !sm->ft_pending_req_ies) 2894 return; 2895 2896 res = wpa_ft_process_auth_req(sm, wpabuf_head(sm->ft_pending_req_ies), 2897 wpabuf_len(sm->ft_pending_req_ies), 2898 &resp_ies, &resp_ies_len); 2899 if (res < 0) { 2900 /* this loop is broken by ft_pending_pull_left_retries */ 2901 wpa_printf(MSG_DEBUG, 2902 "FT: Callback postponed until response is available"); 2903 return; 2904 } 2905 wpabuf_free(sm->ft_pending_req_ies); 2906 sm->ft_pending_req_ies = NULL; 2907 status = res; 2908 wpa_printf(MSG_DEBUG, "FT: Postponed auth callback result for " MACSTR 2909 " - status %u", MAC2STR(sm->addr), status); 2910 2911 sm->ft_pending_cb(sm->ft_pending_cb_ctx, sm->addr, sm->wpa_auth->addr, 2912 sm->ft_pending_auth_transaction + 1, status, 2913 resp_ies, resp_ies_len); 2914 os_free(resp_ies); 2915 } 2916 2917 2918 struct ft_get_sta_ctx { 2919 const u8 *nonce; 2920 const u8 *s1kh_id; 2921 struct wpa_state_machine *sm; 2922 }; 2923 2924 2925 static int ft_get_sta_cb(struct wpa_state_machine *sm, void *ctx) 2926 { 2927 struct ft_get_sta_ctx *info = ctx; 2928 2929 if ((info->s1kh_id && 2930 os_memcmp(info->s1kh_id, sm->addr, ETH_ALEN) != 0) || 2931 os_memcmp(info->nonce, sm->ft_pending_pull_nonce, 2932 FT_RRB_NONCE_LEN) != 0 || 2933 sm->ft_pending_cb == NULL || sm->ft_pending_req_ies == NULL) 2934 return 0; 2935 2936 info->sm = sm; 2937 2938 return 1; 2939 } 2940 2941 2942 static int wpa_ft_rrb_rx_resp(struct wpa_authenticator *wpa_auth, 2943 const u8 *src_addr, 2944 const u8 *enc, size_t enc_len, 2945 const u8 *auth, size_t auth_len, 2946 int no_defer) 2947 { 2948 const char *msgtype = "pull response"; 2949 int nak, ret = -1; 2950 struct ft_get_sta_ctx ctx; 2951 u8 s1kh_id[ETH_ALEN]; 2952 const u8 *f_nonce; 2953 size_t f_nonce_len; 2954 2955 wpa_printf(MSG_DEBUG, "FT: Received PMK-R1 pull response"); 2956 2957 RRB_GET_AUTH(FT_RRB_NONCE, nonce, msgtype, FT_RRB_NONCE_LEN); 2958 wpa_hexdump(MSG_DEBUG, "FT: nonce", f_nonce, f_nonce_len); 2959 2960 os_memset(&ctx, 0, sizeof(ctx)); 2961 ctx.nonce = f_nonce; 2962 if (!wpa_auth_for_each_sta(wpa_auth, ft_get_sta_cb, &ctx)) { 2963 /* nonce not found */ 2964 wpa_printf(MSG_DEBUG, "FT: Invalid nonce"); 2965 return -1; 2966 } 2967 2968 ret = wpa_ft_rrb_rx_r1(wpa_auth, src_addr, FT_PACKET_R0KH_R1KH_RESP, 2969 enc, enc_len, auth, auth_len, msgtype, s1kh_id, 2970 no_defer ? NULL : &wpa_ft_rrb_rx_resp); 2971 if (ret == -2) { 2972 ret = 0; 2973 nak = 1; 2974 } else { 2975 nak = 0; 2976 } 2977 if (ret < 0) 2978 return -1; 2979 2980 ctx.s1kh_id = s1kh_id; 2981 if (wpa_auth_for_each_sta(wpa_auth, ft_get_sta_cb, &ctx)) { 2982 wpa_printf(MSG_DEBUG, 2983 "FT: Response to a pending pull request for " MACSTR, 2984 MAC2STR(ctx.sm->addr)); 2985 eloop_cancel_timeout(wpa_ft_expire_pull, ctx.sm, NULL); 2986 if (nak) 2987 ctx.sm->ft_pending_pull_left_retries = 0; 2988 ft_finish_pull(ctx.sm); 2989 } 2990 2991 out: 2992 return ret; 2993 } 2994 2995 2996 static int wpa_ft_rrb_rx_push(struct wpa_authenticator *wpa_auth, 2997 const u8 *src_addr, 2998 const u8 *enc, size_t enc_len, 2999 const u8 *auth, size_t auth_len, int no_defer) 3000 { 3001 const char *msgtype = "push"; 3002 3003 wpa_printf(MSG_DEBUG, "FT: Received PMK-R1 push"); 3004 3005 if (wpa_ft_rrb_rx_r1(wpa_auth, src_addr, FT_PACKET_R0KH_R1KH_PUSH, 3006 enc, enc_len, auth, auth_len, msgtype, NULL, 3007 no_defer ? NULL : wpa_ft_rrb_rx_push) < 0) 3008 return -1; 3009 3010 return 0; 3011 } 3012 3013 3014 static int wpa_ft_rrb_rx_seq(struct wpa_authenticator *wpa_auth, 3015 const u8 *src_addr, int type, 3016 const u8 *enc, size_t enc_len, 3017 const u8 *auth, size_t auth_len, 3018 struct ft_remote_seq **rkh_seq, 3019 u8 **key, size_t *key_len, 3020 struct ft_remote_r0kh **r0kh_out, 3021 struct ft_remote_r1kh **r1kh_out, 3022 struct ft_remote_r0kh **r0kh_wildcard_out, 3023 struct ft_remote_r1kh **r1kh_wildcard_out) 3024 { 3025 struct ft_remote_r0kh *r0kh = NULL; 3026 struct ft_remote_r1kh *r1kh = NULL; 3027 const u8 *f_r0kh_id, *f_r1kh_id; 3028 size_t f_r0kh_id_len, f_r1kh_id_len; 3029 int to_r0kh, to_r1kh; 3030 u8 *plain = NULL; 3031 size_t plain_len = 0; 3032 struct ft_remote_r0kh *r0kh_wildcard; 3033 struct ft_remote_r1kh *r1kh_wildcard; 3034 3035 RRB_GET_AUTH(FT_RRB_R0KH_ID, r0kh_id, "seq", -1); 3036 RRB_GET_AUTH(FT_RRB_R1KH_ID, r1kh_id, "seq", FT_R1KH_ID_LEN); 3037 3038 to_r0kh = !wpa_ft_rrb_check_r0kh(wpa_auth, f_r0kh_id, f_r0kh_id_len); 3039 to_r1kh = !wpa_ft_rrb_check_r1kh(wpa_auth, f_r1kh_id); 3040 3041 if (to_r0kh && to_r1kh) { 3042 wpa_printf(MSG_DEBUG, "FT: seq - local R0KH-ID and R1KH-ID"); 3043 goto out; 3044 } 3045 3046 if (!to_r0kh && !to_r1kh) { 3047 wpa_printf(MSG_DEBUG, "FT: seq - remote R0KH-ID and R1KH-ID"); 3048 goto out; 3049 } 3050 3051 if (!to_r0kh) { 3052 wpa_ft_rrb_lookup_r0kh(wpa_auth, f_r0kh_id, f_r0kh_id_len, 3053 &r0kh, &r0kh_wildcard); 3054 if (!r0kh_wildcard && 3055 (!r0kh || os_memcmp(r0kh->addr, src_addr, ETH_ALEN) != 0)) { 3056 wpa_hexdump(MSG_DEBUG, "FT: Did not find R0KH-ID", 3057 f_r0kh_id, f_r0kh_id_len); 3058 goto out; 3059 } 3060 if (r0kh) { 3061 *key = r0kh->key; 3062 *key_len = sizeof(r0kh->key); 3063 } else { 3064 *key = r0kh_wildcard->key; 3065 *key_len = sizeof(r0kh_wildcard->key); 3066 } 3067 } 3068 3069 if (!to_r1kh) { 3070 wpa_ft_rrb_lookup_r1kh(wpa_auth, f_r1kh_id, &r1kh, 3071 &r1kh_wildcard); 3072 if (!r1kh_wildcard && 3073 (!r1kh || os_memcmp(r1kh->addr, src_addr, ETH_ALEN) != 0)) { 3074 wpa_hexdump(MSG_DEBUG, "FT: Did not find R1KH-ID", 3075 f_r1kh_id, FT_R1KH_ID_LEN); 3076 goto out; 3077 } 3078 if (r1kh) { 3079 *key = r1kh->key; 3080 *key_len = sizeof(r1kh->key); 3081 } else { 3082 *key = r1kh_wildcard->key; 3083 *key_len = sizeof(r1kh_wildcard->key); 3084 } 3085 } 3086 3087 if (wpa_ft_rrb_decrypt(*key, *key_len, enc, enc_len, auth, auth_len, 3088 src_addr, type, &plain, &plain_len) < 0) 3089 goto out; 3090 3091 os_free(plain); 3092 3093 if (!to_r0kh) { 3094 if (!r0kh) 3095 r0kh = wpa_ft_rrb_add_r0kh(wpa_auth, r0kh_wildcard, 3096 src_addr, f_r0kh_id, 3097 f_r0kh_id_len, 3098 ftRRBseqTimeout); 3099 if (!r0kh) 3100 goto out; 3101 3102 wpa_ft_rrb_r0kh_replenish(wpa_auth, r0kh, ftRRBseqTimeout); 3103 *rkh_seq = r0kh->seq; 3104 if (r0kh_out) 3105 *r0kh_out = r0kh; 3106 if (r0kh_wildcard_out) 3107 *r0kh_wildcard_out = r0kh_wildcard; 3108 } 3109 3110 if (!to_r1kh) { 3111 if (!r1kh) 3112 r1kh = wpa_ft_rrb_add_r1kh(wpa_auth, r1kh_wildcard, 3113 src_addr, f_r1kh_id, 3114 ftRRBseqTimeout); 3115 if (!r1kh) 3116 goto out; 3117 3118 wpa_ft_rrb_r1kh_replenish(wpa_auth, r1kh, ftRRBseqTimeout); 3119 *rkh_seq = r1kh->seq; 3120 if (r1kh_out) 3121 *r1kh_out = r1kh; 3122 if (r1kh_wildcard_out) 3123 *r1kh_wildcard_out = r1kh_wildcard; 3124 } 3125 3126 return 0; 3127 out: 3128 return -1; 3129 } 3130 3131 3132 static int wpa_ft_rrb_rx_seq_req(struct wpa_authenticator *wpa_auth, 3133 const u8 *src_addr, 3134 const u8 *enc, size_t enc_len, 3135 const u8 *auth, size_t auth_len, 3136 int no_defer) 3137 { 3138 int ret = -1; 3139 struct ft_rrb_seq f_seq; 3140 const u8 *f_nonce, *f_r0kh_id, *f_r1kh_id; 3141 size_t f_nonce_len, f_r0kh_id_len, f_r1kh_id_len; 3142 struct ft_remote_seq *rkh_seq = NULL; 3143 u8 *packet = NULL, *key = NULL; 3144 size_t packet_len = 0, key_len = 0; 3145 struct tlv_list seq_resp_auth[5]; 3146 3147 wpa_printf(MSG_DEBUG, "FT: Received sequence number request"); 3148 3149 if (wpa_ft_rrb_rx_seq(wpa_auth, src_addr, FT_PACKET_R0KH_R1KH_SEQ_REQ, 3150 enc, enc_len, auth, auth_len, &rkh_seq, &key, 3151 &key_len, NULL, NULL, NULL, NULL) < 0) 3152 goto out; 3153 3154 RRB_GET_AUTH(FT_RRB_NONCE, nonce, "seq request", FT_RRB_NONCE_LEN); 3155 wpa_hexdump(MSG_DEBUG, "FT: seq request - nonce", f_nonce, f_nonce_len); 3156 3157 RRB_GET_AUTH(FT_RRB_R0KH_ID, r0kh_id, "seq", -1); 3158 RRB_GET_AUTH(FT_RRB_R1KH_ID, r1kh_id, "seq", FT_R1KH_ID_LEN); 3159 3160 if (wpa_ft_new_seq(rkh_seq, &f_seq) < 0) { 3161 wpa_printf(MSG_DEBUG, "FT: Failed to get seq num"); 3162 goto out; 3163 } 3164 3165 seq_resp_auth[0].type = FT_RRB_NONCE; 3166 seq_resp_auth[0].len = f_nonce_len; 3167 seq_resp_auth[0].data = f_nonce; 3168 seq_resp_auth[1].type = FT_RRB_SEQ; 3169 seq_resp_auth[1].len = sizeof(f_seq); 3170 seq_resp_auth[1].data = (u8 *) &f_seq; 3171 seq_resp_auth[2].type = FT_RRB_R0KH_ID; 3172 seq_resp_auth[2].len = f_r0kh_id_len; 3173 seq_resp_auth[2].data = f_r0kh_id; 3174 seq_resp_auth[3].type = FT_RRB_R1KH_ID; 3175 seq_resp_auth[3].len = FT_R1KH_ID_LEN; 3176 seq_resp_auth[3].data = f_r1kh_id; 3177 seq_resp_auth[4].type = FT_RRB_LAST_EMPTY; 3178 seq_resp_auth[4].len = 0; 3179 seq_resp_auth[4].data = NULL; 3180 3181 if (wpa_ft_rrb_build(key, key_len, NULL, NULL, seq_resp_auth, 3182 wpa_auth->addr, FT_PACKET_R0KH_R1KH_SEQ_RESP, 3183 &packet, &packet_len) < 0) 3184 goto out; 3185 3186 wpa_ft_rrb_oui_send(wpa_auth, src_addr, 3187 FT_PACKET_R0KH_R1KH_SEQ_RESP, packet, 3188 packet_len); 3189 3190 out: 3191 os_free(packet); 3192 3193 return ret; 3194 } 3195 3196 3197 static int wpa_ft_rrb_rx_seq_resp(struct wpa_authenticator *wpa_auth, 3198 const u8 *src_addr, 3199 const u8 *enc, size_t enc_len, 3200 const u8 *auth, size_t auth_len, 3201 int no_defer) 3202 { 3203 u8 *key = NULL; 3204 size_t key_len = 0; 3205 struct ft_remote_r0kh *r0kh = NULL, *r0kh_wildcard = NULL; 3206 struct ft_remote_r1kh *r1kh = NULL, *r1kh_wildcard = NULL; 3207 const u8 *f_nonce, *f_seq; 3208 size_t f_nonce_len, f_seq_len; 3209 struct ft_remote_seq *rkh_seq = NULL; 3210 struct ft_remote_item *item; 3211 struct os_reltime now, now_remote; 3212 int seq_ret, found; 3213 const struct ft_rrb_seq *msg_both; 3214 u32 msg_dom, msg_seq; 3215 3216 wpa_printf(MSG_DEBUG, "FT: Received sequence number response"); 3217 3218 if (wpa_ft_rrb_rx_seq(wpa_auth, src_addr, FT_PACKET_R0KH_R1KH_SEQ_RESP, 3219 enc, enc_len, auth, auth_len, &rkh_seq, &key, 3220 &key_len, &r0kh, &r1kh, &r0kh_wildcard, 3221 &r1kh_wildcard) < 0) 3222 goto out; 3223 3224 RRB_GET_AUTH(FT_RRB_NONCE, nonce, "seq response", FT_RRB_NONCE_LEN); 3225 wpa_hexdump(MSG_DEBUG, "FT: seq response - nonce", f_nonce, 3226 f_nonce_len); 3227 3228 found = 0; 3229 dl_list_for_each(item, &rkh_seq->rx.queue, struct ft_remote_item, 3230 list) { 3231 if (os_memcmp_const(f_nonce, item->nonce, 3232 FT_RRB_NONCE_LEN) != 0 || 3233 os_get_reltime(&now) < 0 || 3234 os_reltime_expired(&now, &item->nonce_ts, ftRRBseqTimeout)) 3235 continue; 3236 3237 found = 1; 3238 break; 3239 } 3240 if (!found) { 3241 wpa_printf(MSG_DEBUG, "FT: seq response - bad nonce"); 3242 goto out; 3243 } 3244 3245 if (r0kh) { 3246 wpa_ft_rrb_r0kh_replenish(wpa_auth, r0kh, 3247 wpa_auth->conf.rkh_pos_timeout); 3248 if (r0kh_wildcard) 3249 os_memcpy(r0kh->addr, src_addr, ETH_ALEN); 3250 } 3251 3252 if (r1kh) { 3253 wpa_ft_rrb_r1kh_replenish(wpa_auth, r1kh, 3254 wpa_auth->conf.rkh_pos_timeout); 3255 if (r1kh_wildcard) 3256 os_memcpy(r1kh->addr, src_addr, ETH_ALEN); 3257 } 3258 3259 seq_ret = wpa_ft_rrb_seq_chk(rkh_seq, src_addr, enc, enc_len, auth, 3260 auth_len, "seq response", 1); 3261 if (seq_ret == FT_RRB_SEQ_OK) { 3262 wpa_printf(MSG_DEBUG, "FT: seq response - valid seq number"); 3263 wpa_ft_rrb_seq_accept(wpa_auth, rkh_seq, src_addr, auth, 3264 auth_len, "seq response"); 3265 } else { 3266 wpa_printf(MSG_DEBUG, "FT: seq response - reset seq number"); 3267 3268 RRB_GET_AUTH(FT_RRB_SEQ, seq, "seq response", 3269 sizeof(*msg_both)); 3270 msg_both = (const struct ft_rrb_seq *) f_seq; 3271 3272 msg_dom = le_to_host32(msg_both->dom); 3273 msg_seq = le_to_host32(msg_both->seq); 3274 now_remote.sec = le_to_host32(msg_both->ts); 3275 now_remote.usec = 0; 3276 3277 rkh_seq->rx.num_last = 2; 3278 rkh_seq->rx.dom = msg_dom; 3279 rkh_seq->rx.offsetidx = 0; 3280 /* Accept some older, possibly cached packets as well */ 3281 rkh_seq->rx.last[0] = msg_seq - FT_REMOTE_SEQ_BACKLOG - 3282 dl_list_len(&rkh_seq->rx.queue); 3283 rkh_seq->rx.last[1] = msg_seq; 3284 3285 /* local time - offset = remote time 3286 * <=> local time - remote time = offset */ 3287 os_reltime_sub(&now, &now_remote, &rkh_seq->rx.time_offset); 3288 } 3289 3290 wpa_ft_rrb_seq_flush(wpa_auth, rkh_seq, 1); 3291 3292 return 0; 3293 out: 3294 return -1; 3295 } 3296 3297 3298 int wpa_ft_rrb_rx(struct wpa_authenticator *wpa_auth, const u8 *src_addr, 3299 const u8 *data, size_t data_len) 3300 { 3301 struct ft_rrb_frame *frame; 3302 u16 alen; 3303 const u8 *pos, *end, *start; 3304 u8 action; 3305 const u8 *sta_addr, *target_ap_addr; 3306 3307 wpa_printf(MSG_DEBUG, "FT: RRB received frame from remote AP " MACSTR, 3308 MAC2STR(src_addr)); 3309 3310 if (data_len < sizeof(*frame)) { 3311 wpa_printf(MSG_DEBUG, "FT: Too short RRB frame (data_len=%lu)", 3312 (unsigned long) data_len); 3313 return -1; 3314 } 3315 3316 pos = data; 3317 frame = (struct ft_rrb_frame *) pos; 3318 pos += sizeof(*frame); 3319 3320 alen = le_to_host16(frame->action_length); 3321 wpa_printf(MSG_DEBUG, "FT: RRB frame - frame_type=%d packet_type=%d " 3322 "action_length=%d ap_address=" MACSTR, 3323 frame->frame_type, frame->packet_type, alen, 3324 MAC2STR(frame->ap_address)); 3325 3326 if (frame->frame_type != RSN_REMOTE_FRAME_TYPE_FT_RRB) { 3327 /* Discard frame per IEEE Std 802.11r-2008, 11A.10.3 */ 3328 wpa_printf(MSG_DEBUG, "FT: RRB discarded frame with " 3329 "unrecognized type %d", frame->frame_type); 3330 return -1; 3331 } 3332 3333 if (alen > data_len - sizeof(*frame)) { 3334 wpa_printf(MSG_DEBUG, "FT: RRB frame too short for action " 3335 "frame"); 3336 return -1; 3337 } 3338 3339 wpa_hexdump(MSG_MSGDUMP, "FT: RRB - FT Action frame", pos, alen); 3340 3341 if (alen < 1 + 1 + 2 * ETH_ALEN) { 3342 wpa_printf(MSG_DEBUG, "FT: Too short RRB frame (not enough " 3343 "room for Action Frame body); alen=%lu", 3344 (unsigned long) alen); 3345 return -1; 3346 } 3347 start = pos; 3348 end = pos + alen; 3349 3350 if (*pos != WLAN_ACTION_FT) { 3351 wpa_printf(MSG_DEBUG, "FT: Unexpected Action frame category " 3352 "%d", *pos); 3353 return -1; 3354 } 3355 3356 pos++; 3357 action = *pos++; 3358 sta_addr = pos; 3359 pos += ETH_ALEN; 3360 target_ap_addr = pos; 3361 pos += ETH_ALEN; 3362 wpa_printf(MSG_DEBUG, "FT: RRB Action Frame: action=%d sta_addr=" 3363 MACSTR " target_ap_addr=" MACSTR, 3364 action, MAC2STR(sta_addr), MAC2STR(target_ap_addr)); 3365 3366 if (frame->packet_type == FT_PACKET_REQUEST) { 3367 wpa_printf(MSG_DEBUG, "FT: FT Packet Type - Request"); 3368 3369 if (action != 1) { 3370 wpa_printf(MSG_DEBUG, "FT: Unexpected Action %d in " 3371 "RRB Request", action); 3372 return -1; 3373 } 3374 3375 if (os_memcmp(target_ap_addr, wpa_auth->addr, ETH_ALEN) != 0) { 3376 wpa_printf(MSG_DEBUG, "FT: Target AP address in the " 3377 "RRB Request does not match with own " 3378 "address"); 3379 return -1; 3380 } 3381 3382 if (wpa_ft_rrb_rx_request(wpa_auth, frame->ap_address, 3383 sta_addr, pos, end - pos) < 0) 3384 return -1; 3385 } else if (frame->packet_type == FT_PACKET_RESPONSE) { 3386 u16 status_code; 3387 3388 if (end - pos < 2) { 3389 wpa_printf(MSG_DEBUG, "FT: Not enough room for status " 3390 "code in RRB Response"); 3391 return -1; 3392 } 3393 status_code = WPA_GET_LE16(pos); 3394 pos += 2; 3395 3396 wpa_printf(MSG_DEBUG, "FT: FT Packet Type - Response " 3397 "(status_code=%d)", status_code); 3398 3399 if (wpa_ft_action_send(wpa_auth, sta_addr, start, alen) < 0) 3400 return -1; 3401 } else { 3402 wpa_printf(MSG_DEBUG, "FT: RRB discarded frame with unknown " 3403 "packet_type %d", frame->packet_type); 3404 return -1; 3405 } 3406 3407 if (end > pos) { 3408 wpa_hexdump(MSG_DEBUG, "FT: Ignore extra data in end", 3409 pos, end - pos); 3410 } 3411 3412 return 0; 3413 } 3414 3415 3416 void wpa_ft_rrb_oui_rx(struct wpa_authenticator *wpa_auth, const u8 *src_addr, 3417 const u8 *dst_addr, u8 oui_suffix, const u8 *data, 3418 size_t data_len) 3419 { 3420 const u8 *auth, *enc; 3421 size_t alen, elen; 3422 int no_defer = 0; 3423 3424 wpa_printf(MSG_DEBUG, "FT: RRB-OUI received frame from remote AP " 3425 MACSTR, MAC2STR(src_addr)); 3426 wpa_printf(MSG_DEBUG, "FT: RRB-OUI frame - oui_suffix=%d", oui_suffix); 3427 3428 if (is_multicast_ether_addr(src_addr)) { 3429 wpa_printf(MSG_DEBUG, 3430 "FT: RRB-OUI received frame from multicast address " 3431 MACSTR, MAC2STR(src_addr)); 3432 return; 3433 } 3434 3435 if (is_multicast_ether_addr(dst_addr)) { 3436 wpa_printf(MSG_DEBUG, 3437 "FT: RRB-OUI received frame from remote AP " MACSTR 3438 " to multicast address " MACSTR, 3439 MAC2STR(src_addr), MAC2STR(dst_addr)); 3440 no_defer = 1; 3441 } 3442 3443 if (data_len < sizeof(u16)) { 3444 wpa_printf(MSG_DEBUG, "FT: RRB-OUI frame too short"); 3445 return; 3446 } 3447 3448 alen = WPA_GET_LE16(data); 3449 if (data_len < sizeof(u16) + alen) { 3450 wpa_printf(MSG_DEBUG, "FT: RRB-OUI frame too short"); 3451 return; 3452 } 3453 3454 auth = data + sizeof(u16); 3455 enc = data + sizeof(u16) + alen; 3456 elen = data_len - sizeof(u16) - alen; 3457 3458 switch (oui_suffix) { 3459 case FT_PACKET_R0KH_R1KH_PULL: 3460 wpa_ft_rrb_rx_pull(wpa_auth, src_addr, enc, elen, auth, alen, 3461 no_defer); 3462 break; 3463 case FT_PACKET_R0KH_R1KH_RESP: 3464 wpa_ft_rrb_rx_resp(wpa_auth, src_addr, enc, elen, auth, alen, 3465 no_defer); 3466 break; 3467 case FT_PACKET_R0KH_R1KH_PUSH: 3468 wpa_ft_rrb_rx_push(wpa_auth, src_addr, enc, elen, auth, alen, 3469 no_defer); 3470 break; 3471 case FT_PACKET_R0KH_R1KH_SEQ_REQ: 3472 wpa_ft_rrb_rx_seq_req(wpa_auth, src_addr, enc, elen, auth, alen, 3473 no_defer); 3474 break; 3475 case FT_PACKET_R0KH_R1KH_SEQ_RESP: 3476 wpa_ft_rrb_rx_seq_resp(wpa_auth, src_addr, enc, elen, auth, 3477 alen, no_defer); 3478 break; 3479 } 3480 } 3481 3482 3483 static int wpa_ft_generate_pmk_r1(struct wpa_authenticator *wpa_auth, 3484 struct wpa_ft_pmk_r0_sa *pmk_r0, 3485 struct ft_remote_r1kh *r1kh, 3486 const u8 *s1kh_id) 3487 { 3488 u8 *packet; 3489 size_t packet_len; 3490 struct ft_rrb_seq f_seq; 3491 struct tlv_list push[] = { 3492 { .type = FT_RRB_S1KH_ID, .len = ETH_ALEN, 3493 .data = s1kh_id }, 3494 { .type = FT_RRB_PMK_R0_NAME, .len = WPA_PMK_NAME_LEN, 3495 .data = pmk_r0->pmk_r0_name }, 3496 { .type = FT_RRB_LAST_EMPTY, .len = 0, .data = NULL }, 3497 }; 3498 struct tlv_list push_auth[] = { 3499 { .type = FT_RRB_SEQ, .len = sizeof(f_seq), 3500 .data = (u8 *) &f_seq }, 3501 { .type = FT_RRB_R0KH_ID, 3502 .len = wpa_auth->conf.r0_key_holder_len, 3503 .data = wpa_auth->conf.r0_key_holder }, 3504 { .type = FT_RRB_R1KH_ID, .len = FT_R1KH_ID_LEN, 3505 .data = r1kh->id }, 3506 { .type = FT_RRB_LAST_EMPTY, .len = 0, .data = NULL }, 3507 }; 3508 3509 if (wpa_ft_new_seq(r1kh->seq, &f_seq) < 0) { 3510 wpa_printf(MSG_DEBUG, "FT: Failed to get seq num"); 3511 return -1; 3512 } 3513 3514 if (wpa_ft_rrb_build_r0(r1kh->key, sizeof(r1kh->key), push, pmk_r0, 3515 r1kh->id, s1kh_id, push_auth, wpa_auth->addr, 3516 FT_PACKET_R0KH_R1KH_PUSH, 3517 &packet, &packet_len) < 0) 3518 return -1; 3519 3520 wpa_ft_rrb_oui_send(wpa_auth, r1kh->addr, FT_PACKET_R0KH_R1KH_PUSH, 3521 packet, packet_len); 3522 3523 os_free(packet); 3524 return 0; 3525 } 3526 3527 3528 void wpa_ft_push_pmk_r1(struct wpa_authenticator *wpa_auth, const u8 *addr) 3529 { 3530 struct wpa_ft_pmk_r0_sa *r0; 3531 struct ft_remote_r1kh *r1kh; 3532 3533 if (!wpa_auth->conf.pmk_r1_push) 3534 return; 3535 if (!wpa_auth->conf.r1kh_list) 3536 return; 3537 3538 r0 = wpa_auth->ft_pmk_cache->pmk_r0; 3539 while (r0) { 3540 if (os_memcmp(r0->spa, addr, ETH_ALEN) == 0) 3541 break; 3542 r0 = r0->next; 3543 } 3544 3545 if (r0 == NULL || r0->pmk_r1_pushed) 3546 return; 3547 r0->pmk_r1_pushed = 1; 3548 3549 wpa_printf(MSG_DEBUG, "FT: Deriving and pushing PMK-R1 keys to R1KHs " 3550 "for STA " MACSTR, MAC2STR(addr)); 3551 3552 for (r1kh = *wpa_auth->conf.r1kh_list; r1kh; r1kh = r1kh->next) { 3553 if (is_zero_ether_addr(r1kh->addr) || 3554 is_zero_ether_addr(r1kh->id)) 3555 continue; 3556 if (wpa_ft_rrb_init_r1kh_seq(r1kh) < 0) 3557 continue; 3558 wpa_ft_generate_pmk_r1(wpa_auth, r0, r1kh, addr); 3559 } 3560 } 3561 3562 #endif /* CONFIG_IEEE80211R_AP */ 3563
