xref: /freebsd/contrib/wpa/src/ap/wpa_auth_ft.c (revision a90b9d0159070121c221b966469c3e36d912bf82)
1 /*
2  * hostapd - IEEE 802.11r - Fast BSS Transition
3  * Copyright (c) 2004-2018, Jouni Malinen <j@w1.fi>
4  *
5  * This software may be distributed under the terms of the BSD license.
6  * See README for more details.
7  */
8 
9 #include "utils/includes.h"
10 
11 #include "utils/common.h"
12 #include "utils/eloop.h"
13 #include "utils/list.h"
14 #include "common/ieee802_11_defs.h"
15 #include "common/ieee802_11_common.h"
16 #include "common/ocv.h"
17 #include "common/wpa_ctrl.h"
18 #include "drivers/driver.h"
19 #include "crypto/aes.h"
20 #include "crypto/aes_siv.h"
21 #include "crypto/aes_wrap.h"
22 #include "crypto/sha384.h"
23 #include "crypto/sha512.h"
24 #include "crypto/random.h"
25 #include "ap_config.h"
26 #include "ieee802_11.h"
27 #include "wmm.h"
28 #include "wpa_auth.h"
29 #include "wpa_auth_i.h"
30 #include "pmksa_cache_auth.h"
31 
32 
33 #ifdef CONFIG_IEEE80211R_AP
34 
35 const unsigned int ftRRBseqTimeout = 10;
36 const unsigned int ftRRBmaxQueueLen = 100;
37 
38 /* TODO: make these configurable */
39 static const int dot11RSNAConfigPMKLifetime = 43200;
40 
41 
42 static int wpa_ft_send_rrb_auth_resp(struct wpa_state_machine *sm,
43 				     const u8 *current_ap, const u8 *sta_addr,
44 				     u16 status, const u8 *resp_ies,
45 				     size_t resp_ies_len);
46 static void ft_finish_pull(struct wpa_state_machine *sm);
47 static void wpa_ft_expire_pull(void *eloop_ctx, void *timeout_ctx);
48 static void wpa_ft_rrb_seq_timeout(void *eloop_ctx, void *timeout_ctx);
49 
50 struct tlv_list {
51 	u16 type;
52 	size_t len;
53 	const u8 *data;
54 };
55 
56 
57 /**
58  * wpa_ft_rrb_decrypt - Decrypt FT RRB message
59  * @key: AES-SIV key for AEAD
60  * @key_len: Length of key in octets
61  * @enc: Pointer to encrypted TLVs
62  * @enc_len: Length of encrypted TLVs in octets
63  * @auth: Pointer to authenticated TLVs
64  * @auth_len: Length of authenticated TLVs in octets
65  * @src_addr: MAC address of the frame sender
66  * @type: Vendor-specific subtype of the RRB frame (FT_PACKET_*)
67  * @plain: Pointer to return the pointer to the allocated plaintext buffer;
68  *	needs to be freed by the caller if not NULL;
69  *	will only be returned on success
70  * @plain_len: Pointer to return the length of the allocated plaintext buffer
71  *	in octets
72  * Returns: 0 on success, -1 on error
73  */
wpa_ft_rrb_decrypt(const u8 * key,const size_t key_len,const u8 * enc,size_t enc_len,const u8 * auth,const size_t auth_len,const u8 * src_addr,u8 type,u8 ** plain,size_t * plain_size)74 static int wpa_ft_rrb_decrypt(const u8 *key, const size_t key_len,
75 			      const u8 *enc, size_t enc_len,
76 			      const u8 *auth, const size_t auth_len,
77 			      const u8 *src_addr, u8 type,
78 			      u8 **plain, size_t *plain_size)
79 {
80 	const u8 *ad[3] = { src_addr, auth, &type };
81 	size_t ad_len[3] = { ETH_ALEN, auth_len, sizeof(type) };
82 
83 	wpa_printf(MSG_DEBUG, "FT(RRB): src_addr=" MACSTR " type=%u",
84 		   MAC2STR(src_addr), type);
85 	wpa_hexdump_key(MSG_DEBUG, "FT(RRB): decrypt using key", key, key_len);
86 	wpa_hexdump(MSG_DEBUG, "FT(RRB): encrypted TLVs", enc, enc_len);
87 	wpa_hexdump(MSG_DEBUG, "FT(RRB): authenticated TLVs", auth, auth_len);
88 
89 	if (!key) { /* skip decryption */
90 		*plain = os_memdup(enc, enc_len);
91 		if (enc_len > 0 && !*plain)
92 			goto err;
93 
94 		*plain_size = enc_len;
95 
96 		return 0;
97 	}
98 
99 	*plain = NULL;
100 
101 	/* SIV overhead */
102 	if (enc_len < AES_BLOCK_SIZE)
103 		goto err;
104 
105 	*plain = os_zalloc(enc_len - AES_BLOCK_SIZE);
106 	if (!*plain)
107 		goto err;
108 
109 	if (aes_siv_decrypt(key, key_len, enc, enc_len, 3, ad, ad_len,
110 			    *plain) < 0) {
111 		if (enc_len < AES_BLOCK_SIZE + 2)
112 			goto err;
113 
114 		/* Try to work around Ethernet devices that add extra
115 		 * two octet padding even if the frame is longer than
116 		 * the minimum Ethernet frame. */
117 		enc_len -= 2;
118 		if (aes_siv_decrypt(key, key_len, enc, enc_len, 3, ad, ad_len,
119 				    *plain) < 0)
120 			goto err;
121 	}
122 
123 	*plain_size = enc_len - AES_BLOCK_SIZE;
124 	wpa_hexdump_key(MSG_DEBUG, "FT(RRB): decrypted TLVs",
125 			*plain, *plain_size);
126 	return 0;
127 err:
128 	os_free(*plain);
129 	*plain = NULL;
130 	*plain_size = 0;
131 
132 	wpa_printf(MSG_ERROR, "FT(RRB): Failed to decrypt");
133 
134 	return -1;
135 }
136 
137 
138 /* get first tlv record in packet matching type
139  * @data (decrypted) packet
140  * @return 0 on success else -1
141  */
wpa_ft_rrb_get_tlv(const u8 * plain,size_t plain_len,u16 type,size_t * tlv_len,const u8 ** tlv_data)142 static int wpa_ft_rrb_get_tlv(const u8 *plain, size_t plain_len,
143 			      u16 type, size_t *tlv_len, const u8 **tlv_data)
144 {
145 	const struct ft_rrb_tlv *f;
146 	size_t left;
147 	le16 type16;
148 	size_t len;
149 
150 	left = plain_len;
151 	type16 = host_to_le16(type);
152 
153 	while (left >= sizeof(*f)) {
154 		f = (const struct ft_rrb_tlv *) plain;
155 
156 		left -= sizeof(*f);
157 		plain += sizeof(*f);
158 		len = le_to_host16(f->len);
159 
160 		if (left < len) {
161 			wpa_printf(MSG_DEBUG, "FT: RRB message truncated");
162 			break;
163 		}
164 
165 		if (f->type == type16) {
166 			*tlv_len = len;
167 			*tlv_data = plain;
168 			return 0;
169 		}
170 
171 		left -= len;
172 		plain += len;
173 	}
174 
175 	return -1;
176 }
177 
178 
wpa_ft_rrb_dump(const u8 * plain,const size_t plain_len)179 static void wpa_ft_rrb_dump(const u8 *plain, const size_t plain_len)
180 {
181 	const struct ft_rrb_tlv *f;
182 	size_t left;
183 	size_t len;
184 
185 	left = plain_len;
186 
187 	wpa_printf(MSG_DEBUG, "FT: RRB dump message");
188 	while (left >= sizeof(*f)) {
189 		f = (const struct ft_rrb_tlv *) plain;
190 
191 		left -= sizeof(*f);
192 		plain += sizeof(*f);
193 		len = le_to_host16(f->len);
194 
195 		wpa_printf(MSG_DEBUG, "FT: RRB TLV type = %d, len = %zu",
196 			   le_to_host16(f->type), len);
197 
198 		if (left < len) {
199 			wpa_printf(MSG_DEBUG,
200 				   "FT: RRB message truncated: left %zu bytes, need %zu",
201 				   left, len);
202 			break;
203 		}
204 
205 		wpa_hexdump(MSG_DEBUG, "FT: RRB TLV data", plain, len);
206 
207 		left -= len;
208 		plain += len;
209 	}
210 
211 	if (left > 0)
212 		wpa_hexdump(MSG_DEBUG, "FT: RRB TLV padding", plain, left);
213 
214 	wpa_printf(MSG_DEBUG, "FT: RRB dump message end");
215 }
216 
217 
cmp_int(const void * a,const void * b)218 static int cmp_int(const void *a, const void *b)
219 {
220 	int x, y;
221 
222 	x = *((int *) a);
223 	y = *((int *) b);
224 	return x - y;
225 }
226 
227 
wpa_ft_rrb_get_tlv_vlan(const u8 * plain,const size_t plain_len,struct vlan_description * vlan)228 static int wpa_ft_rrb_get_tlv_vlan(const u8 *plain, const size_t plain_len,
229 				   struct vlan_description *vlan)
230 {
231 	struct ft_rrb_tlv *f;
232 	size_t left;
233 	size_t len;
234 	int taggedidx;
235 	int vlan_id;
236 	int type;
237 
238 	left = plain_len;
239 	taggedidx = 0;
240 	os_memset(vlan, 0, sizeof(*vlan));
241 
242 	while (left >= sizeof(*f)) {
243 		f = (struct ft_rrb_tlv *) plain;
244 
245 		left -= sizeof(*f);
246 		plain += sizeof(*f);
247 
248 		len = le_to_host16(f->len);
249 		type = le_to_host16(f->type);
250 
251 		if (left < len) {
252 			wpa_printf(MSG_DEBUG, "FT: RRB message truncated");
253 			return -1;
254 		}
255 
256 		if (type != FT_RRB_VLAN_UNTAGGED && type != FT_RRB_VLAN_TAGGED)
257 			goto skip;
258 
259 		if (type == FT_RRB_VLAN_UNTAGGED && len != sizeof(le16)) {
260 			wpa_printf(MSG_DEBUG,
261 				   "FT: RRB VLAN_UNTAGGED invalid length");
262 			return -1;
263 		}
264 
265 		if (type == FT_RRB_VLAN_TAGGED && len % sizeof(le16) != 0) {
266 			wpa_printf(MSG_DEBUG,
267 				   "FT: RRB VLAN_TAGGED invalid length");
268 			return -1;
269 		}
270 
271 		while (len >= sizeof(le16)) {
272 			vlan_id = WPA_GET_LE16(plain);
273 			plain += sizeof(le16);
274 			left -= sizeof(le16);
275 			len -= sizeof(le16);
276 
277 			if (vlan_id <= 0 || vlan_id > MAX_VLAN_ID) {
278 				wpa_printf(MSG_DEBUG,
279 					   "FT: RRB VLAN ID invalid %d",
280 					   vlan_id);
281 				continue;
282 			}
283 
284 			if (type == FT_RRB_VLAN_UNTAGGED)
285 				vlan->untagged = vlan_id;
286 
287 			if (type == FT_RRB_VLAN_TAGGED &&
288 			    taggedidx < MAX_NUM_TAGGED_VLAN) {
289 				vlan->tagged[taggedidx] = vlan_id;
290 				taggedidx++;
291 			} else if (type == FT_RRB_VLAN_TAGGED) {
292 				wpa_printf(MSG_DEBUG, "FT: RRB too many VLANs");
293 			}
294 		}
295 
296 	skip:
297 		left -= len;
298 		plain += len;
299 	}
300 
301 	if (taggedidx)
302 		qsort(vlan->tagged, taggedidx, sizeof(int), cmp_int);
303 
304 	vlan->notempty = vlan->untagged || vlan->tagged[0];
305 
306 	return 0;
307 }
308 
309 
wpa_ft_tlv_len(const struct tlv_list * tlvs)310 static size_t wpa_ft_tlv_len(const struct tlv_list *tlvs)
311 {
312 	size_t tlv_len = 0;
313 	int i;
314 
315 	if (!tlvs)
316 		return 0;
317 
318 	for (i = 0; tlvs[i].type != FT_RRB_LAST_EMPTY; i++) {
319 		tlv_len += sizeof(struct ft_rrb_tlv);
320 		tlv_len += tlvs[i].len;
321 	}
322 
323 	return tlv_len;
324 }
325 
326 
wpa_ft_tlv_lin(const struct tlv_list * tlvs,u8 * start,u8 * endpos)327 static size_t wpa_ft_tlv_lin(const struct tlv_list *tlvs, u8 *start,
328 			     u8 *endpos)
329 {
330 	int i;
331 	size_t tlv_len;
332 	struct ft_rrb_tlv *hdr;
333 	u8 *pos;
334 
335 	if (!tlvs)
336 		return 0;
337 
338 	tlv_len = 0;
339 	pos = start;
340 	for (i = 0; tlvs[i].type != FT_RRB_LAST_EMPTY; i++) {
341 		if (tlv_len + sizeof(*hdr) > (size_t) (endpos - start))
342 			return tlv_len;
343 		tlv_len += sizeof(*hdr);
344 		hdr = (struct ft_rrb_tlv *) pos;
345 		hdr->type = host_to_le16(tlvs[i].type);
346 		hdr->len = host_to_le16(tlvs[i].len);
347 		pos = start + tlv_len;
348 
349 		if (tlv_len + tlvs[i].len > (size_t) (endpos - start))
350 			return tlv_len;
351 		if (tlvs[i].len == 0)
352 			continue;
353 		tlv_len += tlvs[i].len;
354 		os_memcpy(pos, tlvs[i].data, tlvs[i].len);
355 		pos = start + tlv_len;
356 	}
357 
358 	return tlv_len;
359 }
360 
361 
wpa_ft_vlan_len(const struct vlan_description * vlan)362 static size_t wpa_ft_vlan_len(const struct vlan_description *vlan)
363 {
364 	size_t tlv_len = 0;
365 	int i;
366 
367 	if (!vlan || !vlan->notempty)
368 		return 0;
369 
370 	if (vlan->untagged) {
371 		tlv_len += sizeof(struct ft_rrb_tlv);
372 		tlv_len += sizeof(le16);
373 	}
374 	if (vlan->tagged[0])
375 		tlv_len += sizeof(struct ft_rrb_tlv);
376 	for (i = 0; i < MAX_NUM_TAGGED_VLAN && vlan->tagged[i]; i++)
377 		tlv_len += sizeof(le16);
378 
379 	return tlv_len;
380 }
381 
382 
wpa_ft_vlan_lin(const struct vlan_description * vlan,u8 * start,u8 * endpos)383 static size_t wpa_ft_vlan_lin(const struct vlan_description *vlan,
384 			      u8 *start, u8 *endpos)
385 {
386 	size_t tlv_len;
387 	int i, len;
388 	struct ft_rrb_tlv *hdr;
389 	u8 *pos = start;
390 
391 	if (!vlan || !vlan->notempty)
392 		return 0;
393 
394 	tlv_len = 0;
395 	if (vlan->untagged) {
396 		tlv_len += sizeof(*hdr);
397 		if (start + tlv_len > endpos)
398 			return tlv_len;
399 		hdr = (struct ft_rrb_tlv *) pos;
400 		hdr->type = host_to_le16(FT_RRB_VLAN_UNTAGGED);
401 		hdr->len = host_to_le16(sizeof(le16));
402 		pos = start + tlv_len;
403 
404 		tlv_len += sizeof(le16);
405 		if (start + tlv_len > endpos)
406 			return tlv_len;
407 		WPA_PUT_LE16(pos, vlan->untagged);
408 		pos = start + tlv_len;
409 	}
410 
411 	if (!vlan->tagged[0])
412 		return tlv_len;
413 
414 	tlv_len += sizeof(*hdr);
415 	if (start + tlv_len > endpos)
416 		return tlv_len;
417 	hdr = (struct ft_rrb_tlv *) pos;
418 	hdr->type = host_to_le16(FT_RRB_VLAN_TAGGED);
419 	len = 0; /* len is computed below */
420 	pos = start + tlv_len;
421 
422 	for (i = 0; i < MAX_NUM_TAGGED_VLAN && vlan->tagged[i]; i++) {
423 		tlv_len += sizeof(le16);
424 		if (start + tlv_len > endpos)
425 			break;
426 		len += sizeof(le16);
427 		WPA_PUT_LE16(pos, vlan->tagged[i]);
428 		pos = start + tlv_len;
429 	}
430 
431 	hdr->len = host_to_le16(len);
432 
433 	return tlv_len;
434 }
435 
436 
wpa_ft_rrb_lin(const struct tlv_list * tlvs1,const struct tlv_list * tlvs2,const struct vlan_description * vlan,u8 ** plain,size_t * plain_len)437 static int wpa_ft_rrb_lin(const struct tlv_list *tlvs1,
438 			  const struct tlv_list *tlvs2,
439 			  const struct vlan_description *vlan,
440 			  u8 **plain, size_t *plain_len)
441 {
442 	u8 *pos, *endpos;
443 	size_t tlv_len;
444 
445 	tlv_len = wpa_ft_tlv_len(tlvs1);
446 	tlv_len += wpa_ft_tlv_len(tlvs2);
447 	tlv_len += wpa_ft_vlan_len(vlan);
448 
449 	*plain_len = tlv_len;
450 	*plain = os_zalloc(tlv_len);
451 	if (!*plain) {
452 		wpa_printf(MSG_ERROR, "FT: Failed to allocate plaintext");
453 		goto err;
454 	}
455 
456 	pos = *plain;
457 	endpos = *plain + tlv_len;
458 	pos += wpa_ft_tlv_lin(tlvs1, pos, endpos);
459 	pos += wpa_ft_tlv_lin(tlvs2, pos, endpos);
460 	pos += wpa_ft_vlan_lin(vlan, pos, endpos);
461 
462 	/* validity check */
463 	if (pos != endpos) {
464 		wpa_printf(MSG_ERROR, "FT: Length error building RRB");
465 		goto err;
466 	}
467 
468 	return 0;
469 
470 err:
471 	os_free(*plain);
472 	*plain = NULL;
473 	*plain_len = 0;
474 	return -1;
475 }
476 
477 
wpa_ft_rrb_encrypt(const u8 * key,const size_t key_len,const u8 * plain,const size_t plain_len,const u8 * auth,const size_t auth_len,const u8 * src_addr,u8 type,u8 * enc)478 static int wpa_ft_rrb_encrypt(const u8 *key, const size_t key_len,
479 			      const u8 *plain, const size_t plain_len,
480 			      const u8 *auth, const size_t auth_len,
481 			      const u8 *src_addr, u8 type, u8 *enc)
482 {
483 	const u8 *ad[3] = { src_addr, auth, &type };
484 	size_t ad_len[3] = { ETH_ALEN, auth_len, sizeof(type) };
485 
486 	wpa_printf(MSG_DEBUG, "FT(RRB): src_addr=" MACSTR " type=%u",
487 		   MAC2STR(src_addr), type);
488 	wpa_hexdump_key(MSG_DEBUG, "FT(RRB): plaintext message",
489 			plain, plain_len);
490 	wpa_hexdump_key(MSG_DEBUG, "FT(RRB): encrypt using key", key, key_len);
491 	wpa_hexdump(MSG_DEBUG, "FT(RRB): authenticated TLVs", auth, auth_len);
492 
493 	if (!key) {
494 		/* encryption not needed, return plaintext as packet */
495 		os_memcpy(enc, plain, plain_len);
496 	} else if (aes_siv_encrypt(key, key_len, plain, plain_len,
497 				   3, ad, ad_len, enc) < 0) {
498 		wpa_printf(MSG_ERROR, "FT: Failed to encrypt RRB-OUI message");
499 		return -1;
500 	}
501 	wpa_hexdump(MSG_DEBUG, "FT(RRB): encrypted TLVs",
502 		    enc, plain_len + AES_BLOCK_SIZE);
503 
504 	return 0;
505 }
506 
507 
508 /**
509  * wpa_ft_rrb_build - Build and encrypt an FT RRB message
510  * @key: AES-SIV key for AEAD
511  * @key_len: Length of key in octets
512  * @tlvs_enc0: First set of to-be-encrypted TLVs
513  * @tlvs_enc1: Second set of to-be-encrypted TLVs
514  * @tlvs_auth: Set of to-be-authenticated TLVs
515  * @src_addr: MAC address of the frame sender
516  * @type: Vendor-specific subtype of the RRB frame (FT_PACKET_*)
517  * @packet Pointer to return the pointer to the allocated packet buffer;
518  *         needs to be freed by the caller if not null;
519  *         will only be returned on success
520  * @packet_len: Pointer to return the length of the allocated buffer in octets
521  * Returns: 0 on success, -1 on error
522  */
wpa_ft_rrb_build(const u8 * key,const size_t key_len,const struct tlv_list * tlvs_enc0,const struct tlv_list * tlvs_enc1,const struct tlv_list * tlvs_auth,const struct vlan_description * vlan,const u8 * src_addr,u8 type,u8 ** packet,size_t * packet_len)523 static int wpa_ft_rrb_build(const u8 *key, const size_t key_len,
524 			    const struct tlv_list *tlvs_enc0,
525 			    const struct tlv_list *tlvs_enc1,
526 			    const struct tlv_list *tlvs_auth,
527 			    const struct vlan_description *vlan,
528 			    const u8 *src_addr, u8 type,
529 			    u8 **packet, size_t *packet_len)
530 {
531 	u8 *plain = NULL, *auth = NULL, *pos, *tmp;
532 	size_t plain_len = 0, auth_len = 0;
533 	int ret = -1;
534 	size_t pad_len = 0;
535 
536 	*packet = NULL;
537 	if (wpa_ft_rrb_lin(tlvs_enc0, tlvs_enc1, vlan, &plain, &plain_len) < 0)
538 		goto out;
539 
540 	if (wpa_ft_rrb_lin(tlvs_auth, NULL, NULL, &auth, &auth_len) < 0)
541 		goto out;
542 
543 	*packet_len = sizeof(u16) + auth_len + plain_len;
544 	if (key)
545 		*packet_len += AES_BLOCK_SIZE;
546 #define RRB_MIN_MSG_LEN 64
547 	if (*packet_len < RRB_MIN_MSG_LEN) {
548 		pad_len = RRB_MIN_MSG_LEN - *packet_len;
549 		if (pad_len < sizeof(struct ft_rrb_tlv))
550 			pad_len = sizeof(struct ft_rrb_tlv);
551 		wpa_printf(MSG_DEBUG,
552 			   "FT: Pad message to minimum Ethernet frame length (%d --> %d)",
553 			   (int) *packet_len, (int) (*packet_len + pad_len));
554 		*packet_len += pad_len;
555 		tmp = os_realloc(auth, auth_len + pad_len);
556 		if (!tmp)
557 			goto out;
558 		auth = tmp;
559 		pos = auth + auth_len;
560 		WPA_PUT_LE16(pos, FT_RRB_LAST_EMPTY);
561 		pos += 2;
562 		WPA_PUT_LE16(pos, pad_len - sizeof(struct ft_rrb_tlv));
563 		pos += 2;
564 		os_memset(pos, 0, pad_len - sizeof(struct ft_rrb_tlv));
565 		auth_len += pad_len;
566 
567 	}
568 	*packet = os_zalloc(*packet_len);
569 	if (!*packet)
570 		goto out;
571 
572 	pos = *packet;
573 	WPA_PUT_LE16(pos, auth_len);
574 	pos += 2;
575 	os_memcpy(pos, auth, auth_len);
576 	pos += auth_len;
577 	if (wpa_ft_rrb_encrypt(key, key_len, plain, plain_len, auth,
578 			       auth_len, src_addr, type, pos) < 0)
579 		goto out;
580 	wpa_hexdump(MSG_MSGDUMP, "FT: RRB frame payload", *packet, *packet_len);
581 
582 	ret = 0;
583 
584 out:
585 	bin_clear_free(plain, plain_len);
586 	os_free(auth);
587 
588 	if (ret) {
589 		wpa_printf(MSG_ERROR, "FT: Failed to build RRB-OUI message");
590 		os_free(*packet);
591 		*packet = NULL;
592 		*packet_len = 0;
593 	}
594 
595 	return ret;
596 }
597 
598 
599 #define RRB_GET_SRC(srcfield, type, field, txt, checklength) do { \
600 	if (wpa_ft_rrb_get_tlv(srcfield, srcfield##_len, type, \
601 				&f_##field##_len, &f_##field) < 0 || \
602 	    (checklength > 0 && ((size_t) checklength) != f_##field##_len)) { \
603 		wpa_printf(MSG_INFO, "FT: Missing required " #field \
604 			   " in %s from " MACSTR, txt, MAC2STR(src_addr)); \
605 		wpa_ft_rrb_dump(srcfield, srcfield##_len); \
606 		goto out; \
607 	} \
608 } while (0)
609 
610 #define RRB_GET(type, field, txt, checklength) \
611 	RRB_GET_SRC(plain, type, field, txt, checklength)
612 #define RRB_GET_AUTH(type, field, txt, checklength) \
613 	RRB_GET_SRC(auth, type, field, txt, checklength)
614 
615 #define RRB_GET_OPTIONAL_SRC(srcfield, type, field, txt, checklength) do { \
616 	if (wpa_ft_rrb_get_tlv(srcfield, srcfield##_len, type, \
617 				&f_##field##_len, &f_##field) < 0 || \
618 	    (checklength > 0 && ((size_t) checklength) != f_##field##_len)) { \
619 		wpa_printf(MSG_DEBUG, "FT: Missing optional " #field \
620 			   " in %s from " MACSTR, txt, MAC2STR(src_addr)); \
621 		f_##field##_len = 0; \
622 		f_##field = NULL; \
623 	} \
624 } while (0)
625 
626 #define RRB_GET_OPTIONAL(type, field, txt, checklength) \
627 	RRB_GET_OPTIONAL_SRC(plain, type, field, txt, checklength)
628 #define RRB_GET_OPTIONAL_AUTH(type, field, txt, checklength) \
629 	RRB_GET_OPTIONAL_SRC(auth, type, field, txt, checklength)
630 
wpa_ft_rrb_send(struct wpa_authenticator * wpa_auth,const u8 * dst,const u8 * data,size_t data_len)631 static int wpa_ft_rrb_send(struct wpa_authenticator *wpa_auth, const u8 *dst,
632 			   const u8 *data, size_t data_len)
633 {
634 	if (wpa_auth->cb->send_ether == NULL)
635 		return -1;
636 	wpa_printf(MSG_DEBUG, "FT: RRB send to " MACSTR, MAC2STR(dst));
637 	return wpa_auth->cb->send_ether(wpa_auth->cb_ctx, dst, ETH_P_RRB,
638 					data, data_len);
639 }
640 
641 
wpa_ft_rrb_oui_send(struct wpa_authenticator * wpa_auth,const u8 * dst,u8 oui_suffix,const u8 * data,size_t data_len)642 static int wpa_ft_rrb_oui_send(struct wpa_authenticator *wpa_auth,
643 			       const u8 *dst, u8 oui_suffix,
644 			       const u8 *data, size_t data_len)
645 {
646 	if (!wpa_auth->cb->send_oui)
647 		return -1;
648 	wpa_printf(MSG_DEBUG, "FT: RRB-OUI type %u send to " MACSTR " (len=%u)",
649 		   oui_suffix, MAC2STR(dst), (unsigned int) data_len);
650 	return wpa_auth->cb->send_oui(wpa_auth->cb_ctx, dst, oui_suffix, data,
651 				      data_len);
652 }
653 
654 
wpa_ft_action_send(struct wpa_authenticator * wpa_auth,const u8 * dst,const u8 * data,size_t data_len)655 static int wpa_ft_action_send(struct wpa_authenticator *wpa_auth,
656 			      const u8 *dst, const u8 *data, size_t data_len)
657 {
658 	if (wpa_auth->cb->send_ft_action == NULL)
659 		return -1;
660 	return wpa_auth->cb->send_ft_action(wpa_auth->cb_ctx, dst,
661 					    data, data_len);
662 }
663 
664 
wpa_ft_get_psk(struct wpa_authenticator * wpa_auth,const u8 * addr,const u8 * p2p_dev_addr,const u8 * prev_psk)665 static const u8 * wpa_ft_get_psk(struct wpa_authenticator *wpa_auth,
666 				 const u8 *addr, const u8 *p2p_dev_addr,
667 				 const u8 *prev_psk)
668 {
669 	if (wpa_auth->cb->get_psk == NULL)
670 		return NULL;
671 	return wpa_auth->cb->get_psk(wpa_auth->cb_ctx, addr, p2p_dev_addr,
672 				     prev_psk, NULL, NULL);
673 }
674 
675 
676 static struct wpa_state_machine *
wpa_ft_add_sta(struct wpa_authenticator * wpa_auth,const u8 * sta_addr)677 wpa_ft_add_sta(struct wpa_authenticator *wpa_auth, const u8 *sta_addr)
678 {
679 	if (wpa_auth->cb->add_sta == NULL)
680 		return NULL;
681 	return wpa_auth->cb->add_sta(wpa_auth->cb_ctx, sta_addr);
682 }
683 
684 
wpa_ft_set_vlan(struct wpa_authenticator * wpa_auth,const u8 * sta_addr,struct vlan_description * vlan)685 static int wpa_ft_set_vlan(struct wpa_authenticator *wpa_auth,
686 			   const u8 *sta_addr, struct vlan_description *vlan)
687 {
688 	if (!wpa_auth->cb->set_vlan)
689 		return -1;
690 	return wpa_auth->cb->set_vlan(wpa_auth->cb_ctx, sta_addr, vlan);
691 }
692 
693 
wpa_ft_get_vlan(struct wpa_authenticator * wpa_auth,const u8 * sta_addr,struct vlan_description * vlan)694 static int wpa_ft_get_vlan(struct wpa_authenticator *wpa_auth,
695 			   const u8 *sta_addr, struct vlan_description *vlan)
696 {
697 	if (!wpa_auth->cb->get_vlan)
698 		return -1;
699 	return wpa_auth->cb->get_vlan(wpa_auth->cb_ctx, sta_addr, vlan);
700 }
701 
702 
703 static int
wpa_ft_set_identity(struct wpa_authenticator * wpa_auth,const u8 * sta_addr,const u8 * identity,size_t identity_len)704 wpa_ft_set_identity(struct wpa_authenticator *wpa_auth, const u8 *sta_addr,
705 		    const u8 *identity, size_t identity_len)
706 {
707 	if (!wpa_auth->cb->set_identity)
708 		return -1;
709 	return wpa_auth->cb->set_identity(wpa_auth->cb_ctx, sta_addr, identity,
710 					  identity_len);
711 }
712 
713 
714 static size_t
wpa_ft_get_identity(struct wpa_authenticator * wpa_auth,const u8 * sta_addr,const u8 ** buf)715 wpa_ft_get_identity(struct wpa_authenticator *wpa_auth, const u8 *sta_addr,
716 		    const u8 **buf)
717 {
718 	*buf = NULL;
719 	if (!wpa_auth->cb->get_identity)
720 		return 0;
721 	return wpa_auth->cb->get_identity(wpa_auth->cb_ctx, sta_addr, buf);
722 }
723 
724 
725 static int
wpa_ft_set_radius_cui(struct wpa_authenticator * wpa_auth,const u8 * sta_addr,const u8 * radius_cui,size_t radius_cui_len)726 wpa_ft_set_radius_cui(struct wpa_authenticator *wpa_auth, const u8 *sta_addr,
727 		      const u8 *radius_cui, size_t radius_cui_len)
728 {
729 	if (!wpa_auth->cb->set_radius_cui)
730 		return -1;
731 	return wpa_auth->cb->set_radius_cui(wpa_auth->cb_ctx, sta_addr,
732 					    radius_cui, radius_cui_len);
733 }
734 
735 
736 static size_t
wpa_ft_get_radius_cui(struct wpa_authenticator * wpa_auth,const u8 * sta_addr,const u8 ** buf)737 wpa_ft_get_radius_cui(struct wpa_authenticator *wpa_auth, const u8 *sta_addr,
738 		      const u8 **buf)
739 {
740 	*buf = NULL;
741 	if (!wpa_auth->cb->get_radius_cui)
742 		return 0;
743 	return wpa_auth->cb->get_radius_cui(wpa_auth->cb_ctx, sta_addr, buf);
744 }
745 
746 
747 static void
wpa_ft_set_session_timeout(struct wpa_authenticator * wpa_auth,const u8 * sta_addr,int session_timeout)748 wpa_ft_set_session_timeout(struct wpa_authenticator *wpa_auth,
749 			    const u8 *sta_addr, int session_timeout)
750 {
751 	if (!wpa_auth->cb->set_session_timeout)
752 		return;
753 	wpa_auth->cb->set_session_timeout(wpa_auth->cb_ctx, sta_addr,
754 					  session_timeout);
755 }
756 
757 
758 static int
wpa_ft_get_session_timeout(struct wpa_authenticator * wpa_auth,const u8 * sta_addr)759 wpa_ft_get_session_timeout(struct wpa_authenticator *wpa_auth,
760 			    const u8 *sta_addr)
761 {
762 	if (!wpa_auth->cb->get_session_timeout)
763 		return 0;
764 	return wpa_auth->cb->get_session_timeout(wpa_auth->cb_ctx, sta_addr);
765 }
766 
767 
wpa_ft_add_tspec(struct wpa_authenticator * wpa_auth,const u8 * sta_addr,u8 * tspec_ie,size_t tspec_ielen)768 static int wpa_ft_add_tspec(struct wpa_authenticator *wpa_auth,
769 			    const u8 *sta_addr,
770 			    u8 *tspec_ie, size_t tspec_ielen)
771 {
772 	if (wpa_auth->cb->add_tspec == NULL) {
773 		wpa_printf(MSG_DEBUG, "FT: add_tspec is not initialized");
774 		return -1;
775 	}
776 	return wpa_auth->cb->add_tspec(wpa_auth->cb_ctx, sta_addr, tspec_ie,
777 				       tspec_ielen);
778 }
779 
780 
781 #ifdef CONFIG_OCV
wpa_channel_info(struct wpa_authenticator * wpa_auth,struct wpa_channel_info * ci)782 static int wpa_channel_info(struct wpa_authenticator *wpa_auth,
783 			       struct wpa_channel_info *ci)
784 {
785 	if (!wpa_auth->cb->channel_info)
786 		return -1;
787 	return wpa_auth->cb->channel_info(wpa_auth->cb_ctx, ci);
788 }
789 #endif /* CONFIG_OCV */
790 
791 
wpa_write_mdie(struct wpa_auth_config * conf,u8 * buf,size_t len)792 int wpa_write_mdie(struct wpa_auth_config *conf, u8 *buf, size_t len)
793 {
794 	u8 *pos = buf;
795 	u8 capab;
796 	if (len < 2 + sizeof(struct rsn_mdie))
797 		return -1;
798 
799 	*pos++ = WLAN_EID_MOBILITY_DOMAIN;
800 	*pos++ = MOBILITY_DOMAIN_ID_LEN + 1;
801 	os_memcpy(pos, conf->mobility_domain, MOBILITY_DOMAIN_ID_LEN);
802 	pos += MOBILITY_DOMAIN_ID_LEN;
803 	capab = 0;
804 	if (conf->ft_over_ds)
805 		capab |= RSN_FT_CAPAB_FT_OVER_DS;
806 	*pos++ = capab;
807 
808 	return pos - buf;
809 }
810 
811 
wpa_write_ftie(struct wpa_auth_config * conf,int key_mgmt,size_t key_len,const u8 * r0kh_id,size_t r0kh_id_len,const u8 * anonce,const u8 * snonce,u8 * buf,size_t len,const u8 * subelem,size_t subelem_len,int rsnxe_used)812 int wpa_write_ftie(struct wpa_auth_config *conf, int key_mgmt, size_t key_len,
813 		   const u8 *r0kh_id, size_t r0kh_id_len,
814 		   const u8 *anonce, const u8 *snonce,
815 		   u8 *buf, size_t len, const u8 *subelem,
816 		   size_t subelem_len, int rsnxe_used)
817 {
818 	u8 *pos = buf, *ielen;
819 	size_t hdrlen;
820 	u16 mic_control = rsnxe_used ? FTE_MIC_CTRL_RSNXE_USED : 0;
821 
822 	if (key_mgmt == WPA_KEY_MGMT_FT_SAE_EXT_KEY &&
823 	    key_len == SHA256_MAC_LEN)
824 		hdrlen = sizeof(struct rsn_ftie);
825 	else if (key_mgmt == WPA_KEY_MGMT_FT_SAE_EXT_KEY &&
826 		 key_len == SHA384_MAC_LEN)
827 		hdrlen = sizeof(struct rsn_ftie_sha384);
828 	else if (key_mgmt == WPA_KEY_MGMT_FT_SAE_EXT_KEY &&
829 		 key_len == SHA512_MAC_LEN)
830 		hdrlen = sizeof(struct rsn_ftie_sha512);
831 	else if (wpa_key_mgmt_sha384(key_mgmt))
832 		hdrlen = sizeof(struct rsn_ftie_sha384);
833 	else
834 		hdrlen = sizeof(struct rsn_ftie);
835 
836 	if (len < 2 + hdrlen + 2 + FT_R1KH_ID_LEN + 2 + r0kh_id_len +
837 	    subelem_len)
838 		return -1;
839 
840 	*pos++ = WLAN_EID_FAST_BSS_TRANSITION;
841 	ielen = pos++;
842 
843 	if (key_mgmt == WPA_KEY_MGMT_FT_SAE_EXT_KEY &&
844 	    key_len == SHA512_MAC_LEN) {
845 		struct rsn_ftie_sha512 *hdr = (struct rsn_ftie_sha512 *) pos;
846 
847 		os_memset(hdr, 0, sizeof(*hdr));
848 		pos += sizeof(*hdr);
849 		mic_control |= FTE_MIC_LEN_32 << FTE_MIC_CTRL_MIC_LEN_SHIFT;
850 		WPA_PUT_LE16(hdr->mic_control, mic_control);
851 		if (anonce)
852 			os_memcpy(hdr->anonce, anonce, WPA_NONCE_LEN);
853 		if (snonce)
854 			os_memcpy(hdr->snonce, snonce, WPA_NONCE_LEN);
855 	} else if ((key_mgmt == WPA_KEY_MGMT_FT_SAE_EXT_KEY &&
856 		    key_len == SHA384_MAC_LEN) ||
857 		   wpa_key_mgmt_sha384(key_mgmt)) {
858 		struct rsn_ftie_sha384 *hdr = (struct rsn_ftie_sha384 *) pos;
859 
860 		os_memset(hdr, 0, sizeof(*hdr));
861 		pos += sizeof(*hdr);
862 		mic_control |= FTE_MIC_LEN_24 << FTE_MIC_CTRL_MIC_LEN_SHIFT;
863 		WPA_PUT_LE16(hdr->mic_control, mic_control);
864 		if (anonce)
865 			os_memcpy(hdr->anonce, anonce, WPA_NONCE_LEN);
866 		if (snonce)
867 			os_memcpy(hdr->snonce, snonce, WPA_NONCE_LEN);
868 	} else {
869 		struct rsn_ftie *hdr = (struct rsn_ftie *) pos;
870 
871 		os_memset(hdr, 0, sizeof(*hdr));
872 		pos += sizeof(*hdr);
873 		mic_control |= FTE_MIC_LEN_16 << FTE_MIC_CTRL_MIC_LEN_SHIFT;
874 		WPA_PUT_LE16(hdr->mic_control, mic_control);
875 		if (anonce)
876 			os_memcpy(hdr->anonce, anonce, WPA_NONCE_LEN);
877 		if (snonce)
878 			os_memcpy(hdr->snonce, snonce, WPA_NONCE_LEN);
879 	}
880 
881 	/* Optional Parameters */
882 	*pos++ = FTIE_SUBELEM_R1KH_ID;
883 	*pos++ = FT_R1KH_ID_LEN;
884 	os_memcpy(pos, conf->r1_key_holder, FT_R1KH_ID_LEN);
885 	pos += FT_R1KH_ID_LEN;
886 
887 	if (r0kh_id) {
888 		*pos++ = FTIE_SUBELEM_R0KH_ID;
889 		*pos++ = r0kh_id_len;
890 		os_memcpy(pos, r0kh_id, r0kh_id_len);
891 		pos += r0kh_id_len;
892 	}
893 
894 	if (subelem) {
895 		os_memcpy(pos, subelem, subelem_len);
896 		pos += subelem_len;
897 	}
898 
899 	*ielen = pos - buf - 2;
900 
901 	return pos - buf;
902 }
903 
904 
905 /* A packet to be handled after seq response */
906 struct ft_remote_item {
907 	struct dl_list list;
908 
909 	u8 nonce[FT_RRB_NONCE_LEN];
910 	struct os_reltime nonce_ts;
911 
912 	u8 src_addr[ETH_ALEN];
913 	u8 *enc;
914 	size_t enc_len;
915 	u8 *auth;
916 	size_t auth_len;
917 	int (*cb)(struct wpa_authenticator *wpa_auth,
918 		  const u8 *src_addr,
919 		  const u8 *enc, size_t enc_len,
920 		  const u8 *auth, size_t auth_len,
921 		  int no_defer);
922 };
923 
924 
wpa_ft_rrb_seq_free(struct ft_remote_item * item)925 static void wpa_ft_rrb_seq_free(struct ft_remote_item *item)
926 {
927 	eloop_cancel_timeout(wpa_ft_rrb_seq_timeout, ELOOP_ALL_CTX, item);
928 	dl_list_del(&item->list);
929 	bin_clear_free(item->enc, item->enc_len);
930 	os_free(item->auth);
931 	os_free(item);
932 }
933 
934 
wpa_ft_rrb_seq_flush(struct wpa_authenticator * wpa_auth,struct ft_remote_seq * rkh_seq,int cb)935 static void wpa_ft_rrb_seq_flush(struct wpa_authenticator *wpa_auth,
936 				 struct ft_remote_seq *rkh_seq, int cb)
937 {
938 	struct ft_remote_item *item, *n;
939 
940 	dl_list_for_each_safe(item, n, &rkh_seq->rx.queue,
941 			      struct ft_remote_item, list) {
942 		if (cb && item->cb)
943 			item->cb(wpa_auth, item->src_addr, item->enc,
944 				 item->enc_len, item->auth, item->auth_len, 1);
945 		wpa_ft_rrb_seq_free(item);
946 	}
947 }
948 
949 
wpa_ft_rrb_seq_timeout(void * eloop_ctx,void * timeout_ctx)950 static void wpa_ft_rrb_seq_timeout(void *eloop_ctx, void *timeout_ctx)
951 {
952 	struct ft_remote_item *item = timeout_ctx;
953 
954 	wpa_ft_rrb_seq_free(item);
955 }
956 
957 
958 static int
wpa_ft_rrb_seq_req(struct wpa_authenticator * wpa_auth,struct ft_remote_seq * rkh_seq,const u8 * src_addr,const u8 * f_r0kh_id,size_t f_r0kh_id_len,const u8 * f_r1kh_id,const u8 * key,size_t key_len,const u8 * enc,size_t enc_len,const u8 * auth,size_t auth_len,int (* cb)(struct wpa_authenticator * wpa_auth,const u8 * src_addr,const u8 * enc,size_t enc_len,const u8 * auth,size_t auth_len,int no_defer))959 wpa_ft_rrb_seq_req(struct wpa_authenticator *wpa_auth,
960 		   struct ft_remote_seq *rkh_seq, const u8 *src_addr,
961 		   const u8 *f_r0kh_id, size_t f_r0kh_id_len,
962 		   const u8 *f_r1kh_id, const u8 *key, size_t key_len,
963 		   const u8 *enc, size_t enc_len,
964 		   const u8 *auth, size_t auth_len,
965 		   int (*cb)(struct wpa_authenticator *wpa_auth,
966 			     const u8 *src_addr,
967 			     const u8 *enc, size_t enc_len,
968 			     const u8 *auth, size_t auth_len,
969 			     int no_defer))
970 {
971 	struct ft_remote_item *item = NULL;
972 	u8 *packet = NULL;
973 	size_t packet_len;
974 	struct tlv_list seq_req_auth[] = {
975 		{ .type = FT_RRB_NONCE, .len = FT_RRB_NONCE_LEN,
976 		  .data = NULL /* to be filled: item->nonce */ },
977 		{ .type = FT_RRB_R0KH_ID, .len = f_r0kh_id_len,
978 		  .data = f_r0kh_id },
979 		{ .type = FT_RRB_R1KH_ID, .len = FT_R1KH_ID_LEN,
980 		  .data = f_r1kh_id },
981 		{ .type = FT_RRB_LAST_EMPTY, .len = 0, .data = NULL },
982 	};
983 
984 	if (dl_list_len(&rkh_seq->rx.queue) >= ftRRBmaxQueueLen) {
985 		wpa_printf(MSG_DEBUG, "FT: Sequence number queue too long");
986 		goto err;
987 	}
988 
989 	wpa_printf(MSG_DEBUG, "FT: Send sequence number request from " MACSTR
990 		   " to " MACSTR,
991 		   MAC2STR(wpa_auth->addr), MAC2STR(src_addr));
992 	item = os_zalloc(sizeof(*item));
993 	if (!item)
994 		goto err;
995 
996 	os_memcpy(item->src_addr, src_addr, ETH_ALEN);
997 	item->cb = cb;
998 
999 	if (random_get_bytes(item->nonce, FT_RRB_NONCE_LEN) < 0) {
1000 		wpa_printf(MSG_DEBUG, "FT: Seq num nonce: out of random bytes");
1001 		goto err;
1002 	}
1003 
1004 	if (os_get_reltime(&item->nonce_ts) < 0)
1005 		goto err;
1006 
1007 	if (enc && enc_len > 0) {
1008 		item->enc = os_memdup(enc, enc_len);
1009 		item->enc_len = enc_len;
1010 		if (!item->enc)
1011 			goto err;
1012 	}
1013 
1014 	if (auth && auth_len > 0) {
1015 		item->auth = os_memdup(auth, auth_len);
1016 		item->auth_len = auth_len;
1017 		if (!item->auth)
1018 			goto err;
1019 	}
1020 
1021 	eloop_register_timeout(ftRRBseqTimeout, 0, wpa_ft_rrb_seq_timeout,
1022 			       wpa_auth, item);
1023 
1024 	seq_req_auth[0].data = item->nonce;
1025 
1026 	if (wpa_ft_rrb_build(key, key_len, NULL, NULL, seq_req_auth, NULL,
1027 			     wpa_auth->addr, FT_PACKET_R0KH_R1KH_SEQ_REQ,
1028 			     &packet, &packet_len) < 0) {
1029 		item = NULL; /* some other seq resp might still accept this */
1030 		goto err;
1031 	}
1032 
1033 	dl_list_add(&rkh_seq->rx.queue, &item->list);
1034 
1035 	wpa_ft_rrb_oui_send(wpa_auth, src_addr, FT_PACKET_R0KH_R1KH_SEQ_REQ,
1036 			    packet, packet_len);
1037 
1038 	os_free(packet);
1039 
1040 	return 0;
1041 err:
1042 	wpa_printf(MSG_DEBUG, "FT: Failed to send sequence number request");
1043 	if (item) {
1044 		os_free(item->auth);
1045 		bin_clear_free(item->enc, item->enc_len);
1046 		os_free(item);
1047 	}
1048 
1049 	return -1;
1050 }
1051 
1052 
1053 #define FT_RRB_SEQ_OK    0
1054 #define FT_RRB_SEQ_DROP  1
1055 #define FT_RRB_SEQ_DEFER 2
1056 
1057 static int
wpa_ft_rrb_seq_chk(struct ft_remote_seq * rkh_seq,const u8 * src_addr,const u8 * enc,size_t enc_len,const u8 * auth,size_t auth_len,const char * msgtype,int no_defer)1058 wpa_ft_rrb_seq_chk(struct ft_remote_seq *rkh_seq, const u8 *src_addr,
1059 		   const u8 *enc, size_t enc_len,
1060 		   const u8 *auth, size_t auth_len,
1061 		   const char *msgtype, int no_defer)
1062 {
1063 	const u8 *f_seq;
1064 	size_t f_seq_len;
1065 	const struct ft_rrb_seq *msg_both;
1066 	u32 msg_seq, msg_off, rkh_off;
1067 	struct os_reltime now;
1068 	unsigned int i;
1069 
1070 	RRB_GET_AUTH(FT_RRB_SEQ, seq, msgtype, sizeof(*msg_both));
1071 	wpa_hexdump(MSG_DEBUG, "FT: sequence number", f_seq, f_seq_len);
1072 	msg_both = (const struct ft_rrb_seq *) f_seq;
1073 
1074 	if (rkh_seq->rx.num_last == 0) {
1075 		/* first packet from remote */
1076 		goto defer;
1077 	}
1078 
1079 	if (le_to_host32(msg_both->dom) != rkh_seq->rx.dom) {
1080 		/* remote might have rebooted */
1081 		goto defer;
1082 	}
1083 
1084 	if (os_get_reltime(&now) == 0) {
1085 		u32 msg_ts_now_remote, msg_ts_off;
1086 		struct os_reltime now_remote;
1087 
1088 		os_reltime_sub(&now, &rkh_seq->rx.time_offset, &now_remote);
1089 		msg_ts_now_remote = now_remote.sec;
1090 		msg_ts_off = le_to_host32(msg_both->ts) -
1091 			(msg_ts_now_remote - ftRRBseqTimeout);
1092 		if (msg_ts_off > 2 * ftRRBseqTimeout)
1093 			goto defer;
1094 	}
1095 
1096 	msg_seq = le_to_host32(msg_both->seq);
1097 	rkh_off = rkh_seq->rx.last[rkh_seq->rx.offsetidx];
1098 	msg_off = msg_seq - rkh_off;
1099 	if (msg_off > 0xC0000000)
1100 		goto out; /* too old message, drop it */
1101 
1102 	if (msg_off <= 0x40000000) {
1103 		for (i = 0; i < rkh_seq->rx.num_last; i++) {
1104 			if (rkh_seq->rx.last[i] == msg_seq)
1105 				goto out; /* duplicate message, drop it */
1106 		}
1107 
1108 		return FT_RRB_SEQ_OK;
1109 	}
1110 
1111 defer:
1112 	if (no_defer)
1113 		goto out;
1114 
1115 	wpa_printf(MSG_DEBUG, "FT: Possibly invalid sequence number in %s from "
1116 		   MACSTR, msgtype, MAC2STR(src_addr));
1117 
1118 	return FT_RRB_SEQ_DEFER;
1119 out:
1120 	wpa_printf(MSG_DEBUG, "FT: Invalid sequence number in %s from " MACSTR,
1121 		   msgtype, MAC2STR(src_addr));
1122 
1123 	return FT_RRB_SEQ_DROP;
1124 }
1125 
1126 
1127 static void
wpa_ft_rrb_seq_accept(struct wpa_authenticator * wpa_auth,struct ft_remote_seq * rkh_seq,const u8 * src_addr,const u8 * auth,size_t auth_len,const char * msgtype)1128 wpa_ft_rrb_seq_accept(struct wpa_authenticator *wpa_auth,
1129 		      struct ft_remote_seq *rkh_seq, const u8 *src_addr,
1130 		      const u8 *auth, size_t auth_len,
1131 		      const char *msgtype)
1132 {
1133 	const u8 *f_seq;
1134 	size_t f_seq_len;
1135 	const struct ft_rrb_seq *msg_both;
1136 	u32 msg_seq, msg_off, min_off, rkh_off;
1137 	int minidx = 0;
1138 	unsigned int i;
1139 
1140 	RRB_GET_AUTH(FT_RRB_SEQ, seq, msgtype, sizeof(*msg_both));
1141 	msg_both = (const struct ft_rrb_seq *) f_seq;
1142 
1143 	msg_seq = le_to_host32(msg_both->seq);
1144 
1145 	if (rkh_seq->rx.num_last < FT_REMOTE_SEQ_BACKLOG) {
1146 		rkh_seq->rx.last[rkh_seq->rx.num_last] = msg_seq;
1147 		rkh_seq->rx.num_last++;
1148 		return;
1149 	}
1150 
1151 	rkh_off = rkh_seq->rx.last[rkh_seq->rx.offsetidx];
1152 	for (i = 0; i < rkh_seq->rx.num_last; i++) {
1153 		msg_off = rkh_seq->rx.last[i] - rkh_off;
1154 		min_off = rkh_seq->rx.last[minidx] - rkh_off;
1155 		if (msg_off < min_off && i != rkh_seq->rx.offsetidx)
1156 			minidx = i;
1157 	}
1158 	rkh_seq->rx.last[rkh_seq->rx.offsetidx] = msg_seq;
1159 	rkh_seq->rx.offsetidx = minidx;
1160 
1161 	return;
1162 out:
1163 	/* RRB_GET_AUTH should never fail here as
1164 	 * wpa_ft_rrb_seq_chk() verified FT_RRB_SEQ presence. */
1165 	wpa_printf(MSG_ERROR, "FT: %s() failed", __func__);
1166 }
1167 
1168 
wpa_ft_new_seq(struct ft_remote_seq * rkh_seq,struct ft_rrb_seq * f_seq)1169 static int wpa_ft_new_seq(struct ft_remote_seq *rkh_seq,
1170 			  struct ft_rrb_seq *f_seq)
1171 {
1172 	struct os_reltime now;
1173 
1174 	if (os_get_reltime(&now) < 0)
1175 		return -1;
1176 
1177 	if (!rkh_seq->tx.dom) {
1178 		if (random_get_bytes((u8 *) &rkh_seq->tx.seq,
1179 				     sizeof(rkh_seq->tx.seq))) {
1180 			wpa_printf(MSG_ERROR,
1181 				   "FT: Failed to get random data for sequence number initialization");
1182 			rkh_seq->tx.seq = now.usec;
1183 		}
1184 		if (random_get_bytes((u8 *) &rkh_seq->tx.dom,
1185 				     sizeof(rkh_seq->tx.dom))) {
1186 			wpa_printf(MSG_ERROR,
1187 				   "FT: Failed to get random data for sequence number initialization");
1188 			rkh_seq->tx.dom = now.usec;
1189 		}
1190 		rkh_seq->tx.dom |= 1;
1191 	}
1192 
1193 	f_seq->dom = host_to_le32(rkh_seq->tx.dom);
1194 	f_seq->seq = host_to_le32(rkh_seq->tx.seq);
1195 	f_seq->ts = host_to_le32(now.sec);
1196 
1197 	rkh_seq->tx.seq++;
1198 
1199 	return 0;
1200 }
1201 
1202 
1203 struct wpa_ft_pmk_r0_sa {
1204 	struct dl_list list;
1205 	u8 pmk_r0[PMK_LEN_MAX];
1206 	size_t pmk_r0_len;
1207 	u8 pmk_r0_name[WPA_PMK_NAME_LEN];
1208 	u8 spa[ETH_ALEN];
1209 	int pairwise; /* Pairwise cipher suite, WPA_CIPHER_* */
1210 	struct vlan_description *vlan;
1211 	os_time_t expiration; /* 0 for no expiration */
1212 	u8 *identity;
1213 	size_t identity_len;
1214 	u8 *radius_cui;
1215 	size_t radius_cui_len;
1216 	os_time_t session_timeout; /* 0 for no expiration */
1217 	/* TODO: radius_class, EAP type */
1218 	int pmk_r1_pushed;
1219 };
1220 
1221 struct wpa_ft_pmk_r1_sa {
1222 	struct dl_list list;
1223 	u8 pmk_r1[PMK_LEN_MAX];
1224 	size_t pmk_r1_len;
1225 	u8 pmk_r1_name[WPA_PMK_NAME_LEN];
1226 	u8 spa[ETH_ALEN];
1227 	int pairwise; /* Pairwise cipher suite, WPA_CIPHER_* */
1228 	struct vlan_description *vlan;
1229 	u8 *identity;
1230 	size_t identity_len;
1231 	u8 *radius_cui;
1232 	size_t radius_cui_len;
1233 	os_time_t session_timeout; /* 0 for no expiration */
1234 	/* TODO: radius_class, EAP type */
1235 };
1236 
1237 struct wpa_ft_pmk_cache {
1238 	struct dl_list pmk_r0; /* struct wpa_ft_pmk_r0_sa */
1239 	struct dl_list pmk_r1; /* struct wpa_ft_pmk_r1_sa */
1240 };
1241 
1242 
1243 static void wpa_ft_expire_pmk_r0(void *eloop_ctx, void *timeout_ctx);
1244 static void wpa_ft_expire_pmk_r1(void *eloop_ctx, void *timeout_ctx);
1245 
1246 
wpa_ft_free_pmk_r0(struct wpa_ft_pmk_r0_sa * r0)1247 static void wpa_ft_free_pmk_r0(struct wpa_ft_pmk_r0_sa *r0)
1248 {
1249 	if (!r0)
1250 		return;
1251 
1252 	dl_list_del(&r0->list);
1253 	eloop_cancel_timeout(wpa_ft_expire_pmk_r0, r0, NULL);
1254 
1255 	os_memset(r0->pmk_r0, 0, PMK_LEN_MAX);
1256 	os_free(r0->vlan);
1257 	os_free(r0->identity);
1258 	os_free(r0->radius_cui);
1259 	os_free(r0);
1260 }
1261 
1262 
wpa_ft_expire_pmk_r0(void * eloop_ctx,void * timeout_ctx)1263 static void wpa_ft_expire_pmk_r0(void *eloop_ctx, void *timeout_ctx)
1264 {
1265 	struct wpa_ft_pmk_r0_sa *r0 = eloop_ctx;
1266 	struct os_reltime now;
1267 	int expires_in;
1268 	int session_timeout;
1269 
1270 	os_get_reltime(&now);
1271 
1272 	if (!r0)
1273 		return;
1274 
1275 	expires_in = r0->expiration - now.sec;
1276 	session_timeout = r0->session_timeout - now.sec;
1277 	/* conditions to remove from cache:
1278 	 * a) r0->expiration is set and hit
1279 	 * -or-
1280 	 * b) r0->session_timeout is set and hit
1281 	 */
1282 	if ((!r0->expiration || expires_in > 0) &&
1283 	    (!r0->session_timeout || session_timeout > 0)) {
1284 		wpa_printf(MSG_ERROR,
1285 			   "FT: %s() called for non-expired entry %p",
1286 			   __func__, r0);
1287 		eloop_cancel_timeout(wpa_ft_expire_pmk_r0, r0, NULL);
1288 		if (r0->expiration && expires_in > 0)
1289 			eloop_register_timeout(expires_in + 1, 0,
1290 					       wpa_ft_expire_pmk_r0, r0, NULL);
1291 		if (r0->session_timeout && session_timeout > 0)
1292 			eloop_register_timeout(session_timeout + 1, 0,
1293 					       wpa_ft_expire_pmk_r0, r0, NULL);
1294 		return;
1295 	}
1296 
1297 	wpa_ft_free_pmk_r0(r0);
1298 }
1299 
1300 
wpa_ft_free_pmk_r1(struct wpa_ft_pmk_r1_sa * r1)1301 static void wpa_ft_free_pmk_r1(struct wpa_ft_pmk_r1_sa *r1)
1302 {
1303 	if (!r1)
1304 		return;
1305 
1306 	dl_list_del(&r1->list);
1307 	eloop_cancel_timeout(wpa_ft_expire_pmk_r1, r1, NULL);
1308 
1309 	os_memset(r1->pmk_r1, 0, PMK_LEN_MAX);
1310 	os_free(r1->vlan);
1311 	os_free(r1->identity);
1312 	os_free(r1->radius_cui);
1313 	os_free(r1);
1314 }
1315 
1316 
wpa_ft_expire_pmk_r1(void * eloop_ctx,void * timeout_ctx)1317 static void wpa_ft_expire_pmk_r1(void *eloop_ctx, void *timeout_ctx)
1318 {
1319 	struct wpa_ft_pmk_r1_sa *r1 = eloop_ctx;
1320 
1321 	wpa_ft_free_pmk_r1(r1);
1322 }
1323 
1324 
wpa_ft_pmk_cache_init(void)1325 struct wpa_ft_pmk_cache * wpa_ft_pmk_cache_init(void)
1326 {
1327 	struct wpa_ft_pmk_cache *cache;
1328 
1329 	cache = os_zalloc(sizeof(*cache));
1330 	if (cache) {
1331 		dl_list_init(&cache->pmk_r0);
1332 		dl_list_init(&cache->pmk_r1);
1333 	}
1334 
1335 	return cache;
1336 }
1337 
1338 
wpa_ft_pmk_cache_deinit(struct wpa_ft_pmk_cache * cache)1339 void wpa_ft_pmk_cache_deinit(struct wpa_ft_pmk_cache *cache)
1340 {
1341 	struct wpa_ft_pmk_r0_sa *r0, *r0prev;
1342 	struct wpa_ft_pmk_r1_sa *r1, *r1prev;
1343 
1344 	dl_list_for_each_safe(r0, r0prev, &cache->pmk_r0,
1345 			      struct wpa_ft_pmk_r0_sa, list)
1346 		wpa_ft_free_pmk_r0(r0);
1347 
1348 	dl_list_for_each_safe(r1, r1prev, &cache->pmk_r1,
1349 			      struct wpa_ft_pmk_r1_sa, list)
1350 		wpa_ft_free_pmk_r1(r1);
1351 
1352 	os_free(cache);
1353 }
1354 
1355 
wpa_ft_store_pmk_r0(struct wpa_authenticator * wpa_auth,const u8 * spa,const u8 * pmk_r0,size_t pmk_r0_len,const u8 * pmk_r0_name,int pairwise,const struct vlan_description * vlan,int expires_in,int session_timeout,const u8 * identity,size_t identity_len,const u8 * radius_cui,size_t radius_cui_len)1356 static int wpa_ft_store_pmk_r0(struct wpa_authenticator *wpa_auth,
1357 			       const u8 *spa, const u8 *pmk_r0,
1358 			       size_t pmk_r0_len,
1359 			       const u8 *pmk_r0_name, int pairwise,
1360 			       const struct vlan_description *vlan,
1361 			       int expires_in, int session_timeout,
1362 			       const u8 *identity, size_t identity_len,
1363 			       const u8 *radius_cui, size_t radius_cui_len)
1364 {
1365 	struct wpa_ft_pmk_cache *cache = wpa_auth->ft_pmk_cache;
1366 	struct wpa_ft_pmk_r0_sa *r0;
1367 	struct os_reltime now;
1368 
1369 	/* TODO: add limit on number of entries in cache */
1370 	os_get_reltime(&now);
1371 
1372 	r0 = os_zalloc(sizeof(*r0));
1373 	if (r0 == NULL)
1374 		return -1;
1375 
1376 	os_memcpy(r0->pmk_r0, pmk_r0, pmk_r0_len);
1377 	r0->pmk_r0_len = pmk_r0_len;
1378 	os_memcpy(r0->pmk_r0_name, pmk_r0_name, WPA_PMK_NAME_LEN);
1379 	os_memcpy(r0->spa, spa, ETH_ALEN);
1380 	r0->pairwise = pairwise;
1381 	if (expires_in > 0)
1382 		r0->expiration = now.sec + expires_in;
1383 	if (vlan && vlan->notempty) {
1384 		r0->vlan = os_zalloc(sizeof(*vlan));
1385 		if (!r0->vlan) {
1386 			bin_clear_free(r0, sizeof(*r0));
1387 			return -1;
1388 		}
1389 		*r0->vlan = *vlan;
1390 	}
1391 	if (identity) {
1392 		r0->identity = os_malloc(identity_len);
1393 		if (r0->identity) {
1394 			os_memcpy(r0->identity, identity, identity_len);
1395 			r0->identity_len = identity_len;
1396 		}
1397 	}
1398 	if (radius_cui) {
1399 		r0->radius_cui = os_malloc(radius_cui_len);
1400 		if (r0->radius_cui) {
1401 			os_memcpy(r0->radius_cui, radius_cui, radius_cui_len);
1402 			r0->radius_cui_len = radius_cui_len;
1403 		}
1404 	}
1405 	if (session_timeout > 0)
1406 		r0->session_timeout = now.sec + session_timeout;
1407 
1408 	dl_list_add(&cache->pmk_r0, &r0->list);
1409 	if (expires_in > 0)
1410 		eloop_register_timeout(expires_in + 1, 0, wpa_ft_expire_pmk_r0,
1411 				       r0, NULL);
1412 	if (session_timeout > 0)
1413 		eloop_register_timeout(session_timeout + 1, 0,
1414 				       wpa_ft_expire_pmk_r0, r0, NULL);
1415 
1416 	return 0;
1417 }
1418 
1419 
wpa_ft_fetch_pmk_r0(struct wpa_authenticator * wpa_auth,const u8 * spa,const u8 * pmk_r0_name,const struct wpa_ft_pmk_r0_sa ** r0_out)1420 static int wpa_ft_fetch_pmk_r0(struct wpa_authenticator *wpa_auth,
1421 			       const u8 *spa, const u8 *pmk_r0_name,
1422 			       const struct wpa_ft_pmk_r0_sa **r0_out)
1423 {
1424 	struct wpa_ft_pmk_cache *cache = wpa_auth->ft_pmk_cache;
1425 	struct wpa_ft_pmk_r0_sa *r0;
1426 	struct os_reltime now;
1427 
1428 	os_get_reltime(&now);
1429 	dl_list_for_each(r0, &cache->pmk_r0, struct wpa_ft_pmk_r0_sa, list) {
1430 		if (ether_addr_equal(r0->spa, spa) &&
1431 		    os_memcmp_const(r0->pmk_r0_name, pmk_r0_name,
1432 				    WPA_PMK_NAME_LEN) == 0) {
1433 			*r0_out = r0;
1434 			return 0;
1435 		}
1436 	}
1437 
1438 	*r0_out = NULL;
1439 	return -1;
1440 }
1441 
1442 
wpa_ft_store_pmk_r1(struct wpa_authenticator * wpa_auth,const u8 * spa,const u8 * pmk_r1,size_t pmk_r1_len,const u8 * pmk_r1_name,int pairwise,const struct vlan_description * vlan,int expires_in,int session_timeout,const u8 * identity,size_t identity_len,const u8 * radius_cui,size_t radius_cui_len)1443 static int wpa_ft_store_pmk_r1(struct wpa_authenticator *wpa_auth,
1444 			       const u8 *spa, const u8 *pmk_r1,
1445 			       size_t pmk_r1_len,
1446 			       const u8 *pmk_r1_name, int pairwise,
1447 			       const struct vlan_description *vlan,
1448 			       int expires_in, int session_timeout,
1449 			       const u8 *identity, size_t identity_len,
1450 			       const u8 *radius_cui, size_t radius_cui_len)
1451 {
1452 	struct wpa_ft_pmk_cache *cache = wpa_auth->ft_pmk_cache;
1453 	int max_expires_in = wpa_auth->conf.r1_max_key_lifetime;
1454 	struct wpa_ft_pmk_r1_sa *r1;
1455 	struct os_reltime now;
1456 
1457 	/* TODO: limit on number of entries in cache */
1458 	os_get_reltime(&now);
1459 
1460 	if (max_expires_in && (max_expires_in < expires_in || expires_in == 0))
1461 		expires_in = max_expires_in;
1462 
1463 	r1 = os_zalloc(sizeof(*r1));
1464 	if (r1 == NULL)
1465 		return -1;
1466 
1467 	os_memcpy(r1->pmk_r1, pmk_r1, pmk_r1_len);
1468 	r1->pmk_r1_len = pmk_r1_len;
1469 	os_memcpy(r1->pmk_r1_name, pmk_r1_name, WPA_PMK_NAME_LEN);
1470 	os_memcpy(r1->spa, spa, ETH_ALEN);
1471 	r1->pairwise = pairwise;
1472 	if (vlan && vlan->notempty) {
1473 		r1->vlan = os_zalloc(sizeof(*vlan));
1474 		if (!r1->vlan) {
1475 			bin_clear_free(r1, sizeof(*r1));
1476 			return -1;
1477 		}
1478 		*r1->vlan = *vlan;
1479 	}
1480 	if (identity) {
1481 		r1->identity = os_malloc(identity_len);
1482 		if (r1->identity) {
1483 			os_memcpy(r1->identity, identity, identity_len);
1484 			r1->identity_len = identity_len;
1485 		}
1486 	}
1487 	if (radius_cui) {
1488 		r1->radius_cui = os_malloc(radius_cui_len);
1489 		if (r1->radius_cui) {
1490 			os_memcpy(r1->radius_cui, radius_cui, radius_cui_len);
1491 			r1->radius_cui_len = radius_cui_len;
1492 		}
1493 	}
1494 	if (session_timeout > 0)
1495 		r1->session_timeout = now.sec + session_timeout;
1496 
1497 	dl_list_add(&cache->pmk_r1, &r1->list);
1498 
1499 	if (expires_in > 0)
1500 		eloop_register_timeout(expires_in + 1, 0, wpa_ft_expire_pmk_r1,
1501 				       r1, NULL);
1502 	if (session_timeout > 0)
1503 		eloop_register_timeout(session_timeout + 1, 0,
1504 				       wpa_ft_expire_pmk_r1, r1, NULL);
1505 
1506 	return 0;
1507 }
1508 
1509 
wpa_ft_fetch_pmk_r1(struct wpa_authenticator * wpa_auth,const u8 * spa,const u8 * pmk_r1_name,u8 * pmk_r1,size_t * pmk_r1_len,int * pairwise,struct vlan_description * vlan,const u8 ** identity,size_t * identity_len,const u8 ** radius_cui,size_t * radius_cui_len,int * session_timeout)1510 int wpa_ft_fetch_pmk_r1(struct wpa_authenticator *wpa_auth,
1511 			const u8 *spa, const u8 *pmk_r1_name,
1512 			u8 *pmk_r1, size_t *pmk_r1_len, int *pairwise,
1513 			struct vlan_description *vlan,
1514 			const u8 **identity, size_t *identity_len,
1515 			const u8 **radius_cui, size_t *radius_cui_len,
1516 			int *session_timeout)
1517 {
1518 	struct wpa_ft_pmk_cache *cache = wpa_auth->ft_pmk_cache;
1519 	struct wpa_ft_pmk_r1_sa *r1;
1520 	struct os_reltime now;
1521 
1522 	os_get_reltime(&now);
1523 
1524 	dl_list_for_each(r1, &cache->pmk_r1, struct wpa_ft_pmk_r1_sa, list) {
1525 		if (ether_addr_equal(r1->spa, spa) &&
1526 		    os_memcmp_const(r1->pmk_r1_name, pmk_r1_name,
1527 				    WPA_PMK_NAME_LEN) == 0) {
1528 			os_memcpy(pmk_r1, r1->pmk_r1, r1->pmk_r1_len);
1529 			*pmk_r1_len = r1->pmk_r1_len;
1530 			if (pairwise)
1531 				*pairwise = r1->pairwise;
1532 			if (vlan && r1->vlan)
1533 				*vlan = *r1->vlan;
1534 			if (vlan && !r1->vlan)
1535 				os_memset(vlan, 0, sizeof(*vlan));
1536 			if (identity && identity_len) {
1537 				*identity = r1->identity;
1538 				*identity_len = r1->identity_len;
1539 			}
1540 			if (radius_cui && radius_cui_len) {
1541 				*radius_cui = r1->radius_cui;
1542 				*radius_cui_len = r1->radius_cui_len;
1543 			}
1544 			if (session_timeout && r1->session_timeout > now.sec)
1545 				*session_timeout = r1->session_timeout -
1546 					now.sec;
1547 			else if (session_timeout && r1->session_timeout)
1548 				*session_timeout = 1;
1549 			else if (session_timeout)
1550 				*session_timeout = 0;
1551 			return 0;
1552 		}
1553 	}
1554 
1555 	return -1;
1556 }
1557 
1558 
wpa_ft_rrb_init_r0kh_seq(struct ft_remote_r0kh * r0kh)1559 static int wpa_ft_rrb_init_r0kh_seq(struct ft_remote_r0kh *r0kh)
1560 {
1561 	if (r0kh->seq)
1562 		return 0;
1563 
1564 	r0kh->seq = os_zalloc(sizeof(*r0kh->seq));
1565 	if (!r0kh->seq) {
1566 		wpa_printf(MSG_DEBUG, "FT: Failed to allocate r0kh->seq");
1567 		return -1;
1568 	}
1569 
1570 	dl_list_init(&r0kh->seq->rx.queue);
1571 
1572 	return 0;
1573 }
1574 
1575 
wpa_ft_rrb_lookup_r0kh(struct wpa_authenticator * wpa_auth,const u8 * f_r0kh_id,size_t f_r0kh_id_len,struct ft_remote_r0kh ** r0kh_out,struct ft_remote_r0kh ** r0kh_wildcard)1576 static void wpa_ft_rrb_lookup_r0kh(struct wpa_authenticator *wpa_auth,
1577 				   const u8 *f_r0kh_id, size_t f_r0kh_id_len,
1578 				   struct ft_remote_r0kh **r0kh_out,
1579 				   struct ft_remote_r0kh **r0kh_wildcard)
1580 {
1581 	struct ft_remote_r0kh *r0kh;
1582 
1583 	*r0kh_wildcard = NULL;
1584 	*r0kh_out = NULL;
1585 
1586 	if (wpa_auth->conf.r0kh_list)
1587 		r0kh = *wpa_auth->conf.r0kh_list;
1588 	else
1589 		r0kh = NULL;
1590 	for (; r0kh; r0kh = r0kh->next) {
1591 		if (r0kh->id_len == 1 && r0kh->id[0] == '*')
1592 			*r0kh_wildcard = r0kh;
1593 		if (f_r0kh_id && r0kh->id_len == f_r0kh_id_len &&
1594 		    os_memcmp_const(f_r0kh_id, r0kh->id, f_r0kh_id_len) == 0)
1595 			*r0kh_out = r0kh;
1596 	}
1597 
1598 	if (!*r0kh_out && !*r0kh_wildcard)
1599 		wpa_printf(MSG_DEBUG, "FT: No matching R0KH found");
1600 
1601 	if (*r0kh_out && wpa_ft_rrb_init_r0kh_seq(*r0kh_out) < 0)
1602 		*r0kh_out = NULL;
1603 }
1604 
1605 
wpa_ft_rrb_init_r1kh_seq(struct ft_remote_r1kh * r1kh)1606 static int wpa_ft_rrb_init_r1kh_seq(struct ft_remote_r1kh *r1kh)
1607 {
1608 	if (r1kh->seq)
1609 		return 0;
1610 
1611 	r1kh->seq = os_zalloc(sizeof(*r1kh->seq));
1612 	if (!r1kh->seq) {
1613 		wpa_printf(MSG_DEBUG, "FT: Failed to allocate r1kh->seq");
1614 		return -1;
1615 	}
1616 
1617 	dl_list_init(&r1kh->seq->rx.queue);
1618 
1619 	return 0;
1620 }
1621 
1622 
wpa_ft_rrb_lookup_r1kh(struct wpa_authenticator * wpa_auth,const u8 * f_r1kh_id,struct ft_remote_r1kh ** r1kh_out,struct ft_remote_r1kh ** r1kh_wildcard)1623 static void wpa_ft_rrb_lookup_r1kh(struct wpa_authenticator *wpa_auth,
1624 				   const u8 *f_r1kh_id,
1625 				   struct ft_remote_r1kh **r1kh_out,
1626 				   struct ft_remote_r1kh **r1kh_wildcard)
1627 {
1628 	struct ft_remote_r1kh *r1kh;
1629 
1630 	*r1kh_wildcard = NULL;
1631 	*r1kh_out = NULL;
1632 
1633 	if (wpa_auth->conf.r1kh_list)
1634 		r1kh = *wpa_auth->conf.r1kh_list;
1635 	else
1636 		r1kh = NULL;
1637 	for (; r1kh; r1kh = r1kh->next) {
1638 		if (is_zero_ether_addr(r1kh->addr) &&
1639 		    is_zero_ether_addr(r1kh->id))
1640 			*r1kh_wildcard = r1kh;
1641 		if (f_r1kh_id &&
1642 		    os_memcmp_const(r1kh->id, f_r1kh_id, FT_R1KH_ID_LEN) == 0)
1643 			*r1kh_out = r1kh;
1644 	}
1645 
1646 	if (!*r1kh_out && !*r1kh_wildcard)
1647 		wpa_printf(MSG_DEBUG, "FT: No matching R1KH found");
1648 
1649 	if (*r1kh_out && wpa_ft_rrb_init_r1kh_seq(*r1kh_out) < 0)
1650 		*r1kh_out = NULL;
1651 }
1652 
1653 
wpa_ft_rrb_check_r0kh(struct wpa_authenticator * wpa_auth,const u8 * f_r0kh_id,size_t f_r0kh_id_len)1654 static int wpa_ft_rrb_check_r0kh(struct wpa_authenticator *wpa_auth,
1655 				 const u8 *f_r0kh_id, size_t f_r0kh_id_len)
1656 {
1657 	if (f_r0kh_id_len != wpa_auth->conf.r0_key_holder_len ||
1658 	    os_memcmp_const(f_r0kh_id, wpa_auth->conf.r0_key_holder,
1659 			    f_r0kh_id_len) != 0)
1660 		return -1;
1661 
1662 	return 0;
1663 }
1664 
1665 
wpa_ft_rrb_check_r1kh(struct wpa_authenticator * wpa_auth,const u8 * f_r1kh_id)1666 static int wpa_ft_rrb_check_r1kh(struct wpa_authenticator *wpa_auth,
1667 				 const u8 *f_r1kh_id)
1668 {
1669 	if (os_memcmp_const(f_r1kh_id, wpa_auth->conf.r1_key_holder,
1670 			    FT_R1KH_ID_LEN) != 0)
1671 		return -1;
1672 
1673 	return 0;
1674 }
1675 
1676 
wpa_ft_rrb_del_r0kh(void * eloop_ctx,void * timeout_ctx)1677 static void wpa_ft_rrb_del_r0kh(void *eloop_ctx, void *timeout_ctx)
1678 {
1679 	struct wpa_authenticator *wpa_auth = eloop_ctx;
1680 	struct ft_remote_r0kh *r0kh, *prev = NULL;
1681 
1682 	if (!wpa_auth->conf.r0kh_list)
1683 		return;
1684 
1685 	for (r0kh = *wpa_auth->conf.r0kh_list; r0kh; r0kh = r0kh->next) {
1686 		if (r0kh == timeout_ctx)
1687 			break;
1688 		prev = r0kh;
1689 	}
1690 	if (!r0kh)
1691 		return;
1692 	if (prev)
1693 		prev->next = r0kh->next;
1694 	else
1695 		*wpa_auth->conf.r0kh_list = r0kh->next;
1696 	if (r0kh->seq)
1697 		wpa_ft_rrb_seq_flush(wpa_auth, r0kh->seq, 0);
1698 	os_free(r0kh->seq);
1699 	os_free(r0kh);
1700 }
1701 
1702 
wpa_ft_rrb_r0kh_replenish(struct wpa_authenticator * wpa_auth,struct ft_remote_r0kh * r0kh,int timeout)1703 static void wpa_ft_rrb_r0kh_replenish(struct wpa_authenticator *wpa_auth,
1704 				      struct ft_remote_r0kh *r0kh, int timeout)
1705 {
1706 	if (timeout > 0)
1707 		eloop_replenish_timeout(timeout, 0, wpa_ft_rrb_del_r0kh,
1708 					wpa_auth, r0kh);
1709 }
1710 
1711 
wpa_ft_rrb_r0kh_timeout(struct wpa_authenticator * wpa_auth,struct ft_remote_r0kh * r0kh,int timeout)1712 static void wpa_ft_rrb_r0kh_timeout(struct wpa_authenticator *wpa_auth,
1713 				    struct ft_remote_r0kh *r0kh, int timeout)
1714 {
1715 	eloop_cancel_timeout(wpa_ft_rrb_del_r0kh, wpa_auth, r0kh);
1716 
1717 	if (timeout > 0)
1718 		eloop_register_timeout(timeout, 0, wpa_ft_rrb_del_r0kh,
1719 				       wpa_auth, r0kh);
1720 }
1721 
1722 
1723 static struct ft_remote_r0kh *
wpa_ft_rrb_add_r0kh(struct wpa_authenticator * wpa_auth,struct ft_remote_r0kh * r0kh_wildcard,const u8 * src_addr,const u8 * r0kh_id,size_t id_len,int timeout)1724 wpa_ft_rrb_add_r0kh(struct wpa_authenticator *wpa_auth,
1725 		    struct ft_remote_r0kh *r0kh_wildcard,
1726 		    const u8 *src_addr, const u8 *r0kh_id, size_t id_len,
1727 		    int timeout)
1728 {
1729 	struct ft_remote_r0kh *r0kh;
1730 
1731 	if (!wpa_auth->conf.r0kh_list)
1732 		return NULL;
1733 
1734 	r0kh = os_zalloc(sizeof(*r0kh));
1735 	if (!r0kh)
1736 		return NULL;
1737 
1738 	if (src_addr)
1739 		os_memcpy(r0kh->addr, src_addr, sizeof(r0kh->addr));
1740 
1741 	if (id_len > FT_R0KH_ID_MAX_LEN)
1742 		id_len = FT_R0KH_ID_MAX_LEN;
1743 	os_memcpy(r0kh->id, r0kh_id, id_len);
1744 	r0kh->id_len = id_len;
1745 
1746 	os_memcpy(r0kh->key, r0kh_wildcard->key, sizeof(r0kh->key));
1747 
1748 	r0kh->next = *wpa_auth->conf.r0kh_list;
1749 	*wpa_auth->conf.r0kh_list = r0kh;
1750 
1751 	if (timeout > 0)
1752 		eloop_register_timeout(timeout, 0, wpa_ft_rrb_del_r0kh,
1753 				       wpa_auth, r0kh);
1754 
1755 	if (wpa_ft_rrb_init_r0kh_seq(r0kh) < 0)
1756 		return NULL;
1757 
1758 	return r0kh;
1759 }
1760 
1761 
wpa_ft_rrb_del_r1kh(void * eloop_ctx,void * timeout_ctx)1762 static void wpa_ft_rrb_del_r1kh(void *eloop_ctx, void *timeout_ctx)
1763 {
1764 	struct wpa_authenticator *wpa_auth = eloop_ctx;
1765 	struct ft_remote_r1kh *r1kh, *prev = NULL;
1766 
1767 	if (!wpa_auth->conf.r1kh_list)
1768 		return;
1769 
1770 	for (r1kh = *wpa_auth->conf.r1kh_list; r1kh; r1kh = r1kh->next) {
1771 		if (r1kh == timeout_ctx)
1772 			break;
1773 		prev = r1kh;
1774 	}
1775 	if (!r1kh)
1776 		return;
1777 	if (prev)
1778 		prev->next = r1kh->next;
1779 	else
1780 		*wpa_auth->conf.r1kh_list = r1kh->next;
1781 	if (r1kh->seq)
1782 		wpa_ft_rrb_seq_flush(wpa_auth, r1kh->seq, 0);
1783 	os_free(r1kh->seq);
1784 	os_free(r1kh);
1785 }
1786 
1787 
wpa_ft_rrb_r1kh_replenish(struct wpa_authenticator * wpa_auth,struct ft_remote_r1kh * r1kh,int timeout)1788 static void wpa_ft_rrb_r1kh_replenish(struct wpa_authenticator *wpa_auth,
1789 				      struct ft_remote_r1kh *r1kh, int timeout)
1790 {
1791 	if (timeout > 0)
1792 		eloop_replenish_timeout(timeout, 0, wpa_ft_rrb_del_r1kh,
1793 					wpa_auth, r1kh);
1794 }
1795 
1796 
1797 static struct ft_remote_r1kh *
wpa_ft_rrb_add_r1kh(struct wpa_authenticator * wpa_auth,struct ft_remote_r1kh * r1kh_wildcard,const u8 * src_addr,const u8 * r1kh_id,int timeout)1798 wpa_ft_rrb_add_r1kh(struct wpa_authenticator *wpa_auth,
1799 		    struct ft_remote_r1kh *r1kh_wildcard,
1800 		    const u8 *src_addr, const u8 *r1kh_id, int timeout)
1801 {
1802 	struct ft_remote_r1kh *r1kh;
1803 
1804 	if (!wpa_auth->conf.r1kh_list)
1805 		return NULL;
1806 
1807 	r1kh = os_zalloc(sizeof(*r1kh));
1808 	if (!r1kh)
1809 		return NULL;
1810 
1811 	os_memcpy(r1kh->addr, src_addr, sizeof(r1kh->addr));
1812 	os_memcpy(r1kh->id, r1kh_id, sizeof(r1kh->id));
1813 	os_memcpy(r1kh->key, r1kh_wildcard->key, sizeof(r1kh->key));
1814 	r1kh->next = *wpa_auth->conf.r1kh_list;
1815 	*wpa_auth->conf.r1kh_list = r1kh;
1816 
1817 	if (timeout > 0)
1818 		eloop_register_timeout(timeout, 0, wpa_ft_rrb_del_r1kh,
1819 				       wpa_auth, r1kh);
1820 
1821 	if (wpa_ft_rrb_init_r1kh_seq(r1kh) < 0)
1822 		return NULL;
1823 
1824 	return r1kh;
1825 }
1826 
1827 
wpa_ft_sta_deinit(struct wpa_state_machine * sm)1828 void wpa_ft_sta_deinit(struct wpa_state_machine *sm)
1829 {
1830 	eloop_cancel_timeout(wpa_ft_expire_pull, sm, NULL);
1831 }
1832 
1833 
wpa_ft_deinit_seq(struct wpa_authenticator * wpa_auth)1834 static void wpa_ft_deinit_seq(struct wpa_authenticator *wpa_auth)
1835 {
1836 	struct ft_remote_r0kh *r0kh;
1837 	struct ft_remote_r1kh *r1kh;
1838 
1839 	eloop_cancel_timeout(wpa_ft_rrb_seq_timeout, wpa_auth, ELOOP_ALL_CTX);
1840 
1841 	if (wpa_auth->conf.r0kh_list)
1842 		r0kh = *wpa_auth->conf.r0kh_list;
1843 	else
1844 		r0kh = NULL;
1845 	for (; r0kh; r0kh = r0kh->next) {
1846 		if (!r0kh->seq)
1847 			continue;
1848 		wpa_ft_rrb_seq_flush(wpa_auth, r0kh->seq, 0);
1849 		os_free(r0kh->seq);
1850 		r0kh->seq = NULL;
1851 	}
1852 
1853 	if (wpa_auth->conf.r1kh_list)
1854 		r1kh = *wpa_auth->conf.r1kh_list;
1855 	else
1856 		r1kh = NULL;
1857 	for (; r1kh; r1kh = r1kh->next) {
1858 		if (!r1kh->seq)
1859 			continue;
1860 		wpa_ft_rrb_seq_flush(wpa_auth, r1kh->seq, 0);
1861 		os_free(r1kh->seq);
1862 		r1kh->seq = NULL;
1863 	}
1864 }
1865 
1866 
wpa_ft_deinit_rkh_tmp(struct wpa_authenticator * wpa_auth)1867 static void wpa_ft_deinit_rkh_tmp(struct wpa_authenticator *wpa_auth)
1868 {
1869 	struct ft_remote_r0kh *r0kh, *r0kh_next, *r0kh_prev = NULL;
1870 	struct ft_remote_r1kh *r1kh, *r1kh_next, *r1kh_prev = NULL;
1871 
1872 	if (wpa_auth->conf.r0kh_list)
1873 		r0kh = *wpa_auth->conf.r0kh_list;
1874 	else
1875 		r0kh = NULL;
1876 	while (r0kh) {
1877 		r0kh_next = r0kh->next;
1878 		if (eloop_cancel_timeout(wpa_ft_rrb_del_r0kh, wpa_auth,
1879 					 r0kh) > 0) {
1880 			if (r0kh_prev)
1881 				r0kh_prev->next = r0kh_next;
1882 			else
1883 				*wpa_auth->conf.r0kh_list = r0kh_next;
1884 			os_free(r0kh);
1885 		} else {
1886 			r0kh_prev = r0kh;
1887 		}
1888 		r0kh = r0kh_next;
1889 	}
1890 
1891 	if (wpa_auth->conf.r1kh_list)
1892 		r1kh = *wpa_auth->conf.r1kh_list;
1893 	else
1894 		r1kh = NULL;
1895 	while (r1kh) {
1896 		r1kh_next = r1kh->next;
1897 		if (eloop_cancel_timeout(wpa_ft_rrb_del_r1kh, wpa_auth,
1898 					 r1kh) > 0) {
1899 			if (r1kh_prev)
1900 				r1kh_prev->next = r1kh_next;
1901 			else
1902 				*wpa_auth->conf.r1kh_list = r1kh_next;
1903 			os_free(r1kh);
1904 		} else {
1905 			r1kh_prev = r1kh;
1906 		}
1907 		r1kh = r1kh_next;
1908 	}
1909 }
1910 
1911 
wpa_ft_deinit(struct wpa_authenticator * wpa_auth)1912 void wpa_ft_deinit(struct wpa_authenticator *wpa_auth)
1913 {
1914 	wpa_ft_deinit_seq(wpa_auth);
1915 	wpa_ft_deinit_rkh_tmp(wpa_auth);
1916 }
1917 
1918 
wpa_ft_block_r0kh(struct wpa_authenticator * wpa_auth,const u8 * f_r0kh_id,size_t f_r0kh_id_len)1919 static void wpa_ft_block_r0kh(struct wpa_authenticator *wpa_auth,
1920 			      const u8 *f_r0kh_id, size_t f_r0kh_id_len)
1921 {
1922 	struct ft_remote_r0kh *r0kh, *r0kh_wildcard;
1923 
1924 	if (!wpa_auth->conf.rkh_neg_timeout)
1925 		return;
1926 
1927 	wpa_ft_rrb_lookup_r0kh(wpa_auth, f_r0kh_id, f_r0kh_id_len,
1928 			       &r0kh, &r0kh_wildcard);
1929 
1930 	if (!r0kh_wildcard) {
1931 		/* r0kh removed after neg_timeout and might need re-adding */
1932 		return;
1933 	}
1934 
1935 	wpa_hexdump(MSG_DEBUG, "FT: Temporarily block R0KH-ID",
1936 		    f_r0kh_id, f_r0kh_id_len);
1937 
1938 	if (r0kh) {
1939 		wpa_ft_rrb_r0kh_timeout(wpa_auth, r0kh,
1940 					wpa_auth->conf.rkh_neg_timeout);
1941 		os_memset(r0kh->addr, 0, ETH_ALEN);
1942 	} else
1943 		wpa_ft_rrb_add_r0kh(wpa_auth, r0kh_wildcard, NULL, f_r0kh_id,
1944 				    f_r0kh_id_len,
1945 				    wpa_auth->conf.rkh_neg_timeout);
1946 }
1947 
1948 
wpa_ft_expire_pull(void * eloop_ctx,void * timeout_ctx)1949 static void wpa_ft_expire_pull(void *eloop_ctx, void *timeout_ctx)
1950 {
1951 	struct wpa_state_machine *sm = eloop_ctx;
1952 
1953 	wpa_printf(MSG_DEBUG, "FT: Timeout pending pull request for " MACSTR,
1954 		   MAC2STR(sm->addr));
1955 	if (sm->ft_pending_pull_left_retries <= 0)
1956 		wpa_ft_block_r0kh(sm->wpa_auth, sm->r0kh_id, sm->r0kh_id_len);
1957 
1958 	/* cancel multiple timeouts */
1959 	eloop_cancel_timeout(wpa_ft_expire_pull, sm, NULL);
1960 	ft_finish_pull(sm);
1961 }
1962 
1963 
wpa_ft_pull_pmk_r1(struct wpa_state_machine * sm,const u8 * ies,size_t ies_len,const u8 * pmk_r0_name)1964 static int wpa_ft_pull_pmk_r1(struct wpa_state_machine *sm,
1965 			      const u8 *ies, size_t ies_len,
1966 			      const u8 *pmk_r0_name)
1967 {
1968 	struct ft_remote_r0kh *r0kh, *r0kh_wildcard;
1969 	u8 *packet = NULL;
1970 	const u8 *key, *f_r1kh_id = sm->wpa_auth->conf.r1_key_holder;
1971 	size_t packet_len, key_len;
1972 	struct ft_rrb_seq f_seq;
1973 	int tsecs, tusecs, first;
1974 	struct wpabuf *ft_pending_req_ies;
1975 	int r0kh_timeout;
1976 	struct tlv_list req_enc[] = {
1977 		{ .type = FT_RRB_PMK_R0_NAME, .len = WPA_PMK_NAME_LEN,
1978 		  .data = pmk_r0_name },
1979 		{ .type = FT_RRB_S1KH_ID, .len = ETH_ALEN,
1980 		  .data = sm->addr },
1981 		{ .type = FT_RRB_LAST_EMPTY, .len = 0, .data = NULL },
1982 	};
1983 	struct tlv_list req_auth[] = {
1984 		{ .type = FT_RRB_NONCE, .len = FT_RRB_NONCE_LEN,
1985 		  .data = sm->ft_pending_pull_nonce },
1986 		{ .type = FT_RRB_SEQ, .len = sizeof(f_seq),
1987 		  .data = (u8 *) &f_seq },
1988 		{ .type = FT_RRB_R0KH_ID, .len = sm->r0kh_id_len,
1989 		  .data = sm->r0kh_id },
1990 		{ .type = FT_RRB_R1KH_ID, .len = FT_R1KH_ID_LEN,
1991 		  .data = f_r1kh_id },
1992 		{ .type = FT_RRB_LAST_EMPTY, .len = 0, .data = NULL },
1993 	};
1994 
1995 	if (sm->ft_pending_pull_left_retries <= 0)
1996 		return -1;
1997 	first = sm->ft_pending_pull_left_retries ==
1998 		sm->wpa_auth->conf.rkh_pull_retries;
1999 	sm->ft_pending_pull_left_retries--;
2000 
2001 	wpa_ft_rrb_lookup_r0kh(sm->wpa_auth, sm->r0kh_id, sm->r0kh_id_len,
2002 			       &r0kh, &r0kh_wildcard);
2003 
2004 	/* Keep r0kh sufficiently long in the list for seq num check */
2005 	r0kh_timeout = sm->wpa_auth->conf.rkh_pull_timeout / 1000 +
2006 		1 + ftRRBseqTimeout;
2007 	if (r0kh) {
2008 		wpa_ft_rrb_r0kh_replenish(sm->wpa_auth, r0kh, r0kh_timeout);
2009 	} else if (r0kh_wildcard) {
2010 		wpa_printf(MSG_DEBUG, "FT: Using wildcard R0KH-ID");
2011 		/* r0kh->addr: updated by SEQ_RESP and wpa_ft_expire_pull */
2012 		r0kh = wpa_ft_rrb_add_r0kh(sm->wpa_auth, r0kh_wildcard,
2013 					   r0kh_wildcard->addr,
2014 					   sm->r0kh_id, sm->r0kh_id_len,
2015 					   r0kh_timeout);
2016 	}
2017 	if (r0kh == NULL) {
2018 		wpa_hexdump(MSG_DEBUG, "FT: Did not find R0KH-ID",
2019 			    sm->r0kh_id, sm->r0kh_id_len);
2020 		return -1;
2021 	}
2022 	if (is_zero_ether_addr(r0kh->addr)) {
2023 		wpa_hexdump(MSG_DEBUG, "FT: R0KH-ID is temporarily blocked",
2024 			    sm->r0kh_id, sm->r0kh_id_len);
2025 		return -1;
2026 	}
2027 	if (ether_addr_equal(r0kh->addr, sm->wpa_auth->addr)) {
2028 		wpa_printf(MSG_DEBUG,
2029 			   "FT: R0KH-ID points to self - no matching key available");
2030 		return -1;
2031 	}
2032 
2033 	key = r0kh->key;
2034 	key_len = sizeof(r0kh->key);
2035 
2036 	if (r0kh->seq->rx.num_last == 0) {
2037 		/* A sequence request will be sent out anyway when pull
2038 		 * response is received. Send it out now to avoid one RTT. */
2039 		wpa_ft_rrb_seq_req(sm->wpa_auth, r0kh->seq, r0kh->addr,
2040 				   r0kh->id, r0kh->id_len, f_r1kh_id, key,
2041 				   key_len, NULL, 0, NULL, 0, NULL);
2042 	}
2043 
2044 	wpa_printf(MSG_DEBUG, "FT: Send PMK-R1 pull request from " MACSTR
2045 		   " to remote R0KH address " MACSTR,
2046 		   MAC2STR(sm->wpa_auth->addr), MAC2STR(r0kh->addr));
2047 
2048 	if (first &&
2049 	    random_get_bytes(sm->ft_pending_pull_nonce, FT_RRB_NONCE_LEN) < 0) {
2050 		wpa_printf(MSG_DEBUG, "FT: Failed to get random data for "
2051 			   "nonce");
2052 		return -1;
2053 	}
2054 
2055 	if (wpa_ft_new_seq(r0kh->seq, &f_seq) < 0) {
2056 		wpa_printf(MSG_DEBUG, "FT: Failed to get seq num");
2057 		return -1;
2058 	}
2059 
2060 	if (wpa_ft_rrb_build(key, key_len, req_enc, NULL, req_auth, NULL,
2061 			     sm->wpa_auth->addr, FT_PACKET_R0KH_R1KH_PULL,
2062 			     &packet, &packet_len) < 0)
2063 		return -1;
2064 
2065 	ft_pending_req_ies = wpabuf_alloc_copy(ies, ies_len);
2066 	wpabuf_free(sm->ft_pending_req_ies);
2067 	sm->ft_pending_req_ies = ft_pending_req_ies;
2068 	if (!sm->ft_pending_req_ies) {
2069 		os_free(packet);
2070 		return -1;
2071 	}
2072 
2073 	tsecs = sm->wpa_auth->conf.rkh_pull_timeout / 1000;
2074 	tusecs = (sm->wpa_auth->conf.rkh_pull_timeout % 1000) * 1000;
2075 	eloop_register_timeout(tsecs, tusecs, wpa_ft_expire_pull, sm, NULL);
2076 
2077 	wpa_ft_rrb_oui_send(sm->wpa_auth, r0kh->addr, FT_PACKET_R0KH_R1KH_PULL,
2078 			    packet, packet_len);
2079 
2080 	os_free(packet);
2081 
2082 	return 0;
2083 }
2084 
2085 
wpa_ft_store_pmk_fils(struct wpa_state_machine * sm,const u8 * pmk_r0,const u8 * pmk_r0_name)2086 int wpa_ft_store_pmk_fils(struct wpa_state_machine *sm,
2087 			  const u8 *pmk_r0, const u8 *pmk_r0_name)
2088 {
2089 	int expires_in = sm->wpa_auth->conf.r0_key_lifetime;
2090 	struct vlan_description vlan;
2091 	const u8 *identity, *radius_cui;
2092 	size_t identity_len, radius_cui_len;
2093 	int session_timeout;
2094 	size_t pmk_r0_len = wpa_key_mgmt_sha384(sm->wpa_key_mgmt) ?
2095 		SHA384_MAC_LEN : PMK_LEN;
2096 
2097 	if (wpa_ft_get_vlan(sm->wpa_auth, sm->addr, &vlan) < 0) {
2098 		wpa_printf(MSG_DEBUG, "FT: vlan not available for STA " MACSTR,
2099 			   MAC2STR(sm->addr));
2100 		return -1;
2101 	}
2102 
2103 	identity_len = wpa_ft_get_identity(sm->wpa_auth, sm->addr, &identity);
2104 	radius_cui_len = wpa_ft_get_radius_cui(sm->wpa_auth, sm->addr,
2105 					       &radius_cui);
2106 	session_timeout = wpa_ft_get_session_timeout(sm->wpa_auth, sm->addr);
2107 
2108 	return wpa_ft_store_pmk_r0(sm->wpa_auth, sm->addr, pmk_r0, pmk_r0_len,
2109 				   pmk_r0_name, sm->pairwise, &vlan, expires_in,
2110 				   session_timeout, identity, identity_len,
2111 				   radius_cui, radius_cui_len);
2112 }
2113 
2114 
wpa_auth_derive_ptk_ft(struct wpa_state_machine * sm,struct wpa_ptk * ptk,u8 * pmk_r0,u8 * pmk_r1,u8 * pmk_r0_name,size_t * key_len,size_t kdk_len)2115 int wpa_auth_derive_ptk_ft(struct wpa_state_machine *sm, struct wpa_ptk *ptk,
2116 			   u8 *pmk_r0, u8 *pmk_r1, u8 *pmk_r0_name,
2117 			   size_t *key_len, size_t kdk_len)
2118 {
2119 	size_t pmk_r0_len, pmk_r1_len;
2120 	u8 ptk_name[WPA_PMK_NAME_LEN];
2121 	const u8 *mdid = sm->wpa_auth->conf.mobility_domain;
2122 	const u8 *r0kh = sm->wpa_auth->conf.r0_key_holder;
2123 	size_t r0kh_len = sm->wpa_auth->conf.r0_key_holder_len;
2124 	const u8 *r1kh = sm->wpa_auth->conf.r1_key_holder;
2125 	const u8 *ssid = sm->wpa_auth->conf.ssid;
2126 	size_t ssid_len = sm->wpa_auth->conf.ssid_len;
2127 	const u8 *mpmk;
2128 	size_t mpmk_len;
2129 
2130 	if (sm->wpa_key_mgmt == WPA_KEY_MGMT_FT_SAE_EXT_KEY &&
2131 	    (sm->xxkey_len == SHA256_MAC_LEN ||
2132 	     sm->xxkey_len == SHA384_MAC_LEN ||
2133 	     sm->xxkey_len == SHA512_MAC_LEN))
2134 		pmk_r0_len = sm->xxkey_len;
2135 	else if (wpa_key_mgmt_sha384(sm->wpa_key_mgmt))
2136 		pmk_r0_len = SHA384_MAC_LEN;
2137 	else
2138 		pmk_r0_len = PMK_LEN;
2139 	*key_len = pmk_r1_len = pmk_r0_len;
2140 
2141 	if (sm->xxkey_len > 0) {
2142 		mpmk = sm->xxkey;
2143 		mpmk_len = sm->xxkey_len;
2144 	} else if (sm->pmksa) {
2145 		mpmk = sm->pmksa->pmk;
2146 		mpmk_len = sm->pmksa->pmk_len;
2147 	} else {
2148 		wpa_printf(MSG_DEBUG, "FT: XXKey not available for key "
2149 			   "derivation");
2150 		return -1;
2151 	}
2152 
2153 	if (wpa_derive_pmk_r0(mpmk, mpmk_len, ssid, ssid_len, mdid,
2154 			      r0kh, r0kh_len, sm->addr,
2155 			      pmk_r0, pmk_r0_name,
2156 			      sm->wpa_key_mgmt) < 0 ||
2157 	    wpa_derive_pmk_r1(pmk_r0, pmk_r0_len, pmk_r0_name, r1kh, sm->addr,
2158 			      pmk_r1, sm->pmk_r1_name) < 0)
2159 		return -1;
2160 
2161 	return wpa_pmk_r1_to_ptk(pmk_r1, pmk_r1_len, sm->SNonce, sm->ANonce,
2162 				 sm->addr, sm->wpa_auth->addr, sm->pmk_r1_name,
2163 				 ptk, ptk_name, sm->wpa_key_mgmt, sm->pairwise,
2164 				 kdk_len);
2165 }
2166 
2167 
wpa_auth_ft_store_keys(struct wpa_state_machine * sm,const u8 * pmk_r0,const u8 * pmk_r1,const u8 * pmk_r0_name,size_t key_len)2168 void wpa_auth_ft_store_keys(struct wpa_state_machine *sm, const u8 *pmk_r0,
2169 			    const u8 *pmk_r1, const u8 *pmk_r0_name,
2170 			    size_t key_len)
2171 {
2172 	int psk_local = sm->wpa_auth->conf.ft_psk_generate_local;
2173 	int expires_in = sm->wpa_auth->conf.r0_key_lifetime;
2174 	struct vlan_description vlan;
2175 	const u8 *identity, *radius_cui;
2176 	size_t identity_len, radius_cui_len;
2177 	int session_timeout;
2178 
2179 	if (psk_local && wpa_key_mgmt_ft_psk(sm->wpa_key_mgmt))
2180 		return;
2181 
2182 	if (wpa_ft_get_vlan(sm->wpa_auth, sm->addr, &vlan) < 0) {
2183 		wpa_printf(MSG_DEBUG, "FT: vlan not available for STA " MACSTR,
2184 			   MAC2STR(sm->addr));
2185 		return;
2186 	}
2187 
2188 	identity_len = wpa_ft_get_identity(sm->wpa_auth, sm->addr, &identity);
2189 	radius_cui_len = wpa_ft_get_radius_cui(sm->wpa_auth, sm->addr,
2190 					       &radius_cui);
2191 	session_timeout = wpa_ft_get_session_timeout(sm->wpa_auth, sm->addr);
2192 
2193 
2194 	wpa_ft_store_pmk_r0(sm->wpa_auth, sm->addr, pmk_r0, key_len,
2195 			    pmk_r0_name,
2196 			    sm->pairwise, &vlan, expires_in,
2197 			    session_timeout, identity, identity_len,
2198 			    radius_cui, radius_cui_len);
2199 	wpa_ft_store_pmk_r1(sm->wpa_auth, sm->addr, pmk_r1, key_len,
2200 			    sm->pmk_r1_name, sm->pairwise, &vlan,
2201 			    expires_in, session_timeout, identity,
2202 			    identity_len, radius_cui, radius_cui_len);
2203 }
2204 
2205 
wpa_auth_get_seqnum(struct wpa_authenticator * wpa_auth,const u8 * addr,int idx,u8 * seq)2206 static inline int wpa_auth_get_seqnum(struct wpa_authenticator *wpa_auth,
2207 				      const u8 *addr, int idx, u8 *seq)
2208 {
2209 	if (wpa_auth->cb->get_seqnum == NULL)
2210 		return -1;
2211 	return wpa_auth->cb->get_seqnum(wpa_auth->cb_ctx, addr, idx, seq);
2212 }
2213 
2214 
wpa_ft_gtk_subelem(struct wpa_state_machine * sm,size_t * len)2215 static u8 * wpa_ft_gtk_subelem(struct wpa_state_machine *sm, size_t *len)
2216 {
2217 	u8 *subelem;
2218 	struct wpa_auth_config *conf = &sm->wpa_auth->conf;
2219 	struct wpa_group *gsm = sm->group;
2220 	size_t subelem_len, pad_len;
2221 	const u8 *key;
2222 	size_t key_len;
2223 	u8 keybuf[WPA_GTK_MAX_LEN];
2224 	const u8 *kek;
2225 	size_t kek_len;
2226 
2227 	if (wpa_key_mgmt_fils(sm->wpa_key_mgmt)) {
2228 		kek = sm->PTK.kek2;
2229 		kek_len = sm->PTK.kek2_len;
2230 	} else {
2231 		kek = sm->PTK.kek;
2232 		kek_len = sm->PTK.kek_len;
2233 	}
2234 
2235 	key_len = gsm->GTK_len;
2236 	if (key_len > sizeof(keybuf))
2237 		return NULL;
2238 
2239 	/*
2240 	 * Pad key for AES Key Wrap if it is not multiple of 8 bytes or is less
2241 	 * than 16 bytes.
2242 	 */
2243 	pad_len = key_len % 8;
2244 	if (pad_len)
2245 		pad_len = 8 - pad_len;
2246 	if (key_len + pad_len < 16)
2247 		pad_len += 8;
2248 	if (pad_len && key_len < sizeof(keybuf)) {
2249 		os_memcpy(keybuf, gsm->GTK[gsm->GN - 1], key_len);
2250 		if (conf->disable_gtk ||
2251 		    sm->wpa_key_mgmt == WPA_KEY_MGMT_OSEN) {
2252 			/*
2253 			 * Provide unique random GTK to each STA to prevent use
2254 			 * of GTK in the BSS.
2255 			 */
2256 			if (random_get_bytes(keybuf, key_len) < 0)
2257 				return NULL;
2258 		}
2259 		os_memset(keybuf + key_len, 0, pad_len);
2260 		keybuf[key_len] = 0xdd;
2261 		key_len += pad_len;
2262 		key = keybuf;
2263 	} else if (conf->disable_gtk || sm->wpa_key_mgmt == WPA_KEY_MGMT_OSEN) {
2264 		/*
2265 		 * Provide unique random GTK to each STA to prevent use of GTK
2266 		 * in the BSS.
2267 		 */
2268 		if (random_get_bytes(keybuf, key_len) < 0)
2269 			return NULL;
2270 		key = keybuf;
2271 	} else {
2272 		key = gsm->GTK[gsm->GN - 1];
2273 	}
2274 
2275 	/*
2276 	 * Sub-elem ID[1] | Length[1] | Key Info[2] | Key Length[1] | RSC[8] |
2277 	 * Key[5..32].
2278 	 */
2279 	subelem_len = 13 + key_len + 8;
2280 	subelem = os_zalloc(subelem_len);
2281 	if (subelem == NULL)
2282 		return NULL;
2283 
2284 	subelem[0] = FTIE_SUBELEM_GTK;
2285 	subelem[1] = 11 + key_len + 8;
2286 	/* Key ID in B0-B1 of Key Info */
2287 	WPA_PUT_LE16(&subelem[2], gsm->GN & 0x03);
2288 	subelem[4] = gsm->GTK_len;
2289 	wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN, subelem + 5);
2290 	if (aes_wrap(kek, kek_len, key_len / 8, key, subelem + 13)) {
2291 		wpa_printf(MSG_DEBUG,
2292 			   "FT: GTK subelem encryption failed: kek_len=%d",
2293 			   (int) kek_len);
2294 		forced_memzero(keybuf, sizeof(keybuf));
2295 		os_free(subelem);
2296 		return NULL;
2297 	}
2298 
2299 	forced_memzero(keybuf, sizeof(keybuf));
2300 	*len = subelem_len;
2301 	return subelem;
2302 }
2303 
2304 
wpa_ft_igtk_subelem(struct wpa_state_machine * sm,size_t * len)2305 static u8 * wpa_ft_igtk_subelem(struct wpa_state_machine *sm, size_t *len)
2306 {
2307 	u8 *subelem, *pos;
2308 	struct wpa_auth_config *conf = &sm->wpa_auth->conf;
2309 	struct wpa_group *gsm = sm->group;
2310 	size_t subelem_len;
2311 	const u8 *kek, *igtk;
2312 	size_t kek_len;
2313 	size_t igtk_len;
2314 	u8 stub_igtk[WPA_IGTK_MAX_LEN];
2315 
2316 	if (wpa_key_mgmt_fils(sm->wpa_key_mgmt)) {
2317 		kek = sm->PTK.kek2;
2318 		kek_len = sm->PTK.kek2_len;
2319 	} else {
2320 		kek = sm->PTK.kek;
2321 		kek_len = sm->PTK.kek_len;
2322 	}
2323 
2324 	igtk_len = wpa_cipher_key_len(sm->wpa_auth->conf.group_mgmt_cipher);
2325 
2326 	/* Sub-elem ID[1] | Length[1] | KeyID[2] | IPN[6] | Key Length[1] |
2327 	 * Key[16+8] */
2328 	subelem_len = 1 + 1 + 2 + 6 + 1 + igtk_len + 8;
2329 	subelem = os_zalloc(subelem_len);
2330 	if (subelem == NULL)
2331 		return NULL;
2332 
2333 	pos = subelem;
2334 	*pos++ = FTIE_SUBELEM_IGTK;
2335 	*pos++ = subelem_len - 2;
2336 	WPA_PUT_LE16(pos, gsm->GN_igtk);
2337 	pos += 2;
2338 	wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN_igtk, pos);
2339 	pos += 6;
2340 	*pos++ = igtk_len;
2341 	igtk = gsm->IGTK[gsm->GN_igtk - 4];
2342 	if (conf->disable_gtk || sm->wpa_key_mgmt == WPA_KEY_MGMT_OSEN) {
2343 		/*
2344 		 * Provide unique random IGTK to each STA to prevent use of
2345 		 * IGTK in the BSS.
2346 		 */
2347 		if (random_get_bytes(stub_igtk, igtk_len / 8) < 0) {
2348 			os_free(subelem);
2349 			return NULL;
2350 		}
2351 		igtk = stub_igtk;
2352 	}
2353 	if (aes_wrap(kek, kek_len, igtk_len / 8, igtk, pos)) {
2354 		wpa_printf(MSG_DEBUG,
2355 			   "FT: IGTK subelem encryption failed: kek_len=%d",
2356 			   (int) kek_len);
2357 		os_free(subelem);
2358 		return NULL;
2359 	}
2360 
2361 	*len = subelem_len;
2362 	return subelem;
2363 }
2364 
2365 
wpa_ft_bigtk_subelem(struct wpa_state_machine * sm,size_t * len)2366 static u8 * wpa_ft_bigtk_subelem(struct wpa_state_machine *sm, size_t *len)
2367 {
2368 	u8 *subelem, *pos;
2369 	struct wpa_authenticator *wpa_auth = sm->wpa_auth;
2370 	struct wpa_group *gsm = wpa_auth->group;
2371 	size_t subelem_len;
2372 	const u8 *kek, *bigtk;
2373 	size_t kek_len;
2374 	size_t bigtk_len;
2375 	u8 stub_bigtk[WPA_IGTK_MAX_LEN];
2376 
2377 	if (wpa_key_mgmt_fils(sm->wpa_key_mgmt)) {
2378 		kek = sm->PTK.kek2;
2379 		kek_len = sm->PTK.kek2_len;
2380 	} else {
2381 		kek = sm->PTK.kek;
2382 		kek_len = sm->PTK.kek_len;
2383 	}
2384 
2385 	bigtk_len = wpa_cipher_key_len(wpa_auth->conf.group_mgmt_cipher);
2386 
2387 	/* Sub-elem ID[1] | Length[1] | KeyID[2] | BIPN[6] | Key Length[1] |
2388 	 * Key[16+8] */
2389 	subelem_len = 1 + 1 + 2 + 6 + 1 + bigtk_len + 8;
2390 	subelem = os_zalloc(subelem_len);
2391 	if (subelem == NULL)
2392 		return NULL;
2393 
2394 	pos = subelem;
2395 	*pos++ = FTIE_SUBELEM_BIGTK;
2396 	*pos++ = subelem_len - 2;
2397 	WPA_PUT_LE16(pos, gsm->GN_bigtk);
2398 	pos += 2;
2399 	wpa_auth_get_seqnum(wpa_auth, NULL, gsm->GN_bigtk, pos);
2400 	pos += 6;
2401 	*pos++ = bigtk_len;
2402 	bigtk = gsm->BIGTK[gsm->GN_bigtk - 6];
2403 	if (sm->wpa_key_mgmt == WPA_KEY_MGMT_OSEN) {
2404 		/*
2405 		 * Provide unique random BIGTK to each OSEN STA to prevent use
2406 		 * of BIGTK in the BSS.
2407 		 */
2408 		if (random_get_bytes(stub_bigtk, bigtk_len / 8) < 0) {
2409 			os_free(subelem);
2410 			return NULL;
2411 		}
2412 		bigtk = stub_bigtk;
2413 	}
2414 	if (aes_wrap(kek, kek_len, bigtk_len / 8, bigtk, pos)) {
2415 		wpa_printf(MSG_DEBUG,
2416 			   "FT: BIGTK subelem encryption failed: kek_len=%d",
2417 			   (int) kek_len);
2418 		os_free(subelem);
2419 		return NULL;
2420 	}
2421 
2422 	*len = subelem_len;
2423 	return subelem;
2424 }
2425 
2426 
wpa_ft_process_rdie(struct wpa_state_machine * sm,u8 * pos,u8 * end,u8 id,u8 descr_count,const u8 * ies,size_t ies_len)2427 static u8 * wpa_ft_process_rdie(struct wpa_state_machine *sm,
2428 				u8 *pos, u8 *end, u8 id, u8 descr_count,
2429 				const u8 *ies, size_t ies_len)
2430 {
2431 	struct ieee802_11_elems parse;
2432 	struct rsn_rdie *rdie;
2433 
2434 	wpa_printf(MSG_DEBUG, "FT: Resource Request: id=%d descr_count=%d",
2435 		   id, descr_count);
2436 	wpa_hexdump(MSG_MSGDUMP, "FT: Resource descriptor IE(s)",
2437 		    ies, ies_len);
2438 
2439 	if (end - pos < (int) sizeof(*rdie)) {
2440 		wpa_printf(MSG_ERROR, "FT: Not enough room for response RDIE");
2441 		return pos;
2442 	}
2443 
2444 	*pos++ = WLAN_EID_RIC_DATA;
2445 	*pos++ = sizeof(*rdie);
2446 	rdie = (struct rsn_rdie *) pos;
2447 	rdie->id = id;
2448 	rdie->descr_count = 0;
2449 	rdie->status_code = host_to_le16(WLAN_STATUS_SUCCESS);
2450 	pos += sizeof(*rdie);
2451 
2452 	if (ieee802_11_parse_elems((u8 *) ies, ies_len, &parse, 1) ==
2453 	    ParseFailed) {
2454 		wpa_printf(MSG_DEBUG, "FT: Failed to parse request IEs");
2455 		rdie->status_code =
2456 			host_to_le16(WLAN_STATUS_UNSPECIFIED_FAILURE);
2457 		return pos;
2458 	}
2459 
2460 	if (parse.wmm_tspec) {
2461 		struct wmm_tspec_element *tspec;
2462 
2463 		if (parse.wmm_tspec_len + 2 < (int) sizeof(*tspec)) {
2464 			wpa_printf(MSG_DEBUG, "FT: Too short WMM TSPEC IE "
2465 				   "(%d)", (int) parse.wmm_tspec_len);
2466 			rdie->status_code =
2467 				host_to_le16(WLAN_STATUS_UNSPECIFIED_FAILURE);
2468 			return pos;
2469 		}
2470 		if (end - pos < (int) sizeof(*tspec)) {
2471 			wpa_printf(MSG_ERROR, "FT: Not enough room for "
2472 				   "response TSPEC");
2473 			rdie->status_code =
2474 				host_to_le16(WLAN_STATUS_UNSPECIFIED_FAILURE);
2475 			return pos;
2476 		}
2477 		tspec = (struct wmm_tspec_element *) pos;
2478 		os_memcpy(tspec, parse.wmm_tspec - 2, sizeof(*tspec));
2479 	}
2480 
2481 #ifdef NEED_AP_MLME
2482 	if (parse.wmm_tspec && sm->wpa_auth->conf.ap_mlme) {
2483 		int res;
2484 
2485 		res = wmm_process_tspec((struct wmm_tspec_element *) pos);
2486 		wpa_printf(MSG_DEBUG, "FT: ADDTS processing result: %d", res);
2487 		if (res == WMM_ADDTS_STATUS_INVALID_PARAMETERS)
2488 			rdie->status_code =
2489 				host_to_le16(WLAN_STATUS_INVALID_PARAMETERS);
2490 		else if (res == WMM_ADDTS_STATUS_REFUSED)
2491 			rdie->status_code =
2492 				host_to_le16(WLAN_STATUS_REQUEST_DECLINED);
2493 		else {
2494 			/* TSPEC accepted; include updated TSPEC in response */
2495 			rdie->descr_count = 1;
2496 			pos += sizeof(struct wmm_tspec_element);
2497 		}
2498 		return pos;
2499 	}
2500 #endif /* NEED_AP_MLME */
2501 
2502 	if (parse.wmm_tspec && !sm->wpa_auth->conf.ap_mlme) {
2503 		int res;
2504 
2505 		res = wpa_ft_add_tspec(sm->wpa_auth, sm->addr, pos,
2506 				       sizeof(struct wmm_tspec_element));
2507 		if (res >= 0) {
2508 			if (res)
2509 				rdie->status_code = host_to_le16(res);
2510 			else {
2511 				/* TSPEC accepted; include updated TSPEC in
2512 				 * response */
2513 				rdie->descr_count = 1;
2514 				pos += sizeof(struct wmm_tspec_element);
2515 			}
2516 			return pos;
2517 		}
2518 	}
2519 
2520 	wpa_printf(MSG_DEBUG, "FT: No supported resource requested");
2521 	rdie->status_code = host_to_le16(WLAN_STATUS_UNSPECIFIED_FAILURE);
2522 	return pos;
2523 }
2524 
2525 
wpa_ft_process_ric(struct wpa_state_machine * sm,u8 * pos,u8 * end,const u8 * ric,size_t ric_len)2526 static u8 * wpa_ft_process_ric(struct wpa_state_machine *sm, u8 *pos, u8 *end,
2527 			       const u8 *ric, size_t ric_len)
2528 {
2529 	const u8 *rpos, *start;
2530 	const struct rsn_rdie *rdie;
2531 
2532 	wpa_hexdump(MSG_MSGDUMP, "FT: RIC Request", ric, ric_len);
2533 
2534 	rpos = ric;
2535 	while (rpos + sizeof(*rdie) < ric + ric_len) {
2536 		if (rpos[0] != WLAN_EID_RIC_DATA || rpos[1] < sizeof(*rdie) ||
2537 		    rpos + 2 + rpos[1] > ric + ric_len)
2538 			break;
2539 		rdie = (const struct rsn_rdie *) (rpos + 2);
2540 		rpos += 2 + rpos[1];
2541 		start = rpos;
2542 
2543 		while (rpos + 2 <= ric + ric_len &&
2544 		       rpos + 2 + rpos[1] <= ric + ric_len) {
2545 			if (rpos[0] == WLAN_EID_RIC_DATA)
2546 				break;
2547 			rpos += 2 + rpos[1];
2548 		}
2549 		pos = wpa_ft_process_rdie(sm, pos, end, rdie->id,
2550 					  rdie->descr_count,
2551 					  start, rpos - start);
2552 	}
2553 
2554 	return pos;
2555 }
2556 
2557 
wpa_sm_write_assoc_resp_ies(struct wpa_state_machine * sm,u8 * pos,size_t max_len,int auth_alg,const u8 * req_ies,size_t req_ies_len,int omit_rsnxe)2558 u8 * wpa_sm_write_assoc_resp_ies(struct wpa_state_machine *sm, u8 *pos,
2559 				 size_t max_len, int auth_alg,
2560 				 const u8 *req_ies, size_t req_ies_len,
2561 				 int omit_rsnxe)
2562 {
2563 	u8 *end, *mdie, *ftie, *rsnie = NULL, *r0kh_id, *subelem = NULL;
2564 	u8 *fte_mic, *elem_count;
2565 	size_t mdie_len, ftie_len, rsnie_len = 0, r0kh_id_len, subelem_len = 0;
2566 	u8 rsnxe_buf[10], *rsnxe = rsnxe_buf;
2567 	size_t rsnxe_len;
2568 	int rsnxe_used;
2569 	int res;
2570 	struct wpa_auth_config *conf;
2571 	struct wpa_ft_ies parse;
2572 	u8 *ric_start;
2573 	u8 *anonce, *snonce;
2574 	const u8 *kck;
2575 	size_t kck_len;
2576 	size_t key_len;
2577 
2578 	if (sm == NULL)
2579 		return pos;
2580 
2581 	conf = &sm->wpa_auth->conf;
2582 
2583 	if (!wpa_key_mgmt_ft(sm->wpa_key_mgmt))
2584 		return pos;
2585 
2586 	end = pos + max_len;
2587 
2588 #ifdef CONFIG_TESTING_OPTIONS
2589 	if (auth_alg == WLAN_AUTH_FT &&
2590 	    sm->wpa_auth->conf.rsne_override_ft_set) {
2591 		wpa_printf(MSG_DEBUG,
2592 			   "TESTING: RSNE FT override for MIC calculation");
2593 		rsnie = sm->wpa_auth->conf.rsne_override_ft;
2594 		rsnie_len = sm->wpa_auth->conf.rsne_override_ft_len;
2595 		if (end - pos < (long int) rsnie_len)
2596 			return pos;
2597 		os_memcpy(pos, rsnie, rsnie_len);
2598 		rsnie = pos;
2599 		pos += rsnie_len;
2600 		if (rsnie_len > PMKID_LEN && sm->pmk_r1_name_valid) {
2601 			int idx;
2602 
2603 			/* Replace all 0xff PMKID with the valid PMKR1Name */
2604 			for (idx = 0; idx < PMKID_LEN; idx++) {
2605 				if (rsnie[rsnie_len - 1 - idx] != 0xff)
2606 					break;
2607 			}
2608 			if (idx == PMKID_LEN)
2609 				os_memcpy(&rsnie[rsnie_len - PMKID_LEN],
2610 					  sm->pmk_r1_name, WPA_PMK_NAME_LEN);
2611 		}
2612 	} else
2613 #endif /* CONFIG_TESTING_OPTIONS */
2614 	if (auth_alg == WLAN_AUTH_FT ||
2615 	    ((auth_alg == WLAN_AUTH_FILS_SK ||
2616 	      auth_alg == WLAN_AUTH_FILS_SK_PFS ||
2617 	      auth_alg == WLAN_AUTH_FILS_PK) &&
2618 	     (sm->wpa_key_mgmt & (WPA_KEY_MGMT_FT_FILS_SHA256 |
2619 				  WPA_KEY_MGMT_FT_FILS_SHA384)))) {
2620 		if (!sm->pmk_r1_name_valid) {
2621 			wpa_printf(MSG_ERROR,
2622 				   "FT: PMKR1Name is not valid for Assoc Resp RSNE");
2623 			return NULL;
2624 		}
2625 		wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name for Assoc Resp RSNE",
2626 			    sm->pmk_r1_name, WPA_PMK_NAME_LEN);
2627 		/*
2628 		 * RSN (only present if this is a Reassociation Response and
2629 		 * part of a fast BSS transition; or if this is a
2630 		 * (Re)Association Response frame during an FT initial mobility
2631 		 * domain association using FILS)
2632 		 */
2633 		res = wpa_write_rsn_ie(conf, pos, end - pos, sm->pmk_r1_name);
2634 		if (res < 0)
2635 			return NULL;
2636 		rsnie = pos;
2637 		rsnie_len = res;
2638 		pos += res;
2639 	}
2640 
2641 	/* Mobility Domain Information */
2642 	res = wpa_write_mdie(conf, pos, end - pos);
2643 	if (res < 0)
2644 		return NULL;
2645 	mdie = pos;
2646 	mdie_len = res;
2647 	pos += res;
2648 
2649 	/* Fast BSS Transition Information */
2650 	if (auth_alg == WLAN_AUTH_FT) {
2651 		subelem = wpa_ft_gtk_subelem(sm, &subelem_len);
2652 		if (!subelem) {
2653 			wpa_printf(MSG_DEBUG,
2654 				   "FT: Failed to add GTK subelement");
2655 			return NULL;
2656 		}
2657 		r0kh_id = sm->r0kh_id;
2658 		r0kh_id_len = sm->r0kh_id_len;
2659 		anonce = sm->ANonce;
2660 		snonce = sm->SNonce;
2661 		if (sm->mgmt_frame_prot) {
2662 			u8 *igtk;
2663 			size_t igtk_len;
2664 			u8 *nbuf;
2665 			igtk = wpa_ft_igtk_subelem(sm, &igtk_len);
2666 			if (igtk == NULL) {
2667 				wpa_printf(MSG_DEBUG,
2668 					   "FT: Failed to add IGTK subelement");
2669 				os_free(subelem);
2670 				return NULL;
2671 			}
2672 			nbuf = os_realloc(subelem, subelem_len + igtk_len);
2673 			if (nbuf == NULL) {
2674 				os_free(subelem);
2675 				os_free(igtk);
2676 				return NULL;
2677 			}
2678 			subelem = nbuf;
2679 			os_memcpy(subelem + subelem_len, igtk, igtk_len);
2680 			subelem_len += igtk_len;
2681 			os_free(igtk);
2682 		}
2683 		if (sm->mgmt_frame_prot && conf->beacon_prot) {
2684 			u8 *bigtk;
2685 			size_t bigtk_len;
2686 			u8 *nbuf;
2687 
2688 			bigtk = wpa_ft_bigtk_subelem(sm, &bigtk_len);
2689 			if (!bigtk) {
2690 				wpa_printf(MSG_DEBUG,
2691 					   "FT: Failed to add BIGTK subelement");
2692 				os_free(subelem);
2693 				return NULL;
2694 			}
2695 			nbuf = os_realloc(subelem, subelem_len + bigtk_len);
2696 			if (!nbuf) {
2697 				os_free(subelem);
2698 				os_free(bigtk);
2699 				return NULL;
2700 			}
2701 			subelem = nbuf;
2702 			os_memcpy(subelem + subelem_len, bigtk, bigtk_len);
2703 			subelem_len += bigtk_len;
2704 			os_free(bigtk);
2705 		}
2706 #ifdef CONFIG_OCV
2707 		if (wpa_auth_uses_ocv(sm)) {
2708 			struct wpa_channel_info ci;
2709 			u8 *nbuf, *ocipos;
2710 
2711 			if (wpa_channel_info(sm->wpa_auth, &ci) != 0) {
2712 				wpa_printf(MSG_WARNING,
2713 					   "Failed to get channel info for OCI element");
2714 				os_free(subelem);
2715 				return NULL;
2716 			}
2717 #ifdef CONFIG_TESTING_OPTIONS
2718 			if (conf->oci_freq_override_ft_assoc) {
2719 				wpa_printf(MSG_INFO,
2720 					   "TEST: Override OCI frequency %d -> %u MHz",
2721 					   ci.frequency,
2722 					   conf->oci_freq_override_ft_assoc);
2723 				ci.frequency = conf->oci_freq_override_ft_assoc;
2724 			}
2725 #endif /* CONFIG_TESTING_OPTIONS */
2726 
2727 			subelem_len += 2 + OCV_OCI_LEN;
2728 			nbuf = os_realloc(subelem, subelem_len);
2729 			if (!nbuf) {
2730 				os_free(subelem);
2731 				return NULL;
2732 			}
2733 			subelem = nbuf;
2734 
2735 			ocipos = subelem + subelem_len - 2 - OCV_OCI_LEN;
2736 			*ocipos++ = FTIE_SUBELEM_OCI;
2737 			*ocipos++ = OCV_OCI_LEN;
2738 			if (ocv_insert_oci(&ci, &ocipos) < 0) {
2739 				os_free(subelem);
2740 				return NULL;
2741 			}
2742 		}
2743 #endif /* CONFIG_OCV */
2744 	} else {
2745 		r0kh_id = conf->r0_key_holder;
2746 		r0kh_id_len = conf->r0_key_holder_len;
2747 		anonce = NULL;
2748 		snonce = NULL;
2749 	}
2750 	rsnxe_used = (auth_alg == WLAN_AUTH_FT) &&
2751 		(conf->sae_pwe == SAE_PWE_HASH_TO_ELEMENT ||
2752 		 conf->sae_pwe == SAE_PWE_BOTH);
2753 #ifdef CONFIG_TESTING_OPTIONS
2754 	if (sm->wpa_auth->conf.ft_rsnxe_used) {
2755 		rsnxe_used = sm->wpa_auth->conf.ft_rsnxe_used == 1;
2756 		wpa_printf(MSG_DEBUG, "TESTING: FT: Force RSNXE Used %d",
2757 			   rsnxe_used);
2758 	}
2759 #endif /* CONFIG_TESTING_OPTIONS */
2760 	key_len = sm->xxkey_len;
2761 	if (!key_len)
2762 		key_len = sm->pmk_r1_len;
2763 	if (!key_len && sm->wpa_key_mgmt == WPA_KEY_MGMT_FT_SAE_EXT_KEY &&
2764 	    sm->wpa_auth->cb->get_psk) {
2765 		size_t psk_len;
2766 
2767 		if (sm->wpa_auth->cb->get_psk(sm->wpa_auth->cb_ctx,
2768 					      sm->addr, sm->p2p_dev_addr,
2769 					      NULL, &psk_len, NULL))
2770 			key_len = psk_len;
2771 	}
2772 	res = wpa_write_ftie(conf, sm->wpa_key_mgmt, key_len,
2773 			     r0kh_id, r0kh_id_len,
2774 			     anonce, snonce, pos, end - pos,
2775 			     subelem, subelem_len, rsnxe_used);
2776 	os_free(subelem);
2777 	if (res < 0)
2778 		return NULL;
2779 	ftie = pos;
2780 	ftie_len = res;
2781 	pos += res;
2782 
2783 	if (sm->wpa_key_mgmt == WPA_KEY_MGMT_FT_SAE_EXT_KEY &&
2784 	    key_len == SHA512_MAC_LEN) {
2785 		struct rsn_ftie_sha512 *_ftie =
2786 			(struct rsn_ftie_sha512 *) (ftie + 2);
2787 
2788 		fte_mic = _ftie->mic;
2789 		elem_count = &_ftie->mic_control[1];
2790 	} else if ((sm->wpa_key_mgmt == WPA_KEY_MGMT_FT_SAE_EXT_KEY &&
2791 		    key_len == SHA384_MAC_LEN) ||
2792 		   wpa_key_mgmt_sha384(sm->wpa_key_mgmt)) {
2793 		struct rsn_ftie_sha384 *_ftie =
2794 			(struct rsn_ftie_sha384 *) (ftie + 2);
2795 
2796 		fte_mic = _ftie->mic;
2797 		elem_count = &_ftie->mic_control[1];
2798 	} else {
2799 		struct rsn_ftie *_ftie = (struct rsn_ftie *) (ftie + 2);
2800 
2801 		fte_mic = _ftie->mic;
2802 		elem_count = &_ftie->mic_control[1];
2803 	}
2804 	if (auth_alg == WLAN_AUTH_FT)
2805 		*elem_count = 3; /* Information element count */
2806 
2807 	ric_start = pos;
2808 	if (wpa_ft_parse_ies(req_ies, req_ies_len, &parse,
2809 			     sm->wpa_key_mgmt, false) == 0 && parse.ric) {
2810 		pos = wpa_ft_process_ric(sm, pos, end, parse.ric,
2811 					 parse.ric_len);
2812 		if (auth_alg == WLAN_AUTH_FT)
2813 			*elem_count +=
2814 				ieee802_11_ie_count(ric_start,
2815 						    pos - ric_start);
2816 	}
2817 	if (ric_start == pos)
2818 		ric_start = NULL;
2819 
2820 	if (omit_rsnxe) {
2821 		rsnxe_len = 0;
2822 	} else {
2823 		res = wpa_write_rsnxe(&sm->wpa_auth->conf, rsnxe,
2824 				      sizeof(rsnxe_buf));
2825 		if (res < 0) {
2826 			pos = NULL;
2827 			goto fail;
2828 		}
2829 		rsnxe_len = res;
2830 	}
2831 #ifdef CONFIG_TESTING_OPTIONS
2832 	if (auth_alg == WLAN_AUTH_FT &&
2833 	    sm->wpa_auth->conf.rsnxe_override_ft_set) {
2834 		wpa_printf(MSG_DEBUG,
2835 			   "TESTING: RSNXE FT override for MIC calculation");
2836 		rsnxe = sm->wpa_auth->conf.rsnxe_override_ft;
2837 		rsnxe_len = sm->wpa_auth->conf.rsnxe_override_ft_len;
2838 	}
2839 #endif /* CONFIG_TESTING_OPTIONS */
2840 	if (auth_alg == WLAN_AUTH_FT && rsnxe_len)
2841 		*elem_count += 1;
2842 
2843 	if (wpa_key_mgmt_fils(sm->wpa_key_mgmt)) {
2844 		kck = sm->PTK.kck2;
2845 		kck_len = sm->PTK.kck2_len;
2846 	} else {
2847 		kck = sm->PTK.kck;
2848 		kck_len = sm->PTK.kck_len;
2849 	}
2850 	if (auth_alg == WLAN_AUTH_FT &&
2851 	    wpa_ft_mic(sm->wpa_key_mgmt, kck, kck_len,
2852 		       sm->addr, sm->wpa_auth->addr, 6,
2853 		       mdie, mdie_len, ftie, ftie_len,
2854 		       rsnie, rsnie_len,
2855 		       ric_start, ric_start ? pos - ric_start : 0,
2856 		       rsnxe_len ? rsnxe : NULL, rsnxe_len,
2857 		       NULL,
2858 		       fte_mic) < 0) {
2859 		wpa_printf(MSG_DEBUG, "FT: Failed to calculate MIC");
2860 		pos = NULL;
2861 		goto fail;
2862 	}
2863 
2864 	os_free(sm->assoc_resp_ftie);
2865 	sm->assoc_resp_ftie = os_malloc(ftie_len);
2866 	if (!sm->assoc_resp_ftie) {
2867 		pos = NULL;
2868 		goto fail;
2869 	}
2870 	os_memcpy(sm->assoc_resp_ftie, ftie, ftie_len);
2871 
2872 fail:
2873 	wpa_ft_parse_ies_free(&parse);
2874 	return pos;
2875 }
2876 
2877 
wpa_auth_set_key(struct wpa_authenticator * wpa_auth,int vlan_id,enum wpa_alg alg,const u8 * addr,int idx,u8 * key,size_t key_len,enum key_flag key_flag)2878 static inline int wpa_auth_set_key(struct wpa_authenticator *wpa_auth,
2879 				   int vlan_id,
2880 				   enum wpa_alg alg, const u8 *addr, int idx,
2881 				   u8 *key, size_t key_len,
2882 				   enum key_flag key_flag)
2883 {
2884 	if (wpa_auth->cb->set_key == NULL)
2885 		return -1;
2886 	return wpa_auth->cb->set_key(wpa_auth->cb_ctx, vlan_id, alg, addr, idx,
2887 				     key, key_len, key_flag);
2888 }
2889 
2890 
2891 #ifdef CONFIG_PASN
wpa_auth_set_ltf_keyseed(struct wpa_authenticator * wpa_auth,const u8 * peer_addr,const u8 * ltf_keyseed,size_t ltf_keyseed_len)2892 static inline int wpa_auth_set_ltf_keyseed(struct wpa_authenticator *wpa_auth,
2893 					   const u8 *peer_addr,
2894 					   const u8 *ltf_keyseed,
2895 					   size_t ltf_keyseed_len)
2896 {
2897 	if (!wpa_auth->cb->set_ltf_keyseed)
2898 		return -1;
2899 	return wpa_auth->cb->set_ltf_keyseed(wpa_auth->cb_ctx, peer_addr,
2900 					     ltf_keyseed, ltf_keyseed_len);
2901 }
2902 #endif /* CONFIG_PASN */
2903 
2904 
wpa_auth_add_sta_ft(struct wpa_authenticator * wpa_auth,const u8 * addr)2905 static inline int wpa_auth_add_sta_ft(struct wpa_authenticator *wpa_auth,
2906 				      const u8 *addr)
2907 {
2908 	if (!wpa_auth->cb->add_sta_ft)
2909 		return -1;
2910 	return wpa_auth->cb->add_sta_ft(wpa_auth->cb_ctx, addr);
2911 }
2912 
2913 
wpa_ft_install_ptk(struct wpa_state_machine * sm,int retry)2914 void wpa_ft_install_ptk(struct wpa_state_machine *sm, int retry)
2915 {
2916 	enum wpa_alg alg;
2917 	int klen;
2918 
2919 	/* MLME-SETKEYS.request(PTK) */
2920 	alg = wpa_cipher_to_alg(sm->pairwise);
2921 	klen = wpa_cipher_key_len(sm->pairwise);
2922 	if (!wpa_cipher_valid_pairwise(sm->pairwise)) {
2923 		wpa_printf(MSG_DEBUG, "FT: Unknown pairwise alg 0x%x - skip "
2924 			   "PTK configuration", sm->pairwise);
2925 		return;
2926 	}
2927 
2928 	if (sm->tk_already_set) {
2929 		/* Must avoid TK reconfiguration to prevent clearing of TX/RX
2930 		 * PN in the driver */
2931 		wpa_printf(MSG_DEBUG,
2932 			   "FT: Do not re-install same PTK to the driver");
2933 		return;
2934 	}
2935 
2936 	if (!retry)
2937 		wpa_auth_add_sta_ft(sm->wpa_auth, sm->addr);
2938 
2939 	/* FIX: add STA entry to kernel/driver here? The set_key will fail
2940 	 * most likely without this.. At the moment, STA entry is added only
2941 	 * after association has been completed. This function will be called
2942 	 * again after association to get the PTK configured, but that could be
2943 	 * optimized by adding the STA entry earlier.
2944 	 */
2945 	if (wpa_auth_set_key(sm->wpa_auth, 0, alg, sm->addr, sm->keyidx_active,
2946 			     sm->PTK.tk, klen, KEY_FLAG_PAIRWISE_RX_TX))
2947 		return;
2948 
2949 #ifdef CONFIG_PASN
2950 	if (sm->wpa_auth->conf.secure_ltf &&
2951 	    ieee802_11_rsnx_capab(sm->rsnxe, WLAN_RSNX_CAPAB_SECURE_LTF) &&
2952 	    wpa_auth_set_ltf_keyseed(sm->wpa_auth, sm->addr,
2953 				     sm->PTK.ltf_keyseed,
2954 				     sm->PTK.ltf_keyseed_len)) {
2955 		wpa_printf(MSG_ERROR,
2956 			   "FT: Failed to set LTF keyseed to driver");
2957 		return;
2958 	}
2959 #endif /* CONFIG_PASN */
2960 
2961 	/* FIX: MLME-SetProtection.Request(TA, Tx_Rx) */
2962 	sm->pairwise_set = true;
2963 	sm->tk_already_set = true;
2964 
2965 	wpa_auth_store_ptksa(sm->wpa_auth, sm->addr, sm->pairwise,
2966 			     dot11RSNAConfigPMKLifetime, &sm->PTK);
2967 }
2968 
2969 
2970 /* Derive PMK-R1 from PSK, check all available PSK */
wpa_ft_psk_pmk_r1(struct wpa_state_machine * sm,const u8 * req_pmk_r1_name,u8 * out_pmk_r1,int * out_pairwise,struct vlan_description * out_vlan,const u8 ** out_identity,size_t * out_identity_len,const u8 ** out_radius_cui,size_t * out_radius_cui_len,int * out_session_timeout)2971 static int wpa_ft_psk_pmk_r1(struct wpa_state_machine *sm,
2972 			     const u8 *req_pmk_r1_name,
2973 			     u8 *out_pmk_r1, int *out_pairwise,
2974 			     struct vlan_description *out_vlan,
2975 			     const u8 **out_identity, size_t *out_identity_len,
2976 			     const u8 **out_radius_cui,
2977 			     size_t *out_radius_cui_len,
2978 			     int *out_session_timeout)
2979 {
2980 	const u8 *pmk = NULL;
2981 	u8 pmk_r0[PMK_LEN], pmk_r0_name[WPA_PMK_NAME_LEN];
2982 	u8 pmk_r1[PMK_LEN], pmk_r1_name[WPA_PMK_NAME_LEN];
2983 	struct wpa_authenticator *wpa_auth = sm->wpa_auth;
2984 	const u8 *mdid = wpa_auth->conf.mobility_domain;
2985 	const u8 *r0kh = sm->r0kh_id;
2986 	size_t r0kh_len = sm->r0kh_id_len;
2987 	const u8 *r1kh = wpa_auth->conf.r1_key_holder;
2988 	const u8 *ssid = wpa_auth->conf.ssid;
2989 	size_t ssid_len = wpa_auth->conf.ssid_len;
2990 	int pairwise;
2991 
2992 	pairwise = sm->pairwise;
2993 
2994 	for (;;) {
2995 		pmk = wpa_ft_get_psk(wpa_auth, sm->addr, sm->p2p_dev_addr,
2996 				     pmk);
2997 		if (pmk == NULL)
2998 			break;
2999 
3000 		if (wpa_derive_pmk_r0(pmk, PMK_LEN, ssid, ssid_len, mdid, r0kh,
3001 				      r0kh_len, sm->addr,
3002 				      pmk_r0, pmk_r0_name,
3003 				      WPA_KEY_MGMT_FT_PSK) < 0 ||
3004 		    wpa_derive_pmk_r1(pmk_r0, PMK_LEN, pmk_r0_name, r1kh,
3005 				      sm->addr, pmk_r1, pmk_r1_name) < 0 ||
3006 		    os_memcmp_const(pmk_r1_name, req_pmk_r1_name,
3007 				    WPA_PMK_NAME_LEN) != 0)
3008 			continue;
3009 
3010 		/* We found a PSK that matches the requested pmk_r1_name */
3011 		wpa_printf(MSG_DEBUG,
3012 			   "FT: Found PSK to generate PMK-R1 locally");
3013 		os_memcpy(out_pmk_r1, pmk_r1, PMK_LEN);
3014 		if (out_pairwise)
3015 			*out_pairwise = pairwise;
3016 		os_memcpy(sm->PMK, pmk, PMK_LEN);
3017 		sm->pmk_len = PMK_LEN;
3018 		if (out_vlan &&
3019 		    wpa_ft_get_vlan(sm->wpa_auth, sm->addr, out_vlan) < 0) {
3020 			wpa_printf(MSG_DEBUG, "FT: vlan not available for STA "
3021 				   MACSTR, MAC2STR(sm->addr));
3022 			return -1;
3023 		}
3024 
3025 		if (out_identity && out_identity_len) {
3026 			*out_identity_len = wpa_ft_get_identity(
3027 				sm->wpa_auth, sm->addr, out_identity);
3028 		}
3029 
3030 		if (out_radius_cui && out_radius_cui_len) {
3031 			*out_radius_cui_len = wpa_ft_get_radius_cui(
3032 				sm->wpa_auth, sm->addr, out_radius_cui);
3033 		}
3034 
3035 		if (out_session_timeout) {
3036 			*out_session_timeout = wpa_ft_get_session_timeout(
3037 				sm->wpa_auth, sm->addr);
3038 		}
3039 
3040 		return 0;
3041 	}
3042 
3043 	wpa_printf(MSG_DEBUG,
3044 		   "FT: Did not find PSK to generate PMK-R1 locally");
3045 	return -1;
3046 }
3047 
3048 
3049 /* Detect the configuration the station asked for.
3050  * Required to detect FT-PSK and pairwise cipher.
3051  */
wpa_ft_set_key_mgmt(struct wpa_state_machine * sm,struct wpa_ft_ies * parse)3052 static int wpa_ft_set_key_mgmt(struct wpa_state_machine *sm,
3053 			       struct wpa_ft_ies *parse)
3054 {
3055 	int key_mgmt, ciphers;
3056 
3057 	if (sm->wpa_key_mgmt)
3058 		return 0;
3059 
3060 	key_mgmt = parse->key_mgmt & sm->wpa_auth->conf.wpa_key_mgmt;
3061 	if (!key_mgmt) {
3062 		wpa_printf(MSG_DEBUG, "FT: Invalid key mgmt (0x%x) from "
3063 			   MACSTR, parse->key_mgmt, MAC2STR(sm->addr));
3064 		return -1;
3065 	}
3066 	if (key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X)
3067 		sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_IEEE8021X;
3068 #ifdef CONFIG_SHA384
3069 	else if (key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X_SHA384)
3070 		sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_IEEE8021X_SHA384;
3071 #endif /* CONFIG_SHA384 */
3072 	else if (key_mgmt & WPA_KEY_MGMT_FT_PSK)
3073 		sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_PSK;
3074 #ifdef CONFIG_FILS
3075 	else if (key_mgmt & WPA_KEY_MGMT_FT_FILS_SHA256)
3076 		sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_FILS_SHA256;
3077 	else if (key_mgmt & WPA_KEY_MGMT_FT_FILS_SHA384)
3078 		sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_FILS_SHA384;
3079 #endif /* CONFIG_FILS */
3080 	ciphers = parse->pairwise_cipher & sm->wpa_auth->conf.rsn_pairwise;
3081 	if (!ciphers) {
3082 		wpa_printf(MSG_DEBUG, "FT: Invalid pairwise cipher (0x%x) from "
3083 			   MACSTR,
3084 			   parse->pairwise_cipher, MAC2STR(sm->addr));
3085 		return -1;
3086 	}
3087 	sm->pairwise = wpa_pick_pairwise_cipher(ciphers, 0);
3088 
3089 	return 0;
3090 }
3091 
3092 
wpa_ft_local_derive_pmk_r1(struct wpa_authenticator * wpa_auth,struct wpa_state_machine * sm,const u8 * r0kh_id,size_t r0kh_id_len,const u8 * req_pmk_r0_name,u8 * out_pmk_r1_name,u8 * out_pmk_r1,int * out_pairwise,struct vlan_description * vlan,const u8 ** identity,size_t * identity_len,const u8 ** radius_cui,size_t * radius_cui_len,int * out_session_timeout,size_t * pmk_r1_len)3093 static int wpa_ft_local_derive_pmk_r1(struct wpa_authenticator *wpa_auth,
3094 				      struct wpa_state_machine *sm,
3095 				      const u8 *r0kh_id, size_t r0kh_id_len,
3096 				      const u8 *req_pmk_r0_name,
3097 				      u8 *out_pmk_r1_name,
3098 				      u8 *out_pmk_r1, int *out_pairwise,
3099 				      struct vlan_description *vlan,
3100 				      const u8 **identity, size_t *identity_len,
3101 				      const u8 **radius_cui,
3102 				      size_t *radius_cui_len,
3103 				      int *out_session_timeout,
3104 				      size_t *pmk_r1_len)
3105 {
3106 	struct wpa_auth_config *conf = &wpa_auth->conf;
3107 	const struct wpa_ft_pmk_r0_sa *r0;
3108 	int expires_in = 0;
3109 	int session_timeout = 0;
3110 	struct os_reltime now;
3111 
3112 	if (conf->r0_key_holder_len != r0kh_id_len ||
3113 	    os_memcmp(conf->r0_key_holder, r0kh_id, conf->r0_key_holder_len) !=
3114 	    0)
3115 		return -1; /* not our R0KH-ID */
3116 
3117 	wpa_printf(MSG_DEBUG, "FT: STA R0KH-ID matching local configuration");
3118 	if (wpa_ft_fetch_pmk_r0(sm->wpa_auth, sm->addr, req_pmk_r0_name, &r0) <
3119 	    0)
3120 		return -1; /* no matching PMKR0Name in local cache */
3121 
3122 	wpa_printf(MSG_DEBUG, "FT: Requested PMKR0Name found in local cache");
3123 
3124 	if (wpa_derive_pmk_r1(r0->pmk_r0, r0->pmk_r0_len, r0->pmk_r0_name,
3125 			      conf->r1_key_holder,
3126 			      sm->addr, out_pmk_r1, out_pmk_r1_name) < 0)
3127 		return -1;
3128 
3129 	os_get_reltime(&now);
3130 	if (r0->expiration)
3131 		expires_in = r0->expiration - now.sec;
3132 
3133 	if (r0->session_timeout)
3134 		session_timeout = r0->session_timeout - now.sec;
3135 
3136 	wpa_ft_store_pmk_r1(wpa_auth, sm->addr, out_pmk_r1, r0->pmk_r0_len,
3137 			    out_pmk_r1_name,
3138 			    sm->pairwise, r0->vlan, expires_in, session_timeout,
3139 			    r0->identity, r0->identity_len,
3140 			    r0->radius_cui, r0->radius_cui_len);
3141 
3142 	*out_pairwise = sm->pairwise;
3143 	if (vlan) {
3144 		if (r0->vlan)
3145 			*vlan = *r0->vlan;
3146 		else
3147 			os_memset(vlan, 0, sizeof(*vlan));
3148 	}
3149 
3150 	if (identity && identity_len) {
3151 		*identity = r0->identity;
3152 		*identity_len = r0->identity_len;
3153 	}
3154 
3155 	if (radius_cui && radius_cui_len) {
3156 		*radius_cui = r0->radius_cui;
3157 		*radius_cui_len = r0->radius_cui_len;
3158 	}
3159 
3160 	*out_session_timeout = session_timeout;
3161 
3162 	*pmk_r1_len = r0->pmk_r0_len;
3163 
3164 	return 0;
3165 }
3166 
3167 
wpa_ft_process_auth_req(struct wpa_state_machine * sm,const u8 * ies,size_t ies_len,u8 ** resp_ies,size_t * resp_ies_len)3168 static int wpa_ft_process_auth_req(struct wpa_state_machine *sm,
3169 				   const u8 *ies, size_t ies_len,
3170 				   u8 **resp_ies, size_t *resp_ies_len)
3171 {
3172 	struct rsn_mdie *mdie;
3173 	u8 pmk_r1[PMK_LEN_MAX], pmk_r1_name[WPA_PMK_NAME_LEN];
3174 	u8 ptk_name[WPA_PMK_NAME_LEN];
3175 	struct wpa_auth_config *conf;
3176 	struct wpa_ft_ies parse;
3177 	size_t buflen;
3178 	int ret;
3179 	u8 *pos, *end;
3180 	int pairwise, session_timeout = 0;
3181 	struct vlan_description vlan;
3182 	const u8 *identity, *radius_cui;
3183 	size_t identity_len = 0, radius_cui_len = 0;
3184 	size_t pmk_r1_len, kdk_len, len;
3185 	int retval = WLAN_STATUS_UNSPECIFIED_FAILURE;
3186 
3187 	*resp_ies = NULL;
3188 	*resp_ies_len = 0;
3189 
3190 	sm->pmk_r1_name_valid = 0;
3191 	conf = &sm->wpa_auth->conf;
3192 
3193 	wpa_hexdump(MSG_DEBUG, "FT: Received authentication frame IEs",
3194 		    ies, ies_len);
3195 
3196 	if (wpa_ft_parse_ies(ies, ies_len, &parse, 0, false)) {
3197 		wpa_printf(MSG_DEBUG, "FT: Failed to parse FT IEs");
3198 		return WLAN_STATUS_UNSPECIFIED_FAILURE;
3199 	}
3200 
3201 	mdie = (struct rsn_mdie *) parse.mdie;
3202 	if (mdie == NULL || parse.mdie_len < sizeof(*mdie) ||
3203 	    os_memcmp(mdie->mobility_domain,
3204 		      sm->wpa_auth->conf.mobility_domain,
3205 		      MOBILITY_DOMAIN_ID_LEN) != 0) {
3206 		wpa_printf(MSG_DEBUG, "FT: Invalid MDIE");
3207 		retval = WLAN_STATUS_INVALID_MDIE;
3208 		goto out;
3209 	}
3210 
3211 	if (!parse.ftie || parse.ftie_len < sizeof(struct rsn_ftie)) {
3212 		wpa_printf(MSG_DEBUG, "FT: Invalid FTIE");
3213 		retval = WLAN_STATUS_INVALID_FTIE;
3214 		goto out;
3215 	}
3216 
3217 	if (parse.r0kh_id == NULL) {
3218 		wpa_printf(MSG_DEBUG, "FT: Invalid FTIE - no R0KH-ID");
3219 		retval = WLAN_STATUS_INVALID_FTIE;
3220 		goto out;
3221 	}
3222 
3223 	wpa_hexdump(MSG_DEBUG, "FT: STA R0KH-ID",
3224 		    parse.r0kh_id, parse.r0kh_id_len);
3225 	os_memcpy(sm->r0kh_id, parse.r0kh_id, parse.r0kh_id_len);
3226 	sm->r0kh_id_len = parse.r0kh_id_len;
3227 
3228 	if (parse.rsn_pmkid == NULL) {
3229 		wpa_printf(MSG_DEBUG, "FT: No PMKID in RSNIE");
3230 		retval = WLAN_STATUS_INVALID_PMKID;
3231 		goto out;
3232 	}
3233 
3234 	if (wpa_ft_set_key_mgmt(sm, &parse) < 0)
3235 		goto out;
3236 
3237 	wpa_hexdump(MSG_DEBUG, "FT: Requested PMKR0Name",
3238 		    parse.rsn_pmkid, WPA_PMK_NAME_LEN);
3239 
3240 	if (conf->ft_psk_generate_local &&
3241 	    wpa_key_mgmt_ft_psk(sm->wpa_key_mgmt)) {
3242 		if (wpa_derive_pmk_r1_name(parse.rsn_pmkid,
3243 					   sm->wpa_auth->conf.r1_key_holder,
3244 					   sm->addr, pmk_r1_name, PMK_LEN) < 0)
3245 			goto out;
3246 		if (wpa_ft_psk_pmk_r1(sm, pmk_r1_name, pmk_r1, &pairwise,
3247 				      &vlan, &identity, &identity_len,
3248 				      &radius_cui, &radius_cui_len,
3249 				      &session_timeout) < 0) {
3250 			retval = WLAN_STATUS_INVALID_PMKID;
3251 			goto out;
3252 		}
3253 		pmk_r1_len = PMK_LEN;
3254 		wpa_printf(MSG_DEBUG,
3255 			   "FT: Generated PMK-R1 for FT-PSK locally");
3256 		goto pmk_r1_derived;
3257 	}
3258 
3259 	/* Need to test all possible hash algorithms for FT-SAE-EXT-KEY since
3260 	 * the key length is not yet known. For other AKMs, only the length
3261 	 * identified by the AKM is used. */
3262 	for (len = SHA256_MAC_LEN; len <= SHA512_MAC_LEN; len += 16) {
3263 		if (parse.key_mgmt != WPA_KEY_MGMT_FT_SAE_EXT_KEY &&
3264 		    ((wpa_key_mgmt_sha384(parse.key_mgmt) &&
3265 		      len != SHA384_MAC_LEN) ||
3266 		     (!wpa_key_mgmt_sha384(parse.key_mgmt) &&
3267 		      len != SHA256_MAC_LEN)))
3268 			continue;
3269 		if (wpa_derive_pmk_r1_name(parse.rsn_pmkid,
3270 					   sm->wpa_auth->conf.r1_key_holder,
3271 					   sm->addr, pmk_r1_name, len) < 0)
3272 			continue;
3273 
3274 		if (wpa_ft_fetch_pmk_r1(sm->wpa_auth, sm->addr, pmk_r1_name,
3275 					pmk_r1, &pmk_r1_len, &pairwise, &vlan,
3276 					&identity, &identity_len, &radius_cui,
3277 					&radius_cui_len,
3278 					&session_timeout) == 0) {
3279 			wpa_printf(MSG_DEBUG,
3280 				   "FT: Found PMKR1Name (using SHA%zu) from local cache",
3281 				   pmk_r1_len * 8);
3282 			goto pmk_r1_derived;
3283 		}
3284 	}
3285 
3286 	wpa_printf(MSG_DEBUG,
3287 		   "FT: No PMK-R1 available in local cache for the requested PMKR1Name");
3288 	if (wpa_ft_local_derive_pmk_r1(sm->wpa_auth, sm,
3289 				       parse.r0kh_id, parse.r0kh_id_len,
3290 				       parse.rsn_pmkid,
3291 				       pmk_r1_name, pmk_r1, &pairwise,
3292 				       &vlan, &identity, &identity_len,
3293 				       &radius_cui, &radius_cui_len,
3294 				       &session_timeout, &pmk_r1_len) == 0) {
3295 		wpa_printf(MSG_DEBUG,
3296 			   "FT: Generated PMK-R1 based on local PMK-R0");
3297 		goto pmk_r1_derived;
3298 	}
3299 
3300 	if (wpa_ft_pull_pmk_r1(sm, ies, ies_len, parse.rsn_pmkid) < 0) {
3301 		wpa_printf(MSG_DEBUG,
3302 			   "FT: Did not have matching PMK-R1 and either unknown or blocked R0KH-ID or NAK from R0KH");
3303 		retval = WLAN_STATUS_INVALID_PMKID;
3304 		goto out;
3305 	}
3306 
3307 	retval = -1; /* Status pending */
3308 	goto out;
3309 
3310 pmk_r1_derived:
3311 	wpa_hexdump_key(MSG_DEBUG, "FT: Selected PMK-R1", pmk_r1, pmk_r1_len);
3312 	sm->pmk_r1_name_valid = 1;
3313 	os_memcpy(sm->pmk_r1_name, pmk_r1_name, WPA_PMK_NAME_LEN);
3314 	os_memcpy(sm->pmk_r1, pmk_r1, pmk_r1_len);
3315 	sm->pmk_r1_len = pmk_r1_len;
3316 
3317 	if (random_get_bytes(sm->ANonce, WPA_NONCE_LEN)) {
3318 		wpa_printf(MSG_DEBUG, "FT: Failed to get random data for "
3319 			   "ANonce");
3320 		goto out;
3321 	}
3322 
3323 	/* Now that we know the correct PMK-R1 length and as such, the length
3324 	 * of the MIC field, fetch the SNonce. */
3325 	if (pmk_r1_len == SHA512_MAC_LEN) {
3326 		const struct rsn_ftie_sha512 *ftie;
3327 
3328 		ftie = (const struct rsn_ftie_sha512 *) parse.ftie;
3329 		if (!ftie || parse.ftie_len < sizeof(*ftie)) {
3330 			wpa_printf(MSG_DEBUG, "FT: Invalid FTIE");
3331 			retval = WLAN_STATUS_INVALID_FTIE;
3332 			goto out;
3333 		}
3334 
3335 		os_memcpy(sm->SNonce, ftie->snonce, WPA_NONCE_LEN);
3336 	} else if (pmk_r1_len == SHA384_MAC_LEN) {
3337 		const struct rsn_ftie_sha384 *ftie;
3338 
3339 		ftie = (const struct rsn_ftie_sha384 *) parse.ftie;
3340 		if (!ftie || parse.ftie_len < sizeof(*ftie)) {
3341 			wpa_printf(MSG_DEBUG, "FT: Invalid FTIE");
3342 			retval = WLAN_STATUS_INVALID_FTIE;
3343 			goto out;
3344 		}
3345 
3346 		os_memcpy(sm->SNonce, ftie->snonce, WPA_NONCE_LEN);
3347 	} else {
3348 		const struct rsn_ftie *ftie;
3349 
3350 		ftie = (const struct rsn_ftie *) parse.ftie;
3351 		if (!ftie || parse.ftie_len < sizeof(*ftie)) {
3352 			wpa_printf(MSG_DEBUG, "FT: Invalid FTIE");
3353 			retval = WLAN_STATUS_INVALID_FTIE;
3354 			goto out;
3355 		}
3356 
3357 		os_memcpy(sm->SNonce, ftie->snonce, WPA_NONCE_LEN);
3358 	}
3359 
3360 	wpa_hexdump(MSG_DEBUG, "FT: Received SNonce",
3361 		    sm->SNonce, WPA_NONCE_LEN);
3362 	wpa_hexdump(MSG_DEBUG, "FT: Generated ANonce",
3363 		    sm->ANonce, WPA_NONCE_LEN);
3364 
3365 	if (sm->wpa_auth->conf.force_kdk_derivation ||
3366 	    (sm->wpa_auth->conf.secure_ltf &&
3367 	     ieee802_11_rsnx_capab(sm->rsnxe, WLAN_RSNX_CAPAB_SECURE_LTF)))
3368 		kdk_len = WPA_KDK_MAX_LEN;
3369 	else
3370 		kdk_len = 0;
3371 
3372 	if (wpa_pmk_r1_to_ptk(pmk_r1, pmk_r1_len, sm->SNonce, sm->ANonce,
3373 			      sm->addr, sm->wpa_auth->addr, pmk_r1_name,
3374 			      &sm->PTK, ptk_name, parse.key_mgmt,
3375 			      pairwise, kdk_len) < 0)
3376 		goto out;
3377 
3378 #ifdef CONFIG_PASN
3379 	if (sm->wpa_auth->conf.secure_ltf &&
3380 	    ieee802_11_rsnx_capab(sm->rsnxe, WLAN_RSNX_CAPAB_SECURE_LTF) &&
3381 	    wpa_ltf_keyseed(&sm->PTK, parse.key_mgmt, pairwise)) {
3382 		wpa_printf(MSG_DEBUG, "FT: Failed to derive LTF keyseed");
3383 		goto out;
3384 	}
3385 #endif /* CONFIG_PASN */
3386 
3387 	sm->pairwise = pairwise;
3388 	sm->PTK_valid = true;
3389 	sm->tk_already_set = false;
3390 	wpa_ft_install_ptk(sm, 0);
3391 
3392 	if (wpa_ft_set_vlan(sm->wpa_auth, sm->addr, &vlan) < 0) {
3393 		wpa_printf(MSG_DEBUG, "FT: Failed to configure VLAN");
3394 		goto out;
3395 	}
3396 	if (wpa_ft_set_identity(sm->wpa_auth, sm->addr,
3397 				identity, identity_len) < 0 ||
3398 	    wpa_ft_set_radius_cui(sm->wpa_auth, sm->addr,
3399 				  radius_cui, radius_cui_len) < 0) {
3400 		wpa_printf(MSG_DEBUG, "FT: Failed to configure identity/CUI");
3401 		goto out;
3402 	}
3403 	wpa_ft_set_session_timeout(sm->wpa_auth, sm->addr, session_timeout);
3404 
3405 	buflen = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) +
3406 		2 + FT_R1KH_ID_LEN + 200;
3407 	*resp_ies = os_zalloc(buflen);
3408 	if (*resp_ies == NULL)
3409 		goto fail;
3410 
3411 	pos = *resp_ies;
3412 	end = *resp_ies + buflen;
3413 
3414 	ret = wpa_write_rsn_ie(conf, pos, end - pos, parse.rsn_pmkid);
3415 	if (ret < 0)
3416 		goto fail;
3417 	pos += ret;
3418 
3419 	ret = wpa_write_mdie(conf, pos, end - pos);
3420 	if (ret < 0)
3421 		goto fail;
3422 	pos += ret;
3423 
3424 	ret = wpa_write_ftie(conf, parse.key_mgmt, pmk_r1_len,
3425 			     parse.r0kh_id, parse.r0kh_id_len,
3426 			     sm->ANonce, sm->SNonce, pos, end - pos, NULL, 0,
3427 			     0);
3428 	if (ret < 0)
3429 		goto fail;
3430 	pos += ret;
3431 
3432 	*resp_ies_len = pos - *resp_ies;
3433 
3434 	retval = WLAN_STATUS_SUCCESS;
3435 	goto out;
3436 fail:
3437 	os_free(*resp_ies);
3438 	*resp_ies = NULL;
3439 out:
3440 	wpa_ft_parse_ies_free(&parse);
3441 	return retval;
3442 }
3443 
3444 
wpa_ft_process_auth(struct wpa_state_machine * sm,u16 auth_transaction,const u8 * ies,size_t ies_len,void (* cb)(void * ctx,const u8 * dst,u16 auth_transaction,u16 status,const u8 * ies,size_t ies_len),void * ctx)3445 void wpa_ft_process_auth(struct wpa_state_machine *sm,
3446 			 u16 auth_transaction, const u8 *ies, size_t ies_len,
3447 			 void (*cb)(void *ctx, const u8 *dst,
3448 				    u16 auth_transaction, u16 status,
3449 				    const u8 *ies, size_t ies_len),
3450 			 void *ctx)
3451 {
3452 	u16 status;
3453 	u8 *resp_ies;
3454 	size_t resp_ies_len;
3455 	int res;
3456 
3457 	if (sm == NULL) {
3458 		wpa_printf(MSG_DEBUG, "FT: Received authentication frame, but "
3459 			   "WPA SM not available");
3460 		return;
3461 	}
3462 
3463 	wpa_printf(MSG_DEBUG, "FT: Received authentication frame: STA=" MACSTR
3464 		   " BSSID=" MACSTR " transaction=%d",
3465 		   MAC2STR(sm->addr), MAC2STR(sm->wpa_auth->addr),
3466 		   auth_transaction);
3467 	sm->ft_pending_cb = cb;
3468 	sm->ft_pending_cb_ctx = ctx;
3469 	sm->ft_pending_auth_transaction = auth_transaction;
3470 	sm->ft_pending_pull_left_retries = sm->wpa_auth->conf.rkh_pull_retries;
3471 	res = wpa_ft_process_auth_req(sm, ies, ies_len, &resp_ies,
3472 				      &resp_ies_len);
3473 	if (res < 0) {
3474 		wpa_printf(MSG_DEBUG, "FT: Callback postponed until response is available");
3475 		return;
3476 	}
3477 	status = res;
3478 
3479 	wpa_printf(MSG_DEBUG, "FT: FT authentication response: dst=" MACSTR
3480 		   " auth_transaction=%d status=%u (%s)",
3481 		   MAC2STR(sm->addr), auth_transaction + 1, status,
3482 		   status2str(status));
3483 	wpa_hexdump(MSG_DEBUG, "FT: Response IEs", resp_ies, resp_ies_len);
3484 	cb(ctx, sm->addr, auth_transaction + 1, status, resp_ies, resp_ies_len);
3485 	os_free(resp_ies);
3486 }
3487 
3488 
wpa_ft_validate_reassoc(struct wpa_state_machine * sm,const u8 * ies,size_t ies_len)3489 int wpa_ft_validate_reassoc(struct wpa_state_machine *sm, const u8 *ies,
3490 			    size_t ies_len)
3491 {
3492 	struct wpa_ft_ies parse;
3493 	struct rsn_mdie *mdie;
3494 	u8 mic[WPA_EAPOL_KEY_MIC_MAX_LEN];
3495 	size_t mic_len;
3496 	unsigned int count;
3497 	const u8 *kck;
3498 	size_t kck_len;
3499 	struct wpa_auth_config *conf;
3500 	int retval = WLAN_STATUS_UNSPECIFIED_FAILURE;
3501 
3502 	if (sm == NULL)
3503 		return WLAN_STATUS_UNSPECIFIED_FAILURE;
3504 
3505 	conf = &sm->wpa_auth->conf;
3506 
3507 	wpa_hexdump(MSG_DEBUG, "FT: Reassoc Req IEs", ies, ies_len);
3508 
3509 	if (wpa_ft_parse_ies(ies, ies_len, &parse, sm->wpa_key_mgmt,
3510 			     false) < 0) {
3511 		wpa_printf(MSG_DEBUG, "FT: Failed to parse FT IEs");
3512 		return WLAN_STATUS_UNSPECIFIED_FAILURE;
3513 	}
3514 
3515 	if (parse.rsn == NULL) {
3516 		wpa_printf(MSG_DEBUG, "FT: No RSNIE in Reassoc Req");
3517 		goto out;
3518 	}
3519 
3520 	if (parse.rsn_pmkid == NULL) {
3521 		wpa_printf(MSG_DEBUG, "FT: No PMKID in RSNIE");
3522 		retval = WLAN_STATUS_INVALID_PMKID;
3523 		goto out;
3524 	}
3525 
3526 	if (os_memcmp_const(parse.rsn_pmkid, sm->pmk_r1_name, WPA_PMK_NAME_LEN)
3527 	    != 0) {
3528 		wpa_printf(MSG_DEBUG, "FT: PMKID in Reassoc Req did not match "
3529 			   "with the PMKR1Name derived from auth request");
3530 		retval = WLAN_STATUS_INVALID_PMKID;
3531 		goto out;
3532 	}
3533 
3534 	mdie = (struct rsn_mdie *) parse.mdie;
3535 	if (mdie == NULL || parse.mdie_len < sizeof(*mdie) ||
3536 	    os_memcmp(mdie->mobility_domain, conf->mobility_domain,
3537 		      MOBILITY_DOMAIN_ID_LEN) != 0) {
3538 		wpa_printf(MSG_DEBUG, "FT: Invalid MDIE");
3539 		retval = WLAN_STATUS_INVALID_MDIE;
3540 		goto out;
3541 	}
3542 
3543 	if (sm->wpa_key_mgmt == WPA_KEY_MGMT_FT_SAE_EXT_KEY &&
3544 	    sm->pmk_r1_len == SHA512_MAC_LEN)
3545 		mic_len = 32;
3546 	else if ((sm->wpa_key_mgmt == WPA_KEY_MGMT_FT_SAE_EXT_KEY &&
3547 		  sm->pmk_r1_len == SHA384_MAC_LEN) ||
3548 		 wpa_key_mgmt_sha384(sm->wpa_key_mgmt))
3549 		mic_len = 24;
3550 	else
3551 		mic_len = 16;
3552 
3553 	if (!parse.ftie || !parse.fte_anonce || !parse.fte_snonce ||
3554 	    parse.fte_mic_len != mic_len) {
3555 		wpa_printf(MSG_DEBUG,
3556 			   "FT: Invalid FTE (fte_mic_len=%zu mic_len=%zu)",
3557 			   parse.fte_mic_len, mic_len);
3558 		retval = WLAN_STATUS_INVALID_FTIE;
3559 		goto out;
3560 	}
3561 
3562 	if (os_memcmp(parse.fte_snonce, sm->SNonce, WPA_NONCE_LEN) != 0) {
3563 		wpa_printf(MSG_DEBUG, "FT: SNonce mismatch in FTIE");
3564 		wpa_hexdump(MSG_DEBUG, "FT: Received SNonce",
3565 			    parse.fte_snonce, WPA_NONCE_LEN);
3566 		wpa_hexdump(MSG_DEBUG, "FT: Expected SNonce",
3567 			    sm->SNonce, WPA_NONCE_LEN);
3568 		retval = WLAN_STATUS_INVALID_FTIE;
3569 		goto out;
3570 	}
3571 
3572 	if (os_memcmp(parse.fte_anonce, sm->ANonce, WPA_NONCE_LEN) != 0) {
3573 		wpa_printf(MSG_DEBUG, "FT: ANonce mismatch in FTIE");
3574 		wpa_hexdump(MSG_DEBUG, "FT: Received ANonce",
3575 			    parse.fte_anonce, WPA_NONCE_LEN);
3576 		wpa_hexdump(MSG_DEBUG, "FT: Expected ANonce",
3577 			    sm->ANonce, WPA_NONCE_LEN);
3578 		retval = WLAN_STATUS_INVALID_FTIE;
3579 		goto out;
3580 	}
3581 
3582 	if (parse.r0kh_id == NULL) {
3583 		wpa_printf(MSG_DEBUG, "FT: No R0KH-ID subelem in FTIE");
3584 		retval = WLAN_STATUS_INVALID_FTIE;
3585 		goto out;
3586 	}
3587 
3588 	if (parse.r0kh_id_len != sm->r0kh_id_len ||
3589 	    os_memcmp_const(parse.r0kh_id, sm->r0kh_id, parse.r0kh_id_len) != 0)
3590 	{
3591 		wpa_printf(MSG_DEBUG, "FT: R0KH-ID in FTIE did not match with "
3592 			   "the current R0KH-ID");
3593 		wpa_hexdump(MSG_DEBUG, "FT: R0KH-ID in FTIE",
3594 			    parse.r0kh_id, parse.r0kh_id_len);
3595 		wpa_hexdump(MSG_DEBUG, "FT: The current R0KH-ID",
3596 			    sm->r0kh_id, sm->r0kh_id_len);
3597 		retval = WLAN_STATUS_INVALID_FTIE;
3598 		goto out;
3599 	}
3600 
3601 	if (parse.r1kh_id == NULL) {
3602 		wpa_printf(MSG_DEBUG, "FT: No R1KH-ID subelem in FTIE");
3603 		retval = WLAN_STATUS_INVALID_FTIE;
3604 		goto out;
3605 	}
3606 
3607 	if (os_memcmp_const(parse.r1kh_id, conf->r1_key_holder,
3608 			    FT_R1KH_ID_LEN) != 0) {
3609 		wpa_printf(MSG_DEBUG, "FT: Unknown R1KH-ID used in "
3610 			   "ReassocReq");
3611 		wpa_hexdump(MSG_DEBUG, "FT: R1KH-ID in FTIE",
3612 			    parse.r1kh_id, FT_R1KH_ID_LEN);
3613 		wpa_hexdump(MSG_DEBUG, "FT: Expected R1KH-ID",
3614 			    conf->r1_key_holder, FT_R1KH_ID_LEN);
3615 		retval = WLAN_STATUS_INVALID_FTIE;
3616 		goto out;
3617 	}
3618 
3619 	if (parse.rsn_pmkid == NULL ||
3620 	    os_memcmp_const(parse.rsn_pmkid, sm->pmk_r1_name, WPA_PMK_NAME_LEN))
3621 	{
3622 		wpa_printf(MSG_DEBUG, "FT: No matching PMKR1Name (PMKID) in "
3623 			   "RSNIE (pmkid=%d)", !!parse.rsn_pmkid);
3624 		retval = WLAN_STATUS_INVALID_PMKID;
3625 		goto out;
3626 	}
3627 
3628 	count = 3;
3629 	if (parse.ric)
3630 		count += ieee802_11_ie_count(parse.ric, parse.ric_len);
3631 	if (parse.rsnxe)
3632 		count++;
3633 	if (parse.fte_elem_count != count) {
3634 		wpa_printf(MSG_DEBUG, "FT: Unexpected IE count in MIC "
3635 			   "Control: received %u expected %u",
3636 			   parse.fte_elem_count, count);
3637 		goto out;
3638 	}
3639 
3640 	if (wpa_key_mgmt_fils(sm->wpa_key_mgmt)) {
3641 		kck = sm->PTK.kck2;
3642 		kck_len = sm->PTK.kck2_len;
3643 	} else {
3644 		kck = sm->PTK.kck;
3645 		kck_len = sm->PTK.kck_len;
3646 	}
3647 	if (wpa_ft_mic(sm->wpa_key_mgmt, kck, kck_len,
3648 		       sm->addr, sm->wpa_auth->addr, 5,
3649 		       parse.mdie - 2, parse.mdie_len + 2,
3650 		       parse.ftie - 2, parse.ftie_len + 2,
3651 		       parse.rsn - 2, parse.rsn_len + 2,
3652 		       parse.ric, parse.ric_len,
3653 		       parse.rsnxe ? parse.rsnxe - 2 : NULL,
3654 		       parse.rsnxe ? parse.rsnxe_len + 2 : 0,
3655 		       NULL,
3656 		       mic) < 0) {
3657 		wpa_printf(MSG_DEBUG, "FT: Failed to calculate MIC");
3658 		goto out;
3659 	}
3660 
3661 	if (os_memcmp_const(mic, parse.fte_mic, mic_len) != 0) {
3662 		wpa_printf(MSG_DEBUG, "FT: Invalid MIC in FTIE");
3663 		wpa_printf(MSG_DEBUG, "FT: addr=" MACSTR " auth_addr=" MACSTR,
3664 			   MAC2STR(sm->addr), MAC2STR(sm->wpa_auth->addr));
3665 		wpa_hexdump(MSG_MSGDUMP, "FT: Received MIC",
3666 			    parse.fte_mic, mic_len);
3667 		wpa_hexdump(MSG_MSGDUMP, "FT: Calculated MIC", mic, mic_len);
3668 		wpa_hexdump(MSG_MSGDUMP, "FT: MDIE",
3669 			    parse.mdie - 2, parse.mdie_len + 2);
3670 		wpa_hexdump(MSG_MSGDUMP, "FT: FTIE",
3671 			    parse.ftie - 2, parse.ftie_len + 2);
3672 		wpa_hexdump(MSG_MSGDUMP, "FT: RSN",
3673 			    parse.rsn - 2, parse.rsn_len + 2);
3674 		wpa_hexdump(MSG_MSGDUMP, "FT: RSNXE",
3675 			    parse.rsnxe ? parse.rsnxe - 2 : NULL,
3676 			    parse.rsnxe ? parse.rsnxe_len + 2 : 0);
3677 		retval = WLAN_STATUS_INVALID_FTIE;
3678 		goto out;
3679 	}
3680 
3681 	if (parse.fte_rsnxe_used &&
3682 	    (conf->sae_pwe == SAE_PWE_HASH_TO_ELEMENT ||
3683 	     conf->sae_pwe == SAE_PWE_BOTH) &&
3684 	    !parse.rsnxe) {
3685 		wpa_printf(MSG_INFO,
3686 			   "FT: FTE indicated that STA uses RSNXE, but RSNXE was not included");
3687 		retval = -1; /* discard request */
3688 		goto out;
3689 	}
3690 
3691 #ifdef CONFIG_OCV
3692 	if (wpa_auth_uses_ocv(sm)) {
3693 		struct wpa_channel_info ci;
3694 		int tx_chanwidth;
3695 		int tx_seg1_idx;
3696 		enum oci_verify_result res;
3697 
3698 		if (wpa_channel_info(sm->wpa_auth, &ci) != 0) {
3699 			wpa_printf(MSG_WARNING,
3700 				   "Failed to get channel info to validate received OCI in (Re)Assoc Request");
3701 			goto out;
3702 		}
3703 
3704 		if (get_sta_tx_parameters(sm,
3705 					  channel_width_to_int(ci.chanwidth),
3706 					  ci.seg1_idx, &tx_chanwidth,
3707 					  &tx_seg1_idx) < 0)
3708 			goto out;
3709 
3710 		res = ocv_verify_tx_params(parse.oci, parse.oci_len, &ci,
3711 					   tx_chanwidth, tx_seg1_idx);
3712 		if (wpa_auth_uses_ocv(sm) == 2 && res == OCI_NOT_FOUND) {
3713 			/* Work around misbehaving STAs */
3714 			wpa_printf(MSG_INFO,
3715 				   "Disable OCV with a STA that does not send OCI");
3716 			wpa_auth_set_ocv(sm, 0);
3717 		} else if (res != OCI_SUCCESS) {
3718 			wpa_printf(MSG_WARNING, "OCV failed: %s", ocv_errorstr);
3719 			if (sm->wpa_auth->conf.msg_ctx)
3720 				wpa_msg(sm->wpa_auth->conf.msg_ctx, MSG_INFO,
3721 					OCV_FAILURE "addr=" MACSTR
3722 					" frame=ft-reassoc-req error=%s",
3723 					MAC2STR(sm->addr), ocv_errorstr);
3724 			retval = WLAN_STATUS_INVALID_FTIE;
3725 			goto out;
3726 		}
3727 	}
3728 #endif /* CONFIG_OCV */
3729 
3730 	retval = WLAN_STATUS_SUCCESS;
3731 out:
3732 	wpa_ft_parse_ies_free(&parse);
3733 	return retval;
3734 }
3735 
3736 
wpa_ft_action_rx(struct wpa_state_machine * sm,const u8 * data,size_t len)3737 int wpa_ft_action_rx(struct wpa_state_machine *sm, const u8 *data, size_t len)
3738 {
3739 	const u8 *sta_addr, *target_ap;
3740 	const u8 *ies;
3741 	size_t ies_len;
3742 	u8 action;
3743 	struct ft_rrb_frame *frame;
3744 
3745 	if (sm == NULL)
3746 		return -1;
3747 
3748 	/*
3749 	 * data: Category[1] Action[1] STA_Address[6] Target_AP_Address[6]
3750 	 * FT Request action frame body[variable]
3751 	 */
3752 
3753 	if (len < 14) {
3754 		wpa_printf(MSG_DEBUG, "FT: Too short FT Action frame "
3755 			   "(len=%lu)", (unsigned long) len);
3756 		return -1;
3757 	}
3758 
3759 	action = data[1];
3760 	sta_addr = data + 2;
3761 	target_ap = data + 8;
3762 	ies = data + 14;
3763 	ies_len = len - 14;
3764 
3765 	wpa_printf(MSG_DEBUG, "FT: Received FT Action frame (STA=" MACSTR
3766 		   " Target AP=" MACSTR " Action=%d)",
3767 		   MAC2STR(sta_addr), MAC2STR(target_ap), action);
3768 
3769 	if (!ether_addr_equal(sta_addr, sm->addr)) {
3770 		wpa_printf(MSG_DEBUG, "FT: Mismatch in FT Action STA address: "
3771 			   "STA=" MACSTR " STA-Address=" MACSTR,
3772 			   MAC2STR(sm->addr), MAC2STR(sta_addr));
3773 		return -1;
3774 	}
3775 
3776 	/*
3777 	 * Do some validity checking on the target AP address (not own and not
3778 	 * broadcast. This could be extended to filter based on a list of known
3779 	 * APs in the MD (if such a list were configured).
3780 	 */
3781 	if ((target_ap[0] & 0x01) ||
3782 	    ether_addr_equal(target_ap, sm->wpa_auth->addr)) {
3783 		wpa_printf(MSG_DEBUG, "FT: Invalid Target AP in FT Action "
3784 			   "frame");
3785 		return -1;
3786 	}
3787 
3788 	wpa_hexdump(MSG_MSGDUMP, "FT: Action frame body", ies, ies_len);
3789 
3790 	if (!sm->wpa_auth->conf.ft_over_ds) {
3791 		wpa_printf(MSG_DEBUG, "FT: Over-DS option disabled - reject");
3792 		return -1;
3793 	}
3794 
3795 	/* RRB - Forward action frame to the target AP */
3796 	frame = os_malloc(sizeof(*frame) + len);
3797 	if (frame == NULL)
3798 		return -1;
3799 	frame->frame_type = RSN_REMOTE_FRAME_TYPE_FT_RRB;
3800 	frame->packet_type = FT_PACKET_REQUEST;
3801 	frame->action_length = host_to_le16(len);
3802 	os_memcpy(frame->ap_address, sm->wpa_auth->addr, ETH_ALEN);
3803 	os_memcpy(frame + 1, data, len);
3804 
3805 	wpa_ft_rrb_send(sm->wpa_auth, target_ap, (u8 *) frame,
3806 			sizeof(*frame) + len);
3807 	os_free(frame);
3808 
3809 	return 0;
3810 }
3811 
3812 
wpa_ft_rrb_rx_request_cb(void * ctx,const u8 * dst,u16 auth_transaction,u16 resp,const u8 * ies,size_t ies_len)3813 static void wpa_ft_rrb_rx_request_cb(void *ctx, const u8 *dst,
3814 				     u16 auth_transaction, u16 resp,
3815 				     const u8 *ies, size_t ies_len)
3816 {
3817 	struct wpa_state_machine *sm = ctx;
3818 	wpa_printf(MSG_DEBUG, "FT: Over-the-DS RX request cb for " MACSTR,
3819 		   MAC2STR(sm->addr));
3820 	wpa_ft_send_rrb_auth_resp(sm, sm->ft_pending_current_ap, sm->addr,
3821 				  WLAN_STATUS_SUCCESS, ies, ies_len);
3822 }
3823 
3824 
wpa_ft_rrb_rx_request(struct wpa_authenticator * wpa_auth,const u8 * current_ap,const u8 * sta_addr,const u8 * body,size_t len)3825 static int wpa_ft_rrb_rx_request(struct wpa_authenticator *wpa_auth,
3826 				 const u8 *current_ap, const u8 *sta_addr,
3827 				 const u8 *body, size_t len)
3828 {
3829 	struct wpa_state_machine *sm;
3830 	u16 status;
3831 	u8 *resp_ies;
3832 	size_t resp_ies_len;
3833 	int res;
3834 
3835 	sm = wpa_ft_add_sta(wpa_auth, sta_addr);
3836 	if (sm == NULL) {
3837 		wpa_printf(MSG_DEBUG, "FT: Failed to add new STA based on "
3838 			   "RRB Request");
3839 		return -1;
3840 	}
3841 
3842 	wpa_hexdump(MSG_MSGDUMP, "FT: RRB Request Frame body", body, len);
3843 
3844 	sm->ft_pending_cb = wpa_ft_rrb_rx_request_cb;
3845 	sm->ft_pending_cb_ctx = sm;
3846 	os_memcpy(sm->ft_pending_current_ap, current_ap, ETH_ALEN);
3847 	sm->ft_pending_pull_left_retries = sm->wpa_auth->conf.rkh_pull_retries;
3848 	res = wpa_ft_process_auth_req(sm, body, len, &resp_ies,
3849 				      &resp_ies_len);
3850 	if (res < 0) {
3851 		wpa_printf(MSG_DEBUG, "FT: No immediate response available - wait for pull response");
3852 		return 0;
3853 	}
3854 	status = res;
3855 
3856 	res = wpa_ft_send_rrb_auth_resp(sm, current_ap, sta_addr, status,
3857 					resp_ies, resp_ies_len);
3858 	os_free(resp_ies);
3859 	return res;
3860 }
3861 
3862 
wpa_ft_send_rrb_auth_resp(struct wpa_state_machine * sm,const u8 * current_ap,const u8 * sta_addr,u16 status,const u8 * resp_ies,size_t resp_ies_len)3863 static int wpa_ft_send_rrb_auth_resp(struct wpa_state_machine *sm,
3864 				     const u8 *current_ap, const u8 *sta_addr,
3865 				     u16 status, const u8 *resp_ies,
3866 				     size_t resp_ies_len)
3867 {
3868 	struct wpa_authenticator *wpa_auth = sm->wpa_auth;
3869 	size_t rlen;
3870 	struct ft_rrb_frame *frame;
3871 	u8 *pos;
3872 
3873 	wpa_printf(MSG_DEBUG, "FT: RRB authentication response: STA=" MACSTR
3874 		   " CurrentAP=" MACSTR " status=%u (%s)",
3875 		   MAC2STR(sm->addr), MAC2STR(current_ap), status,
3876 		   status2str(status));
3877 	wpa_hexdump(MSG_DEBUG, "FT: Response IEs", resp_ies, resp_ies_len);
3878 
3879 	/* RRB - Forward action frame response to the Current AP */
3880 
3881 	/*
3882 	 * data: Category[1] Action[1] STA_Address[6] Target_AP_Address[6]
3883 	 * Status_Code[2] FT Request action frame body[variable]
3884 	 */
3885 	rlen = 2 + 2 * ETH_ALEN + 2 + resp_ies_len;
3886 
3887 	frame = os_malloc(sizeof(*frame) + rlen);
3888 	if (frame == NULL)
3889 		return -1;
3890 	frame->frame_type = RSN_REMOTE_FRAME_TYPE_FT_RRB;
3891 	frame->packet_type = FT_PACKET_RESPONSE;
3892 	frame->action_length = host_to_le16(rlen);
3893 	os_memcpy(frame->ap_address, wpa_auth->addr, ETH_ALEN);
3894 	pos = (u8 *) (frame + 1);
3895 	*pos++ = WLAN_ACTION_FT;
3896 	*pos++ = 2; /* Action: Response */
3897 	os_memcpy(pos, sta_addr, ETH_ALEN);
3898 	pos += ETH_ALEN;
3899 	os_memcpy(pos, wpa_auth->addr, ETH_ALEN);
3900 	pos += ETH_ALEN;
3901 	WPA_PUT_LE16(pos, status);
3902 	pos += 2;
3903 	if (resp_ies)
3904 		os_memcpy(pos, resp_ies, resp_ies_len);
3905 
3906 	wpa_ft_rrb_send(wpa_auth, current_ap, (u8 *) frame,
3907 			sizeof(*frame) + rlen);
3908 	os_free(frame);
3909 
3910 	return 0;
3911 }
3912 
3913 
wpa_ft_rrb_build_r0(const u8 * key,const size_t key_len,const struct tlv_list * tlvs,const struct wpa_ft_pmk_r0_sa * pmk_r0,const u8 * r1kh_id,const u8 * s1kh_id,const struct tlv_list * tlv_auth,const u8 * src_addr,u8 type,u8 ** packet,size_t * packet_len)3914 static int wpa_ft_rrb_build_r0(const u8 *key, const size_t key_len,
3915 			       const struct tlv_list *tlvs,
3916 			       const struct wpa_ft_pmk_r0_sa *pmk_r0,
3917 			       const u8 *r1kh_id, const u8 *s1kh_id,
3918 			       const struct tlv_list *tlv_auth,
3919 			       const u8 *src_addr, u8 type,
3920 			       u8 **packet, size_t *packet_len)
3921 {
3922 	u8 pmk_r1[PMK_LEN_MAX];
3923 	size_t pmk_r1_len = pmk_r0->pmk_r0_len;
3924 	u8 pmk_r1_name[WPA_PMK_NAME_LEN];
3925 	u8 f_pairwise[sizeof(le16)];
3926 	u8 f_expires_in[sizeof(le16)];
3927 	u8 f_session_timeout[sizeof(le32)];
3928 	int expires_in;
3929 	int session_timeout;
3930 	struct os_reltime now;
3931 	int ret;
3932 	struct tlv_list sess_tlv[] = {
3933 		{ .type = FT_RRB_PMK_R1, .len = pmk_r1_len,
3934 		  .data = pmk_r1 },
3935 		{ .type = FT_RRB_PMK_R1_NAME, .len = sizeof(pmk_r1_name),
3936 		  .data = pmk_r1_name },
3937 		{ .type = FT_RRB_PAIRWISE, .len = sizeof(f_pairwise),
3938 		  .data = f_pairwise },
3939 		{ .type = FT_RRB_EXPIRES_IN, .len = sizeof(f_expires_in),
3940 		  .data = f_expires_in },
3941 		{ .type = FT_RRB_IDENTITY, .len = pmk_r0->identity_len,
3942 		  .data = pmk_r0->identity },
3943 		{ .type = FT_RRB_RADIUS_CUI, .len = pmk_r0->radius_cui_len,
3944 		  .data = pmk_r0->radius_cui },
3945 		{ .type = FT_RRB_SESSION_TIMEOUT,
3946 		  .len = sizeof(f_session_timeout),
3947 		  .data = f_session_timeout },
3948 		{ .type = FT_RRB_LAST_EMPTY, .len = 0, .data = NULL },
3949 	};
3950 
3951 	wpa_printf(MSG_DEBUG, "FT: Derive PMK-R1 for peer AP");
3952 	if (wpa_derive_pmk_r1(pmk_r0->pmk_r0, pmk_r0->pmk_r0_len,
3953 			      pmk_r0->pmk_r0_name, r1kh_id,
3954 			      s1kh_id, pmk_r1, pmk_r1_name) < 0)
3955 		return -1;
3956 	WPA_PUT_LE16(f_pairwise, pmk_r0->pairwise);
3957 
3958 	os_get_reltime(&now);
3959 	if (pmk_r0->expiration > now.sec)
3960 		expires_in = pmk_r0->expiration - now.sec;
3961 	else if (pmk_r0->expiration)
3962 		expires_in = 1;
3963 	else
3964 		expires_in = 0;
3965 	WPA_PUT_LE16(f_expires_in, expires_in);
3966 
3967 	if (pmk_r0->session_timeout > now.sec)
3968 		session_timeout = pmk_r0->session_timeout - now.sec;
3969 	else if (pmk_r0->session_timeout)
3970 		session_timeout = 1;
3971 	else
3972 		session_timeout = 0;
3973 	WPA_PUT_LE32(f_session_timeout, session_timeout);
3974 
3975 	ret = wpa_ft_rrb_build(key, key_len, tlvs, sess_tlv, tlv_auth,
3976 			       pmk_r0->vlan, src_addr, type,
3977 			       packet, packet_len);
3978 
3979 	forced_memzero(pmk_r1, sizeof(pmk_r1));
3980 
3981 	return ret;
3982 }
3983 
3984 
wpa_ft_rrb_rx_pull(struct wpa_authenticator * wpa_auth,const u8 * src_addr,const u8 * enc,size_t enc_len,const u8 * auth,size_t auth_len,int no_defer)3985 static int wpa_ft_rrb_rx_pull(struct wpa_authenticator *wpa_auth,
3986 			      const u8 *src_addr,
3987 			      const u8 *enc, size_t enc_len,
3988 			      const u8 *auth, size_t auth_len,
3989 			      int no_defer)
3990 {
3991 	const char *msgtype = "pull request";
3992 	u8 *plain = NULL, *packet = NULL;
3993 	size_t plain_len = 0, packet_len = 0;
3994 	struct ft_remote_r1kh *r1kh, *r1kh_wildcard;
3995 	const u8 *key;
3996 	size_t key_len;
3997 	int seq_ret;
3998 	const u8 *f_nonce, *f_r0kh_id, *f_r1kh_id, *f_s1kh_id, *f_pmk_r0_name;
3999 	size_t f_nonce_len, f_r0kh_id_len, f_r1kh_id_len, f_s1kh_id_len;
4000 	size_t f_pmk_r0_name_len;
4001 	const struct wpa_ft_pmk_r0_sa *r0;
4002 	int ret;
4003 	struct tlv_list resp[2];
4004 	struct tlv_list resp_auth[5];
4005 	struct ft_rrb_seq f_seq;
4006 
4007 	wpa_printf(MSG_DEBUG, "FT: Received PMK-R1 pull");
4008 
4009 	RRB_GET_AUTH(FT_RRB_R0KH_ID, r0kh_id, msgtype, -1);
4010 	wpa_hexdump(MSG_DEBUG, "FT: R0KH-ID", f_r0kh_id, f_r0kh_id_len);
4011 
4012 	if (wpa_ft_rrb_check_r0kh(wpa_auth, f_r0kh_id, f_r0kh_id_len)) {
4013 		wpa_printf(MSG_DEBUG, "FT: R0KH-ID mismatch");
4014 		goto out;
4015 	}
4016 
4017 	RRB_GET_AUTH(FT_RRB_R1KH_ID, r1kh_id, msgtype, FT_R1KH_ID_LEN);
4018 	wpa_printf(MSG_DEBUG, "FT: R1KH-ID=" MACSTR, MAC2STR(f_r1kh_id));
4019 
4020 	wpa_ft_rrb_lookup_r1kh(wpa_auth, f_r1kh_id, &r1kh, &r1kh_wildcard);
4021 	if (r1kh) {
4022 		key = r1kh->key;
4023 		key_len = sizeof(r1kh->key);
4024 	} else if (r1kh_wildcard) {
4025 		wpa_printf(MSG_DEBUG, "FT: Using wildcard R1KH-ID");
4026 		key = r1kh_wildcard->key;
4027 		key_len = sizeof(r1kh_wildcard->key);
4028 	} else {
4029 		goto out;
4030 	}
4031 
4032 	RRB_GET_AUTH(FT_RRB_NONCE, nonce, "pull request", FT_RRB_NONCE_LEN);
4033 	wpa_hexdump(MSG_DEBUG, "FT: nonce", f_nonce, f_nonce_len);
4034 
4035 	seq_ret = FT_RRB_SEQ_DROP;
4036 	if (r1kh)
4037 		seq_ret = wpa_ft_rrb_seq_chk(r1kh->seq, src_addr, enc, enc_len,
4038 					     auth, auth_len, msgtype, no_defer);
4039 	if (!no_defer && r1kh_wildcard &&
4040 	    (!r1kh || !ether_addr_equal(r1kh->addr, src_addr))) {
4041 		/* wildcard: r1kh-id unknown or changed addr -> do a seq req */
4042 		seq_ret = FT_RRB_SEQ_DEFER;
4043 	}
4044 
4045 	if (seq_ret == FT_RRB_SEQ_DROP)
4046 		goto out;
4047 
4048 	if (wpa_ft_rrb_decrypt(key, key_len, enc, enc_len, auth, auth_len,
4049 			       src_addr, FT_PACKET_R0KH_R1KH_PULL,
4050 			       &plain, &plain_len) < 0)
4051 		goto out;
4052 
4053 	if (!r1kh)
4054 		r1kh = wpa_ft_rrb_add_r1kh(wpa_auth, r1kh_wildcard, src_addr,
4055 					   f_r1kh_id,
4056 					   wpa_auth->conf.rkh_pos_timeout);
4057 	if (!r1kh)
4058 		goto out;
4059 
4060 	if (seq_ret == FT_RRB_SEQ_DEFER) {
4061 		wpa_ft_rrb_seq_req(wpa_auth, r1kh->seq, src_addr, f_r0kh_id,
4062 				   f_r0kh_id_len, f_r1kh_id, key, key_len,
4063 				   enc, enc_len, auth, auth_len,
4064 				   &wpa_ft_rrb_rx_pull);
4065 		goto out;
4066 	}
4067 
4068 	wpa_ft_rrb_seq_accept(wpa_auth, r1kh->seq, src_addr, auth, auth_len,
4069 			      msgtype);
4070 	wpa_ft_rrb_r1kh_replenish(wpa_auth, r1kh,
4071 				  wpa_auth->conf.rkh_pos_timeout);
4072 
4073 	RRB_GET(FT_RRB_PMK_R0_NAME, pmk_r0_name, msgtype, WPA_PMK_NAME_LEN);
4074 	wpa_hexdump(MSG_DEBUG, "FT: PMKR0Name", f_pmk_r0_name,
4075 		    f_pmk_r0_name_len);
4076 
4077 	RRB_GET(FT_RRB_S1KH_ID, s1kh_id, msgtype, ETH_ALEN);
4078 	wpa_printf(MSG_DEBUG, "FT: S1KH-ID=" MACSTR, MAC2STR(f_s1kh_id));
4079 
4080 	if (wpa_ft_new_seq(r1kh->seq, &f_seq) < 0) {
4081 		wpa_printf(MSG_DEBUG, "FT: Failed to get seq num");
4082 		goto out;
4083 	}
4084 
4085 	wpa_printf(MSG_DEBUG, "FT: Send PMK-R1 pull response from " MACSTR
4086 		   " to " MACSTR,
4087 		   MAC2STR(wpa_auth->addr), MAC2STR(src_addr));
4088 
4089 	resp[0].type = FT_RRB_S1KH_ID;
4090 	resp[0].len = f_s1kh_id_len;
4091 	resp[0].data = f_s1kh_id;
4092 	resp[1].type = FT_RRB_LAST_EMPTY;
4093 	resp[1].len = 0;
4094 	resp[1].data = NULL;
4095 
4096 	resp_auth[0].type = FT_RRB_NONCE;
4097 	resp_auth[0].len = f_nonce_len;
4098 	resp_auth[0].data = f_nonce;
4099 	resp_auth[1].type = FT_RRB_SEQ;
4100 	resp_auth[1].len = sizeof(f_seq);
4101 	resp_auth[1].data = (u8 *) &f_seq;
4102 	resp_auth[2].type = FT_RRB_R0KH_ID;
4103 	resp_auth[2].len = f_r0kh_id_len;
4104 	resp_auth[2].data = f_r0kh_id;
4105 	resp_auth[3].type = FT_RRB_R1KH_ID;
4106 	resp_auth[3].len = f_r1kh_id_len;
4107 	resp_auth[3].data = f_r1kh_id;
4108 	resp_auth[4].type = FT_RRB_LAST_EMPTY;
4109 	resp_auth[4].len = 0;
4110 	resp_auth[4].data = NULL;
4111 
4112 	if (wpa_ft_fetch_pmk_r0(wpa_auth, f_s1kh_id, f_pmk_r0_name, &r0) < 0) {
4113 		wpa_printf(MSG_DEBUG, "FT: No matching PMK-R0-Name found");
4114 		ret = wpa_ft_rrb_build(key, key_len, resp, NULL, resp_auth,
4115 				       NULL, wpa_auth->addr,
4116 				       FT_PACKET_R0KH_R1KH_RESP,
4117 				       &packet, &packet_len);
4118 	} else {
4119 		ret = wpa_ft_rrb_build_r0(key, key_len, resp, r0, f_r1kh_id,
4120 					  f_s1kh_id, resp_auth, wpa_auth->addr,
4121 					  FT_PACKET_R0KH_R1KH_RESP,
4122 					  &packet, &packet_len);
4123 	}
4124 
4125 	if (!ret)
4126 		wpa_ft_rrb_oui_send(wpa_auth, src_addr,
4127 				    FT_PACKET_R0KH_R1KH_RESP, packet,
4128 				    packet_len);
4129 
4130 out:
4131 	os_free(plain);
4132 	os_free(packet);
4133 
4134 	return 0;
4135 }
4136 
4137 
4138 /* @returns  0 on success
4139  *          -1 on error
4140  *          -2 if FR_RRB_PAIRWISE is missing
4141  */
wpa_ft_rrb_rx_r1(struct wpa_authenticator * wpa_auth,const u8 * src_addr,u8 type,const u8 * enc,size_t enc_len,const u8 * auth,size_t auth_len,const char * msgtype,u8 * s1kh_id_out,int (* cb)(struct wpa_authenticator * wpa_auth,const u8 * src_addr,const u8 * enc,size_t enc_len,const u8 * auth,size_t auth_len,int no_defer))4142 static int wpa_ft_rrb_rx_r1(struct wpa_authenticator *wpa_auth,
4143 			    const u8 *src_addr, u8 type,
4144 			    const u8 *enc, size_t enc_len,
4145 			    const u8 *auth, size_t auth_len,
4146 			    const char *msgtype, u8 *s1kh_id_out,
4147 			    int (*cb)(struct wpa_authenticator *wpa_auth,
4148 				      const u8 *src_addr,
4149 				      const u8 *enc, size_t enc_len,
4150 				      const u8 *auth, size_t auth_len,
4151 				      int no_defer))
4152 {
4153 	u8 *plain = NULL;
4154 	size_t plain_len = 0;
4155 	struct ft_remote_r0kh *r0kh, *r0kh_wildcard;
4156 	const u8 *key;
4157 	size_t key_len;
4158 	int seq_ret;
4159 	const u8 *f_r1kh_id, *f_s1kh_id, *f_r0kh_id;
4160 	const u8 *f_pmk_r1_name, *f_pairwise, *f_pmk_r1;
4161 	const u8 *f_expires_in;
4162 	size_t f_r1kh_id_len, f_s1kh_id_len, f_r0kh_id_len;
4163 	const u8 *f_identity, *f_radius_cui;
4164 	const u8 *f_session_timeout;
4165 	size_t f_pmk_r1_name_len, f_pairwise_len, f_pmk_r1_len;
4166 	size_t f_expires_in_len;
4167 	size_t f_identity_len, f_radius_cui_len;
4168 	size_t f_session_timeout_len;
4169 	int pairwise;
4170 	int ret = -1;
4171 	int expires_in;
4172 	int session_timeout;
4173 	struct vlan_description vlan;
4174 	size_t pmk_r1_len;
4175 
4176 	RRB_GET_AUTH(FT_RRB_R0KH_ID, r0kh_id, msgtype, -1);
4177 	wpa_hexdump(MSG_DEBUG, "FT: R0KH-ID", f_r0kh_id, f_r0kh_id_len);
4178 
4179 	RRB_GET_AUTH(FT_RRB_R1KH_ID, r1kh_id, msgtype, FT_R1KH_ID_LEN);
4180 	wpa_printf(MSG_DEBUG, "FT: R1KH-ID=" MACSTR, MAC2STR(f_r1kh_id));
4181 
4182 	if (wpa_ft_rrb_check_r1kh(wpa_auth, f_r1kh_id)) {
4183 		wpa_printf(MSG_DEBUG, "FT: R1KH-ID mismatch");
4184 		goto out;
4185 	}
4186 
4187 	wpa_ft_rrb_lookup_r0kh(wpa_auth, f_r0kh_id, f_r0kh_id_len, &r0kh,
4188 			       &r0kh_wildcard);
4189 	if (r0kh) {
4190 		key = r0kh->key;
4191 		key_len = sizeof(r0kh->key);
4192 	} else if (r0kh_wildcard) {
4193 		wpa_printf(MSG_DEBUG, "FT: Using wildcard R0KH-ID");
4194 		key = r0kh_wildcard->key;
4195 		key_len = sizeof(r0kh_wildcard->key);
4196 	} else {
4197 		goto out;
4198 	}
4199 
4200 	seq_ret = FT_RRB_SEQ_DROP;
4201 	if (r0kh) {
4202 		seq_ret = wpa_ft_rrb_seq_chk(r0kh->seq, src_addr, enc, enc_len,
4203 					     auth, auth_len, msgtype,
4204 					     cb ? 0 : 1);
4205 	}
4206 	if (cb && r0kh_wildcard &&
4207 	    (!r0kh || !ether_addr_equal(r0kh->addr, src_addr))) {
4208 		/* wildcard: r0kh-id unknown or changed addr -> do a seq req */
4209 		seq_ret = FT_RRB_SEQ_DEFER;
4210 	}
4211 
4212 	if (seq_ret == FT_RRB_SEQ_DROP)
4213 		goto out;
4214 
4215 	if (wpa_ft_rrb_decrypt(key, key_len, enc, enc_len, auth, auth_len,
4216 			       src_addr, type, &plain, &plain_len) < 0)
4217 		goto out;
4218 
4219 	if (!r0kh)
4220 		r0kh = wpa_ft_rrb_add_r0kh(wpa_auth, r0kh_wildcard, src_addr,
4221 					   f_r0kh_id, f_r0kh_id_len,
4222 					   wpa_auth->conf.rkh_pos_timeout);
4223 	if (!r0kh)
4224 		goto out;
4225 
4226 	if (seq_ret == FT_RRB_SEQ_DEFER) {
4227 		wpa_ft_rrb_seq_req(wpa_auth, r0kh->seq, src_addr, f_r0kh_id,
4228 				   f_r0kh_id_len, f_r1kh_id, key, key_len,
4229 				   enc, enc_len, auth, auth_len, cb);
4230 		goto out;
4231 	}
4232 
4233 	wpa_ft_rrb_seq_accept(wpa_auth, r0kh->seq, src_addr, auth, auth_len,
4234 			      msgtype);
4235 	wpa_ft_rrb_r0kh_replenish(wpa_auth, r0kh,
4236 				  wpa_auth->conf.rkh_pos_timeout);
4237 
4238 	RRB_GET(FT_RRB_S1KH_ID, s1kh_id, msgtype, ETH_ALEN);
4239 	wpa_printf(MSG_DEBUG, "FT: S1KH-ID=" MACSTR, MAC2STR(f_s1kh_id));
4240 
4241 	if (s1kh_id_out)
4242 		os_memcpy(s1kh_id_out, f_s1kh_id, ETH_ALEN);
4243 
4244 	ret = -2;
4245 	RRB_GET(FT_RRB_PAIRWISE, pairwise, msgtype, sizeof(le16));
4246 	wpa_hexdump(MSG_DEBUG, "FT: pairwise", f_pairwise, f_pairwise_len);
4247 
4248 	ret = -1;
4249 	RRB_GET(FT_RRB_PMK_R1_NAME, pmk_r1_name, msgtype, WPA_PMK_NAME_LEN);
4250 	wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name",
4251 		    f_pmk_r1_name, WPA_PMK_NAME_LEN);
4252 
4253 	pmk_r1_len = PMK_LEN;
4254 	if (wpa_ft_rrb_get_tlv(plain, plain_len, FT_RRB_PMK_R1, &f_pmk_r1_len,
4255 			       &f_pmk_r1) == 0 &&
4256 	    (f_pmk_r1_len == PMK_LEN || f_pmk_r1_len == SHA384_MAC_LEN ||
4257 	     f_pmk_r1_len == SHA512_MAC_LEN))
4258 		pmk_r1_len = f_pmk_r1_len;
4259 	RRB_GET(FT_RRB_PMK_R1, pmk_r1, msgtype, pmk_r1_len);
4260 	wpa_hexdump_key(MSG_DEBUG, "FT: PMK-R1", f_pmk_r1, pmk_r1_len);
4261 
4262 	pairwise = WPA_GET_LE16(f_pairwise);
4263 
4264 	RRB_GET_OPTIONAL(FT_RRB_EXPIRES_IN, expires_in, msgtype,
4265 			 sizeof(le16));
4266 	if (f_expires_in)
4267 		expires_in = WPA_GET_LE16(f_expires_in);
4268 	else
4269 		expires_in = 0;
4270 
4271 	wpa_printf(MSG_DEBUG, "FT: PMK-R1 %s - expires_in=%d", msgtype,
4272 		   expires_in);
4273 
4274 	if (wpa_ft_rrb_get_tlv_vlan(plain, plain_len, &vlan) < 0) {
4275 		wpa_printf(MSG_DEBUG, "FT: Cannot parse vlan");
4276 		wpa_ft_rrb_dump(plain, plain_len);
4277 		goto out;
4278 	}
4279 
4280 	wpa_printf(MSG_DEBUG, "FT: vlan %d%s",
4281 		   le_to_host16(vlan.untagged), vlan.tagged[0] ? "+" : "");
4282 
4283 	RRB_GET_OPTIONAL(FT_RRB_IDENTITY, identity, msgtype, -1);
4284 	if (f_identity)
4285 		wpa_hexdump_ascii(MSG_DEBUG, "FT: Identity", f_identity,
4286 				  f_identity_len);
4287 
4288 	RRB_GET_OPTIONAL(FT_RRB_RADIUS_CUI, radius_cui, msgtype, -1);
4289 	if (f_radius_cui)
4290 		wpa_hexdump_ascii(MSG_DEBUG, "FT: CUI", f_radius_cui,
4291 				  f_radius_cui_len);
4292 
4293 	RRB_GET_OPTIONAL(FT_RRB_SESSION_TIMEOUT, session_timeout, msgtype,
4294 			 sizeof(le32));
4295 	if (f_session_timeout)
4296 		session_timeout = WPA_GET_LE32(f_session_timeout);
4297 	else
4298 		session_timeout = 0;
4299 	wpa_printf(MSG_DEBUG, "FT: session_timeout %d", session_timeout);
4300 
4301 	if (wpa_ft_store_pmk_r1(wpa_auth, f_s1kh_id, f_pmk_r1, pmk_r1_len,
4302 				f_pmk_r1_name,
4303 				pairwise, &vlan, expires_in, session_timeout,
4304 				f_identity, f_identity_len, f_radius_cui,
4305 				f_radius_cui_len) < 0)
4306 		goto out;
4307 
4308 	ret = 0;
4309 out:
4310 	bin_clear_free(plain, plain_len);
4311 
4312 	return ret;
4313 
4314 }
4315 
4316 
ft_finish_pull(struct wpa_state_machine * sm)4317 static void ft_finish_pull(struct wpa_state_machine *sm)
4318 {
4319 	int res;
4320 	u8 *resp_ies;
4321 	size_t resp_ies_len;
4322 	u16 status;
4323 
4324 	if (!sm->ft_pending_cb || !sm->ft_pending_req_ies)
4325 		return;
4326 
4327 	res = wpa_ft_process_auth_req(sm, wpabuf_head(sm->ft_pending_req_ies),
4328 				      wpabuf_len(sm->ft_pending_req_ies),
4329 				      &resp_ies, &resp_ies_len);
4330 	if (res < 0) {
4331 		/* this loop is broken by ft_pending_pull_left_retries */
4332 		wpa_printf(MSG_DEBUG,
4333 			   "FT: Callback postponed until response is available");
4334 		return;
4335 	}
4336 	wpabuf_free(sm->ft_pending_req_ies);
4337 	sm->ft_pending_req_ies = NULL;
4338 	status = res;
4339 	wpa_printf(MSG_DEBUG, "FT: Postponed auth callback result for " MACSTR
4340 		   " - status %u", MAC2STR(sm->addr), status);
4341 
4342 	sm->ft_pending_cb(sm->ft_pending_cb_ctx, sm->addr,
4343 			  sm->ft_pending_auth_transaction + 1, status,
4344 			  resp_ies, resp_ies_len);
4345 	os_free(resp_ies);
4346 }
4347 
4348 
4349 struct ft_get_sta_ctx {
4350 	const u8 *nonce;
4351 	const u8 *s1kh_id;
4352 	struct wpa_state_machine *sm;
4353 };
4354 
4355 
ft_get_sta_cb(struct wpa_state_machine * sm,void * ctx)4356 static int ft_get_sta_cb(struct wpa_state_machine *sm, void *ctx)
4357 {
4358 	struct ft_get_sta_ctx *info = ctx;
4359 
4360 	if ((info->s1kh_id &&
4361 	     !ether_addr_equal(info->s1kh_id, sm->addr)) ||
4362 	    os_memcmp(info->nonce, sm->ft_pending_pull_nonce,
4363 		      FT_RRB_NONCE_LEN) != 0 ||
4364 	    sm->ft_pending_cb == NULL || sm->ft_pending_req_ies == NULL)
4365 		return 0;
4366 
4367 	info->sm = sm;
4368 
4369 	return 1;
4370 }
4371 
4372 
wpa_ft_rrb_rx_resp(struct wpa_authenticator * wpa_auth,const u8 * src_addr,const u8 * enc,size_t enc_len,const u8 * auth,size_t auth_len,int no_defer)4373 static int wpa_ft_rrb_rx_resp(struct wpa_authenticator *wpa_auth,
4374 			      const u8 *src_addr,
4375 			      const u8 *enc, size_t enc_len,
4376 			      const u8 *auth, size_t auth_len,
4377 			      int no_defer)
4378 {
4379 	const char *msgtype = "pull response";
4380 	int nak, ret = -1;
4381 	struct ft_get_sta_ctx ctx;
4382 	u8 s1kh_id[ETH_ALEN];
4383 	const u8 *f_nonce;
4384 	size_t f_nonce_len;
4385 
4386 	wpa_printf(MSG_DEBUG, "FT: Received PMK-R1 pull response");
4387 
4388 	RRB_GET_AUTH(FT_RRB_NONCE, nonce, msgtype, FT_RRB_NONCE_LEN);
4389 	wpa_hexdump(MSG_DEBUG, "FT: nonce", f_nonce, f_nonce_len);
4390 
4391 	os_memset(&ctx, 0, sizeof(ctx));
4392 	ctx.nonce = f_nonce;
4393 	if (!wpa_auth_for_each_sta(wpa_auth, ft_get_sta_cb, &ctx)) {
4394 		/* nonce not found */
4395 		wpa_printf(MSG_DEBUG, "FT: Invalid nonce");
4396 		return -1;
4397 	}
4398 
4399 	ret = wpa_ft_rrb_rx_r1(wpa_auth, src_addr, FT_PACKET_R0KH_R1KH_RESP,
4400 			       enc, enc_len, auth, auth_len, msgtype, s1kh_id,
4401 			       no_defer ? NULL : &wpa_ft_rrb_rx_resp);
4402 	if (ret == -2) {
4403 		ret = 0;
4404 		nak = 1;
4405 	} else {
4406 		nak = 0;
4407 	}
4408 	if (ret < 0)
4409 		return -1;
4410 
4411 	ctx.s1kh_id = s1kh_id;
4412 	if (wpa_auth_for_each_sta(wpa_auth, ft_get_sta_cb, &ctx)) {
4413 		wpa_printf(MSG_DEBUG,
4414 			   "FT: Response to a pending pull request for " MACSTR,
4415 			   MAC2STR(ctx.sm->addr));
4416 		eloop_cancel_timeout(wpa_ft_expire_pull, ctx.sm, NULL);
4417 		if (nak)
4418 			ctx.sm->ft_pending_pull_left_retries = 0;
4419 		ft_finish_pull(ctx.sm);
4420 	}
4421 
4422 out:
4423 	return ret;
4424 }
4425 
4426 
wpa_ft_rrb_rx_push(struct wpa_authenticator * wpa_auth,const u8 * src_addr,const u8 * enc,size_t enc_len,const u8 * auth,size_t auth_len,int no_defer)4427 static int wpa_ft_rrb_rx_push(struct wpa_authenticator *wpa_auth,
4428 			      const u8 *src_addr,
4429 			      const u8 *enc, size_t enc_len,
4430 			      const u8 *auth, size_t auth_len, int no_defer)
4431 {
4432 	const char *msgtype = "push";
4433 
4434 	wpa_printf(MSG_DEBUG, "FT: Received PMK-R1 push");
4435 
4436 	if (wpa_ft_rrb_rx_r1(wpa_auth, src_addr, FT_PACKET_R0KH_R1KH_PUSH,
4437 			     enc, enc_len, auth, auth_len, msgtype, NULL,
4438 			     no_defer ? NULL : wpa_ft_rrb_rx_push) < 0)
4439 		return -1;
4440 
4441 	return 0;
4442 }
4443 
4444 
wpa_ft_rrb_rx_seq(struct wpa_authenticator * wpa_auth,const u8 * src_addr,int type,const u8 * enc,size_t enc_len,const u8 * auth,size_t auth_len,struct ft_remote_seq ** rkh_seq,u8 ** key,size_t * key_len,struct ft_remote_r0kh ** r0kh_out,struct ft_remote_r1kh ** r1kh_out,struct ft_remote_r0kh ** r0kh_wildcard_out,struct ft_remote_r1kh ** r1kh_wildcard_out)4445 static int wpa_ft_rrb_rx_seq(struct wpa_authenticator *wpa_auth,
4446 			     const u8 *src_addr, int type,
4447 			     const u8 *enc, size_t enc_len,
4448 			     const u8 *auth, size_t auth_len,
4449 			     struct ft_remote_seq **rkh_seq,
4450 			     u8 **key, size_t *key_len,
4451 			     struct ft_remote_r0kh **r0kh_out,
4452 			     struct ft_remote_r1kh **r1kh_out,
4453 			     struct ft_remote_r0kh **r0kh_wildcard_out,
4454 			     struct ft_remote_r1kh **r1kh_wildcard_out)
4455 {
4456 	struct ft_remote_r0kh *r0kh = NULL;
4457 	struct ft_remote_r1kh *r1kh = NULL;
4458 	const u8 *f_r0kh_id, *f_r1kh_id;
4459 	size_t f_r0kh_id_len, f_r1kh_id_len;
4460 	int to_r0kh, to_r1kh;
4461 	u8 *plain = NULL;
4462 	size_t plain_len = 0;
4463 	struct ft_remote_r0kh *r0kh_wildcard;
4464 	struct ft_remote_r1kh *r1kh_wildcard;
4465 
4466 	RRB_GET_AUTH(FT_RRB_R0KH_ID, r0kh_id, "seq", -1);
4467 	RRB_GET_AUTH(FT_RRB_R1KH_ID, r1kh_id, "seq", FT_R1KH_ID_LEN);
4468 
4469 	to_r0kh = !wpa_ft_rrb_check_r0kh(wpa_auth, f_r0kh_id, f_r0kh_id_len);
4470 	to_r1kh = !wpa_ft_rrb_check_r1kh(wpa_auth, f_r1kh_id);
4471 
4472 	if (to_r0kh && to_r1kh) {
4473 		wpa_printf(MSG_DEBUG, "FT: seq - local R0KH-ID and R1KH-ID");
4474 		goto out;
4475 	}
4476 
4477 	if (!to_r0kh && !to_r1kh) {
4478 		wpa_printf(MSG_DEBUG, "FT: seq - remote R0KH-ID and R1KH-ID");
4479 		goto out;
4480 	}
4481 
4482 	if (!to_r0kh) {
4483 		wpa_ft_rrb_lookup_r0kh(wpa_auth, f_r0kh_id, f_r0kh_id_len,
4484 				       &r0kh, &r0kh_wildcard);
4485 		if (!r0kh_wildcard &&
4486 		    (!r0kh || !ether_addr_equal(r0kh->addr, src_addr))) {
4487 			wpa_hexdump(MSG_DEBUG, "FT: Did not find R0KH-ID",
4488 				    f_r0kh_id, f_r0kh_id_len);
4489 			goto out;
4490 		}
4491 		if (r0kh) {
4492 			*key = r0kh->key;
4493 			*key_len = sizeof(r0kh->key);
4494 		} else {
4495 			*key = r0kh_wildcard->key;
4496 			*key_len = sizeof(r0kh_wildcard->key);
4497 		}
4498 	}
4499 
4500 	if (!to_r1kh) {
4501 		wpa_ft_rrb_lookup_r1kh(wpa_auth, f_r1kh_id, &r1kh,
4502 				       &r1kh_wildcard);
4503 		if (!r1kh_wildcard &&
4504 		    (!r1kh || !ether_addr_equal(r1kh->addr, src_addr))) {
4505 			wpa_hexdump(MSG_DEBUG, "FT: Did not find R1KH-ID",
4506 				    f_r1kh_id, FT_R1KH_ID_LEN);
4507 			goto out;
4508 		}
4509 		if (r1kh) {
4510 			*key = r1kh->key;
4511 			*key_len = sizeof(r1kh->key);
4512 		} else {
4513 			*key = r1kh_wildcard->key;
4514 			*key_len = sizeof(r1kh_wildcard->key);
4515 		}
4516 	}
4517 
4518 	if (wpa_ft_rrb_decrypt(*key, *key_len, enc, enc_len, auth, auth_len,
4519 			       src_addr, type, &plain, &plain_len) < 0)
4520 		goto out;
4521 
4522 	os_free(plain);
4523 
4524 	if (!to_r0kh) {
4525 		if (!r0kh)
4526 			r0kh = wpa_ft_rrb_add_r0kh(wpa_auth, r0kh_wildcard,
4527 						   src_addr, f_r0kh_id,
4528 						   f_r0kh_id_len,
4529 						   ftRRBseqTimeout);
4530 		if (!r0kh)
4531 			goto out;
4532 
4533 		wpa_ft_rrb_r0kh_replenish(wpa_auth, r0kh, ftRRBseqTimeout);
4534 		*rkh_seq = r0kh->seq;
4535 		if (r0kh_out)
4536 			*r0kh_out = r0kh;
4537 		if (r0kh_wildcard_out)
4538 			*r0kh_wildcard_out = r0kh_wildcard;
4539 	}
4540 
4541 	if (!to_r1kh) {
4542 		if (!r1kh)
4543 			r1kh = wpa_ft_rrb_add_r1kh(wpa_auth, r1kh_wildcard,
4544 						   src_addr, f_r1kh_id,
4545 						   ftRRBseqTimeout);
4546 		if (!r1kh)
4547 			goto out;
4548 
4549 		wpa_ft_rrb_r1kh_replenish(wpa_auth, r1kh, ftRRBseqTimeout);
4550 		*rkh_seq = r1kh->seq;
4551 		if (r1kh_out)
4552 			*r1kh_out = r1kh;
4553 		if (r1kh_wildcard_out)
4554 			*r1kh_wildcard_out = r1kh_wildcard;
4555 	}
4556 
4557 	return 0;
4558 out:
4559 	return -1;
4560 }
4561 
4562 
wpa_ft_rrb_rx_seq_req(struct wpa_authenticator * wpa_auth,const u8 * src_addr,const u8 * enc,size_t enc_len,const u8 * auth,size_t auth_len,int no_defer)4563 static int wpa_ft_rrb_rx_seq_req(struct wpa_authenticator *wpa_auth,
4564 				 const u8 *src_addr,
4565 				 const u8 *enc, size_t enc_len,
4566 				 const u8 *auth, size_t auth_len,
4567 				 int no_defer)
4568 {
4569 	int ret = -1;
4570 	struct ft_rrb_seq f_seq;
4571 	const u8 *f_nonce, *f_r0kh_id, *f_r1kh_id;
4572 	size_t f_nonce_len, f_r0kh_id_len, f_r1kh_id_len;
4573 	struct ft_remote_seq *rkh_seq = NULL;
4574 	u8 *packet = NULL, *key = NULL;
4575 	size_t packet_len = 0, key_len = 0;
4576 	struct tlv_list seq_resp_auth[5];
4577 
4578 	wpa_printf(MSG_DEBUG, "FT: Received sequence number request");
4579 
4580 	if (wpa_ft_rrb_rx_seq(wpa_auth, src_addr, FT_PACKET_R0KH_R1KH_SEQ_REQ,
4581 			      enc, enc_len, auth, auth_len, &rkh_seq, &key,
4582 			      &key_len, NULL, NULL, NULL, NULL) < 0)
4583 		goto out;
4584 
4585 	RRB_GET_AUTH(FT_RRB_NONCE, nonce, "seq request", FT_RRB_NONCE_LEN);
4586 	wpa_hexdump(MSG_DEBUG, "FT: seq request - nonce", f_nonce, f_nonce_len);
4587 
4588 	RRB_GET_AUTH(FT_RRB_R0KH_ID, r0kh_id, "seq", -1);
4589 	RRB_GET_AUTH(FT_RRB_R1KH_ID, r1kh_id, "seq", FT_R1KH_ID_LEN);
4590 
4591 	if (wpa_ft_new_seq(rkh_seq, &f_seq) < 0) {
4592 		wpa_printf(MSG_DEBUG, "FT: Failed to get seq num");
4593 		goto out;
4594 	}
4595 
4596 	wpa_printf(MSG_DEBUG, "FT: Send sequence number response from " MACSTR
4597 		   " to " MACSTR,
4598 		   MAC2STR(wpa_auth->addr), MAC2STR(src_addr));
4599 
4600 	seq_resp_auth[0].type = FT_RRB_NONCE;
4601 	seq_resp_auth[0].len = f_nonce_len;
4602 	seq_resp_auth[0].data = f_nonce;
4603 	seq_resp_auth[1].type = FT_RRB_SEQ;
4604 	seq_resp_auth[1].len = sizeof(f_seq);
4605 	seq_resp_auth[1].data = (u8 *) &f_seq;
4606 	seq_resp_auth[2].type = FT_RRB_R0KH_ID;
4607 	seq_resp_auth[2].len = f_r0kh_id_len;
4608 	seq_resp_auth[2].data = f_r0kh_id;
4609 	seq_resp_auth[3].type = FT_RRB_R1KH_ID;
4610 	seq_resp_auth[3].len = FT_R1KH_ID_LEN;
4611 	seq_resp_auth[3].data = f_r1kh_id;
4612 	seq_resp_auth[4].type = FT_RRB_LAST_EMPTY;
4613 	seq_resp_auth[4].len = 0;
4614 	seq_resp_auth[4].data = NULL;
4615 
4616 	if (wpa_ft_rrb_build(key, key_len, NULL, NULL, seq_resp_auth, NULL,
4617 			     wpa_auth->addr, FT_PACKET_R0KH_R1KH_SEQ_RESP,
4618 			     &packet, &packet_len) < 0)
4619 		goto out;
4620 
4621 	wpa_ft_rrb_oui_send(wpa_auth, src_addr,
4622 			    FT_PACKET_R0KH_R1KH_SEQ_RESP, packet,
4623 			    packet_len);
4624 
4625 out:
4626 	os_free(packet);
4627 
4628 	return ret;
4629 }
4630 
4631 
wpa_ft_rrb_rx_seq_resp(struct wpa_authenticator * wpa_auth,const u8 * src_addr,const u8 * enc,size_t enc_len,const u8 * auth,size_t auth_len,int no_defer)4632 static int wpa_ft_rrb_rx_seq_resp(struct wpa_authenticator *wpa_auth,
4633 				  const u8 *src_addr,
4634 				  const u8 *enc, size_t enc_len,
4635 				  const u8 *auth, size_t auth_len,
4636 				  int no_defer)
4637 {
4638 	u8 *key = NULL;
4639 	size_t key_len = 0;
4640 	struct ft_remote_r0kh *r0kh = NULL, *r0kh_wildcard = NULL;
4641 	struct ft_remote_r1kh *r1kh = NULL, *r1kh_wildcard = NULL;
4642 	const u8 *f_nonce, *f_seq;
4643 	size_t f_nonce_len, f_seq_len;
4644 	struct ft_remote_seq *rkh_seq = NULL;
4645 	struct ft_remote_item *item;
4646 	struct os_reltime now, now_remote;
4647 	int seq_ret, found;
4648 	const struct ft_rrb_seq *msg_both;
4649 	u32 msg_dom, msg_seq;
4650 
4651 	wpa_printf(MSG_DEBUG, "FT: Received sequence number response");
4652 
4653 	if (wpa_ft_rrb_rx_seq(wpa_auth, src_addr, FT_PACKET_R0KH_R1KH_SEQ_RESP,
4654 			      enc, enc_len, auth, auth_len, &rkh_seq, &key,
4655 			      &key_len, &r0kh, &r1kh, &r0kh_wildcard,
4656 			      &r1kh_wildcard) < 0)
4657 		goto out;
4658 
4659 	RRB_GET_AUTH(FT_RRB_NONCE, nonce, "seq response", FT_RRB_NONCE_LEN);
4660 	wpa_hexdump(MSG_DEBUG, "FT: seq response - nonce", f_nonce,
4661 		    f_nonce_len);
4662 
4663 	found = 0;
4664 	dl_list_for_each(item, &rkh_seq->rx.queue, struct ft_remote_item,
4665 			 list) {
4666 		if (os_memcmp_const(f_nonce, item->nonce,
4667 				    FT_RRB_NONCE_LEN) != 0 ||
4668 		    os_get_reltime(&now) < 0 ||
4669 		    os_reltime_expired(&now, &item->nonce_ts, ftRRBseqTimeout))
4670 			continue;
4671 
4672 		found = 1;
4673 		break;
4674 	}
4675 	if (!found) {
4676 		wpa_printf(MSG_DEBUG, "FT: seq response - bad nonce");
4677 		goto out;
4678 	}
4679 
4680 	if (r0kh) {
4681 		wpa_ft_rrb_r0kh_replenish(wpa_auth, r0kh,
4682 					  wpa_auth->conf.rkh_pos_timeout);
4683 		if (r0kh_wildcard)
4684 			os_memcpy(r0kh->addr, src_addr, ETH_ALEN);
4685 	}
4686 
4687 	if (r1kh) {
4688 		wpa_ft_rrb_r1kh_replenish(wpa_auth, r1kh,
4689 					  wpa_auth->conf.rkh_pos_timeout);
4690 		if (r1kh_wildcard)
4691 			os_memcpy(r1kh->addr, src_addr, ETH_ALEN);
4692 	}
4693 
4694 	seq_ret = wpa_ft_rrb_seq_chk(rkh_seq, src_addr, enc, enc_len, auth,
4695 				     auth_len, "seq response", 1);
4696 	if (seq_ret == FT_RRB_SEQ_OK) {
4697 		wpa_printf(MSG_DEBUG, "FT: seq response - valid seq number");
4698 		wpa_ft_rrb_seq_accept(wpa_auth, rkh_seq, src_addr, auth,
4699 				      auth_len, "seq response");
4700 	} else {
4701 		wpa_printf(MSG_DEBUG, "FT: seq response - reset seq number");
4702 
4703 		RRB_GET_AUTH(FT_RRB_SEQ, seq, "seq response",
4704 			     sizeof(*msg_both));
4705 		msg_both = (const struct ft_rrb_seq *) f_seq;
4706 
4707 		msg_dom = le_to_host32(msg_both->dom);
4708 		msg_seq = le_to_host32(msg_both->seq);
4709 		now_remote.sec = le_to_host32(msg_both->ts);
4710 		now_remote.usec = 0;
4711 
4712 		rkh_seq->rx.num_last = 2;
4713 		rkh_seq->rx.dom = msg_dom;
4714 		rkh_seq->rx.offsetidx = 0;
4715 		/* Accept some older, possibly cached packets as well */
4716 		rkh_seq->rx.last[0] = msg_seq - FT_REMOTE_SEQ_BACKLOG -
4717 			dl_list_len(&rkh_seq->rx.queue);
4718 		rkh_seq->rx.last[1] = msg_seq;
4719 
4720 		/* local time - offset = remote time
4721 		 * <=> local time - remote time = offset */
4722 		os_reltime_sub(&now, &now_remote, &rkh_seq->rx.time_offset);
4723 	}
4724 
4725 	wpa_ft_rrb_seq_flush(wpa_auth, rkh_seq, 1);
4726 
4727 	return 0;
4728 out:
4729 	return -1;
4730 }
4731 
4732 
wpa_ft_rrb_rx(struct wpa_authenticator * wpa_auth,const u8 * src_addr,const u8 * data,size_t data_len)4733 int wpa_ft_rrb_rx(struct wpa_authenticator *wpa_auth, const u8 *src_addr,
4734 		  const u8 *data, size_t data_len)
4735 {
4736 	struct ft_rrb_frame *frame;
4737 	u16 alen;
4738 	const u8 *pos, *end, *start;
4739 	u8 action;
4740 	const u8 *sta_addr, *target_ap_addr;
4741 
4742 	wpa_printf(MSG_DEBUG, "FT: RRB received frame from remote AP " MACSTR,
4743 		   MAC2STR(src_addr));
4744 
4745 	if (data_len < sizeof(*frame)) {
4746 		wpa_printf(MSG_DEBUG, "FT: Too short RRB frame (data_len=%lu)",
4747 			   (unsigned long) data_len);
4748 		return -1;
4749 	}
4750 
4751 	pos = data;
4752 	frame = (struct ft_rrb_frame *) pos;
4753 	pos += sizeof(*frame);
4754 
4755 	alen = le_to_host16(frame->action_length);
4756 	wpa_printf(MSG_DEBUG, "FT: RRB frame - frame_type=%d packet_type=%d "
4757 		   "action_length=%d ap_address=" MACSTR,
4758 		   frame->frame_type, frame->packet_type, alen,
4759 		   MAC2STR(frame->ap_address));
4760 
4761 	if (frame->frame_type != RSN_REMOTE_FRAME_TYPE_FT_RRB) {
4762 		/* Discard frame per IEEE Std 802.11r-2008, 11A.10.3 */
4763 		wpa_printf(MSG_DEBUG, "FT: RRB discarded frame with "
4764 			   "unrecognized type %d", frame->frame_type);
4765 		return -1;
4766 	}
4767 
4768 	if (alen > data_len - sizeof(*frame)) {
4769 		wpa_printf(MSG_DEBUG, "FT: RRB frame too short for action "
4770 			   "frame");
4771 		return -1;
4772 	}
4773 
4774 	wpa_hexdump(MSG_MSGDUMP, "FT: RRB - FT Action frame", pos, alen);
4775 
4776 	if (alen < 1 + 1 + 2 * ETH_ALEN) {
4777 		wpa_printf(MSG_DEBUG, "FT: Too short RRB frame (not enough "
4778 			   "room for Action Frame body); alen=%lu",
4779 			   (unsigned long) alen);
4780 		return -1;
4781 	}
4782 	start = pos;
4783 	end = pos + alen;
4784 
4785 	if (*pos != WLAN_ACTION_FT) {
4786 		wpa_printf(MSG_DEBUG, "FT: Unexpected Action frame category "
4787 			   "%d", *pos);
4788 		return -1;
4789 	}
4790 
4791 	pos++;
4792 	action = *pos++;
4793 	sta_addr = pos;
4794 	pos += ETH_ALEN;
4795 	target_ap_addr = pos;
4796 	pos += ETH_ALEN;
4797 	wpa_printf(MSG_DEBUG, "FT: RRB Action Frame: action=%d sta_addr="
4798 		   MACSTR " target_ap_addr=" MACSTR,
4799 		   action, MAC2STR(sta_addr), MAC2STR(target_ap_addr));
4800 
4801 	if (frame->packet_type == FT_PACKET_REQUEST) {
4802 		wpa_printf(MSG_DEBUG, "FT: FT Packet Type - Request");
4803 
4804 		if (action != 1) {
4805 			wpa_printf(MSG_DEBUG, "FT: Unexpected Action %d in "
4806 				   "RRB Request", action);
4807 			return -1;
4808 		}
4809 
4810 		if (!ether_addr_equal(target_ap_addr, wpa_auth->addr)) {
4811 			wpa_printf(MSG_DEBUG, "FT: Target AP address in the "
4812 				   "RRB Request does not match with own "
4813 				   "address");
4814 			return -1;
4815 		}
4816 
4817 		if (wpa_ft_rrb_rx_request(wpa_auth, frame->ap_address,
4818 					  sta_addr, pos, end - pos) < 0)
4819 			return -1;
4820 	} else if (frame->packet_type == FT_PACKET_RESPONSE) {
4821 		u16 status_code;
4822 
4823 		if (end - pos < 2) {
4824 			wpa_printf(MSG_DEBUG, "FT: Not enough room for status "
4825 				   "code in RRB Response");
4826 			return -1;
4827 		}
4828 		status_code = WPA_GET_LE16(pos);
4829 
4830 		wpa_printf(MSG_DEBUG, "FT: FT Packet Type - Response "
4831 			   "(status_code=%d)", status_code);
4832 
4833 		if (wpa_ft_action_send(wpa_auth, sta_addr, start, alen) < 0)
4834 			return -1;
4835 	} else {
4836 		wpa_printf(MSG_DEBUG, "FT: RRB discarded frame with unknown "
4837 			   "packet_type %d", frame->packet_type);
4838 		return -1;
4839 	}
4840 
4841 	return 0;
4842 }
4843 
4844 
wpa_ft_rrb_oui_rx(struct wpa_authenticator * wpa_auth,const u8 * src_addr,const u8 * dst_addr,u8 oui_suffix,const u8 * data,size_t data_len)4845 void wpa_ft_rrb_oui_rx(struct wpa_authenticator *wpa_auth, const u8 *src_addr,
4846 		       const u8 *dst_addr, u8 oui_suffix, const u8 *data,
4847 		       size_t data_len)
4848 {
4849 	const u8 *auth, *enc;
4850 	size_t alen, elen;
4851 	int no_defer = 0;
4852 
4853 	wpa_printf(MSG_DEBUG, "FT: RRB-OUI(" MACSTR
4854 		   ") received frame from remote AP "
4855 		   MACSTR " oui_suffix=%u dst=" MACSTR,
4856 		   MAC2STR(wpa_auth->addr), MAC2STR(src_addr), oui_suffix,
4857 		   MAC2STR(dst_addr));
4858 	wpa_hexdump(MSG_MSGDUMP, "FT: RRB frame payload", data, data_len);
4859 
4860 	if (is_multicast_ether_addr(src_addr)) {
4861 		wpa_printf(MSG_DEBUG,
4862 			   "FT: RRB-OUI received frame from multicast address "
4863 			   MACSTR, MAC2STR(src_addr));
4864 		return;
4865 	}
4866 
4867 	if (is_multicast_ether_addr(dst_addr))
4868 		no_defer = 1;
4869 
4870 	if (data_len < sizeof(u16)) {
4871 		wpa_printf(MSG_DEBUG, "FT: RRB-OUI frame too short");
4872 		return;
4873 	}
4874 
4875 	alen = WPA_GET_LE16(data);
4876 	if (data_len < sizeof(u16) + alen) {
4877 		wpa_printf(MSG_DEBUG, "FT: RRB-OUI frame too short");
4878 		return;
4879 	}
4880 
4881 	auth = data + sizeof(u16);
4882 	wpa_hexdump(MSG_MSGDUMP, "FT: Authenticated payload", auth, alen);
4883 	enc = data + sizeof(u16) + alen;
4884 	elen = data_len - sizeof(u16) - alen;
4885 	wpa_hexdump(MSG_MSGDUMP, "FT: Encrypted payload", enc, elen);
4886 
4887 	switch (oui_suffix) {
4888 	case FT_PACKET_R0KH_R1KH_PULL:
4889 		wpa_ft_rrb_rx_pull(wpa_auth, src_addr, enc, elen, auth, alen,
4890 				   no_defer);
4891 		break;
4892 	case FT_PACKET_R0KH_R1KH_RESP:
4893 		wpa_ft_rrb_rx_resp(wpa_auth, src_addr, enc, elen, auth, alen,
4894 				   no_defer);
4895 		break;
4896 	case FT_PACKET_R0KH_R1KH_PUSH:
4897 		wpa_ft_rrb_rx_push(wpa_auth, src_addr, enc, elen, auth, alen,
4898 				   no_defer);
4899 		break;
4900 	case FT_PACKET_R0KH_R1KH_SEQ_REQ:
4901 		wpa_ft_rrb_rx_seq_req(wpa_auth, src_addr, enc, elen, auth, alen,
4902 				      no_defer);
4903 		break;
4904 	case FT_PACKET_R0KH_R1KH_SEQ_RESP:
4905 		wpa_ft_rrb_rx_seq_resp(wpa_auth, src_addr, enc, elen, auth,
4906 				       alen, no_defer);
4907 		break;
4908 	}
4909 }
4910 
4911 
wpa_ft_generate_pmk_r1(struct wpa_authenticator * wpa_auth,struct wpa_ft_pmk_r0_sa * pmk_r0,struct ft_remote_r1kh * r1kh,const u8 * s1kh_id)4912 static int wpa_ft_generate_pmk_r1(struct wpa_authenticator *wpa_auth,
4913 				  struct wpa_ft_pmk_r0_sa *pmk_r0,
4914 				  struct ft_remote_r1kh *r1kh,
4915 				  const u8 *s1kh_id)
4916 {
4917 	u8 *packet;
4918 	size_t packet_len;
4919 	struct ft_rrb_seq f_seq;
4920 	struct tlv_list push[] = {
4921 		{ .type = FT_RRB_S1KH_ID, .len = ETH_ALEN,
4922 		  .data = s1kh_id },
4923 		{ .type = FT_RRB_PMK_R0_NAME, .len = WPA_PMK_NAME_LEN,
4924 		  .data = pmk_r0->pmk_r0_name },
4925 		{ .type = FT_RRB_LAST_EMPTY, .len = 0, .data = NULL },
4926 	};
4927 	struct tlv_list push_auth[] = {
4928 		{ .type = FT_RRB_SEQ, .len = sizeof(f_seq),
4929 		  .data = (u8 *) &f_seq },
4930 		{ .type = FT_RRB_R0KH_ID,
4931 		  .len = wpa_auth->conf.r0_key_holder_len,
4932 		  .data = wpa_auth->conf.r0_key_holder },
4933 		{ .type = FT_RRB_R1KH_ID, .len = FT_R1KH_ID_LEN,
4934 		  .data = r1kh->id },
4935 		{ .type = FT_RRB_LAST_EMPTY, .len = 0, .data = NULL },
4936 	};
4937 
4938 	if (wpa_ft_new_seq(r1kh->seq, &f_seq) < 0) {
4939 		wpa_printf(MSG_DEBUG, "FT: Failed to get seq num");
4940 		return -1;
4941 	}
4942 
4943 	wpa_printf(MSG_DEBUG, "FT: Send PMK-R1 push from " MACSTR
4944 		   " to remote R0KH address " MACSTR,
4945 		   MAC2STR(wpa_auth->addr), MAC2STR(r1kh->addr));
4946 
4947 	if (wpa_ft_rrb_build_r0(r1kh->key, sizeof(r1kh->key), push, pmk_r0,
4948 				r1kh->id, s1kh_id, push_auth, wpa_auth->addr,
4949 				FT_PACKET_R0KH_R1KH_PUSH,
4950 				&packet, &packet_len) < 0)
4951 		return -1;
4952 
4953 	wpa_ft_rrb_oui_send(wpa_auth, r1kh->addr, FT_PACKET_R0KH_R1KH_PUSH,
4954 			    packet, packet_len);
4955 
4956 	os_free(packet);
4957 	return 0;
4958 }
4959 
4960 
wpa_ft_push_pmk_r1(struct wpa_authenticator * wpa_auth,const u8 * addr)4961 void wpa_ft_push_pmk_r1(struct wpa_authenticator *wpa_auth, const u8 *addr)
4962 {
4963 	struct wpa_ft_pmk_cache *cache = wpa_auth->ft_pmk_cache;
4964 	struct wpa_ft_pmk_r0_sa *r0, *r0found = NULL;
4965 	struct ft_remote_r1kh *r1kh;
4966 
4967 	if (!wpa_auth->conf.pmk_r1_push)
4968 		return;
4969 	if (!wpa_auth->conf.r1kh_list)
4970 		return;
4971 
4972 	dl_list_for_each(r0, &cache->pmk_r0, struct wpa_ft_pmk_r0_sa, list) {
4973 		if (ether_addr_equal(r0->spa, addr)) {
4974 			r0found = r0;
4975 			break;
4976 		}
4977 	}
4978 
4979 	r0 = r0found;
4980 	if (r0 == NULL || r0->pmk_r1_pushed)
4981 		return;
4982 	r0->pmk_r1_pushed = 1;
4983 
4984 	wpa_printf(MSG_DEBUG, "FT: Deriving and pushing PMK-R1 keys to R1KHs "
4985 		   "for STA " MACSTR, MAC2STR(addr));
4986 
4987 	for (r1kh = *wpa_auth->conf.r1kh_list; r1kh; r1kh = r1kh->next) {
4988 		if (is_zero_ether_addr(r1kh->addr) ||
4989 		    is_zero_ether_addr(r1kh->id))
4990 			continue;
4991 		if (wpa_ft_rrb_init_r1kh_seq(r1kh) < 0)
4992 			continue;
4993 		wpa_ft_generate_pmk_r1(wpa_auth, r0, r1kh, addr);
4994 	}
4995 }
4996 
4997 #endif /* CONFIG_IEEE80211R_AP */
4998