xref: /freebsd/contrib/wpa/src/ap/wpa_auth_ft.c (revision 52c2bb75163559a6e2866ad374a7de67a4ea1273)
1 /*
2  * hostapd - IEEE 802.11r - Fast BSS Transition
3  * Copyright (c) 2004-2018, Jouni Malinen <j@w1.fi>
4  *
5  * This software may be distributed under the terms of the BSD license.
6  * See README for more details.
7  */
8 
9 #include "utils/includes.h"
10 
11 #include "utils/common.h"
12 #include "utils/eloop.h"
13 #include "utils/list.h"
14 #include "common/ieee802_11_defs.h"
15 #include "common/ieee802_11_common.h"
16 #include "common/ocv.h"
17 #include "drivers/driver.h"
18 #include "crypto/aes.h"
19 #include "crypto/aes_siv.h"
20 #include "crypto/aes_wrap.h"
21 #include "crypto/sha384.h"
22 #include "crypto/random.h"
23 #include "ap_config.h"
24 #include "ieee802_11.h"
25 #include "wmm.h"
26 #include "wpa_auth.h"
27 #include "wpa_auth_i.h"
28 
29 
30 #ifdef CONFIG_IEEE80211R_AP
31 
32 const unsigned int ftRRBseqTimeout = 10;
33 const unsigned int ftRRBmaxQueueLen = 100;
34 
35 
36 static int wpa_ft_send_rrb_auth_resp(struct wpa_state_machine *sm,
37 				     const u8 *current_ap, const u8 *sta_addr,
38 				     u16 status, const u8 *resp_ies,
39 				     size_t resp_ies_len);
40 static void ft_finish_pull(struct wpa_state_machine *sm);
41 static void wpa_ft_expire_pull(void *eloop_ctx, void *timeout_ctx);
42 static void wpa_ft_rrb_seq_timeout(void *eloop_ctx, void *timeout_ctx);
43 
44 struct tlv_list {
45 	u16 type;
46 	size_t len;
47 	const u8 *data;
48 };
49 
50 
51 /**
52  * wpa_ft_rrb_decrypt - Decrypt FT RRB message
53  * @key: AES-SIV key for AEAD
54  * @key_len: Length of key in octets
55  * @enc: Pointer to encrypted TLVs
56  * @enc_len: Length of encrypted TLVs in octets
57  * @auth: Pointer to authenticated TLVs
58  * @auth_len: Length of authenticated TLVs in octets
59  * @src_addr: MAC address of the frame sender
60  * @type: Vendor-specific subtype of the RRB frame (FT_PACKET_*)
61  * @plain: Pointer to return the pointer to the allocated plaintext buffer;
62  *	needs to be freed by the caller if not NULL;
63  *	will only be returned on success
64  * @plain_len: Pointer to return the length of the allocated plaintext buffer
65  *	in octets
66  * Returns: 0 on success, -1 on error
67  */
68 static int wpa_ft_rrb_decrypt(const u8 *key, const size_t key_len,
69 			      const u8 *enc, size_t enc_len,
70 			      const u8 *auth, const size_t auth_len,
71 			      const u8 *src_addr, u8 type,
72 			      u8 **plain, size_t *plain_size)
73 {
74 	const u8 *ad[3] = { src_addr, auth, &type };
75 	size_t ad_len[3] = { ETH_ALEN, auth_len, sizeof(type) };
76 
77 	wpa_printf(MSG_DEBUG, "FT(RRB): src_addr=" MACSTR " type=%u",
78 		   MAC2STR(src_addr), type);
79 	wpa_hexdump_key(MSG_DEBUG, "FT(RRB): decrypt using key", key, key_len);
80 	wpa_hexdump(MSG_DEBUG, "FT(RRB): encrypted TLVs", enc, enc_len);
81 	wpa_hexdump(MSG_DEBUG, "FT(RRB): authenticated TLVs", auth, auth_len);
82 
83 	if (!key) { /* skip decryption */
84 		*plain = os_memdup(enc, enc_len);
85 		if (enc_len > 0 && !*plain)
86 			goto err;
87 
88 		*plain_size = enc_len;
89 
90 		return 0;
91 	}
92 
93 	*plain = NULL;
94 
95 	/* SIV overhead */
96 	if (enc_len < AES_BLOCK_SIZE)
97 		goto err;
98 
99 	*plain = os_zalloc(enc_len - AES_BLOCK_SIZE);
100 	if (!*plain)
101 		goto err;
102 
103 	if (aes_siv_decrypt(key, key_len, enc, enc_len, 3, ad, ad_len,
104 			    *plain) < 0) {
105 		if (enc_len < AES_BLOCK_SIZE + 2)
106 			goto err;
107 
108 		/* Try to work around Ethernet devices that add extra
109 		 * two octet padding even if the frame is longer than
110 		 * the minimum Ethernet frame. */
111 		enc_len -= 2;
112 		if (aes_siv_decrypt(key, key_len, enc, enc_len, 3, ad, ad_len,
113 				    *plain) < 0)
114 			goto err;
115 	}
116 
117 	*plain_size = enc_len - AES_BLOCK_SIZE;
118 	wpa_hexdump_key(MSG_DEBUG, "FT(RRB): decrypted TLVs",
119 			*plain, *plain_size);
120 	return 0;
121 err:
122 	os_free(*plain);
123 	*plain = NULL;
124 	*plain_size = 0;
125 
126 	wpa_printf(MSG_ERROR, "FT(RRB): Failed to decrypt");
127 
128 	return -1;
129 }
130 
131 
132 /* get first tlv record in packet matching type
133  * @data (decrypted) packet
134  * @return 0 on success else -1
135  */
136 static int wpa_ft_rrb_get_tlv(const u8 *plain, size_t plain_len,
137 			      u16 type, size_t *tlv_len, const u8 **tlv_data)
138 {
139 	const struct ft_rrb_tlv *f;
140 	size_t left;
141 	le16 type16;
142 	size_t len;
143 
144 	left = plain_len;
145 	type16 = host_to_le16(type);
146 
147 	while (left >= sizeof(*f)) {
148 		f = (const struct ft_rrb_tlv *) plain;
149 
150 		left -= sizeof(*f);
151 		plain += sizeof(*f);
152 		len = le_to_host16(f->len);
153 
154 		if (left < len) {
155 			wpa_printf(MSG_DEBUG, "FT: RRB message truncated");
156 			break;
157 		}
158 
159 		if (f->type == type16) {
160 			*tlv_len = len;
161 			*tlv_data = plain;
162 			return 0;
163 		}
164 
165 		left -= len;
166 		plain += len;
167 	}
168 
169 	return -1;
170 }
171 
172 
173 static void wpa_ft_rrb_dump(const u8 *plain, const size_t plain_len)
174 {
175 	const struct ft_rrb_tlv *f;
176 	size_t left;
177 	size_t len;
178 
179 	left = plain_len;
180 
181 	wpa_printf(MSG_DEBUG, "FT: RRB dump message");
182 	while (left >= sizeof(*f)) {
183 		f = (const struct ft_rrb_tlv *) plain;
184 
185 		left -= sizeof(*f);
186 		plain += sizeof(*f);
187 		len = le_to_host16(f->len);
188 
189 		wpa_printf(MSG_DEBUG, "FT: RRB TLV type = %d, len = %zu",
190 			   le_to_host16(f->type), len);
191 
192 		if (left < len) {
193 			wpa_printf(MSG_DEBUG,
194 				   "FT: RRB message truncated: left %zu bytes, need %zu",
195 				   left, len);
196 			break;
197 		}
198 
199 		wpa_hexdump(MSG_DEBUG, "FT: RRB TLV data", plain, len);
200 
201 		left -= len;
202 		plain += len;
203 	}
204 
205 	if (left > 0)
206 		wpa_hexdump(MSG_DEBUG, "FT: RRB TLV padding", plain, left);
207 
208 	wpa_printf(MSG_DEBUG, "FT: RRB dump message end");
209 }
210 
211 
212 static int cmp_int(const void *a, const void *b)
213 {
214 	int x, y;
215 
216 	x = *((int *) a);
217 	y = *((int *) b);
218 	return x - y;
219 }
220 
221 
222 static int wpa_ft_rrb_get_tlv_vlan(const u8 *plain, const size_t plain_len,
223 				   struct vlan_description *vlan)
224 {
225 	struct ft_rrb_tlv *f;
226 	size_t left;
227 	size_t len;
228 	int taggedidx;
229 	int vlan_id;
230 	int type;
231 
232 	left = plain_len;
233 	taggedidx = 0;
234 	os_memset(vlan, 0, sizeof(*vlan));
235 
236 	while (left >= sizeof(*f)) {
237 		f = (struct ft_rrb_tlv *) plain;
238 
239 		left -= sizeof(*f);
240 		plain += sizeof(*f);
241 
242 		len = le_to_host16(f->len);
243 		type = le_to_host16(f->type);
244 
245 		if (left < len) {
246 			wpa_printf(MSG_DEBUG, "FT: RRB message truncated");
247 			return -1;
248 		}
249 
250 		if (type != FT_RRB_VLAN_UNTAGGED && type != FT_RRB_VLAN_TAGGED)
251 			goto skip;
252 
253 		if (type == FT_RRB_VLAN_UNTAGGED && len != sizeof(le16)) {
254 			wpa_printf(MSG_DEBUG,
255 				   "FT: RRB VLAN_UNTAGGED invalid length");
256 			return -1;
257 		}
258 
259 		if (type == FT_RRB_VLAN_TAGGED && len % sizeof(le16) != 0) {
260 			wpa_printf(MSG_DEBUG,
261 				   "FT: RRB VLAN_TAGGED invalid length");
262 			return -1;
263 		}
264 
265 		while (len >= sizeof(le16)) {
266 			vlan_id = WPA_GET_LE16(plain);
267 			plain += sizeof(le16);
268 			left -= sizeof(le16);
269 			len -= sizeof(le16);
270 
271 			if (vlan_id <= 0 || vlan_id > MAX_VLAN_ID) {
272 				wpa_printf(MSG_DEBUG,
273 					   "FT: RRB VLAN ID invalid %d",
274 					   vlan_id);
275 				continue;
276 			}
277 
278 			if (type == FT_RRB_VLAN_UNTAGGED)
279 				vlan->untagged = vlan_id;
280 
281 			if (type == FT_RRB_VLAN_TAGGED &&
282 			    taggedidx < MAX_NUM_TAGGED_VLAN) {
283 				vlan->tagged[taggedidx] = vlan_id;
284 				taggedidx++;
285 			} else if (type == FT_RRB_VLAN_TAGGED) {
286 				wpa_printf(MSG_DEBUG, "FT: RRB too many VLANs");
287 			}
288 		}
289 
290 	skip:
291 		left -= len;
292 		plain += len;
293 	}
294 
295 	if (taggedidx)
296 		qsort(vlan->tagged, taggedidx, sizeof(int), cmp_int);
297 
298 	vlan->notempty = vlan->untagged || vlan->tagged[0];
299 
300 	return 0;
301 }
302 
303 
304 static size_t wpa_ft_tlv_len(const struct tlv_list *tlvs)
305 {
306 	size_t tlv_len = 0;
307 	int i;
308 
309 	if (!tlvs)
310 		return 0;
311 
312 	for (i = 0; tlvs[i].type != FT_RRB_LAST_EMPTY; i++) {
313 		tlv_len += sizeof(struct ft_rrb_tlv);
314 		tlv_len += tlvs[i].len;
315 	}
316 
317 	return tlv_len;
318 }
319 
320 
321 static size_t wpa_ft_tlv_lin(const struct tlv_list *tlvs, u8 *start,
322 			     u8 *endpos)
323 {
324 	int i;
325 	size_t tlv_len;
326 	struct ft_rrb_tlv *hdr;
327 	u8 *pos;
328 
329 	if (!tlvs)
330 		return 0;
331 
332 	tlv_len = 0;
333 	pos = start;
334 	for (i = 0; tlvs[i].type != FT_RRB_LAST_EMPTY; i++) {
335 		if (tlv_len + sizeof(*hdr) > (size_t) (endpos - start))
336 			return tlv_len;
337 		tlv_len += sizeof(*hdr);
338 		hdr = (struct ft_rrb_tlv *) pos;
339 		hdr->type = host_to_le16(tlvs[i].type);
340 		hdr->len = host_to_le16(tlvs[i].len);
341 		pos = start + tlv_len;
342 
343 		if (tlv_len + tlvs[i].len > (size_t) (endpos - start))
344 			return tlv_len;
345 		if (tlvs[i].len == 0)
346 			continue;
347 		tlv_len += tlvs[i].len;
348 		os_memcpy(pos, tlvs[i].data, tlvs[i].len);
349 		pos = start + tlv_len;
350 	}
351 
352 	return tlv_len;
353 }
354 
355 
356 static size_t wpa_ft_vlan_len(const struct vlan_description *vlan)
357 {
358 	size_t tlv_len = 0;
359 	int i;
360 
361 	if (!vlan || !vlan->notempty)
362 		return 0;
363 
364 	if (vlan->untagged) {
365 		tlv_len += sizeof(struct ft_rrb_tlv);
366 		tlv_len += sizeof(le16);
367 	}
368 	if (vlan->tagged[0])
369 		tlv_len += sizeof(struct ft_rrb_tlv);
370 	for (i = 0; i < MAX_NUM_TAGGED_VLAN && vlan->tagged[i]; i++)
371 		tlv_len += sizeof(le16);
372 
373 	return tlv_len;
374 }
375 
376 
377 static size_t wpa_ft_vlan_lin(const struct vlan_description *vlan,
378 			      u8 *start, u8 *endpos)
379 {
380 	size_t tlv_len;
381 	int i, len;
382 	struct ft_rrb_tlv *hdr;
383 	u8 *pos = start;
384 
385 	if (!vlan || !vlan->notempty)
386 		return 0;
387 
388 	tlv_len = 0;
389 	if (vlan->untagged) {
390 		tlv_len += sizeof(*hdr);
391 		if (start + tlv_len > endpos)
392 			return tlv_len;
393 		hdr = (struct ft_rrb_tlv *) pos;
394 		hdr->type = host_to_le16(FT_RRB_VLAN_UNTAGGED);
395 		hdr->len = host_to_le16(sizeof(le16));
396 		pos = start + tlv_len;
397 
398 		tlv_len += sizeof(le16);
399 		if (start + tlv_len > endpos)
400 			return tlv_len;
401 		WPA_PUT_LE16(pos, vlan->untagged);
402 		pos = start + tlv_len;
403 	}
404 
405 	if (!vlan->tagged[0])
406 		return tlv_len;
407 
408 	tlv_len += sizeof(*hdr);
409 	if (start + tlv_len > endpos)
410 		return tlv_len;
411 	hdr = (struct ft_rrb_tlv *) pos;
412 	hdr->type = host_to_le16(FT_RRB_VLAN_TAGGED);
413 	len = 0; /* len is computed below */
414 	pos = start + tlv_len;
415 
416 	for (i = 0; i < MAX_NUM_TAGGED_VLAN && vlan->tagged[i]; i++) {
417 		tlv_len += sizeof(le16);
418 		if (start + tlv_len > endpos)
419 			break;
420 		len += sizeof(le16);
421 		WPA_PUT_LE16(pos, vlan->tagged[i]);
422 		pos = start + tlv_len;
423 	}
424 
425 	hdr->len = host_to_le16(len);
426 
427 	return tlv_len;
428 }
429 
430 
431 static int wpa_ft_rrb_lin(const struct tlv_list *tlvs1,
432 			  const struct tlv_list *tlvs2,
433 			  const struct vlan_description *vlan,
434 			  u8 **plain, size_t *plain_len)
435 {
436 	u8 *pos, *endpos;
437 	size_t tlv_len;
438 
439 	tlv_len = wpa_ft_tlv_len(tlvs1);
440 	tlv_len += wpa_ft_tlv_len(tlvs2);
441 	tlv_len += wpa_ft_vlan_len(vlan);
442 
443 	*plain_len = tlv_len;
444 	*plain = os_zalloc(tlv_len);
445 	if (!*plain) {
446 		wpa_printf(MSG_ERROR, "FT: Failed to allocate plaintext");
447 		goto err;
448 	}
449 
450 	pos = *plain;
451 	endpos = *plain + tlv_len;
452 	pos += wpa_ft_tlv_lin(tlvs1, pos, endpos);
453 	pos += wpa_ft_tlv_lin(tlvs2, pos, endpos);
454 	pos += wpa_ft_vlan_lin(vlan, pos, endpos);
455 
456 	/* sanity check */
457 	if (pos != endpos) {
458 		wpa_printf(MSG_ERROR, "FT: Length error building RRB");
459 		goto err;
460 	}
461 
462 	return 0;
463 
464 err:
465 	os_free(*plain);
466 	*plain = NULL;
467 	*plain_len = 0;
468 	return -1;
469 }
470 
471 
472 static int wpa_ft_rrb_encrypt(const u8 *key, const size_t key_len,
473 			      const u8 *plain, const size_t plain_len,
474 			      const u8 *auth, const size_t auth_len,
475 			      const u8 *src_addr, u8 type, u8 *enc)
476 {
477 	const u8 *ad[3] = { src_addr, auth, &type };
478 	size_t ad_len[3] = { ETH_ALEN, auth_len, sizeof(type) };
479 
480 	wpa_printf(MSG_DEBUG, "FT(RRB): src_addr=" MACSTR " type=%u",
481 		   MAC2STR(src_addr), type);
482 	wpa_hexdump_key(MSG_DEBUG, "FT(RRB): plaintext message",
483 			plain, plain_len);
484 	wpa_hexdump_key(MSG_DEBUG, "FT(RRB): encrypt using key", key, key_len);
485 	wpa_hexdump(MSG_DEBUG, "FT(RRB): authenticated TLVs", auth, auth_len);
486 
487 	if (!key) {
488 		/* encryption not needed, return plaintext as packet */
489 		os_memcpy(enc, plain, plain_len);
490 	} else if (aes_siv_encrypt(key, key_len, plain, plain_len,
491 				   3, ad, ad_len, enc) < 0) {
492 		wpa_printf(MSG_ERROR, "FT: Failed to encrypt RRB-OUI message");
493 		return -1;
494 	}
495 	wpa_hexdump(MSG_DEBUG, "FT(RRB): encrypted TLVs",
496 		    enc, plain_len + AES_BLOCK_SIZE);
497 
498 	return 0;
499 }
500 
501 
502 /**
503  * wpa_ft_rrb_build - Build and encrypt an FT RRB message
504  * @key: AES-SIV key for AEAD
505  * @key_len: Length of key in octets
506  * @tlvs_enc0: First set of to-be-encrypted TLVs
507  * @tlvs_enc1: Second set of to-be-encrypted TLVs
508  * @tlvs_auth: Set of to-be-authenticated TLVs
509  * @src_addr: MAC address of the frame sender
510  * @type: Vendor-specific subtype of the RRB frame (FT_PACKET_*)
511  * @packet Pointer to return the pointer to the allocated packet buffer;
512  *         needs to be freed by the caller if not null;
513  *         will only be returned on success
514  * @packet_len: Pointer to return the length of the allocated buffer in octets
515  * Returns: 0 on success, -1 on error
516  */
517 static int wpa_ft_rrb_build(const u8 *key, const size_t key_len,
518 			    const struct tlv_list *tlvs_enc0,
519 			    const struct tlv_list *tlvs_enc1,
520 			    const struct tlv_list *tlvs_auth,
521 			    const struct vlan_description *vlan,
522 			    const u8 *src_addr, u8 type,
523 			    u8 **packet, size_t *packet_len)
524 {
525 	u8 *plain = NULL, *auth = NULL, *pos, *tmp;
526 	size_t plain_len = 0, auth_len = 0;
527 	int ret = -1;
528 	size_t pad_len = 0;
529 
530 	*packet = NULL;
531 	if (wpa_ft_rrb_lin(tlvs_enc0, tlvs_enc1, vlan, &plain, &plain_len) < 0)
532 		goto out;
533 
534 	if (wpa_ft_rrb_lin(tlvs_auth, NULL, NULL, &auth, &auth_len) < 0)
535 		goto out;
536 
537 	*packet_len = sizeof(u16) + auth_len + plain_len;
538 	if (key)
539 		*packet_len += AES_BLOCK_SIZE;
540 #define RRB_MIN_MSG_LEN 64
541 	if (*packet_len < RRB_MIN_MSG_LEN) {
542 		pad_len = RRB_MIN_MSG_LEN - *packet_len;
543 		if (pad_len < sizeof(struct ft_rrb_tlv))
544 			pad_len = sizeof(struct ft_rrb_tlv);
545 		wpa_printf(MSG_DEBUG,
546 			   "FT: Pad message to minimum Ethernet frame length (%d --> %d)",
547 			   (int) *packet_len, (int) (*packet_len + pad_len));
548 		*packet_len += pad_len;
549 		tmp = os_realloc(auth, auth_len + pad_len);
550 		if (!tmp)
551 			goto out;
552 		auth = tmp;
553 		pos = auth + auth_len;
554 		WPA_PUT_LE16(pos, FT_RRB_LAST_EMPTY);
555 		pos += 2;
556 		WPA_PUT_LE16(pos, pad_len - sizeof(struct ft_rrb_tlv));
557 		pos += 2;
558 		os_memset(pos, 0, pad_len - sizeof(struct ft_rrb_tlv));
559 		auth_len += pad_len;
560 
561 	}
562 	*packet = os_zalloc(*packet_len);
563 	if (!*packet)
564 		goto out;
565 
566 	pos = *packet;
567 	WPA_PUT_LE16(pos, auth_len);
568 	pos += 2;
569 	os_memcpy(pos, auth, auth_len);
570 	pos += auth_len;
571 	if (wpa_ft_rrb_encrypt(key, key_len, plain, plain_len, auth,
572 			       auth_len, src_addr, type, pos) < 0)
573 		goto out;
574 	wpa_hexdump(MSG_MSGDUMP, "FT: RRB frame payload", *packet, *packet_len);
575 
576 	ret = 0;
577 
578 out:
579 	bin_clear_free(plain, plain_len);
580 	os_free(auth);
581 
582 	if (ret) {
583 		wpa_printf(MSG_ERROR, "FT: Failed to build RRB-OUI message");
584 		os_free(*packet);
585 		*packet = NULL;
586 		*packet_len = 0;
587 	}
588 
589 	return ret;
590 }
591 
592 
593 #define RRB_GET_SRC(srcfield, type, field, txt, checklength) do { \
594 	if (wpa_ft_rrb_get_tlv(srcfield, srcfield##_len, type, \
595 				&f_##field##_len, &f_##field) < 0 || \
596 	    (checklength > 0 && ((size_t) checklength) != f_##field##_len)) { \
597 		wpa_printf(MSG_INFO, "FT: Missing required " #field \
598 			   " in %s from " MACSTR, txt, MAC2STR(src_addr)); \
599 		wpa_ft_rrb_dump(srcfield, srcfield##_len); \
600 		goto out; \
601 	} \
602 } while (0)
603 
604 #define RRB_GET(type, field, txt, checklength) \
605 	RRB_GET_SRC(plain, type, field, txt, checklength)
606 #define RRB_GET_AUTH(type, field, txt, checklength) \
607 	RRB_GET_SRC(auth, type, field, txt, checklength)
608 
609 #define RRB_GET_OPTIONAL_SRC(srcfield, type, field, txt, checklength) do { \
610 	if (wpa_ft_rrb_get_tlv(srcfield, srcfield##_len, type, \
611 				&f_##field##_len, &f_##field) < 0 || \
612 	    (checklength > 0 && ((size_t) checklength) != f_##field##_len)) { \
613 		wpa_printf(MSG_DEBUG, "FT: Missing optional " #field \
614 			   " in %s from " MACSTR, txt, MAC2STR(src_addr)); \
615 		f_##field##_len = 0; \
616 		f_##field = NULL; \
617 	} \
618 } while (0)
619 
620 #define RRB_GET_OPTIONAL(type, field, txt, checklength) \
621 	RRB_GET_OPTIONAL_SRC(plain, type, field, txt, checklength)
622 #define RRB_GET_OPTIONAL_AUTH(type, field, txt, checklength) \
623 	RRB_GET_OPTIONAL_SRC(auth, type, field, txt, checklength)
624 
625 static int wpa_ft_rrb_send(struct wpa_authenticator *wpa_auth, const u8 *dst,
626 			   const u8 *data, size_t data_len)
627 {
628 	if (wpa_auth->cb->send_ether == NULL)
629 		return -1;
630 	wpa_printf(MSG_DEBUG, "FT: RRB send to " MACSTR, MAC2STR(dst));
631 	return wpa_auth->cb->send_ether(wpa_auth->cb_ctx, dst, ETH_P_RRB,
632 					data, data_len);
633 }
634 
635 
636 static int wpa_ft_rrb_oui_send(struct wpa_authenticator *wpa_auth,
637 			       const u8 *dst, u8 oui_suffix,
638 			       const u8 *data, size_t data_len)
639 {
640 	if (!wpa_auth->cb->send_oui)
641 		return -1;
642 	wpa_printf(MSG_DEBUG, "FT: RRB-OUI type %u send to " MACSTR " (len=%u)",
643 		   oui_suffix, MAC2STR(dst), (unsigned int) data_len);
644 	return wpa_auth->cb->send_oui(wpa_auth->cb_ctx, dst, oui_suffix, data,
645 				      data_len);
646 }
647 
648 
649 static int wpa_ft_action_send(struct wpa_authenticator *wpa_auth,
650 			      const u8 *dst, const u8 *data, size_t data_len)
651 {
652 	if (wpa_auth->cb->send_ft_action == NULL)
653 		return -1;
654 	return wpa_auth->cb->send_ft_action(wpa_auth->cb_ctx, dst,
655 					    data, data_len);
656 }
657 
658 
659 static const u8 * wpa_ft_get_psk(struct wpa_authenticator *wpa_auth,
660 				 const u8 *addr, const u8 *p2p_dev_addr,
661 				 const u8 *prev_psk)
662 {
663 	if (wpa_auth->cb->get_psk == NULL)
664 		return NULL;
665 	return wpa_auth->cb->get_psk(wpa_auth->cb_ctx, addr, p2p_dev_addr,
666 				     prev_psk, NULL, NULL);
667 }
668 
669 
670 static struct wpa_state_machine *
671 wpa_ft_add_sta(struct wpa_authenticator *wpa_auth, const u8 *sta_addr)
672 {
673 	if (wpa_auth->cb->add_sta == NULL)
674 		return NULL;
675 	return wpa_auth->cb->add_sta(wpa_auth->cb_ctx, sta_addr);
676 }
677 
678 
679 static int wpa_ft_set_vlan(struct wpa_authenticator *wpa_auth,
680 			   const u8 *sta_addr, struct vlan_description *vlan)
681 {
682 	if (!wpa_auth->cb->set_vlan)
683 		return -1;
684 	return wpa_auth->cb->set_vlan(wpa_auth->cb_ctx, sta_addr, vlan);
685 }
686 
687 
688 static int wpa_ft_get_vlan(struct wpa_authenticator *wpa_auth,
689 			   const u8 *sta_addr, struct vlan_description *vlan)
690 {
691 	if (!wpa_auth->cb->get_vlan)
692 		return -1;
693 	return wpa_auth->cb->get_vlan(wpa_auth->cb_ctx, sta_addr, vlan);
694 }
695 
696 
697 static int
698 wpa_ft_set_identity(struct wpa_authenticator *wpa_auth, const u8 *sta_addr,
699 		    const u8 *identity, size_t identity_len)
700 {
701 	if (!wpa_auth->cb->set_identity)
702 		return -1;
703 	return wpa_auth->cb->set_identity(wpa_auth->cb_ctx, sta_addr, identity,
704 					  identity_len);
705 }
706 
707 
708 static size_t
709 wpa_ft_get_identity(struct wpa_authenticator *wpa_auth, const u8 *sta_addr,
710 		    const u8 **buf)
711 {
712 	*buf = NULL;
713 	if (!wpa_auth->cb->get_identity)
714 		return 0;
715 	return wpa_auth->cb->get_identity(wpa_auth->cb_ctx, sta_addr, buf);
716 }
717 
718 
719 static int
720 wpa_ft_set_radius_cui(struct wpa_authenticator *wpa_auth, const u8 *sta_addr,
721 		      const u8 *radius_cui, size_t radius_cui_len)
722 {
723 	if (!wpa_auth->cb->set_radius_cui)
724 		return -1;
725 	return wpa_auth->cb->set_radius_cui(wpa_auth->cb_ctx, sta_addr,
726 					    radius_cui, radius_cui_len);
727 }
728 
729 
730 static size_t
731 wpa_ft_get_radius_cui(struct wpa_authenticator *wpa_auth, const u8 *sta_addr,
732 		      const u8 **buf)
733 {
734 	*buf = NULL;
735 	if (!wpa_auth->cb->get_radius_cui)
736 		return 0;
737 	return wpa_auth->cb->get_radius_cui(wpa_auth->cb_ctx, sta_addr, buf);
738 }
739 
740 
741 static void
742 wpa_ft_set_session_timeout(struct wpa_authenticator *wpa_auth,
743 			    const u8 *sta_addr, int session_timeout)
744 {
745 	if (!wpa_auth->cb->set_session_timeout)
746 		return;
747 	wpa_auth->cb->set_session_timeout(wpa_auth->cb_ctx, sta_addr,
748 					  session_timeout);
749 }
750 
751 
752 static int
753 wpa_ft_get_session_timeout(struct wpa_authenticator *wpa_auth,
754 			    const u8 *sta_addr)
755 {
756 	if (!wpa_auth->cb->get_session_timeout)
757 		return 0;
758 	return wpa_auth->cb->get_session_timeout(wpa_auth->cb_ctx, sta_addr);
759 }
760 
761 
762 static int wpa_ft_add_tspec(struct wpa_authenticator *wpa_auth,
763 			    const u8 *sta_addr,
764 			    u8 *tspec_ie, size_t tspec_ielen)
765 {
766 	if (wpa_auth->cb->add_tspec == NULL) {
767 		wpa_printf(MSG_DEBUG, "FT: add_tspec is not initialized");
768 		return -1;
769 	}
770 	return wpa_auth->cb->add_tspec(wpa_auth->cb_ctx, sta_addr, tspec_ie,
771 				       tspec_ielen);
772 }
773 
774 
775 #ifdef CONFIG_OCV
776 static int wpa_channel_info(struct wpa_authenticator *wpa_auth,
777 			       struct wpa_channel_info *ci)
778 {
779 	if (!wpa_auth->cb->channel_info)
780 		return -1;
781 	return wpa_auth->cb->channel_info(wpa_auth->cb_ctx, ci);
782 }
783 #endif /* CONFIG_OCV */
784 
785 
786 int wpa_write_mdie(struct wpa_auth_config *conf, u8 *buf, size_t len)
787 {
788 	u8 *pos = buf;
789 	u8 capab;
790 	if (len < 2 + sizeof(struct rsn_mdie))
791 		return -1;
792 
793 	*pos++ = WLAN_EID_MOBILITY_DOMAIN;
794 	*pos++ = MOBILITY_DOMAIN_ID_LEN + 1;
795 	os_memcpy(pos, conf->mobility_domain, MOBILITY_DOMAIN_ID_LEN);
796 	pos += MOBILITY_DOMAIN_ID_LEN;
797 	capab = 0;
798 	if (conf->ft_over_ds)
799 		capab |= RSN_FT_CAPAB_FT_OVER_DS;
800 	*pos++ = capab;
801 
802 	return pos - buf;
803 }
804 
805 
806 int wpa_write_ftie(struct wpa_auth_config *conf, int use_sha384,
807 		   const u8 *r0kh_id, size_t r0kh_id_len,
808 		   const u8 *anonce, const u8 *snonce,
809 		   u8 *buf, size_t len, const u8 *subelem,
810 		   size_t subelem_len)
811 {
812 	u8 *pos = buf, *ielen;
813 	size_t hdrlen = use_sha384 ? sizeof(struct rsn_ftie_sha384) :
814 		sizeof(struct rsn_ftie);
815 
816 	if (len < 2 + hdrlen + 2 + FT_R1KH_ID_LEN + 2 + r0kh_id_len +
817 	    subelem_len)
818 		return -1;
819 
820 	*pos++ = WLAN_EID_FAST_BSS_TRANSITION;
821 	ielen = pos++;
822 
823 	if (use_sha384) {
824 		struct rsn_ftie_sha384 *hdr = (struct rsn_ftie_sha384 *) pos;
825 
826 		os_memset(hdr, 0, sizeof(*hdr));
827 		pos += sizeof(*hdr);
828 		WPA_PUT_LE16(hdr->mic_control, 0);
829 		if (anonce)
830 			os_memcpy(hdr->anonce, anonce, WPA_NONCE_LEN);
831 		if (snonce)
832 			os_memcpy(hdr->snonce, snonce, WPA_NONCE_LEN);
833 	} else {
834 		struct rsn_ftie *hdr = (struct rsn_ftie *) pos;
835 
836 		os_memset(hdr, 0, sizeof(*hdr));
837 		pos += sizeof(*hdr);
838 		WPA_PUT_LE16(hdr->mic_control, 0);
839 		if (anonce)
840 			os_memcpy(hdr->anonce, anonce, WPA_NONCE_LEN);
841 		if (snonce)
842 			os_memcpy(hdr->snonce, snonce, WPA_NONCE_LEN);
843 	}
844 
845 	/* Optional Parameters */
846 	*pos++ = FTIE_SUBELEM_R1KH_ID;
847 	*pos++ = FT_R1KH_ID_LEN;
848 	os_memcpy(pos, conf->r1_key_holder, FT_R1KH_ID_LEN);
849 	pos += FT_R1KH_ID_LEN;
850 
851 	if (r0kh_id) {
852 		*pos++ = FTIE_SUBELEM_R0KH_ID;
853 		*pos++ = r0kh_id_len;
854 		os_memcpy(pos, r0kh_id, r0kh_id_len);
855 		pos += r0kh_id_len;
856 	}
857 
858 	if (subelem) {
859 		os_memcpy(pos, subelem, subelem_len);
860 		pos += subelem_len;
861 	}
862 
863 	*ielen = pos - buf - 2;
864 
865 	return pos - buf;
866 }
867 
868 
869 /* A packet to be handled after seq response */
870 struct ft_remote_item {
871 	struct dl_list list;
872 
873 	u8 nonce[FT_RRB_NONCE_LEN];
874 	struct os_reltime nonce_ts;
875 
876 	u8 src_addr[ETH_ALEN];
877 	u8 *enc;
878 	size_t enc_len;
879 	u8 *auth;
880 	size_t auth_len;
881 	int (*cb)(struct wpa_authenticator *wpa_auth,
882 		  const u8 *src_addr,
883 		  const u8 *enc, size_t enc_len,
884 		  const u8 *auth, size_t auth_len,
885 		  int no_defer);
886 };
887 
888 
889 static void wpa_ft_rrb_seq_free(struct ft_remote_item *item)
890 {
891 	eloop_cancel_timeout(wpa_ft_rrb_seq_timeout, ELOOP_ALL_CTX, item);
892 	dl_list_del(&item->list);
893 	bin_clear_free(item->enc, item->enc_len);
894 	os_free(item->auth);
895 	os_free(item);
896 }
897 
898 
899 static void wpa_ft_rrb_seq_flush(struct wpa_authenticator *wpa_auth,
900 				 struct ft_remote_seq *rkh_seq, int cb)
901 {
902 	struct ft_remote_item *item, *n;
903 
904 	dl_list_for_each_safe(item, n, &rkh_seq->rx.queue,
905 			      struct ft_remote_item, list) {
906 		if (cb && item->cb)
907 			item->cb(wpa_auth, item->src_addr, item->enc,
908 				 item->enc_len, item->auth, item->auth_len, 1);
909 		wpa_ft_rrb_seq_free(item);
910 	}
911 }
912 
913 
914 static void wpa_ft_rrb_seq_timeout(void *eloop_ctx, void *timeout_ctx)
915 {
916 	struct ft_remote_item *item = timeout_ctx;
917 
918 	wpa_ft_rrb_seq_free(item);
919 }
920 
921 
922 static int
923 wpa_ft_rrb_seq_req(struct wpa_authenticator *wpa_auth,
924 		   struct ft_remote_seq *rkh_seq, const u8 *src_addr,
925 		   const u8 *f_r0kh_id, size_t f_r0kh_id_len,
926 		   const u8 *f_r1kh_id, const u8 *key, size_t key_len,
927 		   const u8 *enc, size_t enc_len,
928 		   const u8 *auth, size_t auth_len,
929 		   int (*cb)(struct wpa_authenticator *wpa_auth,
930 			     const u8 *src_addr,
931 			     const u8 *enc, size_t enc_len,
932 			     const u8 *auth, size_t auth_len,
933 			     int no_defer))
934 {
935 	struct ft_remote_item *item = NULL;
936 	u8 *packet = NULL;
937 	size_t packet_len;
938 	struct tlv_list seq_req_auth[] = {
939 		{ .type = FT_RRB_NONCE, .len = FT_RRB_NONCE_LEN,
940 		  .data = NULL /* to be filled: item->nonce */ },
941 		{ .type = FT_RRB_R0KH_ID, .len = f_r0kh_id_len,
942 		  .data = f_r0kh_id },
943 		{ .type = FT_RRB_R1KH_ID, .len = FT_R1KH_ID_LEN,
944 		  .data = f_r1kh_id },
945 		{ .type = FT_RRB_LAST_EMPTY, .len = 0, .data = NULL },
946 	};
947 
948 	if (dl_list_len(&rkh_seq->rx.queue) >= ftRRBmaxQueueLen) {
949 		wpa_printf(MSG_DEBUG, "FT: Sequence number queue too long");
950 		goto err;
951 	}
952 
953 	wpa_printf(MSG_DEBUG, "FT: Send out sequence number request to " MACSTR,
954 		   MAC2STR(src_addr));
955 	item = os_zalloc(sizeof(*item));
956 	if (!item)
957 		goto err;
958 
959 	os_memcpy(item->src_addr, src_addr, ETH_ALEN);
960 	item->cb = cb;
961 
962 	if (random_get_bytes(item->nonce, FT_RRB_NONCE_LEN) < 0) {
963 		wpa_printf(MSG_DEBUG, "FT: Seq num nonce: out of random bytes");
964 		goto err;
965 	}
966 
967 	if (os_get_reltime(&item->nonce_ts) < 0)
968 		goto err;
969 
970 	if (enc && enc_len > 0) {
971 		item->enc = os_memdup(enc, enc_len);
972 		item->enc_len = enc_len;
973 		if (!item->enc)
974 			goto err;
975 	}
976 
977 	if (auth && auth_len > 0) {
978 		item->auth = os_memdup(auth, auth_len);
979 		item->auth_len = auth_len;
980 		if (!item->auth)
981 			goto err;
982 	}
983 
984 	eloop_register_timeout(ftRRBseqTimeout, 0, wpa_ft_rrb_seq_timeout,
985 			       wpa_auth, item);
986 
987 	seq_req_auth[0].data = item->nonce;
988 
989 	if (wpa_ft_rrb_build(key, key_len, NULL, NULL, seq_req_auth, NULL,
990 			     wpa_auth->addr, FT_PACKET_R0KH_R1KH_SEQ_REQ,
991 			     &packet, &packet_len) < 0) {
992 		item = NULL; /* some other seq resp might still accept this */
993 		goto err;
994 	}
995 
996 	dl_list_add(&rkh_seq->rx.queue, &item->list);
997 
998 	wpa_ft_rrb_oui_send(wpa_auth, src_addr, FT_PACKET_R0KH_R1KH_SEQ_REQ,
999 			    packet, packet_len);
1000 
1001 	os_free(packet);
1002 
1003 	return 0;
1004 err:
1005 	wpa_printf(MSG_DEBUG, "FT: Failed to send sequence number request");
1006 	if (item) {
1007 		os_free(item->auth);
1008 		bin_clear_free(item->enc, item->enc_len);
1009 		os_free(item);
1010 	}
1011 
1012 	return -1;
1013 }
1014 
1015 
1016 #define FT_RRB_SEQ_OK    0
1017 #define FT_RRB_SEQ_DROP  1
1018 #define FT_RRB_SEQ_DEFER 2
1019 
1020 static int
1021 wpa_ft_rrb_seq_chk(struct ft_remote_seq *rkh_seq, const u8 *src_addr,
1022 		   const u8 *enc, size_t enc_len,
1023 		   const u8 *auth, size_t auth_len,
1024 		   const char *msgtype, int no_defer)
1025 {
1026 	const u8 *f_seq;
1027 	size_t f_seq_len;
1028 	const struct ft_rrb_seq *msg_both;
1029 	u32 msg_seq, msg_off, rkh_off;
1030 	struct os_reltime now;
1031 	unsigned int i;
1032 
1033 	RRB_GET_AUTH(FT_RRB_SEQ, seq, msgtype, sizeof(*msg_both));
1034 	wpa_hexdump(MSG_DEBUG, "FT: sequence number", f_seq, f_seq_len);
1035 	msg_both = (const struct ft_rrb_seq *) f_seq;
1036 
1037 	if (rkh_seq->rx.num_last == 0) {
1038 		/* first packet from remote */
1039 		goto defer;
1040 	}
1041 
1042 	if (le_to_host32(msg_both->dom) != rkh_seq->rx.dom) {
1043 		/* remote might have rebooted */
1044 		goto defer;
1045 	}
1046 
1047 	if (os_get_reltime(&now) == 0) {
1048 		u32 msg_ts_now_remote, msg_ts_off;
1049 		struct os_reltime now_remote;
1050 
1051 		os_reltime_sub(&now, &rkh_seq->rx.time_offset, &now_remote);
1052 		msg_ts_now_remote = now_remote.sec;
1053 		msg_ts_off = le_to_host32(msg_both->ts) -
1054 			(msg_ts_now_remote - ftRRBseqTimeout);
1055 		if (msg_ts_off > 2 * ftRRBseqTimeout)
1056 			goto defer;
1057 	}
1058 
1059 	msg_seq = le_to_host32(msg_both->seq);
1060 	rkh_off = rkh_seq->rx.last[rkh_seq->rx.offsetidx];
1061 	msg_off = msg_seq - rkh_off;
1062 	if (msg_off > 0xC0000000)
1063 		goto out; /* too old message, drop it */
1064 
1065 	if (msg_off <= 0x40000000) {
1066 		for (i = 0; i < rkh_seq->rx.num_last; i++) {
1067 			if (rkh_seq->rx.last[i] == msg_seq)
1068 				goto out; /* duplicate message, drop it */
1069 		}
1070 
1071 		return FT_RRB_SEQ_OK;
1072 	}
1073 
1074 defer:
1075 	if (no_defer)
1076 		goto out;
1077 
1078 	wpa_printf(MSG_DEBUG, "FT: Possibly invalid sequence number in %s from "
1079 		   MACSTR, msgtype, MAC2STR(src_addr));
1080 
1081 	return FT_RRB_SEQ_DEFER;
1082 out:
1083 	wpa_printf(MSG_DEBUG, "FT: Invalid sequence number in %s from " MACSTR,
1084 		   msgtype, MAC2STR(src_addr));
1085 
1086 	return FT_RRB_SEQ_DROP;
1087 }
1088 
1089 
1090 static void
1091 wpa_ft_rrb_seq_accept(struct wpa_authenticator *wpa_auth,
1092 		      struct ft_remote_seq *rkh_seq, const u8 *src_addr,
1093 		      const u8 *auth, size_t auth_len,
1094 		      const char *msgtype)
1095 {
1096 	const u8 *f_seq;
1097 	size_t f_seq_len;
1098 	const struct ft_rrb_seq *msg_both;
1099 	u32 msg_seq, msg_off, min_off, rkh_off;
1100 	int minidx = 0;
1101 	unsigned int i;
1102 
1103 	RRB_GET_AUTH(FT_RRB_SEQ, seq, msgtype, sizeof(*msg_both));
1104 	msg_both = (const struct ft_rrb_seq *) f_seq;
1105 
1106 	msg_seq = le_to_host32(msg_both->seq);
1107 
1108 	if (rkh_seq->rx.num_last < FT_REMOTE_SEQ_BACKLOG) {
1109 		rkh_seq->rx.last[rkh_seq->rx.num_last] = msg_seq;
1110 		rkh_seq->rx.num_last++;
1111 		return;
1112 	}
1113 
1114 	rkh_off = rkh_seq->rx.last[rkh_seq->rx.offsetidx];
1115 	for (i = 0; i < rkh_seq->rx.num_last; i++) {
1116 		msg_off = rkh_seq->rx.last[i] - rkh_off;
1117 		min_off = rkh_seq->rx.last[minidx] - rkh_off;
1118 		if (msg_off < min_off && i != rkh_seq->rx.offsetidx)
1119 			minidx = i;
1120 	}
1121 	rkh_seq->rx.last[rkh_seq->rx.offsetidx] = msg_seq;
1122 	rkh_seq->rx.offsetidx = minidx;
1123 
1124 	return;
1125 out:
1126 	/* RRB_GET_AUTH should never fail here as
1127 	 * wpa_ft_rrb_seq_chk() verified FT_RRB_SEQ presence. */
1128 	wpa_printf(MSG_ERROR, "FT: %s() failed", __func__);
1129 }
1130 
1131 
1132 static int wpa_ft_new_seq(struct ft_remote_seq *rkh_seq,
1133 			  struct ft_rrb_seq *f_seq)
1134 {
1135 	struct os_reltime now;
1136 
1137 	if (os_get_reltime(&now) < 0)
1138 		return -1;
1139 
1140 	if (!rkh_seq->tx.dom) {
1141 		if (random_get_bytes((u8 *) &rkh_seq->tx.seq,
1142 				     sizeof(rkh_seq->tx.seq))) {
1143 			wpa_printf(MSG_ERROR,
1144 				   "FT: Failed to get random data for sequence number initialization");
1145 			rkh_seq->tx.seq = now.usec;
1146 		}
1147 		if (random_get_bytes((u8 *) &rkh_seq->tx.dom,
1148 				     sizeof(rkh_seq->tx.dom))) {
1149 			wpa_printf(MSG_ERROR,
1150 				   "FT: Failed to get random data for sequence number initialization");
1151 			rkh_seq->tx.dom = now.usec;
1152 		}
1153 		rkh_seq->tx.dom |= 1;
1154 	}
1155 
1156 	f_seq->dom = host_to_le32(rkh_seq->tx.dom);
1157 	f_seq->seq = host_to_le32(rkh_seq->tx.seq);
1158 	f_seq->ts = host_to_le32(now.sec);
1159 
1160 	rkh_seq->tx.seq++;
1161 
1162 	return 0;
1163 }
1164 
1165 
1166 struct wpa_ft_pmk_r0_sa {
1167 	struct dl_list list;
1168 	u8 pmk_r0[PMK_LEN_MAX];
1169 	size_t pmk_r0_len;
1170 	u8 pmk_r0_name[WPA_PMK_NAME_LEN];
1171 	u8 spa[ETH_ALEN];
1172 	int pairwise; /* Pairwise cipher suite, WPA_CIPHER_* */
1173 	struct vlan_description *vlan;
1174 	os_time_t expiration; /* 0 for no expiration */
1175 	u8 *identity;
1176 	size_t identity_len;
1177 	u8 *radius_cui;
1178 	size_t radius_cui_len;
1179 	os_time_t session_timeout; /* 0 for no expiration */
1180 	/* TODO: radius_class, EAP type */
1181 	int pmk_r1_pushed;
1182 };
1183 
1184 struct wpa_ft_pmk_r1_sa {
1185 	struct dl_list list;
1186 	u8 pmk_r1[PMK_LEN_MAX];
1187 	size_t pmk_r1_len;
1188 	u8 pmk_r1_name[WPA_PMK_NAME_LEN];
1189 	u8 spa[ETH_ALEN];
1190 	int pairwise; /* Pairwise cipher suite, WPA_CIPHER_* */
1191 	struct vlan_description *vlan;
1192 	u8 *identity;
1193 	size_t identity_len;
1194 	u8 *radius_cui;
1195 	size_t radius_cui_len;
1196 	os_time_t session_timeout; /* 0 for no expiration */
1197 	/* TODO: radius_class, EAP type */
1198 };
1199 
1200 struct wpa_ft_pmk_cache {
1201 	struct dl_list pmk_r0; /* struct wpa_ft_pmk_r0_sa */
1202 	struct dl_list pmk_r1; /* struct wpa_ft_pmk_r1_sa */
1203 };
1204 
1205 
1206 static void wpa_ft_expire_pmk_r0(void *eloop_ctx, void *timeout_ctx);
1207 static void wpa_ft_expire_pmk_r1(void *eloop_ctx, void *timeout_ctx);
1208 
1209 
1210 static void wpa_ft_free_pmk_r0(struct wpa_ft_pmk_r0_sa *r0)
1211 {
1212 	if (!r0)
1213 		return;
1214 
1215 	dl_list_del(&r0->list);
1216 	eloop_cancel_timeout(wpa_ft_expire_pmk_r0, r0, NULL);
1217 
1218 	os_memset(r0->pmk_r0, 0, PMK_LEN_MAX);
1219 	os_free(r0->vlan);
1220 	os_free(r0->identity);
1221 	os_free(r0->radius_cui);
1222 	os_free(r0);
1223 }
1224 
1225 
1226 static void wpa_ft_expire_pmk_r0(void *eloop_ctx, void *timeout_ctx)
1227 {
1228 	struct wpa_ft_pmk_r0_sa *r0 = eloop_ctx;
1229 	struct os_reltime now;
1230 	int expires_in;
1231 	int session_timeout;
1232 
1233 	os_get_reltime(&now);
1234 
1235 	if (!r0)
1236 		return;
1237 
1238 	expires_in = r0->expiration - now.sec;
1239 	session_timeout = r0->session_timeout - now.sec;
1240 	/* conditions to remove from cache:
1241 	 * a) r0->expiration is set and hit
1242 	 * -or-
1243 	 * b) r0->session_timeout is set and hit
1244 	 */
1245 	if ((!r0->expiration || expires_in > 0) &&
1246 	    (!r0->session_timeout || session_timeout > 0)) {
1247 		wpa_printf(MSG_ERROR,
1248 			   "FT: %s() called for non-expired entry %p",
1249 			   __func__, r0);
1250 		eloop_cancel_timeout(wpa_ft_expire_pmk_r0, r0, NULL);
1251 		if (r0->expiration && expires_in > 0)
1252 			eloop_register_timeout(expires_in + 1, 0,
1253 					       wpa_ft_expire_pmk_r0, r0, NULL);
1254 		if (r0->session_timeout && session_timeout > 0)
1255 			eloop_register_timeout(session_timeout + 1, 0,
1256 					       wpa_ft_expire_pmk_r0, r0, NULL);
1257 		return;
1258 	}
1259 
1260 	wpa_ft_free_pmk_r0(r0);
1261 }
1262 
1263 
1264 static void wpa_ft_free_pmk_r1(struct wpa_ft_pmk_r1_sa *r1)
1265 {
1266 	if (!r1)
1267 		return;
1268 
1269 	dl_list_del(&r1->list);
1270 	eloop_cancel_timeout(wpa_ft_expire_pmk_r1, r1, NULL);
1271 
1272 	os_memset(r1->pmk_r1, 0, PMK_LEN_MAX);
1273 	os_free(r1->vlan);
1274 	os_free(r1->identity);
1275 	os_free(r1->radius_cui);
1276 	os_free(r1);
1277 }
1278 
1279 
1280 static void wpa_ft_expire_pmk_r1(void *eloop_ctx, void *timeout_ctx)
1281 {
1282 	struct wpa_ft_pmk_r1_sa *r1 = eloop_ctx;
1283 
1284 	wpa_ft_free_pmk_r1(r1);
1285 }
1286 
1287 
1288 struct wpa_ft_pmk_cache * wpa_ft_pmk_cache_init(void)
1289 {
1290 	struct wpa_ft_pmk_cache *cache;
1291 
1292 	cache = os_zalloc(sizeof(*cache));
1293 	if (cache) {
1294 		dl_list_init(&cache->pmk_r0);
1295 		dl_list_init(&cache->pmk_r1);
1296 	}
1297 
1298 	return cache;
1299 }
1300 
1301 
1302 void wpa_ft_pmk_cache_deinit(struct wpa_ft_pmk_cache *cache)
1303 {
1304 	struct wpa_ft_pmk_r0_sa *r0, *r0prev;
1305 	struct wpa_ft_pmk_r1_sa *r1, *r1prev;
1306 
1307 	dl_list_for_each_safe(r0, r0prev, &cache->pmk_r0,
1308 			      struct wpa_ft_pmk_r0_sa, list)
1309 		wpa_ft_free_pmk_r0(r0);
1310 
1311 	dl_list_for_each_safe(r1, r1prev, &cache->pmk_r1,
1312 			      struct wpa_ft_pmk_r1_sa, list)
1313 		wpa_ft_free_pmk_r1(r1);
1314 
1315 	os_free(cache);
1316 }
1317 
1318 
1319 static int wpa_ft_store_pmk_r0(struct wpa_authenticator *wpa_auth,
1320 			       const u8 *spa, const u8 *pmk_r0,
1321 			       size_t pmk_r0_len,
1322 			       const u8 *pmk_r0_name, int pairwise,
1323 			       const struct vlan_description *vlan,
1324 			       int expires_in, int session_timeout,
1325 			       const u8 *identity, size_t identity_len,
1326 			       const u8 *radius_cui, size_t radius_cui_len)
1327 {
1328 	struct wpa_ft_pmk_cache *cache = wpa_auth->ft_pmk_cache;
1329 	struct wpa_ft_pmk_r0_sa *r0;
1330 	struct os_reltime now;
1331 
1332 	/* TODO: add limit on number of entries in cache */
1333 	os_get_reltime(&now);
1334 
1335 	r0 = os_zalloc(sizeof(*r0));
1336 	if (r0 == NULL)
1337 		return -1;
1338 
1339 	os_memcpy(r0->pmk_r0, pmk_r0, pmk_r0_len);
1340 	r0->pmk_r0_len = pmk_r0_len;
1341 	os_memcpy(r0->pmk_r0_name, pmk_r0_name, WPA_PMK_NAME_LEN);
1342 	os_memcpy(r0->spa, spa, ETH_ALEN);
1343 	r0->pairwise = pairwise;
1344 	if (expires_in > 0)
1345 		r0->expiration = now.sec + expires_in;
1346 	if (vlan && vlan->notempty) {
1347 		r0->vlan = os_zalloc(sizeof(*vlan));
1348 		if (!r0->vlan) {
1349 			bin_clear_free(r0, sizeof(*r0));
1350 			return -1;
1351 		}
1352 		*r0->vlan = *vlan;
1353 	}
1354 	if (identity) {
1355 		r0->identity = os_malloc(identity_len);
1356 		if (r0->identity) {
1357 			os_memcpy(r0->identity, identity, identity_len);
1358 			r0->identity_len = identity_len;
1359 		}
1360 	}
1361 	if (radius_cui) {
1362 		r0->radius_cui = os_malloc(radius_cui_len);
1363 		if (r0->radius_cui) {
1364 			os_memcpy(r0->radius_cui, radius_cui, radius_cui_len);
1365 			r0->radius_cui_len = radius_cui_len;
1366 		}
1367 	}
1368 	if (session_timeout > 0)
1369 		r0->session_timeout = now.sec + session_timeout;
1370 
1371 	dl_list_add(&cache->pmk_r0, &r0->list);
1372 	if (expires_in > 0)
1373 		eloop_register_timeout(expires_in + 1, 0, wpa_ft_expire_pmk_r0,
1374 				       r0, NULL);
1375 	if (session_timeout > 0)
1376 		eloop_register_timeout(session_timeout + 1, 0,
1377 				       wpa_ft_expire_pmk_r0, r0, NULL);
1378 
1379 	return 0;
1380 }
1381 
1382 
1383 static int wpa_ft_fetch_pmk_r0(struct wpa_authenticator *wpa_auth,
1384 			       const u8 *spa, const u8 *pmk_r0_name,
1385 			       const struct wpa_ft_pmk_r0_sa **r0_out)
1386 {
1387 	struct wpa_ft_pmk_cache *cache = wpa_auth->ft_pmk_cache;
1388 	struct wpa_ft_pmk_r0_sa *r0;
1389 	struct os_reltime now;
1390 
1391 	os_get_reltime(&now);
1392 	dl_list_for_each(r0, &cache->pmk_r0, struct wpa_ft_pmk_r0_sa, list) {
1393 		if (os_memcmp(r0->spa, spa, ETH_ALEN) == 0 &&
1394 		    os_memcmp_const(r0->pmk_r0_name, pmk_r0_name,
1395 				    WPA_PMK_NAME_LEN) == 0) {
1396 			*r0_out = r0;
1397 			return 0;
1398 		}
1399 	}
1400 
1401 	*r0_out = NULL;
1402 	return -1;
1403 }
1404 
1405 
1406 static int wpa_ft_store_pmk_r1(struct wpa_authenticator *wpa_auth,
1407 			       const u8 *spa, const u8 *pmk_r1,
1408 			       size_t pmk_r1_len,
1409 			       const u8 *pmk_r1_name, int pairwise,
1410 			       const struct vlan_description *vlan,
1411 			       int expires_in, int session_timeout,
1412 			       const u8 *identity, size_t identity_len,
1413 			       const u8 *radius_cui, size_t radius_cui_len)
1414 {
1415 	struct wpa_ft_pmk_cache *cache = wpa_auth->ft_pmk_cache;
1416 	int max_expires_in = wpa_auth->conf.r1_max_key_lifetime;
1417 	struct wpa_ft_pmk_r1_sa *r1;
1418 	struct os_reltime now;
1419 
1420 	/* TODO: limit on number of entries in cache */
1421 	os_get_reltime(&now);
1422 
1423 	if (max_expires_in && (max_expires_in < expires_in || expires_in == 0))
1424 		expires_in = max_expires_in;
1425 
1426 	r1 = os_zalloc(sizeof(*r1));
1427 	if (r1 == NULL)
1428 		return -1;
1429 
1430 	os_memcpy(r1->pmk_r1, pmk_r1, pmk_r1_len);
1431 	r1->pmk_r1_len = pmk_r1_len;
1432 	os_memcpy(r1->pmk_r1_name, pmk_r1_name, WPA_PMK_NAME_LEN);
1433 	os_memcpy(r1->spa, spa, ETH_ALEN);
1434 	r1->pairwise = pairwise;
1435 	if (vlan && vlan->notempty) {
1436 		r1->vlan = os_zalloc(sizeof(*vlan));
1437 		if (!r1->vlan) {
1438 			bin_clear_free(r1, sizeof(*r1));
1439 			return -1;
1440 		}
1441 		*r1->vlan = *vlan;
1442 	}
1443 	if (identity) {
1444 		r1->identity = os_malloc(identity_len);
1445 		if (r1->identity) {
1446 			os_memcpy(r1->identity, identity, identity_len);
1447 			r1->identity_len = identity_len;
1448 		}
1449 	}
1450 	if (radius_cui) {
1451 		r1->radius_cui = os_malloc(radius_cui_len);
1452 		if (r1->radius_cui) {
1453 			os_memcpy(r1->radius_cui, radius_cui, radius_cui_len);
1454 			r1->radius_cui_len = radius_cui_len;
1455 		}
1456 	}
1457 	if (session_timeout > 0)
1458 		r1->session_timeout = now.sec + session_timeout;
1459 
1460 	dl_list_add(&cache->pmk_r1, &r1->list);
1461 
1462 	if (expires_in > 0)
1463 		eloop_register_timeout(expires_in + 1, 0, wpa_ft_expire_pmk_r1,
1464 				       r1, NULL);
1465 	if (session_timeout > 0)
1466 		eloop_register_timeout(session_timeout + 1, 0,
1467 				       wpa_ft_expire_pmk_r1, r1, NULL);
1468 
1469 	return 0;
1470 }
1471 
1472 
1473 static int wpa_ft_fetch_pmk_r1(struct wpa_authenticator *wpa_auth,
1474 			       const u8 *spa, const u8 *pmk_r1_name,
1475 			       u8 *pmk_r1, size_t *pmk_r1_len, int *pairwise,
1476 			       struct vlan_description *vlan,
1477 			       const u8 **identity, size_t *identity_len,
1478 			       const u8 **radius_cui, size_t *radius_cui_len,
1479 			       int *session_timeout)
1480 {
1481 	struct wpa_ft_pmk_cache *cache = wpa_auth->ft_pmk_cache;
1482 	struct wpa_ft_pmk_r1_sa *r1;
1483 	struct os_reltime now;
1484 
1485 	os_get_reltime(&now);
1486 
1487 	dl_list_for_each(r1, &cache->pmk_r1, struct wpa_ft_pmk_r1_sa, list) {
1488 		if (os_memcmp(r1->spa, spa, ETH_ALEN) == 0 &&
1489 		    os_memcmp_const(r1->pmk_r1_name, pmk_r1_name,
1490 				    WPA_PMK_NAME_LEN) == 0) {
1491 			os_memcpy(pmk_r1, r1->pmk_r1, r1->pmk_r1_len);
1492 			*pmk_r1_len = r1->pmk_r1_len;
1493 			if (pairwise)
1494 				*pairwise = r1->pairwise;
1495 			if (vlan && r1->vlan)
1496 				*vlan = *r1->vlan;
1497 			if (vlan && !r1->vlan)
1498 				os_memset(vlan, 0, sizeof(*vlan));
1499 			if (identity && identity_len) {
1500 				*identity = r1->identity;
1501 				*identity_len = r1->identity_len;
1502 			}
1503 			if (radius_cui && radius_cui_len) {
1504 				*radius_cui = r1->radius_cui;
1505 				*radius_cui_len = r1->radius_cui_len;
1506 			}
1507 			if (session_timeout && r1->session_timeout > now.sec)
1508 				*session_timeout = r1->session_timeout -
1509 					now.sec;
1510 			else if (session_timeout && r1->session_timeout)
1511 				*session_timeout = 1;
1512 			else if (session_timeout)
1513 				*session_timeout = 0;
1514 			return 0;
1515 		}
1516 	}
1517 
1518 	return -1;
1519 }
1520 
1521 
1522 static int wpa_ft_rrb_init_r0kh_seq(struct ft_remote_r0kh *r0kh)
1523 {
1524 	if (r0kh->seq)
1525 		return 0;
1526 
1527 	r0kh->seq = os_zalloc(sizeof(*r0kh->seq));
1528 	if (!r0kh->seq) {
1529 		wpa_printf(MSG_DEBUG, "FT: Failed to allocate r0kh->seq");
1530 		return -1;
1531 	}
1532 
1533 	dl_list_init(&r0kh->seq->rx.queue);
1534 
1535 	return 0;
1536 }
1537 
1538 
1539 static void wpa_ft_rrb_lookup_r0kh(struct wpa_authenticator *wpa_auth,
1540 				   const u8 *f_r0kh_id, size_t f_r0kh_id_len,
1541 				   struct ft_remote_r0kh **r0kh_out,
1542 				   struct ft_remote_r0kh **r0kh_wildcard)
1543 {
1544 	struct ft_remote_r0kh *r0kh;
1545 
1546 	*r0kh_wildcard = NULL;
1547 	*r0kh_out = NULL;
1548 
1549 	if (wpa_auth->conf.r0kh_list)
1550 		r0kh = *wpa_auth->conf.r0kh_list;
1551 	else
1552 		r0kh = NULL;
1553 	for (; r0kh; r0kh = r0kh->next) {
1554 		if (r0kh->id_len == 1 && r0kh->id[0] == '*')
1555 			*r0kh_wildcard = r0kh;
1556 		if (f_r0kh_id && r0kh->id_len == f_r0kh_id_len &&
1557 		    os_memcmp_const(f_r0kh_id, r0kh->id, f_r0kh_id_len) == 0)
1558 			*r0kh_out = r0kh;
1559 	}
1560 
1561 	if (!*r0kh_out && !*r0kh_wildcard)
1562 		wpa_printf(MSG_DEBUG, "FT: No matching R0KH found");
1563 
1564 	if (*r0kh_out && wpa_ft_rrb_init_r0kh_seq(*r0kh_out) < 0)
1565 		*r0kh_out = NULL;
1566 }
1567 
1568 
1569 static int wpa_ft_rrb_init_r1kh_seq(struct ft_remote_r1kh *r1kh)
1570 {
1571 	if (r1kh->seq)
1572 		return 0;
1573 
1574 	r1kh->seq = os_zalloc(sizeof(*r1kh->seq));
1575 	if (!r1kh->seq) {
1576 		wpa_printf(MSG_DEBUG, "FT: Failed to allocate r1kh->seq");
1577 		return -1;
1578 	}
1579 
1580 	dl_list_init(&r1kh->seq->rx.queue);
1581 
1582 	return 0;
1583 }
1584 
1585 
1586 static void wpa_ft_rrb_lookup_r1kh(struct wpa_authenticator *wpa_auth,
1587 				   const u8 *f_r1kh_id,
1588 				   struct ft_remote_r1kh **r1kh_out,
1589 				   struct ft_remote_r1kh **r1kh_wildcard)
1590 {
1591 	struct ft_remote_r1kh *r1kh;
1592 
1593 	*r1kh_wildcard = NULL;
1594 	*r1kh_out = NULL;
1595 
1596 	if (wpa_auth->conf.r1kh_list)
1597 		r1kh = *wpa_auth->conf.r1kh_list;
1598 	else
1599 		r1kh = NULL;
1600 	for (; r1kh; r1kh = r1kh->next) {
1601 		if (is_zero_ether_addr(r1kh->addr) &&
1602 		    is_zero_ether_addr(r1kh->id))
1603 			*r1kh_wildcard = r1kh;
1604 		if (f_r1kh_id &&
1605 		    os_memcmp_const(r1kh->id, f_r1kh_id, FT_R1KH_ID_LEN) == 0)
1606 			*r1kh_out = r1kh;
1607 	}
1608 
1609 	if (!*r1kh_out && !*r1kh_wildcard)
1610 		wpa_printf(MSG_DEBUG, "FT: No matching R1KH found");
1611 
1612 	if (*r1kh_out && wpa_ft_rrb_init_r1kh_seq(*r1kh_out) < 0)
1613 		*r1kh_out = NULL;
1614 }
1615 
1616 
1617 static int wpa_ft_rrb_check_r0kh(struct wpa_authenticator *wpa_auth,
1618 				 const u8 *f_r0kh_id, size_t f_r0kh_id_len)
1619 {
1620 	if (f_r0kh_id_len != wpa_auth->conf.r0_key_holder_len ||
1621 	    os_memcmp_const(f_r0kh_id, wpa_auth->conf.r0_key_holder,
1622 			    f_r0kh_id_len) != 0)
1623 		return -1;
1624 
1625 	return 0;
1626 }
1627 
1628 
1629 static int wpa_ft_rrb_check_r1kh(struct wpa_authenticator *wpa_auth,
1630 				 const u8 *f_r1kh_id)
1631 {
1632 	if (os_memcmp_const(f_r1kh_id, wpa_auth->conf.r1_key_holder,
1633 			    FT_R1KH_ID_LEN) != 0)
1634 		return -1;
1635 
1636 	return 0;
1637 }
1638 
1639 
1640 static void wpa_ft_rrb_del_r0kh(void *eloop_ctx, void *timeout_ctx)
1641 {
1642 	struct wpa_authenticator *wpa_auth = eloop_ctx;
1643 	struct ft_remote_r0kh *r0kh, *prev = NULL;
1644 
1645 	if (!wpa_auth->conf.r0kh_list)
1646 		return;
1647 
1648 	for (r0kh = *wpa_auth->conf.r0kh_list; r0kh; r0kh = r0kh->next) {
1649 		if (r0kh == timeout_ctx)
1650 			break;
1651 		prev = r0kh;
1652 	}
1653 	if (!r0kh)
1654 		return;
1655 	if (prev)
1656 		prev->next = r0kh->next;
1657 	else
1658 		*wpa_auth->conf.r0kh_list = r0kh->next;
1659 	if (r0kh->seq)
1660 		wpa_ft_rrb_seq_flush(wpa_auth, r0kh->seq, 0);
1661 	os_free(r0kh->seq);
1662 	os_free(r0kh);
1663 }
1664 
1665 
1666 static void wpa_ft_rrb_r0kh_replenish(struct wpa_authenticator *wpa_auth,
1667 				      struct ft_remote_r0kh *r0kh, int timeout)
1668 {
1669 	if (timeout > 0)
1670 		eloop_replenish_timeout(timeout, 0, wpa_ft_rrb_del_r0kh,
1671 					wpa_auth, r0kh);
1672 }
1673 
1674 
1675 static void wpa_ft_rrb_r0kh_timeout(struct wpa_authenticator *wpa_auth,
1676 				    struct ft_remote_r0kh *r0kh, int timeout)
1677 {
1678 	eloop_cancel_timeout(wpa_ft_rrb_del_r0kh, wpa_auth, r0kh);
1679 
1680 	if (timeout > 0)
1681 		eloop_register_timeout(timeout, 0, wpa_ft_rrb_del_r0kh,
1682 				       wpa_auth, r0kh);
1683 }
1684 
1685 
1686 static struct ft_remote_r0kh *
1687 wpa_ft_rrb_add_r0kh(struct wpa_authenticator *wpa_auth,
1688 		    struct ft_remote_r0kh *r0kh_wildcard,
1689 		    const u8 *src_addr, const u8 *r0kh_id, size_t id_len,
1690 		    int timeout)
1691 {
1692 	struct ft_remote_r0kh *r0kh;
1693 
1694 	if (!wpa_auth->conf.r0kh_list)
1695 		return NULL;
1696 
1697 	r0kh = os_zalloc(sizeof(*r0kh));
1698 	if (!r0kh)
1699 		return NULL;
1700 
1701 	if (src_addr)
1702 		os_memcpy(r0kh->addr, src_addr, sizeof(r0kh->addr));
1703 
1704 	if (id_len > FT_R0KH_ID_MAX_LEN)
1705 		id_len = FT_R0KH_ID_MAX_LEN;
1706 	os_memcpy(r0kh->id, r0kh_id, id_len);
1707 	r0kh->id_len = id_len;
1708 
1709 	os_memcpy(r0kh->key, r0kh_wildcard->key, sizeof(r0kh->key));
1710 
1711 	r0kh->next = *wpa_auth->conf.r0kh_list;
1712 	*wpa_auth->conf.r0kh_list = r0kh;
1713 
1714 	if (timeout > 0)
1715 		eloop_register_timeout(timeout, 0, wpa_ft_rrb_del_r0kh,
1716 				       wpa_auth, r0kh);
1717 
1718 	if (wpa_ft_rrb_init_r0kh_seq(r0kh) < 0)
1719 		return NULL;
1720 
1721 	return r0kh;
1722 }
1723 
1724 
1725 static void wpa_ft_rrb_del_r1kh(void *eloop_ctx, void *timeout_ctx)
1726 {
1727 	struct wpa_authenticator *wpa_auth = eloop_ctx;
1728 	struct ft_remote_r1kh *r1kh, *prev = NULL;
1729 
1730 	if (!wpa_auth->conf.r1kh_list)
1731 		return;
1732 
1733 	for (r1kh = *wpa_auth->conf.r1kh_list; r1kh; r1kh = r1kh->next) {
1734 		if (r1kh == timeout_ctx)
1735 			break;
1736 		prev = r1kh;
1737 	}
1738 	if (!r1kh)
1739 		return;
1740 	if (prev)
1741 		prev->next = r1kh->next;
1742 	else
1743 		*wpa_auth->conf.r1kh_list = r1kh->next;
1744 	if (r1kh->seq)
1745 		wpa_ft_rrb_seq_flush(wpa_auth, r1kh->seq, 0);
1746 	os_free(r1kh->seq);
1747 	os_free(r1kh);
1748 }
1749 
1750 
1751 static void wpa_ft_rrb_r1kh_replenish(struct wpa_authenticator *wpa_auth,
1752 				      struct ft_remote_r1kh *r1kh, int timeout)
1753 {
1754 	if (timeout > 0)
1755 		eloop_replenish_timeout(timeout, 0, wpa_ft_rrb_del_r1kh,
1756 					wpa_auth, r1kh);
1757 }
1758 
1759 
1760 static struct ft_remote_r1kh *
1761 wpa_ft_rrb_add_r1kh(struct wpa_authenticator *wpa_auth,
1762 		    struct ft_remote_r1kh *r1kh_wildcard,
1763 		    const u8 *src_addr, const u8 *r1kh_id, int timeout)
1764 {
1765 	struct ft_remote_r1kh *r1kh;
1766 
1767 	if (!wpa_auth->conf.r1kh_list)
1768 		return NULL;
1769 
1770 	r1kh = os_zalloc(sizeof(*r1kh));
1771 	if (!r1kh)
1772 		return NULL;
1773 
1774 	os_memcpy(r1kh->addr, src_addr, sizeof(r1kh->addr));
1775 	os_memcpy(r1kh->id, r1kh_id, sizeof(r1kh->id));
1776 	os_memcpy(r1kh->key, r1kh_wildcard->key, sizeof(r1kh->key));
1777 	r1kh->next = *wpa_auth->conf.r1kh_list;
1778 	*wpa_auth->conf.r1kh_list = r1kh;
1779 
1780 	if (timeout > 0)
1781 		eloop_register_timeout(timeout, 0, wpa_ft_rrb_del_r1kh,
1782 				       wpa_auth, r1kh);
1783 
1784 	if (wpa_ft_rrb_init_r1kh_seq(r1kh) < 0)
1785 		return NULL;
1786 
1787 	return r1kh;
1788 }
1789 
1790 
1791 void wpa_ft_sta_deinit(struct wpa_state_machine *sm)
1792 {
1793 	eloop_cancel_timeout(wpa_ft_expire_pull, sm, NULL);
1794 }
1795 
1796 
1797 static void wpa_ft_deinit_seq(struct wpa_authenticator *wpa_auth)
1798 {
1799 	struct ft_remote_r0kh *r0kh;
1800 	struct ft_remote_r1kh *r1kh;
1801 
1802 	eloop_cancel_timeout(wpa_ft_rrb_seq_timeout, wpa_auth, ELOOP_ALL_CTX);
1803 
1804 	if (wpa_auth->conf.r0kh_list)
1805 		r0kh = *wpa_auth->conf.r0kh_list;
1806 	else
1807 		r0kh = NULL;
1808 	for (; r0kh; r0kh = r0kh->next) {
1809 		if (!r0kh->seq)
1810 			continue;
1811 		wpa_ft_rrb_seq_flush(wpa_auth, r0kh->seq, 0);
1812 		os_free(r0kh->seq);
1813 		r0kh->seq = NULL;
1814 	}
1815 
1816 	if (wpa_auth->conf.r1kh_list)
1817 		r1kh = *wpa_auth->conf.r1kh_list;
1818 	else
1819 		r1kh = NULL;
1820 	for (; r1kh; r1kh = r1kh->next) {
1821 		if (!r1kh->seq)
1822 			continue;
1823 		wpa_ft_rrb_seq_flush(wpa_auth, r1kh->seq, 0);
1824 		os_free(r1kh->seq);
1825 		r1kh->seq = NULL;
1826 	}
1827 }
1828 
1829 
1830 static void wpa_ft_deinit_rkh_tmp(struct wpa_authenticator *wpa_auth)
1831 {
1832 	struct ft_remote_r0kh *r0kh, *r0kh_next, *r0kh_prev = NULL;
1833 	struct ft_remote_r1kh *r1kh, *r1kh_next, *r1kh_prev = NULL;
1834 
1835 	if (wpa_auth->conf.r0kh_list)
1836 		r0kh = *wpa_auth->conf.r0kh_list;
1837 	else
1838 		r0kh = NULL;
1839 	while (r0kh) {
1840 		r0kh_next = r0kh->next;
1841 		if (eloop_cancel_timeout(wpa_ft_rrb_del_r0kh, wpa_auth,
1842 					 r0kh) > 0) {
1843 			if (r0kh_prev)
1844 				r0kh_prev->next = r0kh_next;
1845 			else
1846 				*wpa_auth->conf.r0kh_list = r0kh_next;
1847 			os_free(r0kh);
1848 		} else {
1849 			r0kh_prev = r0kh;
1850 		}
1851 		r0kh = r0kh_next;
1852 	}
1853 
1854 	if (wpa_auth->conf.r1kh_list)
1855 		r1kh = *wpa_auth->conf.r1kh_list;
1856 	else
1857 		r1kh = NULL;
1858 	while (r1kh) {
1859 		r1kh_next = r1kh->next;
1860 		if (eloop_cancel_timeout(wpa_ft_rrb_del_r1kh, wpa_auth,
1861 					 r1kh) > 0) {
1862 			if (r1kh_prev)
1863 				r1kh_prev->next = r1kh_next;
1864 			else
1865 				*wpa_auth->conf.r1kh_list = r1kh_next;
1866 			os_free(r1kh);
1867 		} else {
1868 			r1kh_prev = r1kh;
1869 		}
1870 		r1kh = r1kh_next;
1871 	}
1872 }
1873 
1874 
1875 void wpa_ft_deinit(struct wpa_authenticator *wpa_auth)
1876 {
1877 	wpa_ft_deinit_seq(wpa_auth);
1878 	wpa_ft_deinit_rkh_tmp(wpa_auth);
1879 }
1880 
1881 
1882 static void wpa_ft_block_r0kh(struct wpa_authenticator *wpa_auth,
1883 			      const u8 *f_r0kh_id, size_t f_r0kh_id_len)
1884 {
1885 	struct ft_remote_r0kh *r0kh, *r0kh_wildcard;
1886 
1887 	if (!wpa_auth->conf.rkh_neg_timeout)
1888 		return;
1889 
1890 	wpa_ft_rrb_lookup_r0kh(wpa_auth, f_r0kh_id, f_r0kh_id_len,
1891 			       &r0kh, &r0kh_wildcard);
1892 
1893 	if (!r0kh_wildcard) {
1894 		/* r0kh removed after neg_timeout and might need re-adding */
1895 		return;
1896 	}
1897 
1898 	wpa_hexdump(MSG_DEBUG, "FT: Blacklist R0KH-ID",
1899 		    f_r0kh_id, f_r0kh_id_len);
1900 
1901 	if (r0kh) {
1902 		wpa_ft_rrb_r0kh_timeout(wpa_auth, r0kh,
1903 					wpa_auth->conf.rkh_neg_timeout);
1904 		os_memset(r0kh->addr, 0, ETH_ALEN);
1905 	} else
1906 		wpa_ft_rrb_add_r0kh(wpa_auth, r0kh_wildcard, NULL, f_r0kh_id,
1907 				    f_r0kh_id_len,
1908 				    wpa_auth->conf.rkh_neg_timeout);
1909 }
1910 
1911 
1912 static void wpa_ft_expire_pull(void *eloop_ctx, void *timeout_ctx)
1913 {
1914 	struct wpa_state_machine *sm = eloop_ctx;
1915 
1916 	wpa_printf(MSG_DEBUG, "FT: Timeout pending pull request for " MACSTR,
1917 		   MAC2STR(sm->addr));
1918 	if (sm->ft_pending_pull_left_retries <= 0)
1919 		wpa_ft_block_r0kh(sm->wpa_auth, sm->r0kh_id, sm->r0kh_id_len);
1920 
1921 	/* cancel multiple timeouts */
1922 	eloop_cancel_timeout(wpa_ft_expire_pull, sm, NULL);
1923 	ft_finish_pull(sm);
1924 }
1925 
1926 
1927 static int wpa_ft_pull_pmk_r1(struct wpa_state_machine *sm,
1928 			      const u8 *ies, size_t ies_len,
1929 			      const u8 *pmk_r0_name)
1930 {
1931 	struct ft_remote_r0kh *r0kh, *r0kh_wildcard;
1932 	u8 *packet = NULL;
1933 	const u8 *key, *f_r1kh_id = sm->wpa_auth->conf.r1_key_holder;
1934 	size_t packet_len, key_len;
1935 	struct ft_rrb_seq f_seq;
1936 	int tsecs, tusecs, first;
1937 	struct wpabuf *ft_pending_req_ies;
1938 	int r0kh_timeout;
1939 	struct tlv_list req_enc[] = {
1940 		{ .type = FT_RRB_PMK_R0_NAME, .len = WPA_PMK_NAME_LEN,
1941 		  .data = pmk_r0_name },
1942 		{ .type = FT_RRB_S1KH_ID, .len = ETH_ALEN,
1943 		  .data = sm->addr },
1944 		{ .type = FT_RRB_LAST_EMPTY, .len = 0, .data = NULL },
1945 	};
1946 	struct tlv_list req_auth[] = {
1947 		{ .type = FT_RRB_NONCE, .len = FT_RRB_NONCE_LEN,
1948 		  .data = sm->ft_pending_pull_nonce },
1949 		{ .type = FT_RRB_SEQ, .len = sizeof(f_seq),
1950 		  .data = (u8 *) &f_seq },
1951 		{ .type = FT_RRB_R0KH_ID, .len = sm->r0kh_id_len,
1952 		  .data = sm->r0kh_id },
1953 		{ .type = FT_RRB_R1KH_ID, .len = FT_R1KH_ID_LEN,
1954 		  .data = f_r1kh_id },
1955 		{ .type = FT_RRB_LAST_EMPTY, .len = 0, .data = NULL },
1956 	};
1957 
1958 	if (sm->ft_pending_pull_left_retries <= 0)
1959 		return -1;
1960 	first = sm->ft_pending_pull_left_retries ==
1961 		sm->wpa_auth->conf.rkh_pull_retries;
1962 	sm->ft_pending_pull_left_retries--;
1963 
1964 	wpa_ft_rrb_lookup_r0kh(sm->wpa_auth, sm->r0kh_id, sm->r0kh_id_len,
1965 			       &r0kh, &r0kh_wildcard);
1966 
1967 	/* Keep r0kh sufficiently long in the list for seq num check */
1968 	r0kh_timeout = sm->wpa_auth->conf.rkh_pull_timeout / 1000 +
1969 		1 + ftRRBseqTimeout;
1970 	if (r0kh) {
1971 		wpa_ft_rrb_r0kh_replenish(sm->wpa_auth, r0kh, r0kh_timeout);
1972 	} else if (r0kh_wildcard) {
1973 		wpa_printf(MSG_DEBUG, "FT: Using wildcard R0KH-ID");
1974 		/* r0kh->addr: updated by SEQ_RESP and wpa_ft_expire_pull */
1975 		r0kh = wpa_ft_rrb_add_r0kh(sm->wpa_auth, r0kh_wildcard,
1976 					   r0kh_wildcard->addr,
1977 					   sm->r0kh_id, sm->r0kh_id_len,
1978 					   r0kh_timeout);
1979 	}
1980 	if (r0kh == NULL) {
1981 		wpa_hexdump(MSG_DEBUG, "FT: Did not find R0KH-ID",
1982 			    sm->r0kh_id, sm->r0kh_id_len);
1983 		return -1;
1984 	}
1985 	if (is_zero_ether_addr(r0kh->addr)) {
1986 		wpa_hexdump(MSG_DEBUG, "FT: R0KH-ID is blacklisted",
1987 			    sm->r0kh_id, sm->r0kh_id_len);
1988 		return -1;
1989 	}
1990 	if (os_memcmp(r0kh->addr, sm->wpa_auth->addr, ETH_ALEN) == 0) {
1991 		wpa_printf(MSG_DEBUG,
1992 			   "FT: R0KH-ID points to self - no matching key available");
1993 		return -1;
1994 	}
1995 
1996 	key = r0kh->key;
1997 	key_len = sizeof(r0kh->key);
1998 
1999 	wpa_printf(MSG_DEBUG, "FT: Send PMK-R1 pull request to remote R0KH "
2000 		   "address " MACSTR, MAC2STR(r0kh->addr));
2001 
2002 	if (r0kh->seq->rx.num_last == 0) {
2003 		/* A sequence request will be sent out anyway when pull
2004 		 * response is received. Send it out now to avoid one RTT. */
2005 		wpa_ft_rrb_seq_req(sm->wpa_auth, r0kh->seq, r0kh->addr,
2006 				   r0kh->id, r0kh->id_len, f_r1kh_id, key,
2007 				   key_len, NULL, 0, NULL, 0, NULL);
2008 	}
2009 
2010 	if (first &&
2011 	    random_get_bytes(sm->ft_pending_pull_nonce, FT_RRB_NONCE_LEN) < 0) {
2012 		wpa_printf(MSG_DEBUG, "FT: Failed to get random data for "
2013 			   "nonce");
2014 		return -1;
2015 	}
2016 
2017 	if (wpa_ft_new_seq(r0kh->seq, &f_seq) < 0) {
2018 		wpa_printf(MSG_DEBUG, "FT: Failed to get seq num");
2019 		return -1;
2020 	}
2021 
2022 	if (wpa_ft_rrb_build(key, key_len, req_enc, NULL, req_auth, NULL,
2023 			     sm->wpa_auth->addr, FT_PACKET_R0KH_R1KH_PULL,
2024 			     &packet, &packet_len) < 0)
2025 		return -1;
2026 
2027 	ft_pending_req_ies = wpabuf_alloc_copy(ies, ies_len);
2028 	wpabuf_free(sm->ft_pending_req_ies);
2029 	sm->ft_pending_req_ies = ft_pending_req_ies;
2030 	if (!sm->ft_pending_req_ies) {
2031 		os_free(packet);
2032 		return -1;
2033 	}
2034 
2035 	tsecs = sm->wpa_auth->conf.rkh_pull_timeout / 1000;
2036 	tusecs = (sm->wpa_auth->conf.rkh_pull_timeout % 1000) * 1000;
2037 	eloop_register_timeout(tsecs, tusecs, wpa_ft_expire_pull, sm, NULL);
2038 
2039 	wpa_ft_rrb_oui_send(sm->wpa_auth, r0kh->addr, FT_PACKET_R0KH_R1KH_PULL,
2040 			    packet, packet_len);
2041 
2042 	os_free(packet);
2043 
2044 	return 0;
2045 }
2046 
2047 
2048 int wpa_ft_store_pmk_fils(struct wpa_state_machine *sm,
2049 			  const u8 *pmk_r0, const u8 *pmk_r0_name)
2050 {
2051 	int expires_in = sm->wpa_auth->conf.r0_key_lifetime;
2052 	struct vlan_description vlan;
2053 	const u8 *identity, *radius_cui;
2054 	size_t identity_len, radius_cui_len;
2055 	int session_timeout;
2056 	size_t pmk_r0_len = wpa_key_mgmt_sha384(sm->wpa_key_mgmt) ?
2057 		SHA384_MAC_LEN : PMK_LEN;
2058 
2059 	if (wpa_ft_get_vlan(sm->wpa_auth, sm->addr, &vlan) < 0) {
2060 		wpa_printf(MSG_DEBUG, "FT: vlan not available for STA " MACSTR,
2061 			   MAC2STR(sm->addr));
2062 		return -1;
2063 	}
2064 
2065 	identity_len = wpa_ft_get_identity(sm->wpa_auth, sm->addr, &identity);
2066 	radius_cui_len = wpa_ft_get_radius_cui(sm->wpa_auth, sm->addr,
2067 					       &radius_cui);
2068 	session_timeout = wpa_ft_get_session_timeout(sm->wpa_auth, sm->addr);
2069 
2070 	return wpa_ft_store_pmk_r0(sm->wpa_auth, sm->addr, pmk_r0, pmk_r0_len,
2071 				   pmk_r0_name, sm->pairwise, &vlan, expires_in,
2072 				   session_timeout, identity, identity_len,
2073 				   radius_cui, radius_cui_len);
2074 }
2075 
2076 
2077 int wpa_auth_derive_ptk_ft(struct wpa_state_machine *sm, struct wpa_ptk *ptk)
2078 {
2079 	u8 pmk_r0[PMK_LEN_MAX], pmk_r0_name[WPA_PMK_NAME_LEN];
2080 	size_t pmk_r0_len = wpa_key_mgmt_sha384(sm->wpa_key_mgmt) ?
2081 		SHA384_MAC_LEN : PMK_LEN;
2082 	size_t pmk_r1_len = pmk_r0_len;
2083 	u8 pmk_r1[PMK_LEN_MAX];
2084 	u8 ptk_name[WPA_PMK_NAME_LEN];
2085 	const u8 *mdid = sm->wpa_auth->conf.mobility_domain;
2086 	const u8 *r0kh = sm->wpa_auth->conf.r0_key_holder;
2087 	size_t r0kh_len = sm->wpa_auth->conf.r0_key_holder_len;
2088 	const u8 *r1kh = sm->wpa_auth->conf.r1_key_holder;
2089 	const u8 *ssid = sm->wpa_auth->conf.ssid;
2090 	size_t ssid_len = sm->wpa_auth->conf.ssid_len;
2091 	int psk_local = sm->wpa_auth->conf.ft_psk_generate_local;
2092 	int expires_in = sm->wpa_auth->conf.r0_key_lifetime;
2093 	struct vlan_description vlan;
2094 	const u8 *identity, *radius_cui;
2095 	size_t identity_len, radius_cui_len;
2096 	int session_timeout;
2097 
2098 	if (sm->xxkey_len == 0) {
2099 		wpa_printf(MSG_DEBUG, "FT: XXKey not available for key "
2100 			   "derivation");
2101 		return -1;
2102 	}
2103 
2104 	if (wpa_ft_get_vlan(sm->wpa_auth, sm->addr, &vlan) < 0) {
2105 		wpa_printf(MSG_DEBUG, "FT: vlan not available for STA " MACSTR,
2106 			   MAC2STR(sm->addr));
2107 		return -1;
2108 	}
2109 
2110 	identity_len = wpa_ft_get_identity(sm->wpa_auth, sm->addr, &identity);
2111 	radius_cui_len = wpa_ft_get_radius_cui(sm->wpa_auth, sm->addr,
2112 					       &radius_cui);
2113 	session_timeout = wpa_ft_get_session_timeout(sm->wpa_auth, sm->addr);
2114 
2115 	if (wpa_derive_pmk_r0(sm->xxkey, sm->xxkey_len, ssid, ssid_len, mdid,
2116 			      r0kh, r0kh_len, sm->addr,
2117 			      pmk_r0, pmk_r0_name,
2118 			      wpa_key_mgmt_sha384(sm->wpa_key_mgmt)) < 0)
2119 		return -1;
2120 	wpa_hexdump_key(MSG_DEBUG, "FT: PMK-R0", pmk_r0, pmk_r0_len);
2121 	wpa_hexdump(MSG_DEBUG, "FT: PMKR0Name", pmk_r0_name, WPA_PMK_NAME_LEN);
2122 	if (!psk_local || !wpa_key_mgmt_ft_psk(sm->wpa_key_mgmt))
2123 		wpa_ft_store_pmk_r0(sm->wpa_auth, sm->addr, pmk_r0, pmk_r0_len,
2124 				    pmk_r0_name,
2125 				    sm->pairwise, &vlan, expires_in,
2126 				    session_timeout, identity, identity_len,
2127 				    radius_cui, radius_cui_len);
2128 
2129 	if (wpa_derive_pmk_r1(pmk_r0, pmk_r0_len, pmk_r0_name, r1kh, sm->addr,
2130 			      pmk_r1, sm->pmk_r1_name) < 0)
2131 		return -1;
2132 	wpa_hexdump_key(MSG_DEBUG, "FT: PMK-R1", pmk_r1, pmk_r1_len);
2133 	wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name", sm->pmk_r1_name,
2134 		    WPA_PMK_NAME_LEN);
2135 	if (!psk_local || !wpa_key_mgmt_ft_psk(sm->wpa_key_mgmt))
2136 		wpa_ft_store_pmk_r1(sm->wpa_auth, sm->addr, pmk_r1, pmk_r1_len,
2137 				    sm->pmk_r1_name, sm->pairwise, &vlan,
2138 				    expires_in, session_timeout, identity,
2139 				    identity_len, radius_cui, radius_cui_len);
2140 
2141 	return wpa_pmk_r1_to_ptk(pmk_r1, pmk_r1_len, sm->SNonce, sm->ANonce,
2142 				 sm->addr, sm->wpa_auth->addr, sm->pmk_r1_name,
2143 				 ptk, ptk_name, sm->wpa_key_mgmt, sm->pairwise);
2144 }
2145 
2146 
2147 static inline int wpa_auth_get_seqnum(struct wpa_authenticator *wpa_auth,
2148 				      const u8 *addr, int idx, u8 *seq)
2149 {
2150 	if (wpa_auth->cb->get_seqnum == NULL)
2151 		return -1;
2152 	return wpa_auth->cb->get_seqnum(wpa_auth->cb_ctx, addr, idx, seq);
2153 }
2154 
2155 
2156 static u8 * wpa_ft_gtk_subelem(struct wpa_state_machine *sm, size_t *len)
2157 {
2158 	u8 *subelem;
2159 	struct wpa_group *gsm = sm->group;
2160 	size_t subelem_len, pad_len;
2161 	const u8 *key;
2162 	size_t key_len;
2163 	u8 keybuf[32];
2164 	const u8 *kek;
2165 	size_t kek_len;
2166 
2167 	if (wpa_key_mgmt_fils(sm->wpa_key_mgmt)) {
2168 		kek = sm->PTK.kek2;
2169 		kek_len = sm->PTK.kek2_len;
2170 	} else {
2171 		kek = sm->PTK.kek;
2172 		kek_len = sm->PTK.kek_len;
2173 	}
2174 
2175 	key_len = gsm->GTK_len;
2176 	if (key_len > sizeof(keybuf))
2177 		return NULL;
2178 
2179 	/*
2180 	 * Pad key for AES Key Wrap if it is not multiple of 8 bytes or is less
2181 	 * than 16 bytes.
2182 	 */
2183 	pad_len = key_len % 8;
2184 	if (pad_len)
2185 		pad_len = 8 - pad_len;
2186 	if (key_len + pad_len < 16)
2187 		pad_len += 8;
2188 	if (pad_len && key_len < sizeof(keybuf)) {
2189 		os_memcpy(keybuf, gsm->GTK[gsm->GN - 1], key_len);
2190 		os_memset(keybuf + key_len, 0, pad_len);
2191 		keybuf[key_len] = 0xdd;
2192 		key_len += pad_len;
2193 		key = keybuf;
2194 	} else
2195 		key = gsm->GTK[gsm->GN - 1];
2196 
2197 	/*
2198 	 * Sub-elem ID[1] | Length[1] | Key Info[2] | Key Length[1] | RSC[8] |
2199 	 * Key[5..32].
2200 	 */
2201 	subelem_len = 13 + key_len + 8;
2202 	subelem = os_zalloc(subelem_len);
2203 	if (subelem == NULL)
2204 		return NULL;
2205 
2206 	subelem[0] = FTIE_SUBELEM_GTK;
2207 	subelem[1] = 11 + key_len + 8;
2208 	/* Key ID in B0-B1 of Key Info */
2209 	WPA_PUT_LE16(&subelem[2], gsm->GN & 0x03);
2210 	subelem[4] = gsm->GTK_len;
2211 	wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN, subelem + 5);
2212 	if (aes_wrap(kek, kek_len, key_len / 8, key, subelem + 13)) {
2213 		wpa_printf(MSG_DEBUG,
2214 			   "FT: GTK subelem encryption failed: kek_len=%d",
2215 			   (int) kek_len);
2216 		os_free(subelem);
2217 		return NULL;
2218 	}
2219 
2220 	*len = subelem_len;
2221 	return subelem;
2222 }
2223 
2224 
2225 #ifdef CONFIG_IEEE80211W
2226 static u8 * wpa_ft_igtk_subelem(struct wpa_state_machine *sm, size_t *len)
2227 {
2228 	u8 *subelem, *pos;
2229 	struct wpa_group *gsm = sm->group;
2230 	size_t subelem_len;
2231 	const u8 *kek;
2232 	size_t kek_len;
2233 	size_t igtk_len;
2234 
2235 	if (wpa_key_mgmt_fils(sm->wpa_key_mgmt)) {
2236 		kek = sm->PTK.kek2;
2237 		kek_len = sm->PTK.kek2_len;
2238 	} else {
2239 		kek = sm->PTK.kek;
2240 		kek_len = sm->PTK.kek_len;
2241 	}
2242 
2243 	igtk_len = wpa_cipher_key_len(sm->wpa_auth->conf.group_mgmt_cipher);
2244 
2245 	/* Sub-elem ID[1] | Length[1] | KeyID[2] | IPN[6] | Key Length[1] |
2246 	 * Key[16+8] */
2247 	subelem_len = 1 + 1 + 2 + 6 + 1 + igtk_len + 8;
2248 	subelem = os_zalloc(subelem_len);
2249 	if (subelem == NULL)
2250 		return NULL;
2251 
2252 	pos = subelem;
2253 	*pos++ = FTIE_SUBELEM_IGTK;
2254 	*pos++ = subelem_len - 2;
2255 	WPA_PUT_LE16(pos, gsm->GN_igtk);
2256 	pos += 2;
2257 	wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN_igtk, pos);
2258 	pos += 6;
2259 	*pos++ = igtk_len;
2260 	if (aes_wrap(kek, kek_len, igtk_len / 8,
2261 		     gsm->IGTK[gsm->GN_igtk - 4], pos)) {
2262 		wpa_printf(MSG_DEBUG,
2263 			   "FT: IGTK subelem encryption failed: kek_len=%d",
2264 			   (int) kek_len);
2265 		os_free(subelem);
2266 		return NULL;
2267 	}
2268 
2269 	*len = subelem_len;
2270 	return subelem;
2271 }
2272 #endif /* CONFIG_IEEE80211W */
2273 
2274 
2275 static u8 * wpa_ft_process_rdie(struct wpa_state_machine *sm,
2276 				u8 *pos, u8 *end, u8 id, u8 descr_count,
2277 				const u8 *ies, size_t ies_len)
2278 {
2279 	struct ieee802_11_elems parse;
2280 	struct rsn_rdie *rdie;
2281 
2282 	wpa_printf(MSG_DEBUG, "FT: Resource Request: id=%d descr_count=%d",
2283 		   id, descr_count);
2284 	wpa_hexdump(MSG_MSGDUMP, "FT: Resource descriptor IE(s)",
2285 		    ies, ies_len);
2286 
2287 	if (end - pos < (int) sizeof(*rdie)) {
2288 		wpa_printf(MSG_ERROR, "FT: Not enough room for response RDIE");
2289 		return pos;
2290 	}
2291 
2292 	*pos++ = WLAN_EID_RIC_DATA;
2293 	*pos++ = sizeof(*rdie);
2294 	rdie = (struct rsn_rdie *) pos;
2295 	rdie->id = id;
2296 	rdie->descr_count = 0;
2297 	rdie->status_code = host_to_le16(WLAN_STATUS_SUCCESS);
2298 	pos += sizeof(*rdie);
2299 
2300 	if (ieee802_11_parse_elems((u8 *) ies, ies_len, &parse, 1) ==
2301 	    ParseFailed) {
2302 		wpa_printf(MSG_DEBUG, "FT: Failed to parse request IEs");
2303 		rdie->status_code =
2304 			host_to_le16(WLAN_STATUS_UNSPECIFIED_FAILURE);
2305 		return pos;
2306 	}
2307 
2308 	if (parse.wmm_tspec) {
2309 		struct wmm_tspec_element *tspec;
2310 
2311 		if (parse.wmm_tspec_len + 2 < (int) sizeof(*tspec)) {
2312 			wpa_printf(MSG_DEBUG, "FT: Too short WMM TSPEC IE "
2313 				   "(%d)", (int) parse.wmm_tspec_len);
2314 			rdie->status_code =
2315 				host_to_le16(WLAN_STATUS_UNSPECIFIED_FAILURE);
2316 			return pos;
2317 		}
2318 		if (end - pos < (int) sizeof(*tspec)) {
2319 			wpa_printf(MSG_ERROR, "FT: Not enough room for "
2320 				   "response TSPEC");
2321 			rdie->status_code =
2322 				host_to_le16(WLAN_STATUS_UNSPECIFIED_FAILURE);
2323 			return pos;
2324 		}
2325 		tspec = (struct wmm_tspec_element *) pos;
2326 		os_memcpy(tspec, parse.wmm_tspec - 2, sizeof(*tspec));
2327 	}
2328 
2329 #ifdef NEED_AP_MLME
2330 	if (parse.wmm_tspec && sm->wpa_auth->conf.ap_mlme) {
2331 		int res;
2332 
2333 		res = wmm_process_tspec((struct wmm_tspec_element *) pos);
2334 		wpa_printf(MSG_DEBUG, "FT: ADDTS processing result: %d", res);
2335 		if (res == WMM_ADDTS_STATUS_INVALID_PARAMETERS)
2336 			rdie->status_code =
2337 				host_to_le16(WLAN_STATUS_INVALID_PARAMETERS);
2338 		else if (res == WMM_ADDTS_STATUS_REFUSED)
2339 			rdie->status_code =
2340 				host_to_le16(WLAN_STATUS_REQUEST_DECLINED);
2341 		else {
2342 			/* TSPEC accepted; include updated TSPEC in response */
2343 			rdie->descr_count = 1;
2344 			pos += sizeof(struct wmm_tspec_element);
2345 		}
2346 		return pos;
2347 	}
2348 #endif /* NEED_AP_MLME */
2349 
2350 	if (parse.wmm_tspec && !sm->wpa_auth->conf.ap_mlme) {
2351 		int res;
2352 
2353 		res = wpa_ft_add_tspec(sm->wpa_auth, sm->addr, pos,
2354 				       sizeof(struct wmm_tspec_element));
2355 		if (res >= 0) {
2356 			if (res)
2357 				rdie->status_code = host_to_le16(res);
2358 			else {
2359 				/* TSPEC accepted; include updated TSPEC in
2360 				 * response */
2361 				rdie->descr_count = 1;
2362 				pos += sizeof(struct wmm_tspec_element);
2363 			}
2364 			return pos;
2365 		}
2366 	}
2367 
2368 	wpa_printf(MSG_DEBUG, "FT: No supported resource requested");
2369 	rdie->status_code = host_to_le16(WLAN_STATUS_UNSPECIFIED_FAILURE);
2370 	return pos;
2371 }
2372 
2373 
2374 static u8 * wpa_ft_process_ric(struct wpa_state_machine *sm, u8 *pos, u8 *end,
2375 			       const u8 *ric, size_t ric_len)
2376 {
2377 	const u8 *rpos, *start;
2378 	const struct rsn_rdie *rdie;
2379 
2380 	wpa_hexdump(MSG_MSGDUMP, "FT: RIC Request", ric, ric_len);
2381 
2382 	rpos = ric;
2383 	while (rpos + sizeof(*rdie) < ric + ric_len) {
2384 		if (rpos[0] != WLAN_EID_RIC_DATA || rpos[1] < sizeof(*rdie) ||
2385 		    rpos + 2 + rpos[1] > ric + ric_len)
2386 			break;
2387 		rdie = (const struct rsn_rdie *) (rpos + 2);
2388 		rpos += 2 + rpos[1];
2389 		start = rpos;
2390 
2391 		while (rpos + 2 <= ric + ric_len &&
2392 		       rpos + 2 + rpos[1] <= ric + ric_len) {
2393 			if (rpos[0] == WLAN_EID_RIC_DATA)
2394 				break;
2395 			rpos += 2 + rpos[1];
2396 		}
2397 		pos = wpa_ft_process_rdie(sm, pos, end, rdie->id,
2398 					  rdie->descr_count,
2399 					  start, rpos - start);
2400 	}
2401 
2402 	return pos;
2403 }
2404 
2405 
2406 u8 * wpa_sm_write_assoc_resp_ies(struct wpa_state_machine *sm, u8 *pos,
2407 				 size_t max_len, int auth_alg,
2408 				 const u8 *req_ies, size_t req_ies_len)
2409 {
2410 	u8 *end, *mdie, *ftie, *rsnie = NULL, *r0kh_id, *subelem = NULL;
2411 	u8 *fte_mic, *elem_count;
2412 	size_t mdie_len, ftie_len, rsnie_len = 0, r0kh_id_len, subelem_len = 0;
2413 	int res;
2414 	struct wpa_auth_config *conf;
2415 	struct wpa_ft_ies parse;
2416 	u8 *ric_start;
2417 	u8 *anonce, *snonce;
2418 	const u8 *kck;
2419 	size_t kck_len;
2420 	int use_sha384;
2421 
2422 	if (sm == NULL)
2423 		return pos;
2424 
2425 	use_sha384 = wpa_key_mgmt_sha384(sm->wpa_key_mgmt);
2426 	conf = &sm->wpa_auth->conf;
2427 
2428 	if (!wpa_key_mgmt_ft(sm->wpa_key_mgmt))
2429 		return pos;
2430 
2431 	end = pos + max_len;
2432 
2433 	if (auth_alg == WLAN_AUTH_FT ||
2434 	    ((auth_alg == WLAN_AUTH_FILS_SK ||
2435 	      auth_alg == WLAN_AUTH_FILS_SK_PFS ||
2436 	      auth_alg == WLAN_AUTH_FILS_PK) &&
2437 	     (sm->wpa_key_mgmt & (WPA_KEY_MGMT_FT_FILS_SHA256 |
2438 				  WPA_KEY_MGMT_FT_FILS_SHA384)))) {
2439 		if (!sm->pmk_r1_name_valid) {
2440 			wpa_printf(MSG_ERROR,
2441 				   "FT: PMKR1Name is not valid for Assoc Resp RSNE");
2442 			return NULL;
2443 		}
2444 		wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name for Assoc Resp RSNE",
2445 			    sm->pmk_r1_name, WPA_PMK_NAME_LEN);
2446 		/*
2447 		 * RSN (only present if this is a Reassociation Response and
2448 		 * part of a fast BSS transition; or if this is a
2449 		 * (Re)Association Response frame during an FT initial mobility
2450 		 * domain association using FILS)
2451 		 */
2452 		res = wpa_write_rsn_ie(conf, pos, end - pos, sm->pmk_r1_name);
2453 		if (res < 0)
2454 			return NULL;
2455 		rsnie = pos;
2456 		rsnie_len = res;
2457 		pos += res;
2458 	}
2459 
2460 	/* Mobility Domain Information */
2461 	res = wpa_write_mdie(conf, pos, end - pos);
2462 	if (res < 0)
2463 		return NULL;
2464 	mdie = pos;
2465 	mdie_len = res;
2466 	pos += res;
2467 
2468 	/* Fast BSS Transition Information */
2469 	if (auth_alg == WLAN_AUTH_FT) {
2470 		subelem = wpa_ft_gtk_subelem(sm, &subelem_len);
2471 		if (!subelem) {
2472 			wpa_printf(MSG_DEBUG,
2473 				   "FT: Failed to add GTK subelement");
2474 			return NULL;
2475 		}
2476 		r0kh_id = sm->r0kh_id;
2477 		r0kh_id_len = sm->r0kh_id_len;
2478 		anonce = sm->ANonce;
2479 		snonce = sm->SNonce;
2480 #ifdef CONFIG_IEEE80211W
2481 		if (sm->mgmt_frame_prot) {
2482 			u8 *igtk;
2483 			size_t igtk_len;
2484 			u8 *nbuf;
2485 			igtk = wpa_ft_igtk_subelem(sm, &igtk_len);
2486 			if (igtk == NULL) {
2487 				wpa_printf(MSG_DEBUG,
2488 					   "FT: Failed to add IGTK subelement");
2489 				os_free(subelem);
2490 				return NULL;
2491 			}
2492 			nbuf = os_realloc(subelem, subelem_len + igtk_len);
2493 			if (nbuf == NULL) {
2494 				os_free(subelem);
2495 				os_free(igtk);
2496 				return NULL;
2497 			}
2498 			subelem = nbuf;
2499 			os_memcpy(subelem + subelem_len, igtk, igtk_len);
2500 			subelem_len += igtk_len;
2501 			os_free(igtk);
2502 		}
2503 #endif /* CONFIG_IEEE80211W */
2504 #ifdef CONFIG_OCV
2505 		if (wpa_auth_uses_ocv(sm)) {
2506 			struct wpa_channel_info ci;
2507 			u8 *nbuf, *ocipos;
2508 
2509 			if (wpa_channel_info(sm->wpa_auth, &ci) != 0) {
2510 				wpa_printf(MSG_WARNING,
2511 					   "Failed to get channel info for OCI element");
2512 				os_free(subelem);
2513 				return NULL;
2514 			}
2515 
2516 			subelem_len += 2 + OCV_OCI_LEN;
2517 			nbuf = os_realloc(subelem, subelem_len);
2518 			if (!nbuf) {
2519 				os_free(subelem);
2520 				return NULL;
2521 			}
2522 			subelem = nbuf;
2523 
2524 			ocipos = subelem + subelem_len - 2 - OCV_OCI_LEN;
2525 			*ocipos++ = FTIE_SUBELEM_OCI;
2526 			*ocipos++ = OCV_OCI_LEN;
2527 			if (ocv_insert_oci(&ci, &ocipos) < 0) {
2528 				os_free(subelem);
2529 				return NULL;
2530 			}
2531 		}
2532 #endif /* CONFIG_OCV */
2533 	} else {
2534 		r0kh_id = conf->r0_key_holder;
2535 		r0kh_id_len = conf->r0_key_holder_len;
2536 		anonce = NULL;
2537 		snonce = NULL;
2538 	}
2539 	res = wpa_write_ftie(conf, use_sha384, r0kh_id, r0kh_id_len,
2540 			     anonce, snonce, pos, end - pos,
2541 			     subelem, subelem_len);
2542 	os_free(subelem);
2543 	if (res < 0)
2544 		return NULL;
2545 	ftie = pos;
2546 	ftie_len = res;
2547 	pos += res;
2548 
2549 	if (use_sha384) {
2550 		struct rsn_ftie_sha384 *_ftie =
2551 			(struct rsn_ftie_sha384 *) (ftie + 2);
2552 
2553 		fte_mic = _ftie->mic;
2554 		elem_count = &_ftie->mic_control[1];
2555 	} else {
2556 		struct rsn_ftie *_ftie = (struct rsn_ftie *) (ftie + 2);
2557 
2558 		fte_mic = _ftie->mic;
2559 		elem_count = &_ftie->mic_control[1];
2560 	}
2561 	if (auth_alg == WLAN_AUTH_FT)
2562 		*elem_count = 3; /* Information element count */
2563 
2564 	ric_start = pos;
2565 	if (wpa_ft_parse_ies(req_ies, req_ies_len, &parse, use_sha384) == 0
2566 	    && parse.ric) {
2567 		pos = wpa_ft_process_ric(sm, pos, end, parse.ric,
2568 					 parse.ric_len);
2569 		if (auth_alg == WLAN_AUTH_FT)
2570 			*elem_count +=
2571 				ieee802_11_ie_count(ric_start,
2572 						    pos - ric_start);
2573 	}
2574 	if (ric_start == pos)
2575 		ric_start = NULL;
2576 
2577 	if (wpa_key_mgmt_fils(sm->wpa_key_mgmt)) {
2578 		kck = sm->PTK.kck2;
2579 		kck_len = sm->PTK.kck2_len;
2580 	} else {
2581 		kck = sm->PTK.kck;
2582 		kck_len = sm->PTK.kck_len;
2583 	}
2584 	if (auth_alg == WLAN_AUTH_FT &&
2585 	    wpa_ft_mic(kck, kck_len, sm->addr, sm->wpa_auth->addr, 6,
2586 		       mdie, mdie_len, ftie, ftie_len,
2587 		       rsnie, rsnie_len,
2588 		       ric_start, ric_start ? pos - ric_start : 0,
2589 		       fte_mic) < 0) {
2590 		wpa_printf(MSG_DEBUG, "FT: Failed to calculate MIC");
2591 		return NULL;
2592 	}
2593 
2594 	os_free(sm->assoc_resp_ftie);
2595 	sm->assoc_resp_ftie = os_malloc(ftie_len);
2596 	if (!sm->assoc_resp_ftie)
2597 		return NULL;
2598 	os_memcpy(sm->assoc_resp_ftie, ftie, ftie_len);
2599 
2600 	return pos;
2601 }
2602 
2603 
2604 static inline int wpa_auth_set_key(struct wpa_authenticator *wpa_auth,
2605 				   int vlan_id,
2606 				   enum wpa_alg alg, const u8 *addr, int idx,
2607 				   u8 *key, size_t key_len)
2608 {
2609 	if (wpa_auth->cb->set_key == NULL)
2610 		return -1;
2611 	return wpa_auth->cb->set_key(wpa_auth->cb_ctx, vlan_id, alg, addr, idx,
2612 				     key, key_len);
2613 }
2614 
2615 
2616 void wpa_ft_install_ptk(struct wpa_state_machine *sm)
2617 {
2618 	enum wpa_alg alg;
2619 	int klen;
2620 
2621 	/* MLME-SETKEYS.request(PTK) */
2622 	alg = wpa_cipher_to_alg(sm->pairwise);
2623 	klen = wpa_cipher_key_len(sm->pairwise);
2624 	if (!wpa_cipher_valid_pairwise(sm->pairwise)) {
2625 		wpa_printf(MSG_DEBUG, "FT: Unknown pairwise alg 0x%x - skip "
2626 			   "PTK configuration", sm->pairwise);
2627 		return;
2628 	}
2629 
2630 	if (sm->tk_already_set) {
2631 		/* Must avoid TK reconfiguration to prevent clearing of TX/RX
2632 		 * PN in the driver */
2633 		wpa_printf(MSG_DEBUG,
2634 			   "FT: Do not re-install same PTK to the driver");
2635 		return;
2636 	}
2637 
2638 	/* FIX: add STA entry to kernel/driver here? The set_key will fail
2639 	 * most likely without this.. At the moment, STA entry is added only
2640 	 * after association has been completed. This function will be called
2641 	 * again after association to get the PTK configured, but that could be
2642 	 * optimized by adding the STA entry earlier.
2643 	 */
2644 	if (wpa_auth_set_key(sm->wpa_auth, 0, alg, sm->addr, 0,
2645 			     sm->PTK.tk, klen))
2646 		return;
2647 
2648 	/* FIX: MLME-SetProtection.Request(TA, Tx_Rx) */
2649 	sm->pairwise_set = TRUE;
2650 	sm->tk_already_set = TRUE;
2651 }
2652 
2653 
2654 /* Derive PMK-R1 from PSK, check all available PSK */
2655 static int wpa_ft_psk_pmk_r1(struct wpa_state_machine *sm,
2656 			     const u8 *req_pmk_r1_name,
2657 			     u8 *out_pmk_r1, int *out_pairwise,
2658 			     struct vlan_description *out_vlan,
2659 			     const u8 **out_identity, size_t *out_identity_len,
2660 			     const u8 **out_radius_cui,
2661 			     size_t *out_radius_cui_len,
2662 			     int *out_session_timeout)
2663 {
2664 	const u8 *pmk = NULL;
2665 	u8 pmk_r0[PMK_LEN], pmk_r0_name[WPA_PMK_NAME_LEN];
2666 	u8 pmk_r1[PMK_LEN], pmk_r1_name[WPA_PMK_NAME_LEN];
2667 	struct wpa_authenticator *wpa_auth = sm->wpa_auth;
2668 	const u8 *mdid = wpa_auth->conf.mobility_domain;
2669 	const u8 *r0kh = sm->r0kh_id;
2670 	size_t r0kh_len = sm->r0kh_id_len;
2671 	const u8 *r1kh = wpa_auth->conf.r1_key_holder;
2672 	const u8 *ssid = wpa_auth->conf.ssid;
2673 	size_t ssid_len = wpa_auth->conf.ssid_len;
2674 	int pairwise;
2675 
2676 	pairwise = sm->pairwise;
2677 
2678 	for (;;) {
2679 		pmk = wpa_ft_get_psk(wpa_auth, sm->addr, sm->p2p_dev_addr,
2680 				     pmk);
2681 		if (pmk == NULL)
2682 			break;
2683 
2684 		if (wpa_derive_pmk_r0(pmk, PMK_LEN, ssid, ssid_len, mdid, r0kh,
2685 				      r0kh_len, sm->addr,
2686 				      pmk_r0, pmk_r0_name, 0) < 0 ||
2687 		    wpa_derive_pmk_r1(pmk_r0, PMK_LEN, pmk_r0_name, r1kh,
2688 				      sm->addr, pmk_r1, pmk_r1_name) < 0 ||
2689 		    os_memcmp_const(pmk_r1_name, req_pmk_r1_name,
2690 				    WPA_PMK_NAME_LEN) != 0)
2691 			continue;
2692 
2693 		/* We found a PSK that matches the requested pmk_r1_name */
2694 		wpa_printf(MSG_DEBUG,
2695 			   "FT: Found PSK to generate PMK-R1 locally");
2696 		os_memcpy(out_pmk_r1, pmk_r1, PMK_LEN);
2697 		if (out_pairwise)
2698 			*out_pairwise = pairwise;
2699 		os_memcpy(sm->PMK, pmk, PMK_LEN);
2700 		sm->pmk_len = PMK_LEN;
2701 		if (out_vlan &&
2702 		    wpa_ft_get_vlan(sm->wpa_auth, sm->addr, out_vlan) < 0) {
2703 			wpa_printf(MSG_DEBUG, "FT: vlan not available for STA "
2704 				   MACSTR, MAC2STR(sm->addr));
2705 			return -1;
2706 		}
2707 
2708 		if (out_identity && out_identity_len) {
2709 			*out_identity_len = wpa_ft_get_identity(
2710 				sm->wpa_auth, sm->addr, out_identity);
2711 		}
2712 
2713 		if (out_radius_cui && out_radius_cui_len) {
2714 			*out_radius_cui_len = wpa_ft_get_radius_cui(
2715 				sm->wpa_auth, sm->addr, out_radius_cui);
2716 		}
2717 
2718 		if (out_session_timeout) {
2719 			*out_session_timeout = wpa_ft_get_session_timeout(
2720 				sm->wpa_auth, sm->addr);
2721 		}
2722 
2723 		return 0;
2724 	}
2725 
2726 	wpa_printf(MSG_DEBUG,
2727 		   "FT: Did not find PSK to generate PMK-R1 locally");
2728 	return -1;
2729 }
2730 
2731 
2732 /* Detect the configuration the station asked for.
2733  * Required to detect FT-PSK and pairwise cipher.
2734  */
2735 static int wpa_ft_set_key_mgmt(struct wpa_state_machine *sm,
2736 			       struct wpa_ft_ies *parse)
2737 {
2738 	int key_mgmt, ciphers;
2739 
2740 	if (sm->wpa_key_mgmt)
2741 		return 0;
2742 
2743 	key_mgmt = parse->key_mgmt & sm->wpa_auth->conf.wpa_key_mgmt;
2744 	if (!key_mgmt) {
2745 		wpa_printf(MSG_DEBUG, "FT: Invalid key mgmt (0x%x) from "
2746 			   MACSTR, parse->key_mgmt, MAC2STR(sm->addr));
2747 		return -1;
2748 	}
2749 	if (key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X)
2750 		sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_IEEE8021X;
2751 #ifdef CONFIG_SHA384
2752 	else if (key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X_SHA384)
2753 		sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_IEEE8021X_SHA384;
2754 #endif /* CONFIG_SHA384 */
2755 	else if (key_mgmt & WPA_KEY_MGMT_FT_PSK)
2756 		sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_PSK;
2757 #ifdef CONFIG_FILS
2758 	else if (key_mgmt & WPA_KEY_MGMT_FT_FILS_SHA256)
2759 		sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_FILS_SHA256;
2760 	else if (key_mgmt & WPA_KEY_MGMT_FT_FILS_SHA384)
2761 		sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_FILS_SHA384;
2762 #endif /* CONFIG_FILS */
2763 	ciphers = parse->pairwise_cipher & sm->wpa_auth->conf.rsn_pairwise;
2764 	if (!ciphers) {
2765 		wpa_printf(MSG_DEBUG, "FT: Invalid pairwise cipher (0x%x) from "
2766 			   MACSTR,
2767 			   parse->pairwise_cipher, MAC2STR(sm->addr));
2768 		return -1;
2769 	}
2770 	sm->pairwise = wpa_pick_pairwise_cipher(ciphers, 0);
2771 
2772 	return 0;
2773 }
2774 
2775 
2776 static int wpa_ft_local_derive_pmk_r1(struct wpa_authenticator *wpa_auth,
2777 				      struct wpa_state_machine *sm,
2778 				      const u8 *r0kh_id, size_t r0kh_id_len,
2779 				      const u8 *req_pmk_r0_name,
2780 				      const u8 *req_pmk_r1_name,
2781 				      u8 *out_pmk_r1, int *out_pairwise,
2782 				      struct vlan_description *vlan,
2783 				      const u8 **identity, size_t *identity_len,
2784 				      const u8 **radius_cui,
2785 				      size_t *radius_cui_len,
2786 				      int *out_session_timeout)
2787 {
2788 	struct wpa_auth_config *conf = &wpa_auth->conf;
2789 	const struct wpa_ft_pmk_r0_sa *r0;
2790 	u8 pmk_r1_name[WPA_PMK_NAME_LEN];
2791 	int expires_in = 0;
2792 	int session_timeout = 0;
2793 	struct os_reltime now;
2794 
2795 	if (conf->r0_key_holder_len != r0kh_id_len ||
2796 	    os_memcmp(conf->r0_key_holder, r0kh_id, conf->r0_key_holder_len) !=
2797 	    0)
2798 		return -1; /* not our R0KH-ID */
2799 
2800 	wpa_printf(MSG_DEBUG, "FT: STA R0KH-ID matching local configuration");
2801 	if (wpa_ft_fetch_pmk_r0(sm->wpa_auth, sm->addr, req_pmk_r0_name, &r0) <
2802 	    0)
2803 		return -1; /* no matching PMKR0Name in local cache */
2804 
2805 	wpa_printf(MSG_DEBUG, "FT: Requested PMKR0Name found in local cache");
2806 
2807 	if (wpa_derive_pmk_r1(r0->pmk_r0, r0->pmk_r0_len, r0->pmk_r0_name,
2808 			      conf->r1_key_holder,
2809 			      sm->addr, out_pmk_r1, pmk_r1_name) < 0)
2810 		return -1;
2811 	wpa_hexdump_key(MSG_DEBUG, "FT: PMK-R1", out_pmk_r1, r0->pmk_r0_len);
2812 	wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name", pmk_r1_name, WPA_PMK_NAME_LEN);
2813 
2814 	os_get_reltime(&now);
2815 	if (r0->expiration)
2816 		expires_in = r0->expiration - now.sec;
2817 
2818 	if (r0->session_timeout)
2819 		session_timeout = r0->session_timeout - now.sec;
2820 
2821 	wpa_ft_store_pmk_r1(wpa_auth, sm->addr, out_pmk_r1, r0->pmk_r0_len,
2822 			    pmk_r1_name,
2823 			    sm->pairwise, r0->vlan, expires_in, session_timeout,
2824 			    r0->identity, r0->identity_len,
2825 			    r0->radius_cui, r0->radius_cui_len);
2826 
2827 	*out_pairwise = sm->pairwise;
2828 	if (vlan) {
2829 		if (r0->vlan)
2830 			*vlan = *r0->vlan;
2831 		else
2832 			os_memset(vlan, 0, sizeof(*vlan));
2833 	}
2834 
2835 	if (identity && identity_len) {
2836 		*identity = r0->identity;
2837 		*identity_len = r0->identity_len;
2838 	}
2839 
2840 	if (radius_cui && radius_cui_len) {
2841 		*radius_cui = r0->radius_cui;
2842 		*radius_cui_len = r0->radius_cui_len;
2843 	}
2844 
2845 	*out_session_timeout = session_timeout;
2846 
2847 	return 0;
2848 }
2849 
2850 
2851 static int wpa_ft_process_auth_req(struct wpa_state_machine *sm,
2852 				   const u8 *ies, size_t ies_len,
2853 				   u8 **resp_ies, size_t *resp_ies_len)
2854 {
2855 	struct rsn_mdie *mdie;
2856 	u8 pmk_r1[PMK_LEN_MAX], pmk_r1_name[WPA_PMK_NAME_LEN];
2857 	u8 ptk_name[WPA_PMK_NAME_LEN];
2858 	struct wpa_auth_config *conf;
2859 	struct wpa_ft_ies parse;
2860 	size_t buflen;
2861 	int ret;
2862 	u8 *pos, *end;
2863 	int pairwise, session_timeout = 0;
2864 	struct vlan_description vlan;
2865 	const u8 *identity, *radius_cui;
2866 	size_t identity_len = 0, radius_cui_len = 0;
2867 	int use_sha384;
2868 	size_t pmk_r1_len;
2869 
2870 	*resp_ies = NULL;
2871 	*resp_ies_len = 0;
2872 
2873 	sm->pmk_r1_name_valid = 0;
2874 	conf = &sm->wpa_auth->conf;
2875 
2876 	wpa_hexdump(MSG_DEBUG, "FT: Received authentication frame IEs",
2877 		    ies, ies_len);
2878 
2879 	if (wpa_ft_parse_ies(ies, ies_len, &parse, -1)) {
2880 		wpa_printf(MSG_DEBUG, "FT: Failed to parse FT IEs");
2881 		return WLAN_STATUS_UNSPECIFIED_FAILURE;
2882 	}
2883 	use_sha384 = wpa_key_mgmt_sha384(parse.key_mgmt);
2884 	pmk_r1_len = use_sha384 ? SHA384_MAC_LEN : PMK_LEN;
2885 
2886 	mdie = (struct rsn_mdie *) parse.mdie;
2887 	if (mdie == NULL || parse.mdie_len < sizeof(*mdie) ||
2888 	    os_memcmp(mdie->mobility_domain,
2889 		      sm->wpa_auth->conf.mobility_domain,
2890 		      MOBILITY_DOMAIN_ID_LEN) != 0) {
2891 		wpa_printf(MSG_DEBUG, "FT: Invalid MDIE");
2892 		return WLAN_STATUS_INVALID_MDIE;
2893 	}
2894 
2895 	if (use_sha384) {
2896 		struct rsn_ftie_sha384 *ftie;
2897 
2898 		ftie = (struct rsn_ftie_sha384 *) parse.ftie;
2899 		if (!ftie || parse.ftie_len < sizeof(*ftie)) {
2900 			wpa_printf(MSG_DEBUG, "FT: Invalid FTIE");
2901 			return WLAN_STATUS_INVALID_FTIE;
2902 		}
2903 
2904 		os_memcpy(sm->SNonce, ftie->snonce, WPA_NONCE_LEN);
2905 	} else {
2906 		struct rsn_ftie *ftie;
2907 
2908 		ftie = (struct rsn_ftie *) parse.ftie;
2909 		if (!ftie || parse.ftie_len < sizeof(*ftie)) {
2910 			wpa_printf(MSG_DEBUG, "FT: Invalid FTIE");
2911 			return WLAN_STATUS_INVALID_FTIE;
2912 		}
2913 
2914 		os_memcpy(sm->SNonce, ftie->snonce, WPA_NONCE_LEN);
2915 	}
2916 
2917 	if (parse.r0kh_id == NULL) {
2918 		wpa_printf(MSG_DEBUG, "FT: Invalid FTIE - no R0KH-ID");
2919 		return WLAN_STATUS_INVALID_FTIE;
2920 	}
2921 
2922 	wpa_hexdump(MSG_DEBUG, "FT: STA R0KH-ID",
2923 		    parse.r0kh_id, parse.r0kh_id_len);
2924 	os_memcpy(sm->r0kh_id, parse.r0kh_id, parse.r0kh_id_len);
2925 	sm->r0kh_id_len = parse.r0kh_id_len;
2926 
2927 	if (parse.rsn_pmkid == NULL) {
2928 		wpa_printf(MSG_DEBUG, "FT: No PMKID in RSNIE");
2929 		return WLAN_STATUS_INVALID_PMKID;
2930 	}
2931 
2932 	if (wpa_ft_set_key_mgmt(sm, &parse) < 0)
2933 		return WLAN_STATUS_UNSPECIFIED_FAILURE;
2934 
2935 	wpa_hexdump(MSG_DEBUG, "FT: Requested PMKR0Name",
2936 		    parse.rsn_pmkid, WPA_PMK_NAME_LEN);
2937 	if (wpa_derive_pmk_r1_name(parse.rsn_pmkid,
2938 				   sm->wpa_auth->conf.r1_key_holder, sm->addr,
2939 				   pmk_r1_name, use_sha384) < 0)
2940 		return WLAN_STATUS_UNSPECIFIED_FAILURE;
2941 	wpa_hexdump(MSG_DEBUG, "FT: Derived requested PMKR1Name",
2942 		    pmk_r1_name, WPA_PMK_NAME_LEN);
2943 
2944 	if (conf->ft_psk_generate_local &&
2945 	    wpa_key_mgmt_ft_psk(sm->wpa_key_mgmt)) {
2946 		if (wpa_ft_psk_pmk_r1(sm, pmk_r1_name, pmk_r1, &pairwise,
2947 				      &vlan, &identity, &identity_len,
2948 				      &radius_cui, &radius_cui_len,
2949 				      &session_timeout) < 0)
2950 			return WLAN_STATUS_INVALID_PMKID;
2951 		wpa_printf(MSG_DEBUG,
2952 			   "FT: Generated PMK-R1 for FT-PSK locally");
2953 	} else if (wpa_ft_fetch_pmk_r1(sm->wpa_auth, sm->addr, pmk_r1_name,
2954 				       pmk_r1, &pmk_r1_len, &pairwise, &vlan,
2955 				       &identity, &identity_len, &radius_cui,
2956 				       &radius_cui_len, &session_timeout) < 0) {
2957 		wpa_printf(MSG_DEBUG,
2958 			   "FT: No PMK-R1 available in local cache for the requested PMKR1Name");
2959 		if (wpa_ft_local_derive_pmk_r1(sm->wpa_auth, sm,
2960 					       parse.r0kh_id, parse.r0kh_id_len,
2961 					       parse.rsn_pmkid,
2962 					       pmk_r1_name, pmk_r1, &pairwise,
2963 					       &vlan, &identity, &identity_len,
2964 					       &radius_cui, &radius_cui_len,
2965 					       &session_timeout) == 0) {
2966 			wpa_printf(MSG_DEBUG,
2967 				   "FT: Generated PMK-R1 based on local PMK-R0");
2968 			goto pmk_r1_derived;
2969 		}
2970 
2971 		if (wpa_ft_pull_pmk_r1(sm, ies, ies_len, parse.rsn_pmkid) < 0) {
2972 			wpa_printf(MSG_DEBUG,
2973 				   "FT: Did not have matching PMK-R1 and either unknown or blocked R0KH-ID or NAK from R0KH");
2974 			return WLAN_STATUS_INVALID_PMKID;
2975 		}
2976 
2977 		return -1; /* Status pending */
2978 	} else {
2979 		wpa_printf(MSG_DEBUG, "FT: Found PMKR1Name from local cache");
2980 	}
2981 
2982 pmk_r1_derived:
2983 	wpa_hexdump_key(MSG_DEBUG, "FT: Selected PMK-R1", pmk_r1, pmk_r1_len);
2984 	sm->pmk_r1_name_valid = 1;
2985 	os_memcpy(sm->pmk_r1_name, pmk_r1_name, WPA_PMK_NAME_LEN);
2986 	os_memcpy(sm->pmk_r1, pmk_r1, pmk_r1_len);
2987 	sm->pmk_r1_len = pmk_r1_len;
2988 
2989 	if (random_get_bytes(sm->ANonce, WPA_NONCE_LEN)) {
2990 		wpa_printf(MSG_DEBUG, "FT: Failed to get random data for "
2991 			   "ANonce");
2992 		return WLAN_STATUS_UNSPECIFIED_FAILURE;
2993 	}
2994 
2995 	wpa_hexdump(MSG_DEBUG, "FT: Received SNonce",
2996 		    sm->SNonce, WPA_NONCE_LEN);
2997 	wpa_hexdump(MSG_DEBUG, "FT: Generated ANonce",
2998 		    sm->ANonce, WPA_NONCE_LEN);
2999 
3000 	if (wpa_pmk_r1_to_ptk(pmk_r1, pmk_r1_len, sm->SNonce, sm->ANonce,
3001 			      sm->addr, sm->wpa_auth->addr, pmk_r1_name,
3002 			      &sm->PTK, ptk_name, sm->wpa_key_mgmt,
3003 			      pairwise) < 0)
3004 		return WLAN_STATUS_UNSPECIFIED_FAILURE;
3005 
3006 	sm->pairwise = pairwise;
3007 	sm->PTK_valid = TRUE;
3008 	sm->tk_already_set = FALSE;
3009 	wpa_ft_install_ptk(sm);
3010 
3011 	if (wpa_ft_set_vlan(sm->wpa_auth, sm->addr, &vlan) < 0) {
3012 		wpa_printf(MSG_DEBUG, "FT: Failed to configure VLAN");
3013 		return WLAN_STATUS_UNSPECIFIED_FAILURE;
3014 	}
3015 	if (wpa_ft_set_identity(sm->wpa_auth, sm->addr,
3016 				identity, identity_len) < 0 ||
3017 	    wpa_ft_set_radius_cui(sm->wpa_auth, sm->addr,
3018 				  radius_cui, radius_cui_len) < 0) {
3019 		wpa_printf(MSG_DEBUG, "FT: Failed to configure identity/CUI");
3020 		return WLAN_STATUS_UNSPECIFIED_FAILURE;
3021 	}
3022 	wpa_ft_set_session_timeout(sm->wpa_auth, sm->addr, session_timeout);
3023 
3024 	buflen = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) +
3025 		2 + FT_R1KH_ID_LEN + 200;
3026 	*resp_ies = os_zalloc(buflen);
3027 	if (*resp_ies == NULL)
3028 		goto fail;
3029 
3030 	pos = *resp_ies;
3031 	end = *resp_ies + buflen;
3032 
3033 	ret = wpa_write_rsn_ie(conf, pos, end - pos, parse.rsn_pmkid);
3034 	if (ret < 0)
3035 		goto fail;
3036 	pos += ret;
3037 
3038 	ret = wpa_write_mdie(conf, pos, end - pos);
3039 	if (ret < 0)
3040 		goto fail;
3041 	pos += ret;
3042 
3043 	ret = wpa_write_ftie(conf, use_sha384, parse.r0kh_id, parse.r0kh_id_len,
3044 			     sm->ANonce, sm->SNonce, pos, end - pos, NULL, 0);
3045 	if (ret < 0)
3046 		goto fail;
3047 	pos += ret;
3048 
3049 	*resp_ies_len = pos - *resp_ies;
3050 
3051 	return WLAN_STATUS_SUCCESS;
3052 fail:
3053 	os_free(*resp_ies);
3054 	*resp_ies = NULL;
3055 	return WLAN_STATUS_UNSPECIFIED_FAILURE;
3056 }
3057 
3058 
3059 void wpa_ft_process_auth(struct wpa_state_machine *sm, const u8 *bssid,
3060 			 u16 auth_transaction, const u8 *ies, size_t ies_len,
3061 			 void (*cb)(void *ctx, const u8 *dst, const u8 *bssid,
3062 				    u16 auth_transaction, u16 status,
3063 				    const u8 *ies, size_t ies_len),
3064 			 void *ctx)
3065 {
3066 	u16 status;
3067 	u8 *resp_ies;
3068 	size_t resp_ies_len;
3069 	int res;
3070 
3071 	if (sm == NULL) {
3072 		wpa_printf(MSG_DEBUG, "FT: Received authentication frame, but "
3073 			   "WPA SM not available");
3074 		return;
3075 	}
3076 
3077 	wpa_printf(MSG_DEBUG, "FT: Received authentication frame: STA=" MACSTR
3078 		   " BSSID=" MACSTR " transaction=%d",
3079 		   MAC2STR(sm->addr), MAC2STR(bssid), auth_transaction);
3080 	sm->ft_pending_cb = cb;
3081 	sm->ft_pending_cb_ctx = ctx;
3082 	sm->ft_pending_auth_transaction = auth_transaction;
3083 	sm->ft_pending_pull_left_retries = sm->wpa_auth->conf.rkh_pull_retries;
3084 	res = wpa_ft_process_auth_req(sm, ies, ies_len, &resp_ies,
3085 				      &resp_ies_len);
3086 	if (res < 0) {
3087 		wpa_printf(MSG_DEBUG, "FT: Callback postponed until response is available");
3088 		return;
3089 	}
3090 	status = res;
3091 
3092 	wpa_printf(MSG_DEBUG, "FT: FT authentication response: dst=" MACSTR
3093 		   " auth_transaction=%d status=%d",
3094 		   MAC2STR(sm->addr), auth_transaction + 1, status);
3095 	wpa_hexdump(MSG_DEBUG, "FT: Response IEs", resp_ies, resp_ies_len);
3096 	cb(ctx, sm->addr, bssid, auth_transaction + 1, status,
3097 	   resp_ies, resp_ies_len);
3098 	os_free(resp_ies);
3099 }
3100 
3101 
3102 u16 wpa_ft_validate_reassoc(struct wpa_state_machine *sm, const u8 *ies,
3103 			    size_t ies_len)
3104 {
3105 	struct wpa_ft_ies parse;
3106 	struct rsn_mdie *mdie;
3107 	u8 mic[WPA_EAPOL_KEY_MIC_MAX_LEN];
3108 	size_t mic_len = 16;
3109 	unsigned int count;
3110 	const u8 *kck;
3111 	size_t kck_len;
3112 	int use_sha384;
3113 	const u8 *anonce, *snonce, *fte_mic;
3114 	u8 fte_elem_count;
3115 
3116 	if (sm == NULL)
3117 		return WLAN_STATUS_UNSPECIFIED_FAILURE;
3118 
3119 	use_sha384 = wpa_key_mgmt_sha384(sm->wpa_key_mgmt);
3120 
3121 	wpa_hexdump(MSG_DEBUG, "FT: Reassoc Req IEs", ies, ies_len);
3122 
3123 	if (wpa_ft_parse_ies(ies, ies_len, &parse, use_sha384) < 0) {
3124 		wpa_printf(MSG_DEBUG, "FT: Failed to parse FT IEs");
3125 		return WLAN_STATUS_UNSPECIFIED_FAILURE;
3126 	}
3127 
3128 	if (parse.rsn == NULL) {
3129 		wpa_printf(MSG_DEBUG, "FT: No RSNIE in Reassoc Req");
3130 		return WLAN_STATUS_UNSPECIFIED_FAILURE;
3131 	}
3132 
3133 	if (parse.rsn_pmkid == NULL) {
3134 		wpa_printf(MSG_DEBUG, "FT: No PMKID in RSNIE");
3135 		return WLAN_STATUS_INVALID_PMKID;
3136 	}
3137 
3138 	if (os_memcmp_const(parse.rsn_pmkid, sm->pmk_r1_name, WPA_PMK_NAME_LEN)
3139 	    != 0) {
3140 		wpa_printf(MSG_DEBUG, "FT: PMKID in Reassoc Req did not match "
3141 			   "with the PMKR1Name derived from auth request");
3142 		return WLAN_STATUS_INVALID_PMKID;
3143 	}
3144 
3145 	mdie = (struct rsn_mdie *) parse.mdie;
3146 	if (mdie == NULL || parse.mdie_len < sizeof(*mdie) ||
3147 	    os_memcmp(mdie->mobility_domain,
3148 		      sm->wpa_auth->conf.mobility_domain,
3149 		      MOBILITY_DOMAIN_ID_LEN) != 0) {
3150 		wpa_printf(MSG_DEBUG, "FT: Invalid MDIE");
3151 		return WLAN_STATUS_INVALID_MDIE;
3152 	}
3153 
3154 	if (use_sha384) {
3155 		struct rsn_ftie_sha384 *ftie;
3156 
3157 		ftie = (struct rsn_ftie_sha384 *) parse.ftie;
3158 		if (ftie == NULL || parse.ftie_len < sizeof(*ftie)) {
3159 			wpa_printf(MSG_DEBUG, "FT: Invalid FTIE");
3160 			return WLAN_STATUS_INVALID_FTIE;
3161 		}
3162 
3163 		anonce = ftie->anonce;
3164 		snonce = ftie->snonce;
3165 		fte_elem_count = ftie->mic_control[1];
3166 		fte_mic = ftie->mic;
3167 	} else {
3168 		struct rsn_ftie *ftie;
3169 
3170 		ftie = (struct rsn_ftie *) parse.ftie;
3171 		if (ftie == NULL || parse.ftie_len < sizeof(*ftie)) {
3172 			wpa_printf(MSG_DEBUG, "FT: Invalid FTIE");
3173 			return WLAN_STATUS_INVALID_FTIE;
3174 		}
3175 
3176 		anonce = ftie->anonce;
3177 		snonce = ftie->snonce;
3178 		fte_elem_count = ftie->mic_control[1];
3179 		fte_mic = ftie->mic;
3180 	}
3181 
3182 	if (os_memcmp(snonce, sm->SNonce, WPA_NONCE_LEN) != 0) {
3183 		wpa_printf(MSG_DEBUG, "FT: SNonce mismatch in FTIE");
3184 		wpa_hexdump(MSG_DEBUG, "FT: Received SNonce",
3185 			    snonce, WPA_NONCE_LEN);
3186 		wpa_hexdump(MSG_DEBUG, "FT: Expected SNonce",
3187 			    sm->SNonce, WPA_NONCE_LEN);
3188 		return WLAN_STATUS_INVALID_FTIE;
3189 	}
3190 
3191 	if (os_memcmp(anonce, sm->ANonce, WPA_NONCE_LEN) != 0) {
3192 		wpa_printf(MSG_DEBUG, "FT: ANonce mismatch in FTIE");
3193 		wpa_hexdump(MSG_DEBUG, "FT: Received ANonce",
3194 			    anonce, WPA_NONCE_LEN);
3195 		wpa_hexdump(MSG_DEBUG, "FT: Expected ANonce",
3196 			    sm->ANonce, WPA_NONCE_LEN);
3197 		return WLAN_STATUS_INVALID_FTIE;
3198 	}
3199 
3200 
3201 	if (parse.r0kh_id == NULL) {
3202 		wpa_printf(MSG_DEBUG, "FT: No R0KH-ID subelem in FTIE");
3203 		return WLAN_STATUS_INVALID_FTIE;
3204 	}
3205 
3206 	if (parse.r0kh_id_len != sm->r0kh_id_len ||
3207 	    os_memcmp_const(parse.r0kh_id, sm->r0kh_id, parse.r0kh_id_len) != 0)
3208 	{
3209 		wpa_printf(MSG_DEBUG, "FT: R0KH-ID in FTIE did not match with "
3210 			   "the current R0KH-ID");
3211 		wpa_hexdump(MSG_DEBUG, "FT: R0KH-ID in FTIE",
3212 			    parse.r0kh_id, parse.r0kh_id_len);
3213 		wpa_hexdump(MSG_DEBUG, "FT: The current R0KH-ID",
3214 			    sm->r0kh_id, sm->r0kh_id_len);
3215 		return WLAN_STATUS_INVALID_FTIE;
3216 	}
3217 
3218 	if (parse.r1kh_id == NULL) {
3219 		wpa_printf(MSG_DEBUG, "FT: No R1KH-ID subelem in FTIE");
3220 		return WLAN_STATUS_INVALID_FTIE;
3221 	}
3222 
3223 	if (os_memcmp_const(parse.r1kh_id, sm->wpa_auth->conf.r1_key_holder,
3224 			    FT_R1KH_ID_LEN) != 0) {
3225 		wpa_printf(MSG_DEBUG, "FT: Unknown R1KH-ID used in "
3226 			   "ReassocReq");
3227 		wpa_hexdump(MSG_DEBUG, "FT: R1KH-ID in FTIE",
3228 			    parse.r1kh_id, FT_R1KH_ID_LEN);
3229 		wpa_hexdump(MSG_DEBUG, "FT: Expected R1KH-ID",
3230 			    sm->wpa_auth->conf.r1_key_holder, FT_R1KH_ID_LEN);
3231 		return WLAN_STATUS_INVALID_FTIE;
3232 	}
3233 
3234 	if (parse.rsn_pmkid == NULL ||
3235 	    os_memcmp_const(parse.rsn_pmkid, sm->pmk_r1_name, WPA_PMK_NAME_LEN))
3236 	{
3237 		wpa_printf(MSG_DEBUG, "FT: No matching PMKR1Name (PMKID) in "
3238 			   "RSNIE (pmkid=%d)", !!parse.rsn_pmkid);
3239 		return WLAN_STATUS_INVALID_PMKID;
3240 	}
3241 
3242 	count = 3;
3243 	if (parse.ric)
3244 		count += ieee802_11_ie_count(parse.ric, parse.ric_len);
3245 	if (fte_elem_count != count) {
3246 		wpa_printf(MSG_DEBUG, "FT: Unexpected IE count in MIC "
3247 			   "Control: received %u expected %u",
3248 			   fte_elem_count, count);
3249 		return WLAN_STATUS_UNSPECIFIED_FAILURE;
3250 	}
3251 
3252 	if (wpa_key_mgmt_fils(sm->wpa_key_mgmt)) {
3253 		kck = sm->PTK.kck2;
3254 		kck_len = sm->PTK.kck2_len;
3255 	} else {
3256 		kck = sm->PTK.kck;
3257 		kck_len = sm->PTK.kck_len;
3258 	}
3259 	if (wpa_ft_mic(kck, kck_len, sm->addr, sm->wpa_auth->addr, 5,
3260 		       parse.mdie - 2, parse.mdie_len + 2,
3261 		       parse.ftie - 2, parse.ftie_len + 2,
3262 		       parse.rsn - 2, parse.rsn_len + 2,
3263 		       parse.ric, parse.ric_len,
3264 		       mic) < 0) {
3265 		wpa_printf(MSG_DEBUG, "FT: Failed to calculate MIC");
3266 		return WLAN_STATUS_UNSPECIFIED_FAILURE;
3267 	}
3268 
3269 	if (os_memcmp_const(mic, fte_mic, mic_len) != 0) {
3270 		wpa_printf(MSG_DEBUG, "FT: Invalid MIC in FTIE");
3271 		wpa_printf(MSG_DEBUG, "FT: addr=" MACSTR " auth_addr=" MACSTR,
3272 			   MAC2STR(sm->addr), MAC2STR(sm->wpa_auth->addr));
3273 		wpa_hexdump(MSG_MSGDUMP, "FT: Received MIC",
3274 			    fte_mic, mic_len);
3275 		wpa_hexdump(MSG_MSGDUMP, "FT: Calculated MIC", mic, mic_len);
3276 		wpa_hexdump(MSG_MSGDUMP, "FT: MDIE",
3277 			    parse.mdie - 2, parse.mdie_len + 2);
3278 		wpa_hexdump(MSG_MSGDUMP, "FT: FTIE",
3279 			    parse.ftie - 2, parse.ftie_len + 2);
3280 		wpa_hexdump(MSG_MSGDUMP, "FT: RSN",
3281 			    parse.rsn - 2, parse.rsn_len + 2);
3282 		return WLAN_STATUS_INVALID_FTIE;
3283 	}
3284 
3285 #ifdef CONFIG_OCV
3286 	if (wpa_auth_uses_ocv(sm)) {
3287 		struct wpa_channel_info ci;
3288 		int tx_chanwidth;
3289 		int tx_seg1_idx;
3290 
3291 		if (wpa_channel_info(sm->wpa_auth, &ci) != 0) {
3292 			wpa_printf(MSG_WARNING,
3293 				   "Failed to get channel info to validate received OCI in (Re)Assoc Request");
3294 			return WLAN_STATUS_UNSPECIFIED_FAILURE;
3295 		}
3296 
3297 		if (get_sta_tx_parameters(sm,
3298 					  channel_width_to_int(ci.chanwidth),
3299 					  ci.seg1_idx, &tx_chanwidth,
3300 					  &tx_seg1_idx) < 0)
3301 			return WLAN_STATUS_UNSPECIFIED_FAILURE;
3302 
3303 		if (ocv_verify_tx_params(parse.oci, parse.oci_len, &ci,
3304 					 tx_chanwidth, tx_seg1_idx) != 0) {
3305 			wpa_printf(MSG_WARNING, "%s", ocv_errorstr);
3306 			return WLAN_STATUS_UNSPECIFIED_FAILURE;
3307 		}
3308 	}
3309 #endif /* CONFIG_OCV */
3310 
3311 	return WLAN_STATUS_SUCCESS;
3312 }
3313 
3314 
3315 int wpa_ft_action_rx(struct wpa_state_machine *sm, const u8 *data, size_t len)
3316 {
3317 	const u8 *sta_addr, *target_ap;
3318 	const u8 *ies;
3319 	size_t ies_len;
3320 	u8 action;
3321 	struct ft_rrb_frame *frame;
3322 
3323 	if (sm == NULL)
3324 		return -1;
3325 
3326 	/*
3327 	 * data: Category[1] Action[1] STA_Address[6] Target_AP_Address[6]
3328 	 * FT Request action frame body[variable]
3329 	 */
3330 
3331 	if (len < 14) {
3332 		wpa_printf(MSG_DEBUG, "FT: Too short FT Action frame "
3333 			   "(len=%lu)", (unsigned long) len);
3334 		return -1;
3335 	}
3336 
3337 	action = data[1];
3338 	sta_addr = data + 2;
3339 	target_ap = data + 8;
3340 	ies = data + 14;
3341 	ies_len = len - 14;
3342 
3343 	wpa_printf(MSG_DEBUG, "FT: Received FT Action frame (STA=" MACSTR
3344 		   " Target AP=" MACSTR " Action=%d)",
3345 		   MAC2STR(sta_addr), MAC2STR(target_ap), action);
3346 
3347 	if (os_memcmp(sta_addr, sm->addr, ETH_ALEN) != 0) {
3348 		wpa_printf(MSG_DEBUG, "FT: Mismatch in FT Action STA address: "
3349 			   "STA=" MACSTR " STA-Address=" MACSTR,
3350 			   MAC2STR(sm->addr), MAC2STR(sta_addr));
3351 		return -1;
3352 	}
3353 
3354 	/*
3355 	 * Do some sanity checking on the target AP address (not own and not
3356 	 * broadcast. This could be extended to filter based on a list of known
3357 	 * APs in the MD (if such a list were configured).
3358 	 */
3359 	if ((target_ap[0] & 0x01) ||
3360 	    os_memcmp(target_ap, sm->wpa_auth->addr, ETH_ALEN) == 0) {
3361 		wpa_printf(MSG_DEBUG, "FT: Invalid Target AP in FT Action "
3362 			   "frame");
3363 		return -1;
3364 	}
3365 
3366 	wpa_hexdump(MSG_MSGDUMP, "FT: Action frame body", ies, ies_len);
3367 
3368 	if (!sm->wpa_auth->conf.ft_over_ds) {
3369 		wpa_printf(MSG_DEBUG, "FT: Over-DS option disabled - reject");
3370 		return -1;
3371 	}
3372 
3373 	/* RRB - Forward action frame to the target AP */
3374 	frame = os_malloc(sizeof(*frame) + len);
3375 	if (frame == NULL)
3376 		return -1;
3377 	frame->frame_type = RSN_REMOTE_FRAME_TYPE_FT_RRB;
3378 	frame->packet_type = FT_PACKET_REQUEST;
3379 	frame->action_length = host_to_le16(len);
3380 	os_memcpy(frame->ap_address, sm->wpa_auth->addr, ETH_ALEN);
3381 	os_memcpy(frame + 1, data, len);
3382 
3383 	wpa_ft_rrb_send(sm->wpa_auth, target_ap, (u8 *) frame,
3384 			sizeof(*frame) + len);
3385 	os_free(frame);
3386 
3387 	return 0;
3388 }
3389 
3390 
3391 static void wpa_ft_rrb_rx_request_cb(void *ctx, const u8 *dst, const u8 *bssid,
3392 				     u16 auth_transaction, u16 resp,
3393 				     const u8 *ies, size_t ies_len)
3394 {
3395 	struct wpa_state_machine *sm = ctx;
3396 	wpa_printf(MSG_DEBUG, "FT: Over-the-DS RX request cb for " MACSTR,
3397 		   MAC2STR(sm->addr));
3398 	wpa_ft_send_rrb_auth_resp(sm, sm->ft_pending_current_ap, sm->addr,
3399 				  WLAN_STATUS_SUCCESS, ies, ies_len);
3400 }
3401 
3402 
3403 static int wpa_ft_rrb_rx_request(struct wpa_authenticator *wpa_auth,
3404 				 const u8 *current_ap, const u8 *sta_addr,
3405 				 const u8 *body, size_t len)
3406 {
3407 	struct wpa_state_machine *sm;
3408 	u16 status;
3409 	u8 *resp_ies;
3410 	size_t resp_ies_len;
3411 	int res;
3412 
3413 	sm = wpa_ft_add_sta(wpa_auth, sta_addr);
3414 	if (sm == NULL) {
3415 		wpa_printf(MSG_DEBUG, "FT: Failed to add new STA based on "
3416 			   "RRB Request");
3417 		return -1;
3418 	}
3419 
3420 	wpa_hexdump(MSG_MSGDUMP, "FT: RRB Request Frame body", body, len);
3421 
3422 	sm->ft_pending_cb = wpa_ft_rrb_rx_request_cb;
3423 	sm->ft_pending_cb_ctx = sm;
3424 	os_memcpy(sm->ft_pending_current_ap, current_ap, ETH_ALEN);
3425 	sm->ft_pending_pull_left_retries = sm->wpa_auth->conf.rkh_pull_retries;
3426 	res = wpa_ft_process_auth_req(sm, body, len, &resp_ies,
3427 				      &resp_ies_len);
3428 	if (res < 0) {
3429 		wpa_printf(MSG_DEBUG, "FT: No immediate response available - wait for pull response");
3430 		return 0;
3431 	}
3432 	status = res;
3433 
3434 	res = wpa_ft_send_rrb_auth_resp(sm, current_ap, sta_addr, status,
3435 					resp_ies, resp_ies_len);
3436 	os_free(resp_ies);
3437 	return res;
3438 }
3439 
3440 
3441 static int wpa_ft_send_rrb_auth_resp(struct wpa_state_machine *sm,
3442 				     const u8 *current_ap, const u8 *sta_addr,
3443 				     u16 status, const u8 *resp_ies,
3444 				     size_t resp_ies_len)
3445 {
3446 	struct wpa_authenticator *wpa_auth = sm->wpa_auth;
3447 	size_t rlen;
3448 	struct ft_rrb_frame *frame;
3449 	u8 *pos;
3450 
3451 	wpa_printf(MSG_DEBUG, "FT: RRB authentication response: STA=" MACSTR
3452 		   " CurrentAP=" MACSTR " status=%d",
3453 		   MAC2STR(sm->addr), MAC2STR(current_ap), status);
3454 	wpa_hexdump(MSG_DEBUG, "FT: Response IEs", resp_ies, resp_ies_len);
3455 
3456 	/* RRB - Forward action frame response to the Current AP */
3457 
3458 	/*
3459 	 * data: Category[1] Action[1] STA_Address[6] Target_AP_Address[6]
3460 	 * Status_Code[2] FT Request action frame body[variable]
3461 	 */
3462 	rlen = 2 + 2 * ETH_ALEN + 2 + resp_ies_len;
3463 
3464 	frame = os_malloc(sizeof(*frame) + rlen);
3465 	if (frame == NULL)
3466 		return -1;
3467 	frame->frame_type = RSN_REMOTE_FRAME_TYPE_FT_RRB;
3468 	frame->packet_type = FT_PACKET_RESPONSE;
3469 	frame->action_length = host_to_le16(rlen);
3470 	os_memcpy(frame->ap_address, wpa_auth->addr, ETH_ALEN);
3471 	pos = (u8 *) (frame + 1);
3472 	*pos++ = WLAN_ACTION_FT;
3473 	*pos++ = 2; /* Action: Response */
3474 	os_memcpy(pos, sta_addr, ETH_ALEN);
3475 	pos += ETH_ALEN;
3476 	os_memcpy(pos, wpa_auth->addr, ETH_ALEN);
3477 	pos += ETH_ALEN;
3478 	WPA_PUT_LE16(pos, status);
3479 	pos += 2;
3480 	if (resp_ies)
3481 		os_memcpy(pos, resp_ies, resp_ies_len);
3482 
3483 	wpa_ft_rrb_send(wpa_auth, current_ap, (u8 *) frame,
3484 			sizeof(*frame) + rlen);
3485 	os_free(frame);
3486 
3487 	return 0;
3488 }
3489 
3490 
3491 static int wpa_ft_rrb_build_r0(const u8 *key, const size_t key_len,
3492 			       const struct tlv_list *tlvs,
3493 			       const struct wpa_ft_pmk_r0_sa *pmk_r0,
3494 			       const u8 *r1kh_id, const u8 *s1kh_id,
3495 			       const struct tlv_list *tlv_auth,
3496 			       const u8 *src_addr, u8 type,
3497 			       u8 **packet, size_t *packet_len)
3498 {
3499 	u8 pmk_r1[PMK_LEN_MAX];
3500 	size_t pmk_r1_len = pmk_r0->pmk_r0_len;
3501 	u8 pmk_r1_name[WPA_PMK_NAME_LEN];
3502 	u8 f_pairwise[sizeof(le16)];
3503 	u8 f_expires_in[sizeof(le16)];
3504 	u8 f_session_timeout[sizeof(le32)];
3505 	int expires_in;
3506 	int session_timeout;
3507 	struct os_reltime now;
3508 	int ret;
3509 	struct tlv_list sess_tlv[] = {
3510 		{ .type = FT_RRB_PMK_R1, .len = pmk_r1_len,
3511 		  .data = pmk_r1 },
3512 		{ .type = FT_RRB_PMK_R1_NAME, .len = sizeof(pmk_r1_name),
3513 		  .data = pmk_r1_name },
3514 		{ .type = FT_RRB_PAIRWISE, .len = sizeof(f_pairwise),
3515 		  .data = f_pairwise },
3516 		{ .type = FT_RRB_EXPIRES_IN, .len = sizeof(f_expires_in),
3517 		  .data = f_expires_in },
3518 		{ .type = FT_RRB_IDENTITY, .len = pmk_r0->identity_len,
3519 		  .data = pmk_r0->identity },
3520 		{ .type = FT_RRB_RADIUS_CUI, .len = pmk_r0->radius_cui_len,
3521 		  .data = pmk_r0->radius_cui },
3522 		{ .type = FT_RRB_SESSION_TIMEOUT,
3523 		  .len = sizeof(f_session_timeout),
3524 		  .data = f_session_timeout },
3525 		{ .type = FT_RRB_LAST_EMPTY, .len = 0, .data = NULL },
3526 	};
3527 
3528 	if (wpa_derive_pmk_r1(pmk_r0->pmk_r0, pmk_r0->pmk_r0_len,
3529 			      pmk_r0->pmk_r0_name, r1kh_id,
3530 			      s1kh_id, pmk_r1, pmk_r1_name) < 0)
3531 		return -1;
3532 	wpa_hexdump_key(MSG_DEBUG, "FT: PMK-R1 (for peer AP)",
3533 			pmk_r1, pmk_r1_len);
3534 	wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name (for peer AP)",
3535 		    pmk_r1_name, WPA_PMK_NAME_LEN);
3536 	WPA_PUT_LE16(f_pairwise, pmk_r0->pairwise);
3537 
3538 	os_get_reltime(&now);
3539 	if (pmk_r0->expiration > now.sec)
3540 		expires_in = pmk_r0->expiration - now.sec;
3541 	else if (pmk_r0->expiration)
3542 		expires_in = 1;
3543 	else
3544 		expires_in = 0;
3545 	WPA_PUT_LE16(f_expires_in, expires_in);
3546 
3547 	if (pmk_r0->session_timeout > now.sec)
3548 		session_timeout = pmk_r0->session_timeout - now.sec;
3549 	else if (pmk_r0->session_timeout)
3550 		session_timeout = 1;
3551 	else
3552 		session_timeout = 0;
3553 	WPA_PUT_LE32(f_session_timeout, session_timeout);
3554 
3555 	ret = wpa_ft_rrb_build(key, key_len, tlvs, sess_tlv, tlv_auth,
3556 			       pmk_r0->vlan, src_addr, type,
3557 			       packet, packet_len);
3558 
3559 	os_memset(pmk_r1, 0, sizeof(pmk_r1));
3560 
3561 	return ret;
3562 }
3563 
3564 
3565 static int wpa_ft_rrb_rx_pull(struct wpa_authenticator *wpa_auth,
3566 			      const u8 *src_addr,
3567 			      const u8 *enc, size_t enc_len,
3568 			      const u8 *auth, size_t auth_len,
3569 			      int no_defer)
3570 {
3571 	const char *msgtype = "pull request";
3572 	u8 *plain = NULL, *packet = NULL;
3573 	size_t plain_len = 0, packet_len = 0;
3574 	struct ft_remote_r1kh *r1kh, *r1kh_wildcard;
3575 	const u8 *key;
3576 	size_t key_len;
3577 	int seq_ret;
3578 	const u8 *f_nonce, *f_r0kh_id, *f_r1kh_id, *f_s1kh_id, *f_pmk_r0_name;
3579 	size_t f_nonce_len, f_r0kh_id_len, f_r1kh_id_len, f_s1kh_id_len;
3580 	size_t f_pmk_r0_name_len;
3581 	const struct wpa_ft_pmk_r0_sa *r0;
3582 	int ret;
3583 	struct tlv_list resp[2];
3584 	struct tlv_list resp_auth[5];
3585 	struct ft_rrb_seq f_seq;
3586 
3587 	wpa_printf(MSG_DEBUG, "FT: Received PMK-R1 pull");
3588 
3589 	RRB_GET_AUTH(FT_RRB_R0KH_ID, r0kh_id, msgtype, -1);
3590 	wpa_hexdump(MSG_DEBUG, "FT: R0KH-ID", f_r0kh_id, f_r0kh_id_len);
3591 
3592 	if (wpa_ft_rrb_check_r0kh(wpa_auth, f_r0kh_id, f_r0kh_id_len)) {
3593 		wpa_printf(MSG_DEBUG, "FT: R0KH-ID mismatch");
3594 		goto out;
3595 	}
3596 
3597 	RRB_GET_AUTH(FT_RRB_R1KH_ID, r1kh_id, msgtype, FT_R1KH_ID_LEN);
3598 	wpa_printf(MSG_DEBUG, "FT: R1KH-ID=" MACSTR, MAC2STR(f_r1kh_id));
3599 
3600 	wpa_ft_rrb_lookup_r1kh(wpa_auth, f_r1kh_id, &r1kh, &r1kh_wildcard);
3601 	if (r1kh) {
3602 		key = r1kh->key;
3603 		key_len = sizeof(r1kh->key);
3604 	} else if (r1kh_wildcard) {
3605 		wpa_printf(MSG_DEBUG, "FT: Using wildcard R1KH-ID");
3606 		key = r1kh_wildcard->key;
3607 		key_len = sizeof(r1kh_wildcard->key);
3608 	} else {
3609 		goto out;
3610 	}
3611 
3612 	RRB_GET_AUTH(FT_RRB_NONCE, nonce, "pull request", FT_RRB_NONCE_LEN);
3613 	wpa_hexdump(MSG_DEBUG, "FT: nonce", f_nonce, f_nonce_len);
3614 
3615 	seq_ret = FT_RRB_SEQ_DROP;
3616 	if (r1kh)
3617 		seq_ret = wpa_ft_rrb_seq_chk(r1kh->seq, src_addr, enc, enc_len,
3618 					     auth, auth_len, msgtype, no_defer);
3619 	if (!no_defer && r1kh_wildcard &&
3620 	    (!r1kh || os_memcmp(r1kh->addr, src_addr, ETH_ALEN) != 0)) {
3621 		/* wildcard: r1kh-id unknown or changed addr -> do a seq req */
3622 		seq_ret = FT_RRB_SEQ_DEFER;
3623 	}
3624 
3625 	if (seq_ret == FT_RRB_SEQ_DROP)
3626 		goto out;
3627 
3628 	if (wpa_ft_rrb_decrypt(key, key_len, enc, enc_len, auth, auth_len,
3629 			       src_addr, FT_PACKET_R0KH_R1KH_PULL,
3630 			       &plain, &plain_len) < 0)
3631 		goto out;
3632 
3633 	if (!r1kh)
3634 		r1kh = wpa_ft_rrb_add_r1kh(wpa_auth, r1kh_wildcard, src_addr,
3635 					   f_r1kh_id,
3636 					   wpa_auth->conf.rkh_pos_timeout);
3637 	if (!r1kh)
3638 		goto out;
3639 
3640 	if (seq_ret == FT_RRB_SEQ_DEFER) {
3641 		wpa_ft_rrb_seq_req(wpa_auth, r1kh->seq, src_addr, f_r0kh_id,
3642 				   f_r0kh_id_len, f_r1kh_id, key, key_len,
3643 				   enc, enc_len, auth, auth_len,
3644 				   &wpa_ft_rrb_rx_pull);
3645 		goto out;
3646 	}
3647 
3648 	wpa_ft_rrb_seq_accept(wpa_auth, r1kh->seq, src_addr, auth, auth_len,
3649 			      msgtype);
3650 	wpa_ft_rrb_r1kh_replenish(wpa_auth, r1kh,
3651 				  wpa_auth->conf.rkh_pos_timeout);
3652 
3653 	RRB_GET(FT_RRB_PMK_R0_NAME, pmk_r0_name, msgtype, WPA_PMK_NAME_LEN);
3654 	wpa_hexdump(MSG_DEBUG, "FT: PMKR0Name", f_pmk_r0_name,
3655 		    f_pmk_r0_name_len);
3656 
3657 	RRB_GET(FT_RRB_S1KH_ID, s1kh_id, msgtype, ETH_ALEN);
3658 	wpa_printf(MSG_DEBUG, "FT: S1KH-ID=" MACSTR, MAC2STR(f_s1kh_id));
3659 
3660 	if (wpa_ft_new_seq(r1kh->seq, &f_seq) < 0) {
3661 		wpa_printf(MSG_DEBUG, "FT: Failed to get seq num");
3662 		goto out;
3663 	}
3664 
3665 	resp[0].type = FT_RRB_S1KH_ID;
3666 	resp[0].len = f_s1kh_id_len;
3667 	resp[0].data = f_s1kh_id;
3668 	resp[1].type = FT_RRB_LAST_EMPTY;
3669 	resp[1].len = 0;
3670 	resp[1].data = NULL;
3671 
3672 	resp_auth[0].type = FT_RRB_NONCE;
3673 	resp_auth[0].len = f_nonce_len;
3674 	resp_auth[0].data = f_nonce;
3675 	resp_auth[1].type = FT_RRB_SEQ;
3676 	resp_auth[1].len = sizeof(f_seq);
3677 	resp_auth[1].data = (u8 *) &f_seq;
3678 	resp_auth[2].type = FT_RRB_R0KH_ID;
3679 	resp_auth[2].len = f_r0kh_id_len;
3680 	resp_auth[2].data = f_r0kh_id;
3681 	resp_auth[3].type = FT_RRB_R1KH_ID;
3682 	resp_auth[3].len = f_r1kh_id_len;
3683 	resp_auth[3].data = f_r1kh_id;
3684 	resp_auth[4].type = FT_RRB_LAST_EMPTY;
3685 	resp_auth[4].len = 0;
3686 	resp_auth[4].data = NULL;
3687 
3688 	if (wpa_ft_fetch_pmk_r0(wpa_auth, f_s1kh_id, f_pmk_r0_name, &r0) < 0) {
3689 		wpa_printf(MSG_DEBUG, "FT: No matching PMK-R0-Name found");
3690 		ret = wpa_ft_rrb_build(key, key_len, resp, NULL, resp_auth,
3691 				       NULL, wpa_auth->addr,
3692 				       FT_PACKET_R0KH_R1KH_RESP,
3693 				       &packet, &packet_len);
3694 	} else {
3695 		ret = wpa_ft_rrb_build_r0(key, key_len, resp, r0, f_r1kh_id,
3696 					  f_s1kh_id, resp_auth, wpa_auth->addr,
3697 					  FT_PACKET_R0KH_R1KH_RESP,
3698 					  &packet, &packet_len);
3699 	}
3700 
3701 	if (!ret)
3702 		wpa_ft_rrb_oui_send(wpa_auth, src_addr,
3703 				    FT_PACKET_R0KH_R1KH_RESP, packet,
3704 				    packet_len);
3705 
3706 out:
3707 	os_free(plain);
3708 	os_free(packet);
3709 
3710 	return 0;
3711 }
3712 
3713 
3714 /* @returns  0 on success
3715  *          -1 on error
3716  *          -2 if FR_RRB_PAIRWISE is missing
3717  */
3718 static int wpa_ft_rrb_rx_r1(struct wpa_authenticator *wpa_auth,
3719 			    const u8 *src_addr, u8 type,
3720 			    const u8 *enc, size_t enc_len,
3721 			    const u8 *auth, size_t auth_len,
3722 			    const char *msgtype, u8 *s1kh_id_out,
3723 			    int (*cb)(struct wpa_authenticator *wpa_auth,
3724 				      const u8 *src_addr,
3725 				      const u8 *enc, size_t enc_len,
3726 				      const u8 *auth, size_t auth_len,
3727 				      int no_defer))
3728 {
3729 	u8 *plain = NULL;
3730 	size_t plain_len = 0;
3731 	struct ft_remote_r0kh *r0kh, *r0kh_wildcard;
3732 	const u8 *key;
3733 	size_t key_len;
3734 	int seq_ret;
3735 	const u8 *f_r1kh_id, *f_s1kh_id, *f_r0kh_id;
3736 	const u8 *f_pmk_r1_name, *f_pairwise, *f_pmk_r1;
3737 	const u8 *f_expires_in;
3738 	size_t f_r1kh_id_len, f_s1kh_id_len, f_r0kh_id_len;
3739 	const u8 *f_identity, *f_radius_cui;
3740 	const u8 *f_session_timeout;
3741 	size_t f_pmk_r1_name_len, f_pairwise_len, f_pmk_r1_len;
3742 	size_t f_expires_in_len;
3743 	size_t f_identity_len, f_radius_cui_len;
3744 	size_t f_session_timeout_len;
3745 	int pairwise;
3746 	int ret = -1;
3747 	int expires_in;
3748 	int session_timeout;
3749 	struct vlan_description vlan;
3750 	size_t pmk_r1_len;
3751 
3752 	RRB_GET_AUTH(FT_RRB_R0KH_ID, r0kh_id, msgtype, -1);
3753 	wpa_hexdump(MSG_DEBUG, "FT: R0KH-ID", f_r0kh_id, f_r0kh_id_len);
3754 
3755 	RRB_GET_AUTH(FT_RRB_R1KH_ID, r1kh_id, msgtype, FT_R1KH_ID_LEN);
3756 	wpa_printf(MSG_DEBUG, "FT: R1KH-ID=" MACSTR, MAC2STR(f_r1kh_id));
3757 
3758 	if (wpa_ft_rrb_check_r1kh(wpa_auth, f_r1kh_id)) {
3759 		wpa_printf(MSG_DEBUG, "FT: R1KH-ID mismatch");
3760 		goto out;
3761 	}
3762 
3763 	wpa_ft_rrb_lookup_r0kh(wpa_auth, f_r0kh_id, f_r0kh_id_len, &r0kh,
3764 			       &r0kh_wildcard);
3765 	if (r0kh) {
3766 		key = r0kh->key;
3767 		key_len = sizeof(r0kh->key);
3768 	} else if (r0kh_wildcard) {
3769 		wpa_printf(MSG_DEBUG, "FT: Using wildcard R0KH-ID");
3770 		key = r0kh_wildcard->key;
3771 		key_len = sizeof(r0kh_wildcard->key);
3772 	} else {
3773 		goto out;
3774 	}
3775 
3776 	seq_ret = FT_RRB_SEQ_DROP;
3777 	if (r0kh) {
3778 		seq_ret = wpa_ft_rrb_seq_chk(r0kh->seq, src_addr, enc, enc_len,
3779 					     auth, auth_len, msgtype,
3780 					     cb ? 0 : 1);
3781 	}
3782 	if (cb && r0kh_wildcard &&
3783 	    (!r0kh || os_memcmp(r0kh->addr, src_addr, ETH_ALEN) != 0)) {
3784 		/* wildcard: r0kh-id unknown or changed addr -> do a seq req */
3785 		seq_ret = FT_RRB_SEQ_DEFER;
3786 	}
3787 
3788 	if (seq_ret == FT_RRB_SEQ_DROP)
3789 		goto out;
3790 
3791 	if (wpa_ft_rrb_decrypt(key, key_len, enc, enc_len, auth, auth_len,
3792 			       src_addr, type, &plain, &plain_len) < 0)
3793 		goto out;
3794 
3795 	if (!r0kh)
3796 		r0kh = wpa_ft_rrb_add_r0kh(wpa_auth, r0kh_wildcard, src_addr,
3797 					   f_r0kh_id, f_r0kh_id_len,
3798 					   wpa_auth->conf.rkh_pos_timeout);
3799 	if (!r0kh)
3800 		goto out;
3801 
3802 	if (seq_ret == FT_RRB_SEQ_DEFER) {
3803 		wpa_ft_rrb_seq_req(wpa_auth, r0kh->seq, src_addr, f_r0kh_id,
3804 				   f_r0kh_id_len, f_r1kh_id, key, key_len,
3805 				   enc, enc_len, auth, auth_len, cb);
3806 		goto out;
3807 	}
3808 
3809 	wpa_ft_rrb_seq_accept(wpa_auth, r0kh->seq, src_addr, auth, auth_len,
3810 			      msgtype);
3811 	wpa_ft_rrb_r0kh_replenish(wpa_auth, r0kh,
3812 				  wpa_auth->conf.rkh_pos_timeout);
3813 
3814 	RRB_GET(FT_RRB_S1KH_ID, s1kh_id, msgtype, ETH_ALEN);
3815 	wpa_printf(MSG_DEBUG, "FT: S1KH-ID=" MACSTR, MAC2STR(f_s1kh_id));
3816 
3817 	if (s1kh_id_out)
3818 		os_memcpy(s1kh_id_out, f_s1kh_id, ETH_ALEN);
3819 
3820 	ret = -2;
3821 	RRB_GET(FT_RRB_PAIRWISE, pairwise, msgtype, sizeof(le16));
3822 	wpa_hexdump(MSG_DEBUG, "FT: pairwise", f_pairwise, f_pairwise_len);
3823 
3824 	ret = -1;
3825 	RRB_GET(FT_RRB_PMK_R1_NAME, pmk_r1_name, msgtype, WPA_PMK_NAME_LEN);
3826 	wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name",
3827 		    f_pmk_r1_name, WPA_PMK_NAME_LEN);
3828 
3829 	pmk_r1_len = PMK_LEN;
3830 	if (wpa_ft_rrb_get_tlv(plain, plain_len, FT_RRB_PMK_R1, &f_pmk_r1_len,
3831 			       &f_pmk_r1) == 0 &&
3832 	    (f_pmk_r1_len == PMK_LEN || f_pmk_r1_len == SHA384_MAC_LEN))
3833 		pmk_r1_len = f_pmk_r1_len;
3834 	RRB_GET(FT_RRB_PMK_R1, pmk_r1, msgtype, pmk_r1_len);
3835 	wpa_hexdump_key(MSG_DEBUG, "FT: PMK-R1", f_pmk_r1, pmk_r1_len);
3836 
3837 	pairwise = WPA_GET_LE16(f_pairwise);
3838 
3839 	RRB_GET_OPTIONAL(FT_RRB_EXPIRES_IN, expires_in, msgtype,
3840 			 sizeof(le16));
3841 	if (f_expires_in)
3842 		expires_in = WPA_GET_LE16(f_expires_in);
3843 	else
3844 		expires_in = 0;
3845 
3846 	wpa_printf(MSG_DEBUG, "FT: PMK-R1 %s - expires_in=%d", msgtype,
3847 		   expires_in);
3848 
3849 	if (wpa_ft_rrb_get_tlv_vlan(plain, plain_len, &vlan) < 0) {
3850 		wpa_printf(MSG_DEBUG, "FT: Cannot parse vlan");
3851 		wpa_ft_rrb_dump(plain, plain_len);
3852 		goto out;
3853 	}
3854 
3855 	wpa_printf(MSG_DEBUG, "FT: vlan %d%s",
3856 		   le_to_host16(vlan.untagged), vlan.tagged[0] ? "+" : "");
3857 
3858 	RRB_GET_OPTIONAL(FT_RRB_IDENTITY, identity, msgtype, -1);
3859 	if (f_identity)
3860 		wpa_hexdump_ascii(MSG_DEBUG, "FT: Identity", f_identity,
3861 				  f_identity_len);
3862 
3863 	RRB_GET_OPTIONAL(FT_RRB_RADIUS_CUI, radius_cui, msgtype, -1);
3864 	if (f_radius_cui)
3865 		wpa_hexdump_ascii(MSG_DEBUG, "FT: CUI", f_radius_cui,
3866 				  f_radius_cui_len);
3867 
3868 	RRB_GET_OPTIONAL(FT_RRB_SESSION_TIMEOUT, session_timeout, msgtype,
3869 			 sizeof(le32));
3870 	if (f_session_timeout)
3871 		session_timeout = WPA_GET_LE32(f_session_timeout);
3872 	else
3873 		session_timeout = 0;
3874 	wpa_printf(MSG_DEBUG, "FT: session_timeout %d", session_timeout);
3875 
3876 	if (wpa_ft_store_pmk_r1(wpa_auth, f_s1kh_id, f_pmk_r1, pmk_r1_len,
3877 				f_pmk_r1_name,
3878 				pairwise, &vlan, expires_in, session_timeout,
3879 				f_identity, f_identity_len, f_radius_cui,
3880 				f_radius_cui_len) < 0)
3881 		goto out;
3882 
3883 	ret = 0;
3884 out:
3885 	if (plain) {
3886 		os_memset(plain, 0, plain_len);
3887 		os_free(plain);
3888 	}
3889 
3890 	return ret;
3891 
3892 }
3893 
3894 
3895 static void ft_finish_pull(struct wpa_state_machine *sm)
3896 {
3897 	int res;
3898 	u8 *resp_ies;
3899 	size_t resp_ies_len;
3900 	u16 status;
3901 
3902 	if (!sm->ft_pending_cb || !sm->ft_pending_req_ies)
3903 		return;
3904 
3905 	res = wpa_ft_process_auth_req(sm, wpabuf_head(sm->ft_pending_req_ies),
3906 				      wpabuf_len(sm->ft_pending_req_ies),
3907 				      &resp_ies, &resp_ies_len);
3908 	if (res < 0) {
3909 		/* this loop is broken by ft_pending_pull_left_retries */
3910 		wpa_printf(MSG_DEBUG,
3911 			   "FT: Callback postponed until response is available");
3912 		return;
3913 	}
3914 	wpabuf_free(sm->ft_pending_req_ies);
3915 	sm->ft_pending_req_ies = NULL;
3916 	status = res;
3917 	wpa_printf(MSG_DEBUG, "FT: Postponed auth callback result for " MACSTR
3918 		   " - status %u", MAC2STR(sm->addr), status);
3919 
3920 	sm->ft_pending_cb(sm->ft_pending_cb_ctx, sm->addr, sm->wpa_auth->addr,
3921 			  sm->ft_pending_auth_transaction + 1, status,
3922 			  resp_ies, resp_ies_len);
3923 	os_free(resp_ies);
3924 }
3925 
3926 
3927 struct ft_get_sta_ctx {
3928 	const u8 *nonce;
3929 	const u8 *s1kh_id;
3930 	struct wpa_state_machine *sm;
3931 };
3932 
3933 
3934 static int ft_get_sta_cb(struct wpa_state_machine *sm, void *ctx)
3935 {
3936 	struct ft_get_sta_ctx *info = ctx;
3937 
3938 	if ((info->s1kh_id &&
3939 	     os_memcmp(info->s1kh_id, sm->addr, ETH_ALEN) != 0) ||
3940 	    os_memcmp(info->nonce, sm->ft_pending_pull_nonce,
3941 		      FT_RRB_NONCE_LEN) != 0 ||
3942 	    sm->ft_pending_cb == NULL || sm->ft_pending_req_ies == NULL)
3943 		return 0;
3944 
3945 	info->sm = sm;
3946 
3947 	return 1;
3948 }
3949 
3950 
3951 static int wpa_ft_rrb_rx_resp(struct wpa_authenticator *wpa_auth,
3952 			      const u8 *src_addr,
3953 			      const u8 *enc, size_t enc_len,
3954 			      const u8 *auth, size_t auth_len,
3955 			      int no_defer)
3956 {
3957 	const char *msgtype = "pull response";
3958 	int nak, ret = -1;
3959 	struct ft_get_sta_ctx ctx;
3960 	u8 s1kh_id[ETH_ALEN];
3961 	const u8 *f_nonce;
3962 	size_t f_nonce_len;
3963 
3964 	wpa_printf(MSG_DEBUG, "FT: Received PMK-R1 pull response");
3965 
3966 	RRB_GET_AUTH(FT_RRB_NONCE, nonce, msgtype, FT_RRB_NONCE_LEN);
3967 	wpa_hexdump(MSG_DEBUG, "FT: nonce", f_nonce, f_nonce_len);
3968 
3969 	os_memset(&ctx, 0, sizeof(ctx));
3970 	ctx.nonce = f_nonce;
3971 	if (!wpa_auth_for_each_sta(wpa_auth, ft_get_sta_cb, &ctx)) {
3972 		/* nonce not found */
3973 		wpa_printf(MSG_DEBUG, "FT: Invalid nonce");
3974 		return -1;
3975 	}
3976 
3977 	ret = wpa_ft_rrb_rx_r1(wpa_auth, src_addr, FT_PACKET_R0KH_R1KH_RESP,
3978 			       enc, enc_len, auth, auth_len, msgtype, s1kh_id,
3979 			       no_defer ? NULL : &wpa_ft_rrb_rx_resp);
3980 	if (ret == -2) {
3981 		ret = 0;
3982 		nak = 1;
3983 	} else {
3984 		nak = 0;
3985 	}
3986 	if (ret < 0)
3987 		return -1;
3988 
3989 	ctx.s1kh_id = s1kh_id;
3990 	if (wpa_auth_for_each_sta(wpa_auth, ft_get_sta_cb, &ctx)) {
3991 		wpa_printf(MSG_DEBUG,
3992 			   "FT: Response to a pending pull request for " MACSTR,
3993 			   MAC2STR(ctx.sm->addr));
3994 		eloop_cancel_timeout(wpa_ft_expire_pull, ctx.sm, NULL);
3995 		if (nak)
3996 			ctx.sm->ft_pending_pull_left_retries = 0;
3997 		ft_finish_pull(ctx.sm);
3998 	}
3999 
4000 out:
4001 	return ret;
4002 }
4003 
4004 
4005 static int wpa_ft_rrb_rx_push(struct wpa_authenticator *wpa_auth,
4006 			      const u8 *src_addr,
4007 			      const u8 *enc, size_t enc_len,
4008 			      const u8 *auth, size_t auth_len, int no_defer)
4009 {
4010 	const char *msgtype = "push";
4011 
4012 	wpa_printf(MSG_DEBUG, "FT: Received PMK-R1 push");
4013 
4014 	if (wpa_ft_rrb_rx_r1(wpa_auth, src_addr, FT_PACKET_R0KH_R1KH_PUSH,
4015 			     enc, enc_len, auth, auth_len, msgtype, NULL,
4016 			     no_defer ? NULL : wpa_ft_rrb_rx_push) < 0)
4017 		return -1;
4018 
4019 	return 0;
4020 }
4021 
4022 
4023 static int wpa_ft_rrb_rx_seq(struct wpa_authenticator *wpa_auth,
4024 			     const u8 *src_addr, int type,
4025 			     const u8 *enc, size_t enc_len,
4026 			     const u8 *auth, size_t auth_len,
4027 			     struct ft_remote_seq **rkh_seq,
4028 			     u8 **key, size_t *key_len,
4029 			     struct ft_remote_r0kh **r0kh_out,
4030 			     struct ft_remote_r1kh **r1kh_out,
4031 			     struct ft_remote_r0kh **r0kh_wildcard_out,
4032 			     struct ft_remote_r1kh **r1kh_wildcard_out)
4033 {
4034 	struct ft_remote_r0kh *r0kh = NULL;
4035 	struct ft_remote_r1kh *r1kh = NULL;
4036 	const u8 *f_r0kh_id, *f_r1kh_id;
4037 	size_t f_r0kh_id_len, f_r1kh_id_len;
4038 	int to_r0kh, to_r1kh;
4039 	u8 *plain = NULL;
4040 	size_t plain_len = 0;
4041 	struct ft_remote_r0kh *r0kh_wildcard;
4042 	struct ft_remote_r1kh *r1kh_wildcard;
4043 
4044 	RRB_GET_AUTH(FT_RRB_R0KH_ID, r0kh_id, "seq", -1);
4045 	RRB_GET_AUTH(FT_RRB_R1KH_ID, r1kh_id, "seq", FT_R1KH_ID_LEN);
4046 
4047 	to_r0kh = !wpa_ft_rrb_check_r0kh(wpa_auth, f_r0kh_id, f_r0kh_id_len);
4048 	to_r1kh = !wpa_ft_rrb_check_r1kh(wpa_auth, f_r1kh_id);
4049 
4050 	if (to_r0kh && to_r1kh) {
4051 		wpa_printf(MSG_DEBUG, "FT: seq - local R0KH-ID and R1KH-ID");
4052 		goto out;
4053 	}
4054 
4055 	if (!to_r0kh && !to_r1kh) {
4056 		wpa_printf(MSG_DEBUG, "FT: seq - remote R0KH-ID and R1KH-ID");
4057 		goto out;
4058 	}
4059 
4060 	if (!to_r0kh) {
4061 		wpa_ft_rrb_lookup_r0kh(wpa_auth, f_r0kh_id, f_r0kh_id_len,
4062 				       &r0kh, &r0kh_wildcard);
4063 		if (!r0kh_wildcard &&
4064 		    (!r0kh || os_memcmp(r0kh->addr, src_addr, ETH_ALEN) != 0)) {
4065 			wpa_hexdump(MSG_DEBUG, "FT: Did not find R0KH-ID",
4066 				    f_r0kh_id, f_r0kh_id_len);
4067 			goto out;
4068 		}
4069 		if (r0kh) {
4070 			*key = r0kh->key;
4071 			*key_len = sizeof(r0kh->key);
4072 		} else {
4073 			*key = r0kh_wildcard->key;
4074 			*key_len = sizeof(r0kh_wildcard->key);
4075 		}
4076 	}
4077 
4078 	if (!to_r1kh) {
4079 		wpa_ft_rrb_lookup_r1kh(wpa_auth, f_r1kh_id, &r1kh,
4080 				       &r1kh_wildcard);
4081 		if (!r1kh_wildcard &&
4082 		    (!r1kh || os_memcmp(r1kh->addr, src_addr, ETH_ALEN) != 0)) {
4083 			wpa_hexdump(MSG_DEBUG, "FT: Did not find R1KH-ID",
4084 				    f_r1kh_id, FT_R1KH_ID_LEN);
4085 			goto out;
4086 		}
4087 		if (r1kh) {
4088 			*key = r1kh->key;
4089 			*key_len = sizeof(r1kh->key);
4090 		} else {
4091 			*key = r1kh_wildcard->key;
4092 			*key_len = sizeof(r1kh_wildcard->key);
4093 		}
4094 	}
4095 
4096 	if (wpa_ft_rrb_decrypt(*key, *key_len, enc, enc_len, auth, auth_len,
4097 			       src_addr, type, &plain, &plain_len) < 0)
4098 		goto out;
4099 
4100 	os_free(plain);
4101 
4102 	if (!to_r0kh) {
4103 		if (!r0kh)
4104 			r0kh = wpa_ft_rrb_add_r0kh(wpa_auth, r0kh_wildcard,
4105 						   src_addr, f_r0kh_id,
4106 						   f_r0kh_id_len,
4107 						   ftRRBseqTimeout);
4108 		if (!r0kh)
4109 			goto out;
4110 
4111 		wpa_ft_rrb_r0kh_replenish(wpa_auth, r0kh, ftRRBseqTimeout);
4112 		*rkh_seq = r0kh->seq;
4113 		if (r0kh_out)
4114 			*r0kh_out = r0kh;
4115 		if (r0kh_wildcard_out)
4116 			*r0kh_wildcard_out = r0kh_wildcard;
4117 	}
4118 
4119 	if (!to_r1kh) {
4120 		if (!r1kh)
4121 			r1kh = wpa_ft_rrb_add_r1kh(wpa_auth, r1kh_wildcard,
4122 						   src_addr, f_r1kh_id,
4123 						   ftRRBseqTimeout);
4124 		if (!r1kh)
4125 			goto out;
4126 
4127 		wpa_ft_rrb_r1kh_replenish(wpa_auth, r1kh, ftRRBseqTimeout);
4128 		*rkh_seq = r1kh->seq;
4129 		if (r1kh_out)
4130 			*r1kh_out = r1kh;
4131 		if (r1kh_wildcard_out)
4132 			*r1kh_wildcard_out = r1kh_wildcard;
4133 	}
4134 
4135 	return 0;
4136 out:
4137 	return -1;
4138 }
4139 
4140 
4141 static int wpa_ft_rrb_rx_seq_req(struct wpa_authenticator *wpa_auth,
4142 				 const u8 *src_addr,
4143 				 const u8 *enc, size_t enc_len,
4144 				 const u8 *auth, size_t auth_len,
4145 				 int no_defer)
4146 {
4147 	int ret = -1;
4148 	struct ft_rrb_seq f_seq;
4149 	const u8 *f_nonce, *f_r0kh_id, *f_r1kh_id;
4150 	size_t f_nonce_len, f_r0kh_id_len, f_r1kh_id_len;
4151 	struct ft_remote_seq *rkh_seq = NULL;
4152 	u8 *packet = NULL, *key = NULL;
4153 	size_t packet_len = 0, key_len = 0;
4154 	struct tlv_list seq_resp_auth[5];
4155 
4156 	wpa_printf(MSG_DEBUG, "FT: Received sequence number request");
4157 
4158 	if (wpa_ft_rrb_rx_seq(wpa_auth, src_addr, FT_PACKET_R0KH_R1KH_SEQ_REQ,
4159 			      enc, enc_len, auth, auth_len, &rkh_seq, &key,
4160 			      &key_len, NULL, NULL, NULL, NULL) < 0)
4161 		goto out;
4162 
4163 	RRB_GET_AUTH(FT_RRB_NONCE, nonce, "seq request", FT_RRB_NONCE_LEN);
4164 	wpa_hexdump(MSG_DEBUG, "FT: seq request - nonce", f_nonce, f_nonce_len);
4165 
4166 	RRB_GET_AUTH(FT_RRB_R0KH_ID, r0kh_id, "seq", -1);
4167 	RRB_GET_AUTH(FT_RRB_R1KH_ID, r1kh_id, "seq", FT_R1KH_ID_LEN);
4168 
4169 	if (wpa_ft_new_seq(rkh_seq, &f_seq) < 0) {
4170 		wpa_printf(MSG_DEBUG, "FT: Failed to get seq num");
4171 		goto out;
4172 	}
4173 
4174 	seq_resp_auth[0].type = FT_RRB_NONCE;
4175 	seq_resp_auth[0].len = f_nonce_len;
4176 	seq_resp_auth[0].data = f_nonce;
4177 	seq_resp_auth[1].type = FT_RRB_SEQ;
4178 	seq_resp_auth[1].len = sizeof(f_seq);
4179 	seq_resp_auth[1].data = (u8 *) &f_seq;
4180 	seq_resp_auth[2].type = FT_RRB_R0KH_ID;
4181 	seq_resp_auth[2].len = f_r0kh_id_len;
4182 	seq_resp_auth[2].data = f_r0kh_id;
4183 	seq_resp_auth[3].type = FT_RRB_R1KH_ID;
4184 	seq_resp_auth[3].len = FT_R1KH_ID_LEN;
4185 	seq_resp_auth[3].data = f_r1kh_id;
4186 	seq_resp_auth[4].type = FT_RRB_LAST_EMPTY;
4187 	seq_resp_auth[4].len = 0;
4188 	seq_resp_auth[4].data = NULL;
4189 
4190 	if (wpa_ft_rrb_build(key, key_len, NULL, NULL, seq_resp_auth, NULL,
4191 			     wpa_auth->addr, FT_PACKET_R0KH_R1KH_SEQ_RESP,
4192 			     &packet, &packet_len) < 0)
4193 		goto out;
4194 
4195 	wpa_ft_rrb_oui_send(wpa_auth, src_addr,
4196 			    FT_PACKET_R0KH_R1KH_SEQ_RESP, packet,
4197 			    packet_len);
4198 
4199 out:
4200 	os_free(packet);
4201 
4202 	return ret;
4203 }
4204 
4205 
4206 static int wpa_ft_rrb_rx_seq_resp(struct wpa_authenticator *wpa_auth,
4207 				  const u8 *src_addr,
4208 				  const u8 *enc, size_t enc_len,
4209 				  const u8 *auth, size_t auth_len,
4210 				  int no_defer)
4211 {
4212 	u8 *key = NULL;
4213 	size_t key_len = 0;
4214 	struct ft_remote_r0kh *r0kh = NULL, *r0kh_wildcard = NULL;
4215 	struct ft_remote_r1kh *r1kh = NULL, *r1kh_wildcard = NULL;
4216 	const u8 *f_nonce, *f_seq;
4217 	size_t f_nonce_len, f_seq_len;
4218 	struct ft_remote_seq *rkh_seq = NULL;
4219 	struct ft_remote_item *item;
4220 	struct os_reltime now, now_remote;
4221 	int seq_ret, found;
4222 	const struct ft_rrb_seq *msg_both;
4223 	u32 msg_dom, msg_seq;
4224 
4225 	wpa_printf(MSG_DEBUG, "FT: Received sequence number response");
4226 
4227 	if (wpa_ft_rrb_rx_seq(wpa_auth, src_addr, FT_PACKET_R0KH_R1KH_SEQ_RESP,
4228 			      enc, enc_len, auth, auth_len, &rkh_seq, &key,
4229 			      &key_len, &r0kh, &r1kh, &r0kh_wildcard,
4230 			      &r1kh_wildcard) < 0)
4231 		goto out;
4232 
4233 	RRB_GET_AUTH(FT_RRB_NONCE, nonce, "seq response", FT_RRB_NONCE_LEN);
4234 	wpa_hexdump(MSG_DEBUG, "FT: seq response - nonce", f_nonce,
4235 		    f_nonce_len);
4236 
4237 	found = 0;
4238 	dl_list_for_each(item, &rkh_seq->rx.queue, struct ft_remote_item,
4239 			 list) {
4240 		if (os_memcmp_const(f_nonce, item->nonce,
4241 				    FT_RRB_NONCE_LEN) != 0 ||
4242 		    os_get_reltime(&now) < 0 ||
4243 		    os_reltime_expired(&now, &item->nonce_ts, ftRRBseqTimeout))
4244 			continue;
4245 
4246 		found = 1;
4247 		break;
4248 	}
4249 	if (!found) {
4250 		wpa_printf(MSG_DEBUG, "FT: seq response - bad nonce");
4251 		goto out;
4252 	}
4253 
4254 	if (r0kh) {
4255 		wpa_ft_rrb_r0kh_replenish(wpa_auth, r0kh,
4256 					  wpa_auth->conf.rkh_pos_timeout);
4257 		if (r0kh_wildcard)
4258 			os_memcpy(r0kh->addr, src_addr, ETH_ALEN);
4259 	}
4260 
4261 	if (r1kh) {
4262 		wpa_ft_rrb_r1kh_replenish(wpa_auth, r1kh,
4263 					  wpa_auth->conf.rkh_pos_timeout);
4264 		if (r1kh_wildcard)
4265 			os_memcpy(r1kh->addr, src_addr, ETH_ALEN);
4266 	}
4267 
4268 	seq_ret = wpa_ft_rrb_seq_chk(rkh_seq, src_addr, enc, enc_len, auth,
4269 				     auth_len, "seq response", 1);
4270 	if (seq_ret == FT_RRB_SEQ_OK) {
4271 		wpa_printf(MSG_DEBUG, "FT: seq response - valid seq number");
4272 		wpa_ft_rrb_seq_accept(wpa_auth, rkh_seq, src_addr, auth,
4273 				      auth_len, "seq response");
4274 	} else {
4275 		wpa_printf(MSG_DEBUG, "FT: seq response - reset seq number");
4276 
4277 		RRB_GET_AUTH(FT_RRB_SEQ, seq, "seq response",
4278 			     sizeof(*msg_both));
4279 		msg_both = (const struct ft_rrb_seq *) f_seq;
4280 
4281 		msg_dom = le_to_host32(msg_both->dom);
4282 		msg_seq = le_to_host32(msg_both->seq);
4283 		now_remote.sec = le_to_host32(msg_both->ts);
4284 		now_remote.usec = 0;
4285 
4286 		rkh_seq->rx.num_last = 2;
4287 		rkh_seq->rx.dom = msg_dom;
4288 		rkh_seq->rx.offsetidx = 0;
4289 		/* Accept some older, possibly cached packets as well */
4290 		rkh_seq->rx.last[0] = msg_seq - FT_REMOTE_SEQ_BACKLOG -
4291 			dl_list_len(&rkh_seq->rx.queue);
4292 		rkh_seq->rx.last[1] = msg_seq;
4293 
4294 		/* local time - offset = remote time
4295 		 * <=> local time - remote time = offset */
4296 		os_reltime_sub(&now, &now_remote, &rkh_seq->rx.time_offset);
4297 	}
4298 
4299 	wpa_ft_rrb_seq_flush(wpa_auth, rkh_seq, 1);
4300 
4301 	return 0;
4302 out:
4303 	return -1;
4304 }
4305 
4306 
4307 int wpa_ft_rrb_rx(struct wpa_authenticator *wpa_auth, const u8 *src_addr,
4308 		  const u8 *data, size_t data_len)
4309 {
4310 	struct ft_rrb_frame *frame;
4311 	u16 alen;
4312 	const u8 *pos, *end, *start;
4313 	u8 action;
4314 	const u8 *sta_addr, *target_ap_addr;
4315 
4316 	wpa_printf(MSG_DEBUG, "FT: RRB received frame from remote AP " MACSTR,
4317 		   MAC2STR(src_addr));
4318 
4319 	if (data_len < sizeof(*frame)) {
4320 		wpa_printf(MSG_DEBUG, "FT: Too short RRB frame (data_len=%lu)",
4321 			   (unsigned long) data_len);
4322 		return -1;
4323 	}
4324 
4325 	pos = data;
4326 	frame = (struct ft_rrb_frame *) pos;
4327 	pos += sizeof(*frame);
4328 
4329 	alen = le_to_host16(frame->action_length);
4330 	wpa_printf(MSG_DEBUG, "FT: RRB frame - frame_type=%d packet_type=%d "
4331 		   "action_length=%d ap_address=" MACSTR,
4332 		   frame->frame_type, frame->packet_type, alen,
4333 		   MAC2STR(frame->ap_address));
4334 
4335 	if (frame->frame_type != RSN_REMOTE_FRAME_TYPE_FT_RRB) {
4336 		/* Discard frame per IEEE Std 802.11r-2008, 11A.10.3 */
4337 		wpa_printf(MSG_DEBUG, "FT: RRB discarded frame with "
4338 			   "unrecognized type %d", frame->frame_type);
4339 		return -1;
4340 	}
4341 
4342 	if (alen > data_len - sizeof(*frame)) {
4343 		wpa_printf(MSG_DEBUG, "FT: RRB frame too short for action "
4344 			   "frame");
4345 		return -1;
4346 	}
4347 
4348 	wpa_hexdump(MSG_MSGDUMP, "FT: RRB - FT Action frame", pos, alen);
4349 
4350 	if (alen < 1 + 1 + 2 * ETH_ALEN) {
4351 		wpa_printf(MSG_DEBUG, "FT: Too short RRB frame (not enough "
4352 			   "room for Action Frame body); alen=%lu",
4353 			   (unsigned long) alen);
4354 		return -1;
4355 	}
4356 	start = pos;
4357 	end = pos + alen;
4358 
4359 	if (*pos != WLAN_ACTION_FT) {
4360 		wpa_printf(MSG_DEBUG, "FT: Unexpected Action frame category "
4361 			   "%d", *pos);
4362 		return -1;
4363 	}
4364 
4365 	pos++;
4366 	action = *pos++;
4367 	sta_addr = pos;
4368 	pos += ETH_ALEN;
4369 	target_ap_addr = pos;
4370 	pos += ETH_ALEN;
4371 	wpa_printf(MSG_DEBUG, "FT: RRB Action Frame: action=%d sta_addr="
4372 		   MACSTR " target_ap_addr=" MACSTR,
4373 		   action, MAC2STR(sta_addr), MAC2STR(target_ap_addr));
4374 
4375 	if (frame->packet_type == FT_PACKET_REQUEST) {
4376 		wpa_printf(MSG_DEBUG, "FT: FT Packet Type - Request");
4377 
4378 		if (action != 1) {
4379 			wpa_printf(MSG_DEBUG, "FT: Unexpected Action %d in "
4380 				   "RRB Request", action);
4381 			return -1;
4382 		}
4383 
4384 		if (os_memcmp(target_ap_addr, wpa_auth->addr, ETH_ALEN) != 0) {
4385 			wpa_printf(MSG_DEBUG, "FT: Target AP address in the "
4386 				   "RRB Request does not match with own "
4387 				   "address");
4388 			return -1;
4389 		}
4390 
4391 		if (wpa_ft_rrb_rx_request(wpa_auth, frame->ap_address,
4392 					  sta_addr, pos, end - pos) < 0)
4393 			return -1;
4394 	} else if (frame->packet_type == FT_PACKET_RESPONSE) {
4395 		u16 status_code;
4396 
4397 		if (end - pos < 2) {
4398 			wpa_printf(MSG_DEBUG, "FT: Not enough room for status "
4399 				   "code in RRB Response");
4400 			return -1;
4401 		}
4402 		status_code = WPA_GET_LE16(pos);
4403 		pos += 2;
4404 
4405 		wpa_printf(MSG_DEBUG, "FT: FT Packet Type - Response "
4406 			   "(status_code=%d)", status_code);
4407 
4408 		if (wpa_ft_action_send(wpa_auth, sta_addr, start, alen) < 0)
4409 			return -1;
4410 	} else {
4411 		wpa_printf(MSG_DEBUG, "FT: RRB discarded frame with unknown "
4412 			   "packet_type %d", frame->packet_type);
4413 		return -1;
4414 	}
4415 
4416 	if (end > pos) {
4417 		wpa_hexdump(MSG_DEBUG, "FT: Ignore extra data in end",
4418 			    pos, end - pos);
4419 	}
4420 
4421 	return 0;
4422 }
4423 
4424 
4425 void wpa_ft_rrb_oui_rx(struct wpa_authenticator *wpa_auth, const u8 *src_addr,
4426 		       const u8 *dst_addr, u8 oui_suffix, const u8 *data,
4427 		       size_t data_len)
4428 {
4429 	const u8 *auth, *enc;
4430 	size_t alen, elen;
4431 	int no_defer = 0;
4432 
4433 	wpa_printf(MSG_DEBUG, "FT: RRB-OUI received frame from remote AP "
4434 		   MACSTR, MAC2STR(src_addr));
4435 	wpa_printf(MSG_DEBUG, "FT: RRB-OUI frame - oui_suffix=%d", oui_suffix);
4436 	wpa_hexdump(MSG_MSGDUMP, "FT: RRB frame payload", data, data_len);
4437 
4438 	if (is_multicast_ether_addr(src_addr)) {
4439 		wpa_printf(MSG_DEBUG,
4440 			   "FT: RRB-OUI received frame from multicast address "
4441 			   MACSTR, MAC2STR(src_addr));
4442 		return;
4443 	}
4444 
4445 	if (is_multicast_ether_addr(dst_addr)) {
4446 		wpa_printf(MSG_DEBUG,
4447 			   "FT: RRB-OUI received frame from remote AP " MACSTR
4448 			   " to multicast address " MACSTR,
4449 			   MAC2STR(src_addr), MAC2STR(dst_addr));
4450 		no_defer = 1;
4451 	}
4452 
4453 	if (data_len < sizeof(u16)) {
4454 		wpa_printf(MSG_DEBUG, "FT: RRB-OUI frame too short");
4455 		return;
4456 	}
4457 
4458 	alen = WPA_GET_LE16(data);
4459 	if (data_len < sizeof(u16) + alen) {
4460 		wpa_printf(MSG_DEBUG, "FT: RRB-OUI frame too short");
4461 		return;
4462 	}
4463 
4464 	auth = data + sizeof(u16);
4465 	wpa_hexdump(MSG_MSGDUMP, "FT: Authenticated payload", auth, alen);
4466 	enc = data + sizeof(u16) + alen;
4467 	elen = data_len - sizeof(u16) - alen;
4468 	wpa_hexdump(MSG_MSGDUMP, "FT: Encrypted payload", enc, elen);
4469 
4470 	switch (oui_suffix) {
4471 	case FT_PACKET_R0KH_R1KH_PULL:
4472 		wpa_ft_rrb_rx_pull(wpa_auth, src_addr, enc, elen, auth, alen,
4473 				   no_defer);
4474 		break;
4475 	case FT_PACKET_R0KH_R1KH_RESP:
4476 		wpa_ft_rrb_rx_resp(wpa_auth, src_addr, enc, elen, auth, alen,
4477 				   no_defer);
4478 		break;
4479 	case FT_PACKET_R0KH_R1KH_PUSH:
4480 		wpa_ft_rrb_rx_push(wpa_auth, src_addr, enc, elen, auth, alen,
4481 				   no_defer);
4482 		break;
4483 	case FT_PACKET_R0KH_R1KH_SEQ_REQ:
4484 		wpa_ft_rrb_rx_seq_req(wpa_auth, src_addr, enc, elen, auth, alen,
4485 				      no_defer);
4486 		break;
4487 	case FT_PACKET_R0KH_R1KH_SEQ_RESP:
4488 		wpa_ft_rrb_rx_seq_resp(wpa_auth, src_addr, enc, elen, auth,
4489 				       alen, no_defer);
4490 		break;
4491 	}
4492 }
4493 
4494 
4495 static int wpa_ft_generate_pmk_r1(struct wpa_authenticator *wpa_auth,
4496 				  struct wpa_ft_pmk_r0_sa *pmk_r0,
4497 				  struct ft_remote_r1kh *r1kh,
4498 				  const u8 *s1kh_id)
4499 {
4500 	u8 *packet;
4501 	size_t packet_len;
4502 	struct ft_rrb_seq f_seq;
4503 	struct tlv_list push[] = {
4504 		{ .type = FT_RRB_S1KH_ID, .len = ETH_ALEN,
4505 		  .data = s1kh_id },
4506 		{ .type = FT_RRB_PMK_R0_NAME, .len = WPA_PMK_NAME_LEN,
4507 		  .data = pmk_r0->pmk_r0_name },
4508 		{ .type = FT_RRB_LAST_EMPTY, .len = 0, .data = NULL },
4509 	};
4510 	struct tlv_list push_auth[] = {
4511 		{ .type = FT_RRB_SEQ, .len = sizeof(f_seq),
4512 		  .data = (u8 *) &f_seq },
4513 		{ .type = FT_RRB_R0KH_ID,
4514 		  .len = wpa_auth->conf.r0_key_holder_len,
4515 		  .data = wpa_auth->conf.r0_key_holder },
4516 		{ .type = FT_RRB_R1KH_ID, .len = FT_R1KH_ID_LEN,
4517 		  .data = r1kh->id },
4518 		{ .type = FT_RRB_LAST_EMPTY, .len = 0, .data = NULL },
4519 	};
4520 
4521 	if (wpa_ft_new_seq(r1kh->seq, &f_seq) < 0) {
4522 		wpa_printf(MSG_DEBUG, "FT: Failed to get seq num");
4523 		return -1;
4524 	}
4525 
4526 	if (wpa_ft_rrb_build_r0(r1kh->key, sizeof(r1kh->key), push, pmk_r0,
4527 				r1kh->id, s1kh_id, push_auth, wpa_auth->addr,
4528 				FT_PACKET_R0KH_R1KH_PUSH,
4529 				&packet, &packet_len) < 0)
4530 		return -1;
4531 
4532 	wpa_ft_rrb_oui_send(wpa_auth, r1kh->addr, FT_PACKET_R0KH_R1KH_PUSH,
4533 			    packet, packet_len);
4534 
4535 	os_free(packet);
4536 	return 0;
4537 }
4538 
4539 
4540 void wpa_ft_push_pmk_r1(struct wpa_authenticator *wpa_auth, const u8 *addr)
4541 {
4542 	struct wpa_ft_pmk_cache *cache = wpa_auth->ft_pmk_cache;
4543 	struct wpa_ft_pmk_r0_sa *r0, *r0found = NULL;
4544 	struct ft_remote_r1kh *r1kh;
4545 
4546 	if (!wpa_auth->conf.pmk_r1_push)
4547 		return;
4548 	if (!wpa_auth->conf.r1kh_list)
4549 		return;
4550 
4551 	dl_list_for_each(r0, &cache->pmk_r0, struct wpa_ft_pmk_r0_sa, list) {
4552 		if (os_memcmp(r0->spa, addr, ETH_ALEN) == 0) {
4553 			r0found = r0;
4554 			break;
4555 		}
4556 	}
4557 
4558 	r0 = r0found;
4559 	if (r0 == NULL || r0->pmk_r1_pushed)
4560 		return;
4561 	r0->pmk_r1_pushed = 1;
4562 
4563 	wpa_printf(MSG_DEBUG, "FT: Deriving and pushing PMK-R1 keys to R1KHs "
4564 		   "for STA " MACSTR, MAC2STR(addr));
4565 
4566 	for (r1kh = *wpa_auth->conf.r1kh_list; r1kh; r1kh = r1kh->next) {
4567 		if (is_zero_ether_addr(r1kh->addr) ||
4568 		    is_zero_ether_addr(r1kh->id))
4569 			continue;
4570 		if (wpa_ft_rrb_init_r1kh_seq(r1kh) < 0)
4571 			continue;
4572 		wpa_ft_generate_pmk_r1(wpa_auth, r0, r1kh, addr);
4573 	}
4574 }
4575 
4576 #endif /* CONFIG_IEEE80211R_AP */
4577