1 /* 2 * hostapd - IEEE 802.11r - Fast BSS Transition 3 * Copyright (c) 2004-2018, Jouni Malinen <j@w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9 #include "utils/includes.h" 10 11 #include "utils/common.h" 12 #include "utils/eloop.h" 13 #include "utils/list.h" 14 #include "common/ieee802_11_defs.h" 15 #include "common/ieee802_11_common.h" 16 #include "common/ocv.h" 17 #include "drivers/driver.h" 18 #include "crypto/aes.h" 19 #include "crypto/aes_siv.h" 20 #include "crypto/aes_wrap.h" 21 #include "crypto/sha384.h" 22 #include "crypto/random.h" 23 #include "ap_config.h" 24 #include "ieee802_11.h" 25 #include "wmm.h" 26 #include "wpa_auth.h" 27 #include "wpa_auth_i.h" 28 #include "pmksa_cache_auth.h" 29 30 31 #ifdef CONFIG_IEEE80211R_AP 32 33 const unsigned int ftRRBseqTimeout = 10; 34 const unsigned int ftRRBmaxQueueLen = 100; 35 36 37 static int wpa_ft_send_rrb_auth_resp(struct wpa_state_machine *sm, 38 const u8 *current_ap, const u8 *sta_addr, 39 u16 status, const u8 *resp_ies, 40 size_t resp_ies_len); 41 static void ft_finish_pull(struct wpa_state_machine *sm); 42 static void wpa_ft_expire_pull(void *eloop_ctx, void *timeout_ctx); 43 static void wpa_ft_rrb_seq_timeout(void *eloop_ctx, void *timeout_ctx); 44 45 struct tlv_list { 46 u16 type; 47 size_t len; 48 const u8 *data; 49 }; 50 51 52 /** 53 * wpa_ft_rrb_decrypt - Decrypt FT RRB message 54 * @key: AES-SIV key for AEAD 55 * @key_len: Length of key in octets 56 * @enc: Pointer to encrypted TLVs 57 * @enc_len: Length of encrypted TLVs in octets 58 * @auth: Pointer to authenticated TLVs 59 * @auth_len: Length of authenticated TLVs in octets 60 * @src_addr: MAC address of the frame sender 61 * @type: Vendor-specific subtype of the RRB frame (FT_PACKET_*) 62 * @plain: Pointer to return the pointer to the allocated plaintext buffer; 63 * needs to be freed by the caller if not NULL; 64 * will only be returned on success 65 * @plain_len: Pointer to return the length of the allocated plaintext buffer 66 * in octets 67 * Returns: 0 on success, -1 on error 68 */ 69 static int wpa_ft_rrb_decrypt(const u8 *key, const size_t key_len, 70 const u8 *enc, size_t enc_len, 71 const u8 *auth, const size_t auth_len, 72 const u8 *src_addr, u8 type, 73 u8 **plain, size_t *plain_size) 74 { 75 const u8 *ad[3] = { src_addr, auth, &type }; 76 size_t ad_len[3] = { ETH_ALEN, auth_len, sizeof(type) }; 77 78 wpa_printf(MSG_DEBUG, "FT(RRB): src_addr=" MACSTR " type=%u", 79 MAC2STR(src_addr), type); 80 wpa_hexdump_key(MSG_DEBUG, "FT(RRB): decrypt using key", key, key_len); 81 wpa_hexdump(MSG_DEBUG, "FT(RRB): encrypted TLVs", enc, enc_len); 82 wpa_hexdump(MSG_DEBUG, "FT(RRB): authenticated TLVs", auth, auth_len); 83 84 if (!key) { /* skip decryption */ 85 *plain = os_memdup(enc, enc_len); 86 if (enc_len > 0 && !*plain) 87 goto err; 88 89 *plain_size = enc_len; 90 91 return 0; 92 } 93 94 *plain = NULL; 95 96 /* SIV overhead */ 97 if (enc_len < AES_BLOCK_SIZE) 98 goto err; 99 100 *plain = os_zalloc(enc_len - AES_BLOCK_SIZE); 101 if (!*plain) 102 goto err; 103 104 if (aes_siv_decrypt(key, key_len, enc, enc_len, 3, ad, ad_len, 105 *plain) < 0) { 106 if (enc_len < AES_BLOCK_SIZE + 2) 107 goto err; 108 109 /* Try to work around Ethernet devices that add extra 110 * two octet padding even if the frame is longer than 111 * the minimum Ethernet frame. */ 112 enc_len -= 2; 113 if (aes_siv_decrypt(key, key_len, enc, enc_len, 3, ad, ad_len, 114 *plain) < 0) 115 goto err; 116 } 117 118 *plain_size = enc_len - AES_BLOCK_SIZE; 119 wpa_hexdump_key(MSG_DEBUG, "FT(RRB): decrypted TLVs", 120 *plain, *plain_size); 121 return 0; 122 err: 123 os_free(*plain); 124 *plain = NULL; 125 *plain_size = 0; 126 127 wpa_printf(MSG_ERROR, "FT(RRB): Failed to decrypt"); 128 129 return -1; 130 } 131 132 133 /* get first tlv record in packet matching type 134 * @data (decrypted) packet 135 * @return 0 on success else -1 136 */ 137 static int wpa_ft_rrb_get_tlv(const u8 *plain, size_t plain_len, 138 u16 type, size_t *tlv_len, const u8 **tlv_data) 139 { 140 const struct ft_rrb_tlv *f; 141 size_t left; 142 le16 type16; 143 size_t len; 144 145 left = plain_len; 146 type16 = host_to_le16(type); 147 148 while (left >= sizeof(*f)) { 149 f = (const struct ft_rrb_tlv *) plain; 150 151 left -= sizeof(*f); 152 plain += sizeof(*f); 153 len = le_to_host16(f->len); 154 155 if (left < len) { 156 wpa_printf(MSG_DEBUG, "FT: RRB message truncated"); 157 break; 158 } 159 160 if (f->type == type16) { 161 *tlv_len = len; 162 *tlv_data = plain; 163 return 0; 164 } 165 166 left -= len; 167 plain += len; 168 } 169 170 return -1; 171 } 172 173 174 static void wpa_ft_rrb_dump(const u8 *plain, const size_t plain_len) 175 { 176 const struct ft_rrb_tlv *f; 177 size_t left; 178 size_t len; 179 180 left = plain_len; 181 182 wpa_printf(MSG_DEBUG, "FT: RRB dump message"); 183 while (left >= sizeof(*f)) { 184 f = (const struct ft_rrb_tlv *) plain; 185 186 left -= sizeof(*f); 187 plain += sizeof(*f); 188 len = le_to_host16(f->len); 189 190 wpa_printf(MSG_DEBUG, "FT: RRB TLV type = %d, len = %zu", 191 le_to_host16(f->type), len); 192 193 if (left < len) { 194 wpa_printf(MSG_DEBUG, 195 "FT: RRB message truncated: left %zu bytes, need %zu", 196 left, len); 197 break; 198 } 199 200 wpa_hexdump(MSG_DEBUG, "FT: RRB TLV data", plain, len); 201 202 left -= len; 203 plain += len; 204 } 205 206 if (left > 0) 207 wpa_hexdump(MSG_DEBUG, "FT: RRB TLV padding", plain, left); 208 209 wpa_printf(MSG_DEBUG, "FT: RRB dump message end"); 210 } 211 212 213 static int cmp_int(const void *a, const void *b) 214 { 215 int x, y; 216 217 x = *((int *) a); 218 y = *((int *) b); 219 return x - y; 220 } 221 222 223 static int wpa_ft_rrb_get_tlv_vlan(const u8 *plain, const size_t plain_len, 224 struct vlan_description *vlan) 225 { 226 struct ft_rrb_tlv *f; 227 size_t left; 228 size_t len; 229 int taggedidx; 230 int vlan_id; 231 int type; 232 233 left = plain_len; 234 taggedidx = 0; 235 os_memset(vlan, 0, sizeof(*vlan)); 236 237 while (left >= sizeof(*f)) { 238 f = (struct ft_rrb_tlv *) plain; 239 240 left -= sizeof(*f); 241 plain += sizeof(*f); 242 243 len = le_to_host16(f->len); 244 type = le_to_host16(f->type); 245 246 if (left < len) { 247 wpa_printf(MSG_DEBUG, "FT: RRB message truncated"); 248 return -1; 249 } 250 251 if (type != FT_RRB_VLAN_UNTAGGED && type != FT_RRB_VLAN_TAGGED) 252 goto skip; 253 254 if (type == FT_RRB_VLAN_UNTAGGED && len != sizeof(le16)) { 255 wpa_printf(MSG_DEBUG, 256 "FT: RRB VLAN_UNTAGGED invalid length"); 257 return -1; 258 } 259 260 if (type == FT_RRB_VLAN_TAGGED && len % sizeof(le16) != 0) { 261 wpa_printf(MSG_DEBUG, 262 "FT: RRB VLAN_TAGGED invalid length"); 263 return -1; 264 } 265 266 while (len >= sizeof(le16)) { 267 vlan_id = WPA_GET_LE16(plain); 268 plain += sizeof(le16); 269 left -= sizeof(le16); 270 len -= sizeof(le16); 271 272 if (vlan_id <= 0 || vlan_id > MAX_VLAN_ID) { 273 wpa_printf(MSG_DEBUG, 274 "FT: RRB VLAN ID invalid %d", 275 vlan_id); 276 continue; 277 } 278 279 if (type == FT_RRB_VLAN_UNTAGGED) 280 vlan->untagged = vlan_id; 281 282 if (type == FT_RRB_VLAN_TAGGED && 283 taggedidx < MAX_NUM_TAGGED_VLAN) { 284 vlan->tagged[taggedidx] = vlan_id; 285 taggedidx++; 286 } else if (type == FT_RRB_VLAN_TAGGED) { 287 wpa_printf(MSG_DEBUG, "FT: RRB too many VLANs"); 288 } 289 } 290 291 skip: 292 left -= len; 293 plain += len; 294 } 295 296 if (taggedidx) 297 qsort(vlan->tagged, taggedidx, sizeof(int), cmp_int); 298 299 vlan->notempty = vlan->untagged || vlan->tagged[0]; 300 301 return 0; 302 } 303 304 305 static size_t wpa_ft_tlv_len(const struct tlv_list *tlvs) 306 { 307 size_t tlv_len = 0; 308 int i; 309 310 if (!tlvs) 311 return 0; 312 313 for (i = 0; tlvs[i].type != FT_RRB_LAST_EMPTY; i++) { 314 tlv_len += sizeof(struct ft_rrb_tlv); 315 tlv_len += tlvs[i].len; 316 } 317 318 return tlv_len; 319 } 320 321 322 static size_t wpa_ft_tlv_lin(const struct tlv_list *tlvs, u8 *start, 323 u8 *endpos) 324 { 325 int i; 326 size_t tlv_len; 327 struct ft_rrb_tlv *hdr; 328 u8 *pos; 329 330 if (!tlvs) 331 return 0; 332 333 tlv_len = 0; 334 pos = start; 335 for (i = 0; tlvs[i].type != FT_RRB_LAST_EMPTY; i++) { 336 if (tlv_len + sizeof(*hdr) > (size_t) (endpos - start)) 337 return tlv_len; 338 tlv_len += sizeof(*hdr); 339 hdr = (struct ft_rrb_tlv *) pos; 340 hdr->type = host_to_le16(tlvs[i].type); 341 hdr->len = host_to_le16(tlvs[i].len); 342 pos = start + tlv_len; 343 344 if (tlv_len + tlvs[i].len > (size_t) (endpos - start)) 345 return tlv_len; 346 if (tlvs[i].len == 0) 347 continue; 348 tlv_len += tlvs[i].len; 349 os_memcpy(pos, tlvs[i].data, tlvs[i].len); 350 pos = start + tlv_len; 351 } 352 353 return tlv_len; 354 } 355 356 357 static size_t wpa_ft_vlan_len(const struct vlan_description *vlan) 358 { 359 size_t tlv_len = 0; 360 int i; 361 362 if (!vlan || !vlan->notempty) 363 return 0; 364 365 if (vlan->untagged) { 366 tlv_len += sizeof(struct ft_rrb_tlv); 367 tlv_len += sizeof(le16); 368 } 369 if (vlan->tagged[0]) 370 tlv_len += sizeof(struct ft_rrb_tlv); 371 for (i = 0; i < MAX_NUM_TAGGED_VLAN && vlan->tagged[i]; i++) 372 tlv_len += sizeof(le16); 373 374 return tlv_len; 375 } 376 377 378 static size_t wpa_ft_vlan_lin(const struct vlan_description *vlan, 379 u8 *start, u8 *endpos) 380 { 381 size_t tlv_len; 382 int i, len; 383 struct ft_rrb_tlv *hdr; 384 u8 *pos = start; 385 386 if (!vlan || !vlan->notempty) 387 return 0; 388 389 tlv_len = 0; 390 if (vlan->untagged) { 391 tlv_len += sizeof(*hdr); 392 if (start + tlv_len > endpos) 393 return tlv_len; 394 hdr = (struct ft_rrb_tlv *) pos; 395 hdr->type = host_to_le16(FT_RRB_VLAN_UNTAGGED); 396 hdr->len = host_to_le16(sizeof(le16)); 397 pos = start + tlv_len; 398 399 tlv_len += sizeof(le16); 400 if (start + tlv_len > endpos) 401 return tlv_len; 402 WPA_PUT_LE16(pos, vlan->untagged); 403 pos = start + tlv_len; 404 } 405 406 if (!vlan->tagged[0]) 407 return tlv_len; 408 409 tlv_len += sizeof(*hdr); 410 if (start + tlv_len > endpos) 411 return tlv_len; 412 hdr = (struct ft_rrb_tlv *) pos; 413 hdr->type = host_to_le16(FT_RRB_VLAN_TAGGED); 414 len = 0; /* len is computed below */ 415 pos = start + tlv_len; 416 417 for (i = 0; i < MAX_NUM_TAGGED_VLAN && vlan->tagged[i]; i++) { 418 tlv_len += sizeof(le16); 419 if (start + tlv_len > endpos) 420 break; 421 len += sizeof(le16); 422 WPA_PUT_LE16(pos, vlan->tagged[i]); 423 pos = start + tlv_len; 424 } 425 426 hdr->len = host_to_le16(len); 427 428 return tlv_len; 429 } 430 431 432 static int wpa_ft_rrb_lin(const struct tlv_list *tlvs1, 433 const struct tlv_list *tlvs2, 434 const struct vlan_description *vlan, 435 u8 **plain, size_t *plain_len) 436 { 437 u8 *pos, *endpos; 438 size_t tlv_len; 439 440 tlv_len = wpa_ft_tlv_len(tlvs1); 441 tlv_len += wpa_ft_tlv_len(tlvs2); 442 tlv_len += wpa_ft_vlan_len(vlan); 443 444 *plain_len = tlv_len; 445 *plain = os_zalloc(tlv_len); 446 if (!*plain) { 447 wpa_printf(MSG_ERROR, "FT: Failed to allocate plaintext"); 448 goto err; 449 } 450 451 pos = *plain; 452 endpos = *plain + tlv_len; 453 pos += wpa_ft_tlv_lin(tlvs1, pos, endpos); 454 pos += wpa_ft_tlv_lin(tlvs2, pos, endpos); 455 pos += wpa_ft_vlan_lin(vlan, pos, endpos); 456 457 /* sanity check */ 458 if (pos != endpos) { 459 wpa_printf(MSG_ERROR, "FT: Length error building RRB"); 460 goto err; 461 } 462 463 return 0; 464 465 err: 466 os_free(*plain); 467 *plain = NULL; 468 *plain_len = 0; 469 return -1; 470 } 471 472 473 static int wpa_ft_rrb_encrypt(const u8 *key, const size_t key_len, 474 const u8 *plain, const size_t plain_len, 475 const u8 *auth, const size_t auth_len, 476 const u8 *src_addr, u8 type, u8 *enc) 477 { 478 const u8 *ad[3] = { src_addr, auth, &type }; 479 size_t ad_len[3] = { ETH_ALEN, auth_len, sizeof(type) }; 480 481 wpa_printf(MSG_DEBUG, "FT(RRB): src_addr=" MACSTR " type=%u", 482 MAC2STR(src_addr), type); 483 wpa_hexdump_key(MSG_DEBUG, "FT(RRB): plaintext message", 484 plain, plain_len); 485 wpa_hexdump_key(MSG_DEBUG, "FT(RRB): encrypt using key", key, key_len); 486 wpa_hexdump(MSG_DEBUG, "FT(RRB): authenticated TLVs", auth, auth_len); 487 488 if (!key) { 489 /* encryption not needed, return plaintext as packet */ 490 os_memcpy(enc, plain, plain_len); 491 } else if (aes_siv_encrypt(key, key_len, plain, plain_len, 492 3, ad, ad_len, enc) < 0) { 493 wpa_printf(MSG_ERROR, "FT: Failed to encrypt RRB-OUI message"); 494 return -1; 495 } 496 wpa_hexdump(MSG_DEBUG, "FT(RRB): encrypted TLVs", 497 enc, plain_len + AES_BLOCK_SIZE); 498 499 return 0; 500 } 501 502 503 /** 504 * wpa_ft_rrb_build - Build and encrypt an FT RRB message 505 * @key: AES-SIV key for AEAD 506 * @key_len: Length of key in octets 507 * @tlvs_enc0: First set of to-be-encrypted TLVs 508 * @tlvs_enc1: Second set of to-be-encrypted TLVs 509 * @tlvs_auth: Set of to-be-authenticated TLVs 510 * @src_addr: MAC address of the frame sender 511 * @type: Vendor-specific subtype of the RRB frame (FT_PACKET_*) 512 * @packet Pointer to return the pointer to the allocated packet buffer; 513 * needs to be freed by the caller if not null; 514 * will only be returned on success 515 * @packet_len: Pointer to return the length of the allocated buffer in octets 516 * Returns: 0 on success, -1 on error 517 */ 518 static int wpa_ft_rrb_build(const u8 *key, const size_t key_len, 519 const struct tlv_list *tlvs_enc0, 520 const struct tlv_list *tlvs_enc1, 521 const struct tlv_list *tlvs_auth, 522 const struct vlan_description *vlan, 523 const u8 *src_addr, u8 type, 524 u8 **packet, size_t *packet_len) 525 { 526 u8 *plain = NULL, *auth = NULL, *pos, *tmp; 527 size_t plain_len = 0, auth_len = 0; 528 int ret = -1; 529 size_t pad_len = 0; 530 531 *packet = NULL; 532 if (wpa_ft_rrb_lin(tlvs_enc0, tlvs_enc1, vlan, &plain, &plain_len) < 0) 533 goto out; 534 535 if (wpa_ft_rrb_lin(tlvs_auth, NULL, NULL, &auth, &auth_len) < 0) 536 goto out; 537 538 *packet_len = sizeof(u16) + auth_len + plain_len; 539 if (key) 540 *packet_len += AES_BLOCK_SIZE; 541 #define RRB_MIN_MSG_LEN 64 542 if (*packet_len < RRB_MIN_MSG_LEN) { 543 pad_len = RRB_MIN_MSG_LEN - *packet_len; 544 if (pad_len < sizeof(struct ft_rrb_tlv)) 545 pad_len = sizeof(struct ft_rrb_tlv); 546 wpa_printf(MSG_DEBUG, 547 "FT: Pad message to minimum Ethernet frame length (%d --> %d)", 548 (int) *packet_len, (int) (*packet_len + pad_len)); 549 *packet_len += pad_len; 550 tmp = os_realloc(auth, auth_len + pad_len); 551 if (!tmp) 552 goto out; 553 auth = tmp; 554 pos = auth + auth_len; 555 WPA_PUT_LE16(pos, FT_RRB_LAST_EMPTY); 556 pos += 2; 557 WPA_PUT_LE16(pos, pad_len - sizeof(struct ft_rrb_tlv)); 558 pos += 2; 559 os_memset(pos, 0, pad_len - sizeof(struct ft_rrb_tlv)); 560 auth_len += pad_len; 561 562 } 563 *packet = os_zalloc(*packet_len); 564 if (!*packet) 565 goto out; 566 567 pos = *packet; 568 WPA_PUT_LE16(pos, auth_len); 569 pos += 2; 570 os_memcpy(pos, auth, auth_len); 571 pos += auth_len; 572 if (wpa_ft_rrb_encrypt(key, key_len, plain, plain_len, auth, 573 auth_len, src_addr, type, pos) < 0) 574 goto out; 575 wpa_hexdump(MSG_MSGDUMP, "FT: RRB frame payload", *packet, *packet_len); 576 577 ret = 0; 578 579 out: 580 bin_clear_free(plain, plain_len); 581 os_free(auth); 582 583 if (ret) { 584 wpa_printf(MSG_ERROR, "FT: Failed to build RRB-OUI message"); 585 os_free(*packet); 586 *packet = NULL; 587 *packet_len = 0; 588 } 589 590 return ret; 591 } 592 593 594 #define RRB_GET_SRC(srcfield, type, field, txt, checklength) do { \ 595 if (wpa_ft_rrb_get_tlv(srcfield, srcfield##_len, type, \ 596 &f_##field##_len, &f_##field) < 0 || \ 597 (checklength > 0 && ((size_t) checklength) != f_##field##_len)) { \ 598 wpa_printf(MSG_INFO, "FT: Missing required " #field \ 599 " in %s from " MACSTR, txt, MAC2STR(src_addr)); \ 600 wpa_ft_rrb_dump(srcfield, srcfield##_len); \ 601 goto out; \ 602 } \ 603 } while (0) 604 605 #define RRB_GET(type, field, txt, checklength) \ 606 RRB_GET_SRC(plain, type, field, txt, checklength) 607 #define RRB_GET_AUTH(type, field, txt, checklength) \ 608 RRB_GET_SRC(auth, type, field, txt, checklength) 609 610 #define RRB_GET_OPTIONAL_SRC(srcfield, type, field, txt, checklength) do { \ 611 if (wpa_ft_rrb_get_tlv(srcfield, srcfield##_len, type, \ 612 &f_##field##_len, &f_##field) < 0 || \ 613 (checklength > 0 && ((size_t) checklength) != f_##field##_len)) { \ 614 wpa_printf(MSG_DEBUG, "FT: Missing optional " #field \ 615 " in %s from " MACSTR, txt, MAC2STR(src_addr)); \ 616 f_##field##_len = 0; \ 617 f_##field = NULL; \ 618 } \ 619 } while (0) 620 621 #define RRB_GET_OPTIONAL(type, field, txt, checklength) \ 622 RRB_GET_OPTIONAL_SRC(plain, type, field, txt, checklength) 623 #define RRB_GET_OPTIONAL_AUTH(type, field, txt, checklength) \ 624 RRB_GET_OPTIONAL_SRC(auth, type, field, txt, checklength) 625 626 static int wpa_ft_rrb_send(struct wpa_authenticator *wpa_auth, const u8 *dst, 627 const u8 *data, size_t data_len) 628 { 629 if (wpa_auth->cb->send_ether == NULL) 630 return -1; 631 wpa_printf(MSG_DEBUG, "FT: RRB send to " MACSTR, MAC2STR(dst)); 632 return wpa_auth->cb->send_ether(wpa_auth->cb_ctx, dst, ETH_P_RRB, 633 data, data_len); 634 } 635 636 637 static int wpa_ft_rrb_oui_send(struct wpa_authenticator *wpa_auth, 638 const u8 *dst, u8 oui_suffix, 639 const u8 *data, size_t data_len) 640 { 641 if (!wpa_auth->cb->send_oui) 642 return -1; 643 wpa_printf(MSG_DEBUG, "FT: RRB-OUI type %u send to " MACSTR " (len=%u)", 644 oui_suffix, MAC2STR(dst), (unsigned int) data_len); 645 return wpa_auth->cb->send_oui(wpa_auth->cb_ctx, dst, oui_suffix, data, 646 data_len); 647 } 648 649 650 static int wpa_ft_action_send(struct wpa_authenticator *wpa_auth, 651 const u8 *dst, const u8 *data, size_t data_len) 652 { 653 if (wpa_auth->cb->send_ft_action == NULL) 654 return -1; 655 return wpa_auth->cb->send_ft_action(wpa_auth->cb_ctx, dst, 656 data, data_len); 657 } 658 659 660 static const u8 * wpa_ft_get_psk(struct wpa_authenticator *wpa_auth, 661 const u8 *addr, const u8 *p2p_dev_addr, 662 const u8 *prev_psk) 663 { 664 if (wpa_auth->cb->get_psk == NULL) 665 return NULL; 666 return wpa_auth->cb->get_psk(wpa_auth->cb_ctx, addr, p2p_dev_addr, 667 prev_psk, NULL, NULL); 668 } 669 670 671 static struct wpa_state_machine * 672 wpa_ft_add_sta(struct wpa_authenticator *wpa_auth, const u8 *sta_addr) 673 { 674 if (wpa_auth->cb->add_sta == NULL) 675 return NULL; 676 return wpa_auth->cb->add_sta(wpa_auth->cb_ctx, sta_addr); 677 } 678 679 680 static int wpa_ft_set_vlan(struct wpa_authenticator *wpa_auth, 681 const u8 *sta_addr, struct vlan_description *vlan) 682 { 683 if (!wpa_auth->cb->set_vlan) 684 return -1; 685 return wpa_auth->cb->set_vlan(wpa_auth->cb_ctx, sta_addr, vlan); 686 } 687 688 689 static int wpa_ft_get_vlan(struct wpa_authenticator *wpa_auth, 690 const u8 *sta_addr, struct vlan_description *vlan) 691 { 692 if (!wpa_auth->cb->get_vlan) 693 return -1; 694 return wpa_auth->cb->get_vlan(wpa_auth->cb_ctx, sta_addr, vlan); 695 } 696 697 698 static int 699 wpa_ft_set_identity(struct wpa_authenticator *wpa_auth, const u8 *sta_addr, 700 const u8 *identity, size_t identity_len) 701 { 702 if (!wpa_auth->cb->set_identity) 703 return -1; 704 return wpa_auth->cb->set_identity(wpa_auth->cb_ctx, sta_addr, identity, 705 identity_len); 706 } 707 708 709 static size_t 710 wpa_ft_get_identity(struct wpa_authenticator *wpa_auth, const u8 *sta_addr, 711 const u8 **buf) 712 { 713 *buf = NULL; 714 if (!wpa_auth->cb->get_identity) 715 return 0; 716 return wpa_auth->cb->get_identity(wpa_auth->cb_ctx, sta_addr, buf); 717 } 718 719 720 static int 721 wpa_ft_set_radius_cui(struct wpa_authenticator *wpa_auth, const u8 *sta_addr, 722 const u8 *radius_cui, size_t radius_cui_len) 723 { 724 if (!wpa_auth->cb->set_radius_cui) 725 return -1; 726 return wpa_auth->cb->set_radius_cui(wpa_auth->cb_ctx, sta_addr, 727 radius_cui, radius_cui_len); 728 } 729 730 731 static size_t 732 wpa_ft_get_radius_cui(struct wpa_authenticator *wpa_auth, const u8 *sta_addr, 733 const u8 **buf) 734 { 735 *buf = NULL; 736 if (!wpa_auth->cb->get_radius_cui) 737 return 0; 738 return wpa_auth->cb->get_radius_cui(wpa_auth->cb_ctx, sta_addr, buf); 739 } 740 741 742 static void 743 wpa_ft_set_session_timeout(struct wpa_authenticator *wpa_auth, 744 const u8 *sta_addr, int session_timeout) 745 { 746 if (!wpa_auth->cb->set_session_timeout) 747 return; 748 wpa_auth->cb->set_session_timeout(wpa_auth->cb_ctx, sta_addr, 749 session_timeout); 750 } 751 752 753 static int 754 wpa_ft_get_session_timeout(struct wpa_authenticator *wpa_auth, 755 const u8 *sta_addr) 756 { 757 if (!wpa_auth->cb->get_session_timeout) 758 return 0; 759 return wpa_auth->cb->get_session_timeout(wpa_auth->cb_ctx, sta_addr); 760 } 761 762 763 static int wpa_ft_add_tspec(struct wpa_authenticator *wpa_auth, 764 const u8 *sta_addr, 765 u8 *tspec_ie, size_t tspec_ielen) 766 { 767 if (wpa_auth->cb->add_tspec == NULL) { 768 wpa_printf(MSG_DEBUG, "FT: add_tspec is not initialized"); 769 return -1; 770 } 771 return wpa_auth->cb->add_tspec(wpa_auth->cb_ctx, sta_addr, tspec_ie, 772 tspec_ielen); 773 } 774 775 776 #ifdef CONFIG_OCV 777 static int wpa_channel_info(struct wpa_authenticator *wpa_auth, 778 struct wpa_channel_info *ci) 779 { 780 if (!wpa_auth->cb->channel_info) 781 return -1; 782 return wpa_auth->cb->channel_info(wpa_auth->cb_ctx, ci); 783 } 784 #endif /* CONFIG_OCV */ 785 786 787 int wpa_write_mdie(struct wpa_auth_config *conf, u8 *buf, size_t len) 788 { 789 u8 *pos = buf; 790 u8 capab; 791 if (len < 2 + sizeof(struct rsn_mdie)) 792 return -1; 793 794 *pos++ = WLAN_EID_MOBILITY_DOMAIN; 795 *pos++ = MOBILITY_DOMAIN_ID_LEN + 1; 796 os_memcpy(pos, conf->mobility_domain, MOBILITY_DOMAIN_ID_LEN); 797 pos += MOBILITY_DOMAIN_ID_LEN; 798 capab = 0; 799 if (conf->ft_over_ds) 800 capab |= RSN_FT_CAPAB_FT_OVER_DS; 801 *pos++ = capab; 802 803 return pos - buf; 804 } 805 806 807 int wpa_write_ftie(struct wpa_auth_config *conf, int use_sha384, 808 const u8 *r0kh_id, size_t r0kh_id_len, 809 const u8 *anonce, const u8 *snonce, 810 u8 *buf, size_t len, const u8 *subelem, 811 size_t subelem_len) 812 { 813 u8 *pos = buf, *ielen; 814 size_t hdrlen = use_sha384 ? sizeof(struct rsn_ftie_sha384) : 815 sizeof(struct rsn_ftie); 816 817 if (len < 2 + hdrlen + 2 + FT_R1KH_ID_LEN + 2 + r0kh_id_len + 818 subelem_len) 819 return -1; 820 821 *pos++ = WLAN_EID_FAST_BSS_TRANSITION; 822 ielen = pos++; 823 824 if (use_sha384) { 825 struct rsn_ftie_sha384 *hdr = (struct rsn_ftie_sha384 *) pos; 826 827 os_memset(hdr, 0, sizeof(*hdr)); 828 pos += sizeof(*hdr); 829 WPA_PUT_LE16(hdr->mic_control, 0); 830 if (anonce) 831 os_memcpy(hdr->anonce, anonce, WPA_NONCE_LEN); 832 if (snonce) 833 os_memcpy(hdr->snonce, snonce, WPA_NONCE_LEN); 834 } else { 835 struct rsn_ftie *hdr = (struct rsn_ftie *) pos; 836 837 os_memset(hdr, 0, sizeof(*hdr)); 838 pos += sizeof(*hdr); 839 WPA_PUT_LE16(hdr->mic_control, 0); 840 if (anonce) 841 os_memcpy(hdr->anonce, anonce, WPA_NONCE_LEN); 842 if (snonce) 843 os_memcpy(hdr->snonce, snonce, WPA_NONCE_LEN); 844 } 845 846 /* Optional Parameters */ 847 *pos++ = FTIE_SUBELEM_R1KH_ID; 848 *pos++ = FT_R1KH_ID_LEN; 849 os_memcpy(pos, conf->r1_key_holder, FT_R1KH_ID_LEN); 850 pos += FT_R1KH_ID_LEN; 851 852 if (r0kh_id) { 853 *pos++ = FTIE_SUBELEM_R0KH_ID; 854 *pos++ = r0kh_id_len; 855 os_memcpy(pos, r0kh_id, r0kh_id_len); 856 pos += r0kh_id_len; 857 } 858 859 if (subelem) { 860 os_memcpy(pos, subelem, subelem_len); 861 pos += subelem_len; 862 } 863 864 *ielen = pos - buf - 2; 865 866 return pos - buf; 867 } 868 869 870 /* A packet to be handled after seq response */ 871 struct ft_remote_item { 872 struct dl_list list; 873 874 u8 nonce[FT_RRB_NONCE_LEN]; 875 struct os_reltime nonce_ts; 876 877 u8 src_addr[ETH_ALEN]; 878 u8 *enc; 879 size_t enc_len; 880 u8 *auth; 881 size_t auth_len; 882 int (*cb)(struct wpa_authenticator *wpa_auth, 883 const u8 *src_addr, 884 const u8 *enc, size_t enc_len, 885 const u8 *auth, size_t auth_len, 886 int no_defer); 887 }; 888 889 890 static void wpa_ft_rrb_seq_free(struct ft_remote_item *item) 891 { 892 eloop_cancel_timeout(wpa_ft_rrb_seq_timeout, ELOOP_ALL_CTX, item); 893 dl_list_del(&item->list); 894 bin_clear_free(item->enc, item->enc_len); 895 os_free(item->auth); 896 os_free(item); 897 } 898 899 900 static void wpa_ft_rrb_seq_flush(struct wpa_authenticator *wpa_auth, 901 struct ft_remote_seq *rkh_seq, int cb) 902 { 903 struct ft_remote_item *item, *n; 904 905 dl_list_for_each_safe(item, n, &rkh_seq->rx.queue, 906 struct ft_remote_item, list) { 907 if (cb && item->cb) 908 item->cb(wpa_auth, item->src_addr, item->enc, 909 item->enc_len, item->auth, item->auth_len, 1); 910 wpa_ft_rrb_seq_free(item); 911 } 912 } 913 914 915 static void wpa_ft_rrb_seq_timeout(void *eloop_ctx, void *timeout_ctx) 916 { 917 struct ft_remote_item *item = timeout_ctx; 918 919 wpa_ft_rrb_seq_free(item); 920 } 921 922 923 static int 924 wpa_ft_rrb_seq_req(struct wpa_authenticator *wpa_auth, 925 struct ft_remote_seq *rkh_seq, const u8 *src_addr, 926 const u8 *f_r0kh_id, size_t f_r0kh_id_len, 927 const u8 *f_r1kh_id, const u8 *key, size_t key_len, 928 const u8 *enc, size_t enc_len, 929 const u8 *auth, size_t auth_len, 930 int (*cb)(struct wpa_authenticator *wpa_auth, 931 const u8 *src_addr, 932 const u8 *enc, size_t enc_len, 933 const u8 *auth, size_t auth_len, 934 int no_defer)) 935 { 936 struct ft_remote_item *item = NULL; 937 u8 *packet = NULL; 938 size_t packet_len; 939 struct tlv_list seq_req_auth[] = { 940 { .type = FT_RRB_NONCE, .len = FT_RRB_NONCE_LEN, 941 .data = NULL /* to be filled: item->nonce */ }, 942 { .type = FT_RRB_R0KH_ID, .len = f_r0kh_id_len, 943 .data = f_r0kh_id }, 944 { .type = FT_RRB_R1KH_ID, .len = FT_R1KH_ID_LEN, 945 .data = f_r1kh_id }, 946 { .type = FT_RRB_LAST_EMPTY, .len = 0, .data = NULL }, 947 }; 948 949 if (dl_list_len(&rkh_seq->rx.queue) >= ftRRBmaxQueueLen) { 950 wpa_printf(MSG_DEBUG, "FT: Sequence number queue too long"); 951 goto err; 952 } 953 954 wpa_printf(MSG_DEBUG, "FT: Send out sequence number request to " MACSTR, 955 MAC2STR(src_addr)); 956 item = os_zalloc(sizeof(*item)); 957 if (!item) 958 goto err; 959 960 os_memcpy(item->src_addr, src_addr, ETH_ALEN); 961 item->cb = cb; 962 963 if (random_get_bytes(item->nonce, FT_RRB_NONCE_LEN) < 0) { 964 wpa_printf(MSG_DEBUG, "FT: Seq num nonce: out of random bytes"); 965 goto err; 966 } 967 968 if (os_get_reltime(&item->nonce_ts) < 0) 969 goto err; 970 971 if (enc && enc_len > 0) { 972 item->enc = os_memdup(enc, enc_len); 973 item->enc_len = enc_len; 974 if (!item->enc) 975 goto err; 976 } 977 978 if (auth && auth_len > 0) { 979 item->auth = os_memdup(auth, auth_len); 980 item->auth_len = auth_len; 981 if (!item->auth) 982 goto err; 983 } 984 985 eloop_register_timeout(ftRRBseqTimeout, 0, wpa_ft_rrb_seq_timeout, 986 wpa_auth, item); 987 988 seq_req_auth[0].data = item->nonce; 989 990 if (wpa_ft_rrb_build(key, key_len, NULL, NULL, seq_req_auth, NULL, 991 wpa_auth->addr, FT_PACKET_R0KH_R1KH_SEQ_REQ, 992 &packet, &packet_len) < 0) { 993 item = NULL; /* some other seq resp might still accept this */ 994 goto err; 995 } 996 997 dl_list_add(&rkh_seq->rx.queue, &item->list); 998 999 wpa_ft_rrb_oui_send(wpa_auth, src_addr, FT_PACKET_R0KH_R1KH_SEQ_REQ, 1000 packet, packet_len); 1001 1002 os_free(packet); 1003 1004 return 0; 1005 err: 1006 wpa_printf(MSG_DEBUG, "FT: Failed to send sequence number request"); 1007 if (item) { 1008 os_free(item->auth); 1009 bin_clear_free(item->enc, item->enc_len); 1010 os_free(item); 1011 } 1012 1013 return -1; 1014 } 1015 1016 1017 #define FT_RRB_SEQ_OK 0 1018 #define FT_RRB_SEQ_DROP 1 1019 #define FT_RRB_SEQ_DEFER 2 1020 1021 static int 1022 wpa_ft_rrb_seq_chk(struct ft_remote_seq *rkh_seq, const u8 *src_addr, 1023 const u8 *enc, size_t enc_len, 1024 const u8 *auth, size_t auth_len, 1025 const char *msgtype, int no_defer) 1026 { 1027 const u8 *f_seq; 1028 size_t f_seq_len; 1029 const struct ft_rrb_seq *msg_both; 1030 u32 msg_seq, msg_off, rkh_off; 1031 struct os_reltime now; 1032 unsigned int i; 1033 1034 RRB_GET_AUTH(FT_RRB_SEQ, seq, msgtype, sizeof(*msg_both)); 1035 wpa_hexdump(MSG_DEBUG, "FT: sequence number", f_seq, f_seq_len); 1036 msg_both = (const struct ft_rrb_seq *) f_seq; 1037 1038 if (rkh_seq->rx.num_last == 0) { 1039 /* first packet from remote */ 1040 goto defer; 1041 } 1042 1043 if (le_to_host32(msg_both->dom) != rkh_seq->rx.dom) { 1044 /* remote might have rebooted */ 1045 goto defer; 1046 } 1047 1048 if (os_get_reltime(&now) == 0) { 1049 u32 msg_ts_now_remote, msg_ts_off; 1050 struct os_reltime now_remote; 1051 1052 os_reltime_sub(&now, &rkh_seq->rx.time_offset, &now_remote); 1053 msg_ts_now_remote = now_remote.sec; 1054 msg_ts_off = le_to_host32(msg_both->ts) - 1055 (msg_ts_now_remote - ftRRBseqTimeout); 1056 if (msg_ts_off > 2 * ftRRBseqTimeout) 1057 goto defer; 1058 } 1059 1060 msg_seq = le_to_host32(msg_both->seq); 1061 rkh_off = rkh_seq->rx.last[rkh_seq->rx.offsetidx]; 1062 msg_off = msg_seq - rkh_off; 1063 if (msg_off > 0xC0000000) 1064 goto out; /* too old message, drop it */ 1065 1066 if (msg_off <= 0x40000000) { 1067 for (i = 0; i < rkh_seq->rx.num_last; i++) { 1068 if (rkh_seq->rx.last[i] == msg_seq) 1069 goto out; /* duplicate message, drop it */ 1070 } 1071 1072 return FT_RRB_SEQ_OK; 1073 } 1074 1075 defer: 1076 if (no_defer) 1077 goto out; 1078 1079 wpa_printf(MSG_DEBUG, "FT: Possibly invalid sequence number in %s from " 1080 MACSTR, msgtype, MAC2STR(src_addr)); 1081 1082 return FT_RRB_SEQ_DEFER; 1083 out: 1084 wpa_printf(MSG_DEBUG, "FT: Invalid sequence number in %s from " MACSTR, 1085 msgtype, MAC2STR(src_addr)); 1086 1087 return FT_RRB_SEQ_DROP; 1088 } 1089 1090 1091 static void 1092 wpa_ft_rrb_seq_accept(struct wpa_authenticator *wpa_auth, 1093 struct ft_remote_seq *rkh_seq, const u8 *src_addr, 1094 const u8 *auth, size_t auth_len, 1095 const char *msgtype) 1096 { 1097 const u8 *f_seq; 1098 size_t f_seq_len; 1099 const struct ft_rrb_seq *msg_both; 1100 u32 msg_seq, msg_off, min_off, rkh_off; 1101 int minidx = 0; 1102 unsigned int i; 1103 1104 RRB_GET_AUTH(FT_RRB_SEQ, seq, msgtype, sizeof(*msg_both)); 1105 msg_both = (const struct ft_rrb_seq *) f_seq; 1106 1107 msg_seq = le_to_host32(msg_both->seq); 1108 1109 if (rkh_seq->rx.num_last < FT_REMOTE_SEQ_BACKLOG) { 1110 rkh_seq->rx.last[rkh_seq->rx.num_last] = msg_seq; 1111 rkh_seq->rx.num_last++; 1112 return; 1113 } 1114 1115 rkh_off = rkh_seq->rx.last[rkh_seq->rx.offsetidx]; 1116 for (i = 0; i < rkh_seq->rx.num_last; i++) { 1117 msg_off = rkh_seq->rx.last[i] - rkh_off; 1118 min_off = rkh_seq->rx.last[minidx] - rkh_off; 1119 if (msg_off < min_off && i != rkh_seq->rx.offsetidx) 1120 minidx = i; 1121 } 1122 rkh_seq->rx.last[rkh_seq->rx.offsetidx] = msg_seq; 1123 rkh_seq->rx.offsetidx = minidx; 1124 1125 return; 1126 out: 1127 /* RRB_GET_AUTH should never fail here as 1128 * wpa_ft_rrb_seq_chk() verified FT_RRB_SEQ presence. */ 1129 wpa_printf(MSG_ERROR, "FT: %s() failed", __func__); 1130 } 1131 1132 1133 static int wpa_ft_new_seq(struct ft_remote_seq *rkh_seq, 1134 struct ft_rrb_seq *f_seq) 1135 { 1136 struct os_reltime now; 1137 1138 if (os_get_reltime(&now) < 0) 1139 return -1; 1140 1141 if (!rkh_seq->tx.dom) { 1142 if (random_get_bytes((u8 *) &rkh_seq->tx.seq, 1143 sizeof(rkh_seq->tx.seq))) { 1144 wpa_printf(MSG_ERROR, 1145 "FT: Failed to get random data for sequence number initialization"); 1146 rkh_seq->tx.seq = now.usec; 1147 } 1148 if (random_get_bytes((u8 *) &rkh_seq->tx.dom, 1149 sizeof(rkh_seq->tx.dom))) { 1150 wpa_printf(MSG_ERROR, 1151 "FT: Failed to get random data for sequence number initialization"); 1152 rkh_seq->tx.dom = now.usec; 1153 } 1154 rkh_seq->tx.dom |= 1; 1155 } 1156 1157 f_seq->dom = host_to_le32(rkh_seq->tx.dom); 1158 f_seq->seq = host_to_le32(rkh_seq->tx.seq); 1159 f_seq->ts = host_to_le32(now.sec); 1160 1161 rkh_seq->tx.seq++; 1162 1163 return 0; 1164 } 1165 1166 1167 struct wpa_ft_pmk_r0_sa { 1168 struct dl_list list; 1169 u8 pmk_r0[PMK_LEN_MAX]; 1170 size_t pmk_r0_len; 1171 u8 pmk_r0_name[WPA_PMK_NAME_LEN]; 1172 u8 spa[ETH_ALEN]; 1173 int pairwise; /* Pairwise cipher suite, WPA_CIPHER_* */ 1174 struct vlan_description *vlan; 1175 os_time_t expiration; /* 0 for no expiration */ 1176 u8 *identity; 1177 size_t identity_len; 1178 u8 *radius_cui; 1179 size_t radius_cui_len; 1180 os_time_t session_timeout; /* 0 for no expiration */ 1181 /* TODO: radius_class, EAP type */ 1182 int pmk_r1_pushed; 1183 }; 1184 1185 struct wpa_ft_pmk_r1_sa { 1186 struct dl_list list; 1187 u8 pmk_r1[PMK_LEN_MAX]; 1188 size_t pmk_r1_len; 1189 u8 pmk_r1_name[WPA_PMK_NAME_LEN]; 1190 u8 spa[ETH_ALEN]; 1191 int pairwise; /* Pairwise cipher suite, WPA_CIPHER_* */ 1192 struct vlan_description *vlan; 1193 u8 *identity; 1194 size_t identity_len; 1195 u8 *radius_cui; 1196 size_t radius_cui_len; 1197 os_time_t session_timeout; /* 0 for no expiration */ 1198 /* TODO: radius_class, EAP type */ 1199 }; 1200 1201 struct wpa_ft_pmk_cache { 1202 struct dl_list pmk_r0; /* struct wpa_ft_pmk_r0_sa */ 1203 struct dl_list pmk_r1; /* struct wpa_ft_pmk_r1_sa */ 1204 }; 1205 1206 1207 static void wpa_ft_expire_pmk_r0(void *eloop_ctx, void *timeout_ctx); 1208 static void wpa_ft_expire_pmk_r1(void *eloop_ctx, void *timeout_ctx); 1209 1210 1211 static void wpa_ft_free_pmk_r0(struct wpa_ft_pmk_r0_sa *r0) 1212 { 1213 if (!r0) 1214 return; 1215 1216 dl_list_del(&r0->list); 1217 eloop_cancel_timeout(wpa_ft_expire_pmk_r0, r0, NULL); 1218 1219 os_memset(r0->pmk_r0, 0, PMK_LEN_MAX); 1220 os_free(r0->vlan); 1221 os_free(r0->identity); 1222 os_free(r0->radius_cui); 1223 os_free(r0); 1224 } 1225 1226 1227 static void wpa_ft_expire_pmk_r0(void *eloop_ctx, void *timeout_ctx) 1228 { 1229 struct wpa_ft_pmk_r0_sa *r0 = eloop_ctx; 1230 struct os_reltime now; 1231 int expires_in; 1232 int session_timeout; 1233 1234 os_get_reltime(&now); 1235 1236 if (!r0) 1237 return; 1238 1239 expires_in = r0->expiration - now.sec; 1240 session_timeout = r0->session_timeout - now.sec; 1241 /* conditions to remove from cache: 1242 * a) r0->expiration is set and hit 1243 * -or- 1244 * b) r0->session_timeout is set and hit 1245 */ 1246 if ((!r0->expiration || expires_in > 0) && 1247 (!r0->session_timeout || session_timeout > 0)) { 1248 wpa_printf(MSG_ERROR, 1249 "FT: %s() called for non-expired entry %p", 1250 __func__, r0); 1251 eloop_cancel_timeout(wpa_ft_expire_pmk_r0, r0, NULL); 1252 if (r0->expiration && expires_in > 0) 1253 eloop_register_timeout(expires_in + 1, 0, 1254 wpa_ft_expire_pmk_r0, r0, NULL); 1255 if (r0->session_timeout && session_timeout > 0) 1256 eloop_register_timeout(session_timeout + 1, 0, 1257 wpa_ft_expire_pmk_r0, r0, NULL); 1258 return; 1259 } 1260 1261 wpa_ft_free_pmk_r0(r0); 1262 } 1263 1264 1265 static void wpa_ft_free_pmk_r1(struct wpa_ft_pmk_r1_sa *r1) 1266 { 1267 if (!r1) 1268 return; 1269 1270 dl_list_del(&r1->list); 1271 eloop_cancel_timeout(wpa_ft_expire_pmk_r1, r1, NULL); 1272 1273 os_memset(r1->pmk_r1, 0, PMK_LEN_MAX); 1274 os_free(r1->vlan); 1275 os_free(r1->identity); 1276 os_free(r1->radius_cui); 1277 os_free(r1); 1278 } 1279 1280 1281 static void wpa_ft_expire_pmk_r1(void *eloop_ctx, void *timeout_ctx) 1282 { 1283 struct wpa_ft_pmk_r1_sa *r1 = eloop_ctx; 1284 1285 wpa_ft_free_pmk_r1(r1); 1286 } 1287 1288 1289 struct wpa_ft_pmk_cache * wpa_ft_pmk_cache_init(void) 1290 { 1291 struct wpa_ft_pmk_cache *cache; 1292 1293 cache = os_zalloc(sizeof(*cache)); 1294 if (cache) { 1295 dl_list_init(&cache->pmk_r0); 1296 dl_list_init(&cache->pmk_r1); 1297 } 1298 1299 return cache; 1300 } 1301 1302 1303 void wpa_ft_pmk_cache_deinit(struct wpa_ft_pmk_cache *cache) 1304 { 1305 struct wpa_ft_pmk_r0_sa *r0, *r0prev; 1306 struct wpa_ft_pmk_r1_sa *r1, *r1prev; 1307 1308 dl_list_for_each_safe(r0, r0prev, &cache->pmk_r0, 1309 struct wpa_ft_pmk_r0_sa, list) 1310 wpa_ft_free_pmk_r0(r0); 1311 1312 dl_list_for_each_safe(r1, r1prev, &cache->pmk_r1, 1313 struct wpa_ft_pmk_r1_sa, list) 1314 wpa_ft_free_pmk_r1(r1); 1315 1316 os_free(cache); 1317 } 1318 1319 1320 static int wpa_ft_store_pmk_r0(struct wpa_authenticator *wpa_auth, 1321 const u8 *spa, const u8 *pmk_r0, 1322 size_t pmk_r0_len, 1323 const u8 *pmk_r0_name, int pairwise, 1324 const struct vlan_description *vlan, 1325 int expires_in, int session_timeout, 1326 const u8 *identity, size_t identity_len, 1327 const u8 *radius_cui, size_t radius_cui_len) 1328 { 1329 struct wpa_ft_pmk_cache *cache = wpa_auth->ft_pmk_cache; 1330 struct wpa_ft_pmk_r0_sa *r0; 1331 struct os_reltime now; 1332 1333 /* TODO: add limit on number of entries in cache */ 1334 os_get_reltime(&now); 1335 1336 r0 = os_zalloc(sizeof(*r0)); 1337 if (r0 == NULL) 1338 return -1; 1339 1340 os_memcpy(r0->pmk_r0, pmk_r0, pmk_r0_len); 1341 r0->pmk_r0_len = pmk_r0_len; 1342 os_memcpy(r0->pmk_r0_name, pmk_r0_name, WPA_PMK_NAME_LEN); 1343 os_memcpy(r0->spa, spa, ETH_ALEN); 1344 r0->pairwise = pairwise; 1345 if (expires_in > 0) 1346 r0->expiration = now.sec + expires_in; 1347 if (vlan && vlan->notempty) { 1348 r0->vlan = os_zalloc(sizeof(*vlan)); 1349 if (!r0->vlan) { 1350 bin_clear_free(r0, sizeof(*r0)); 1351 return -1; 1352 } 1353 *r0->vlan = *vlan; 1354 } 1355 if (identity) { 1356 r0->identity = os_malloc(identity_len); 1357 if (r0->identity) { 1358 os_memcpy(r0->identity, identity, identity_len); 1359 r0->identity_len = identity_len; 1360 } 1361 } 1362 if (radius_cui) { 1363 r0->radius_cui = os_malloc(radius_cui_len); 1364 if (r0->radius_cui) { 1365 os_memcpy(r0->radius_cui, radius_cui, radius_cui_len); 1366 r0->radius_cui_len = radius_cui_len; 1367 } 1368 } 1369 if (session_timeout > 0) 1370 r0->session_timeout = now.sec + session_timeout; 1371 1372 dl_list_add(&cache->pmk_r0, &r0->list); 1373 if (expires_in > 0) 1374 eloop_register_timeout(expires_in + 1, 0, wpa_ft_expire_pmk_r0, 1375 r0, NULL); 1376 if (session_timeout > 0) 1377 eloop_register_timeout(session_timeout + 1, 0, 1378 wpa_ft_expire_pmk_r0, r0, NULL); 1379 1380 return 0; 1381 } 1382 1383 1384 static int wpa_ft_fetch_pmk_r0(struct wpa_authenticator *wpa_auth, 1385 const u8 *spa, const u8 *pmk_r0_name, 1386 const struct wpa_ft_pmk_r0_sa **r0_out) 1387 { 1388 struct wpa_ft_pmk_cache *cache = wpa_auth->ft_pmk_cache; 1389 struct wpa_ft_pmk_r0_sa *r0; 1390 struct os_reltime now; 1391 1392 os_get_reltime(&now); 1393 dl_list_for_each(r0, &cache->pmk_r0, struct wpa_ft_pmk_r0_sa, list) { 1394 if (os_memcmp(r0->spa, spa, ETH_ALEN) == 0 && 1395 os_memcmp_const(r0->pmk_r0_name, pmk_r0_name, 1396 WPA_PMK_NAME_LEN) == 0) { 1397 *r0_out = r0; 1398 return 0; 1399 } 1400 } 1401 1402 *r0_out = NULL; 1403 return -1; 1404 } 1405 1406 1407 static int wpa_ft_store_pmk_r1(struct wpa_authenticator *wpa_auth, 1408 const u8 *spa, const u8 *pmk_r1, 1409 size_t pmk_r1_len, 1410 const u8 *pmk_r1_name, int pairwise, 1411 const struct vlan_description *vlan, 1412 int expires_in, int session_timeout, 1413 const u8 *identity, size_t identity_len, 1414 const u8 *radius_cui, size_t radius_cui_len) 1415 { 1416 struct wpa_ft_pmk_cache *cache = wpa_auth->ft_pmk_cache; 1417 int max_expires_in = wpa_auth->conf.r1_max_key_lifetime; 1418 struct wpa_ft_pmk_r1_sa *r1; 1419 struct os_reltime now; 1420 1421 /* TODO: limit on number of entries in cache */ 1422 os_get_reltime(&now); 1423 1424 if (max_expires_in && (max_expires_in < expires_in || expires_in == 0)) 1425 expires_in = max_expires_in; 1426 1427 r1 = os_zalloc(sizeof(*r1)); 1428 if (r1 == NULL) 1429 return -1; 1430 1431 os_memcpy(r1->pmk_r1, pmk_r1, pmk_r1_len); 1432 r1->pmk_r1_len = pmk_r1_len; 1433 os_memcpy(r1->pmk_r1_name, pmk_r1_name, WPA_PMK_NAME_LEN); 1434 os_memcpy(r1->spa, spa, ETH_ALEN); 1435 r1->pairwise = pairwise; 1436 if (vlan && vlan->notempty) { 1437 r1->vlan = os_zalloc(sizeof(*vlan)); 1438 if (!r1->vlan) { 1439 bin_clear_free(r1, sizeof(*r1)); 1440 return -1; 1441 } 1442 *r1->vlan = *vlan; 1443 } 1444 if (identity) { 1445 r1->identity = os_malloc(identity_len); 1446 if (r1->identity) { 1447 os_memcpy(r1->identity, identity, identity_len); 1448 r1->identity_len = identity_len; 1449 } 1450 } 1451 if (radius_cui) { 1452 r1->radius_cui = os_malloc(radius_cui_len); 1453 if (r1->radius_cui) { 1454 os_memcpy(r1->radius_cui, radius_cui, radius_cui_len); 1455 r1->radius_cui_len = radius_cui_len; 1456 } 1457 } 1458 if (session_timeout > 0) 1459 r1->session_timeout = now.sec + session_timeout; 1460 1461 dl_list_add(&cache->pmk_r1, &r1->list); 1462 1463 if (expires_in > 0) 1464 eloop_register_timeout(expires_in + 1, 0, wpa_ft_expire_pmk_r1, 1465 r1, NULL); 1466 if (session_timeout > 0) 1467 eloop_register_timeout(session_timeout + 1, 0, 1468 wpa_ft_expire_pmk_r1, r1, NULL); 1469 1470 return 0; 1471 } 1472 1473 1474 static int wpa_ft_fetch_pmk_r1(struct wpa_authenticator *wpa_auth, 1475 const u8 *spa, const u8 *pmk_r1_name, 1476 u8 *pmk_r1, size_t *pmk_r1_len, int *pairwise, 1477 struct vlan_description *vlan, 1478 const u8 **identity, size_t *identity_len, 1479 const u8 **radius_cui, size_t *radius_cui_len, 1480 int *session_timeout) 1481 { 1482 struct wpa_ft_pmk_cache *cache = wpa_auth->ft_pmk_cache; 1483 struct wpa_ft_pmk_r1_sa *r1; 1484 struct os_reltime now; 1485 1486 os_get_reltime(&now); 1487 1488 dl_list_for_each(r1, &cache->pmk_r1, struct wpa_ft_pmk_r1_sa, list) { 1489 if (os_memcmp(r1->spa, spa, ETH_ALEN) == 0 && 1490 os_memcmp_const(r1->pmk_r1_name, pmk_r1_name, 1491 WPA_PMK_NAME_LEN) == 0) { 1492 os_memcpy(pmk_r1, r1->pmk_r1, r1->pmk_r1_len); 1493 *pmk_r1_len = r1->pmk_r1_len; 1494 if (pairwise) 1495 *pairwise = r1->pairwise; 1496 if (vlan && r1->vlan) 1497 *vlan = *r1->vlan; 1498 if (vlan && !r1->vlan) 1499 os_memset(vlan, 0, sizeof(*vlan)); 1500 if (identity && identity_len) { 1501 *identity = r1->identity; 1502 *identity_len = r1->identity_len; 1503 } 1504 if (radius_cui && radius_cui_len) { 1505 *radius_cui = r1->radius_cui; 1506 *radius_cui_len = r1->radius_cui_len; 1507 } 1508 if (session_timeout && r1->session_timeout > now.sec) 1509 *session_timeout = r1->session_timeout - 1510 now.sec; 1511 else if (session_timeout && r1->session_timeout) 1512 *session_timeout = 1; 1513 else if (session_timeout) 1514 *session_timeout = 0; 1515 return 0; 1516 } 1517 } 1518 1519 return -1; 1520 } 1521 1522 1523 static int wpa_ft_rrb_init_r0kh_seq(struct ft_remote_r0kh *r0kh) 1524 { 1525 if (r0kh->seq) 1526 return 0; 1527 1528 r0kh->seq = os_zalloc(sizeof(*r0kh->seq)); 1529 if (!r0kh->seq) { 1530 wpa_printf(MSG_DEBUG, "FT: Failed to allocate r0kh->seq"); 1531 return -1; 1532 } 1533 1534 dl_list_init(&r0kh->seq->rx.queue); 1535 1536 return 0; 1537 } 1538 1539 1540 static void wpa_ft_rrb_lookup_r0kh(struct wpa_authenticator *wpa_auth, 1541 const u8 *f_r0kh_id, size_t f_r0kh_id_len, 1542 struct ft_remote_r0kh **r0kh_out, 1543 struct ft_remote_r0kh **r0kh_wildcard) 1544 { 1545 struct ft_remote_r0kh *r0kh; 1546 1547 *r0kh_wildcard = NULL; 1548 *r0kh_out = NULL; 1549 1550 if (wpa_auth->conf.r0kh_list) 1551 r0kh = *wpa_auth->conf.r0kh_list; 1552 else 1553 r0kh = NULL; 1554 for (; r0kh; r0kh = r0kh->next) { 1555 if (r0kh->id_len == 1 && r0kh->id[0] == '*') 1556 *r0kh_wildcard = r0kh; 1557 if (f_r0kh_id && r0kh->id_len == f_r0kh_id_len && 1558 os_memcmp_const(f_r0kh_id, r0kh->id, f_r0kh_id_len) == 0) 1559 *r0kh_out = r0kh; 1560 } 1561 1562 if (!*r0kh_out && !*r0kh_wildcard) 1563 wpa_printf(MSG_DEBUG, "FT: No matching R0KH found"); 1564 1565 if (*r0kh_out && wpa_ft_rrb_init_r0kh_seq(*r0kh_out) < 0) 1566 *r0kh_out = NULL; 1567 } 1568 1569 1570 static int wpa_ft_rrb_init_r1kh_seq(struct ft_remote_r1kh *r1kh) 1571 { 1572 if (r1kh->seq) 1573 return 0; 1574 1575 r1kh->seq = os_zalloc(sizeof(*r1kh->seq)); 1576 if (!r1kh->seq) { 1577 wpa_printf(MSG_DEBUG, "FT: Failed to allocate r1kh->seq"); 1578 return -1; 1579 } 1580 1581 dl_list_init(&r1kh->seq->rx.queue); 1582 1583 return 0; 1584 } 1585 1586 1587 static void wpa_ft_rrb_lookup_r1kh(struct wpa_authenticator *wpa_auth, 1588 const u8 *f_r1kh_id, 1589 struct ft_remote_r1kh **r1kh_out, 1590 struct ft_remote_r1kh **r1kh_wildcard) 1591 { 1592 struct ft_remote_r1kh *r1kh; 1593 1594 *r1kh_wildcard = NULL; 1595 *r1kh_out = NULL; 1596 1597 if (wpa_auth->conf.r1kh_list) 1598 r1kh = *wpa_auth->conf.r1kh_list; 1599 else 1600 r1kh = NULL; 1601 for (; r1kh; r1kh = r1kh->next) { 1602 if (is_zero_ether_addr(r1kh->addr) && 1603 is_zero_ether_addr(r1kh->id)) 1604 *r1kh_wildcard = r1kh; 1605 if (f_r1kh_id && 1606 os_memcmp_const(r1kh->id, f_r1kh_id, FT_R1KH_ID_LEN) == 0) 1607 *r1kh_out = r1kh; 1608 } 1609 1610 if (!*r1kh_out && !*r1kh_wildcard) 1611 wpa_printf(MSG_DEBUG, "FT: No matching R1KH found"); 1612 1613 if (*r1kh_out && wpa_ft_rrb_init_r1kh_seq(*r1kh_out) < 0) 1614 *r1kh_out = NULL; 1615 } 1616 1617 1618 static int wpa_ft_rrb_check_r0kh(struct wpa_authenticator *wpa_auth, 1619 const u8 *f_r0kh_id, size_t f_r0kh_id_len) 1620 { 1621 if (f_r0kh_id_len != wpa_auth->conf.r0_key_holder_len || 1622 os_memcmp_const(f_r0kh_id, wpa_auth->conf.r0_key_holder, 1623 f_r0kh_id_len) != 0) 1624 return -1; 1625 1626 return 0; 1627 } 1628 1629 1630 static int wpa_ft_rrb_check_r1kh(struct wpa_authenticator *wpa_auth, 1631 const u8 *f_r1kh_id) 1632 { 1633 if (os_memcmp_const(f_r1kh_id, wpa_auth->conf.r1_key_holder, 1634 FT_R1KH_ID_LEN) != 0) 1635 return -1; 1636 1637 return 0; 1638 } 1639 1640 1641 static void wpa_ft_rrb_del_r0kh(void *eloop_ctx, void *timeout_ctx) 1642 { 1643 struct wpa_authenticator *wpa_auth = eloop_ctx; 1644 struct ft_remote_r0kh *r0kh, *prev = NULL; 1645 1646 if (!wpa_auth->conf.r0kh_list) 1647 return; 1648 1649 for (r0kh = *wpa_auth->conf.r0kh_list; r0kh; r0kh = r0kh->next) { 1650 if (r0kh == timeout_ctx) 1651 break; 1652 prev = r0kh; 1653 } 1654 if (!r0kh) 1655 return; 1656 if (prev) 1657 prev->next = r0kh->next; 1658 else 1659 *wpa_auth->conf.r0kh_list = r0kh->next; 1660 if (r0kh->seq) 1661 wpa_ft_rrb_seq_flush(wpa_auth, r0kh->seq, 0); 1662 os_free(r0kh->seq); 1663 os_free(r0kh); 1664 } 1665 1666 1667 static void wpa_ft_rrb_r0kh_replenish(struct wpa_authenticator *wpa_auth, 1668 struct ft_remote_r0kh *r0kh, int timeout) 1669 { 1670 if (timeout > 0) 1671 eloop_replenish_timeout(timeout, 0, wpa_ft_rrb_del_r0kh, 1672 wpa_auth, r0kh); 1673 } 1674 1675 1676 static void wpa_ft_rrb_r0kh_timeout(struct wpa_authenticator *wpa_auth, 1677 struct ft_remote_r0kh *r0kh, int timeout) 1678 { 1679 eloop_cancel_timeout(wpa_ft_rrb_del_r0kh, wpa_auth, r0kh); 1680 1681 if (timeout > 0) 1682 eloop_register_timeout(timeout, 0, wpa_ft_rrb_del_r0kh, 1683 wpa_auth, r0kh); 1684 } 1685 1686 1687 static struct ft_remote_r0kh * 1688 wpa_ft_rrb_add_r0kh(struct wpa_authenticator *wpa_auth, 1689 struct ft_remote_r0kh *r0kh_wildcard, 1690 const u8 *src_addr, const u8 *r0kh_id, size_t id_len, 1691 int timeout) 1692 { 1693 struct ft_remote_r0kh *r0kh; 1694 1695 if (!wpa_auth->conf.r0kh_list) 1696 return NULL; 1697 1698 r0kh = os_zalloc(sizeof(*r0kh)); 1699 if (!r0kh) 1700 return NULL; 1701 1702 if (src_addr) 1703 os_memcpy(r0kh->addr, src_addr, sizeof(r0kh->addr)); 1704 1705 if (id_len > FT_R0KH_ID_MAX_LEN) 1706 id_len = FT_R0KH_ID_MAX_LEN; 1707 os_memcpy(r0kh->id, r0kh_id, id_len); 1708 r0kh->id_len = id_len; 1709 1710 os_memcpy(r0kh->key, r0kh_wildcard->key, sizeof(r0kh->key)); 1711 1712 r0kh->next = *wpa_auth->conf.r0kh_list; 1713 *wpa_auth->conf.r0kh_list = r0kh; 1714 1715 if (timeout > 0) 1716 eloop_register_timeout(timeout, 0, wpa_ft_rrb_del_r0kh, 1717 wpa_auth, r0kh); 1718 1719 if (wpa_ft_rrb_init_r0kh_seq(r0kh) < 0) 1720 return NULL; 1721 1722 return r0kh; 1723 } 1724 1725 1726 static void wpa_ft_rrb_del_r1kh(void *eloop_ctx, void *timeout_ctx) 1727 { 1728 struct wpa_authenticator *wpa_auth = eloop_ctx; 1729 struct ft_remote_r1kh *r1kh, *prev = NULL; 1730 1731 if (!wpa_auth->conf.r1kh_list) 1732 return; 1733 1734 for (r1kh = *wpa_auth->conf.r1kh_list; r1kh; r1kh = r1kh->next) { 1735 if (r1kh == timeout_ctx) 1736 break; 1737 prev = r1kh; 1738 } 1739 if (!r1kh) 1740 return; 1741 if (prev) 1742 prev->next = r1kh->next; 1743 else 1744 *wpa_auth->conf.r1kh_list = r1kh->next; 1745 if (r1kh->seq) 1746 wpa_ft_rrb_seq_flush(wpa_auth, r1kh->seq, 0); 1747 os_free(r1kh->seq); 1748 os_free(r1kh); 1749 } 1750 1751 1752 static void wpa_ft_rrb_r1kh_replenish(struct wpa_authenticator *wpa_auth, 1753 struct ft_remote_r1kh *r1kh, int timeout) 1754 { 1755 if (timeout > 0) 1756 eloop_replenish_timeout(timeout, 0, wpa_ft_rrb_del_r1kh, 1757 wpa_auth, r1kh); 1758 } 1759 1760 1761 static struct ft_remote_r1kh * 1762 wpa_ft_rrb_add_r1kh(struct wpa_authenticator *wpa_auth, 1763 struct ft_remote_r1kh *r1kh_wildcard, 1764 const u8 *src_addr, const u8 *r1kh_id, int timeout) 1765 { 1766 struct ft_remote_r1kh *r1kh; 1767 1768 if (!wpa_auth->conf.r1kh_list) 1769 return NULL; 1770 1771 r1kh = os_zalloc(sizeof(*r1kh)); 1772 if (!r1kh) 1773 return NULL; 1774 1775 os_memcpy(r1kh->addr, src_addr, sizeof(r1kh->addr)); 1776 os_memcpy(r1kh->id, r1kh_id, sizeof(r1kh->id)); 1777 os_memcpy(r1kh->key, r1kh_wildcard->key, sizeof(r1kh->key)); 1778 r1kh->next = *wpa_auth->conf.r1kh_list; 1779 *wpa_auth->conf.r1kh_list = r1kh; 1780 1781 if (timeout > 0) 1782 eloop_register_timeout(timeout, 0, wpa_ft_rrb_del_r1kh, 1783 wpa_auth, r1kh); 1784 1785 if (wpa_ft_rrb_init_r1kh_seq(r1kh) < 0) 1786 return NULL; 1787 1788 return r1kh; 1789 } 1790 1791 1792 void wpa_ft_sta_deinit(struct wpa_state_machine *sm) 1793 { 1794 eloop_cancel_timeout(wpa_ft_expire_pull, sm, NULL); 1795 } 1796 1797 1798 static void wpa_ft_deinit_seq(struct wpa_authenticator *wpa_auth) 1799 { 1800 struct ft_remote_r0kh *r0kh; 1801 struct ft_remote_r1kh *r1kh; 1802 1803 eloop_cancel_timeout(wpa_ft_rrb_seq_timeout, wpa_auth, ELOOP_ALL_CTX); 1804 1805 if (wpa_auth->conf.r0kh_list) 1806 r0kh = *wpa_auth->conf.r0kh_list; 1807 else 1808 r0kh = NULL; 1809 for (; r0kh; r0kh = r0kh->next) { 1810 if (!r0kh->seq) 1811 continue; 1812 wpa_ft_rrb_seq_flush(wpa_auth, r0kh->seq, 0); 1813 os_free(r0kh->seq); 1814 r0kh->seq = NULL; 1815 } 1816 1817 if (wpa_auth->conf.r1kh_list) 1818 r1kh = *wpa_auth->conf.r1kh_list; 1819 else 1820 r1kh = NULL; 1821 for (; r1kh; r1kh = r1kh->next) { 1822 if (!r1kh->seq) 1823 continue; 1824 wpa_ft_rrb_seq_flush(wpa_auth, r1kh->seq, 0); 1825 os_free(r1kh->seq); 1826 r1kh->seq = NULL; 1827 } 1828 } 1829 1830 1831 static void wpa_ft_deinit_rkh_tmp(struct wpa_authenticator *wpa_auth) 1832 { 1833 struct ft_remote_r0kh *r0kh, *r0kh_next, *r0kh_prev = NULL; 1834 struct ft_remote_r1kh *r1kh, *r1kh_next, *r1kh_prev = NULL; 1835 1836 if (wpa_auth->conf.r0kh_list) 1837 r0kh = *wpa_auth->conf.r0kh_list; 1838 else 1839 r0kh = NULL; 1840 while (r0kh) { 1841 r0kh_next = r0kh->next; 1842 if (eloop_cancel_timeout(wpa_ft_rrb_del_r0kh, wpa_auth, 1843 r0kh) > 0) { 1844 if (r0kh_prev) 1845 r0kh_prev->next = r0kh_next; 1846 else 1847 *wpa_auth->conf.r0kh_list = r0kh_next; 1848 os_free(r0kh); 1849 } else { 1850 r0kh_prev = r0kh; 1851 } 1852 r0kh = r0kh_next; 1853 } 1854 1855 if (wpa_auth->conf.r1kh_list) 1856 r1kh = *wpa_auth->conf.r1kh_list; 1857 else 1858 r1kh = NULL; 1859 while (r1kh) { 1860 r1kh_next = r1kh->next; 1861 if (eloop_cancel_timeout(wpa_ft_rrb_del_r1kh, wpa_auth, 1862 r1kh) > 0) { 1863 if (r1kh_prev) 1864 r1kh_prev->next = r1kh_next; 1865 else 1866 *wpa_auth->conf.r1kh_list = r1kh_next; 1867 os_free(r1kh); 1868 } else { 1869 r1kh_prev = r1kh; 1870 } 1871 r1kh = r1kh_next; 1872 } 1873 } 1874 1875 1876 void wpa_ft_deinit(struct wpa_authenticator *wpa_auth) 1877 { 1878 wpa_ft_deinit_seq(wpa_auth); 1879 wpa_ft_deinit_rkh_tmp(wpa_auth); 1880 } 1881 1882 1883 static void wpa_ft_block_r0kh(struct wpa_authenticator *wpa_auth, 1884 const u8 *f_r0kh_id, size_t f_r0kh_id_len) 1885 { 1886 struct ft_remote_r0kh *r0kh, *r0kh_wildcard; 1887 1888 if (!wpa_auth->conf.rkh_neg_timeout) 1889 return; 1890 1891 wpa_ft_rrb_lookup_r0kh(wpa_auth, f_r0kh_id, f_r0kh_id_len, 1892 &r0kh, &r0kh_wildcard); 1893 1894 if (!r0kh_wildcard) { 1895 /* r0kh removed after neg_timeout and might need re-adding */ 1896 return; 1897 } 1898 1899 wpa_hexdump(MSG_DEBUG, "FT: Blacklist R0KH-ID", 1900 f_r0kh_id, f_r0kh_id_len); 1901 1902 if (r0kh) { 1903 wpa_ft_rrb_r0kh_timeout(wpa_auth, r0kh, 1904 wpa_auth->conf.rkh_neg_timeout); 1905 os_memset(r0kh->addr, 0, ETH_ALEN); 1906 } else 1907 wpa_ft_rrb_add_r0kh(wpa_auth, r0kh_wildcard, NULL, f_r0kh_id, 1908 f_r0kh_id_len, 1909 wpa_auth->conf.rkh_neg_timeout); 1910 } 1911 1912 1913 static void wpa_ft_expire_pull(void *eloop_ctx, void *timeout_ctx) 1914 { 1915 struct wpa_state_machine *sm = eloop_ctx; 1916 1917 wpa_printf(MSG_DEBUG, "FT: Timeout pending pull request for " MACSTR, 1918 MAC2STR(sm->addr)); 1919 if (sm->ft_pending_pull_left_retries <= 0) 1920 wpa_ft_block_r0kh(sm->wpa_auth, sm->r0kh_id, sm->r0kh_id_len); 1921 1922 /* cancel multiple timeouts */ 1923 eloop_cancel_timeout(wpa_ft_expire_pull, sm, NULL); 1924 ft_finish_pull(sm); 1925 } 1926 1927 1928 static int wpa_ft_pull_pmk_r1(struct wpa_state_machine *sm, 1929 const u8 *ies, size_t ies_len, 1930 const u8 *pmk_r0_name) 1931 { 1932 struct ft_remote_r0kh *r0kh, *r0kh_wildcard; 1933 u8 *packet = NULL; 1934 const u8 *key, *f_r1kh_id = sm->wpa_auth->conf.r1_key_holder; 1935 size_t packet_len, key_len; 1936 struct ft_rrb_seq f_seq; 1937 int tsecs, tusecs, first; 1938 struct wpabuf *ft_pending_req_ies; 1939 int r0kh_timeout; 1940 struct tlv_list req_enc[] = { 1941 { .type = FT_RRB_PMK_R0_NAME, .len = WPA_PMK_NAME_LEN, 1942 .data = pmk_r0_name }, 1943 { .type = FT_RRB_S1KH_ID, .len = ETH_ALEN, 1944 .data = sm->addr }, 1945 { .type = FT_RRB_LAST_EMPTY, .len = 0, .data = NULL }, 1946 }; 1947 struct tlv_list req_auth[] = { 1948 { .type = FT_RRB_NONCE, .len = FT_RRB_NONCE_LEN, 1949 .data = sm->ft_pending_pull_nonce }, 1950 { .type = FT_RRB_SEQ, .len = sizeof(f_seq), 1951 .data = (u8 *) &f_seq }, 1952 { .type = FT_RRB_R0KH_ID, .len = sm->r0kh_id_len, 1953 .data = sm->r0kh_id }, 1954 { .type = FT_RRB_R1KH_ID, .len = FT_R1KH_ID_LEN, 1955 .data = f_r1kh_id }, 1956 { .type = FT_RRB_LAST_EMPTY, .len = 0, .data = NULL }, 1957 }; 1958 1959 if (sm->ft_pending_pull_left_retries <= 0) 1960 return -1; 1961 first = sm->ft_pending_pull_left_retries == 1962 sm->wpa_auth->conf.rkh_pull_retries; 1963 sm->ft_pending_pull_left_retries--; 1964 1965 wpa_ft_rrb_lookup_r0kh(sm->wpa_auth, sm->r0kh_id, sm->r0kh_id_len, 1966 &r0kh, &r0kh_wildcard); 1967 1968 /* Keep r0kh sufficiently long in the list for seq num check */ 1969 r0kh_timeout = sm->wpa_auth->conf.rkh_pull_timeout / 1000 + 1970 1 + ftRRBseqTimeout; 1971 if (r0kh) { 1972 wpa_ft_rrb_r0kh_replenish(sm->wpa_auth, r0kh, r0kh_timeout); 1973 } else if (r0kh_wildcard) { 1974 wpa_printf(MSG_DEBUG, "FT: Using wildcard R0KH-ID"); 1975 /* r0kh->addr: updated by SEQ_RESP and wpa_ft_expire_pull */ 1976 r0kh = wpa_ft_rrb_add_r0kh(sm->wpa_auth, r0kh_wildcard, 1977 r0kh_wildcard->addr, 1978 sm->r0kh_id, sm->r0kh_id_len, 1979 r0kh_timeout); 1980 } 1981 if (r0kh == NULL) { 1982 wpa_hexdump(MSG_DEBUG, "FT: Did not find R0KH-ID", 1983 sm->r0kh_id, sm->r0kh_id_len); 1984 return -1; 1985 } 1986 if (is_zero_ether_addr(r0kh->addr)) { 1987 wpa_hexdump(MSG_DEBUG, "FT: R0KH-ID is blacklisted", 1988 sm->r0kh_id, sm->r0kh_id_len); 1989 return -1; 1990 } 1991 if (os_memcmp(r0kh->addr, sm->wpa_auth->addr, ETH_ALEN) == 0) { 1992 wpa_printf(MSG_DEBUG, 1993 "FT: R0KH-ID points to self - no matching key available"); 1994 return -1; 1995 } 1996 1997 key = r0kh->key; 1998 key_len = sizeof(r0kh->key); 1999 2000 wpa_printf(MSG_DEBUG, "FT: Send PMK-R1 pull request to remote R0KH " 2001 "address " MACSTR, MAC2STR(r0kh->addr)); 2002 2003 if (r0kh->seq->rx.num_last == 0) { 2004 /* A sequence request will be sent out anyway when pull 2005 * response is received. Send it out now to avoid one RTT. */ 2006 wpa_ft_rrb_seq_req(sm->wpa_auth, r0kh->seq, r0kh->addr, 2007 r0kh->id, r0kh->id_len, f_r1kh_id, key, 2008 key_len, NULL, 0, NULL, 0, NULL); 2009 } 2010 2011 if (first && 2012 random_get_bytes(sm->ft_pending_pull_nonce, FT_RRB_NONCE_LEN) < 0) { 2013 wpa_printf(MSG_DEBUG, "FT: Failed to get random data for " 2014 "nonce"); 2015 return -1; 2016 } 2017 2018 if (wpa_ft_new_seq(r0kh->seq, &f_seq) < 0) { 2019 wpa_printf(MSG_DEBUG, "FT: Failed to get seq num"); 2020 return -1; 2021 } 2022 2023 if (wpa_ft_rrb_build(key, key_len, req_enc, NULL, req_auth, NULL, 2024 sm->wpa_auth->addr, FT_PACKET_R0KH_R1KH_PULL, 2025 &packet, &packet_len) < 0) 2026 return -1; 2027 2028 ft_pending_req_ies = wpabuf_alloc_copy(ies, ies_len); 2029 wpabuf_free(sm->ft_pending_req_ies); 2030 sm->ft_pending_req_ies = ft_pending_req_ies; 2031 if (!sm->ft_pending_req_ies) { 2032 os_free(packet); 2033 return -1; 2034 } 2035 2036 tsecs = sm->wpa_auth->conf.rkh_pull_timeout / 1000; 2037 tusecs = (sm->wpa_auth->conf.rkh_pull_timeout % 1000) * 1000; 2038 eloop_register_timeout(tsecs, tusecs, wpa_ft_expire_pull, sm, NULL); 2039 2040 wpa_ft_rrb_oui_send(sm->wpa_auth, r0kh->addr, FT_PACKET_R0KH_R1KH_PULL, 2041 packet, packet_len); 2042 2043 os_free(packet); 2044 2045 return 0; 2046 } 2047 2048 2049 int wpa_ft_store_pmk_fils(struct wpa_state_machine *sm, 2050 const u8 *pmk_r0, const u8 *pmk_r0_name) 2051 { 2052 int expires_in = sm->wpa_auth->conf.r0_key_lifetime; 2053 struct vlan_description vlan; 2054 const u8 *identity, *radius_cui; 2055 size_t identity_len, radius_cui_len; 2056 int session_timeout; 2057 size_t pmk_r0_len = wpa_key_mgmt_sha384(sm->wpa_key_mgmt) ? 2058 SHA384_MAC_LEN : PMK_LEN; 2059 2060 if (wpa_ft_get_vlan(sm->wpa_auth, sm->addr, &vlan) < 0) { 2061 wpa_printf(MSG_DEBUG, "FT: vlan not available for STA " MACSTR, 2062 MAC2STR(sm->addr)); 2063 return -1; 2064 } 2065 2066 identity_len = wpa_ft_get_identity(sm->wpa_auth, sm->addr, &identity); 2067 radius_cui_len = wpa_ft_get_radius_cui(sm->wpa_auth, sm->addr, 2068 &radius_cui); 2069 session_timeout = wpa_ft_get_session_timeout(sm->wpa_auth, sm->addr); 2070 2071 return wpa_ft_store_pmk_r0(sm->wpa_auth, sm->addr, pmk_r0, pmk_r0_len, 2072 pmk_r0_name, sm->pairwise, &vlan, expires_in, 2073 session_timeout, identity, identity_len, 2074 radius_cui, radius_cui_len); 2075 } 2076 2077 2078 int wpa_auth_derive_ptk_ft(struct wpa_state_machine *sm, struct wpa_ptk *ptk) 2079 { 2080 u8 pmk_r0[PMK_LEN_MAX], pmk_r0_name[WPA_PMK_NAME_LEN]; 2081 size_t pmk_r0_len = wpa_key_mgmt_sha384(sm->wpa_key_mgmt) ? 2082 SHA384_MAC_LEN : PMK_LEN; 2083 size_t pmk_r1_len = pmk_r0_len; 2084 u8 pmk_r1[PMK_LEN_MAX]; 2085 u8 ptk_name[WPA_PMK_NAME_LEN]; 2086 const u8 *mdid = sm->wpa_auth->conf.mobility_domain; 2087 const u8 *r0kh = sm->wpa_auth->conf.r0_key_holder; 2088 size_t r0kh_len = sm->wpa_auth->conf.r0_key_holder_len; 2089 const u8 *r1kh = sm->wpa_auth->conf.r1_key_holder; 2090 const u8 *ssid = sm->wpa_auth->conf.ssid; 2091 size_t ssid_len = sm->wpa_auth->conf.ssid_len; 2092 int psk_local = sm->wpa_auth->conf.ft_psk_generate_local; 2093 int expires_in = sm->wpa_auth->conf.r0_key_lifetime; 2094 struct vlan_description vlan; 2095 const u8 *identity, *radius_cui; 2096 size_t identity_len, radius_cui_len; 2097 int session_timeout; 2098 const u8 *mpmk; 2099 size_t mpmk_len; 2100 2101 if (sm->xxkey_len > 0) { 2102 mpmk = sm->xxkey; 2103 mpmk_len = sm->xxkey_len; 2104 } else if (sm->pmksa) { 2105 mpmk = sm->pmksa->pmk; 2106 mpmk_len = sm->pmksa->pmk_len; 2107 } else { 2108 wpa_printf(MSG_DEBUG, "FT: XXKey not available for key " 2109 "derivation"); 2110 return -1; 2111 } 2112 2113 if (wpa_ft_get_vlan(sm->wpa_auth, sm->addr, &vlan) < 0) { 2114 wpa_printf(MSG_DEBUG, "FT: vlan not available for STA " MACSTR, 2115 MAC2STR(sm->addr)); 2116 return -1; 2117 } 2118 2119 identity_len = wpa_ft_get_identity(sm->wpa_auth, sm->addr, &identity); 2120 radius_cui_len = wpa_ft_get_radius_cui(sm->wpa_auth, sm->addr, 2121 &radius_cui); 2122 session_timeout = wpa_ft_get_session_timeout(sm->wpa_auth, sm->addr); 2123 2124 if (wpa_derive_pmk_r0(mpmk, mpmk_len, ssid, ssid_len, mdid, 2125 r0kh, r0kh_len, sm->addr, 2126 pmk_r0, pmk_r0_name, 2127 wpa_key_mgmt_sha384(sm->wpa_key_mgmt)) < 0) 2128 return -1; 2129 wpa_hexdump_key(MSG_DEBUG, "FT: PMK-R0", pmk_r0, pmk_r0_len); 2130 wpa_hexdump(MSG_DEBUG, "FT: PMKR0Name", pmk_r0_name, WPA_PMK_NAME_LEN); 2131 if (!psk_local || !wpa_key_mgmt_ft_psk(sm->wpa_key_mgmt)) 2132 wpa_ft_store_pmk_r0(sm->wpa_auth, sm->addr, pmk_r0, pmk_r0_len, 2133 pmk_r0_name, 2134 sm->pairwise, &vlan, expires_in, 2135 session_timeout, identity, identity_len, 2136 radius_cui, radius_cui_len); 2137 2138 if (wpa_derive_pmk_r1(pmk_r0, pmk_r0_len, pmk_r0_name, r1kh, sm->addr, 2139 pmk_r1, sm->pmk_r1_name) < 0) 2140 return -1; 2141 wpa_hexdump_key(MSG_DEBUG, "FT: PMK-R1", pmk_r1, pmk_r1_len); 2142 wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name", sm->pmk_r1_name, 2143 WPA_PMK_NAME_LEN); 2144 if (!psk_local || !wpa_key_mgmt_ft_psk(sm->wpa_key_mgmt)) 2145 wpa_ft_store_pmk_r1(sm->wpa_auth, sm->addr, pmk_r1, pmk_r1_len, 2146 sm->pmk_r1_name, sm->pairwise, &vlan, 2147 expires_in, session_timeout, identity, 2148 identity_len, radius_cui, radius_cui_len); 2149 2150 return wpa_pmk_r1_to_ptk(pmk_r1, pmk_r1_len, sm->SNonce, sm->ANonce, 2151 sm->addr, sm->wpa_auth->addr, sm->pmk_r1_name, 2152 ptk, ptk_name, sm->wpa_key_mgmt, sm->pairwise); 2153 } 2154 2155 2156 static inline int wpa_auth_get_seqnum(struct wpa_authenticator *wpa_auth, 2157 const u8 *addr, int idx, u8 *seq) 2158 { 2159 if (wpa_auth->cb->get_seqnum == NULL) 2160 return -1; 2161 return wpa_auth->cb->get_seqnum(wpa_auth->cb_ctx, addr, idx, seq); 2162 } 2163 2164 2165 static u8 * wpa_ft_gtk_subelem(struct wpa_state_machine *sm, size_t *len) 2166 { 2167 u8 *subelem; 2168 struct wpa_group *gsm = sm->group; 2169 size_t subelem_len, pad_len; 2170 const u8 *key; 2171 size_t key_len; 2172 u8 keybuf[32]; 2173 const u8 *kek; 2174 size_t kek_len; 2175 2176 if (wpa_key_mgmt_fils(sm->wpa_key_mgmt)) { 2177 kek = sm->PTK.kek2; 2178 kek_len = sm->PTK.kek2_len; 2179 } else { 2180 kek = sm->PTK.kek; 2181 kek_len = sm->PTK.kek_len; 2182 } 2183 2184 key_len = gsm->GTK_len; 2185 if (key_len > sizeof(keybuf)) 2186 return NULL; 2187 2188 /* 2189 * Pad key for AES Key Wrap if it is not multiple of 8 bytes or is less 2190 * than 16 bytes. 2191 */ 2192 pad_len = key_len % 8; 2193 if (pad_len) 2194 pad_len = 8 - pad_len; 2195 if (key_len + pad_len < 16) 2196 pad_len += 8; 2197 if (pad_len && key_len < sizeof(keybuf)) { 2198 os_memcpy(keybuf, gsm->GTK[gsm->GN - 1], key_len); 2199 os_memset(keybuf + key_len, 0, pad_len); 2200 keybuf[key_len] = 0xdd; 2201 key_len += pad_len; 2202 key = keybuf; 2203 } else 2204 key = gsm->GTK[gsm->GN - 1]; 2205 2206 /* 2207 * Sub-elem ID[1] | Length[1] | Key Info[2] | Key Length[1] | RSC[8] | 2208 * Key[5..32]. 2209 */ 2210 subelem_len = 13 + key_len + 8; 2211 subelem = os_zalloc(subelem_len); 2212 if (subelem == NULL) 2213 return NULL; 2214 2215 subelem[0] = FTIE_SUBELEM_GTK; 2216 subelem[1] = 11 + key_len + 8; 2217 /* Key ID in B0-B1 of Key Info */ 2218 WPA_PUT_LE16(&subelem[2], gsm->GN & 0x03); 2219 subelem[4] = gsm->GTK_len; 2220 wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN, subelem + 5); 2221 if (aes_wrap(kek, kek_len, key_len / 8, key, subelem + 13)) { 2222 wpa_printf(MSG_DEBUG, 2223 "FT: GTK subelem encryption failed: kek_len=%d", 2224 (int) kek_len); 2225 os_free(subelem); 2226 return NULL; 2227 } 2228 2229 forced_memzero(keybuf, sizeof(keybuf)); 2230 *len = subelem_len; 2231 return subelem; 2232 } 2233 2234 2235 #ifdef CONFIG_IEEE80211W 2236 static u8 * wpa_ft_igtk_subelem(struct wpa_state_machine *sm, size_t *len) 2237 { 2238 u8 *subelem, *pos; 2239 struct wpa_group *gsm = sm->group; 2240 size_t subelem_len; 2241 const u8 *kek; 2242 size_t kek_len; 2243 size_t igtk_len; 2244 2245 if (wpa_key_mgmt_fils(sm->wpa_key_mgmt)) { 2246 kek = sm->PTK.kek2; 2247 kek_len = sm->PTK.kek2_len; 2248 } else { 2249 kek = sm->PTK.kek; 2250 kek_len = sm->PTK.kek_len; 2251 } 2252 2253 igtk_len = wpa_cipher_key_len(sm->wpa_auth->conf.group_mgmt_cipher); 2254 2255 /* Sub-elem ID[1] | Length[1] | KeyID[2] | IPN[6] | Key Length[1] | 2256 * Key[16+8] */ 2257 subelem_len = 1 + 1 + 2 + 6 + 1 + igtk_len + 8; 2258 subelem = os_zalloc(subelem_len); 2259 if (subelem == NULL) 2260 return NULL; 2261 2262 pos = subelem; 2263 *pos++ = FTIE_SUBELEM_IGTK; 2264 *pos++ = subelem_len - 2; 2265 WPA_PUT_LE16(pos, gsm->GN_igtk); 2266 pos += 2; 2267 wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN_igtk, pos); 2268 pos += 6; 2269 *pos++ = igtk_len; 2270 if (aes_wrap(kek, kek_len, igtk_len / 8, 2271 gsm->IGTK[gsm->GN_igtk - 4], pos)) { 2272 wpa_printf(MSG_DEBUG, 2273 "FT: IGTK subelem encryption failed: kek_len=%d", 2274 (int) kek_len); 2275 os_free(subelem); 2276 return NULL; 2277 } 2278 2279 *len = subelem_len; 2280 return subelem; 2281 } 2282 #endif /* CONFIG_IEEE80211W */ 2283 2284 2285 static u8 * wpa_ft_process_rdie(struct wpa_state_machine *sm, 2286 u8 *pos, u8 *end, u8 id, u8 descr_count, 2287 const u8 *ies, size_t ies_len) 2288 { 2289 struct ieee802_11_elems parse; 2290 struct rsn_rdie *rdie; 2291 2292 wpa_printf(MSG_DEBUG, "FT: Resource Request: id=%d descr_count=%d", 2293 id, descr_count); 2294 wpa_hexdump(MSG_MSGDUMP, "FT: Resource descriptor IE(s)", 2295 ies, ies_len); 2296 2297 if (end - pos < (int) sizeof(*rdie)) { 2298 wpa_printf(MSG_ERROR, "FT: Not enough room for response RDIE"); 2299 return pos; 2300 } 2301 2302 *pos++ = WLAN_EID_RIC_DATA; 2303 *pos++ = sizeof(*rdie); 2304 rdie = (struct rsn_rdie *) pos; 2305 rdie->id = id; 2306 rdie->descr_count = 0; 2307 rdie->status_code = host_to_le16(WLAN_STATUS_SUCCESS); 2308 pos += sizeof(*rdie); 2309 2310 if (ieee802_11_parse_elems((u8 *) ies, ies_len, &parse, 1) == 2311 ParseFailed) { 2312 wpa_printf(MSG_DEBUG, "FT: Failed to parse request IEs"); 2313 rdie->status_code = 2314 host_to_le16(WLAN_STATUS_UNSPECIFIED_FAILURE); 2315 return pos; 2316 } 2317 2318 if (parse.wmm_tspec) { 2319 struct wmm_tspec_element *tspec; 2320 2321 if (parse.wmm_tspec_len + 2 < (int) sizeof(*tspec)) { 2322 wpa_printf(MSG_DEBUG, "FT: Too short WMM TSPEC IE " 2323 "(%d)", (int) parse.wmm_tspec_len); 2324 rdie->status_code = 2325 host_to_le16(WLAN_STATUS_UNSPECIFIED_FAILURE); 2326 return pos; 2327 } 2328 if (end - pos < (int) sizeof(*tspec)) { 2329 wpa_printf(MSG_ERROR, "FT: Not enough room for " 2330 "response TSPEC"); 2331 rdie->status_code = 2332 host_to_le16(WLAN_STATUS_UNSPECIFIED_FAILURE); 2333 return pos; 2334 } 2335 tspec = (struct wmm_tspec_element *) pos; 2336 os_memcpy(tspec, parse.wmm_tspec - 2, sizeof(*tspec)); 2337 } 2338 2339 #ifdef NEED_AP_MLME 2340 if (parse.wmm_tspec && sm->wpa_auth->conf.ap_mlme) { 2341 int res; 2342 2343 res = wmm_process_tspec((struct wmm_tspec_element *) pos); 2344 wpa_printf(MSG_DEBUG, "FT: ADDTS processing result: %d", res); 2345 if (res == WMM_ADDTS_STATUS_INVALID_PARAMETERS) 2346 rdie->status_code = 2347 host_to_le16(WLAN_STATUS_INVALID_PARAMETERS); 2348 else if (res == WMM_ADDTS_STATUS_REFUSED) 2349 rdie->status_code = 2350 host_to_le16(WLAN_STATUS_REQUEST_DECLINED); 2351 else { 2352 /* TSPEC accepted; include updated TSPEC in response */ 2353 rdie->descr_count = 1; 2354 pos += sizeof(struct wmm_tspec_element); 2355 } 2356 return pos; 2357 } 2358 #endif /* NEED_AP_MLME */ 2359 2360 if (parse.wmm_tspec && !sm->wpa_auth->conf.ap_mlme) { 2361 int res; 2362 2363 res = wpa_ft_add_tspec(sm->wpa_auth, sm->addr, pos, 2364 sizeof(struct wmm_tspec_element)); 2365 if (res >= 0) { 2366 if (res) 2367 rdie->status_code = host_to_le16(res); 2368 else { 2369 /* TSPEC accepted; include updated TSPEC in 2370 * response */ 2371 rdie->descr_count = 1; 2372 pos += sizeof(struct wmm_tspec_element); 2373 } 2374 return pos; 2375 } 2376 } 2377 2378 wpa_printf(MSG_DEBUG, "FT: No supported resource requested"); 2379 rdie->status_code = host_to_le16(WLAN_STATUS_UNSPECIFIED_FAILURE); 2380 return pos; 2381 } 2382 2383 2384 static u8 * wpa_ft_process_ric(struct wpa_state_machine *sm, u8 *pos, u8 *end, 2385 const u8 *ric, size_t ric_len) 2386 { 2387 const u8 *rpos, *start; 2388 const struct rsn_rdie *rdie; 2389 2390 wpa_hexdump(MSG_MSGDUMP, "FT: RIC Request", ric, ric_len); 2391 2392 rpos = ric; 2393 while (rpos + sizeof(*rdie) < ric + ric_len) { 2394 if (rpos[0] != WLAN_EID_RIC_DATA || rpos[1] < sizeof(*rdie) || 2395 rpos + 2 + rpos[1] > ric + ric_len) 2396 break; 2397 rdie = (const struct rsn_rdie *) (rpos + 2); 2398 rpos += 2 + rpos[1]; 2399 start = rpos; 2400 2401 while (rpos + 2 <= ric + ric_len && 2402 rpos + 2 + rpos[1] <= ric + ric_len) { 2403 if (rpos[0] == WLAN_EID_RIC_DATA) 2404 break; 2405 rpos += 2 + rpos[1]; 2406 } 2407 pos = wpa_ft_process_rdie(sm, pos, end, rdie->id, 2408 rdie->descr_count, 2409 start, rpos - start); 2410 } 2411 2412 return pos; 2413 } 2414 2415 2416 u8 * wpa_sm_write_assoc_resp_ies(struct wpa_state_machine *sm, u8 *pos, 2417 size_t max_len, int auth_alg, 2418 const u8 *req_ies, size_t req_ies_len) 2419 { 2420 u8 *end, *mdie, *ftie, *rsnie = NULL, *r0kh_id, *subelem = NULL; 2421 u8 *fte_mic, *elem_count; 2422 size_t mdie_len, ftie_len, rsnie_len = 0, r0kh_id_len, subelem_len = 0; 2423 int res; 2424 struct wpa_auth_config *conf; 2425 struct wpa_ft_ies parse; 2426 u8 *ric_start; 2427 u8 *anonce, *snonce; 2428 const u8 *kck; 2429 size_t kck_len; 2430 int use_sha384; 2431 2432 if (sm == NULL) 2433 return pos; 2434 2435 use_sha384 = wpa_key_mgmt_sha384(sm->wpa_key_mgmt); 2436 conf = &sm->wpa_auth->conf; 2437 2438 if (!wpa_key_mgmt_ft(sm->wpa_key_mgmt)) 2439 return pos; 2440 2441 end = pos + max_len; 2442 2443 if (auth_alg == WLAN_AUTH_FT || 2444 ((auth_alg == WLAN_AUTH_FILS_SK || 2445 auth_alg == WLAN_AUTH_FILS_SK_PFS || 2446 auth_alg == WLAN_AUTH_FILS_PK) && 2447 (sm->wpa_key_mgmt & (WPA_KEY_MGMT_FT_FILS_SHA256 | 2448 WPA_KEY_MGMT_FT_FILS_SHA384)))) { 2449 if (!sm->pmk_r1_name_valid) { 2450 wpa_printf(MSG_ERROR, 2451 "FT: PMKR1Name is not valid for Assoc Resp RSNE"); 2452 return NULL; 2453 } 2454 wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name for Assoc Resp RSNE", 2455 sm->pmk_r1_name, WPA_PMK_NAME_LEN); 2456 /* 2457 * RSN (only present if this is a Reassociation Response and 2458 * part of a fast BSS transition; or if this is a 2459 * (Re)Association Response frame during an FT initial mobility 2460 * domain association using FILS) 2461 */ 2462 res = wpa_write_rsn_ie(conf, pos, end - pos, sm->pmk_r1_name); 2463 if (res < 0) 2464 return NULL; 2465 rsnie = pos; 2466 rsnie_len = res; 2467 pos += res; 2468 } 2469 2470 /* Mobility Domain Information */ 2471 res = wpa_write_mdie(conf, pos, end - pos); 2472 if (res < 0) 2473 return NULL; 2474 mdie = pos; 2475 mdie_len = res; 2476 pos += res; 2477 2478 /* Fast BSS Transition Information */ 2479 if (auth_alg == WLAN_AUTH_FT) { 2480 subelem = wpa_ft_gtk_subelem(sm, &subelem_len); 2481 if (!subelem) { 2482 wpa_printf(MSG_DEBUG, 2483 "FT: Failed to add GTK subelement"); 2484 return NULL; 2485 } 2486 r0kh_id = sm->r0kh_id; 2487 r0kh_id_len = sm->r0kh_id_len; 2488 anonce = sm->ANonce; 2489 snonce = sm->SNonce; 2490 #ifdef CONFIG_IEEE80211W 2491 if (sm->mgmt_frame_prot) { 2492 u8 *igtk; 2493 size_t igtk_len; 2494 u8 *nbuf; 2495 igtk = wpa_ft_igtk_subelem(sm, &igtk_len); 2496 if (igtk == NULL) { 2497 wpa_printf(MSG_DEBUG, 2498 "FT: Failed to add IGTK subelement"); 2499 os_free(subelem); 2500 return NULL; 2501 } 2502 nbuf = os_realloc(subelem, subelem_len + igtk_len); 2503 if (nbuf == NULL) { 2504 os_free(subelem); 2505 os_free(igtk); 2506 return NULL; 2507 } 2508 subelem = nbuf; 2509 os_memcpy(subelem + subelem_len, igtk, igtk_len); 2510 subelem_len += igtk_len; 2511 os_free(igtk); 2512 } 2513 #endif /* CONFIG_IEEE80211W */ 2514 #ifdef CONFIG_OCV 2515 if (wpa_auth_uses_ocv(sm)) { 2516 struct wpa_channel_info ci; 2517 u8 *nbuf, *ocipos; 2518 2519 if (wpa_channel_info(sm->wpa_auth, &ci) != 0) { 2520 wpa_printf(MSG_WARNING, 2521 "Failed to get channel info for OCI element"); 2522 os_free(subelem); 2523 return NULL; 2524 } 2525 2526 subelem_len += 2 + OCV_OCI_LEN; 2527 nbuf = os_realloc(subelem, subelem_len); 2528 if (!nbuf) { 2529 os_free(subelem); 2530 return NULL; 2531 } 2532 subelem = nbuf; 2533 2534 ocipos = subelem + subelem_len - 2 - OCV_OCI_LEN; 2535 *ocipos++ = FTIE_SUBELEM_OCI; 2536 *ocipos++ = OCV_OCI_LEN; 2537 if (ocv_insert_oci(&ci, &ocipos) < 0) { 2538 os_free(subelem); 2539 return NULL; 2540 } 2541 } 2542 #endif /* CONFIG_OCV */ 2543 } else { 2544 r0kh_id = conf->r0_key_holder; 2545 r0kh_id_len = conf->r0_key_holder_len; 2546 anonce = NULL; 2547 snonce = NULL; 2548 } 2549 res = wpa_write_ftie(conf, use_sha384, r0kh_id, r0kh_id_len, 2550 anonce, snonce, pos, end - pos, 2551 subelem, subelem_len); 2552 os_free(subelem); 2553 if (res < 0) 2554 return NULL; 2555 ftie = pos; 2556 ftie_len = res; 2557 pos += res; 2558 2559 if (use_sha384) { 2560 struct rsn_ftie_sha384 *_ftie = 2561 (struct rsn_ftie_sha384 *) (ftie + 2); 2562 2563 fte_mic = _ftie->mic; 2564 elem_count = &_ftie->mic_control[1]; 2565 } else { 2566 struct rsn_ftie *_ftie = (struct rsn_ftie *) (ftie + 2); 2567 2568 fte_mic = _ftie->mic; 2569 elem_count = &_ftie->mic_control[1]; 2570 } 2571 if (auth_alg == WLAN_AUTH_FT) 2572 *elem_count = 3; /* Information element count */ 2573 2574 ric_start = pos; 2575 if (wpa_ft_parse_ies(req_ies, req_ies_len, &parse, use_sha384) == 0 2576 && parse.ric) { 2577 pos = wpa_ft_process_ric(sm, pos, end, parse.ric, 2578 parse.ric_len); 2579 if (auth_alg == WLAN_AUTH_FT) 2580 *elem_count += 2581 ieee802_11_ie_count(ric_start, 2582 pos - ric_start); 2583 } 2584 if (ric_start == pos) 2585 ric_start = NULL; 2586 2587 if (wpa_key_mgmt_fils(sm->wpa_key_mgmt)) { 2588 kck = sm->PTK.kck2; 2589 kck_len = sm->PTK.kck2_len; 2590 } else { 2591 kck = sm->PTK.kck; 2592 kck_len = sm->PTK.kck_len; 2593 } 2594 if (auth_alg == WLAN_AUTH_FT && 2595 wpa_ft_mic(kck, kck_len, sm->addr, sm->wpa_auth->addr, 6, 2596 mdie, mdie_len, ftie, ftie_len, 2597 rsnie, rsnie_len, 2598 ric_start, ric_start ? pos - ric_start : 0, 2599 fte_mic) < 0) { 2600 wpa_printf(MSG_DEBUG, "FT: Failed to calculate MIC"); 2601 return NULL; 2602 } 2603 2604 os_free(sm->assoc_resp_ftie); 2605 sm->assoc_resp_ftie = os_malloc(ftie_len); 2606 if (!sm->assoc_resp_ftie) 2607 return NULL; 2608 os_memcpy(sm->assoc_resp_ftie, ftie, ftie_len); 2609 2610 return pos; 2611 } 2612 2613 2614 static inline int wpa_auth_set_key(struct wpa_authenticator *wpa_auth, 2615 int vlan_id, 2616 enum wpa_alg alg, const u8 *addr, int idx, 2617 u8 *key, size_t key_len) 2618 { 2619 if (wpa_auth->cb->set_key == NULL) 2620 return -1; 2621 return wpa_auth->cb->set_key(wpa_auth->cb_ctx, vlan_id, alg, addr, idx, 2622 key, key_len); 2623 } 2624 2625 2626 void wpa_ft_install_ptk(struct wpa_state_machine *sm) 2627 { 2628 enum wpa_alg alg; 2629 int klen; 2630 2631 /* MLME-SETKEYS.request(PTK) */ 2632 alg = wpa_cipher_to_alg(sm->pairwise); 2633 klen = wpa_cipher_key_len(sm->pairwise); 2634 if (!wpa_cipher_valid_pairwise(sm->pairwise)) { 2635 wpa_printf(MSG_DEBUG, "FT: Unknown pairwise alg 0x%x - skip " 2636 "PTK configuration", sm->pairwise); 2637 return; 2638 } 2639 2640 if (sm->tk_already_set) { 2641 /* Must avoid TK reconfiguration to prevent clearing of TX/RX 2642 * PN in the driver */ 2643 wpa_printf(MSG_DEBUG, 2644 "FT: Do not re-install same PTK to the driver"); 2645 return; 2646 } 2647 2648 /* FIX: add STA entry to kernel/driver here? The set_key will fail 2649 * most likely without this.. At the moment, STA entry is added only 2650 * after association has been completed. This function will be called 2651 * again after association to get the PTK configured, but that could be 2652 * optimized by adding the STA entry earlier. 2653 */ 2654 if (wpa_auth_set_key(sm->wpa_auth, 0, alg, sm->addr, 0, 2655 sm->PTK.tk, klen)) 2656 return; 2657 2658 /* FIX: MLME-SetProtection.Request(TA, Tx_Rx) */ 2659 sm->pairwise_set = TRUE; 2660 sm->tk_already_set = TRUE; 2661 } 2662 2663 2664 /* Derive PMK-R1 from PSK, check all available PSK */ 2665 static int wpa_ft_psk_pmk_r1(struct wpa_state_machine *sm, 2666 const u8 *req_pmk_r1_name, 2667 u8 *out_pmk_r1, int *out_pairwise, 2668 struct vlan_description *out_vlan, 2669 const u8 **out_identity, size_t *out_identity_len, 2670 const u8 **out_radius_cui, 2671 size_t *out_radius_cui_len, 2672 int *out_session_timeout) 2673 { 2674 const u8 *pmk = NULL; 2675 u8 pmk_r0[PMK_LEN], pmk_r0_name[WPA_PMK_NAME_LEN]; 2676 u8 pmk_r1[PMK_LEN], pmk_r1_name[WPA_PMK_NAME_LEN]; 2677 struct wpa_authenticator *wpa_auth = sm->wpa_auth; 2678 const u8 *mdid = wpa_auth->conf.mobility_domain; 2679 const u8 *r0kh = sm->r0kh_id; 2680 size_t r0kh_len = sm->r0kh_id_len; 2681 const u8 *r1kh = wpa_auth->conf.r1_key_holder; 2682 const u8 *ssid = wpa_auth->conf.ssid; 2683 size_t ssid_len = wpa_auth->conf.ssid_len; 2684 int pairwise; 2685 2686 pairwise = sm->pairwise; 2687 2688 for (;;) { 2689 pmk = wpa_ft_get_psk(wpa_auth, sm->addr, sm->p2p_dev_addr, 2690 pmk); 2691 if (pmk == NULL) 2692 break; 2693 2694 if (wpa_derive_pmk_r0(pmk, PMK_LEN, ssid, ssid_len, mdid, r0kh, 2695 r0kh_len, sm->addr, 2696 pmk_r0, pmk_r0_name, 0) < 0 || 2697 wpa_derive_pmk_r1(pmk_r0, PMK_LEN, pmk_r0_name, r1kh, 2698 sm->addr, pmk_r1, pmk_r1_name) < 0 || 2699 os_memcmp_const(pmk_r1_name, req_pmk_r1_name, 2700 WPA_PMK_NAME_LEN) != 0) 2701 continue; 2702 2703 /* We found a PSK that matches the requested pmk_r1_name */ 2704 wpa_printf(MSG_DEBUG, 2705 "FT: Found PSK to generate PMK-R1 locally"); 2706 os_memcpy(out_pmk_r1, pmk_r1, PMK_LEN); 2707 if (out_pairwise) 2708 *out_pairwise = pairwise; 2709 os_memcpy(sm->PMK, pmk, PMK_LEN); 2710 sm->pmk_len = PMK_LEN; 2711 if (out_vlan && 2712 wpa_ft_get_vlan(sm->wpa_auth, sm->addr, out_vlan) < 0) { 2713 wpa_printf(MSG_DEBUG, "FT: vlan not available for STA " 2714 MACSTR, MAC2STR(sm->addr)); 2715 return -1; 2716 } 2717 2718 if (out_identity && out_identity_len) { 2719 *out_identity_len = wpa_ft_get_identity( 2720 sm->wpa_auth, sm->addr, out_identity); 2721 } 2722 2723 if (out_radius_cui && out_radius_cui_len) { 2724 *out_radius_cui_len = wpa_ft_get_radius_cui( 2725 sm->wpa_auth, sm->addr, out_radius_cui); 2726 } 2727 2728 if (out_session_timeout) { 2729 *out_session_timeout = wpa_ft_get_session_timeout( 2730 sm->wpa_auth, sm->addr); 2731 } 2732 2733 return 0; 2734 } 2735 2736 wpa_printf(MSG_DEBUG, 2737 "FT: Did not find PSK to generate PMK-R1 locally"); 2738 return -1; 2739 } 2740 2741 2742 /* Detect the configuration the station asked for. 2743 * Required to detect FT-PSK and pairwise cipher. 2744 */ 2745 static int wpa_ft_set_key_mgmt(struct wpa_state_machine *sm, 2746 struct wpa_ft_ies *parse) 2747 { 2748 int key_mgmt, ciphers; 2749 2750 if (sm->wpa_key_mgmt) 2751 return 0; 2752 2753 key_mgmt = parse->key_mgmt & sm->wpa_auth->conf.wpa_key_mgmt; 2754 if (!key_mgmt) { 2755 wpa_printf(MSG_DEBUG, "FT: Invalid key mgmt (0x%x) from " 2756 MACSTR, parse->key_mgmt, MAC2STR(sm->addr)); 2757 return -1; 2758 } 2759 if (key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X) 2760 sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_IEEE8021X; 2761 #ifdef CONFIG_SHA384 2762 else if (key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X_SHA384) 2763 sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_IEEE8021X_SHA384; 2764 #endif /* CONFIG_SHA384 */ 2765 else if (key_mgmt & WPA_KEY_MGMT_FT_PSK) 2766 sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_PSK; 2767 #ifdef CONFIG_FILS 2768 else if (key_mgmt & WPA_KEY_MGMT_FT_FILS_SHA256) 2769 sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_FILS_SHA256; 2770 else if (key_mgmt & WPA_KEY_MGMT_FT_FILS_SHA384) 2771 sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_FILS_SHA384; 2772 #endif /* CONFIG_FILS */ 2773 ciphers = parse->pairwise_cipher & sm->wpa_auth->conf.rsn_pairwise; 2774 if (!ciphers) { 2775 wpa_printf(MSG_DEBUG, "FT: Invalid pairwise cipher (0x%x) from " 2776 MACSTR, 2777 parse->pairwise_cipher, MAC2STR(sm->addr)); 2778 return -1; 2779 } 2780 sm->pairwise = wpa_pick_pairwise_cipher(ciphers, 0); 2781 2782 return 0; 2783 } 2784 2785 2786 static int wpa_ft_local_derive_pmk_r1(struct wpa_authenticator *wpa_auth, 2787 struct wpa_state_machine *sm, 2788 const u8 *r0kh_id, size_t r0kh_id_len, 2789 const u8 *req_pmk_r0_name, 2790 const u8 *req_pmk_r1_name, 2791 u8 *out_pmk_r1, int *out_pairwise, 2792 struct vlan_description *vlan, 2793 const u8 **identity, size_t *identity_len, 2794 const u8 **radius_cui, 2795 size_t *radius_cui_len, 2796 int *out_session_timeout) 2797 { 2798 struct wpa_auth_config *conf = &wpa_auth->conf; 2799 const struct wpa_ft_pmk_r0_sa *r0; 2800 u8 pmk_r1_name[WPA_PMK_NAME_LEN]; 2801 int expires_in = 0; 2802 int session_timeout = 0; 2803 struct os_reltime now; 2804 2805 if (conf->r0_key_holder_len != r0kh_id_len || 2806 os_memcmp(conf->r0_key_holder, r0kh_id, conf->r0_key_holder_len) != 2807 0) 2808 return -1; /* not our R0KH-ID */ 2809 2810 wpa_printf(MSG_DEBUG, "FT: STA R0KH-ID matching local configuration"); 2811 if (wpa_ft_fetch_pmk_r0(sm->wpa_auth, sm->addr, req_pmk_r0_name, &r0) < 2812 0) 2813 return -1; /* no matching PMKR0Name in local cache */ 2814 2815 wpa_printf(MSG_DEBUG, "FT: Requested PMKR0Name found in local cache"); 2816 2817 if (wpa_derive_pmk_r1(r0->pmk_r0, r0->pmk_r0_len, r0->pmk_r0_name, 2818 conf->r1_key_holder, 2819 sm->addr, out_pmk_r1, pmk_r1_name) < 0) 2820 return -1; 2821 wpa_hexdump_key(MSG_DEBUG, "FT: PMK-R1", out_pmk_r1, r0->pmk_r0_len); 2822 wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name", pmk_r1_name, WPA_PMK_NAME_LEN); 2823 2824 os_get_reltime(&now); 2825 if (r0->expiration) 2826 expires_in = r0->expiration - now.sec; 2827 2828 if (r0->session_timeout) 2829 session_timeout = r0->session_timeout - now.sec; 2830 2831 wpa_ft_store_pmk_r1(wpa_auth, sm->addr, out_pmk_r1, r0->pmk_r0_len, 2832 pmk_r1_name, 2833 sm->pairwise, r0->vlan, expires_in, session_timeout, 2834 r0->identity, r0->identity_len, 2835 r0->radius_cui, r0->radius_cui_len); 2836 2837 *out_pairwise = sm->pairwise; 2838 if (vlan) { 2839 if (r0->vlan) 2840 *vlan = *r0->vlan; 2841 else 2842 os_memset(vlan, 0, sizeof(*vlan)); 2843 } 2844 2845 if (identity && identity_len) { 2846 *identity = r0->identity; 2847 *identity_len = r0->identity_len; 2848 } 2849 2850 if (radius_cui && radius_cui_len) { 2851 *radius_cui = r0->radius_cui; 2852 *radius_cui_len = r0->radius_cui_len; 2853 } 2854 2855 *out_session_timeout = session_timeout; 2856 2857 return 0; 2858 } 2859 2860 2861 static int wpa_ft_process_auth_req(struct wpa_state_machine *sm, 2862 const u8 *ies, size_t ies_len, 2863 u8 **resp_ies, size_t *resp_ies_len) 2864 { 2865 struct rsn_mdie *mdie; 2866 u8 pmk_r1[PMK_LEN_MAX], pmk_r1_name[WPA_PMK_NAME_LEN]; 2867 u8 ptk_name[WPA_PMK_NAME_LEN]; 2868 struct wpa_auth_config *conf; 2869 struct wpa_ft_ies parse; 2870 size_t buflen; 2871 int ret; 2872 u8 *pos, *end; 2873 int pairwise, session_timeout = 0; 2874 struct vlan_description vlan; 2875 const u8 *identity, *radius_cui; 2876 size_t identity_len = 0, radius_cui_len = 0; 2877 int use_sha384; 2878 size_t pmk_r1_len; 2879 2880 *resp_ies = NULL; 2881 *resp_ies_len = 0; 2882 2883 sm->pmk_r1_name_valid = 0; 2884 conf = &sm->wpa_auth->conf; 2885 2886 wpa_hexdump(MSG_DEBUG, "FT: Received authentication frame IEs", 2887 ies, ies_len); 2888 2889 if (wpa_ft_parse_ies(ies, ies_len, &parse, -1)) { 2890 wpa_printf(MSG_DEBUG, "FT: Failed to parse FT IEs"); 2891 return WLAN_STATUS_UNSPECIFIED_FAILURE; 2892 } 2893 use_sha384 = wpa_key_mgmt_sha384(parse.key_mgmt); 2894 pmk_r1_len = use_sha384 ? SHA384_MAC_LEN : PMK_LEN; 2895 2896 mdie = (struct rsn_mdie *) parse.mdie; 2897 if (mdie == NULL || parse.mdie_len < sizeof(*mdie) || 2898 os_memcmp(mdie->mobility_domain, 2899 sm->wpa_auth->conf.mobility_domain, 2900 MOBILITY_DOMAIN_ID_LEN) != 0) { 2901 wpa_printf(MSG_DEBUG, "FT: Invalid MDIE"); 2902 return WLAN_STATUS_INVALID_MDIE; 2903 } 2904 2905 if (use_sha384) { 2906 struct rsn_ftie_sha384 *ftie; 2907 2908 ftie = (struct rsn_ftie_sha384 *) parse.ftie; 2909 if (!ftie || parse.ftie_len < sizeof(*ftie)) { 2910 wpa_printf(MSG_DEBUG, "FT: Invalid FTIE"); 2911 return WLAN_STATUS_INVALID_FTIE; 2912 } 2913 2914 os_memcpy(sm->SNonce, ftie->snonce, WPA_NONCE_LEN); 2915 } else { 2916 struct rsn_ftie *ftie; 2917 2918 ftie = (struct rsn_ftie *) parse.ftie; 2919 if (!ftie || parse.ftie_len < sizeof(*ftie)) { 2920 wpa_printf(MSG_DEBUG, "FT: Invalid FTIE"); 2921 return WLAN_STATUS_INVALID_FTIE; 2922 } 2923 2924 os_memcpy(sm->SNonce, ftie->snonce, WPA_NONCE_LEN); 2925 } 2926 2927 if (parse.r0kh_id == NULL) { 2928 wpa_printf(MSG_DEBUG, "FT: Invalid FTIE - no R0KH-ID"); 2929 return WLAN_STATUS_INVALID_FTIE; 2930 } 2931 2932 wpa_hexdump(MSG_DEBUG, "FT: STA R0KH-ID", 2933 parse.r0kh_id, parse.r0kh_id_len); 2934 os_memcpy(sm->r0kh_id, parse.r0kh_id, parse.r0kh_id_len); 2935 sm->r0kh_id_len = parse.r0kh_id_len; 2936 2937 if (parse.rsn_pmkid == NULL) { 2938 wpa_printf(MSG_DEBUG, "FT: No PMKID in RSNIE"); 2939 return WLAN_STATUS_INVALID_PMKID; 2940 } 2941 2942 if (wpa_ft_set_key_mgmt(sm, &parse) < 0) 2943 return WLAN_STATUS_UNSPECIFIED_FAILURE; 2944 2945 wpa_hexdump(MSG_DEBUG, "FT: Requested PMKR0Name", 2946 parse.rsn_pmkid, WPA_PMK_NAME_LEN); 2947 if (wpa_derive_pmk_r1_name(parse.rsn_pmkid, 2948 sm->wpa_auth->conf.r1_key_holder, sm->addr, 2949 pmk_r1_name, use_sha384) < 0) 2950 return WLAN_STATUS_UNSPECIFIED_FAILURE; 2951 wpa_hexdump(MSG_DEBUG, "FT: Derived requested PMKR1Name", 2952 pmk_r1_name, WPA_PMK_NAME_LEN); 2953 2954 if (conf->ft_psk_generate_local && 2955 wpa_key_mgmt_ft_psk(sm->wpa_key_mgmt)) { 2956 if (wpa_ft_psk_pmk_r1(sm, pmk_r1_name, pmk_r1, &pairwise, 2957 &vlan, &identity, &identity_len, 2958 &radius_cui, &radius_cui_len, 2959 &session_timeout) < 0) 2960 return WLAN_STATUS_INVALID_PMKID; 2961 wpa_printf(MSG_DEBUG, 2962 "FT: Generated PMK-R1 for FT-PSK locally"); 2963 } else if (wpa_ft_fetch_pmk_r1(sm->wpa_auth, sm->addr, pmk_r1_name, 2964 pmk_r1, &pmk_r1_len, &pairwise, &vlan, 2965 &identity, &identity_len, &radius_cui, 2966 &radius_cui_len, &session_timeout) < 0) { 2967 wpa_printf(MSG_DEBUG, 2968 "FT: No PMK-R1 available in local cache for the requested PMKR1Name"); 2969 if (wpa_ft_local_derive_pmk_r1(sm->wpa_auth, sm, 2970 parse.r0kh_id, parse.r0kh_id_len, 2971 parse.rsn_pmkid, 2972 pmk_r1_name, pmk_r1, &pairwise, 2973 &vlan, &identity, &identity_len, 2974 &radius_cui, &radius_cui_len, 2975 &session_timeout) == 0) { 2976 wpa_printf(MSG_DEBUG, 2977 "FT: Generated PMK-R1 based on local PMK-R0"); 2978 goto pmk_r1_derived; 2979 } 2980 2981 if (wpa_ft_pull_pmk_r1(sm, ies, ies_len, parse.rsn_pmkid) < 0) { 2982 wpa_printf(MSG_DEBUG, 2983 "FT: Did not have matching PMK-R1 and either unknown or blocked R0KH-ID or NAK from R0KH"); 2984 return WLAN_STATUS_INVALID_PMKID; 2985 } 2986 2987 return -1; /* Status pending */ 2988 } else { 2989 wpa_printf(MSG_DEBUG, "FT: Found PMKR1Name from local cache"); 2990 } 2991 2992 pmk_r1_derived: 2993 wpa_hexdump_key(MSG_DEBUG, "FT: Selected PMK-R1", pmk_r1, pmk_r1_len); 2994 sm->pmk_r1_name_valid = 1; 2995 os_memcpy(sm->pmk_r1_name, pmk_r1_name, WPA_PMK_NAME_LEN); 2996 os_memcpy(sm->pmk_r1, pmk_r1, pmk_r1_len); 2997 sm->pmk_r1_len = pmk_r1_len; 2998 2999 if (random_get_bytes(sm->ANonce, WPA_NONCE_LEN)) { 3000 wpa_printf(MSG_DEBUG, "FT: Failed to get random data for " 3001 "ANonce"); 3002 return WLAN_STATUS_UNSPECIFIED_FAILURE; 3003 } 3004 3005 wpa_hexdump(MSG_DEBUG, "FT: Received SNonce", 3006 sm->SNonce, WPA_NONCE_LEN); 3007 wpa_hexdump(MSG_DEBUG, "FT: Generated ANonce", 3008 sm->ANonce, WPA_NONCE_LEN); 3009 3010 if (wpa_pmk_r1_to_ptk(pmk_r1, pmk_r1_len, sm->SNonce, sm->ANonce, 3011 sm->addr, sm->wpa_auth->addr, pmk_r1_name, 3012 &sm->PTK, ptk_name, sm->wpa_key_mgmt, 3013 pairwise) < 0) 3014 return WLAN_STATUS_UNSPECIFIED_FAILURE; 3015 3016 sm->pairwise = pairwise; 3017 sm->PTK_valid = TRUE; 3018 sm->tk_already_set = FALSE; 3019 wpa_ft_install_ptk(sm); 3020 3021 if (wpa_ft_set_vlan(sm->wpa_auth, sm->addr, &vlan) < 0) { 3022 wpa_printf(MSG_DEBUG, "FT: Failed to configure VLAN"); 3023 return WLAN_STATUS_UNSPECIFIED_FAILURE; 3024 } 3025 if (wpa_ft_set_identity(sm->wpa_auth, sm->addr, 3026 identity, identity_len) < 0 || 3027 wpa_ft_set_radius_cui(sm->wpa_auth, sm->addr, 3028 radius_cui, radius_cui_len) < 0) { 3029 wpa_printf(MSG_DEBUG, "FT: Failed to configure identity/CUI"); 3030 return WLAN_STATUS_UNSPECIFIED_FAILURE; 3031 } 3032 wpa_ft_set_session_timeout(sm->wpa_auth, sm->addr, session_timeout); 3033 3034 buflen = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) + 3035 2 + FT_R1KH_ID_LEN + 200; 3036 *resp_ies = os_zalloc(buflen); 3037 if (*resp_ies == NULL) 3038 goto fail; 3039 3040 pos = *resp_ies; 3041 end = *resp_ies + buflen; 3042 3043 ret = wpa_write_rsn_ie(conf, pos, end - pos, parse.rsn_pmkid); 3044 if (ret < 0) 3045 goto fail; 3046 pos += ret; 3047 3048 ret = wpa_write_mdie(conf, pos, end - pos); 3049 if (ret < 0) 3050 goto fail; 3051 pos += ret; 3052 3053 ret = wpa_write_ftie(conf, use_sha384, parse.r0kh_id, parse.r0kh_id_len, 3054 sm->ANonce, sm->SNonce, pos, end - pos, NULL, 0); 3055 if (ret < 0) 3056 goto fail; 3057 pos += ret; 3058 3059 *resp_ies_len = pos - *resp_ies; 3060 3061 return WLAN_STATUS_SUCCESS; 3062 fail: 3063 os_free(*resp_ies); 3064 *resp_ies = NULL; 3065 return WLAN_STATUS_UNSPECIFIED_FAILURE; 3066 } 3067 3068 3069 void wpa_ft_process_auth(struct wpa_state_machine *sm, const u8 *bssid, 3070 u16 auth_transaction, const u8 *ies, size_t ies_len, 3071 void (*cb)(void *ctx, const u8 *dst, const u8 *bssid, 3072 u16 auth_transaction, u16 status, 3073 const u8 *ies, size_t ies_len), 3074 void *ctx) 3075 { 3076 u16 status; 3077 u8 *resp_ies; 3078 size_t resp_ies_len; 3079 int res; 3080 3081 if (sm == NULL) { 3082 wpa_printf(MSG_DEBUG, "FT: Received authentication frame, but " 3083 "WPA SM not available"); 3084 return; 3085 } 3086 3087 wpa_printf(MSG_DEBUG, "FT: Received authentication frame: STA=" MACSTR 3088 " BSSID=" MACSTR " transaction=%d", 3089 MAC2STR(sm->addr), MAC2STR(bssid), auth_transaction); 3090 sm->ft_pending_cb = cb; 3091 sm->ft_pending_cb_ctx = ctx; 3092 sm->ft_pending_auth_transaction = auth_transaction; 3093 sm->ft_pending_pull_left_retries = sm->wpa_auth->conf.rkh_pull_retries; 3094 res = wpa_ft_process_auth_req(sm, ies, ies_len, &resp_ies, 3095 &resp_ies_len); 3096 if (res < 0) { 3097 wpa_printf(MSG_DEBUG, "FT: Callback postponed until response is available"); 3098 return; 3099 } 3100 status = res; 3101 3102 wpa_printf(MSG_DEBUG, "FT: FT authentication response: dst=" MACSTR 3103 " auth_transaction=%d status=%u (%s)", 3104 MAC2STR(sm->addr), auth_transaction + 1, status, 3105 status2str(status)); 3106 wpa_hexdump(MSG_DEBUG, "FT: Response IEs", resp_ies, resp_ies_len); 3107 cb(ctx, sm->addr, bssid, auth_transaction + 1, status, 3108 resp_ies, resp_ies_len); 3109 os_free(resp_ies); 3110 } 3111 3112 3113 u16 wpa_ft_validate_reassoc(struct wpa_state_machine *sm, const u8 *ies, 3114 size_t ies_len) 3115 { 3116 struct wpa_ft_ies parse; 3117 struct rsn_mdie *mdie; 3118 u8 mic[WPA_EAPOL_KEY_MIC_MAX_LEN]; 3119 size_t mic_len = 16; 3120 unsigned int count; 3121 const u8 *kck; 3122 size_t kck_len; 3123 int use_sha384; 3124 const u8 *anonce, *snonce, *fte_mic; 3125 u8 fte_elem_count; 3126 3127 if (sm == NULL) 3128 return WLAN_STATUS_UNSPECIFIED_FAILURE; 3129 3130 use_sha384 = wpa_key_mgmt_sha384(sm->wpa_key_mgmt); 3131 3132 wpa_hexdump(MSG_DEBUG, "FT: Reassoc Req IEs", ies, ies_len); 3133 3134 if (wpa_ft_parse_ies(ies, ies_len, &parse, use_sha384) < 0) { 3135 wpa_printf(MSG_DEBUG, "FT: Failed to parse FT IEs"); 3136 return WLAN_STATUS_UNSPECIFIED_FAILURE; 3137 } 3138 3139 if (parse.rsn == NULL) { 3140 wpa_printf(MSG_DEBUG, "FT: No RSNIE in Reassoc Req"); 3141 return WLAN_STATUS_UNSPECIFIED_FAILURE; 3142 } 3143 3144 if (parse.rsn_pmkid == NULL) { 3145 wpa_printf(MSG_DEBUG, "FT: No PMKID in RSNIE"); 3146 return WLAN_STATUS_INVALID_PMKID; 3147 } 3148 3149 if (os_memcmp_const(parse.rsn_pmkid, sm->pmk_r1_name, WPA_PMK_NAME_LEN) 3150 != 0) { 3151 wpa_printf(MSG_DEBUG, "FT: PMKID in Reassoc Req did not match " 3152 "with the PMKR1Name derived from auth request"); 3153 return WLAN_STATUS_INVALID_PMKID; 3154 } 3155 3156 mdie = (struct rsn_mdie *) parse.mdie; 3157 if (mdie == NULL || parse.mdie_len < sizeof(*mdie) || 3158 os_memcmp(mdie->mobility_domain, 3159 sm->wpa_auth->conf.mobility_domain, 3160 MOBILITY_DOMAIN_ID_LEN) != 0) { 3161 wpa_printf(MSG_DEBUG, "FT: Invalid MDIE"); 3162 return WLAN_STATUS_INVALID_MDIE; 3163 } 3164 3165 if (use_sha384) { 3166 struct rsn_ftie_sha384 *ftie; 3167 3168 ftie = (struct rsn_ftie_sha384 *) parse.ftie; 3169 if (ftie == NULL || parse.ftie_len < sizeof(*ftie)) { 3170 wpa_printf(MSG_DEBUG, "FT: Invalid FTIE"); 3171 return WLAN_STATUS_INVALID_FTIE; 3172 } 3173 3174 anonce = ftie->anonce; 3175 snonce = ftie->snonce; 3176 fte_elem_count = ftie->mic_control[1]; 3177 fte_mic = ftie->mic; 3178 } else { 3179 struct rsn_ftie *ftie; 3180 3181 ftie = (struct rsn_ftie *) parse.ftie; 3182 if (ftie == NULL || parse.ftie_len < sizeof(*ftie)) { 3183 wpa_printf(MSG_DEBUG, "FT: Invalid FTIE"); 3184 return WLAN_STATUS_INVALID_FTIE; 3185 } 3186 3187 anonce = ftie->anonce; 3188 snonce = ftie->snonce; 3189 fte_elem_count = ftie->mic_control[1]; 3190 fte_mic = ftie->mic; 3191 } 3192 3193 if (os_memcmp(snonce, sm->SNonce, WPA_NONCE_LEN) != 0) { 3194 wpa_printf(MSG_DEBUG, "FT: SNonce mismatch in FTIE"); 3195 wpa_hexdump(MSG_DEBUG, "FT: Received SNonce", 3196 snonce, WPA_NONCE_LEN); 3197 wpa_hexdump(MSG_DEBUG, "FT: Expected SNonce", 3198 sm->SNonce, WPA_NONCE_LEN); 3199 return WLAN_STATUS_INVALID_FTIE; 3200 } 3201 3202 if (os_memcmp(anonce, sm->ANonce, WPA_NONCE_LEN) != 0) { 3203 wpa_printf(MSG_DEBUG, "FT: ANonce mismatch in FTIE"); 3204 wpa_hexdump(MSG_DEBUG, "FT: Received ANonce", 3205 anonce, WPA_NONCE_LEN); 3206 wpa_hexdump(MSG_DEBUG, "FT: Expected ANonce", 3207 sm->ANonce, WPA_NONCE_LEN); 3208 return WLAN_STATUS_INVALID_FTIE; 3209 } 3210 3211 3212 if (parse.r0kh_id == NULL) { 3213 wpa_printf(MSG_DEBUG, "FT: No R0KH-ID subelem in FTIE"); 3214 return WLAN_STATUS_INVALID_FTIE; 3215 } 3216 3217 if (parse.r0kh_id_len != sm->r0kh_id_len || 3218 os_memcmp_const(parse.r0kh_id, sm->r0kh_id, parse.r0kh_id_len) != 0) 3219 { 3220 wpa_printf(MSG_DEBUG, "FT: R0KH-ID in FTIE did not match with " 3221 "the current R0KH-ID"); 3222 wpa_hexdump(MSG_DEBUG, "FT: R0KH-ID in FTIE", 3223 parse.r0kh_id, parse.r0kh_id_len); 3224 wpa_hexdump(MSG_DEBUG, "FT: The current R0KH-ID", 3225 sm->r0kh_id, sm->r0kh_id_len); 3226 return WLAN_STATUS_INVALID_FTIE; 3227 } 3228 3229 if (parse.r1kh_id == NULL) { 3230 wpa_printf(MSG_DEBUG, "FT: No R1KH-ID subelem in FTIE"); 3231 return WLAN_STATUS_INVALID_FTIE; 3232 } 3233 3234 if (os_memcmp_const(parse.r1kh_id, sm->wpa_auth->conf.r1_key_holder, 3235 FT_R1KH_ID_LEN) != 0) { 3236 wpa_printf(MSG_DEBUG, "FT: Unknown R1KH-ID used in " 3237 "ReassocReq"); 3238 wpa_hexdump(MSG_DEBUG, "FT: R1KH-ID in FTIE", 3239 parse.r1kh_id, FT_R1KH_ID_LEN); 3240 wpa_hexdump(MSG_DEBUG, "FT: Expected R1KH-ID", 3241 sm->wpa_auth->conf.r1_key_holder, FT_R1KH_ID_LEN); 3242 return WLAN_STATUS_INVALID_FTIE; 3243 } 3244 3245 if (parse.rsn_pmkid == NULL || 3246 os_memcmp_const(parse.rsn_pmkid, sm->pmk_r1_name, WPA_PMK_NAME_LEN)) 3247 { 3248 wpa_printf(MSG_DEBUG, "FT: No matching PMKR1Name (PMKID) in " 3249 "RSNIE (pmkid=%d)", !!parse.rsn_pmkid); 3250 return WLAN_STATUS_INVALID_PMKID; 3251 } 3252 3253 count = 3; 3254 if (parse.ric) 3255 count += ieee802_11_ie_count(parse.ric, parse.ric_len); 3256 if (fte_elem_count != count) { 3257 wpa_printf(MSG_DEBUG, "FT: Unexpected IE count in MIC " 3258 "Control: received %u expected %u", 3259 fte_elem_count, count); 3260 return WLAN_STATUS_UNSPECIFIED_FAILURE; 3261 } 3262 3263 if (wpa_key_mgmt_fils(sm->wpa_key_mgmt)) { 3264 kck = sm->PTK.kck2; 3265 kck_len = sm->PTK.kck2_len; 3266 } else { 3267 kck = sm->PTK.kck; 3268 kck_len = sm->PTK.kck_len; 3269 } 3270 if (wpa_ft_mic(kck, kck_len, sm->addr, sm->wpa_auth->addr, 5, 3271 parse.mdie - 2, parse.mdie_len + 2, 3272 parse.ftie - 2, parse.ftie_len + 2, 3273 parse.rsn - 2, parse.rsn_len + 2, 3274 parse.ric, parse.ric_len, 3275 mic) < 0) { 3276 wpa_printf(MSG_DEBUG, "FT: Failed to calculate MIC"); 3277 return WLAN_STATUS_UNSPECIFIED_FAILURE; 3278 } 3279 3280 if (os_memcmp_const(mic, fte_mic, mic_len) != 0) { 3281 wpa_printf(MSG_DEBUG, "FT: Invalid MIC in FTIE"); 3282 wpa_printf(MSG_DEBUG, "FT: addr=" MACSTR " auth_addr=" MACSTR, 3283 MAC2STR(sm->addr), MAC2STR(sm->wpa_auth->addr)); 3284 wpa_hexdump(MSG_MSGDUMP, "FT: Received MIC", 3285 fte_mic, mic_len); 3286 wpa_hexdump(MSG_MSGDUMP, "FT: Calculated MIC", mic, mic_len); 3287 wpa_hexdump(MSG_MSGDUMP, "FT: MDIE", 3288 parse.mdie - 2, parse.mdie_len + 2); 3289 wpa_hexdump(MSG_MSGDUMP, "FT: FTIE", 3290 parse.ftie - 2, parse.ftie_len + 2); 3291 wpa_hexdump(MSG_MSGDUMP, "FT: RSN", 3292 parse.rsn - 2, parse.rsn_len + 2); 3293 return WLAN_STATUS_INVALID_FTIE; 3294 } 3295 3296 #ifdef CONFIG_OCV 3297 if (wpa_auth_uses_ocv(sm)) { 3298 struct wpa_channel_info ci; 3299 int tx_chanwidth; 3300 int tx_seg1_idx; 3301 3302 if (wpa_channel_info(sm->wpa_auth, &ci) != 0) { 3303 wpa_printf(MSG_WARNING, 3304 "Failed to get channel info to validate received OCI in (Re)Assoc Request"); 3305 return WLAN_STATUS_UNSPECIFIED_FAILURE; 3306 } 3307 3308 if (get_sta_tx_parameters(sm, 3309 channel_width_to_int(ci.chanwidth), 3310 ci.seg1_idx, &tx_chanwidth, 3311 &tx_seg1_idx) < 0) 3312 return WLAN_STATUS_UNSPECIFIED_FAILURE; 3313 3314 if (ocv_verify_tx_params(parse.oci, parse.oci_len, &ci, 3315 tx_chanwidth, tx_seg1_idx) != 0) { 3316 wpa_printf(MSG_WARNING, "%s", ocv_errorstr); 3317 return WLAN_STATUS_UNSPECIFIED_FAILURE; 3318 } 3319 } 3320 #endif /* CONFIG_OCV */ 3321 3322 return WLAN_STATUS_SUCCESS; 3323 } 3324 3325 3326 int wpa_ft_action_rx(struct wpa_state_machine *sm, const u8 *data, size_t len) 3327 { 3328 const u8 *sta_addr, *target_ap; 3329 const u8 *ies; 3330 size_t ies_len; 3331 u8 action; 3332 struct ft_rrb_frame *frame; 3333 3334 if (sm == NULL) 3335 return -1; 3336 3337 /* 3338 * data: Category[1] Action[1] STA_Address[6] Target_AP_Address[6] 3339 * FT Request action frame body[variable] 3340 */ 3341 3342 if (len < 14) { 3343 wpa_printf(MSG_DEBUG, "FT: Too short FT Action frame " 3344 "(len=%lu)", (unsigned long) len); 3345 return -1; 3346 } 3347 3348 action = data[1]; 3349 sta_addr = data + 2; 3350 target_ap = data + 8; 3351 ies = data + 14; 3352 ies_len = len - 14; 3353 3354 wpa_printf(MSG_DEBUG, "FT: Received FT Action frame (STA=" MACSTR 3355 " Target AP=" MACSTR " Action=%d)", 3356 MAC2STR(sta_addr), MAC2STR(target_ap), action); 3357 3358 if (os_memcmp(sta_addr, sm->addr, ETH_ALEN) != 0) { 3359 wpa_printf(MSG_DEBUG, "FT: Mismatch in FT Action STA address: " 3360 "STA=" MACSTR " STA-Address=" MACSTR, 3361 MAC2STR(sm->addr), MAC2STR(sta_addr)); 3362 return -1; 3363 } 3364 3365 /* 3366 * Do some sanity checking on the target AP address (not own and not 3367 * broadcast. This could be extended to filter based on a list of known 3368 * APs in the MD (if such a list were configured). 3369 */ 3370 if ((target_ap[0] & 0x01) || 3371 os_memcmp(target_ap, sm->wpa_auth->addr, ETH_ALEN) == 0) { 3372 wpa_printf(MSG_DEBUG, "FT: Invalid Target AP in FT Action " 3373 "frame"); 3374 return -1; 3375 } 3376 3377 wpa_hexdump(MSG_MSGDUMP, "FT: Action frame body", ies, ies_len); 3378 3379 if (!sm->wpa_auth->conf.ft_over_ds) { 3380 wpa_printf(MSG_DEBUG, "FT: Over-DS option disabled - reject"); 3381 return -1; 3382 } 3383 3384 /* RRB - Forward action frame to the target AP */ 3385 frame = os_malloc(sizeof(*frame) + len); 3386 if (frame == NULL) 3387 return -1; 3388 frame->frame_type = RSN_REMOTE_FRAME_TYPE_FT_RRB; 3389 frame->packet_type = FT_PACKET_REQUEST; 3390 frame->action_length = host_to_le16(len); 3391 os_memcpy(frame->ap_address, sm->wpa_auth->addr, ETH_ALEN); 3392 os_memcpy(frame + 1, data, len); 3393 3394 wpa_ft_rrb_send(sm->wpa_auth, target_ap, (u8 *) frame, 3395 sizeof(*frame) + len); 3396 os_free(frame); 3397 3398 return 0; 3399 } 3400 3401 3402 static void wpa_ft_rrb_rx_request_cb(void *ctx, const u8 *dst, const u8 *bssid, 3403 u16 auth_transaction, u16 resp, 3404 const u8 *ies, size_t ies_len) 3405 { 3406 struct wpa_state_machine *sm = ctx; 3407 wpa_printf(MSG_DEBUG, "FT: Over-the-DS RX request cb for " MACSTR, 3408 MAC2STR(sm->addr)); 3409 wpa_ft_send_rrb_auth_resp(sm, sm->ft_pending_current_ap, sm->addr, 3410 WLAN_STATUS_SUCCESS, ies, ies_len); 3411 } 3412 3413 3414 static int wpa_ft_rrb_rx_request(struct wpa_authenticator *wpa_auth, 3415 const u8 *current_ap, const u8 *sta_addr, 3416 const u8 *body, size_t len) 3417 { 3418 struct wpa_state_machine *sm; 3419 u16 status; 3420 u8 *resp_ies; 3421 size_t resp_ies_len; 3422 int res; 3423 3424 sm = wpa_ft_add_sta(wpa_auth, sta_addr); 3425 if (sm == NULL) { 3426 wpa_printf(MSG_DEBUG, "FT: Failed to add new STA based on " 3427 "RRB Request"); 3428 return -1; 3429 } 3430 3431 wpa_hexdump(MSG_MSGDUMP, "FT: RRB Request Frame body", body, len); 3432 3433 sm->ft_pending_cb = wpa_ft_rrb_rx_request_cb; 3434 sm->ft_pending_cb_ctx = sm; 3435 os_memcpy(sm->ft_pending_current_ap, current_ap, ETH_ALEN); 3436 sm->ft_pending_pull_left_retries = sm->wpa_auth->conf.rkh_pull_retries; 3437 res = wpa_ft_process_auth_req(sm, body, len, &resp_ies, 3438 &resp_ies_len); 3439 if (res < 0) { 3440 wpa_printf(MSG_DEBUG, "FT: No immediate response available - wait for pull response"); 3441 return 0; 3442 } 3443 status = res; 3444 3445 res = wpa_ft_send_rrb_auth_resp(sm, current_ap, sta_addr, status, 3446 resp_ies, resp_ies_len); 3447 os_free(resp_ies); 3448 return res; 3449 } 3450 3451 3452 static int wpa_ft_send_rrb_auth_resp(struct wpa_state_machine *sm, 3453 const u8 *current_ap, const u8 *sta_addr, 3454 u16 status, const u8 *resp_ies, 3455 size_t resp_ies_len) 3456 { 3457 struct wpa_authenticator *wpa_auth = sm->wpa_auth; 3458 size_t rlen; 3459 struct ft_rrb_frame *frame; 3460 u8 *pos; 3461 3462 wpa_printf(MSG_DEBUG, "FT: RRB authentication response: STA=" MACSTR 3463 " CurrentAP=" MACSTR " status=%u (%s)", 3464 MAC2STR(sm->addr), MAC2STR(current_ap), status, 3465 status2str(status)); 3466 wpa_hexdump(MSG_DEBUG, "FT: Response IEs", resp_ies, resp_ies_len); 3467 3468 /* RRB - Forward action frame response to the Current AP */ 3469 3470 /* 3471 * data: Category[1] Action[1] STA_Address[6] Target_AP_Address[6] 3472 * Status_Code[2] FT Request action frame body[variable] 3473 */ 3474 rlen = 2 + 2 * ETH_ALEN + 2 + resp_ies_len; 3475 3476 frame = os_malloc(sizeof(*frame) + rlen); 3477 if (frame == NULL) 3478 return -1; 3479 frame->frame_type = RSN_REMOTE_FRAME_TYPE_FT_RRB; 3480 frame->packet_type = FT_PACKET_RESPONSE; 3481 frame->action_length = host_to_le16(rlen); 3482 os_memcpy(frame->ap_address, wpa_auth->addr, ETH_ALEN); 3483 pos = (u8 *) (frame + 1); 3484 *pos++ = WLAN_ACTION_FT; 3485 *pos++ = 2; /* Action: Response */ 3486 os_memcpy(pos, sta_addr, ETH_ALEN); 3487 pos += ETH_ALEN; 3488 os_memcpy(pos, wpa_auth->addr, ETH_ALEN); 3489 pos += ETH_ALEN; 3490 WPA_PUT_LE16(pos, status); 3491 pos += 2; 3492 if (resp_ies) 3493 os_memcpy(pos, resp_ies, resp_ies_len); 3494 3495 wpa_ft_rrb_send(wpa_auth, current_ap, (u8 *) frame, 3496 sizeof(*frame) + rlen); 3497 os_free(frame); 3498 3499 return 0; 3500 } 3501 3502 3503 static int wpa_ft_rrb_build_r0(const u8 *key, const size_t key_len, 3504 const struct tlv_list *tlvs, 3505 const struct wpa_ft_pmk_r0_sa *pmk_r0, 3506 const u8 *r1kh_id, const u8 *s1kh_id, 3507 const struct tlv_list *tlv_auth, 3508 const u8 *src_addr, u8 type, 3509 u8 **packet, size_t *packet_len) 3510 { 3511 u8 pmk_r1[PMK_LEN_MAX]; 3512 size_t pmk_r1_len = pmk_r0->pmk_r0_len; 3513 u8 pmk_r1_name[WPA_PMK_NAME_LEN]; 3514 u8 f_pairwise[sizeof(le16)]; 3515 u8 f_expires_in[sizeof(le16)]; 3516 u8 f_session_timeout[sizeof(le32)]; 3517 int expires_in; 3518 int session_timeout; 3519 struct os_reltime now; 3520 int ret; 3521 struct tlv_list sess_tlv[] = { 3522 { .type = FT_RRB_PMK_R1, .len = pmk_r1_len, 3523 .data = pmk_r1 }, 3524 { .type = FT_RRB_PMK_R1_NAME, .len = sizeof(pmk_r1_name), 3525 .data = pmk_r1_name }, 3526 { .type = FT_RRB_PAIRWISE, .len = sizeof(f_pairwise), 3527 .data = f_pairwise }, 3528 { .type = FT_RRB_EXPIRES_IN, .len = sizeof(f_expires_in), 3529 .data = f_expires_in }, 3530 { .type = FT_RRB_IDENTITY, .len = pmk_r0->identity_len, 3531 .data = pmk_r0->identity }, 3532 { .type = FT_RRB_RADIUS_CUI, .len = pmk_r0->radius_cui_len, 3533 .data = pmk_r0->radius_cui }, 3534 { .type = FT_RRB_SESSION_TIMEOUT, 3535 .len = sizeof(f_session_timeout), 3536 .data = f_session_timeout }, 3537 { .type = FT_RRB_LAST_EMPTY, .len = 0, .data = NULL }, 3538 }; 3539 3540 if (wpa_derive_pmk_r1(pmk_r0->pmk_r0, pmk_r0->pmk_r0_len, 3541 pmk_r0->pmk_r0_name, r1kh_id, 3542 s1kh_id, pmk_r1, pmk_r1_name) < 0) 3543 return -1; 3544 wpa_hexdump_key(MSG_DEBUG, "FT: PMK-R1 (for peer AP)", 3545 pmk_r1, pmk_r1_len); 3546 wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name (for peer AP)", 3547 pmk_r1_name, WPA_PMK_NAME_LEN); 3548 WPA_PUT_LE16(f_pairwise, pmk_r0->pairwise); 3549 3550 os_get_reltime(&now); 3551 if (pmk_r0->expiration > now.sec) 3552 expires_in = pmk_r0->expiration - now.sec; 3553 else if (pmk_r0->expiration) 3554 expires_in = 1; 3555 else 3556 expires_in = 0; 3557 WPA_PUT_LE16(f_expires_in, expires_in); 3558 3559 if (pmk_r0->session_timeout > now.sec) 3560 session_timeout = pmk_r0->session_timeout - now.sec; 3561 else if (pmk_r0->session_timeout) 3562 session_timeout = 1; 3563 else 3564 session_timeout = 0; 3565 WPA_PUT_LE32(f_session_timeout, session_timeout); 3566 3567 ret = wpa_ft_rrb_build(key, key_len, tlvs, sess_tlv, tlv_auth, 3568 pmk_r0->vlan, src_addr, type, 3569 packet, packet_len); 3570 3571 forced_memzero(pmk_r1, sizeof(pmk_r1)); 3572 3573 return ret; 3574 } 3575 3576 3577 static int wpa_ft_rrb_rx_pull(struct wpa_authenticator *wpa_auth, 3578 const u8 *src_addr, 3579 const u8 *enc, size_t enc_len, 3580 const u8 *auth, size_t auth_len, 3581 int no_defer) 3582 { 3583 const char *msgtype = "pull request"; 3584 u8 *plain = NULL, *packet = NULL; 3585 size_t plain_len = 0, packet_len = 0; 3586 struct ft_remote_r1kh *r1kh, *r1kh_wildcard; 3587 const u8 *key; 3588 size_t key_len; 3589 int seq_ret; 3590 const u8 *f_nonce, *f_r0kh_id, *f_r1kh_id, *f_s1kh_id, *f_pmk_r0_name; 3591 size_t f_nonce_len, f_r0kh_id_len, f_r1kh_id_len, f_s1kh_id_len; 3592 size_t f_pmk_r0_name_len; 3593 const struct wpa_ft_pmk_r0_sa *r0; 3594 int ret; 3595 struct tlv_list resp[2]; 3596 struct tlv_list resp_auth[5]; 3597 struct ft_rrb_seq f_seq; 3598 3599 wpa_printf(MSG_DEBUG, "FT: Received PMK-R1 pull"); 3600 3601 RRB_GET_AUTH(FT_RRB_R0KH_ID, r0kh_id, msgtype, -1); 3602 wpa_hexdump(MSG_DEBUG, "FT: R0KH-ID", f_r0kh_id, f_r0kh_id_len); 3603 3604 if (wpa_ft_rrb_check_r0kh(wpa_auth, f_r0kh_id, f_r0kh_id_len)) { 3605 wpa_printf(MSG_DEBUG, "FT: R0KH-ID mismatch"); 3606 goto out; 3607 } 3608 3609 RRB_GET_AUTH(FT_RRB_R1KH_ID, r1kh_id, msgtype, FT_R1KH_ID_LEN); 3610 wpa_printf(MSG_DEBUG, "FT: R1KH-ID=" MACSTR, MAC2STR(f_r1kh_id)); 3611 3612 wpa_ft_rrb_lookup_r1kh(wpa_auth, f_r1kh_id, &r1kh, &r1kh_wildcard); 3613 if (r1kh) { 3614 key = r1kh->key; 3615 key_len = sizeof(r1kh->key); 3616 } else if (r1kh_wildcard) { 3617 wpa_printf(MSG_DEBUG, "FT: Using wildcard R1KH-ID"); 3618 key = r1kh_wildcard->key; 3619 key_len = sizeof(r1kh_wildcard->key); 3620 } else { 3621 goto out; 3622 } 3623 3624 RRB_GET_AUTH(FT_RRB_NONCE, nonce, "pull request", FT_RRB_NONCE_LEN); 3625 wpa_hexdump(MSG_DEBUG, "FT: nonce", f_nonce, f_nonce_len); 3626 3627 seq_ret = FT_RRB_SEQ_DROP; 3628 if (r1kh) 3629 seq_ret = wpa_ft_rrb_seq_chk(r1kh->seq, src_addr, enc, enc_len, 3630 auth, auth_len, msgtype, no_defer); 3631 if (!no_defer && r1kh_wildcard && 3632 (!r1kh || os_memcmp(r1kh->addr, src_addr, ETH_ALEN) != 0)) { 3633 /* wildcard: r1kh-id unknown or changed addr -> do a seq req */ 3634 seq_ret = FT_RRB_SEQ_DEFER; 3635 } 3636 3637 if (seq_ret == FT_RRB_SEQ_DROP) 3638 goto out; 3639 3640 if (wpa_ft_rrb_decrypt(key, key_len, enc, enc_len, auth, auth_len, 3641 src_addr, FT_PACKET_R0KH_R1KH_PULL, 3642 &plain, &plain_len) < 0) 3643 goto out; 3644 3645 if (!r1kh) 3646 r1kh = wpa_ft_rrb_add_r1kh(wpa_auth, r1kh_wildcard, src_addr, 3647 f_r1kh_id, 3648 wpa_auth->conf.rkh_pos_timeout); 3649 if (!r1kh) 3650 goto out; 3651 3652 if (seq_ret == FT_RRB_SEQ_DEFER) { 3653 wpa_ft_rrb_seq_req(wpa_auth, r1kh->seq, src_addr, f_r0kh_id, 3654 f_r0kh_id_len, f_r1kh_id, key, key_len, 3655 enc, enc_len, auth, auth_len, 3656 &wpa_ft_rrb_rx_pull); 3657 goto out; 3658 } 3659 3660 wpa_ft_rrb_seq_accept(wpa_auth, r1kh->seq, src_addr, auth, auth_len, 3661 msgtype); 3662 wpa_ft_rrb_r1kh_replenish(wpa_auth, r1kh, 3663 wpa_auth->conf.rkh_pos_timeout); 3664 3665 RRB_GET(FT_RRB_PMK_R0_NAME, pmk_r0_name, msgtype, WPA_PMK_NAME_LEN); 3666 wpa_hexdump(MSG_DEBUG, "FT: PMKR0Name", f_pmk_r0_name, 3667 f_pmk_r0_name_len); 3668 3669 RRB_GET(FT_RRB_S1KH_ID, s1kh_id, msgtype, ETH_ALEN); 3670 wpa_printf(MSG_DEBUG, "FT: S1KH-ID=" MACSTR, MAC2STR(f_s1kh_id)); 3671 3672 if (wpa_ft_new_seq(r1kh->seq, &f_seq) < 0) { 3673 wpa_printf(MSG_DEBUG, "FT: Failed to get seq num"); 3674 goto out; 3675 } 3676 3677 resp[0].type = FT_RRB_S1KH_ID; 3678 resp[0].len = f_s1kh_id_len; 3679 resp[0].data = f_s1kh_id; 3680 resp[1].type = FT_RRB_LAST_EMPTY; 3681 resp[1].len = 0; 3682 resp[1].data = NULL; 3683 3684 resp_auth[0].type = FT_RRB_NONCE; 3685 resp_auth[0].len = f_nonce_len; 3686 resp_auth[0].data = f_nonce; 3687 resp_auth[1].type = FT_RRB_SEQ; 3688 resp_auth[1].len = sizeof(f_seq); 3689 resp_auth[1].data = (u8 *) &f_seq; 3690 resp_auth[2].type = FT_RRB_R0KH_ID; 3691 resp_auth[2].len = f_r0kh_id_len; 3692 resp_auth[2].data = f_r0kh_id; 3693 resp_auth[3].type = FT_RRB_R1KH_ID; 3694 resp_auth[3].len = f_r1kh_id_len; 3695 resp_auth[3].data = f_r1kh_id; 3696 resp_auth[4].type = FT_RRB_LAST_EMPTY; 3697 resp_auth[4].len = 0; 3698 resp_auth[4].data = NULL; 3699 3700 if (wpa_ft_fetch_pmk_r0(wpa_auth, f_s1kh_id, f_pmk_r0_name, &r0) < 0) { 3701 wpa_printf(MSG_DEBUG, "FT: No matching PMK-R0-Name found"); 3702 ret = wpa_ft_rrb_build(key, key_len, resp, NULL, resp_auth, 3703 NULL, wpa_auth->addr, 3704 FT_PACKET_R0KH_R1KH_RESP, 3705 &packet, &packet_len); 3706 } else { 3707 ret = wpa_ft_rrb_build_r0(key, key_len, resp, r0, f_r1kh_id, 3708 f_s1kh_id, resp_auth, wpa_auth->addr, 3709 FT_PACKET_R0KH_R1KH_RESP, 3710 &packet, &packet_len); 3711 } 3712 3713 if (!ret) 3714 wpa_ft_rrb_oui_send(wpa_auth, src_addr, 3715 FT_PACKET_R0KH_R1KH_RESP, packet, 3716 packet_len); 3717 3718 out: 3719 os_free(plain); 3720 os_free(packet); 3721 3722 return 0; 3723 } 3724 3725 3726 /* @returns 0 on success 3727 * -1 on error 3728 * -2 if FR_RRB_PAIRWISE is missing 3729 */ 3730 static int wpa_ft_rrb_rx_r1(struct wpa_authenticator *wpa_auth, 3731 const u8 *src_addr, u8 type, 3732 const u8 *enc, size_t enc_len, 3733 const u8 *auth, size_t auth_len, 3734 const char *msgtype, u8 *s1kh_id_out, 3735 int (*cb)(struct wpa_authenticator *wpa_auth, 3736 const u8 *src_addr, 3737 const u8 *enc, size_t enc_len, 3738 const u8 *auth, size_t auth_len, 3739 int no_defer)) 3740 { 3741 u8 *plain = NULL; 3742 size_t plain_len = 0; 3743 struct ft_remote_r0kh *r0kh, *r0kh_wildcard; 3744 const u8 *key; 3745 size_t key_len; 3746 int seq_ret; 3747 const u8 *f_r1kh_id, *f_s1kh_id, *f_r0kh_id; 3748 const u8 *f_pmk_r1_name, *f_pairwise, *f_pmk_r1; 3749 const u8 *f_expires_in; 3750 size_t f_r1kh_id_len, f_s1kh_id_len, f_r0kh_id_len; 3751 const u8 *f_identity, *f_radius_cui; 3752 const u8 *f_session_timeout; 3753 size_t f_pmk_r1_name_len, f_pairwise_len, f_pmk_r1_len; 3754 size_t f_expires_in_len; 3755 size_t f_identity_len, f_radius_cui_len; 3756 size_t f_session_timeout_len; 3757 int pairwise; 3758 int ret = -1; 3759 int expires_in; 3760 int session_timeout; 3761 struct vlan_description vlan; 3762 size_t pmk_r1_len; 3763 3764 RRB_GET_AUTH(FT_RRB_R0KH_ID, r0kh_id, msgtype, -1); 3765 wpa_hexdump(MSG_DEBUG, "FT: R0KH-ID", f_r0kh_id, f_r0kh_id_len); 3766 3767 RRB_GET_AUTH(FT_RRB_R1KH_ID, r1kh_id, msgtype, FT_R1KH_ID_LEN); 3768 wpa_printf(MSG_DEBUG, "FT: R1KH-ID=" MACSTR, MAC2STR(f_r1kh_id)); 3769 3770 if (wpa_ft_rrb_check_r1kh(wpa_auth, f_r1kh_id)) { 3771 wpa_printf(MSG_DEBUG, "FT: R1KH-ID mismatch"); 3772 goto out; 3773 } 3774 3775 wpa_ft_rrb_lookup_r0kh(wpa_auth, f_r0kh_id, f_r0kh_id_len, &r0kh, 3776 &r0kh_wildcard); 3777 if (r0kh) { 3778 key = r0kh->key; 3779 key_len = sizeof(r0kh->key); 3780 } else if (r0kh_wildcard) { 3781 wpa_printf(MSG_DEBUG, "FT: Using wildcard R0KH-ID"); 3782 key = r0kh_wildcard->key; 3783 key_len = sizeof(r0kh_wildcard->key); 3784 } else { 3785 goto out; 3786 } 3787 3788 seq_ret = FT_RRB_SEQ_DROP; 3789 if (r0kh) { 3790 seq_ret = wpa_ft_rrb_seq_chk(r0kh->seq, src_addr, enc, enc_len, 3791 auth, auth_len, msgtype, 3792 cb ? 0 : 1); 3793 } 3794 if (cb && r0kh_wildcard && 3795 (!r0kh || os_memcmp(r0kh->addr, src_addr, ETH_ALEN) != 0)) { 3796 /* wildcard: r0kh-id unknown or changed addr -> do a seq req */ 3797 seq_ret = FT_RRB_SEQ_DEFER; 3798 } 3799 3800 if (seq_ret == FT_RRB_SEQ_DROP) 3801 goto out; 3802 3803 if (wpa_ft_rrb_decrypt(key, key_len, enc, enc_len, auth, auth_len, 3804 src_addr, type, &plain, &plain_len) < 0) 3805 goto out; 3806 3807 if (!r0kh) 3808 r0kh = wpa_ft_rrb_add_r0kh(wpa_auth, r0kh_wildcard, src_addr, 3809 f_r0kh_id, f_r0kh_id_len, 3810 wpa_auth->conf.rkh_pos_timeout); 3811 if (!r0kh) 3812 goto out; 3813 3814 if (seq_ret == FT_RRB_SEQ_DEFER) { 3815 wpa_ft_rrb_seq_req(wpa_auth, r0kh->seq, src_addr, f_r0kh_id, 3816 f_r0kh_id_len, f_r1kh_id, key, key_len, 3817 enc, enc_len, auth, auth_len, cb); 3818 goto out; 3819 } 3820 3821 wpa_ft_rrb_seq_accept(wpa_auth, r0kh->seq, src_addr, auth, auth_len, 3822 msgtype); 3823 wpa_ft_rrb_r0kh_replenish(wpa_auth, r0kh, 3824 wpa_auth->conf.rkh_pos_timeout); 3825 3826 RRB_GET(FT_RRB_S1KH_ID, s1kh_id, msgtype, ETH_ALEN); 3827 wpa_printf(MSG_DEBUG, "FT: S1KH-ID=" MACSTR, MAC2STR(f_s1kh_id)); 3828 3829 if (s1kh_id_out) 3830 os_memcpy(s1kh_id_out, f_s1kh_id, ETH_ALEN); 3831 3832 ret = -2; 3833 RRB_GET(FT_RRB_PAIRWISE, pairwise, msgtype, sizeof(le16)); 3834 wpa_hexdump(MSG_DEBUG, "FT: pairwise", f_pairwise, f_pairwise_len); 3835 3836 ret = -1; 3837 RRB_GET(FT_RRB_PMK_R1_NAME, pmk_r1_name, msgtype, WPA_PMK_NAME_LEN); 3838 wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name", 3839 f_pmk_r1_name, WPA_PMK_NAME_LEN); 3840 3841 pmk_r1_len = PMK_LEN; 3842 if (wpa_ft_rrb_get_tlv(plain, plain_len, FT_RRB_PMK_R1, &f_pmk_r1_len, 3843 &f_pmk_r1) == 0 && 3844 (f_pmk_r1_len == PMK_LEN || f_pmk_r1_len == SHA384_MAC_LEN)) 3845 pmk_r1_len = f_pmk_r1_len; 3846 RRB_GET(FT_RRB_PMK_R1, pmk_r1, msgtype, pmk_r1_len); 3847 wpa_hexdump_key(MSG_DEBUG, "FT: PMK-R1", f_pmk_r1, pmk_r1_len); 3848 3849 pairwise = WPA_GET_LE16(f_pairwise); 3850 3851 RRB_GET_OPTIONAL(FT_RRB_EXPIRES_IN, expires_in, msgtype, 3852 sizeof(le16)); 3853 if (f_expires_in) 3854 expires_in = WPA_GET_LE16(f_expires_in); 3855 else 3856 expires_in = 0; 3857 3858 wpa_printf(MSG_DEBUG, "FT: PMK-R1 %s - expires_in=%d", msgtype, 3859 expires_in); 3860 3861 if (wpa_ft_rrb_get_tlv_vlan(plain, plain_len, &vlan) < 0) { 3862 wpa_printf(MSG_DEBUG, "FT: Cannot parse vlan"); 3863 wpa_ft_rrb_dump(plain, plain_len); 3864 goto out; 3865 } 3866 3867 wpa_printf(MSG_DEBUG, "FT: vlan %d%s", 3868 le_to_host16(vlan.untagged), vlan.tagged[0] ? "+" : ""); 3869 3870 RRB_GET_OPTIONAL(FT_RRB_IDENTITY, identity, msgtype, -1); 3871 if (f_identity) 3872 wpa_hexdump_ascii(MSG_DEBUG, "FT: Identity", f_identity, 3873 f_identity_len); 3874 3875 RRB_GET_OPTIONAL(FT_RRB_RADIUS_CUI, radius_cui, msgtype, -1); 3876 if (f_radius_cui) 3877 wpa_hexdump_ascii(MSG_DEBUG, "FT: CUI", f_radius_cui, 3878 f_radius_cui_len); 3879 3880 RRB_GET_OPTIONAL(FT_RRB_SESSION_TIMEOUT, session_timeout, msgtype, 3881 sizeof(le32)); 3882 if (f_session_timeout) 3883 session_timeout = WPA_GET_LE32(f_session_timeout); 3884 else 3885 session_timeout = 0; 3886 wpa_printf(MSG_DEBUG, "FT: session_timeout %d", session_timeout); 3887 3888 if (wpa_ft_store_pmk_r1(wpa_auth, f_s1kh_id, f_pmk_r1, pmk_r1_len, 3889 f_pmk_r1_name, 3890 pairwise, &vlan, expires_in, session_timeout, 3891 f_identity, f_identity_len, f_radius_cui, 3892 f_radius_cui_len) < 0) 3893 goto out; 3894 3895 ret = 0; 3896 out: 3897 bin_clear_free(plain, plain_len); 3898 3899 return ret; 3900 3901 } 3902 3903 3904 static void ft_finish_pull(struct wpa_state_machine *sm) 3905 { 3906 int res; 3907 u8 *resp_ies; 3908 size_t resp_ies_len; 3909 u16 status; 3910 3911 if (!sm->ft_pending_cb || !sm->ft_pending_req_ies) 3912 return; 3913 3914 res = wpa_ft_process_auth_req(sm, wpabuf_head(sm->ft_pending_req_ies), 3915 wpabuf_len(sm->ft_pending_req_ies), 3916 &resp_ies, &resp_ies_len); 3917 if (res < 0) { 3918 /* this loop is broken by ft_pending_pull_left_retries */ 3919 wpa_printf(MSG_DEBUG, 3920 "FT: Callback postponed until response is available"); 3921 return; 3922 } 3923 wpabuf_free(sm->ft_pending_req_ies); 3924 sm->ft_pending_req_ies = NULL; 3925 status = res; 3926 wpa_printf(MSG_DEBUG, "FT: Postponed auth callback result for " MACSTR 3927 " - status %u", MAC2STR(sm->addr), status); 3928 3929 sm->ft_pending_cb(sm->ft_pending_cb_ctx, sm->addr, sm->wpa_auth->addr, 3930 sm->ft_pending_auth_transaction + 1, status, 3931 resp_ies, resp_ies_len); 3932 os_free(resp_ies); 3933 } 3934 3935 3936 struct ft_get_sta_ctx { 3937 const u8 *nonce; 3938 const u8 *s1kh_id; 3939 struct wpa_state_machine *sm; 3940 }; 3941 3942 3943 static int ft_get_sta_cb(struct wpa_state_machine *sm, void *ctx) 3944 { 3945 struct ft_get_sta_ctx *info = ctx; 3946 3947 if ((info->s1kh_id && 3948 os_memcmp(info->s1kh_id, sm->addr, ETH_ALEN) != 0) || 3949 os_memcmp(info->nonce, sm->ft_pending_pull_nonce, 3950 FT_RRB_NONCE_LEN) != 0 || 3951 sm->ft_pending_cb == NULL || sm->ft_pending_req_ies == NULL) 3952 return 0; 3953 3954 info->sm = sm; 3955 3956 return 1; 3957 } 3958 3959 3960 static int wpa_ft_rrb_rx_resp(struct wpa_authenticator *wpa_auth, 3961 const u8 *src_addr, 3962 const u8 *enc, size_t enc_len, 3963 const u8 *auth, size_t auth_len, 3964 int no_defer) 3965 { 3966 const char *msgtype = "pull response"; 3967 int nak, ret = -1; 3968 struct ft_get_sta_ctx ctx; 3969 u8 s1kh_id[ETH_ALEN]; 3970 const u8 *f_nonce; 3971 size_t f_nonce_len; 3972 3973 wpa_printf(MSG_DEBUG, "FT: Received PMK-R1 pull response"); 3974 3975 RRB_GET_AUTH(FT_RRB_NONCE, nonce, msgtype, FT_RRB_NONCE_LEN); 3976 wpa_hexdump(MSG_DEBUG, "FT: nonce", f_nonce, f_nonce_len); 3977 3978 os_memset(&ctx, 0, sizeof(ctx)); 3979 ctx.nonce = f_nonce; 3980 if (!wpa_auth_for_each_sta(wpa_auth, ft_get_sta_cb, &ctx)) { 3981 /* nonce not found */ 3982 wpa_printf(MSG_DEBUG, "FT: Invalid nonce"); 3983 return -1; 3984 } 3985 3986 ret = wpa_ft_rrb_rx_r1(wpa_auth, src_addr, FT_PACKET_R0KH_R1KH_RESP, 3987 enc, enc_len, auth, auth_len, msgtype, s1kh_id, 3988 no_defer ? NULL : &wpa_ft_rrb_rx_resp); 3989 if (ret == -2) { 3990 ret = 0; 3991 nak = 1; 3992 } else { 3993 nak = 0; 3994 } 3995 if (ret < 0) 3996 return -1; 3997 3998 ctx.s1kh_id = s1kh_id; 3999 if (wpa_auth_for_each_sta(wpa_auth, ft_get_sta_cb, &ctx)) { 4000 wpa_printf(MSG_DEBUG, 4001 "FT: Response to a pending pull request for " MACSTR, 4002 MAC2STR(ctx.sm->addr)); 4003 eloop_cancel_timeout(wpa_ft_expire_pull, ctx.sm, NULL); 4004 if (nak) 4005 ctx.sm->ft_pending_pull_left_retries = 0; 4006 ft_finish_pull(ctx.sm); 4007 } 4008 4009 out: 4010 return ret; 4011 } 4012 4013 4014 static int wpa_ft_rrb_rx_push(struct wpa_authenticator *wpa_auth, 4015 const u8 *src_addr, 4016 const u8 *enc, size_t enc_len, 4017 const u8 *auth, size_t auth_len, int no_defer) 4018 { 4019 const char *msgtype = "push"; 4020 4021 wpa_printf(MSG_DEBUG, "FT: Received PMK-R1 push"); 4022 4023 if (wpa_ft_rrb_rx_r1(wpa_auth, src_addr, FT_PACKET_R0KH_R1KH_PUSH, 4024 enc, enc_len, auth, auth_len, msgtype, NULL, 4025 no_defer ? NULL : wpa_ft_rrb_rx_push) < 0) 4026 return -1; 4027 4028 return 0; 4029 } 4030 4031 4032 static int wpa_ft_rrb_rx_seq(struct wpa_authenticator *wpa_auth, 4033 const u8 *src_addr, int type, 4034 const u8 *enc, size_t enc_len, 4035 const u8 *auth, size_t auth_len, 4036 struct ft_remote_seq **rkh_seq, 4037 u8 **key, size_t *key_len, 4038 struct ft_remote_r0kh **r0kh_out, 4039 struct ft_remote_r1kh **r1kh_out, 4040 struct ft_remote_r0kh **r0kh_wildcard_out, 4041 struct ft_remote_r1kh **r1kh_wildcard_out) 4042 { 4043 struct ft_remote_r0kh *r0kh = NULL; 4044 struct ft_remote_r1kh *r1kh = NULL; 4045 const u8 *f_r0kh_id, *f_r1kh_id; 4046 size_t f_r0kh_id_len, f_r1kh_id_len; 4047 int to_r0kh, to_r1kh; 4048 u8 *plain = NULL; 4049 size_t plain_len = 0; 4050 struct ft_remote_r0kh *r0kh_wildcard; 4051 struct ft_remote_r1kh *r1kh_wildcard; 4052 4053 RRB_GET_AUTH(FT_RRB_R0KH_ID, r0kh_id, "seq", -1); 4054 RRB_GET_AUTH(FT_RRB_R1KH_ID, r1kh_id, "seq", FT_R1KH_ID_LEN); 4055 4056 to_r0kh = !wpa_ft_rrb_check_r0kh(wpa_auth, f_r0kh_id, f_r0kh_id_len); 4057 to_r1kh = !wpa_ft_rrb_check_r1kh(wpa_auth, f_r1kh_id); 4058 4059 if (to_r0kh && to_r1kh) { 4060 wpa_printf(MSG_DEBUG, "FT: seq - local R0KH-ID and R1KH-ID"); 4061 goto out; 4062 } 4063 4064 if (!to_r0kh && !to_r1kh) { 4065 wpa_printf(MSG_DEBUG, "FT: seq - remote R0KH-ID and R1KH-ID"); 4066 goto out; 4067 } 4068 4069 if (!to_r0kh) { 4070 wpa_ft_rrb_lookup_r0kh(wpa_auth, f_r0kh_id, f_r0kh_id_len, 4071 &r0kh, &r0kh_wildcard); 4072 if (!r0kh_wildcard && 4073 (!r0kh || os_memcmp(r0kh->addr, src_addr, ETH_ALEN) != 0)) { 4074 wpa_hexdump(MSG_DEBUG, "FT: Did not find R0KH-ID", 4075 f_r0kh_id, f_r0kh_id_len); 4076 goto out; 4077 } 4078 if (r0kh) { 4079 *key = r0kh->key; 4080 *key_len = sizeof(r0kh->key); 4081 } else { 4082 *key = r0kh_wildcard->key; 4083 *key_len = sizeof(r0kh_wildcard->key); 4084 } 4085 } 4086 4087 if (!to_r1kh) { 4088 wpa_ft_rrb_lookup_r1kh(wpa_auth, f_r1kh_id, &r1kh, 4089 &r1kh_wildcard); 4090 if (!r1kh_wildcard && 4091 (!r1kh || os_memcmp(r1kh->addr, src_addr, ETH_ALEN) != 0)) { 4092 wpa_hexdump(MSG_DEBUG, "FT: Did not find R1KH-ID", 4093 f_r1kh_id, FT_R1KH_ID_LEN); 4094 goto out; 4095 } 4096 if (r1kh) { 4097 *key = r1kh->key; 4098 *key_len = sizeof(r1kh->key); 4099 } else { 4100 *key = r1kh_wildcard->key; 4101 *key_len = sizeof(r1kh_wildcard->key); 4102 } 4103 } 4104 4105 if (wpa_ft_rrb_decrypt(*key, *key_len, enc, enc_len, auth, auth_len, 4106 src_addr, type, &plain, &plain_len) < 0) 4107 goto out; 4108 4109 os_free(plain); 4110 4111 if (!to_r0kh) { 4112 if (!r0kh) 4113 r0kh = wpa_ft_rrb_add_r0kh(wpa_auth, r0kh_wildcard, 4114 src_addr, f_r0kh_id, 4115 f_r0kh_id_len, 4116 ftRRBseqTimeout); 4117 if (!r0kh) 4118 goto out; 4119 4120 wpa_ft_rrb_r0kh_replenish(wpa_auth, r0kh, ftRRBseqTimeout); 4121 *rkh_seq = r0kh->seq; 4122 if (r0kh_out) 4123 *r0kh_out = r0kh; 4124 if (r0kh_wildcard_out) 4125 *r0kh_wildcard_out = r0kh_wildcard; 4126 } 4127 4128 if (!to_r1kh) { 4129 if (!r1kh) 4130 r1kh = wpa_ft_rrb_add_r1kh(wpa_auth, r1kh_wildcard, 4131 src_addr, f_r1kh_id, 4132 ftRRBseqTimeout); 4133 if (!r1kh) 4134 goto out; 4135 4136 wpa_ft_rrb_r1kh_replenish(wpa_auth, r1kh, ftRRBseqTimeout); 4137 *rkh_seq = r1kh->seq; 4138 if (r1kh_out) 4139 *r1kh_out = r1kh; 4140 if (r1kh_wildcard_out) 4141 *r1kh_wildcard_out = r1kh_wildcard; 4142 } 4143 4144 return 0; 4145 out: 4146 return -1; 4147 } 4148 4149 4150 static int wpa_ft_rrb_rx_seq_req(struct wpa_authenticator *wpa_auth, 4151 const u8 *src_addr, 4152 const u8 *enc, size_t enc_len, 4153 const u8 *auth, size_t auth_len, 4154 int no_defer) 4155 { 4156 int ret = -1; 4157 struct ft_rrb_seq f_seq; 4158 const u8 *f_nonce, *f_r0kh_id, *f_r1kh_id; 4159 size_t f_nonce_len, f_r0kh_id_len, f_r1kh_id_len; 4160 struct ft_remote_seq *rkh_seq = NULL; 4161 u8 *packet = NULL, *key = NULL; 4162 size_t packet_len = 0, key_len = 0; 4163 struct tlv_list seq_resp_auth[5]; 4164 4165 wpa_printf(MSG_DEBUG, "FT: Received sequence number request"); 4166 4167 if (wpa_ft_rrb_rx_seq(wpa_auth, src_addr, FT_PACKET_R0KH_R1KH_SEQ_REQ, 4168 enc, enc_len, auth, auth_len, &rkh_seq, &key, 4169 &key_len, NULL, NULL, NULL, NULL) < 0) 4170 goto out; 4171 4172 RRB_GET_AUTH(FT_RRB_NONCE, nonce, "seq request", FT_RRB_NONCE_LEN); 4173 wpa_hexdump(MSG_DEBUG, "FT: seq request - nonce", f_nonce, f_nonce_len); 4174 4175 RRB_GET_AUTH(FT_RRB_R0KH_ID, r0kh_id, "seq", -1); 4176 RRB_GET_AUTH(FT_RRB_R1KH_ID, r1kh_id, "seq", FT_R1KH_ID_LEN); 4177 4178 if (wpa_ft_new_seq(rkh_seq, &f_seq) < 0) { 4179 wpa_printf(MSG_DEBUG, "FT: Failed to get seq num"); 4180 goto out; 4181 } 4182 4183 seq_resp_auth[0].type = FT_RRB_NONCE; 4184 seq_resp_auth[0].len = f_nonce_len; 4185 seq_resp_auth[0].data = f_nonce; 4186 seq_resp_auth[1].type = FT_RRB_SEQ; 4187 seq_resp_auth[1].len = sizeof(f_seq); 4188 seq_resp_auth[1].data = (u8 *) &f_seq; 4189 seq_resp_auth[2].type = FT_RRB_R0KH_ID; 4190 seq_resp_auth[2].len = f_r0kh_id_len; 4191 seq_resp_auth[2].data = f_r0kh_id; 4192 seq_resp_auth[3].type = FT_RRB_R1KH_ID; 4193 seq_resp_auth[3].len = FT_R1KH_ID_LEN; 4194 seq_resp_auth[3].data = f_r1kh_id; 4195 seq_resp_auth[4].type = FT_RRB_LAST_EMPTY; 4196 seq_resp_auth[4].len = 0; 4197 seq_resp_auth[4].data = NULL; 4198 4199 if (wpa_ft_rrb_build(key, key_len, NULL, NULL, seq_resp_auth, NULL, 4200 wpa_auth->addr, FT_PACKET_R0KH_R1KH_SEQ_RESP, 4201 &packet, &packet_len) < 0) 4202 goto out; 4203 4204 wpa_ft_rrb_oui_send(wpa_auth, src_addr, 4205 FT_PACKET_R0KH_R1KH_SEQ_RESP, packet, 4206 packet_len); 4207 4208 out: 4209 os_free(packet); 4210 4211 return ret; 4212 } 4213 4214 4215 static int wpa_ft_rrb_rx_seq_resp(struct wpa_authenticator *wpa_auth, 4216 const u8 *src_addr, 4217 const u8 *enc, size_t enc_len, 4218 const u8 *auth, size_t auth_len, 4219 int no_defer) 4220 { 4221 u8 *key = NULL; 4222 size_t key_len = 0; 4223 struct ft_remote_r0kh *r0kh = NULL, *r0kh_wildcard = NULL; 4224 struct ft_remote_r1kh *r1kh = NULL, *r1kh_wildcard = NULL; 4225 const u8 *f_nonce, *f_seq; 4226 size_t f_nonce_len, f_seq_len; 4227 struct ft_remote_seq *rkh_seq = NULL; 4228 struct ft_remote_item *item; 4229 struct os_reltime now, now_remote; 4230 int seq_ret, found; 4231 const struct ft_rrb_seq *msg_both; 4232 u32 msg_dom, msg_seq; 4233 4234 wpa_printf(MSG_DEBUG, "FT: Received sequence number response"); 4235 4236 if (wpa_ft_rrb_rx_seq(wpa_auth, src_addr, FT_PACKET_R0KH_R1KH_SEQ_RESP, 4237 enc, enc_len, auth, auth_len, &rkh_seq, &key, 4238 &key_len, &r0kh, &r1kh, &r0kh_wildcard, 4239 &r1kh_wildcard) < 0) 4240 goto out; 4241 4242 RRB_GET_AUTH(FT_RRB_NONCE, nonce, "seq response", FT_RRB_NONCE_LEN); 4243 wpa_hexdump(MSG_DEBUG, "FT: seq response - nonce", f_nonce, 4244 f_nonce_len); 4245 4246 found = 0; 4247 dl_list_for_each(item, &rkh_seq->rx.queue, struct ft_remote_item, 4248 list) { 4249 if (os_memcmp_const(f_nonce, item->nonce, 4250 FT_RRB_NONCE_LEN) != 0 || 4251 os_get_reltime(&now) < 0 || 4252 os_reltime_expired(&now, &item->nonce_ts, ftRRBseqTimeout)) 4253 continue; 4254 4255 found = 1; 4256 break; 4257 } 4258 if (!found) { 4259 wpa_printf(MSG_DEBUG, "FT: seq response - bad nonce"); 4260 goto out; 4261 } 4262 4263 if (r0kh) { 4264 wpa_ft_rrb_r0kh_replenish(wpa_auth, r0kh, 4265 wpa_auth->conf.rkh_pos_timeout); 4266 if (r0kh_wildcard) 4267 os_memcpy(r0kh->addr, src_addr, ETH_ALEN); 4268 } 4269 4270 if (r1kh) { 4271 wpa_ft_rrb_r1kh_replenish(wpa_auth, r1kh, 4272 wpa_auth->conf.rkh_pos_timeout); 4273 if (r1kh_wildcard) 4274 os_memcpy(r1kh->addr, src_addr, ETH_ALEN); 4275 } 4276 4277 seq_ret = wpa_ft_rrb_seq_chk(rkh_seq, src_addr, enc, enc_len, auth, 4278 auth_len, "seq response", 1); 4279 if (seq_ret == FT_RRB_SEQ_OK) { 4280 wpa_printf(MSG_DEBUG, "FT: seq response - valid seq number"); 4281 wpa_ft_rrb_seq_accept(wpa_auth, rkh_seq, src_addr, auth, 4282 auth_len, "seq response"); 4283 } else { 4284 wpa_printf(MSG_DEBUG, "FT: seq response - reset seq number"); 4285 4286 RRB_GET_AUTH(FT_RRB_SEQ, seq, "seq response", 4287 sizeof(*msg_both)); 4288 msg_both = (const struct ft_rrb_seq *) f_seq; 4289 4290 msg_dom = le_to_host32(msg_both->dom); 4291 msg_seq = le_to_host32(msg_both->seq); 4292 now_remote.sec = le_to_host32(msg_both->ts); 4293 now_remote.usec = 0; 4294 4295 rkh_seq->rx.num_last = 2; 4296 rkh_seq->rx.dom = msg_dom; 4297 rkh_seq->rx.offsetidx = 0; 4298 /* Accept some older, possibly cached packets as well */ 4299 rkh_seq->rx.last[0] = msg_seq - FT_REMOTE_SEQ_BACKLOG - 4300 dl_list_len(&rkh_seq->rx.queue); 4301 rkh_seq->rx.last[1] = msg_seq; 4302 4303 /* local time - offset = remote time 4304 * <=> local time - remote time = offset */ 4305 os_reltime_sub(&now, &now_remote, &rkh_seq->rx.time_offset); 4306 } 4307 4308 wpa_ft_rrb_seq_flush(wpa_auth, rkh_seq, 1); 4309 4310 return 0; 4311 out: 4312 return -1; 4313 } 4314 4315 4316 int wpa_ft_rrb_rx(struct wpa_authenticator *wpa_auth, const u8 *src_addr, 4317 const u8 *data, size_t data_len) 4318 { 4319 struct ft_rrb_frame *frame; 4320 u16 alen; 4321 const u8 *pos, *end, *start; 4322 u8 action; 4323 const u8 *sta_addr, *target_ap_addr; 4324 4325 wpa_printf(MSG_DEBUG, "FT: RRB received frame from remote AP " MACSTR, 4326 MAC2STR(src_addr)); 4327 4328 if (data_len < sizeof(*frame)) { 4329 wpa_printf(MSG_DEBUG, "FT: Too short RRB frame (data_len=%lu)", 4330 (unsigned long) data_len); 4331 return -1; 4332 } 4333 4334 pos = data; 4335 frame = (struct ft_rrb_frame *) pos; 4336 pos += sizeof(*frame); 4337 4338 alen = le_to_host16(frame->action_length); 4339 wpa_printf(MSG_DEBUG, "FT: RRB frame - frame_type=%d packet_type=%d " 4340 "action_length=%d ap_address=" MACSTR, 4341 frame->frame_type, frame->packet_type, alen, 4342 MAC2STR(frame->ap_address)); 4343 4344 if (frame->frame_type != RSN_REMOTE_FRAME_TYPE_FT_RRB) { 4345 /* Discard frame per IEEE Std 802.11r-2008, 11A.10.3 */ 4346 wpa_printf(MSG_DEBUG, "FT: RRB discarded frame with " 4347 "unrecognized type %d", frame->frame_type); 4348 return -1; 4349 } 4350 4351 if (alen > data_len - sizeof(*frame)) { 4352 wpa_printf(MSG_DEBUG, "FT: RRB frame too short for action " 4353 "frame"); 4354 return -1; 4355 } 4356 4357 wpa_hexdump(MSG_MSGDUMP, "FT: RRB - FT Action frame", pos, alen); 4358 4359 if (alen < 1 + 1 + 2 * ETH_ALEN) { 4360 wpa_printf(MSG_DEBUG, "FT: Too short RRB frame (not enough " 4361 "room for Action Frame body); alen=%lu", 4362 (unsigned long) alen); 4363 return -1; 4364 } 4365 start = pos; 4366 end = pos + alen; 4367 4368 if (*pos != WLAN_ACTION_FT) { 4369 wpa_printf(MSG_DEBUG, "FT: Unexpected Action frame category " 4370 "%d", *pos); 4371 return -1; 4372 } 4373 4374 pos++; 4375 action = *pos++; 4376 sta_addr = pos; 4377 pos += ETH_ALEN; 4378 target_ap_addr = pos; 4379 pos += ETH_ALEN; 4380 wpa_printf(MSG_DEBUG, "FT: RRB Action Frame: action=%d sta_addr=" 4381 MACSTR " target_ap_addr=" MACSTR, 4382 action, MAC2STR(sta_addr), MAC2STR(target_ap_addr)); 4383 4384 if (frame->packet_type == FT_PACKET_REQUEST) { 4385 wpa_printf(MSG_DEBUG, "FT: FT Packet Type - Request"); 4386 4387 if (action != 1) { 4388 wpa_printf(MSG_DEBUG, "FT: Unexpected Action %d in " 4389 "RRB Request", action); 4390 return -1; 4391 } 4392 4393 if (os_memcmp(target_ap_addr, wpa_auth->addr, ETH_ALEN) != 0) { 4394 wpa_printf(MSG_DEBUG, "FT: Target AP address in the " 4395 "RRB Request does not match with own " 4396 "address"); 4397 return -1; 4398 } 4399 4400 if (wpa_ft_rrb_rx_request(wpa_auth, frame->ap_address, 4401 sta_addr, pos, end - pos) < 0) 4402 return -1; 4403 } else if (frame->packet_type == FT_PACKET_RESPONSE) { 4404 u16 status_code; 4405 4406 if (end - pos < 2) { 4407 wpa_printf(MSG_DEBUG, "FT: Not enough room for status " 4408 "code in RRB Response"); 4409 return -1; 4410 } 4411 status_code = WPA_GET_LE16(pos); 4412 pos += 2; 4413 4414 wpa_printf(MSG_DEBUG, "FT: FT Packet Type - Response " 4415 "(status_code=%d)", status_code); 4416 4417 if (wpa_ft_action_send(wpa_auth, sta_addr, start, alen) < 0) 4418 return -1; 4419 } else { 4420 wpa_printf(MSG_DEBUG, "FT: RRB discarded frame with unknown " 4421 "packet_type %d", frame->packet_type); 4422 return -1; 4423 } 4424 4425 if (end > pos) { 4426 wpa_hexdump(MSG_DEBUG, "FT: Ignore extra data in end", 4427 pos, end - pos); 4428 } 4429 4430 return 0; 4431 } 4432 4433 4434 void wpa_ft_rrb_oui_rx(struct wpa_authenticator *wpa_auth, const u8 *src_addr, 4435 const u8 *dst_addr, u8 oui_suffix, const u8 *data, 4436 size_t data_len) 4437 { 4438 const u8 *auth, *enc; 4439 size_t alen, elen; 4440 int no_defer = 0; 4441 4442 wpa_printf(MSG_DEBUG, "FT: RRB-OUI received frame from remote AP " 4443 MACSTR, MAC2STR(src_addr)); 4444 wpa_printf(MSG_DEBUG, "FT: RRB-OUI frame - oui_suffix=%d", oui_suffix); 4445 wpa_hexdump(MSG_MSGDUMP, "FT: RRB frame payload", data, data_len); 4446 4447 if (is_multicast_ether_addr(src_addr)) { 4448 wpa_printf(MSG_DEBUG, 4449 "FT: RRB-OUI received frame from multicast address " 4450 MACSTR, MAC2STR(src_addr)); 4451 return; 4452 } 4453 4454 if (is_multicast_ether_addr(dst_addr)) { 4455 wpa_printf(MSG_DEBUG, 4456 "FT: RRB-OUI received frame from remote AP " MACSTR 4457 " to multicast address " MACSTR, 4458 MAC2STR(src_addr), MAC2STR(dst_addr)); 4459 no_defer = 1; 4460 } 4461 4462 if (data_len < sizeof(u16)) { 4463 wpa_printf(MSG_DEBUG, "FT: RRB-OUI frame too short"); 4464 return; 4465 } 4466 4467 alen = WPA_GET_LE16(data); 4468 if (data_len < sizeof(u16) + alen) { 4469 wpa_printf(MSG_DEBUG, "FT: RRB-OUI frame too short"); 4470 return; 4471 } 4472 4473 auth = data + sizeof(u16); 4474 wpa_hexdump(MSG_MSGDUMP, "FT: Authenticated payload", auth, alen); 4475 enc = data + sizeof(u16) + alen; 4476 elen = data_len - sizeof(u16) - alen; 4477 wpa_hexdump(MSG_MSGDUMP, "FT: Encrypted payload", enc, elen); 4478 4479 switch (oui_suffix) { 4480 case FT_PACKET_R0KH_R1KH_PULL: 4481 wpa_ft_rrb_rx_pull(wpa_auth, src_addr, enc, elen, auth, alen, 4482 no_defer); 4483 break; 4484 case FT_PACKET_R0KH_R1KH_RESP: 4485 wpa_ft_rrb_rx_resp(wpa_auth, src_addr, enc, elen, auth, alen, 4486 no_defer); 4487 break; 4488 case FT_PACKET_R0KH_R1KH_PUSH: 4489 wpa_ft_rrb_rx_push(wpa_auth, src_addr, enc, elen, auth, alen, 4490 no_defer); 4491 break; 4492 case FT_PACKET_R0KH_R1KH_SEQ_REQ: 4493 wpa_ft_rrb_rx_seq_req(wpa_auth, src_addr, enc, elen, auth, alen, 4494 no_defer); 4495 break; 4496 case FT_PACKET_R0KH_R1KH_SEQ_RESP: 4497 wpa_ft_rrb_rx_seq_resp(wpa_auth, src_addr, enc, elen, auth, 4498 alen, no_defer); 4499 break; 4500 } 4501 } 4502 4503 4504 static int wpa_ft_generate_pmk_r1(struct wpa_authenticator *wpa_auth, 4505 struct wpa_ft_pmk_r0_sa *pmk_r0, 4506 struct ft_remote_r1kh *r1kh, 4507 const u8 *s1kh_id) 4508 { 4509 u8 *packet; 4510 size_t packet_len; 4511 struct ft_rrb_seq f_seq; 4512 struct tlv_list push[] = { 4513 { .type = FT_RRB_S1KH_ID, .len = ETH_ALEN, 4514 .data = s1kh_id }, 4515 { .type = FT_RRB_PMK_R0_NAME, .len = WPA_PMK_NAME_LEN, 4516 .data = pmk_r0->pmk_r0_name }, 4517 { .type = FT_RRB_LAST_EMPTY, .len = 0, .data = NULL }, 4518 }; 4519 struct tlv_list push_auth[] = { 4520 { .type = FT_RRB_SEQ, .len = sizeof(f_seq), 4521 .data = (u8 *) &f_seq }, 4522 { .type = FT_RRB_R0KH_ID, 4523 .len = wpa_auth->conf.r0_key_holder_len, 4524 .data = wpa_auth->conf.r0_key_holder }, 4525 { .type = FT_RRB_R1KH_ID, .len = FT_R1KH_ID_LEN, 4526 .data = r1kh->id }, 4527 { .type = FT_RRB_LAST_EMPTY, .len = 0, .data = NULL }, 4528 }; 4529 4530 if (wpa_ft_new_seq(r1kh->seq, &f_seq) < 0) { 4531 wpa_printf(MSG_DEBUG, "FT: Failed to get seq num"); 4532 return -1; 4533 } 4534 4535 if (wpa_ft_rrb_build_r0(r1kh->key, sizeof(r1kh->key), push, pmk_r0, 4536 r1kh->id, s1kh_id, push_auth, wpa_auth->addr, 4537 FT_PACKET_R0KH_R1KH_PUSH, 4538 &packet, &packet_len) < 0) 4539 return -1; 4540 4541 wpa_ft_rrb_oui_send(wpa_auth, r1kh->addr, FT_PACKET_R0KH_R1KH_PUSH, 4542 packet, packet_len); 4543 4544 os_free(packet); 4545 return 0; 4546 } 4547 4548 4549 void wpa_ft_push_pmk_r1(struct wpa_authenticator *wpa_auth, const u8 *addr) 4550 { 4551 struct wpa_ft_pmk_cache *cache = wpa_auth->ft_pmk_cache; 4552 struct wpa_ft_pmk_r0_sa *r0, *r0found = NULL; 4553 struct ft_remote_r1kh *r1kh; 4554 4555 if (!wpa_auth->conf.pmk_r1_push) 4556 return; 4557 if (!wpa_auth->conf.r1kh_list) 4558 return; 4559 4560 dl_list_for_each(r0, &cache->pmk_r0, struct wpa_ft_pmk_r0_sa, list) { 4561 if (os_memcmp(r0->spa, addr, ETH_ALEN) == 0) { 4562 r0found = r0; 4563 break; 4564 } 4565 } 4566 4567 r0 = r0found; 4568 if (r0 == NULL || r0->pmk_r1_pushed) 4569 return; 4570 r0->pmk_r1_pushed = 1; 4571 4572 wpa_printf(MSG_DEBUG, "FT: Deriving and pushing PMK-R1 keys to R1KHs " 4573 "for STA " MACSTR, MAC2STR(addr)); 4574 4575 for (r1kh = *wpa_auth->conf.r1kh_list; r1kh; r1kh = r1kh->next) { 4576 if (is_zero_ether_addr(r1kh->addr) || 4577 is_zero_ether_addr(r1kh->id)) 4578 continue; 4579 if (wpa_ft_rrb_init_r1kh_seq(r1kh) < 0) 4580 continue; 4581 wpa_ft_generate_pmk_r1(wpa_auth, r0, r1kh, addr); 4582 } 4583 } 4584 4585 #endif /* CONFIG_IEEE80211R_AP */ 4586