xref: /freebsd/contrib/wpa/src/ap/wpa_auth_ft.c (revision c66ec88fed842fbaad62c30d510644ceb7bd2d71)
1 /*
2  * hostapd - IEEE 802.11r - Fast BSS Transition
3  * Copyright (c) 2004-2018, Jouni Malinen <j@w1.fi>
4  *
5  * This software may be distributed under the terms of the BSD license.
6  * See README for more details.
7  */
8 
9 #include "utils/includes.h"
10 
11 #include "utils/common.h"
12 #include "utils/eloop.h"
13 #include "utils/list.h"
14 #include "common/ieee802_11_defs.h"
15 #include "common/ieee802_11_common.h"
16 #include "common/ocv.h"
17 #include "drivers/driver.h"
18 #include "crypto/aes.h"
19 #include "crypto/aes_siv.h"
20 #include "crypto/aes_wrap.h"
21 #include "crypto/sha384.h"
22 #include "crypto/random.h"
23 #include "ap_config.h"
24 #include "ieee802_11.h"
25 #include "wmm.h"
26 #include "wpa_auth.h"
27 #include "wpa_auth_i.h"
28 #include "pmksa_cache_auth.h"
29 
30 
31 #ifdef CONFIG_IEEE80211R_AP
32 
33 const unsigned int ftRRBseqTimeout = 10;
34 const unsigned int ftRRBmaxQueueLen = 100;
35 
36 
37 static int wpa_ft_send_rrb_auth_resp(struct wpa_state_machine *sm,
38 				     const u8 *current_ap, const u8 *sta_addr,
39 				     u16 status, const u8 *resp_ies,
40 				     size_t resp_ies_len);
41 static void ft_finish_pull(struct wpa_state_machine *sm);
42 static void wpa_ft_expire_pull(void *eloop_ctx, void *timeout_ctx);
43 static void wpa_ft_rrb_seq_timeout(void *eloop_ctx, void *timeout_ctx);
44 
45 struct tlv_list {
46 	u16 type;
47 	size_t len;
48 	const u8 *data;
49 };
50 
51 
52 /**
53  * wpa_ft_rrb_decrypt - Decrypt FT RRB message
54  * @key: AES-SIV key for AEAD
55  * @key_len: Length of key in octets
56  * @enc: Pointer to encrypted TLVs
57  * @enc_len: Length of encrypted TLVs in octets
58  * @auth: Pointer to authenticated TLVs
59  * @auth_len: Length of authenticated TLVs in octets
60  * @src_addr: MAC address of the frame sender
61  * @type: Vendor-specific subtype of the RRB frame (FT_PACKET_*)
62  * @plain: Pointer to return the pointer to the allocated plaintext buffer;
63  *	needs to be freed by the caller if not NULL;
64  *	will only be returned on success
65  * @plain_len: Pointer to return the length of the allocated plaintext buffer
66  *	in octets
67  * Returns: 0 on success, -1 on error
68  */
69 static int wpa_ft_rrb_decrypt(const u8 *key, const size_t key_len,
70 			      const u8 *enc, size_t enc_len,
71 			      const u8 *auth, const size_t auth_len,
72 			      const u8 *src_addr, u8 type,
73 			      u8 **plain, size_t *plain_size)
74 {
75 	const u8 *ad[3] = { src_addr, auth, &type };
76 	size_t ad_len[3] = { ETH_ALEN, auth_len, sizeof(type) };
77 
78 	wpa_printf(MSG_DEBUG, "FT(RRB): src_addr=" MACSTR " type=%u",
79 		   MAC2STR(src_addr), type);
80 	wpa_hexdump_key(MSG_DEBUG, "FT(RRB): decrypt using key", key, key_len);
81 	wpa_hexdump(MSG_DEBUG, "FT(RRB): encrypted TLVs", enc, enc_len);
82 	wpa_hexdump(MSG_DEBUG, "FT(RRB): authenticated TLVs", auth, auth_len);
83 
84 	if (!key) { /* skip decryption */
85 		*plain = os_memdup(enc, enc_len);
86 		if (enc_len > 0 && !*plain)
87 			goto err;
88 
89 		*plain_size = enc_len;
90 
91 		return 0;
92 	}
93 
94 	*plain = NULL;
95 
96 	/* SIV overhead */
97 	if (enc_len < AES_BLOCK_SIZE)
98 		goto err;
99 
100 	*plain = os_zalloc(enc_len - AES_BLOCK_SIZE);
101 	if (!*plain)
102 		goto err;
103 
104 	if (aes_siv_decrypt(key, key_len, enc, enc_len, 3, ad, ad_len,
105 			    *plain) < 0) {
106 		if (enc_len < AES_BLOCK_SIZE + 2)
107 			goto err;
108 
109 		/* Try to work around Ethernet devices that add extra
110 		 * two octet padding even if the frame is longer than
111 		 * the minimum Ethernet frame. */
112 		enc_len -= 2;
113 		if (aes_siv_decrypt(key, key_len, enc, enc_len, 3, ad, ad_len,
114 				    *plain) < 0)
115 			goto err;
116 	}
117 
118 	*plain_size = enc_len - AES_BLOCK_SIZE;
119 	wpa_hexdump_key(MSG_DEBUG, "FT(RRB): decrypted TLVs",
120 			*plain, *plain_size);
121 	return 0;
122 err:
123 	os_free(*plain);
124 	*plain = NULL;
125 	*plain_size = 0;
126 
127 	wpa_printf(MSG_ERROR, "FT(RRB): Failed to decrypt");
128 
129 	return -1;
130 }
131 
132 
133 /* get first tlv record in packet matching type
134  * @data (decrypted) packet
135  * @return 0 on success else -1
136  */
137 static int wpa_ft_rrb_get_tlv(const u8 *plain, size_t plain_len,
138 			      u16 type, size_t *tlv_len, const u8 **tlv_data)
139 {
140 	const struct ft_rrb_tlv *f;
141 	size_t left;
142 	le16 type16;
143 	size_t len;
144 
145 	left = plain_len;
146 	type16 = host_to_le16(type);
147 
148 	while (left >= sizeof(*f)) {
149 		f = (const struct ft_rrb_tlv *) plain;
150 
151 		left -= sizeof(*f);
152 		plain += sizeof(*f);
153 		len = le_to_host16(f->len);
154 
155 		if (left < len) {
156 			wpa_printf(MSG_DEBUG, "FT: RRB message truncated");
157 			break;
158 		}
159 
160 		if (f->type == type16) {
161 			*tlv_len = len;
162 			*tlv_data = plain;
163 			return 0;
164 		}
165 
166 		left -= len;
167 		plain += len;
168 	}
169 
170 	return -1;
171 }
172 
173 
174 static void wpa_ft_rrb_dump(const u8 *plain, const size_t plain_len)
175 {
176 	const struct ft_rrb_tlv *f;
177 	size_t left;
178 	size_t len;
179 
180 	left = plain_len;
181 
182 	wpa_printf(MSG_DEBUG, "FT: RRB dump message");
183 	while (left >= sizeof(*f)) {
184 		f = (const struct ft_rrb_tlv *) plain;
185 
186 		left -= sizeof(*f);
187 		plain += sizeof(*f);
188 		len = le_to_host16(f->len);
189 
190 		wpa_printf(MSG_DEBUG, "FT: RRB TLV type = %d, len = %zu",
191 			   le_to_host16(f->type), len);
192 
193 		if (left < len) {
194 			wpa_printf(MSG_DEBUG,
195 				   "FT: RRB message truncated: left %zu bytes, need %zu",
196 				   left, len);
197 			break;
198 		}
199 
200 		wpa_hexdump(MSG_DEBUG, "FT: RRB TLV data", plain, len);
201 
202 		left -= len;
203 		plain += len;
204 	}
205 
206 	if (left > 0)
207 		wpa_hexdump(MSG_DEBUG, "FT: RRB TLV padding", plain, left);
208 
209 	wpa_printf(MSG_DEBUG, "FT: RRB dump message end");
210 }
211 
212 
213 static int cmp_int(const void *a, const void *b)
214 {
215 	int x, y;
216 
217 	x = *((int *) a);
218 	y = *((int *) b);
219 	return x - y;
220 }
221 
222 
223 static int wpa_ft_rrb_get_tlv_vlan(const u8 *plain, const size_t plain_len,
224 				   struct vlan_description *vlan)
225 {
226 	struct ft_rrb_tlv *f;
227 	size_t left;
228 	size_t len;
229 	int taggedidx;
230 	int vlan_id;
231 	int type;
232 
233 	left = plain_len;
234 	taggedidx = 0;
235 	os_memset(vlan, 0, sizeof(*vlan));
236 
237 	while (left >= sizeof(*f)) {
238 		f = (struct ft_rrb_tlv *) plain;
239 
240 		left -= sizeof(*f);
241 		plain += sizeof(*f);
242 
243 		len = le_to_host16(f->len);
244 		type = le_to_host16(f->type);
245 
246 		if (left < len) {
247 			wpa_printf(MSG_DEBUG, "FT: RRB message truncated");
248 			return -1;
249 		}
250 
251 		if (type != FT_RRB_VLAN_UNTAGGED && type != FT_RRB_VLAN_TAGGED)
252 			goto skip;
253 
254 		if (type == FT_RRB_VLAN_UNTAGGED && len != sizeof(le16)) {
255 			wpa_printf(MSG_DEBUG,
256 				   "FT: RRB VLAN_UNTAGGED invalid length");
257 			return -1;
258 		}
259 
260 		if (type == FT_RRB_VLAN_TAGGED && len % sizeof(le16) != 0) {
261 			wpa_printf(MSG_DEBUG,
262 				   "FT: RRB VLAN_TAGGED invalid length");
263 			return -1;
264 		}
265 
266 		while (len >= sizeof(le16)) {
267 			vlan_id = WPA_GET_LE16(plain);
268 			plain += sizeof(le16);
269 			left -= sizeof(le16);
270 			len -= sizeof(le16);
271 
272 			if (vlan_id <= 0 || vlan_id > MAX_VLAN_ID) {
273 				wpa_printf(MSG_DEBUG,
274 					   "FT: RRB VLAN ID invalid %d",
275 					   vlan_id);
276 				continue;
277 			}
278 
279 			if (type == FT_RRB_VLAN_UNTAGGED)
280 				vlan->untagged = vlan_id;
281 
282 			if (type == FT_RRB_VLAN_TAGGED &&
283 			    taggedidx < MAX_NUM_TAGGED_VLAN) {
284 				vlan->tagged[taggedidx] = vlan_id;
285 				taggedidx++;
286 			} else if (type == FT_RRB_VLAN_TAGGED) {
287 				wpa_printf(MSG_DEBUG, "FT: RRB too many VLANs");
288 			}
289 		}
290 
291 	skip:
292 		left -= len;
293 		plain += len;
294 	}
295 
296 	if (taggedidx)
297 		qsort(vlan->tagged, taggedidx, sizeof(int), cmp_int);
298 
299 	vlan->notempty = vlan->untagged || vlan->tagged[0];
300 
301 	return 0;
302 }
303 
304 
305 static size_t wpa_ft_tlv_len(const struct tlv_list *tlvs)
306 {
307 	size_t tlv_len = 0;
308 	int i;
309 
310 	if (!tlvs)
311 		return 0;
312 
313 	for (i = 0; tlvs[i].type != FT_RRB_LAST_EMPTY; i++) {
314 		tlv_len += sizeof(struct ft_rrb_tlv);
315 		tlv_len += tlvs[i].len;
316 	}
317 
318 	return tlv_len;
319 }
320 
321 
322 static size_t wpa_ft_tlv_lin(const struct tlv_list *tlvs, u8 *start,
323 			     u8 *endpos)
324 {
325 	int i;
326 	size_t tlv_len;
327 	struct ft_rrb_tlv *hdr;
328 	u8 *pos;
329 
330 	if (!tlvs)
331 		return 0;
332 
333 	tlv_len = 0;
334 	pos = start;
335 	for (i = 0; tlvs[i].type != FT_RRB_LAST_EMPTY; i++) {
336 		if (tlv_len + sizeof(*hdr) > (size_t) (endpos - start))
337 			return tlv_len;
338 		tlv_len += sizeof(*hdr);
339 		hdr = (struct ft_rrb_tlv *) pos;
340 		hdr->type = host_to_le16(tlvs[i].type);
341 		hdr->len = host_to_le16(tlvs[i].len);
342 		pos = start + tlv_len;
343 
344 		if (tlv_len + tlvs[i].len > (size_t) (endpos - start))
345 			return tlv_len;
346 		if (tlvs[i].len == 0)
347 			continue;
348 		tlv_len += tlvs[i].len;
349 		os_memcpy(pos, tlvs[i].data, tlvs[i].len);
350 		pos = start + tlv_len;
351 	}
352 
353 	return tlv_len;
354 }
355 
356 
357 static size_t wpa_ft_vlan_len(const struct vlan_description *vlan)
358 {
359 	size_t tlv_len = 0;
360 	int i;
361 
362 	if (!vlan || !vlan->notempty)
363 		return 0;
364 
365 	if (vlan->untagged) {
366 		tlv_len += sizeof(struct ft_rrb_tlv);
367 		tlv_len += sizeof(le16);
368 	}
369 	if (vlan->tagged[0])
370 		tlv_len += sizeof(struct ft_rrb_tlv);
371 	for (i = 0; i < MAX_NUM_TAGGED_VLAN && vlan->tagged[i]; i++)
372 		tlv_len += sizeof(le16);
373 
374 	return tlv_len;
375 }
376 
377 
378 static size_t wpa_ft_vlan_lin(const struct vlan_description *vlan,
379 			      u8 *start, u8 *endpos)
380 {
381 	size_t tlv_len;
382 	int i, len;
383 	struct ft_rrb_tlv *hdr;
384 	u8 *pos = start;
385 
386 	if (!vlan || !vlan->notempty)
387 		return 0;
388 
389 	tlv_len = 0;
390 	if (vlan->untagged) {
391 		tlv_len += sizeof(*hdr);
392 		if (start + tlv_len > endpos)
393 			return tlv_len;
394 		hdr = (struct ft_rrb_tlv *) pos;
395 		hdr->type = host_to_le16(FT_RRB_VLAN_UNTAGGED);
396 		hdr->len = host_to_le16(sizeof(le16));
397 		pos = start + tlv_len;
398 
399 		tlv_len += sizeof(le16);
400 		if (start + tlv_len > endpos)
401 			return tlv_len;
402 		WPA_PUT_LE16(pos, vlan->untagged);
403 		pos = start + tlv_len;
404 	}
405 
406 	if (!vlan->tagged[0])
407 		return tlv_len;
408 
409 	tlv_len += sizeof(*hdr);
410 	if (start + tlv_len > endpos)
411 		return tlv_len;
412 	hdr = (struct ft_rrb_tlv *) pos;
413 	hdr->type = host_to_le16(FT_RRB_VLAN_TAGGED);
414 	len = 0; /* len is computed below */
415 	pos = start + tlv_len;
416 
417 	for (i = 0; i < MAX_NUM_TAGGED_VLAN && vlan->tagged[i]; i++) {
418 		tlv_len += sizeof(le16);
419 		if (start + tlv_len > endpos)
420 			break;
421 		len += sizeof(le16);
422 		WPA_PUT_LE16(pos, vlan->tagged[i]);
423 		pos = start + tlv_len;
424 	}
425 
426 	hdr->len = host_to_le16(len);
427 
428 	return tlv_len;
429 }
430 
431 
432 static int wpa_ft_rrb_lin(const struct tlv_list *tlvs1,
433 			  const struct tlv_list *tlvs2,
434 			  const struct vlan_description *vlan,
435 			  u8 **plain, size_t *plain_len)
436 {
437 	u8 *pos, *endpos;
438 	size_t tlv_len;
439 
440 	tlv_len = wpa_ft_tlv_len(tlvs1);
441 	tlv_len += wpa_ft_tlv_len(tlvs2);
442 	tlv_len += wpa_ft_vlan_len(vlan);
443 
444 	*plain_len = tlv_len;
445 	*plain = os_zalloc(tlv_len);
446 	if (!*plain) {
447 		wpa_printf(MSG_ERROR, "FT: Failed to allocate plaintext");
448 		goto err;
449 	}
450 
451 	pos = *plain;
452 	endpos = *plain + tlv_len;
453 	pos += wpa_ft_tlv_lin(tlvs1, pos, endpos);
454 	pos += wpa_ft_tlv_lin(tlvs2, pos, endpos);
455 	pos += wpa_ft_vlan_lin(vlan, pos, endpos);
456 
457 	/* sanity check */
458 	if (pos != endpos) {
459 		wpa_printf(MSG_ERROR, "FT: Length error building RRB");
460 		goto err;
461 	}
462 
463 	return 0;
464 
465 err:
466 	os_free(*plain);
467 	*plain = NULL;
468 	*plain_len = 0;
469 	return -1;
470 }
471 
472 
473 static int wpa_ft_rrb_encrypt(const u8 *key, const size_t key_len,
474 			      const u8 *plain, const size_t plain_len,
475 			      const u8 *auth, const size_t auth_len,
476 			      const u8 *src_addr, u8 type, u8 *enc)
477 {
478 	const u8 *ad[3] = { src_addr, auth, &type };
479 	size_t ad_len[3] = { ETH_ALEN, auth_len, sizeof(type) };
480 
481 	wpa_printf(MSG_DEBUG, "FT(RRB): src_addr=" MACSTR " type=%u",
482 		   MAC2STR(src_addr), type);
483 	wpa_hexdump_key(MSG_DEBUG, "FT(RRB): plaintext message",
484 			plain, plain_len);
485 	wpa_hexdump_key(MSG_DEBUG, "FT(RRB): encrypt using key", key, key_len);
486 	wpa_hexdump(MSG_DEBUG, "FT(RRB): authenticated TLVs", auth, auth_len);
487 
488 	if (!key) {
489 		/* encryption not needed, return plaintext as packet */
490 		os_memcpy(enc, plain, plain_len);
491 	} else if (aes_siv_encrypt(key, key_len, plain, plain_len,
492 				   3, ad, ad_len, enc) < 0) {
493 		wpa_printf(MSG_ERROR, "FT: Failed to encrypt RRB-OUI message");
494 		return -1;
495 	}
496 	wpa_hexdump(MSG_DEBUG, "FT(RRB): encrypted TLVs",
497 		    enc, plain_len + AES_BLOCK_SIZE);
498 
499 	return 0;
500 }
501 
502 
503 /**
504  * wpa_ft_rrb_build - Build and encrypt an FT RRB message
505  * @key: AES-SIV key for AEAD
506  * @key_len: Length of key in octets
507  * @tlvs_enc0: First set of to-be-encrypted TLVs
508  * @tlvs_enc1: Second set of to-be-encrypted TLVs
509  * @tlvs_auth: Set of to-be-authenticated TLVs
510  * @src_addr: MAC address of the frame sender
511  * @type: Vendor-specific subtype of the RRB frame (FT_PACKET_*)
512  * @packet Pointer to return the pointer to the allocated packet buffer;
513  *         needs to be freed by the caller if not null;
514  *         will only be returned on success
515  * @packet_len: Pointer to return the length of the allocated buffer in octets
516  * Returns: 0 on success, -1 on error
517  */
518 static int wpa_ft_rrb_build(const u8 *key, const size_t key_len,
519 			    const struct tlv_list *tlvs_enc0,
520 			    const struct tlv_list *tlvs_enc1,
521 			    const struct tlv_list *tlvs_auth,
522 			    const struct vlan_description *vlan,
523 			    const u8 *src_addr, u8 type,
524 			    u8 **packet, size_t *packet_len)
525 {
526 	u8 *plain = NULL, *auth = NULL, *pos, *tmp;
527 	size_t plain_len = 0, auth_len = 0;
528 	int ret = -1;
529 	size_t pad_len = 0;
530 
531 	*packet = NULL;
532 	if (wpa_ft_rrb_lin(tlvs_enc0, tlvs_enc1, vlan, &plain, &plain_len) < 0)
533 		goto out;
534 
535 	if (wpa_ft_rrb_lin(tlvs_auth, NULL, NULL, &auth, &auth_len) < 0)
536 		goto out;
537 
538 	*packet_len = sizeof(u16) + auth_len + plain_len;
539 	if (key)
540 		*packet_len += AES_BLOCK_SIZE;
541 #define RRB_MIN_MSG_LEN 64
542 	if (*packet_len < RRB_MIN_MSG_LEN) {
543 		pad_len = RRB_MIN_MSG_LEN - *packet_len;
544 		if (pad_len < sizeof(struct ft_rrb_tlv))
545 			pad_len = sizeof(struct ft_rrb_tlv);
546 		wpa_printf(MSG_DEBUG,
547 			   "FT: Pad message to minimum Ethernet frame length (%d --> %d)",
548 			   (int) *packet_len, (int) (*packet_len + pad_len));
549 		*packet_len += pad_len;
550 		tmp = os_realloc(auth, auth_len + pad_len);
551 		if (!tmp)
552 			goto out;
553 		auth = tmp;
554 		pos = auth + auth_len;
555 		WPA_PUT_LE16(pos, FT_RRB_LAST_EMPTY);
556 		pos += 2;
557 		WPA_PUT_LE16(pos, pad_len - sizeof(struct ft_rrb_tlv));
558 		pos += 2;
559 		os_memset(pos, 0, pad_len - sizeof(struct ft_rrb_tlv));
560 		auth_len += pad_len;
561 
562 	}
563 	*packet = os_zalloc(*packet_len);
564 	if (!*packet)
565 		goto out;
566 
567 	pos = *packet;
568 	WPA_PUT_LE16(pos, auth_len);
569 	pos += 2;
570 	os_memcpy(pos, auth, auth_len);
571 	pos += auth_len;
572 	if (wpa_ft_rrb_encrypt(key, key_len, plain, plain_len, auth,
573 			       auth_len, src_addr, type, pos) < 0)
574 		goto out;
575 	wpa_hexdump(MSG_MSGDUMP, "FT: RRB frame payload", *packet, *packet_len);
576 
577 	ret = 0;
578 
579 out:
580 	bin_clear_free(plain, plain_len);
581 	os_free(auth);
582 
583 	if (ret) {
584 		wpa_printf(MSG_ERROR, "FT: Failed to build RRB-OUI message");
585 		os_free(*packet);
586 		*packet = NULL;
587 		*packet_len = 0;
588 	}
589 
590 	return ret;
591 }
592 
593 
594 #define RRB_GET_SRC(srcfield, type, field, txt, checklength) do { \
595 	if (wpa_ft_rrb_get_tlv(srcfield, srcfield##_len, type, \
596 				&f_##field##_len, &f_##field) < 0 || \
597 	    (checklength > 0 && ((size_t) checklength) != f_##field##_len)) { \
598 		wpa_printf(MSG_INFO, "FT: Missing required " #field \
599 			   " in %s from " MACSTR, txt, MAC2STR(src_addr)); \
600 		wpa_ft_rrb_dump(srcfield, srcfield##_len); \
601 		goto out; \
602 	} \
603 } while (0)
604 
605 #define RRB_GET(type, field, txt, checklength) \
606 	RRB_GET_SRC(plain, type, field, txt, checklength)
607 #define RRB_GET_AUTH(type, field, txt, checklength) \
608 	RRB_GET_SRC(auth, type, field, txt, checklength)
609 
610 #define RRB_GET_OPTIONAL_SRC(srcfield, type, field, txt, checklength) do { \
611 	if (wpa_ft_rrb_get_tlv(srcfield, srcfield##_len, type, \
612 				&f_##field##_len, &f_##field) < 0 || \
613 	    (checklength > 0 && ((size_t) checklength) != f_##field##_len)) { \
614 		wpa_printf(MSG_DEBUG, "FT: Missing optional " #field \
615 			   " in %s from " MACSTR, txt, MAC2STR(src_addr)); \
616 		f_##field##_len = 0; \
617 		f_##field = NULL; \
618 	} \
619 } while (0)
620 
621 #define RRB_GET_OPTIONAL(type, field, txt, checklength) \
622 	RRB_GET_OPTIONAL_SRC(plain, type, field, txt, checklength)
623 #define RRB_GET_OPTIONAL_AUTH(type, field, txt, checklength) \
624 	RRB_GET_OPTIONAL_SRC(auth, type, field, txt, checklength)
625 
626 static int wpa_ft_rrb_send(struct wpa_authenticator *wpa_auth, const u8 *dst,
627 			   const u8 *data, size_t data_len)
628 {
629 	if (wpa_auth->cb->send_ether == NULL)
630 		return -1;
631 	wpa_printf(MSG_DEBUG, "FT: RRB send to " MACSTR, MAC2STR(dst));
632 	return wpa_auth->cb->send_ether(wpa_auth->cb_ctx, dst, ETH_P_RRB,
633 					data, data_len);
634 }
635 
636 
637 static int wpa_ft_rrb_oui_send(struct wpa_authenticator *wpa_auth,
638 			       const u8 *dst, u8 oui_suffix,
639 			       const u8 *data, size_t data_len)
640 {
641 	if (!wpa_auth->cb->send_oui)
642 		return -1;
643 	wpa_printf(MSG_DEBUG, "FT: RRB-OUI type %u send to " MACSTR " (len=%u)",
644 		   oui_suffix, MAC2STR(dst), (unsigned int) data_len);
645 	return wpa_auth->cb->send_oui(wpa_auth->cb_ctx, dst, oui_suffix, data,
646 				      data_len);
647 }
648 
649 
650 static int wpa_ft_action_send(struct wpa_authenticator *wpa_auth,
651 			      const u8 *dst, const u8 *data, size_t data_len)
652 {
653 	if (wpa_auth->cb->send_ft_action == NULL)
654 		return -1;
655 	return wpa_auth->cb->send_ft_action(wpa_auth->cb_ctx, dst,
656 					    data, data_len);
657 }
658 
659 
660 static const u8 * wpa_ft_get_psk(struct wpa_authenticator *wpa_auth,
661 				 const u8 *addr, const u8 *p2p_dev_addr,
662 				 const u8 *prev_psk)
663 {
664 	if (wpa_auth->cb->get_psk == NULL)
665 		return NULL;
666 	return wpa_auth->cb->get_psk(wpa_auth->cb_ctx, addr, p2p_dev_addr,
667 				     prev_psk, NULL, NULL);
668 }
669 
670 
671 static struct wpa_state_machine *
672 wpa_ft_add_sta(struct wpa_authenticator *wpa_auth, const u8 *sta_addr)
673 {
674 	if (wpa_auth->cb->add_sta == NULL)
675 		return NULL;
676 	return wpa_auth->cb->add_sta(wpa_auth->cb_ctx, sta_addr);
677 }
678 
679 
680 static int wpa_ft_set_vlan(struct wpa_authenticator *wpa_auth,
681 			   const u8 *sta_addr, struct vlan_description *vlan)
682 {
683 	if (!wpa_auth->cb->set_vlan)
684 		return -1;
685 	return wpa_auth->cb->set_vlan(wpa_auth->cb_ctx, sta_addr, vlan);
686 }
687 
688 
689 static int wpa_ft_get_vlan(struct wpa_authenticator *wpa_auth,
690 			   const u8 *sta_addr, struct vlan_description *vlan)
691 {
692 	if (!wpa_auth->cb->get_vlan)
693 		return -1;
694 	return wpa_auth->cb->get_vlan(wpa_auth->cb_ctx, sta_addr, vlan);
695 }
696 
697 
698 static int
699 wpa_ft_set_identity(struct wpa_authenticator *wpa_auth, const u8 *sta_addr,
700 		    const u8 *identity, size_t identity_len)
701 {
702 	if (!wpa_auth->cb->set_identity)
703 		return -1;
704 	return wpa_auth->cb->set_identity(wpa_auth->cb_ctx, sta_addr, identity,
705 					  identity_len);
706 }
707 
708 
709 static size_t
710 wpa_ft_get_identity(struct wpa_authenticator *wpa_auth, const u8 *sta_addr,
711 		    const u8 **buf)
712 {
713 	*buf = NULL;
714 	if (!wpa_auth->cb->get_identity)
715 		return 0;
716 	return wpa_auth->cb->get_identity(wpa_auth->cb_ctx, sta_addr, buf);
717 }
718 
719 
720 static int
721 wpa_ft_set_radius_cui(struct wpa_authenticator *wpa_auth, const u8 *sta_addr,
722 		      const u8 *radius_cui, size_t radius_cui_len)
723 {
724 	if (!wpa_auth->cb->set_radius_cui)
725 		return -1;
726 	return wpa_auth->cb->set_radius_cui(wpa_auth->cb_ctx, sta_addr,
727 					    radius_cui, radius_cui_len);
728 }
729 
730 
731 static size_t
732 wpa_ft_get_radius_cui(struct wpa_authenticator *wpa_auth, const u8 *sta_addr,
733 		      const u8 **buf)
734 {
735 	*buf = NULL;
736 	if (!wpa_auth->cb->get_radius_cui)
737 		return 0;
738 	return wpa_auth->cb->get_radius_cui(wpa_auth->cb_ctx, sta_addr, buf);
739 }
740 
741 
742 static void
743 wpa_ft_set_session_timeout(struct wpa_authenticator *wpa_auth,
744 			    const u8 *sta_addr, int session_timeout)
745 {
746 	if (!wpa_auth->cb->set_session_timeout)
747 		return;
748 	wpa_auth->cb->set_session_timeout(wpa_auth->cb_ctx, sta_addr,
749 					  session_timeout);
750 }
751 
752 
753 static int
754 wpa_ft_get_session_timeout(struct wpa_authenticator *wpa_auth,
755 			    const u8 *sta_addr)
756 {
757 	if (!wpa_auth->cb->get_session_timeout)
758 		return 0;
759 	return wpa_auth->cb->get_session_timeout(wpa_auth->cb_ctx, sta_addr);
760 }
761 
762 
763 static int wpa_ft_add_tspec(struct wpa_authenticator *wpa_auth,
764 			    const u8 *sta_addr,
765 			    u8 *tspec_ie, size_t tspec_ielen)
766 {
767 	if (wpa_auth->cb->add_tspec == NULL) {
768 		wpa_printf(MSG_DEBUG, "FT: add_tspec is not initialized");
769 		return -1;
770 	}
771 	return wpa_auth->cb->add_tspec(wpa_auth->cb_ctx, sta_addr, tspec_ie,
772 				       tspec_ielen);
773 }
774 
775 
776 #ifdef CONFIG_OCV
777 static int wpa_channel_info(struct wpa_authenticator *wpa_auth,
778 			       struct wpa_channel_info *ci)
779 {
780 	if (!wpa_auth->cb->channel_info)
781 		return -1;
782 	return wpa_auth->cb->channel_info(wpa_auth->cb_ctx, ci);
783 }
784 #endif /* CONFIG_OCV */
785 
786 
787 int wpa_write_mdie(struct wpa_auth_config *conf, u8 *buf, size_t len)
788 {
789 	u8 *pos = buf;
790 	u8 capab;
791 	if (len < 2 + sizeof(struct rsn_mdie))
792 		return -1;
793 
794 	*pos++ = WLAN_EID_MOBILITY_DOMAIN;
795 	*pos++ = MOBILITY_DOMAIN_ID_LEN + 1;
796 	os_memcpy(pos, conf->mobility_domain, MOBILITY_DOMAIN_ID_LEN);
797 	pos += MOBILITY_DOMAIN_ID_LEN;
798 	capab = 0;
799 	if (conf->ft_over_ds)
800 		capab |= RSN_FT_CAPAB_FT_OVER_DS;
801 	*pos++ = capab;
802 
803 	return pos - buf;
804 }
805 
806 
807 int wpa_write_ftie(struct wpa_auth_config *conf, int use_sha384,
808 		   const u8 *r0kh_id, size_t r0kh_id_len,
809 		   const u8 *anonce, const u8 *snonce,
810 		   u8 *buf, size_t len, const u8 *subelem,
811 		   size_t subelem_len)
812 {
813 	u8 *pos = buf, *ielen;
814 	size_t hdrlen = use_sha384 ? sizeof(struct rsn_ftie_sha384) :
815 		sizeof(struct rsn_ftie);
816 
817 	if (len < 2 + hdrlen + 2 + FT_R1KH_ID_LEN + 2 + r0kh_id_len +
818 	    subelem_len)
819 		return -1;
820 
821 	*pos++ = WLAN_EID_FAST_BSS_TRANSITION;
822 	ielen = pos++;
823 
824 	if (use_sha384) {
825 		struct rsn_ftie_sha384 *hdr = (struct rsn_ftie_sha384 *) pos;
826 
827 		os_memset(hdr, 0, sizeof(*hdr));
828 		pos += sizeof(*hdr);
829 		WPA_PUT_LE16(hdr->mic_control, 0);
830 		if (anonce)
831 			os_memcpy(hdr->anonce, anonce, WPA_NONCE_LEN);
832 		if (snonce)
833 			os_memcpy(hdr->snonce, snonce, WPA_NONCE_LEN);
834 	} else {
835 		struct rsn_ftie *hdr = (struct rsn_ftie *) pos;
836 
837 		os_memset(hdr, 0, sizeof(*hdr));
838 		pos += sizeof(*hdr);
839 		WPA_PUT_LE16(hdr->mic_control, 0);
840 		if (anonce)
841 			os_memcpy(hdr->anonce, anonce, WPA_NONCE_LEN);
842 		if (snonce)
843 			os_memcpy(hdr->snonce, snonce, WPA_NONCE_LEN);
844 	}
845 
846 	/* Optional Parameters */
847 	*pos++ = FTIE_SUBELEM_R1KH_ID;
848 	*pos++ = FT_R1KH_ID_LEN;
849 	os_memcpy(pos, conf->r1_key_holder, FT_R1KH_ID_LEN);
850 	pos += FT_R1KH_ID_LEN;
851 
852 	if (r0kh_id) {
853 		*pos++ = FTIE_SUBELEM_R0KH_ID;
854 		*pos++ = r0kh_id_len;
855 		os_memcpy(pos, r0kh_id, r0kh_id_len);
856 		pos += r0kh_id_len;
857 	}
858 
859 	if (subelem) {
860 		os_memcpy(pos, subelem, subelem_len);
861 		pos += subelem_len;
862 	}
863 
864 	*ielen = pos - buf - 2;
865 
866 	return pos - buf;
867 }
868 
869 
870 /* A packet to be handled after seq response */
871 struct ft_remote_item {
872 	struct dl_list list;
873 
874 	u8 nonce[FT_RRB_NONCE_LEN];
875 	struct os_reltime nonce_ts;
876 
877 	u8 src_addr[ETH_ALEN];
878 	u8 *enc;
879 	size_t enc_len;
880 	u8 *auth;
881 	size_t auth_len;
882 	int (*cb)(struct wpa_authenticator *wpa_auth,
883 		  const u8 *src_addr,
884 		  const u8 *enc, size_t enc_len,
885 		  const u8 *auth, size_t auth_len,
886 		  int no_defer);
887 };
888 
889 
890 static void wpa_ft_rrb_seq_free(struct ft_remote_item *item)
891 {
892 	eloop_cancel_timeout(wpa_ft_rrb_seq_timeout, ELOOP_ALL_CTX, item);
893 	dl_list_del(&item->list);
894 	bin_clear_free(item->enc, item->enc_len);
895 	os_free(item->auth);
896 	os_free(item);
897 }
898 
899 
900 static void wpa_ft_rrb_seq_flush(struct wpa_authenticator *wpa_auth,
901 				 struct ft_remote_seq *rkh_seq, int cb)
902 {
903 	struct ft_remote_item *item, *n;
904 
905 	dl_list_for_each_safe(item, n, &rkh_seq->rx.queue,
906 			      struct ft_remote_item, list) {
907 		if (cb && item->cb)
908 			item->cb(wpa_auth, item->src_addr, item->enc,
909 				 item->enc_len, item->auth, item->auth_len, 1);
910 		wpa_ft_rrb_seq_free(item);
911 	}
912 }
913 
914 
915 static void wpa_ft_rrb_seq_timeout(void *eloop_ctx, void *timeout_ctx)
916 {
917 	struct ft_remote_item *item = timeout_ctx;
918 
919 	wpa_ft_rrb_seq_free(item);
920 }
921 
922 
923 static int
924 wpa_ft_rrb_seq_req(struct wpa_authenticator *wpa_auth,
925 		   struct ft_remote_seq *rkh_seq, const u8 *src_addr,
926 		   const u8 *f_r0kh_id, size_t f_r0kh_id_len,
927 		   const u8 *f_r1kh_id, const u8 *key, size_t key_len,
928 		   const u8 *enc, size_t enc_len,
929 		   const u8 *auth, size_t auth_len,
930 		   int (*cb)(struct wpa_authenticator *wpa_auth,
931 			     const u8 *src_addr,
932 			     const u8 *enc, size_t enc_len,
933 			     const u8 *auth, size_t auth_len,
934 			     int no_defer))
935 {
936 	struct ft_remote_item *item = NULL;
937 	u8 *packet = NULL;
938 	size_t packet_len;
939 	struct tlv_list seq_req_auth[] = {
940 		{ .type = FT_RRB_NONCE, .len = FT_RRB_NONCE_LEN,
941 		  .data = NULL /* to be filled: item->nonce */ },
942 		{ .type = FT_RRB_R0KH_ID, .len = f_r0kh_id_len,
943 		  .data = f_r0kh_id },
944 		{ .type = FT_RRB_R1KH_ID, .len = FT_R1KH_ID_LEN,
945 		  .data = f_r1kh_id },
946 		{ .type = FT_RRB_LAST_EMPTY, .len = 0, .data = NULL },
947 	};
948 
949 	if (dl_list_len(&rkh_seq->rx.queue) >= ftRRBmaxQueueLen) {
950 		wpa_printf(MSG_DEBUG, "FT: Sequence number queue too long");
951 		goto err;
952 	}
953 
954 	wpa_printf(MSG_DEBUG, "FT: Send out sequence number request to " MACSTR,
955 		   MAC2STR(src_addr));
956 	item = os_zalloc(sizeof(*item));
957 	if (!item)
958 		goto err;
959 
960 	os_memcpy(item->src_addr, src_addr, ETH_ALEN);
961 	item->cb = cb;
962 
963 	if (random_get_bytes(item->nonce, FT_RRB_NONCE_LEN) < 0) {
964 		wpa_printf(MSG_DEBUG, "FT: Seq num nonce: out of random bytes");
965 		goto err;
966 	}
967 
968 	if (os_get_reltime(&item->nonce_ts) < 0)
969 		goto err;
970 
971 	if (enc && enc_len > 0) {
972 		item->enc = os_memdup(enc, enc_len);
973 		item->enc_len = enc_len;
974 		if (!item->enc)
975 			goto err;
976 	}
977 
978 	if (auth && auth_len > 0) {
979 		item->auth = os_memdup(auth, auth_len);
980 		item->auth_len = auth_len;
981 		if (!item->auth)
982 			goto err;
983 	}
984 
985 	eloop_register_timeout(ftRRBseqTimeout, 0, wpa_ft_rrb_seq_timeout,
986 			       wpa_auth, item);
987 
988 	seq_req_auth[0].data = item->nonce;
989 
990 	if (wpa_ft_rrb_build(key, key_len, NULL, NULL, seq_req_auth, NULL,
991 			     wpa_auth->addr, FT_PACKET_R0KH_R1KH_SEQ_REQ,
992 			     &packet, &packet_len) < 0) {
993 		item = NULL; /* some other seq resp might still accept this */
994 		goto err;
995 	}
996 
997 	dl_list_add(&rkh_seq->rx.queue, &item->list);
998 
999 	wpa_ft_rrb_oui_send(wpa_auth, src_addr, FT_PACKET_R0KH_R1KH_SEQ_REQ,
1000 			    packet, packet_len);
1001 
1002 	os_free(packet);
1003 
1004 	return 0;
1005 err:
1006 	wpa_printf(MSG_DEBUG, "FT: Failed to send sequence number request");
1007 	if (item) {
1008 		os_free(item->auth);
1009 		bin_clear_free(item->enc, item->enc_len);
1010 		os_free(item);
1011 	}
1012 
1013 	return -1;
1014 }
1015 
1016 
1017 #define FT_RRB_SEQ_OK    0
1018 #define FT_RRB_SEQ_DROP  1
1019 #define FT_RRB_SEQ_DEFER 2
1020 
1021 static int
1022 wpa_ft_rrb_seq_chk(struct ft_remote_seq *rkh_seq, const u8 *src_addr,
1023 		   const u8 *enc, size_t enc_len,
1024 		   const u8 *auth, size_t auth_len,
1025 		   const char *msgtype, int no_defer)
1026 {
1027 	const u8 *f_seq;
1028 	size_t f_seq_len;
1029 	const struct ft_rrb_seq *msg_both;
1030 	u32 msg_seq, msg_off, rkh_off;
1031 	struct os_reltime now;
1032 	unsigned int i;
1033 
1034 	RRB_GET_AUTH(FT_RRB_SEQ, seq, msgtype, sizeof(*msg_both));
1035 	wpa_hexdump(MSG_DEBUG, "FT: sequence number", f_seq, f_seq_len);
1036 	msg_both = (const struct ft_rrb_seq *) f_seq;
1037 
1038 	if (rkh_seq->rx.num_last == 0) {
1039 		/* first packet from remote */
1040 		goto defer;
1041 	}
1042 
1043 	if (le_to_host32(msg_both->dom) != rkh_seq->rx.dom) {
1044 		/* remote might have rebooted */
1045 		goto defer;
1046 	}
1047 
1048 	if (os_get_reltime(&now) == 0) {
1049 		u32 msg_ts_now_remote, msg_ts_off;
1050 		struct os_reltime now_remote;
1051 
1052 		os_reltime_sub(&now, &rkh_seq->rx.time_offset, &now_remote);
1053 		msg_ts_now_remote = now_remote.sec;
1054 		msg_ts_off = le_to_host32(msg_both->ts) -
1055 			(msg_ts_now_remote - ftRRBseqTimeout);
1056 		if (msg_ts_off > 2 * ftRRBseqTimeout)
1057 			goto defer;
1058 	}
1059 
1060 	msg_seq = le_to_host32(msg_both->seq);
1061 	rkh_off = rkh_seq->rx.last[rkh_seq->rx.offsetidx];
1062 	msg_off = msg_seq - rkh_off;
1063 	if (msg_off > 0xC0000000)
1064 		goto out; /* too old message, drop it */
1065 
1066 	if (msg_off <= 0x40000000) {
1067 		for (i = 0; i < rkh_seq->rx.num_last; i++) {
1068 			if (rkh_seq->rx.last[i] == msg_seq)
1069 				goto out; /* duplicate message, drop it */
1070 		}
1071 
1072 		return FT_RRB_SEQ_OK;
1073 	}
1074 
1075 defer:
1076 	if (no_defer)
1077 		goto out;
1078 
1079 	wpa_printf(MSG_DEBUG, "FT: Possibly invalid sequence number in %s from "
1080 		   MACSTR, msgtype, MAC2STR(src_addr));
1081 
1082 	return FT_RRB_SEQ_DEFER;
1083 out:
1084 	wpa_printf(MSG_DEBUG, "FT: Invalid sequence number in %s from " MACSTR,
1085 		   msgtype, MAC2STR(src_addr));
1086 
1087 	return FT_RRB_SEQ_DROP;
1088 }
1089 
1090 
1091 static void
1092 wpa_ft_rrb_seq_accept(struct wpa_authenticator *wpa_auth,
1093 		      struct ft_remote_seq *rkh_seq, const u8 *src_addr,
1094 		      const u8 *auth, size_t auth_len,
1095 		      const char *msgtype)
1096 {
1097 	const u8 *f_seq;
1098 	size_t f_seq_len;
1099 	const struct ft_rrb_seq *msg_both;
1100 	u32 msg_seq, msg_off, min_off, rkh_off;
1101 	int minidx = 0;
1102 	unsigned int i;
1103 
1104 	RRB_GET_AUTH(FT_RRB_SEQ, seq, msgtype, sizeof(*msg_both));
1105 	msg_both = (const struct ft_rrb_seq *) f_seq;
1106 
1107 	msg_seq = le_to_host32(msg_both->seq);
1108 
1109 	if (rkh_seq->rx.num_last < FT_REMOTE_SEQ_BACKLOG) {
1110 		rkh_seq->rx.last[rkh_seq->rx.num_last] = msg_seq;
1111 		rkh_seq->rx.num_last++;
1112 		return;
1113 	}
1114 
1115 	rkh_off = rkh_seq->rx.last[rkh_seq->rx.offsetidx];
1116 	for (i = 0; i < rkh_seq->rx.num_last; i++) {
1117 		msg_off = rkh_seq->rx.last[i] - rkh_off;
1118 		min_off = rkh_seq->rx.last[minidx] - rkh_off;
1119 		if (msg_off < min_off && i != rkh_seq->rx.offsetidx)
1120 			minidx = i;
1121 	}
1122 	rkh_seq->rx.last[rkh_seq->rx.offsetidx] = msg_seq;
1123 	rkh_seq->rx.offsetidx = minidx;
1124 
1125 	return;
1126 out:
1127 	/* RRB_GET_AUTH should never fail here as
1128 	 * wpa_ft_rrb_seq_chk() verified FT_RRB_SEQ presence. */
1129 	wpa_printf(MSG_ERROR, "FT: %s() failed", __func__);
1130 }
1131 
1132 
1133 static int wpa_ft_new_seq(struct ft_remote_seq *rkh_seq,
1134 			  struct ft_rrb_seq *f_seq)
1135 {
1136 	struct os_reltime now;
1137 
1138 	if (os_get_reltime(&now) < 0)
1139 		return -1;
1140 
1141 	if (!rkh_seq->tx.dom) {
1142 		if (random_get_bytes((u8 *) &rkh_seq->tx.seq,
1143 				     sizeof(rkh_seq->tx.seq))) {
1144 			wpa_printf(MSG_ERROR,
1145 				   "FT: Failed to get random data for sequence number initialization");
1146 			rkh_seq->tx.seq = now.usec;
1147 		}
1148 		if (random_get_bytes((u8 *) &rkh_seq->tx.dom,
1149 				     sizeof(rkh_seq->tx.dom))) {
1150 			wpa_printf(MSG_ERROR,
1151 				   "FT: Failed to get random data for sequence number initialization");
1152 			rkh_seq->tx.dom = now.usec;
1153 		}
1154 		rkh_seq->tx.dom |= 1;
1155 	}
1156 
1157 	f_seq->dom = host_to_le32(rkh_seq->tx.dom);
1158 	f_seq->seq = host_to_le32(rkh_seq->tx.seq);
1159 	f_seq->ts = host_to_le32(now.sec);
1160 
1161 	rkh_seq->tx.seq++;
1162 
1163 	return 0;
1164 }
1165 
1166 
1167 struct wpa_ft_pmk_r0_sa {
1168 	struct dl_list list;
1169 	u8 pmk_r0[PMK_LEN_MAX];
1170 	size_t pmk_r0_len;
1171 	u8 pmk_r0_name[WPA_PMK_NAME_LEN];
1172 	u8 spa[ETH_ALEN];
1173 	int pairwise; /* Pairwise cipher suite, WPA_CIPHER_* */
1174 	struct vlan_description *vlan;
1175 	os_time_t expiration; /* 0 for no expiration */
1176 	u8 *identity;
1177 	size_t identity_len;
1178 	u8 *radius_cui;
1179 	size_t radius_cui_len;
1180 	os_time_t session_timeout; /* 0 for no expiration */
1181 	/* TODO: radius_class, EAP type */
1182 	int pmk_r1_pushed;
1183 };
1184 
1185 struct wpa_ft_pmk_r1_sa {
1186 	struct dl_list list;
1187 	u8 pmk_r1[PMK_LEN_MAX];
1188 	size_t pmk_r1_len;
1189 	u8 pmk_r1_name[WPA_PMK_NAME_LEN];
1190 	u8 spa[ETH_ALEN];
1191 	int pairwise; /* Pairwise cipher suite, WPA_CIPHER_* */
1192 	struct vlan_description *vlan;
1193 	u8 *identity;
1194 	size_t identity_len;
1195 	u8 *radius_cui;
1196 	size_t radius_cui_len;
1197 	os_time_t session_timeout; /* 0 for no expiration */
1198 	/* TODO: radius_class, EAP type */
1199 };
1200 
1201 struct wpa_ft_pmk_cache {
1202 	struct dl_list pmk_r0; /* struct wpa_ft_pmk_r0_sa */
1203 	struct dl_list pmk_r1; /* struct wpa_ft_pmk_r1_sa */
1204 };
1205 
1206 
1207 static void wpa_ft_expire_pmk_r0(void *eloop_ctx, void *timeout_ctx);
1208 static void wpa_ft_expire_pmk_r1(void *eloop_ctx, void *timeout_ctx);
1209 
1210 
1211 static void wpa_ft_free_pmk_r0(struct wpa_ft_pmk_r0_sa *r0)
1212 {
1213 	if (!r0)
1214 		return;
1215 
1216 	dl_list_del(&r0->list);
1217 	eloop_cancel_timeout(wpa_ft_expire_pmk_r0, r0, NULL);
1218 
1219 	os_memset(r0->pmk_r0, 0, PMK_LEN_MAX);
1220 	os_free(r0->vlan);
1221 	os_free(r0->identity);
1222 	os_free(r0->radius_cui);
1223 	os_free(r0);
1224 }
1225 
1226 
1227 static void wpa_ft_expire_pmk_r0(void *eloop_ctx, void *timeout_ctx)
1228 {
1229 	struct wpa_ft_pmk_r0_sa *r0 = eloop_ctx;
1230 	struct os_reltime now;
1231 	int expires_in;
1232 	int session_timeout;
1233 
1234 	os_get_reltime(&now);
1235 
1236 	if (!r0)
1237 		return;
1238 
1239 	expires_in = r0->expiration - now.sec;
1240 	session_timeout = r0->session_timeout - now.sec;
1241 	/* conditions to remove from cache:
1242 	 * a) r0->expiration is set and hit
1243 	 * -or-
1244 	 * b) r0->session_timeout is set and hit
1245 	 */
1246 	if ((!r0->expiration || expires_in > 0) &&
1247 	    (!r0->session_timeout || session_timeout > 0)) {
1248 		wpa_printf(MSG_ERROR,
1249 			   "FT: %s() called for non-expired entry %p",
1250 			   __func__, r0);
1251 		eloop_cancel_timeout(wpa_ft_expire_pmk_r0, r0, NULL);
1252 		if (r0->expiration && expires_in > 0)
1253 			eloop_register_timeout(expires_in + 1, 0,
1254 					       wpa_ft_expire_pmk_r0, r0, NULL);
1255 		if (r0->session_timeout && session_timeout > 0)
1256 			eloop_register_timeout(session_timeout + 1, 0,
1257 					       wpa_ft_expire_pmk_r0, r0, NULL);
1258 		return;
1259 	}
1260 
1261 	wpa_ft_free_pmk_r0(r0);
1262 }
1263 
1264 
1265 static void wpa_ft_free_pmk_r1(struct wpa_ft_pmk_r1_sa *r1)
1266 {
1267 	if (!r1)
1268 		return;
1269 
1270 	dl_list_del(&r1->list);
1271 	eloop_cancel_timeout(wpa_ft_expire_pmk_r1, r1, NULL);
1272 
1273 	os_memset(r1->pmk_r1, 0, PMK_LEN_MAX);
1274 	os_free(r1->vlan);
1275 	os_free(r1->identity);
1276 	os_free(r1->radius_cui);
1277 	os_free(r1);
1278 }
1279 
1280 
1281 static void wpa_ft_expire_pmk_r1(void *eloop_ctx, void *timeout_ctx)
1282 {
1283 	struct wpa_ft_pmk_r1_sa *r1 = eloop_ctx;
1284 
1285 	wpa_ft_free_pmk_r1(r1);
1286 }
1287 
1288 
1289 struct wpa_ft_pmk_cache * wpa_ft_pmk_cache_init(void)
1290 {
1291 	struct wpa_ft_pmk_cache *cache;
1292 
1293 	cache = os_zalloc(sizeof(*cache));
1294 	if (cache) {
1295 		dl_list_init(&cache->pmk_r0);
1296 		dl_list_init(&cache->pmk_r1);
1297 	}
1298 
1299 	return cache;
1300 }
1301 
1302 
1303 void wpa_ft_pmk_cache_deinit(struct wpa_ft_pmk_cache *cache)
1304 {
1305 	struct wpa_ft_pmk_r0_sa *r0, *r0prev;
1306 	struct wpa_ft_pmk_r1_sa *r1, *r1prev;
1307 
1308 	dl_list_for_each_safe(r0, r0prev, &cache->pmk_r0,
1309 			      struct wpa_ft_pmk_r0_sa, list)
1310 		wpa_ft_free_pmk_r0(r0);
1311 
1312 	dl_list_for_each_safe(r1, r1prev, &cache->pmk_r1,
1313 			      struct wpa_ft_pmk_r1_sa, list)
1314 		wpa_ft_free_pmk_r1(r1);
1315 
1316 	os_free(cache);
1317 }
1318 
1319 
1320 static int wpa_ft_store_pmk_r0(struct wpa_authenticator *wpa_auth,
1321 			       const u8 *spa, const u8 *pmk_r0,
1322 			       size_t pmk_r0_len,
1323 			       const u8 *pmk_r0_name, int pairwise,
1324 			       const struct vlan_description *vlan,
1325 			       int expires_in, int session_timeout,
1326 			       const u8 *identity, size_t identity_len,
1327 			       const u8 *radius_cui, size_t radius_cui_len)
1328 {
1329 	struct wpa_ft_pmk_cache *cache = wpa_auth->ft_pmk_cache;
1330 	struct wpa_ft_pmk_r0_sa *r0;
1331 	struct os_reltime now;
1332 
1333 	/* TODO: add limit on number of entries in cache */
1334 	os_get_reltime(&now);
1335 
1336 	r0 = os_zalloc(sizeof(*r0));
1337 	if (r0 == NULL)
1338 		return -1;
1339 
1340 	os_memcpy(r0->pmk_r0, pmk_r0, pmk_r0_len);
1341 	r0->pmk_r0_len = pmk_r0_len;
1342 	os_memcpy(r0->pmk_r0_name, pmk_r0_name, WPA_PMK_NAME_LEN);
1343 	os_memcpy(r0->spa, spa, ETH_ALEN);
1344 	r0->pairwise = pairwise;
1345 	if (expires_in > 0)
1346 		r0->expiration = now.sec + expires_in;
1347 	if (vlan && vlan->notempty) {
1348 		r0->vlan = os_zalloc(sizeof(*vlan));
1349 		if (!r0->vlan) {
1350 			bin_clear_free(r0, sizeof(*r0));
1351 			return -1;
1352 		}
1353 		*r0->vlan = *vlan;
1354 	}
1355 	if (identity) {
1356 		r0->identity = os_malloc(identity_len);
1357 		if (r0->identity) {
1358 			os_memcpy(r0->identity, identity, identity_len);
1359 			r0->identity_len = identity_len;
1360 		}
1361 	}
1362 	if (radius_cui) {
1363 		r0->radius_cui = os_malloc(radius_cui_len);
1364 		if (r0->radius_cui) {
1365 			os_memcpy(r0->radius_cui, radius_cui, radius_cui_len);
1366 			r0->radius_cui_len = radius_cui_len;
1367 		}
1368 	}
1369 	if (session_timeout > 0)
1370 		r0->session_timeout = now.sec + session_timeout;
1371 
1372 	dl_list_add(&cache->pmk_r0, &r0->list);
1373 	if (expires_in > 0)
1374 		eloop_register_timeout(expires_in + 1, 0, wpa_ft_expire_pmk_r0,
1375 				       r0, NULL);
1376 	if (session_timeout > 0)
1377 		eloop_register_timeout(session_timeout + 1, 0,
1378 				       wpa_ft_expire_pmk_r0, r0, NULL);
1379 
1380 	return 0;
1381 }
1382 
1383 
1384 static int wpa_ft_fetch_pmk_r0(struct wpa_authenticator *wpa_auth,
1385 			       const u8 *spa, const u8 *pmk_r0_name,
1386 			       const struct wpa_ft_pmk_r0_sa **r0_out)
1387 {
1388 	struct wpa_ft_pmk_cache *cache = wpa_auth->ft_pmk_cache;
1389 	struct wpa_ft_pmk_r0_sa *r0;
1390 	struct os_reltime now;
1391 
1392 	os_get_reltime(&now);
1393 	dl_list_for_each(r0, &cache->pmk_r0, struct wpa_ft_pmk_r0_sa, list) {
1394 		if (os_memcmp(r0->spa, spa, ETH_ALEN) == 0 &&
1395 		    os_memcmp_const(r0->pmk_r0_name, pmk_r0_name,
1396 				    WPA_PMK_NAME_LEN) == 0) {
1397 			*r0_out = r0;
1398 			return 0;
1399 		}
1400 	}
1401 
1402 	*r0_out = NULL;
1403 	return -1;
1404 }
1405 
1406 
1407 static int wpa_ft_store_pmk_r1(struct wpa_authenticator *wpa_auth,
1408 			       const u8 *spa, const u8 *pmk_r1,
1409 			       size_t pmk_r1_len,
1410 			       const u8 *pmk_r1_name, int pairwise,
1411 			       const struct vlan_description *vlan,
1412 			       int expires_in, int session_timeout,
1413 			       const u8 *identity, size_t identity_len,
1414 			       const u8 *radius_cui, size_t radius_cui_len)
1415 {
1416 	struct wpa_ft_pmk_cache *cache = wpa_auth->ft_pmk_cache;
1417 	int max_expires_in = wpa_auth->conf.r1_max_key_lifetime;
1418 	struct wpa_ft_pmk_r1_sa *r1;
1419 	struct os_reltime now;
1420 
1421 	/* TODO: limit on number of entries in cache */
1422 	os_get_reltime(&now);
1423 
1424 	if (max_expires_in && (max_expires_in < expires_in || expires_in == 0))
1425 		expires_in = max_expires_in;
1426 
1427 	r1 = os_zalloc(sizeof(*r1));
1428 	if (r1 == NULL)
1429 		return -1;
1430 
1431 	os_memcpy(r1->pmk_r1, pmk_r1, pmk_r1_len);
1432 	r1->pmk_r1_len = pmk_r1_len;
1433 	os_memcpy(r1->pmk_r1_name, pmk_r1_name, WPA_PMK_NAME_LEN);
1434 	os_memcpy(r1->spa, spa, ETH_ALEN);
1435 	r1->pairwise = pairwise;
1436 	if (vlan && vlan->notempty) {
1437 		r1->vlan = os_zalloc(sizeof(*vlan));
1438 		if (!r1->vlan) {
1439 			bin_clear_free(r1, sizeof(*r1));
1440 			return -1;
1441 		}
1442 		*r1->vlan = *vlan;
1443 	}
1444 	if (identity) {
1445 		r1->identity = os_malloc(identity_len);
1446 		if (r1->identity) {
1447 			os_memcpy(r1->identity, identity, identity_len);
1448 			r1->identity_len = identity_len;
1449 		}
1450 	}
1451 	if (radius_cui) {
1452 		r1->radius_cui = os_malloc(radius_cui_len);
1453 		if (r1->radius_cui) {
1454 			os_memcpy(r1->radius_cui, radius_cui, radius_cui_len);
1455 			r1->radius_cui_len = radius_cui_len;
1456 		}
1457 	}
1458 	if (session_timeout > 0)
1459 		r1->session_timeout = now.sec + session_timeout;
1460 
1461 	dl_list_add(&cache->pmk_r1, &r1->list);
1462 
1463 	if (expires_in > 0)
1464 		eloop_register_timeout(expires_in + 1, 0, wpa_ft_expire_pmk_r1,
1465 				       r1, NULL);
1466 	if (session_timeout > 0)
1467 		eloop_register_timeout(session_timeout + 1, 0,
1468 				       wpa_ft_expire_pmk_r1, r1, NULL);
1469 
1470 	return 0;
1471 }
1472 
1473 
1474 static int wpa_ft_fetch_pmk_r1(struct wpa_authenticator *wpa_auth,
1475 			       const u8 *spa, const u8 *pmk_r1_name,
1476 			       u8 *pmk_r1, size_t *pmk_r1_len, int *pairwise,
1477 			       struct vlan_description *vlan,
1478 			       const u8 **identity, size_t *identity_len,
1479 			       const u8 **radius_cui, size_t *radius_cui_len,
1480 			       int *session_timeout)
1481 {
1482 	struct wpa_ft_pmk_cache *cache = wpa_auth->ft_pmk_cache;
1483 	struct wpa_ft_pmk_r1_sa *r1;
1484 	struct os_reltime now;
1485 
1486 	os_get_reltime(&now);
1487 
1488 	dl_list_for_each(r1, &cache->pmk_r1, struct wpa_ft_pmk_r1_sa, list) {
1489 		if (os_memcmp(r1->spa, spa, ETH_ALEN) == 0 &&
1490 		    os_memcmp_const(r1->pmk_r1_name, pmk_r1_name,
1491 				    WPA_PMK_NAME_LEN) == 0) {
1492 			os_memcpy(pmk_r1, r1->pmk_r1, r1->pmk_r1_len);
1493 			*pmk_r1_len = r1->pmk_r1_len;
1494 			if (pairwise)
1495 				*pairwise = r1->pairwise;
1496 			if (vlan && r1->vlan)
1497 				*vlan = *r1->vlan;
1498 			if (vlan && !r1->vlan)
1499 				os_memset(vlan, 0, sizeof(*vlan));
1500 			if (identity && identity_len) {
1501 				*identity = r1->identity;
1502 				*identity_len = r1->identity_len;
1503 			}
1504 			if (radius_cui && radius_cui_len) {
1505 				*radius_cui = r1->radius_cui;
1506 				*radius_cui_len = r1->radius_cui_len;
1507 			}
1508 			if (session_timeout && r1->session_timeout > now.sec)
1509 				*session_timeout = r1->session_timeout -
1510 					now.sec;
1511 			else if (session_timeout && r1->session_timeout)
1512 				*session_timeout = 1;
1513 			else if (session_timeout)
1514 				*session_timeout = 0;
1515 			return 0;
1516 		}
1517 	}
1518 
1519 	return -1;
1520 }
1521 
1522 
1523 static int wpa_ft_rrb_init_r0kh_seq(struct ft_remote_r0kh *r0kh)
1524 {
1525 	if (r0kh->seq)
1526 		return 0;
1527 
1528 	r0kh->seq = os_zalloc(sizeof(*r0kh->seq));
1529 	if (!r0kh->seq) {
1530 		wpa_printf(MSG_DEBUG, "FT: Failed to allocate r0kh->seq");
1531 		return -1;
1532 	}
1533 
1534 	dl_list_init(&r0kh->seq->rx.queue);
1535 
1536 	return 0;
1537 }
1538 
1539 
1540 static void wpa_ft_rrb_lookup_r0kh(struct wpa_authenticator *wpa_auth,
1541 				   const u8 *f_r0kh_id, size_t f_r0kh_id_len,
1542 				   struct ft_remote_r0kh **r0kh_out,
1543 				   struct ft_remote_r0kh **r0kh_wildcard)
1544 {
1545 	struct ft_remote_r0kh *r0kh;
1546 
1547 	*r0kh_wildcard = NULL;
1548 	*r0kh_out = NULL;
1549 
1550 	if (wpa_auth->conf.r0kh_list)
1551 		r0kh = *wpa_auth->conf.r0kh_list;
1552 	else
1553 		r0kh = NULL;
1554 	for (; r0kh; r0kh = r0kh->next) {
1555 		if (r0kh->id_len == 1 && r0kh->id[0] == '*')
1556 			*r0kh_wildcard = r0kh;
1557 		if (f_r0kh_id && r0kh->id_len == f_r0kh_id_len &&
1558 		    os_memcmp_const(f_r0kh_id, r0kh->id, f_r0kh_id_len) == 0)
1559 			*r0kh_out = r0kh;
1560 	}
1561 
1562 	if (!*r0kh_out && !*r0kh_wildcard)
1563 		wpa_printf(MSG_DEBUG, "FT: No matching R0KH found");
1564 
1565 	if (*r0kh_out && wpa_ft_rrb_init_r0kh_seq(*r0kh_out) < 0)
1566 		*r0kh_out = NULL;
1567 }
1568 
1569 
1570 static int wpa_ft_rrb_init_r1kh_seq(struct ft_remote_r1kh *r1kh)
1571 {
1572 	if (r1kh->seq)
1573 		return 0;
1574 
1575 	r1kh->seq = os_zalloc(sizeof(*r1kh->seq));
1576 	if (!r1kh->seq) {
1577 		wpa_printf(MSG_DEBUG, "FT: Failed to allocate r1kh->seq");
1578 		return -1;
1579 	}
1580 
1581 	dl_list_init(&r1kh->seq->rx.queue);
1582 
1583 	return 0;
1584 }
1585 
1586 
1587 static void wpa_ft_rrb_lookup_r1kh(struct wpa_authenticator *wpa_auth,
1588 				   const u8 *f_r1kh_id,
1589 				   struct ft_remote_r1kh **r1kh_out,
1590 				   struct ft_remote_r1kh **r1kh_wildcard)
1591 {
1592 	struct ft_remote_r1kh *r1kh;
1593 
1594 	*r1kh_wildcard = NULL;
1595 	*r1kh_out = NULL;
1596 
1597 	if (wpa_auth->conf.r1kh_list)
1598 		r1kh = *wpa_auth->conf.r1kh_list;
1599 	else
1600 		r1kh = NULL;
1601 	for (; r1kh; r1kh = r1kh->next) {
1602 		if (is_zero_ether_addr(r1kh->addr) &&
1603 		    is_zero_ether_addr(r1kh->id))
1604 			*r1kh_wildcard = r1kh;
1605 		if (f_r1kh_id &&
1606 		    os_memcmp_const(r1kh->id, f_r1kh_id, FT_R1KH_ID_LEN) == 0)
1607 			*r1kh_out = r1kh;
1608 	}
1609 
1610 	if (!*r1kh_out && !*r1kh_wildcard)
1611 		wpa_printf(MSG_DEBUG, "FT: No matching R1KH found");
1612 
1613 	if (*r1kh_out && wpa_ft_rrb_init_r1kh_seq(*r1kh_out) < 0)
1614 		*r1kh_out = NULL;
1615 }
1616 
1617 
1618 static int wpa_ft_rrb_check_r0kh(struct wpa_authenticator *wpa_auth,
1619 				 const u8 *f_r0kh_id, size_t f_r0kh_id_len)
1620 {
1621 	if (f_r0kh_id_len != wpa_auth->conf.r0_key_holder_len ||
1622 	    os_memcmp_const(f_r0kh_id, wpa_auth->conf.r0_key_holder,
1623 			    f_r0kh_id_len) != 0)
1624 		return -1;
1625 
1626 	return 0;
1627 }
1628 
1629 
1630 static int wpa_ft_rrb_check_r1kh(struct wpa_authenticator *wpa_auth,
1631 				 const u8 *f_r1kh_id)
1632 {
1633 	if (os_memcmp_const(f_r1kh_id, wpa_auth->conf.r1_key_holder,
1634 			    FT_R1KH_ID_LEN) != 0)
1635 		return -1;
1636 
1637 	return 0;
1638 }
1639 
1640 
1641 static void wpa_ft_rrb_del_r0kh(void *eloop_ctx, void *timeout_ctx)
1642 {
1643 	struct wpa_authenticator *wpa_auth = eloop_ctx;
1644 	struct ft_remote_r0kh *r0kh, *prev = NULL;
1645 
1646 	if (!wpa_auth->conf.r0kh_list)
1647 		return;
1648 
1649 	for (r0kh = *wpa_auth->conf.r0kh_list; r0kh; r0kh = r0kh->next) {
1650 		if (r0kh == timeout_ctx)
1651 			break;
1652 		prev = r0kh;
1653 	}
1654 	if (!r0kh)
1655 		return;
1656 	if (prev)
1657 		prev->next = r0kh->next;
1658 	else
1659 		*wpa_auth->conf.r0kh_list = r0kh->next;
1660 	if (r0kh->seq)
1661 		wpa_ft_rrb_seq_flush(wpa_auth, r0kh->seq, 0);
1662 	os_free(r0kh->seq);
1663 	os_free(r0kh);
1664 }
1665 
1666 
1667 static void wpa_ft_rrb_r0kh_replenish(struct wpa_authenticator *wpa_auth,
1668 				      struct ft_remote_r0kh *r0kh, int timeout)
1669 {
1670 	if (timeout > 0)
1671 		eloop_replenish_timeout(timeout, 0, wpa_ft_rrb_del_r0kh,
1672 					wpa_auth, r0kh);
1673 }
1674 
1675 
1676 static void wpa_ft_rrb_r0kh_timeout(struct wpa_authenticator *wpa_auth,
1677 				    struct ft_remote_r0kh *r0kh, int timeout)
1678 {
1679 	eloop_cancel_timeout(wpa_ft_rrb_del_r0kh, wpa_auth, r0kh);
1680 
1681 	if (timeout > 0)
1682 		eloop_register_timeout(timeout, 0, wpa_ft_rrb_del_r0kh,
1683 				       wpa_auth, r0kh);
1684 }
1685 
1686 
1687 static struct ft_remote_r0kh *
1688 wpa_ft_rrb_add_r0kh(struct wpa_authenticator *wpa_auth,
1689 		    struct ft_remote_r0kh *r0kh_wildcard,
1690 		    const u8 *src_addr, const u8 *r0kh_id, size_t id_len,
1691 		    int timeout)
1692 {
1693 	struct ft_remote_r0kh *r0kh;
1694 
1695 	if (!wpa_auth->conf.r0kh_list)
1696 		return NULL;
1697 
1698 	r0kh = os_zalloc(sizeof(*r0kh));
1699 	if (!r0kh)
1700 		return NULL;
1701 
1702 	if (src_addr)
1703 		os_memcpy(r0kh->addr, src_addr, sizeof(r0kh->addr));
1704 
1705 	if (id_len > FT_R0KH_ID_MAX_LEN)
1706 		id_len = FT_R0KH_ID_MAX_LEN;
1707 	os_memcpy(r0kh->id, r0kh_id, id_len);
1708 	r0kh->id_len = id_len;
1709 
1710 	os_memcpy(r0kh->key, r0kh_wildcard->key, sizeof(r0kh->key));
1711 
1712 	r0kh->next = *wpa_auth->conf.r0kh_list;
1713 	*wpa_auth->conf.r0kh_list = r0kh;
1714 
1715 	if (timeout > 0)
1716 		eloop_register_timeout(timeout, 0, wpa_ft_rrb_del_r0kh,
1717 				       wpa_auth, r0kh);
1718 
1719 	if (wpa_ft_rrb_init_r0kh_seq(r0kh) < 0)
1720 		return NULL;
1721 
1722 	return r0kh;
1723 }
1724 
1725 
1726 static void wpa_ft_rrb_del_r1kh(void *eloop_ctx, void *timeout_ctx)
1727 {
1728 	struct wpa_authenticator *wpa_auth = eloop_ctx;
1729 	struct ft_remote_r1kh *r1kh, *prev = NULL;
1730 
1731 	if (!wpa_auth->conf.r1kh_list)
1732 		return;
1733 
1734 	for (r1kh = *wpa_auth->conf.r1kh_list; r1kh; r1kh = r1kh->next) {
1735 		if (r1kh == timeout_ctx)
1736 			break;
1737 		prev = r1kh;
1738 	}
1739 	if (!r1kh)
1740 		return;
1741 	if (prev)
1742 		prev->next = r1kh->next;
1743 	else
1744 		*wpa_auth->conf.r1kh_list = r1kh->next;
1745 	if (r1kh->seq)
1746 		wpa_ft_rrb_seq_flush(wpa_auth, r1kh->seq, 0);
1747 	os_free(r1kh->seq);
1748 	os_free(r1kh);
1749 }
1750 
1751 
1752 static void wpa_ft_rrb_r1kh_replenish(struct wpa_authenticator *wpa_auth,
1753 				      struct ft_remote_r1kh *r1kh, int timeout)
1754 {
1755 	if (timeout > 0)
1756 		eloop_replenish_timeout(timeout, 0, wpa_ft_rrb_del_r1kh,
1757 					wpa_auth, r1kh);
1758 }
1759 
1760 
1761 static struct ft_remote_r1kh *
1762 wpa_ft_rrb_add_r1kh(struct wpa_authenticator *wpa_auth,
1763 		    struct ft_remote_r1kh *r1kh_wildcard,
1764 		    const u8 *src_addr, const u8 *r1kh_id, int timeout)
1765 {
1766 	struct ft_remote_r1kh *r1kh;
1767 
1768 	if (!wpa_auth->conf.r1kh_list)
1769 		return NULL;
1770 
1771 	r1kh = os_zalloc(sizeof(*r1kh));
1772 	if (!r1kh)
1773 		return NULL;
1774 
1775 	os_memcpy(r1kh->addr, src_addr, sizeof(r1kh->addr));
1776 	os_memcpy(r1kh->id, r1kh_id, sizeof(r1kh->id));
1777 	os_memcpy(r1kh->key, r1kh_wildcard->key, sizeof(r1kh->key));
1778 	r1kh->next = *wpa_auth->conf.r1kh_list;
1779 	*wpa_auth->conf.r1kh_list = r1kh;
1780 
1781 	if (timeout > 0)
1782 		eloop_register_timeout(timeout, 0, wpa_ft_rrb_del_r1kh,
1783 				       wpa_auth, r1kh);
1784 
1785 	if (wpa_ft_rrb_init_r1kh_seq(r1kh) < 0)
1786 		return NULL;
1787 
1788 	return r1kh;
1789 }
1790 
1791 
1792 void wpa_ft_sta_deinit(struct wpa_state_machine *sm)
1793 {
1794 	eloop_cancel_timeout(wpa_ft_expire_pull, sm, NULL);
1795 }
1796 
1797 
1798 static void wpa_ft_deinit_seq(struct wpa_authenticator *wpa_auth)
1799 {
1800 	struct ft_remote_r0kh *r0kh;
1801 	struct ft_remote_r1kh *r1kh;
1802 
1803 	eloop_cancel_timeout(wpa_ft_rrb_seq_timeout, wpa_auth, ELOOP_ALL_CTX);
1804 
1805 	if (wpa_auth->conf.r0kh_list)
1806 		r0kh = *wpa_auth->conf.r0kh_list;
1807 	else
1808 		r0kh = NULL;
1809 	for (; r0kh; r0kh = r0kh->next) {
1810 		if (!r0kh->seq)
1811 			continue;
1812 		wpa_ft_rrb_seq_flush(wpa_auth, r0kh->seq, 0);
1813 		os_free(r0kh->seq);
1814 		r0kh->seq = NULL;
1815 	}
1816 
1817 	if (wpa_auth->conf.r1kh_list)
1818 		r1kh = *wpa_auth->conf.r1kh_list;
1819 	else
1820 		r1kh = NULL;
1821 	for (; r1kh; r1kh = r1kh->next) {
1822 		if (!r1kh->seq)
1823 			continue;
1824 		wpa_ft_rrb_seq_flush(wpa_auth, r1kh->seq, 0);
1825 		os_free(r1kh->seq);
1826 		r1kh->seq = NULL;
1827 	}
1828 }
1829 
1830 
1831 static void wpa_ft_deinit_rkh_tmp(struct wpa_authenticator *wpa_auth)
1832 {
1833 	struct ft_remote_r0kh *r0kh, *r0kh_next, *r0kh_prev = NULL;
1834 	struct ft_remote_r1kh *r1kh, *r1kh_next, *r1kh_prev = NULL;
1835 
1836 	if (wpa_auth->conf.r0kh_list)
1837 		r0kh = *wpa_auth->conf.r0kh_list;
1838 	else
1839 		r0kh = NULL;
1840 	while (r0kh) {
1841 		r0kh_next = r0kh->next;
1842 		if (eloop_cancel_timeout(wpa_ft_rrb_del_r0kh, wpa_auth,
1843 					 r0kh) > 0) {
1844 			if (r0kh_prev)
1845 				r0kh_prev->next = r0kh_next;
1846 			else
1847 				*wpa_auth->conf.r0kh_list = r0kh_next;
1848 			os_free(r0kh);
1849 		} else {
1850 			r0kh_prev = r0kh;
1851 		}
1852 		r0kh = r0kh_next;
1853 	}
1854 
1855 	if (wpa_auth->conf.r1kh_list)
1856 		r1kh = *wpa_auth->conf.r1kh_list;
1857 	else
1858 		r1kh = NULL;
1859 	while (r1kh) {
1860 		r1kh_next = r1kh->next;
1861 		if (eloop_cancel_timeout(wpa_ft_rrb_del_r1kh, wpa_auth,
1862 					 r1kh) > 0) {
1863 			if (r1kh_prev)
1864 				r1kh_prev->next = r1kh_next;
1865 			else
1866 				*wpa_auth->conf.r1kh_list = r1kh_next;
1867 			os_free(r1kh);
1868 		} else {
1869 			r1kh_prev = r1kh;
1870 		}
1871 		r1kh = r1kh_next;
1872 	}
1873 }
1874 
1875 
1876 void wpa_ft_deinit(struct wpa_authenticator *wpa_auth)
1877 {
1878 	wpa_ft_deinit_seq(wpa_auth);
1879 	wpa_ft_deinit_rkh_tmp(wpa_auth);
1880 }
1881 
1882 
1883 static void wpa_ft_block_r0kh(struct wpa_authenticator *wpa_auth,
1884 			      const u8 *f_r0kh_id, size_t f_r0kh_id_len)
1885 {
1886 	struct ft_remote_r0kh *r0kh, *r0kh_wildcard;
1887 
1888 	if (!wpa_auth->conf.rkh_neg_timeout)
1889 		return;
1890 
1891 	wpa_ft_rrb_lookup_r0kh(wpa_auth, f_r0kh_id, f_r0kh_id_len,
1892 			       &r0kh, &r0kh_wildcard);
1893 
1894 	if (!r0kh_wildcard) {
1895 		/* r0kh removed after neg_timeout and might need re-adding */
1896 		return;
1897 	}
1898 
1899 	wpa_hexdump(MSG_DEBUG, "FT: Blacklist R0KH-ID",
1900 		    f_r0kh_id, f_r0kh_id_len);
1901 
1902 	if (r0kh) {
1903 		wpa_ft_rrb_r0kh_timeout(wpa_auth, r0kh,
1904 					wpa_auth->conf.rkh_neg_timeout);
1905 		os_memset(r0kh->addr, 0, ETH_ALEN);
1906 	} else
1907 		wpa_ft_rrb_add_r0kh(wpa_auth, r0kh_wildcard, NULL, f_r0kh_id,
1908 				    f_r0kh_id_len,
1909 				    wpa_auth->conf.rkh_neg_timeout);
1910 }
1911 
1912 
1913 static void wpa_ft_expire_pull(void *eloop_ctx, void *timeout_ctx)
1914 {
1915 	struct wpa_state_machine *sm = eloop_ctx;
1916 
1917 	wpa_printf(MSG_DEBUG, "FT: Timeout pending pull request for " MACSTR,
1918 		   MAC2STR(sm->addr));
1919 	if (sm->ft_pending_pull_left_retries <= 0)
1920 		wpa_ft_block_r0kh(sm->wpa_auth, sm->r0kh_id, sm->r0kh_id_len);
1921 
1922 	/* cancel multiple timeouts */
1923 	eloop_cancel_timeout(wpa_ft_expire_pull, sm, NULL);
1924 	ft_finish_pull(sm);
1925 }
1926 
1927 
1928 static int wpa_ft_pull_pmk_r1(struct wpa_state_machine *sm,
1929 			      const u8 *ies, size_t ies_len,
1930 			      const u8 *pmk_r0_name)
1931 {
1932 	struct ft_remote_r0kh *r0kh, *r0kh_wildcard;
1933 	u8 *packet = NULL;
1934 	const u8 *key, *f_r1kh_id = sm->wpa_auth->conf.r1_key_holder;
1935 	size_t packet_len, key_len;
1936 	struct ft_rrb_seq f_seq;
1937 	int tsecs, tusecs, first;
1938 	struct wpabuf *ft_pending_req_ies;
1939 	int r0kh_timeout;
1940 	struct tlv_list req_enc[] = {
1941 		{ .type = FT_RRB_PMK_R0_NAME, .len = WPA_PMK_NAME_LEN,
1942 		  .data = pmk_r0_name },
1943 		{ .type = FT_RRB_S1KH_ID, .len = ETH_ALEN,
1944 		  .data = sm->addr },
1945 		{ .type = FT_RRB_LAST_EMPTY, .len = 0, .data = NULL },
1946 	};
1947 	struct tlv_list req_auth[] = {
1948 		{ .type = FT_RRB_NONCE, .len = FT_RRB_NONCE_LEN,
1949 		  .data = sm->ft_pending_pull_nonce },
1950 		{ .type = FT_RRB_SEQ, .len = sizeof(f_seq),
1951 		  .data = (u8 *) &f_seq },
1952 		{ .type = FT_RRB_R0KH_ID, .len = sm->r0kh_id_len,
1953 		  .data = sm->r0kh_id },
1954 		{ .type = FT_RRB_R1KH_ID, .len = FT_R1KH_ID_LEN,
1955 		  .data = f_r1kh_id },
1956 		{ .type = FT_RRB_LAST_EMPTY, .len = 0, .data = NULL },
1957 	};
1958 
1959 	if (sm->ft_pending_pull_left_retries <= 0)
1960 		return -1;
1961 	first = sm->ft_pending_pull_left_retries ==
1962 		sm->wpa_auth->conf.rkh_pull_retries;
1963 	sm->ft_pending_pull_left_retries--;
1964 
1965 	wpa_ft_rrb_lookup_r0kh(sm->wpa_auth, sm->r0kh_id, sm->r0kh_id_len,
1966 			       &r0kh, &r0kh_wildcard);
1967 
1968 	/* Keep r0kh sufficiently long in the list for seq num check */
1969 	r0kh_timeout = sm->wpa_auth->conf.rkh_pull_timeout / 1000 +
1970 		1 + ftRRBseqTimeout;
1971 	if (r0kh) {
1972 		wpa_ft_rrb_r0kh_replenish(sm->wpa_auth, r0kh, r0kh_timeout);
1973 	} else if (r0kh_wildcard) {
1974 		wpa_printf(MSG_DEBUG, "FT: Using wildcard R0KH-ID");
1975 		/* r0kh->addr: updated by SEQ_RESP and wpa_ft_expire_pull */
1976 		r0kh = wpa_ft_rrb_add_r0kh(sm->wpa_auth, r0kh_wildcard,
1977 					   r0kh_wildcard->addr,
1978 					   sm->r0kh_id, sm->r0kh_id_len,
1979 					   r0kh_timeout);
1980 	}
1981 	if (r0kh == NULL) {
1982 		wpa_hexdump(MSG_DEBUG, "FT: Did not find R0KH-ID",
1983 			    sm->r0kh_id, sm->r0kh_id_len);
1984 		return -1;
1985 	}
1986 	if (is_zero_ether_addr(r0kh->addr)) {
1987 		wpa_hexdump(MSG_DEBUG, "FT: R0KH-ID is blacklisted",
1988 			    sm->r0kh_id, sm->r0kh_id_len);
1989 		return -1;
1990 	}
1991 	if (os_memcmp(r0kh->addr, sm->wpa_auth->addr, ETH_ALEN) == 0) {
1992 		wpa_printf(MSG_DEBUG,
1993 			   "FT: R0KH-ID points to self - no matching key available");
1994 		return -1;
1995 	}
1996 
1997 	key = r0kh->key;
1998 	key_len = sizeof(r0kh->key);
1999 
2000 	wpa_printf(MSG_DEBUG, "FT: Send PMK-R1 pull request to remote R0KH "
2001 		   "address " MACSTR, MAC2STR(r0kh->addr));
2002 
2003 	if (r0kh->seq->rx.num_last == 0) {
2004 		/* A sequence request will be sent out anyway when pull
2005 		 * response is received. Send it out now to avoid one RTT. */
2006 		wpa_ft_rrb_seq_req(sm->wpa_auth, r0kh->seq, r0kh->addr,
2007 				   r0kh->id, r0kh->id_len, f_r1kh_id, key,
2008 				   key_len, NULL, 0, NULL, 0, NULL);
2009 	}
2010 
2011 	if (first &&
2012 	    random_get_bytes(sm->ft_pending_pull_nonce, FT_RRB_NONCE_LEN) < 0) {
2013 		wpa_printf(MSG_DEBUG, "FT: Failed to get random data for "
2014 			   "nonce");
2015 		return -1;
2016 	}
2017 
2018 	if (wpa_ft_new_seq(r0kh->seq, &f_seq) < 0) {
2019 		wpa_printf(MSG_DEBUG, "FT: Failed to get seq num");
2020 		return -1;
2021 	}
2022 
2023 	if (wpa_ft_rrb_build(key, key_len, req_enc, NULL, req_auth, NULL,
2024 			     sm->wpa_auth->addr, FT_PACKET_R0KH_R1KH_PULL,
2025 			     &packet, &packet_len) < 0)
2026 		return -1;
2027 
2028 	ft_pending_req_ies = wpabuf_alloc_copy(ies, ies_len);
2029 	wpabuf_free(sm->ft_pending_req_ies);
2030 	sm->ft_pending_req_ies = ft_pending_req_ies;
2031 	if (!sm->ft_pending_req_ies) {
2032 		os_free(packet);
2033 		return -1;
2034 	}
2035 
2036 	tsecs = sm->wpa_auth->conf.rkh_pull_timeout / 1000;
2037 	tusecs = (sm->wpa_auth->conf.rkh_pull_timeout % 1000) * 1000;
2038 	eloop_register_timeout(tsecs, tusecs, wpa_ft_expire_pull, sm, NULL);
2039 
2040 	wpa_ft_rrb_oui_send(sm->wpa_auth, r0kh->addr, FT_PACKET_R0KH_R1KH_PULL,
2041 			    packet, packet_len);
2042 
2043 	os_free(packet);
2044 
2045 	return 0;
2046 }
2047 
2048 
2049 int wpa_ft_store_pmk_fils(struct wpa_state_machine *sm,
2050 			  const u8 *pmk_r0, const u8 *pmk_r0_name)
2051 {
2052 	int expires_in = sm->wpa_auth->conf.r0_key_lifetime;
2053 	struct vlan_description vlan;
2054 	const u8 *identity, *radius_cui;
2055 	size_t identity_len, radius_cui_len;
2056 	int session_timeout;
2057 	size_t pmk_r0_len = wpa_key_mgmt_sha384(sm->wpa_key_mgmt) ?
2058 		SHA384_MAC_LEN : PMK_LEN;
2059 
2060 	if (wpa_ft_get_vlan(sm->wpa_auth, sm->addr, &vlan) < 0) {
2061 		wpa_printf(MSG_DEBUG, "FT: vlan not available for STA " MACSTR,
2062 			   MAC2STR(sm->addr));
2063 		return -1;
2064 	}
2065 
2066 	identity_len = wpa_ft_get_identity(sm->wpa_auth, sm->addr, &identity);
2067 	radius_cui_len = wpa_ft_get_radius_cui(sm->wpa_auth, sm->addr,
2068 					       &radius_cui);
2069 	session_timeout = wpa_ft_get_session_timeout(sm->wpa_auth, sm->addr);
2070 
2071 	return wpa_ft_store_pmk_r0(sm->wpa_auth, sm->addr, pmk_r0, pmk_r0_len,
2072 				   pmk_r0_name, sm->pairwise, &vlan, expires_in,
2073 				   session_timeout, identity, identity_len,
2074 				   radius_cui, radius_cui_len);
2075 }
2076 
2077 
2078 int wpa_auth_derive_ptk_ft(struct wpa_state_machine *sm, struct wpa_ptk *ptk)
2079 {
2080 	u8 pmk_r0[PMK_LEN_MAX], pmk_r0_name[WPA_PMK_NAME_LEN];
2081 	size_t pmk_r0_len = wpa_key_mgmt_sha384(sm->wpa_key_mgmt) ?
2082 		SHA384_MAC_LEN : PMK_LEN;
2083 	size_t pmk_r1_len = pmk_r0_len;
2084 	u8 pmk_r1[PMK_LEN_MAX];
2085 	u8 ptk_name[WPA_PMK_NAME_LEN];
2086 	const u8 *mdid = sm->wpa_auth->conf.mobility_domain;
2087 	const u8 *r0kh = sm->wpa_auth->conf.r0_key_holder;
2088 	size_t r0kh_len = sm->wpa_auth->conf.r0_key_holder_len;
2089 	const u8 *r1kh = sm->wpa_auth->conf.r1_key_holder;
2090 	const u8 *ssid = sm->wpa_auth->conf.ssid;
2091 	size_t ssid_len = sm->wpa_auth->conf.ssid_len;
2092 	int psk_local = sm->wpa_auth->conf.ft_psk_generate_local;
2093 	int expires_in = sm->wpa_auth->conf.r0_key_lifetime;
2094 	struct vlan_description vlan;
2095 	const u8 *identity, *radius_cui;
2096 	size_t identity_len, radius_cui_len;
2097 	int session_timeout;
2098 	const u8 *mpmk;
2099 	size_t mpmk_len;
2100 
2101 	if (sm->xxkey_len > 0) {
2102 		mpmk = sm->xxkey;
2103 		mpmk_len = sm->xxkey_len;
2104 	} else if (sm->pmksa) {
2105 		mpmk = sm->pmksa->pmk;
2106 		mpmk_len = sm->pmksa->pmk_len;
2107 	} else {
2108 		wpa_printf(MSG_DEBUG, "FT: XXKey not available for key "
2109 			   "derivation");
2110 		return -1;
2111 	}
2112 
2113 	if (wpa_ft_get_vlan(sm->wpa_auth, sm->addr, &vlan) < 0) {
2114 		wpa_printf(MSG_DEBUG, "FT: vlan not available for STA " MACSTR,
2115 			   MAC2STR(sm->addr));
2116 		return -1;
2117 	}
2118 
2119 	identity_len = wpa_ft_get_identity(sm->wpa_auth, sm->addr, &identity);
2120 	radius_cui_len = wpa_ft_get_radius_cui(sm->wpa_auth, sm->addr,
2121 					       &radius_cui);
2122 	session_timeout = wpa_ft_get_session_timeout(sm->wpa_auth, sm->addr);
2123 
2124 	if (wpa_derive_pmk_r0(mpmk, mpmk_len, ssid, ssid_len, mdid,
2125 			      r0kh, r0kh_len, sm->addr,
2126 			      pmk_r0, pmk_r0_name,
2127 			      wpa_key_mgmt_sha384(sm->wpa_key_mgmt)) < 0)
2128 		return -1;
2129 	wpa_hexdump_key(MSG_DEBUG, "FT: PMK-R0", pmk_r0, pmk_r0_len);
2130 	wpa_hexdump(MSG_DEBUG, "FT: PMKR0Name", pmk_r0_name, WPA_PMK_NAME_LEN);
2131 	if (!psk_local || !wpa_key_mgmt_ft_psk(sm->wpa_key_mgmt))
2132 		wpa_ft_store_pmk_r0(sm->wpa_auth, sm->addr, pmk_r0, pmk_r0_len,
2133 				    pmk_r0_name,
2134 				    sm->pairwise, &vlan, expires_in,
2135 				    session_timeout, identity, identity_len,
2136 				    radius_cui, radius_cui_len);
2137 
2138 	if (wpa_derive_pmk_r1(pmk_r0, pmk_r0_len, pmk_r0_name, r1kh, sm->addr,
2139 			      pmk_r1, sm->pmk_r1_name) < 0)
2140 		return -1;
2141 	wpa_hexdump_key(MSG_DEBUG, "FT: PMK-R1", pmk_r1, pmk_r1_len);
2142 	wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name", sm->pmk_r1_name,
2143 		    WPA_PMK_NAME_LEN);
2144 	if (!psk_local || !wpa_key_mgmt_ft_psk(sm->wpa_key_mgmt))
2145 		wpa_ft_store_pmk_r1(sm->wpa_auth, sm->addr, pmk_r1, pmk_r1_len,
2146 				    sm->pmk_r1_name, sm->pairwise, &vlan,
2147 				    expires_in, session_timeout, identity,
2148 				    identity_len, radius_cui, radius_cui_len);
2149 
2150 	return wpa_pmk_r1_to_ptk(pmk_r1, pmk_r1_len, sm->SNonce, sm->ANonce,
2151 				 sm->addr, sm->wpa_auth->addr, sm->pmk_r1_name,
2152 				 ptk, ptk_name, sm->wpa_key_mgmt, sm->pairwise);
2153 }
2154 
2155 
2156 static inline int wpa_auth_get_seqnum(struct wpa_authenticator *wpa_auth,
2157 				      const u8 *addr, int idx, u8 *seq)
2158 {
2159 	if (wpa_auth->cb->get_seqnum == NULL)
2160 		return -1;
2161 	return wpa_auth->cb->get_seqnum(wpa_auth->cb_ctx, addr, idx, seq);
2162 }
2163 
2164 
2165 static u8 * wpa_ft_gtk_subelem(struct wpa_state_machine *sm, size_t *len)
2166 {
2167 	u8 *subelem;
2168 	struct wpa_group *gsm = sm->group;
2169 	size_t subelem_len, pad_len;
2170 	const u8 *key;
2171 	size_t key_len;
2172 	u8 keybuf[32];
2173 	const u8 *kek;
2174 	size_t kek_len;
2175 
2176 	if (wpa_key_mgmt_fils(sm->wpa_key_mgmt)) {
2177 		kek = sm->PTK.kek2;
2178 		kek_len = sm->PTK.kek2_len;
2179 	} else {
2180 		kek = sm->PTK.kek;
2181 		kek_len = sm->PTK.kek_len;
2182 	}
2183 
2184 	key_len = gsm->GTK_len;
2185 	if (key_len > sizeof(keybuf))
2186 		return NULL;
2187 
2188 	/*
2189 	 * Pad key for AES Key Wrap if it is not multiple of 8 bytes or is less
2190 	 * than 16 bytes.
2191 	 */
2192 	pad_len = key_len % 8;
2193 	if (pad_len)
2194 		pad_len = 8 - pad_len;
2195 	if (key_len + pad_len < 16)
2196 		pad_len += 8;
2197 	if (pad_len && key_len < sizeof(keybuf)) {
2198 		os_memcpy(keybuf, gsm->GTK[gsm->GN - 1], key_len);
2199 		os_memset(keybuf + key_len, 0, pad_len);
2200 		keybuf[key_len] = 0xdd;
2201 		key_len += pad_len;
2202 		key = keybuf;
2203 	} else
2204 		key = gsm->GTK[gsm->GN - 1];
2205 
2206 	/*
2207 	 * Sub-elem ID[1] | Length[1] | Key Info[2] | Key Length[1] | RSC[8] |
2208 	 * Key[5..32].
2209 	 */
2210 	subelem_len = 13 + key_len + 8;
2211 	subelem = os_zalloc(subelem_len);
2212 	if (subelem == NULL)
2213 		return NULL;
2214 
2215 	subelem[0] = FTIE_SUBELEM_GTK;
2216 	subelem[1] = 11 + key_len + 8;
2217 	/* Key ID in B0-B1 of Key Info */
2218 	WPA_PUT_LE16(&subelem[2], gsm->GN & 0x03);
2219 	subelem[4] = gsm->GTK_len;
2220 	wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN, subelem + 5);
2221 	if (aes_wrap(kek, kek_len, key_len / 8, key, subelem + 13)) {
2222 		wpa_printf(MSG_DEBUG,
2223 			   "FT: GTK subelem encryption failed: kek_len=%d",
2224 			   (int) kek_len);
2225 		os_free(subelem);
2226 		return NULL;
2227 	}
2228 
2229 	forced_memzero(keybuf, sizeof(keybuf));
2230 	*len = subelem_len;
2231 	return subelem;
2232 }
2233 
2234 
2235 #ifdef CONFIG_IEEE80211W
2236 static u8 * wpa_ft_igtk_subelem(struct wpa_state_machine *sm, size_t *len)
2237 {
2238 	u8 *subelem, *pos;
2239 	struct wpa_group *gsm = sm->group;
2240 	size_t subelem_len;
2241 	const u8 *kek;
2242 	size_t kek_len;
2243 	size_t igtk_len;
2244 
2245 	if (wpa_key_mgmt_fils(sm->wpa_key_mgmt)) {
2246 		kek = sm->PTK.kek2;
2247 		kek_len = sm->PTK.kek2_len;
2248 	} else {
2249 		kek = sm->PTK.kek;
2250 		kek_len = sm->PTK.kek_len;
2251 	}
2252 
2253 	igtk_len = wpa_cipher_key_len(sm->wpa_auth->conf.group_mgmt_cipher);
2254 
2255 	/* Sub-elem ID[1] | Length[1] | KeyID[2] | IPN[6] | Key Length[1] |
2256 	 * Key[16+8] */
2257 	subelem_len = 1 + 1 + 2 + 6 + 1 + igtk_len + 8;
2258 	subelem = os_zalloc(subelem_len);
2259 	if (subelem == NULL)
2260 		return NULL;
2261 
2262 	pos = subelem;
2263 	*pos++ = FTIE_SUBELEM_IGTK;
2264 	*pos++ = subelem_len - 2;
2265 	WPA_PUT_LE16(pos, gsm->GN_igtk);
2266 	pos += 2;
2267 	wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN_igtk, pos);
2268 	pos += 6;
2269 	*pos++ = igtk_len;
2270 	if (aes_wrap(kek, kek_len, igtk_len / 8,
2271 		     gsm->IGTK[gsm->GN_igtk - 4], pos)) {
2272 		wpa_printf(MSG_DEBUG,
2273 			   "FT: IGTK subelem encryption failed: kek_len=%d",
2274 			   (int) kek_len);
2275 		os_free(subelem);
2276 		return NULL;
2277 	}
2278 
2279 	*len = subelem_len;
2280 	return subelem;
2281 }
2282 #endif /* CONFIG_IEEE80211W */
2283 
2284 
2285 static u8 * wpa_ft_process_rdie(struct wpa_state_machine *sm,
2286 				u8 *pos, u8 *end, u8 id, u8 descr_count,
2287 				const u8 *ies, size_t ies_len)
2288 {
2289 	struct ieee802_11_elems parse;
2290 	struct rsn_rdie *rdie;
2291 
2292 	wpa_printf(MSG_DEBUG, "FT: Resource Request: id=%d descr_count=%d",
2293 		   id, descr_count);
2294 	wpa_hexdump(MSG_MSGDUMP, "FT: Resource descriptor IE(s)",
2295 		    ies, ies_len);
2296 
2297 	if (end - pos < (int) sizeof(*rdie)) {
2298 		wpa_printf(MSG_ERROR, "FT: Not enough room for response RDIE");
2299 		return pos;
2300 	}
2301 
2302 	*pos++ = WLAN_EID_RIC_DATA;
2303 	*pos++ = sizeof(*rdie);
2304 	rdie = (struct rsn_rdie *) pos;
2305 	rdie->id = id;
2306 	rdie->descr_count = 0;
2307 	rdie->status_code = host_to_le16(WLAN_STATUS_SUCCESS);
2308 	pos += sizeof(*rdie);
2309 
2310 	if (ieee802_11_parse_elems((u8 *) ies, ies_len, &parse, 1) ==
2311 	    ParseFailed) {
2312 		wpa_printf(MSG_DEBUG, "FT: Failed to parse request IEs");
2313 		rdie->status_code =
2314 			host_to_le16(WLAN_STATUS_UNSPECIFIED_FAILURE);
2315 		return pos;
2316 	}
2317 
2318 	if (parse.wmm_tspec) {
2319 		struct wmm_tspec_element *tspec;
2320 
2321 		if (parse.wmm_tspec_len + 2 < (int) sizeof(*tspec)) {
2322 			wpa_printf(MSG_DEBUG, "FT: Too short WMM TSPEC IE "
2323 				   "(%d)", (int) parse.wmm_tspec_len);
2324 			rdie->status_code =
2325 				host_to_le16(WLAN_STATUS_UNSPECIFIED_FAILURE);
2326 			return pos;
2327 		}
2328 		if (end - pos < (int) sizeof(*tspec)) {
2329 			wpa_printf(MSG_ERROR, "FT: Not enough room for "
2330 				   "response TSPEC");
2331 			rdie->status_code =
2332 				host_to_le16(WLAN_STATUS_UNSPECIFIED_FAILURE);
2333 			return pos;
2334 		}
2335 		tspec = (struct wmm_tspec_element *) pos;
2336 		os_memcpy(tspec, parse.wmm_tspec - 2, sizeof(*tspec));
2337 	}
2338 
2339 #ifdef NEED_AP_MLME
2340 	if (parse.wmm_tspec && sm->wpa_auth->conf.ap_mlme) {
2341 		int res;
2342 
2343 		res = wmm_process_tspec((struct wmm_tspec_element *) pos);
2344 		wpa_printf(MSG_DEBUG, "FT: ADDTS processing result: %d", res);
2345 		if (res == WMM_ADDTS_STATUS_INVALID_PARAMETERS)
2346 			rdie->status_code =
2347 				host_to_le16(WLAN_STATUS_INVALID_PARAMETERS);
2348 		else if (res == WMM_ADDTS_STATUS_REFUSED)
2349 			rdie->status_code =
2350 				host_to_le16(WLAN_STATUS_REQUEST_DECLINED);
2351 		else {
2352 			/* TSPEC accepted; include updated TSPEC in response */
2353 			rdie->descr_count = 1;
2354 			pos += sizeof(struct wmm_tspec_element);
2355 		}
2356 		return pos;
2357 	}
2358 #endif /* NEED_AP_MLME */
2359 
2360 	if (parse.wmm_tspec && !sm->wpa_auth->conf.ap_mlme) {
2361 		int res;
2362 
2363 		res = wpa_ft_add_tspec(sm->wpa_auth, sm->addr, pos,
2364 				       sizeof(struct wmm_tspec_element));
2365 		if (res >= 0) {
2366 			if (res)
2367 				rdie->status_code = host_to_le16(res);
2368 			else {
2369 				/* TSPEC accepted; include updated TSPEC in
2370 				 * response */
2371 				rdie->descr_count = 1;
2372 				pos += sizeof(struct wmm_tspec_element);
2373 			}
2374 			return pos;
2375 		}
2376 	}
2377 
2378 	wpa_printf(MSG_DEBUG, "FT: No supported resource requested");
2379 	rdie->status_code = host_to_le16(WLAN_STATUS_UNSPECIFIED_FAILURE);
2380 	return pos;
2381 }
2382 
2383 
2384 static u8 * wpa_ft_process_ric(struct wpa_state_machine *sm, u8 *pos, u8 *end,
2385 			       const u8 *ric, size_t ric_len)
2386 {
2387 	const u8 *rpos, *start;
2388 	const struct rsn_rdie *rdie;
2389 
2390 	wpa_hexdump(MSG_MSGDUMP, "FT: RIC Request", ric, ric_len);
2391 
2392 	rpos = ric;
2393 	while (rpos + sizeof(*rdie) < ric + ric_len) {
2394 		if (rpos[0] != WLAN_EID_RIC_DATA || rpos[1] < sizeof(*rdie) ||
2395 		    rpos + 2 + rpos[1] > ric + ric_len)
2396 			break;
2397 		rdie = (const struct rsn_rdie *) (rpos + 2);
2398 		rpos += 2 + rpos[1];
2399 		start = rpos;
2400 
2401 		while (rpos + 2 <= ric + ric_len &&
2402 		       rpos + 2 + rpos[1] <= ric + ric_len) {
2403 			if (rpos[0] == WLAN_EID_RIC_DATA)
2404 				break;
2405 			rpos += 2 + rpos[1];
2406 		}
2407 		pos = wpa_ft_process_rdie(sm, pos, end, rdie->id,
2408 					  rdie->descr_count,
2409 					  start, rpos - start);
2410 	}
2411 
2412 	return pos;
2413 }
2414 
2415 
2416 u8 * wpa_sm_write_assoc_resp_ies(struct wpa_state_machine *sm, u8 *pos,
2417 				 size_t max_len, int auth_alg,
2418 				 const u8 *req_ies, size_t req_ies_len)
2419 {
2420 	u8 *end, *mdie, *ftie, *rsnie = NULL, *r0kh_id, *subelem = NULL;
2421 	u8 *fte_mic, *elem_count;
2422 	size_t mdie_len, ftie_len, rsnie_len = 0, r0kh_id_len, subelem_len = 0;
2423 	int res;
2424 	struct wpa_auth_config *conf;
2425 	struct wpa_ft_ies parse;
2426 	u8 *ric_start;
2427 	u8 *anonce, *snonce;
2428 	const u8 *kck;
2429 	size_t kck_len;
2430 	int use_sha384;
2431 
2432 	if (sm == NULL)
2433 		return pos;
2434 
2435 	use_sha384 = wpa_key_mgmt_sha384(sm->wpa_key_mgmt);
2436 	conf = &sm->wpa_auth->conf;
2437 
2438 	if (!wpa_key_mgmt_ft(sm->wpa_key_mgmt))
2439 		return pos;
2440 
2441 	end = pos + max_len;
2442 
2443 	if (auth_alg == WLAN_AUTH_FT ||
2444 	    ((auth_alg == WLAN_AUTH_FILS_SK ||
2445 	      auth_alg == WLAN_AUTH_FILS_SK_PFS ||
2446 	      auth_alg == WLAN_AUTH_FILS_PK) &&
2447 	     (sm->wpa_key_mgmt & (WPA_KEY_MGMT_FT_FILS_SHA256 |
2448 				  WPA_KEY_MGMT_FT_FILS_SHA384)))) {
2449 		if (!sm->pmk_r1_name_valid) {
2450 			wpa_printf(MSG_ERROR,
2451 				   "FT: PMKR1Name is not valid for Assoc Resp RSNE");
2452 			return NULL;
2453 		}
2454 		wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name for Assoc Resp RSNE",
2455 			    sm->pmk_r1_name, WPA_PMK_NAME_LEN);
2456 		/*
2457 		 * RSN (only present if this is a Reassociation Response and
2458 		 * part of a fast BSS transition; or if this is a
2459 		 * (Re)Association Response frame during an FT initial mobility
2460 		 * domain association using FILS)
2461 		 */
2462 		res = wpa_write_rsn_ie(conf, pos, end - pos, sm->pmk_r1_name);
2463 		if (res < 0)
2464 			return NULL;
2465 		rsnie = pos;
2466 		rsnie_len = res;
2467 		pos += res;
2468 	}
2469 
2470 	/* Mobility Domain Information */
2471 	res = wpa_write_mdie(conf, pos, end - pos);
2472 	if (res < 0)
2473 		return NULL;
2474 	mdie = pos;
2475 	mdie_len = res;
2476 	pos += res;
2477 
2478 	/* Fast BSS Transition Information */
2479 	if (auth_alg == WLAN_AUTH_FT) {
2480 		subelem = wpa_ft_gtk_subelem(sm, &subelem_len);
2481 		if (!subelem) {
2482 			wpa_printf(MSG_DEBUG,
2483 				   "FT: Failed to add GTK subelement");
2484 			return NULL;
2485 		}
2486 		r0kh_id = sm->r0kh_id;
2487 		r0kh_id_len = sm->r0kh_id_len;
2488 		anonce = sm->ANonce;
2489 		snonce = sm->SNonce;
2490 #ifdef CONFIG_IEEE80211W
2491 		if (sm->mgmt_frame_prot) {
2492 			u8 *igtk;
2493 			size_t igtk_len;
2494 			u8 *nbuf;
2495 			igtk = wpa_ft_igtk_subelem(sm, &igtk_len);
2496 			if (igtk == NULL) {
2497 				wpa_printf(MSG_DEBUG,
2498 					   "FT: Failed to add IGTK subelement");
2499 				os_free(subelem);
2500 				return NULL;
2501 			}
2502 			nbuf = os_realloc(subelem, subelem_len + igtk_len);
2503 			if (nbuf == NULL) {
2504 				os_free(subelem);
2505 				os_free(igtk);
2506 				return NULL;
2507 			}
2508 			subelem = nbuf;
2509 			os_memcpy(subelem + subelem_len, igtk, igtk_len);
2510 			subelem_len += igtk_len;
2511 			os_free(igtk);
2512 		}
2513 #endif /* CONFIG_IEEE80211W */
2514 #ifdef CONFIG_OCV
2515 		if (wpa_auth_uses_ocv(sm)) {
2516 			struct wpa_channel_info ci;
2517 			u8 *nbuf, *ocipos;
2518 
2519 			if (wpa_channel_info(sm->wpa_auth, &ci) != 0) {
2520 				wpa_printf(MSG_WARNING,
2521 					   "Failed to get channel info for OCI element");
2522 				os_free(subelem);
2523 				return NULL;
2524 			}
2525 
2526 			subelem_len += 2 + OCV_OCI_LEN;
2527 			nbuf = os_realloc(subelem, subelem_len);
2528 			if (!nbuf) {
2529 				os_free(subelem);
2530 				return NULL;
2531 			}
2532 			subelem = nbuf;
2533 
2534 			ocipos = subelem + subelem_len - 2 - OCV_OCI_LEN;
2535 			*ocipos++ = FTIE_SUBELEM_OCI;
2536 			*ocipos++ = OCV_OCI_LEN;
2537 			if (ocv_insert_oci(&ci, &ocipos) < 0) {
2538 				os_free(subelem);
2539 				return NULL;
2540 			}
2541 		}
2542 #endif /* CONFIG_OCV */
2543 	} else {
2544 		r0kh_id = conf->r0_key_holder;
2545 		r0kh_id_len = conf->r0_key_holder_len;
2546 		anonce = NULL;
2547 		snonce = NULL;
2548 	}
2549 	res = wpa_write_ftie(conf, use_sha384, r0kh_id, r0kh_id_len,
2550 			     anonce, snonce, pos, end - pos,
2551 			     subelem, subelem_len);
2552 	os_free(subelem);
2553 	if (res < 0)
2554 		return NULL;
2555 	ftie = pos;
2556 	ftie_len = res;
2557 	pos += res;
2558 
2559 	if (use_sha384) {
2560 		struct rsn_ftie_sha384 *_ftie =
2561 			(struct rsn_ftie_sha384 *) (ftie + 2);
2562 
2563 		fte_mic = _ftie->mic;
2564 		elem_count = &_ftie->mic_control[1];
2565 	} else {
2566 		struct rsn_ftie *_ftie = (struct rsn_ftie *) (ftie + 2);
2567 
2568 		fte_mic = _ftie->mic;
2569 		elem_count = &_ftie->mic_control[1];
2570 	}
2571 	if (auth_alg == WLAN_AUTH_FT)
2572 		*elem_count = 3; /* Information element count */
2573 
2574 	ric_start = pos;
2575 	if (wpa_ft_parse_ies(req_ies, req_ies_len, &parse, use_sha384) == 0
2576 	    && parse.ric) {
2577 		pos = wpa_ft_process_ric(sm, pos, end, parse.ric,
2578 					 parse.ric_len);
2579 		if (auth_alg == WLAN_AUTH_FT)
2580 			*elem_count +=
2581 				ieee802_11_ie_count(ric_start,
2582 						    pos - ric_start);
2583 	}
2584 	if (ric_start == pos)
2585 		ric_start = NULL;
2586 
2587 	if (wpa_key_mgmt_fils(sm->wpa_key_mgmt)) {
2588 		kck = sm->PTK.kck2;
2589 		kck_len = sm->PTK.kck2_len;
2590 	} else {
2591 		kck = sm->PTK.kck;
2592 		kck_len = sm->PTK.kck_len;
2593 	}
2594 	if (auth_alg == WLAN_AUTH_FT &&
2595 	    wpa_ft_mic(kck, kck_len, sm->addr, sm->wpa_auth->addr, 6,
2596 		       mdie, mdie_len, ftie, ftie_len,
2597 		       rsnie, rsnie_len,
2598 		       ric_start, ric_start ? pos - ric_start : 0,
2599 		       fte_mic) < 0) {
2600 		wpa_printf(MSG_DEBUG, "FT: Failed to calculate MIC");
2601 		return NULL;
2602 	}
2603 
2604 	os_free(sm->assoc_resp_ftie);
2605 	sm->assoc_resp_ftie = os_malloc(ftie_len);
2606 	if (!sm->assoc_resp_ftie)
2607 		return NULL;
2608 	os_memcpy(sm->assoc_resp_ftie, ftie, ftie_len);
2609 
2610 	return pos;
2611 }
2612 
2613 
2614 static inline int wpa_auth_set_key(struct wpa_authenticator *wpa_auth,
2615 				   int vlan_id,
2616 				   enum wpa_alg alg, const u8 *addr, int idx,
2617 				   u8 *key, size_t key_len)
2618 {
2619 	if (wpa_auth->cb->set_key == NULL)
2620 		return -1;
2621 	return wpa_auth->cb->set_key(wpa_auth->cb_ctx, vlan_id, alg, addr, idx,
2622 				     key, key_len);
2623 }
2624 
2625 
2626 void wpa_ft_install_ptk(struct wpa_state_machine *sm)
2627 {
2628 	enum wpa_alg alg;
2629 	int klen;
2630 
2631 	/* MLME-SETKEYS.request(PTK) */
2632 	alg = wpa_cipher_to_alg(sm->pairwise);
2633 	klen = wpa_cipher_key_len(sm->pairwise);
2634 	if (!wpa_cipher_valid_pairwise(sm->pairwise)) {
2635 		wpa_printf(MSG_DEBUG, "FT: Unknown pairwise alg 0x%x - skip "
2636 			   "PTK configuration", sm->pairwise);
2637 		return;
2638 	}
2639 
2640 	if (sm->tk_already_set) {
2641 		/* Must avoid TK reconfiguration to prevent clearing of TX/RX
2642 		 * PN in the driver */
2643 		wpa_printf(MSG_DEBUG,
2644 			   "FT: Do not re-install same PTK to the driver");
2645 		return;
2646 	}
2647 
2648 	/* FIX: add STA entry to kernel/driver here? The set_key will fail
2649 	 * most likely without this.. At the moment, STA entry is added only
2650 	 * after association has been completed. This function will be called
2651 	 * again after association to get the PTK configured, but that could be
2652 	 * optimized by adding the STA entry earlier.
2653 	 */
2654 	if (wpa_auth_set_key(sm->wpa_auth, 0, alg, sm->addr, 0,
2655 			     sm->PTK.tk, klen))
2656 		return;
2657 
2658 	/* FIX: MLME-SetProtection.Request(TA, Tx_Rx) */
2659 	sm->pairwise_set = TRUE;
2660 	sm->tk_already_set = TRUE;
2661 }
2662 
2663 
2664 /* Derive PMK-R1 from PSK, check all available PSK */
2665 static int wpa_ft_psk_pmk_r1(struct wpa_state_machine *sm,
2666 			     const u8 *req_pmk_r1_name,
2667 			     u8 *out_pmk_r1, int *out_pairwise,
2668 			     struct vlan_description *out_vlan,
2669 			     const u8 **out_identity, size_t *out_identity_len,
2670 			     const u8 **out_radius_cui,
2671 			     size_t *out_radius_cui_len,
2672 			     int *out_session_timeout)
2673 {
2674 	const u8 *pmk = NULL;
2675 	u8 pmk_r0[PMK_LEN], pmk_r0_name[WPA_PMK_NAME_LEN];
2676 	u8 pmk_r1[PMK_LEN], pmk_r1_name[WPA_PMK_NAME_LEN];
2677 	struct wpa_authenticator *wpa_auth = sm->wpa_auth;
2678 	const u8 *mdid = wpa_auth->conf.mobility_domain;
2679 	const u8 *r0kh = sm->r0kh_id;
2680 	size_t r0kh_len = sm->r0kh_id_len;
2681 	const u8 *r1kh = wpa_auth->conf.r1_key_holder;
2682 	const u8 *ssid = wpa_auth->conf.ssid;
2683 	size_t ssid_len = wpa_auth->conf.ssid_len;
2684 	int pairwise;
2685 
2686 	pairwise = sm->pairwise;
2687 
2688 	for (;;) {
2689 		pmk = wpa_ft_get_psk(wpa_auth, sm->addr, sm->p2p_dev_addr,
2690 				     pmk);
2691 		if (pmk == NULL)
2692 			break;
2693 
2694 		if (wpa_derive_pmk_r0(pmk, PMK_LEN, ssid, ssid_len, mdid, r0kh,
2695 				      r0kh_len, sm->addr,
2696 				      pmk_r0, pmk_r0_name, 0) < 0 ||
2697 		    wpa_derive_pmk_r1(pmk_r0, PMK_LEN, pmk_r0_name, r1kh,
2698 				      sm->addr, pmk_r1, pmk_r1_name) < 0 ||
2699 		    os_memcmp_const(pmk_r1_name, req_pmk_r1_name,
2700 				    WPA_PMK_NAME_LEN) != 0)
2701 			continue;
2702 
2703 		/* We found a PSK that matches the requested pmk_r1_name */
2704 		wpa_printf(MSG_DEBUG,
2705 			   "FT: Found PSK to generate PMK-R1 locally");
2706 		os_memcpy(out_pmk_r1, pmk_r1, PMK_LEN);
2707 		if (out_pairwise)
2708 			*out_pairwise = pairwise;
2709 		os_memcpy(sm->PMK, pmk, PMK_LEN);
2710 		sm->pmk_len = PMK_LEN;
2711 		if (out_vlan &&
2712 		    wpa_ft_get_vlan(sm->wpa_auth, sm->addr, out_vlan) < 0) {
2713 			wpa_printf(MSG_DEBUG, "FT: vlan not available for STA "
2714 				   MACSTR, MAC2STR(sm->addr));
2715 			return -1;
2716 		}
2717 
2718 		if (out_identity && out_identity_len) {
2719 			*out_identity_len = wpa_ft_get_identity(
2720 				sm->wpa_auth, sm->addr, out_identity);
2721 		}
2722 
2723 		if (out_radius_cui && out_radius_cui_len) {
2724 			*out_radius_cui_len = wpa_ft_get_radius_cui(
2725 				sm->wpa_auth, sm->addr, out_radius_cui);
2726 		}
2727 
2728 		if (out_session_timeout) {
2729 			*out_session_timeout = wpa_ft_get_session_timeout(
2730 				sm->wpa_auth, sm->addr);
2731 		}
2732 
2733 		return 0;
2734 	}
2735 
2736 	wpa_printf(MSG_DEBUG,
2737 		   "FT: Did not find PSK to generate PMK-R1 locally");
2738 	return -1;
2739 }
2740 
2741 
2742 /* Detect the configuration the station asked for.
2743  * Required to detect FT-PSK and pairwise cipher.
2744  */
2745 static int wpa_ft_set_key_mgmt(struct wpa_state_machine *sm,
2746 			       struct wpa_ft_ies *parse)
2747 {
2748 	int key_mgmt, ciphers;
2749 
2750 	if (sm->wpa_key_mgmt)
2751 		return 0;
2752 
2753 	key_mgmt = parse->key_mgmt & sm->wpa_auth->conf.wpa_key_mgmt;
2754 	if (!key_mgmt) {
2755 		wpa_printf(MSG_DEBUG, "FT: Invalid key mgmt (0x%x) from "
2756 			   MACSTR, parse->key_mgmt, MAC2STR(sm->addr));
2757 		return -1;
2758 	}
2759 	if (key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X)
2760 		sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_IEEE8021X;
2761 #ifdef CONFIG_SHA384
2762 	else if (key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X_SHA384)
2763 		sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_IEEE8021X_SHA384;
2764 #endif /* CONFIG_SHA384 */
2765 	else if (key_mgmt & WPA_KEY_MGMT_FT_PSK)
2766 		sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_PSK;
2767 #ifdef CONFIG_FILS
2768 	else if (key_mgmt & WPA_KEY_MGMT_FT_FILS_SHA256)
2769 		sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_FILS_SHA256;
2770 	else if (key_mgmt & WPA_KEY_MGMT_FT_FILS_SHA384)
2771 		sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_FILS_SHA384;
2772 #endif /* CONFIG_FILS */
2773 	ciphers = parse->pairwise_cipher & sm->wpa_auth->conf.rsn_pairwise;
2774 	if (!ciphers) {
2775 		wpa_printf(MSG_DEBUG, "FT: Invalid pairwise cipher (0x%x) from "
2776 			   MACSTR,
2777 			   parse->pairwise_cipher, MAC2STR(sm->addr));
2778 		return -1;
2779 	}
2780 	sm->pairwise = wpa_pick_pairwise_cipher(ciphers, 0);
2781 
2782 	return 0;
2783 }
2784 
2785 
2786 static int wpa_ft_local_derive_pmk_r1(struct wpa_authenticator *wpa_auth,
2787 				      struct wpa_state_machine *sm,
2788 				      const u8 *r0kh_id, size_t r0kh_id_len,
2789 				      const u8 *req_pmk_r0_name,
2790 				      const u8 *req_pmk_r1_name,
2791 				      u8 *out_pmk_r1, int *out_pairwise,
2792 				      struct vlan_description *vlan,
2793 				      const u8 **identity, size_t *identity_len,
2794 				      const u8 **radius_cui,
2795 				      size_t *radius_cui_len,
2796 				      int *out_session_timeout)
2797 {
2798 	struct wpa_auth_config *conf = &wpa_auth->conf;
2799 	const struct wpa_ft_pmk_r0_sa *r0;
2800 	u8 pmk_r1_name[WPA_PMK_NAME_LEN];
2801 	int expires_in = 0;
2802 	int session_timeout = 0;
2803 	struct os_reltime now;
2804 
2805 	if (conf->r0_key_holder_len != r0kh_id_len ||
2806 	    os_memcmp(conf->r0_key_holder, r0kh_id, conf->r0_key_holder_len) !=
2807 	    0)
2808 		return -1; /* not our R0KH-ID */
2809 
2810 	wpa_printf(MSG_DEBUG, "FT: STA R0KH-ID matching local configuration");
2811 	if (wpa_ft_fetch_pmk_r0(sm->wpa_auth, sm->addr, req_pmk_r0_name, &r0) <
2812 	    0)
2813 		return -1; /* no matching PMKR0Name in local cache */
2814 
2815 	wpa_printf(MSG_DEBUG, "FT: Requested PMKR0Name found in local cache");
2816 
2817 	if (wpa_derive_pmk_r1(r0->pmk_r0, r0->pmk_r0_len, r0->pmk_r0_name,
2818 			      conf->r1_key_holder,
2819 			      sm->addr, out_pmk_r1, pmk_r1_name) < 0)
2820 		return -1;
2821 	wpa_hexdump_key(MSG_DEBUG, "FT: PMK-R1", out_pmk_r1, r0->pmk_r0_len);
2822 	wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name", pmk_r1_name, WPA_PMK_NAME_LEN);
2823 
2824 	os_get_reltime(&now);
2825 	if (r0->expiration)
2826 		expires_in = r0->expiration - now.sec;
2827 
2828 	if (r0->session_timeout)
2829 		session_timeout = r0->session_timeout - now.sec;
2830 
2831 	wpa_ft_store_pmk_r1(wpa_auth, sm->addr, out_pmk_r1, r0->pmk_r0_len,
2832 			    pmk_r1_name,
2833 			    sm->pairwise, r0->vlan, expires_in, session_timeout,
2834 			    r0->identity, r0->identity_len,
2835 			    r0->radius_cui, r0->radius_cui_len);
2836 
2837 	*out_pairwise = sm->pairwise;
2838 	if (vlan) {
2839 		if (r0->vlan)
2840 			*vlan = *r0->vlan;
2841 		else
2842 			os_memset(vlan, 0, sizeof(*vlan));
2843 	}
2844 
2845 	if (identity && identity_len) {
2846 		*identity = r0->identity;
2847 		*identity_len = r0->identity_len;
2848 	}
2849 
2850 	if (radius_cui && radius_cui_len) {
2851 		*radius_cui = r0->radius_cui;
2852 		*radius_cui_len = r0->radius_cui_len;
2853 	}
2854 
2855 	*out_session_timeout = session_timeout;
2856 
2857 	return 0;
2858 }
2859 
2860 
2861 static int wpa_ft_process_auth_req(struct wpa_state_machine *sm,
2862 				   const u8 *ies, size_t ies_len,
2863 				   u8 **resp_ies, size_t *resp_ies_len)
2864 {
2865 	struct rsn_mdie *mdie;
2866 	u8 pmk_r1[PMK_LEN_MAX], pmk_r1_name[WPA_PMK_NAME_LEN];
2867 	u8 ptk_name[WPA_PMK_NAME_LEN];
2868 	struct wpa_auth_config *conf;
2869 	struct wpa_ft_ies parse;
2870 	size_t buflen;
2871 	int ret;
2872 	u8 *pos, *end;
2873 	int pairwise, session_timeout = 0;
2874 	struct vlan_description vlan;
2875 	const u8 *identity, *radius_cui;
2876 	size_t identity_len = 0, radius_cui_len = 0;
2877 	int use_sha384;
2878 	size_t pmk_r1_len;
2879 
2880 	*resp_ies = NULL;
2881 	*resp_ies_len = 0;
2882 
2883 	sm->pmk_r1_name_valid = 0;
2884 	conf = &sm->wpa_auth->conf;
2885 
2886 	wpa_hexdump(MSG_DEBUG, "FT: Received authentication frame IEs",
2887 		    ies, ies_len);
2888 
2889 	if (wpa_ft_parse_ies(ies, ies_len, &parse, -1)) {
2890 		wpa_printf(MSG_DEBUG, "FT: Failed to parse FT IEs");
2891 		return WLAN_STATUS_UNSPECIFIED_FAILURE;
2892 	}
2893 	use_sha384 = wpa_key_mgmt_sha384(parse.key_mgmt);
2894 	pmk_r1_len = use_sha384 ? SHA384_MAC_LEN : PMK_LEN;
2895 
2896 	mdie = (struct rsn_mdie *) parse.mdie;
2897 	if (mdie == NULL || parse.mdie_len < sizeof(*mdie) ||
2898 	    os_memcmp(mdie->mobility_domain,
2899 		      sm->wpa_auth->conf.mobility_domain,
2900 		      MOBILITY_DOMAIN_ID_LEN) != 0) {
2901 		wpa_printf(MSG_DEBUG, "FT: Invalid MDIE");
2902 		return WLAN_STATUS_INVALID_MDIE;
2903 	}
2904 
2905 	if (use_sha384) {
2906 		struct rsn_ftie_sha384 *ftie;
2907 
2908 		ftie = (struct rsn_ftie_sha384 *) parse.ftie;
2909 		if (!ftie || parse.ftie_len < sizeof(*ftie)) {
2910 			wpa_printf(MSG_DEBUG, "FT: Invalid FTIE");
2911 			return WLAN_STATUS_INVALID_FTIE;
2912 		}
2913 
2914 		os_memcpy(sm->SNonce, ftie->snonce, WPA_NONCE_LEN);
2915 	} else {
2916 		struct rsn_ftie *ftie;
2917 
2918 		ftie = (struct rsn_ftie *) parse.ftie;
2919 		if (!ftie || parse.ftie_len < sizeof(*ftie)) {
2920 			wpa_printf(MSG_DEBUG, "FT: Invalid FTIE");
2921 			return WLAN_STATUS_INVALID_FTIE;
2922 		}
2923 
2924 		os_memcpy(sm->SNonce, ftie->snonce, WPA_NONCE_LEN);
2925 	}
2926 
2927 	if (parse.r0kh_id == NULL) {
2928 		wpa_printf(MSG_DEBUG, "FT: Invalid FTIE - no R0KH-ID");
2929 		return WLAN_STATUS_INVALID_FTIE;
2930 	}
2931 
2932 	wpa_hexdump(MSG_DEBUG, "FT: STA R0KH-ID",
2933 		    parse.r0kh_id, parse.r0kh_id_len);
2934 	os_memcpy(sm->r0kh_id, parse.r0kh_id, parse.r0kh_id_len);
2935 	sm->r0kh_id_len = parse.r0kh_id_len;
2936 
2937 	if (parse.rsn_pmkid == NULL) {
2938 		wpa_printf(MSG_DEBUG, "FT: No PMKID in RSNIE");
2939 		return WLAN_STATUS_INVALID_PMKID;
2940 	}
2941 
2942 	if (wpa_ft_set_key_mgmt(sm, &parse) < 0)
2943 		return WLAN_STATUS_UNSPECIFIED_FAILURE;
2944 
2945 	wpa_hexdump(MSG_DEBUG, "FT: Requested PMKR0Name",
2946 		    parse.rsn_pmkid, WPA_PMK_NAME_LEN);
2947 	if (wpa_derive_pmk_r1_name(parse.rsn_pmkid,
2948 				   sm->wpa_auth->conf.r1_key_holder, sm->addr,
2949 				   pmk_r1_name, use_sha384) < 0)
2950 		return WLAN_STATUS_UNSPECIFIED_FAILURE;
2951 	wpa_hexdump(MSG_DEBUG, "FT: Derived requested PMKR1Name",
2952 		    pmk_r1_name, WPA_PMK_NAME_LEN);
2953 
2954 	if (conf->ft_psk_generate_local &&
2955 	    wpa_key_mgmt_ft_psk(sm->wpa_key_mgmt)) {
2956 		if (wpa_ft_psk_pmk_r1(sm, pmk_r1_name, pmk_r1, &pairwise,
2957 				      &vlan, &identity, &identity_len,
2958 				      &radius_cui, &radius_cui_len,
2959 				      &session_timeout) < 0)
2960 			return WLAN_STATUS_INVALID_PMKID;
2961 		wpa_printf(MSG_DEBUG,
2962 			   "FT: Generated PMK-R1 for FT-PSK locally");
2963 	} else if (wpa_ft_fetch_pmk_r1(sm->wpa_auth, sm->addr, pmk_r1_name,
2964 				       pmk_r1, &pmk_r1_len, &pairwise, &vlan,
2965 				       &identity, &identity_len, &radius_cui,
2966 				       &radius_cui_len, &session_timeout) < 0) {
2967 		wpa_printf(MSG_DEBUG,
2968 			   "FT: No PMK-R1 available in local cache for the requested PMKR1Name");
2969 		if (wpa_ft_local_derive_pmk_r1(sm->wpa_auth, sm,
2970 					       parse.r0kh_id, parse.r0kh_id_len,
2971 					       parse.rsn_pmkid,
2972 					       pmk_r1_name, pmk_r1, &pairwise,
2973 					       &vlan, &identity, &identity_len,
2974 					       &radius_cui, &radius_cui_len,
2975 					       &session_timeout) == 0) {
2976 			wpa_printf(MSG_DEBUG,
2977 				   "FT: Generated PMK-R1 based on local PMK-R0");
2978 			goto pmk_r1_derived;
2979 		}
2980 
2981 		if (wpa_ft_pull_pmk_r1(sm, ies, ies_len, parse.rsn_pmkid) < 0) {
2982 			wpa_printf(MSG_DEBUG,
2983 				   "FT: Did not have matching PMK-R1 and either unknown or blocked R0KH-ID or NAK from R0KH");
2984 			return WLAN_STATUS_INVALID_PMKID;
2985 		}
2986 
2987 		return -1; /* Status pending */
2988 	} else {
2989 		wpa_printf(MSG_DEBUG, "FT: Found PMKR1Name from local cache");
2990 	}
2991 
2992 pmk_r1_derived:
2993 	wpa_hexdump_key(MSG_DEBUG, "FT: Selected PMK-R1", pmk_r1, pmk_r1_len);
2994 	sm->pmk_r1_name_valid = 1;
2995 	os_memcpy(sm->pmk_r1_name, pmk_r1_name, WPA_PMK_NAME_LEN);
2996 	os_memcpy(sm->pmk_r1, pmk_r1, pmk_r1_len);
2997 	sm->pmk_r1_len = pmk_r1_len;
2998 
2999 	if (random_get_bytes(sm->ANonce, WPA_NONCE_LEN)) {
3000 		wpa_printf(MSG_DEBUG, "FT: Failed to get random data for "
3001 			   "ANonce");
3002 		return WLAN_STATUS_UNSPECIFIED_FAILURE;
3003 	}
3004 
3005 	wpa_hexdump(MSG_DEBUG, "FT: Received SNonce",
3006 		    sm->SNonce, WPA_NONCE_LEN);
3007 	wpa_hexdump(MSG_DEBUG, "FT: Generated ANonce",
3008 		    sm->ANonce, WPA_NONCE_LEN);
3009 
3010 	if (wpa_pmk_r1_to_ptk(pmk_r1, pmk_r1_len, sm->SNonce, sm->ANonce,
3011 			      sm->addr, sm->wpa_auth->addr, pmk_r1_name,
3012 			      &sm->PTK, ptk_name, sm->wpa_key_mgmt,
3013 			      pairwise) < 0)
3014 		return WLAN_STATUS_UNSPECIFIED_FAILURE;
3015 
3016 	sm->pairwise = pairwise;
3017 	sm->PTK_valid = TRUE;
3018 	sm->tk_already_set = FALSE;
3019 	wpa_ft_install_ptk(sm);
3020 
3021 	if (wpa_ft_set_vlan(sm->wpa_auth, sm->addr, &vlan) < 0) {
3022 		wpa_printf(MSG_DEBUG, "FT: Failed to configure VLAN");
3023 		return WLAN_STATUS_UNSPECIFIED_FAILURE;
3024 	}
3025 	if (wpa_ft_set_identity(sm->wpa_auth, sm->addr,
3026 				identity, identity_len) < 0 ||
3027 	    wpa_ft_set_radius_cui(sm->wpa_auth, sm->addr,
3028 				  radius_cui, radius_cui_len) < 0) {
3029 		wpa_printf(MSG_DEBUG, "FT: Failed to configure identity/CUI");
3030 		return WLAN_STATUS_UNSPECIFIED_FAILURE;
3031 	}
3032 	wpa_ft_set_session_timeout(sm->wpa_auth, sm->addr, session_timeout);
3033 
3034 	buflen = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) +
3035 		2 + FT_R1KH_ID_LEN + 200;
3036 	*resp_ies = os_zalloc(buflen);
3037 	if (*resp_ies == NULL)
3038 		goto fail;
3039 
3040 	pos = *resp_ies;
3041 	end = *resp_ies + buflen;
3042 
3043 	ret = wpa_write_rsn_ie(conf, pos, end - pos, parse.rsn_pmkid);
3044 	if (ret < 0)
3045 		goto fail;
3046 	pos += ret;
3047 
3048 	ret = wpa_write_mdie(conf, pos, end - pos);
3049 	if (ret < 0)
3050 		goto fail;
3051 	pos += ret;
3052 
3053 	ret = wpa_write_ftie(conf, use_sha384, parse.r0kh_id, parse.r0kh_id_len,
3054 			     sm->ANonce, sm->SNonce, pos, end - pos, NULL, 0);
3055 	if (ret < 0)
3056 		goto fail;
3057 	pos += ret;
3058 
3059 	*resp_ies_len = pos - *resp_ies;
3060 
3061 	return WLAN_STATUS_SUCCESS;
3062 fail:
3063 	os_free(*resp_ies);
3064 	*resp_ies = NULL;
3065 	return WLAN_STATUS_UNSPECIFIED_FAILURE;
3066 }
3067 
3068 
3069 void wpa_ft_process_auth(struct wpa_state_machine *sm, const u8 *bssid,
3070 			 u16 auth_transaction, const u8 *ies, size_t ies_len,
3071 			 void (*cb)(void *ctx, const u8 *dst, const u8 *bssid,
3072 				    u16 auth_transaction, u16 status,
3073 				    const u8 *ies, size_t ies_len),
3074 			 void *ctx)
3075 {
3076 	u16 status;
3077 	u8 *resp_ies;
3078 	size_t resp_ies_len;
3079 	int res;
3080 
3081 	if (sm == NULL) {
3082 		wpa_printf(MSG_DEBUG, "FT: Received authentication frame, but "
3083 			   "WPA SM not available");
3084 		return;
3085 	}
3086 
3087 	wpa_printf(MSG_DEBUG, "FT: Received authentication frame: STA=" MACSTR
3088 		   " BSSID=" MACSTR " transaction=%d",
3089 		   MAC2STR(sm->addr), MAC2STR(bssid), auth_transaction);
3090 	sm->ft_pending_cb = cb;
3091 	sm->ft_pending_cb_ctx = ctx;
3092 	sm->ft_pending_auth_transaction = auth_transaction;
3093 	sm->ft_pending_pull_left_retries = sm->wpa_auth->conf.rkh_pull_retries;
3094 	res = wpa_ft_process_auth_req(sm, ies, ies_len, &resp_ies,
3095 				      &resp_ies_len);
3096 	if (res < 0) {
3097 		wpa_printf(MSG_DEBUG, "FT: Callback postponed until response is available");
3098 		return;
3099 	}
3100 	status = res;
3101 
3102 	wpa_printf(MSG_DEBUG, "FT: FT authentication response: dst=" MACSTR
3103 		   " auth_transaction=%d status=%u (%s)",
3104 		   MAC2STR(sm->addr), auth_transaction + 1, status,
3105 		   status2str(status));
3106 	wpa_hexdump(MSG_DEBUG, "FT: Response IEs", resp_ies, resp_ies_len);
3107 	cb(ctx, sm->addr, bssid, auth_transaction + 1, status,
3108 	   resp_ies, resp_ies_len);
3109 	os_free(resp_ies);
3110 }
3111 
3112 
3113 u16 wpa_ft_validate_reassoc(struct wpa_state_machine *sm, const u8 *ies,
3114 			    size_t ies_len)
3115 {
3116 	struct wpa_ft_ies parse;
3117 	struct rsn_mdie *mdie;
3118 	u8 mic[WPA_EAPOL_KEY_MIC_MAX_LEN];
3119 	size_t mic_len = 16;
3120 	unsigned int count;
3121 	const u8 *kck;
3122 	size_t kck_len;
3123 	int use_sha384;
3124 	const u8 *anonce, *snonce, *fte_mic;
3125 	u8 fte_elem_count;
3126 
3127 	if (sm == NULL)
3128 		return WLAN_STATUS_UNSPECIFIED_FAILURE;
3129 
3130 	use_sha384 = wpa_key_mgmt_sha384(sm->wpa_key_mgmt);
3131 
3132 	wpa_hexdump(MSG_DEBUG, "FT: Reassoc Req IEs", ies, ies_len);
3133 
3134 	if (wpa_ft_parse_ies(ies, ies_len, &parse, use_sha384) < 0) {
3135 		wpa_printf(MSG_DEBUG, "FT: Failed to parse FT IEs");
3136 		return WLAN_STATUS_UNSPECIFIED_FAILURE;
3137 	}
3138 
3139 	if (parse.rsn == NULL) {
3140 		wpa_printf(MSG_DEBUG, "FT: No RSNIE in Reassoc Req");
3141 		return WLAN_STATUS_UNSPECIFIED_FAILURE;
3142 	}
3143 
3144 	if (parse.rsn_pmkid == NULL) {
3145 		wpa_printf(MSG_DEBUG, "FT: No PMKID in RSNIE");
3146 		return WLAN_STATUS_INVALID_PMKID;
3147 	}
3148 
3149 	if (os_memcmp_const(parse.rsn_pmkid, sm->pmk_r1_name, WPA_PMK_NAME_LEN)
3150 	    != 0) {
3151 		wpa_printf(MSG_DEBUG, "FT: PMKID in Reassoc Req did not match "
3152 			   "with the PMKR1Name derived from auth request");
3153 		return WLAN_STATUS_INVALID_PMKID;
3154 	}
3155 
3156 	mdie = (struct rsn_mdie *) parse.mdie;
3157 	if (mdie == NULL || parse.mdie_len < sizeof(*mdie) ||
3158 	    os_memcmp(mdie->mobility_domain,
3159 		      sm->wpa_auth->conf.mobility_domain,
3160 		      MOBILITY_DOMAIN_ID_LEN) != 0) {
3161 		wpa_printf(MSG_DEBUG, "FT: Invalid MDIE");
3162 		return WLAN_STATUS_INVALID_MDIE;
3163 	}
3164 
3165 	if (use_sha384) {
3166 		struct rsn_ftie_sha384 *ftie;
3167 
3168 		ftie = (struct rsn_ftie_sha384 *) parse.ftie;
3169 		if (ftie == NULL || parse.ftie_len < sizeof(*ftie)) {
3170 			wpa_printf(MSG_DEBUG, "FT: Invalid FTIE");
3171 			return WLAN_STATUS_INVALID_FTIE;
3172 		}
3173 
3174 		anonce = ftie->anonce;
3175 		snonce = ftie->snonce;
3176 		fte_elem_count = ftie->mic_control[1];
3177 		fte_mic = ftie->mic;
3178 	} else {
3179 		struct rsn_ftie *ftie;
3180 
3181 		ftie = (struct rsn_ftie *) parse.ftie;
3182 		if (ftie == NULL || parse.ftie_len < sizeof(*ftie)) {
3183 			wpa_printf(MSG_DEBUG, "FT: Invalid FTIE");
3184 			return WLAN_STATUS_INVALID_FTIE;
3185 		}
3186 
3187 		anonce = ftie->anonce;
3188 		snonce = ftie->snonce;
3189 		fte_elem_count = ftie->mic_control[1];
3190 		fte_mic = ftie->mic;
3191 	}
3192 
3193 	if (os_memcmp(snonce, sm->SNonce, WPA_NONCE_LEN) != 0) {
3194 		wpa_printf(MSG_DEBUG, "FT: SNonce mismatch in FTIE");
3195 		wpa_hexdump(MSG_DEBUG, "FT: Received SNonce",
3196 			    snonce, WPA_NONCE_LEN);
3197 		wpa_hexdump(MSG_DEBUG, "FT: Expected SNonce",
3198 			    sm->SNonce, WPA_NONCE_LEN);
3199 		return WLAN_STATUS_INVALID_FTIE;
3200 	}
3201 
3202 	if (os_memcmp(anonce, sm->ANonce, WPA_NONCE_LEN) != 0) {
3203 		wpa_printf(MSG_DEBUG, "FT: ANonce mismatch in FTIE");
3204 		wpa_hexdump(MSG_DEBUG, "FT: Received ANonce",
3205 			    anonce, WPA_NONCE_LEN);
3206 		wpa_hexdump(MSG_DEBUG, "FT: Expected ANonce",
3207 			    sm->ANonce, WPA_NONCE_LEN);
3208 		return WLAN_STATUS_INVALID_FTIE;
3209 	}
3210 
3211 
3212 	if (parse.r0kh_id == NULL) {
3213 		wpa_printf(MSG_DEBUG, "FT: No R0KH-ID subelem in FTIE");
3214 		return WLAN_STATUS_INVALID_FTIE;
3215 	}
3216 
3217 	if (parse.r0kh_id_len != sm->r0kh_id_len ||
3218 	    os_memcmp_const(parse.r0kh_id, sm->r0kh_id, parse.r0kh_id_len) != 0)
3219 	{
3220 		wpa_printf(MSG_DEBUG, "FT: R0KH-ID in FTIE did not match with "
3221 			   "the current R0KH-ID");
3222 		wpa_hexdump(MSG_DEBUG, "FT: R0KH-ID in FTIE",
3223 			    parse.r0kh_id, parse.r0kh_id_len);
3224 		wpa_hexdump(MSG_DEBUG, "FT: The current R0KH-ID",
3225 			    sm->r0kh_id, sm->r0kh_id_len);
3226 		return WLAN_STATUS_INVALID_FTIE;
3227 	}
3228 
3229 	if (parse.r1kh_id == NULL) {
3230 		wpa_printf(MSG_DEBUG, "FT: No R1KH-ID subelem in FTIE");
3231 		return WLAN_STATUS_INVALID_FTIE;
3232 	}
3233 
3234 	if (os_memcmp_const(parse.r1kh_id, sm->wpa_auth->conf.r1_key_holder,
3235 			    FT_R1KH_ID_LEN) != 0) {
3236 		wpa_printf(MSG_DEBUG, "FT: Unknown R1KH-ID used in "
3237 			   "ReassocReq");
3238 		wpa_hexdump(MSG_DEBUG, "FT: R1KH-ID in FTIE",
3239 			    parse.r1kh_id, FT_R1KH_ID_LEN);
3240 		wpa_hexdump(MSG_DEBUG, "FT: Expected R1KH-ID",
3241 			    sm->wpa_auth->conf.r1_key_holder, FT_R1KH_ID_LEN);
3242 		return WLAN_STATUS_INVALID_FTIE;
3243 	}
3244 
3245 	if (parse.rsn_pmkid == NULL ||
3246 	    os_memcmp_const(parse.rsn_pmkid, sm->pmk_r1_name, WPA_PMK_NAME_LEN))
3247 	{
3248 		wpa_printf(MSG_DEBUG, "FT: No matching PMKR1Name (PMKID) in "
3249 			   "RSNIE (pmkid=%d)", !!parse.rsn_pmkid);
3250 		return WLAN_STATUS_INVALID_PMKID;
3251 	}
3252 
3253 	count = 3;
3254 	if (parse.ric)
3255 		count += ieee802_11_ie_count(parse.ric, parse.ric_len);
3256 	if (fte_elem_count != count) {
3257 		wpa_printf(MSG_DEBUG, "FT: Unexpected IE count in MIC "
3258 			   "Control: received %u expected %u",
3259 			   fte_elem_count, count);
3260 		return WLAN_STATUS_UNSPECIFIED_FAILURE;
3261 	}
3262 
3263 	if (wpa_key_mgmt_fils(sm->wpa_key_mgmt)) {
3264 		kck = sm->PTK.kck2;
3265 		kck_len = sm->PTK.kck2_len;
3266 	} else {
3267 		kck = sm->PTK.kck;
3268 		kck_len = sm->PTK.kck_len;
3269 	}
3270 	if (wpa_ft_mic(kck, kck_len, sm->addr, sm->wpa_auth->addr, 5,
3271 		       parse.mdie - 2, parse.mdie_len + 2,
3272 		       parse.ftie - 2, parse.ftie_len + 2,
3273 		       parse.rsn - 2, parse.rsn_len + 2,
3274 		       parse.ric, parse.ric_len,
3275 		       mic) < 0) {
3276 		wpa_printf(MSG_DEBUG, "FT: Failed to calculate MIC");
3277 		return WLAN_STATUS_UNSPECIFIED_FAILURE;
3278 	}
3279 
3280 	if (os_memcmp_const(mic, fte_mic, mic_len) != 0) {
3281 		wpa_printf(MSG_DEBUG, "FT: Invalid MIC in FTIE");
3282 		wpa_printf(MSG_DEBUG, "FT: addr=" MACSTR " auth_addr=" MACSTR,
3283 			   MAC2STR(sm->addr), MAC2STR(sm->wpa_auth->addr));
3284 		wpa_hexdump(MSG_MSGDUMP, "FT: Received MIC",
3285 			    fte_mic, mic_len);
3286 		wpa_hexdump(MSG_MSGDUMP, "FT: Calculated MIC", mic, mic_len);
3287 		wpa_hexdump(MSG_MSGDUMP, "FT: MDIE",
3288 			    parse.mdie - 2, parse.mdie_len + 2);
3289 		wpa_hexdump(MSG_MSGDUMP, "FT: FTIE",
3290 			    parse.ftie - 2, parse.ftie_len + 2);
3291 		wpa_hexdump(MSG_MSGDUMP, "FT: RSN",
3292 			    parse.rsn - 2, parse.rsn_len + 2);
3293 		return WLAN_STATUS_INVALID_FTIE;
3294 	}
3295 
3296 #ifdef CONFIG_OCV
3297 	if (wpa_auth_uses_ocv(sm)) {
3298 		struct wpa_channel_info ci;
3299 		int tx_chanwidth;
3300 		int tx_seg1_idx;
3301 
3302 		if (wpa_channel_info(sm->wpa_auth, &ci) != 0) {
3303 			wpa_printf(MSG_WARNING,
3304 				   "Failed to get channel info to validate received OCI in (Re)Assoc Request");
3305 			return WLAN_STATUS_UNSPECIFIED_FAILURE;
3306 		}
3307 
3308 		if (get_sta_tx_parameters(sm,
3309 					  channel_width_to_int(ci.chanwidth),
3310 					  ci.seg1_idx, &tx_chanwidth,
3311 					  &tx_seg1_idx) < 0)
3312 			return WLAN_STATUS_UNSPECIFIED_FAILURE;
3313 
3314 		if (ocv_verify_tx_params(parse.oci, parse.oci_len, &ci,
3315 					 tx_chanwidth, tx_seg1_idx) != 0) {
3316 			wpa_printf(MSG_WARNING, "%s", ocv_errorstr);
3317 			return WLAN_STATUS_UNSPECIFIED_FAILURE;
3318 		}
3319 	}
3320 #endif /* CONFIG_OCV */
3321 
3322 	return WLAN_STATUS_SUCCESS;
3323 }
3324 
3325 
3326 int wpa_ft_action_rx(struct wpa_state_machine *sm, const u8 *data, size_t len)
3327 {
3328 	const u8 *sta_addr, *target_ap;
3329 	const u8 *ies;
3330 	size_t ies_len;
3331 	u8 action;
3332 	struct ft_rrb_frame *frame;
3333 
3334 	if (sm == NULL)
3335 		return -1;
3336 
3337 	/*
3338 	 * data: Category[1] Action[1] STA_Address[6] Target_AP_Address[6]
3339 	 * FT Request action frame body[variable]
3340 	 */
3341 
3342 	if (len < 14) {
3343 		wpa_printf(MSG_DEBUG, "FT: Too short FT Action frame "
3344 			   "(len=%lu)", (unsigned long) len);
3345 		return -1;
3346 	}
3347 
3348 	action = data[1];
3349 	sta_addr = data + 2;
3350 	target_ap = data + 8;
3351 	ies = data + 14;
3352 	ies_len = len - 14;
3353 
3354 	wpa_printf(MSG_DEBUG, "FT: Received FT Action frame (STA=" MACSTR
3355 		   " Target AP=" MACSTR " Action=%d)",
3356 		   MAC2STR(sta_addr), MAC2STR(target_ap), action);
3357 
3358 	if (os_memcmp(sta_addr, sm->addr, ETH_ALEN) != 0) {
3359 		wpa_printf(MSG_DEBUG, "FT: Mismatch in FT Action STA address: "
3360 			   "STA=" MACSTR " STA-Address=" MACSTR,
3361 			   MAC2STR(sm->addr), MAC2STR(sta_addr));
3362 		return -1;
3363 	}
3364 
3365 	/*
3366 	 * Do some sanity checking on the target AP address (not own and not
3367 	 * broadcast. This could be extended to filter based on a list of known
3368 	 * APs in the MD (if such a list were configured).
3369 	 */
3370 	if ((target_ap[0] & 0x01) ||
3371 	    os_memcmp(target_ap, sm->wpa_auth->addr, ETH_ALEN) == 0) {
3372 		wpa_printf(MSG_DEBUG, "FT: Invalid Target AP in FT Action "
3373 			   "frame");
3374 		return -1;
3375 	}
3376 
3377 	wpa_hexdump(MSG_MSGDUMP, "FT: Action frame body", ies, ies_len);
3378 
3379 	if (!sm->wpa_auth->conf.ft_over_ds) {
3380 		wpa_printf(MSG_DEBUG, "FT: Over-DS option disabled - reject");
3381 		return -1;
3382 	}
3383 
3384 	/* RRB - Forward action frame to the target AP */
3385 	frame = os_malloc(sizeof(*frame) + len);
3386 	if (frame == NULL)
3387 		return -1;
3388 	frame->frame_type = RSN_REMOTE_FRAME_TYPE_FT_RRB;
3389 	frame->packet_type = FT_PACKET_REQUEST;
3390 	frame->action_length = host_to_le16(len);
3391 	os_memcpy(frame->ap_address, sm->wpa_auth->addr, ETH_ALEN);
3392 	os_memcpy(frame + 1, data, len);
3393 
3394 	wpa_ft_rrb_send(sm->wpa_auth, target_ap, (u8 *) frame,
3395 			sizeof(*frame) + len);
3396 	os_free(frame);
3397 
3398 	return 0;
3399 }
3400 
3401 
3402 static void wpa_ft_rrb_rx_request_cb(void *ctx, const u8 *dst, const u8 *bssid,
3403 				     u16 auth_transaction, u16 resp,
3404 				     const u8 *ies, size_t ies_len)
3405 {
3406 	struct wpa_state_machine *sm = ctx;
3407 	wpa_printf(MSG_DEBUG, "FT: Over-the-DS RX request cb for " MACSTR,
3408 		   MAC2STR(sm->addr));
3409 	wpa_ft_send_rrb_auth_resp(sm, sm->ft_pending_current_ap, sm->addr,
3410 				  WLAN_STATUS_SUCCESS, ies, ies_len);
3411 }
3412 
3413 
3414 static int wpa_ft_rrb_rx_request(struct wpa_authenticator *wpa_auth,
3415 				 const u8 *current_ap, const u8 *sta_addr,
3416 				 const u8 *body, size_t len)
3417 {
3418 	struct wpa_state_machine *sm;
3419 	u16 status;
3420 	u8 *resp_ies;
3421 	size_t resp_ies_len;
3422 	int res;
3423 
3424 	sm = wpa_ft_add_sta(wpa_auth, sta_addr);
3425 	if (sm == NULL) {
3426 		wpa_printf(MSG_DEBUG, "FT: Failed to add new STA based on "
3427 			   "RRB Request");
3428 		return -1;
3429 	}
3430 
3431 	wpa_hexdump(MSG_MSGDUMP, "FT: RRB Request Frame body", body, len);
3432 
3433 	sm->ft_pending_cb = wpa_ft_rrb_rx_request_cb;
3434 	sm->ft_pending_cb_ctx = sm;
3435 	os_memcpy(sm->ft_pending_current_ap, current_ap, ETH_ALEN);
3436 	sm->ft_pending_pull_left_retries = sm->wpa_auth->conf.rkh_pull_retries;
3437 	res = wpa_ft_process_auth_req(sm, body, len, &resp_ies,
3438 				      &resp_ies_len);
3439 	if (res < 0) {
3440 		wpa_printf(MSG_DEBUG, "FT: No immediate response available - wait for pull response");
3441 		return 0;
3442 	}
3443 	status = res;
3444 
3445 	res = wpa_ft_send_rrb_auth_resp(sm, current_ap, sta_addr, status,
3446 					resp_ies, resp_ies_len);
3447 	os_free(resp_ies);
3448 	return res;
3449 }
3450 
3451 
3452 static int wpa_ft_send_rrb_auth_resp(struct wpa_state_machine *sm,
3453 				     const u8 *current_ap, const u8 *sta_addr,
3454 				     u16 status, const u8 *resp_ies,
3455 				     size_t resp_ies_len)
3456 {
3457 	struct wpa_authenticator *wpa_auth = sm->wpa_auth;
3458 	size_t rlen;
3459 	struct ft_rrb_frame *frame;
3460 	u8 *pos;
3461 
3462 	wpa_printf(MSG_DEBUG, "FT: RRB authentication response: STA=" MACSTR
3463 		   " CurrentAP=" MACSTR " status=%u (%s)",
3464 		   MAC2STR(sm->addr), MAC2STR(current_ap), status,
3465 		   status2str(status));
3466 	wpa_hexdump(MSG_DEBUG, "FT: Response IEs", resp_ies, resp_ies_len);
3467 
3468 	/* RRB - Forward action frame response to the Current AP */
3469 
3470 	/*
3471 	 * data: Category[1] Action[1] STA_Address[6] Target_AP_Address[6]
3472 	 * Status_Code[2] FT Request action frame body[variable]
3473 	 */
3474 	rlen = 2 + 2 * ETH_ALEN + 2 + resp_ies_len;
3475 
3476 	frame = os_malloc(sizeof(*frame) + rlen);
3477 	if (frame == NULL)
3478 		return -1;
3479 	frame->frame_type = RSN_REMOTE_FRAME_TYPE_FT_RRB;
3480 	frame->packet_type = FT_PACKET_RESPONSE;
3481 	frame->action_length = host_to_le16(rlen);
3482 	os_memcpy(frame->ap_address, wpa_auth->addr, ETH_ALEN);
3483 	pos = (u8 *) (frame + 1);
3484 	*pos++ = WLAN_ACTION_FT;
3485 	*pos++ = 2; /* Action: Response */
3486 	os_memcpy(pos, sta_addr, ETH_ALEN);
3487 	pos += ETH_ALEN;
3488 	os_memcpy(pos, wpa_auth->addr, ETH_ALEN);
3489 	pos += ETH_ALEN;
3490 	WPA_PUT_LE16(pos, status);
3491 	pos += 2;
3492 	if (resp_ies)
3493 		os_memcpy(pos, resp_ies, resp_ies_len);
3494 
3495 	wpa_ft_rrb_send(wpa_auth, current_ap, (u8 *) frame,
3496 			sizeof(*frame) + rlen);
3497 	os_free(frame);
3498 
3499 	return 0;
3500 }
3501 
3502 
3503 static int wpa_ft_rrb_build_r0(const u8 *key, const size_t key_len,
3504 			       const struct tlv_list *tlvs,
3505 			       const struct wpa_ft_pmk_r0_sa *pmk_r0,
3506 			       const u8 *r1kh_id, const u8 *s1kh_id,
3507 			       const struct tlv_list *tlv_auth,
3508 			       const u8 *src_addr, u8 type,
3509 			       u8 **packet, size_t *packet_len)
3510 {
3511 	u8 pmk_r1[PMK_LEN_MAX];
3512 	size_t pmk_r1_len = pmk_r0->pmk_r0_len;
3513 	u8 pmk_r1_name[WPA_PMK_NAME_LEN];
3514 	u8 f_pairwise[sizeof(le16)];
3515 	u8 f_expires_in[sizeof(le16)];
3516 	u8 f_session_timeout[sizeof(le32)];
3517 	int expires_in;
3518 	int session_timeout;
3519 	struct os_reltime now;
3520 	int ret;
3521 	struct tlv_list sess_tlv[] = {
3522 		{ .type = FT_RRB_PMK_R1, .len = pmk_r1_len,
3523 		  .data = pmk_r1 },
3524 		{ .type = FT_RRB_PMK_R1_NAME, .len = sizeof(pmk_r1_name),
3525 		  .data = pmk_r1_name },
3526 		{ .type = FT_RRB_PAIRWISE, .len = sizeof(f_pairwise),
3527 		  .data = f_pairwise },
3528 		{ .type = FT_RRB_EXPIRES_IN, .len = sizeof(f_expires_in),
3529 		  .data = f_expires_in },
3530 		{ .type = FT_RRB_IDENTITY, .len = pmk_r0->identity_len,
3531 		  .data = pmk_r0->identity },
3532 		{ .type = FT_RRB_RADIUS_CUI, .len = pmk_r0->radius_cui_len,
3533 		  .data = pmk_r0->radius_cui },
3534 		{ .type = FT_RRB_SESSION_TIMEOUT,
3535 		  .len = sizeof(f_session_timeout),
3536 		  .data = f_session_timeout },
3537 		{ .type = FT_RRB_LAST_EMPTY, .len = 0, .data = NULL },
3538 	};
3539 
3540 	if (wpa_derive_pmk_r1(pmk_r0->pmk_r0, pmk_r0->pmk_r0_len,
3541 			      pmk_r0->pmk_r0_name, r1kh_id,
3542 			      s1kh_id, pmk_r1, pmk_r1_name) < 0)
3543 		return -1;
3544 	wpa_hexdump_key(MSG_DEBUG, "FT: PMK-R1 (for peer AP)",
3545 			pmk_r1, pmk_r1_len);
3546 	wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name (for peer AP)",
3547 		    pmk_r1_name, WPA_PMK_NAME_LEN);
3548 	WPA_PUT_LE16(f_pairwise, pmk_r0->pairwise);
3549 
3550 	os_get_reltime(&now);
3551 	if (pmk_r0->expiration > now.sec)
3552 		expires_in = pmk_r0->expiration - now.sec;
3553 	else if (pmk_r0->expiration)
3554 		expires_in = 1;
3555 	else
3556 		expires_in = 0;
3557 	WPA_PUT_LE16(f_expires_in, expires_in);
3558 
3559 	if (pmk_r0->session_timeout > now.sec)
3560 		session_timeout = pmk_r0->session_timeout - now.sec;
3561 	else if (pmk_r0->session_timeout)
3562 		session_timeout = 1;
3563 	else
3564 		session_timeout = 0;
3565 	WPA_PUT_LE32(f_session_timeout, session_timeout);
3566 
3567 	ret = wpa_ft_rrb_build(key, key_len, tlvs, sess_tlv, tlv_auth,
3568 			       pmk_r0->vlan, src_addr, type,
3569 			       packet, packet_len);
3570 
3571 	forced_memzero(pmk_r1, sizeof(pmk_r1));
3572 
3573 	return ret;
3574 }
3575 
3576 
3577 static int wpa_ft_rrb_rx_pull(struct wpa_authenticator *wpa_auth,
3578 			      const u8 *src_addr,
3579 			      const u8 *enc, size_t enc_len,
3580 			      const u8 *auth, size_t auth_len,
3581 			      int no_defer)
3582 {
3583 	const char *msgtype = "pull request";
3584 	u8 *plain = NULL, *packet = NULL;
3585 	size_t plain_len = 0, packet_len = 0;
3586 	struct ft_remote_r1kh *r1kh, *r1kh_wildcard;
3587 	const u8 *key;
3588 	size_t key_len;
3589 	int seq_ret;
3590 	const u8 *f_nonce, *f_r0kh_id, *f_r1kh_id, *f_s1kh_id, *f_pmk_r0_name;
3591 	size_t f_nonce_len, f_r0kh_id_len, f_r1kh_id_len, f_s1kh_id_len;
3592 	size_t f_pmk_r0_name_len;
3593 	const struct wpa_ft_pmk_r0_sa *r0;
3594 	int ret;
3595 	struct tlv_list resp[2];
3596 	struct tlv_list resp_auth[5];
3597 	struct ft_rrb_seq f_seq;
3598 
3599 	wpa_printf(MSG_DEBUG, "FT: Received PMK-R1 pull");
3600 
3601 	RRB_GET_AUTH(FT_RRB_R0KH_ID, r0kh_id, msgtype, -1);
3602 	wpa_hexdump(MSG_DEBUG, "FT: R0KH-ID", f_r0kh_id, f_r0kh_id_len);
3603 
3604 	if (wpa_ft_rrb_check_r0kh(wpa_auth, f_r0kh_id, f_r0kh_id_len)) {
3605 		wpa_printf(MSG_DEBUG, "FT: R0KH-ID mismatch");
3606 		goto out;
3607 	}
3608 
3609 	RRB_GET_AUTH(FT_RRB_R1KH_ID, r1kh_id, msgtype, FT_R1KH_ID_LEN);
3610 	wpa_printf(MSG_DEBUG, "FT: R1KH-ID=" MACSTR, MAC2STR(f_r1kh_id));
3611 
3612 	wpa_ft_rrb_lookup_r1kh(wpa_auth, f_r1kh_id, &r1kh, &r1kh_wildcard);
3613 	if (r1kh) {
3614 		key = r1kh->key;
3615 		key_len = sizeof(r1kh->key);
3616 	} else if (r1kh_wildcard) {
3617 		wpa_printf(MSG_DEBUG, "FT: Using wildcard R1KH-ID");
3618 		key = r1kh_wildcard->key;
3619 		key_len = sizeof(r1kh_wildcard->key);
3620 	} else {
3621 		goto out;
3622 	}
3623 
3624 	RRB_GET_AUTH(FT_RRB_NONCE, nonce, "pull request", FT_RRB_NONCE_LEN);
3625 	wpa_hexdump(MSG_DEBUG, "FT: nonce", f_nonce, f_nonce_len);
3626 
3627 	seq_ret = FT_RRB_SEQ_DROP;
3628 	if (r1kh)
3629 		seq_ret = wpa_ft_rrb_seq_chk(r1kh->seq, src_addr, enc, enc_len,
3630 					     auth, auth_len, msgtype, no_defer);
3631 	if (!no_defer && r1kh_wildcard &&
3632 	    (!r1kh || os_memcmp(r1kh->addr, src_addr, ETH_ALEN) != 0)) {
3633 		/* wildcard: r1kh-id unknown or changed addr -> do a seq req */
3634 		seq_ret = FT_RRB_SEQ_DEFER;
3635 	}
3636 
3637 	if (seq_ret == FT_RRB_SEQ_DROP)
3638 		goto out;
3639 
3640 	if (wpa_ft_rrb_decrypt(key, key_len, enc, enc_len, auth, auth_len,
3641 			       src_addr, FT_PACKET_R0KH_R1KH_PULL,
3642 			       &plain, &plain_len) < 0)
3643 		goto out;
3644 
3645 	if (!r1kh)
3646 		r1kh = wpa_ft_rrb_add_r1kh(wpa_auth, r1kh_wildcard, src_addr,
3647 					   f_r1kh_id,
3648 					   wpa_auth->conf.rkh_pos_timeout);
3649 	if (!r1kh)
3650 		goto out;
3651 
3652 	if (seq_ret == FT_RRB_SEQ_DEFER) {
3653 		wpa_ft_rrb_seq_req(wpa_auth, r1kh->seq, src_addr, f_r0kh_id,
3654 				   f_r0kh_id_len, f_r1kh_id, key, key_len,
3655 				   enc, enc_len, auth, auth_len,
3656 				   &wpa_ft_rrb_rx_pull);
3657 		goto out;
3658 	}
3659 
3660 	wpa_ft_rrb_seq_accept(wpa_auth, r1kh->seq, src_addr, auth, auth_len,
3661 			      msgtype);
3662 	wpa_ft_rrb_r1kh_replenish(wpa_auth, r1kh,
3663 				  wpa_auth->conf.rkh_pos_timeout);
3664 
3665 	RRB_GET(FT_RRB_PMK_R0_NAME, pmk_r0_name, msgtype, WPA_PMK_NAME_LEN);
3666 	wpa_hexdump(MSG_DEBUG, "FT: PMKR0Name", f_pmk_r0_name,
3667 		    f_pmk_r0_name_len);
3668 
3669 	RRB_GET(FT_RRB_S1KH_ID, s1kh_id, msgtype, ETH_ALEN);
3670 	wpa_printf(MSG_DEBUG, "FT: S1KH-ID=" MACSTR, MAC2STR(f_s1kh_id));
3671 
3672 	if (wpa_ft_new_seq(r1kh->seq, &f_seq) < 0) {
3673 		wpa_printf(MSG_DEBUG, "FT: Failed to get seq num");
3674 		goto out;
3675 	}
3676 
3677 	resp[0].type = FT_RRB_S1KH_ID;
3678 	resp[0].len = f_s1kh_id_len;
3679 	resp[0].data = f_s1kh_id;
3680 	resp[1].type = FT_RRB_LAST_EMPTY;
3681 	resp[1].len = 0;
3682 	resp[1].data = NULL;
3683 
3684 	resp_auth[0].type = FT_RRB_NONCE;
3685 	resp_auth[0].len = f_nonce_len;
3686 	resp_auth[0].data = f_nonce;
3687 	resp_auth[1].type = FT_RRB_SEQ;
3688 	resp_auth[1].len = sizeof(f_seq);
3689 	resp_auth[1].data = (u8 *) &f_seq;
3690 	resp_auth[2].type = FT_RRB_R0KH_ID;
3691 	resp_auth[2].len = f_r0kh_id_len;
3692 	resp_auth[2].data = f_r0kh_id;
3693 	resp_auth[3].type = FT_RRB_R1KH_ID;
3694 	resp_auth[3].len = f_r1kh_id_len;
3695 	resp_auth[3].data = f_r1kh_id;
3696 	resp_auth[4].type = FT_RRB_LAST_EMPTY;
3697 	resp_auth[4].len = 0;
3698 	resp_auth[4].data = NULL;
3699 
3700 	if (wpa_ft_fetch_pmk_r0(wpa_auth, f_s1kh_id, f_pmk_r0_name, &r0) < 0) {
3701 		wpa_printf(MSG_DEBUG, "FT: No matching PMK-R0-Name found");
3702 		ret = wpa_ft_rrb_build(key, key_len, resp, NULL, resp_auth,
3703 				       NULL, wpa_auth->addr,
3704 				       FT_PACKET_R0KH_R1KH_RESP,
3705 				       &packet, &packet_len);
3706 	} else {
3707 		ret = wpa_ft_rrb_build_r0(key, key_len, resp, r0, f_r1kh_id,
3708 					  f_s1kh_id, resp_auth, wpa_auth->addr,
3709 					  FT_PACKET_R0KH_R1KH_RESP,
3710 					  &packet, &packet_len);
3711 	}
3712 
3713 	if (!ret)
3714 		wpa_ft_rrb_oui_send(wpa_auth, src_addr,
3715 				    FT_PACKET_R0KH_R1KH_RESP, packet,
3716 				    packet_len);
3717 
3718 out:
3719 	os_free(plain);
3720 	os_free(packet);
3721 
3722 	return 0;
3723 }
3724 
3725 
3726 /* @returns  0 on success
3727  *          -1 on error
3728  *          -2 if FR_RRB_PAIRWISE is missing
3729  */
3730 static int wpa_ft_rrb_rx_r1(struct wpa_authenticator *wpa_auth,
3731 			    const u8 *src_addr, u8 type,
3732 			    const u8 *enc, size_t enc_len,
3733 			    const u8 *auth, size_t auth_len,
3734 			    const char *msgtype, u8 *s1kh_id_out,
3735 			    int (*cb)(struct wpa_authenticator *wpa_auth,
3736 				      const u8 *src_addr,
3737 				      const u8 *enc, size_t enc_len,
3738 				      const u8 *auth, size_t auth_len,
3739 				      int no_defer))
3740 {
3741 	u8 *plain = NULL;
3742 	size_t plain_len = 0;
3743 	struct ft_remote_r0kh *r0kh, *r0kh_wildcard;
3744 	const u8 *key;
3745 	size_t key_len;
3746 	int seq_ret;
3747 	const u8 *f_r1kh_id, *f_s1kh_id, *f_r0kh_id;
3748 	const u8 *f_pmk_r1_name, *f_pairwise, *f_pmk_r1;
3749 	const u8 *f_expires_in;
3750 	size_t f_r1kh_id_len, f_s1kh_id_len, f_r0kh_id_len;
3751 	const u8 *f_identity, *f_radius_cui;
3752 	const u8 *f_session_timeout;
3753 	size_t f_pmk_r1_name_len, f_pairwise_len, f_pmk_r1_len;
3754 	size_t f_expires_in_len;
3755 	size_t f_identity_len, f_radius_cui_len;
3756 	size_t f_session_timeout_len;
3757 	int pairwise;
3758 	int ret = -1;
3759 	int expires_in;
3760 	int session_timeout;
3761 	struct vlan_description vlan;
3762 	size_t pmk_r1_len;
3763 
3764 	RRB_GET_AUTH(FT_RRB_R0KH_ID, r0kh_id, msgtype, -1);
3765 	wpa_hexdump(MSG_DEBUG, "FT: R0KH-ID", f_r0kh_id, f_r0kh_id_len);
3766 
3767 	RRB_GET_AUTH(FT_RRB_R1KH_ID, r1kh_id, msgtype, FT_R1KH_ID_LEN);
3768 	wpa_printf(MSG_DEBUG, "FT: R1KH-ID=" MACSTR, MAC2STR(f_r1kh_id));
3769 
3770 	if (wpa_ft_rrb_check_r1kh(wpa_auth, f_r1kh_id)) {
3771 		wpa_printf(MSG_DEBUG, "FT: R1KH-ID mismatch");
3772 		goto out;
3773 	}
3774 
3775 	wpa_ft_rrb_lookup_r0kh(wpa_auth, f_r0kh_id, f_r0kh_id_len, &r0kh,
3776 			       &r0kh_wildcard);
3777 	if (r0kh) {
3778 		key = r0kh->key;
3779 		key_len = sizeof(r0kh->key);
3780 	} else if (r0kh_wildcard) {
3781 		wpa_printf(MSG_DEBUG, "FT: Using wildcard R0KH-ID");
3782 		key = r0kh_wildcard->key;
3783 		key_len = sizeof(r0kh_wildcard->key);
3784 	} else {
3785 		goto out;
3786 	}
3787 
3788 	seq_ret = FT_RRB_SEQ_DROP;
3789 	if (r0kh) {
3790 		seq_ret = wpa_ft_rrb_seq_chk(r0kh->seq, src_addr, enc, enc_len,
3791 					     auth, auth_len, msgtype,
3792 					     cb ? 0 : 1);
3793 	}
3794 	if (cb && r0kh_wildcard &&
3795 	    (!r0kh || os_memcmp(r0kh->addr, src_addr, ETH_ALEN) != 0)) {
3796 		/* wildcard: r0kh-id unknown or changed addr -> do a seq req */
3797 		seq_ret = FT_RRB_SEQ_DEFER;
3798 	}
3799 
3800 	if (seq_ret == FT_RRB_SEQ_DROP)
3801 		goto out;
3802 
3803 	if (wpa_ft_rrb_decrypt(key, key_len, enc, enc_len, auth, auth_len,
3804 			       src_addr, type, &plain, &plain_len) < 0)
3805 		goto out;
3806 
3807 	if (!r0kh)
3808 		r0kh = wpa_ft_rrb_add_r0kh(wpa_auth, r0kh_wildcard, src_addr,
3809 					   f_r0kh_id, f_r0kh_id_len,
3810 					   wpa_auth->conf.rkh_pos_timeout);
3811 	if (!r0kh)
3812 		goto out;
3813 
3814 	if (seq_ret == FT_RRB_SEQ_DEFER) {
3815 		wpa_ft_rrb_seq_req(wpa_auth, r0kh->seq, src_addr, f_r0kh_id,
3816 				   f_r0kh_id_len, f_r1kh_id, key, key_len,
3817 				   enc, enc_len, auth, auth_len, cb);
3818 		goto out;
3819 	}
3820 
3821 	wpa_ft_rrb_seq_accept(wpa_auth, r0kh->seq, src_addr, auth, auth_len,
3822 			      msgtype);
3823 	wpa_ft_rrb_r0kh_replenish(wpa_auth, r0kh,
3824 				  wpa_auth->conf.rkh_pos_timeout);
3825 
3826 	RRB_GET(FT_RRB_S1KH_ID, s1kh_id, msgtype, ETH_ALEN);
3827 	wpa_printf(MSG_DEBUG, "FT: S1KH-ID=" MACSTR, MAC2STR(f_s1kh_id));
3828 
3829 	if (s1kh_id_out)
3830 		os_memcpy(s1kh_id_out, f_s1kh_id, ETH_ALEN);
3831 
3832 	ret = -2;
3833 	RRB_GET(FT_RRB_PAIRWISE, pairwise, msgtype, sizeof(le16));
3834 	wpa_hexdump(MSG_DEBUG, "FT: pairwise", f_pairwise, f_pairwise_len);
3835 
3836 	ret = -1;
3837 	RRB_GET(FT_RRB_PMK_R1_NAME, pmk_r1_name, msgtype, WPA_PMK_NAME_LEN);
3838 	wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name",
3839 		    f_pmk_r1_name, WPA_PMK_NAME_LEN);
3840 
3841 	pmk_r1_len = PMK_LEN;
3842 	if (wpa_ft_rrb_get_tlv(plain, plain_len, FT_RRB_PMK_R1, &f_pmk_r1_len,
3843 			       &f_pmk_r1) == 0 &&
3844 	    (f_pmk_r1_len == PMK_LEN || f_pmk_r1_len == SHA384_MAC_LEN))
3845 		pmk_r1_len = f_pmk_r1_len;
3846 	RRB_GET(FT_RRB_PMK_R1, pmk_r1, msgtype, pmk_r1_len);
3847 	wpa_hexdump_key(MSG_DEBUG, "FT: PMK-R1", f_pmk_r1, pmk_r1_len);
3848 
3849 	pairwise = WPA_GET_LE16(f_pairwise);
3850 
3851 	RRB_GET_OPTIONAL(FT_RRB_EXPIRES_IN, expires_in, msgtype,
3852 			 sizeof(le16));
3853 	if (f_expires_in)
3854 		expires_in = WPA_GET_LE16(f_expires_in);
3855 	else
3856 		expires_in = 0;
3857 
3858 	wpa_printf(MSG_DEBUG, "FT: PMK-R1 %s - expires_in=%d", msgtype,
3859 		   expires_in);
3860 
3861 	if (wpa_ft_rrb_get_tlv_vlan(plain, plain_len, &vlan) < 0) {
3862 		wpa_printf(MSG_DEBUG, "FT: Cannot parse vlan");
3863 		wpa_ft_rrb_dump(plain, plain_len);
3864 		goto out;
3865 	}
3866 
3867 	wpa_printf(MSG_DEBUG, "FT: vlan %d%s",
3868 		   le_to_host16(vlan.untagged), vlan.tagged[0] ? "+" : "");
3869 
3870 	RRB_GET_OPTIONAL(FT_RRB_IDENTITY, identity, msgtype, -1);
3871 	if (f_identity)
3872 		wpa_hexdump_ascii(MSG_DEBUG, "FT: Identity", f_identity,
3873 				  f_identity_len);
3874 
3875 	RRB_GET_OPTIONAL(FT_RRB_RADIUS_CUI, radius_cui, msgtype, -1);
3876 	if (f_radius_cui)
3877 		wpa_hexdump_ascii(MSG_DEBUG, "FT: CUI", f_radius_cui,
3878 				  f_radius_cui_len);
3879 
3880 	RRB_GET_OPTIONAL(FT_RRB_SESSION_TIMEOUT, session_timeout, msgtype,
3881 			 sizeof(le32));
3882 	if (f_session_timeout)
3883 		session_timeout = WPA_GET_LE32(f_session_timeout);
3884 	else
3885 		session_timeout = 0;
3886 	wpa_printf(MSG_DEBUG, "FT: session_timeout %d", session_timeout);
3887 
3888 	if (wpa_ft_store_pmk_r1(wpa_auth, f_s1kh_id, f_pmk_r1, pmk_r1_len,
3889 				f_pmk_r1_name,
3890 				pairwise, &vlan, expires_in, session_timeout,
3891 				f_identity, f_identity_len, f_radius_cui,
3892 				f_radius_cui_len) < 0)
3893 		goto out;
3894 
3895 	ret = 0;
3896 out:
3897 	bin_clear_free(plain, plain_len);
3898 
3899 	return ret;
3900 
3901 }
3902 
3903 
3904 static void ft_finish_pull(struct wpa_state_machine *sm)
3905 {
3906 	int res;
3907 	u8 *resp_ies;
3908 	size_t resp_ies_len;
3909 	u16 status;
3910 
3911 	if (!sm->ft_pending_cb || !sm->ft_pending_req_ies)
3912 		return;
3913 
3914 	res = wpa_ft_process_auth_req(sm, wpabuf_head(sm->ft_pending_req_ies),
3915 				      wpabuf_len(sm->ft_pending_req_ies),
3916 				      &resp_ies, &resp_ies_len);
3917 	if (res < 0) {
3918 		/* this loop is broken by ft_pending_pull_left_retries */
3919 		wpa_printf(MSG_DEBUG,
3920 			   "FT: Callback postponed until response is available");
3921 		return;
3922 	}
3923 	wpabuf_free(sm->ft_pending_req_ies);
3924 	sm->ft_pending_req_ies = NULL;
3925 	status = res;
3926 	wpa_printf(MSG_DEBUG, "FT: Postponed auth callback result for " MACSTR
3927 		   " - status %u", MAC2STR(sm->addr), status);
3928 
3929 	sm->ft_pending_cb(sm->ft_pending_cb_ctx, sm->addr, sm->wpa_auth->addr,
3930 			  sm->ft_pending_auth_transaction + 1, status,
3931 			  resp_ies, resp_ies_len);
3932 	os_free(resp_ies);
3933 }
3934 
3935 
3936 struct ft_get_sta_ctx {
3937 	const u8 *nonce;
3938 	const u8 *s1kh_id;
3939 	struct wpa_state_machine *sm;
3940 };
3941 
3942 
3943 static int ft_get_sta_cb(struct wpa_state_machine *sm, void *ctx)
3944 {
3945 	struct ft_get_sta_ctx *info = ctx;
3946 
3947 	if ((info->s1kh_id &&
3948 	     os_memcmp(info->s1kh_id, sm->addr, ETH_ALEN) != 0) ||
3949 	    os_memcmp(info->nonce, sm->ft_pending_pull_nonce,
3950 		      FT_RRB_NONCE_LEN) != 0 ||
3951 	    sm->ft_pending_cb == NULL || sm->ft_pending_req_ies == NULL)
3952 		return 0;
3953 
3954 	info->sm = sm;
3955 
3956 	return 1;
3957 }
3958 
3959 
3960 static int wpa_ft_rrb_rx_resp(struct wpa_authenticator *wpa_auth,
3961 			      const u8 *src_addr,
3962 			      const u8 *enc, size_t enc_len,
3963 			      const u8 *auth, size_t auth_len,
3964 			      int no_defer)
3965 {
3966 	const char *msgtype = "pull response";
3967 	int nak, ret = -1;
3968 	struct ft_get_sta_ctx ctx;
3969 	u8 s1kh_id[ETH_ALEN];
3970 	const u8 *f_nonce;
3971 	size_t f_nonce_len;
3972 
3973 	wpa_printf(MSG_DEBUG, "FT: Received PMK-R1 pull response");
3974 
3975 	RRB_GET_AUTH(FT_RRB_NONCE, nonce, msgtype, FT_RRB_NONCE_LEN);
3976 	wpa_hexdump(MSG_DEBUG, "FT: nonce", f_nonce, f_nonce_len);
3977 
3978 	os_memset(&ctx, 0, sizeof(ctx));
3979 	ctx.nonce = f_nonce;
3980 	if (!wpa_auth_for_each_sta(wpa_auth, ft_get_sta_cb, &ctx)) {
3981 		/* nonce not found */
3982 		wpa_printf(MSG_DEBUG, "FT: Invalid nonce");
3983 		return -1;
3984 	}
3985 
3986 	ret = wpa_ft_rrb_rx_r1(wpa_auth, src_addr, FT_PACKET_R0KH_R1KH_RESP,
3987 			       enc, enc_len, auth, auth_len, msgtype, s1kh_id,
3988 			       no_defer ? NULL : &wpa_ft_rrb_rx_resp);
3989 	if (ret == -2) {
3990 		ret = 0;
3991 		nak = 1;
3992 	} else {
3993 		nak = 0;
3994 	}
3995 	if (ret < 0)
3996 		return -1;
3997 
3998 	ctx.s1kh_id = s1kh_id;
3999 	if (wpa_auth_for_each_sta(wpa_auth, ft_get_sta_cb, &ctx)) {
4000 		wpa_printf(MSG_DEBUG,
4001 			   "FT: Response to a pending pull request for " MACSTR,
4002 			   MAC2STR(ctx.sm->addr));
4003 		eloop_cancel_timeout(wpa_ft_expire_pull, ctx.sm, NULL);
4004 		if (nak)
4005 			ctx.sm->ft_pending_pull_left_retries = 0;
4006 		ft_finish_pull(ctx.sm);
4007 	}
4008 
4009 out:
4010 	return ret;
4011 }
4012 
4013 
4014 static int wpa_ft_rrb_rx_push(struct wpa_authenticator *wpa_auth,
4015 			      const u8 *src_addr,
4016 			      const u8 *enc, size_t enc_len,
4017 			      const u8 *auth, size_t auth_len, int no_defer)
4018 {
4019 	const char *msgtype = "push";
4020 
4021 	wpa_printf(MSG_DEBUG, "FT: Received PMK-R1 push");
4022 
4023 	if (wpa_ft_rrb_rx_r1(wpa_auth, src_addr, FT_PACKET_R0KH_R1KH_PUSH,
4024 			     enc, enc_len, auth, auth_len, msgtype, NULL,
4025 			     no_defer ? NULL : wpa_ft_rrb_rx_push) < 0)
4026 		return -1;
4027 
4028 	return 0;
4029 }
4030 
4031 
4032 static int wpa_ft_rrb_rx_seq(struct wpa_authenticator *wpa_auth,
4033 			     const u8 *src_addr, int type,
4034 			     const u8 *enc, size_t enc_len,
4035 			     const u8 *auth, size_t auth_len,
4036 			     struct ft_remote_seq **rkh_seq,
4037 			     u8 **key, size_t *key_len,
4038 			     struct ft_remote_r0kh **r0kh_out,
4039 			     struct ft_remote_r1kh **r1kh_out,
4040 			     struct ft_remote_r0kh **r0kh_wildcard_out,
4041 			     struct ft_remote_r1kh **r1kh_wildcard_out)
4042 {
4043 	struct ft_remote_r0kh *r0kh = NULL;
4044 	struct ft_remote_r1kh *r1kh = NULL;
4045 	const u8 *f_r0kh_id, *f_r1kh_id;
4046 	size_t f_r0kh_id_len, f_r1kh_id_len;
4047 	int to_r0kh, to_r1kh;
4048 	u8 *plain = NULL;
4049 	size_t plain_len = 0;
4050 	struct ft_remote_r0kh *r0kh_wildcard;
4051 	struct ft_remote_r1kh *r1kh_wildcard;
4052 
4053 	RRB_GET_AUTH(FT_RRB_R0KH_ID, r0kh_id, "seq", -1);
4054 	RRB_GET_AUTH(FT_RRB_R1KH_ID, r1kh_id, "seq", FT_R1KH_ID_LEN);
4055 
4056 	to_r0kh = !wpa_ft_rrb_check_r0kh(wpa_auth, f_r0kh_id, f_r0kh_id_len);
4057 	to_r1kh = !wpa_ft_rrb_check_r1kh(wpa_auth, f_r1kh_id);
4058 
4059 	if (to_r0kh && to_r1kh) {
4060 		wpa_printf(MSG_DEBUG, "FT: seq - local R0KH-ID and R1KH-ID");
4061 		goto out;
4062 	}
4063 
4064 	if (!to_r0kh && !to_r1kh) {
4065 		wpa_printf(MSG_DEBUG, "FT: seq - remote R0KH-ID and R1KH-ID");
4066 		goto out;
4067 	}
4068 
4069 	if (!to_r0kh) {
4070 		wpa_ft_rrb_lookup_r0kh(wpa_auth, f_r0kh_id, f_r0kh_id_len,
4071 				       &r0kh, &r0kh_wildcard);
4072 		if (!r0kh_wildcard &&
4073 		    (!r0kh || os_memcmp(r0kh->addr, src_addr, ETH_ALEN) != 0)) {
4074 			wpa_hexdump(MSG_DEBUG, "FT: Did not find R0KH-ID",
4075 				    f_r0kh_id, f_r0kh_id_len);
4076 			goto out;
4077 		}
4078 		if (r0kh) {
4079 			*key = r0kh->key;
4080 			*key_len = sizeof(r0kh->key);
4081 		} else {
4082 			*key = r0kh_wildcard->key;
4083 			*key_len = sizeof(r0kh_wildcard->key);
4084 		}
4085 	}
4086 
4087 	if (!to_r1kh) {
4088 		wpa_ft_rrb_lookup_r1kh(wpa_auth, f_r1kh_id, &r1kh,
4089 				       &r1kh_wildcard);
4090 		if (!r1kh_wildcard &&
4091 		    (!r1kh || os_memcmp(r1kh->addr, src_addr, ETH_ALEN) != 0)) {
4092 			wpa_hexdump(MSG_DEBUG, "FT: Did not find R1KH-ID",
4093 				    f_r1kh_id, FT_R1KH_ID_LEN);
4094 			goto out;
4095 		}
4096 		if (r1kh) {
4097 			*key = r1kh->key;
4098 			*key_len = sizeof(r1kh->key);
4099 		} else {
4100 			*key = r1kh_wildcard->key;
4101 			*key_len = sizeof(r1kh_wildcard->key);
4102 		}
4103 	}
4104 
4105 	if (wpa_ft_rrb_decrypt(*key, *key_len, enc, enc_len, auth, auth_len,
4106 			       src_addr, type, &plain, &plain_len) < 0)
4107 		goto out;
4108 
4109 	os_free(plain);
4110 
4111 	if (!to_r0kh) {
4112 		if (!r0kh)
4113 			r0kh = wpa_ft_rrb_add_r0kh(wpa_auth, r0kh_wildcard,
4114 						   src_addr, f_r0kh_id,
4115 						   f_r0kh_id_len,
4116 						   ftRRBseqTimeout);
4117 		if (!r0kh)
4118 			goto out;
4119 
4120 		wpa_ft_rrb_r0kh_replenish(wpa_auth, r0kh, ftRRBseqTimeout);
4121 		*rkh_seq = r0kh->seq;
4122 		if (r0kh_out)
4123 			*r0kh_out = r0kh;
4124 		if (r0kh_wildcard_out)
4125 			*r0kh_wildcard_out = r0kh_wildcard;
4126 	}
4127 
4128 	if (!to_r1kh) {
4129 		if (!r1kh)
4130 			r1kh = wpa_ft_rrb_add_r1kh(wpa_auth, r1kh_wildcard,
4131 						   src_addr, f_r1kh_id,
4132 						   ftRRBseqTimeout);
4133 		if (!r1kh)
4134 			goto out;
4135 
4136 		wpa_ft_rrb_r1kh_replenish(wpa_auth, r1kh, ftRRBseqTimeout);
4137 		*rkh_seq = r1kh->seq;
4138 		if (r1kh_out)
4139 			*r1kh_out = r1kh;
4140 		if (r1kh_wildcard_out)
4141 			*r1kh_wildcard_out = r1kh_wildcard;
4142 	}
4143 
4144 	return 0;
4145 out:
4146 	return -1;
4147 }
4148 
4149 
4150 static int wpa_ft_rrb_rx_seq_req(struct wpa_authenticator *wpa_auth,
4151 				 const u8 *src_addr,
4152 				 const u8 *enc, size_t enc_len,
4153 				 const u8 *auth, size_t auth_len,
4154 				 int no_defer)
4155 {
4156 	int ret = -1;
4157 	struct ft_rrb_seq f_seq;
4158 	const u8 *f_nonce, *f_r0kh_id, *f_r1kh_id;
4159 	size_t f_nonce_len, f_r0kh_id_len, f_r1kh_id_len;
4160 	struct ft_remote_seq *rkh_seq = NULL;
4161 	u8 *packet = NULL, *key = NULL;
4162 	size_t packet_len = 0, key_len = 0;
4163 	struct tlv_list seq_resp_auth[5];
4164 
4165 	wpa_printf(MSG_DEBUG, "FT: Received sequence number request");
4166 
4167 	if (wpa_ft_rrb_rx_seq(wpa_auth, src_addr, FT_PACKET_R0KH_R1KH_SEQ_REQ,
4168 			      enc, enc_len, auth, auth_len, &rkh_seq, &key,
4169 			      &key_len, NULL, NULL, NULL, NULL) < 0)
4170 		goto out;
4171 
4172 	RRB_GET_AUTH(FT_RRB_NONCE, nonce, "seq request", FT_RRB_NONCE_LEN);
4173 	wpa_hexdump(MSG_DEBUG, "FT: seq request - nonce", f_nonce, f_nonce_len);
4174 
4175 	RRB_GET_AUTH(FT_RRB_R0KH_ID, r0kh_id, "seq", -1);
4176 	RRB_GET_AUTH(FT_RRB_R1KH_ID, r1kh_id, "seq", FT_R1KH_ID_LEN);
4177 
4178 	if (wpa_ft_new_seq(rkh_seq, &f_seq) < 0) {
4179 		wpa_printf(MSG_DEBUG, "FT: Failed to get seq num");
4180 		goto out;
4181 	}
4182 
4183 	seq_resp_auth[0].type = FT_RRB_NONCE;
4184 	seq_resp_auth[0].len = f_nonce_len;
4185 	seq_resp_auth[0].data = f_nonce;
4186 	seq_resp_auth[1].type = FT_RRB_SEQ;
4187 	seq_resp_auth[1].len = sizeof(f_seq);
4188 	seq_resp_auth[1].data = (u8 *) &f_seq;
4189 	seq_resp_auth[2].type = FT_RRB_R0KH_ID;
4190 	seq_resp_auth[2].len = f_r0kh_id_len;
4191 	seq_resp_auth[2].data = f_r0kh_id;
4192 	seq_resp_auth[3].type = FT_RRB_R1KH_ID;
4193 	seq_resp_auth[3].len = FT_R1KH_ID_LEN;
4194 	seq_resp_auth[3].data = f_r1kh_id;
4195 	seq_resp_auth[4].type = FT_RRB_LAST_EMPTY;
4196 	seq_resp_auth[4].len = 0;
4197 	seq_resp_auth[4].data = NULL;
4198 
4199 	if (wpa_ft_rrb_build(key, key_len, NULL, NULL, seq_resp_auth, NULL,
4200 			     wpa_auth->addr, FT_PACKET_R0KH_R1KH_SEQ_RESP,
4201 			     &packet, &packet_len) < 0)
4202 		goto out;
4203 
4204 	wpa_ft_rrb_oui_send(wpa_auth, src_addr,
4205 			    FT_PACKET_R0KH_R1KH_SEQ_RESP, packet,
4206 			    packet_len);
4207 
4208 out:
4209 	os_free(packet);
4210 
4211 	return ret;
4212 }
4213 
4214 
4215 static int wpa_ft_rrb_rx_seq_resp(struct wpa_authenticator *wpa_auth,
4216 				  const u8 *src_addr,
4217 				  const u8 *enc, size_t enc_len,
4218 				  const u8 *auth, size_t auth_len,
4219 				  int no_defer)
4220 {
4221 	u8 *key = NULL;
4222 	size_t key_len = 0;
4223 	struct ft_remote_r0kh *r0kh = NULL, *r0kh_wildcard = NULL;
4224 	struct ft_remote_r1kh *r1kh = NULL, *r1kh_wildcard = NULL;
4225 	const u8 *f_nonce, *f_seq;
4226 	size_t f_nonce_len, f_seq_len;
4227 	struct ft_remote_seq *rkh_seq = NULL;
4228 	struct ft_remote_item *item;
4229 	struct os_reltime now, now_remote;
4230 	int seq_ret, found;
4231 	const struct ft_rrb_seq *msg_both;
4232 	u32 msg_dom, msg_seq;
4233 
4234 	wpa_printf(MSG_DEBUG, "FT: Received sequence number response");
4235 
4236 	if (wpa_ft_rrb_rx_seq(wpa_auth, src_addr, FT_PACKET_R0KH_R1KH_SEQ_RESP,
4237 			      enc, enc_len, auth, auth_len, &rkh_seq, &key,
4238 			      &key_len, &r0kh, &r1kh, &r0kh_wildcard,
4239 			      &r1kh_wildcard) < 0)
4240 		goto out;
4241 
4242 	RRB_GET_AUTH(FT_RRB_NONCE, nonce, "seq response", FT_RRB_NONCE_LEN);
4243 	wpa_hexdump(MSG_DEBUG, "FT: seq response - nonce", f_nonce,
4244 		    f_nonce_len);
4245 
4246 	found = 0;
4247 	dl_list_for_each(item, &rkh_seq->rx.queue, struct ft_remote_item,
4248 			 list) {
4249 		if (os_memcmp_const(f_nonce, item->nonce,
4250 				    FT_RRB_NONCE_LEN) != 0 ||
4251 		    os_get_reltime(&now) < 0 ||
4252 		    os_reltime_expired(&now, &item->nonce_ts, ftRRBseqTimeout))
4253 			continue;
4254 
4255 		found = 1;
4256 		break;
4257 	}
4258 	if (!found) {
4259 		wpa_printf(MSG_DEBUG, "FT: seq response - bad nonce");
4260 		goto out;
4261 	}
4262 
4263 	if (r0kh) {
4264 		wpa_ft_rrb_r0kh_replenish(wpa_auth, r0kh,
4265 					  wpa_auth->conf.rkh_pos_timeout);
4266 		if (r0kh_wildcard)
4267 			os_memcpy(r0kh->addr, src_addr, ETH_ALEN);
4268 	}
4269 
4270 	if (r1kh) {
4271 		wpa_ft_rrb_r1kh_replenish(wpa_auth, r1kh,
4272 					  wpa_auth->conf.rkh_pos_timeout);
4273 		if (r1kh_wildcard)
4274 			os_memcpy(r1kh->addr, src_addr, ETH_ALEN);
4275 	}
4276 
4277 	seq_ret = wpa_ft_rrb_seq_chk(rkh_seq, src_addr, enc, enc_len, auth,
4278 				     auth_len, "seq response", 1);
4279 	if (seq_ret == FT_RRB_SEQ_OK) {
4280 		wpa_printf(MSG_DEBUG, "FT: seq response - valid seq number");
4281 		wpa_ft_rrb_seq_accept(wpa_auth, rkh_seq, src_addr, auth,
4282 				      auth_len, "seq response");
4283 	} else {
4284 		wpa_printf(MSG_DEBUG, "FT: seq response - reset seq number");
4285 
4286 		RRB_GET_AUTH(FT_RRB_SEQ, seq, "seq response",
4287 			     sizeof(*msg_both));
4288 		msg_both = (const struct ft_rrb_seq *) f_seq;
4289 
4290 		msg_dom = le_to_host32(msg_both->dom);
4291 		msg_seq = le_to_host32(msg_both->seq);
4292 		now_remote.sec = le_to_host32(msg_both->ts);
4293 		now_remote.usec = 0;
4294 
4295 		rkh_seq->rx.num_last = 2;
4296 		rkh_seq->rx.dom = msg_dom;
4297 		rkh_seq->rx.offsetidx = 0;
4298 		/* Accept some older, possibly cached packets as well */
4299 		rkh_seq->rx.last[0] = msg_seq - FT_REMOTE_SEQ_BACKLOG -
4300 			dl_list_len(&rkh_seq->rx.queue);
4301 		rkh_seq->rx.last[1] = msg_seq;
4302 
4303 		/* local time - offset = remote time
4304 		 * <=> local time - remote time = offset */
4305 		os_reltime_sub(&now, &now_remote, &rkh_seq->rx.time_offset);
4306 	}
4307 
4308 	wpa_ft_rrb_seq_flush(wpa_auth, rkh_seq, 1);
4309 
4310 	return 0;
4311 out:
4312 	return -1;
4313 }
4314 
4315 
4316 int wpa_ft_rrb_rx(struct wpa_authenticator *wpa_auth, const u8 *src_addr,
4317 		  const u8 *data, size_t data_len)
4318 {
4319 	struct ft_rrb_frame *frame;
4320 	u16 alen;
4321 	const u8 *pos, *end, *start;
4322 	u8 action;
4323 	const u8 *sta_addr, *target_ap_addr;
4324 
4325 	wpa_printf(MSG_DEBUG, "FT: RRB received frame from remote AP " MACSTR,
4326 		   MAC2STR(src_addr));
4327 
4328 	if (data_len < sizeof(*frame)) {
4329 		wpa_printf(MSG_DEBUG, "FT: Too short RRB frame (data_len=%lu)",
4330 			   (unsigned long) data_len);
4331 		return -1;
4332 	}
4333 
4334 	pos = data;
4335 	frame = (struct ft_rrb_frame *) pos;
4336 	pos += sizeof(*frame);
4337 
4338 	alen = le_to_host16(frame->action_length);
4339 	wpa_printf(MSG_DEBUG, "FT: RRB frame - frame_type=%d packet_type=%d "
4340 		   "action_length=%d ap_address=" MACSTR,
4341 		   frame->frame_type, frame->packet_type, alen,
4342 		   MAC2STR(frame->ap_address));
4343 
4344 	if (frame->frame_type != RSN_REMOTE_FRAME_TYPE_FT_RRB) {
4345 		/* Discard frame per IEEE Std 802.11r-2008, 11A.10.3 */
4346 		wpa_printf(MSG_DEBUG, "FT: RRB discarded frame with "
4347 			   "unrecognized type %d", frame->frame_type);
4348 		return -1;
4349 	}
4350 
4351 	if (alen > data_len - sizeof(*frame)) {
4352 		wpa_printf(MSG_DEBUG, "FT: RRB frame too short for action "
4353 			   "frame");
4354 		return -1;
4355 	}
4356 
4357 	wpa_hexdump(MSG_MSGDUMP, "FT: RRB - FT Action frame", pos, alen);
4358 
4359 	if (alen < 1 + 1 + 2 * ETH_ALEN) {
4360 		wpa_printf(MSG_DEBUG, "FT: Too short RRB frame (not enough "
4361 			   "room for Action Frame body); alen=%lu",
4362 			   (unsigned long) alen);
4363 		return -1;
4364 	}
4365 	start = pos;
4366 	end = pos + alen;
4367 
4368 	if (*pos != WLAN_ACTION_FT) {
4369 		wpa_printf(MSG_DEBUG, "FT: Unexpected Action frame category "
4370 			   "%d", *pos);
4371 		return -1;
4372 	}
4373 
4374 	pos++;
4375 	action = *pos++;
4376 	sta_addr = pos;
4377 	pos += ETH_ALEN;
4378 	target_ap_addr = pos;
4379 	pos += ETH_ALEN;
4380 	wpa_printf(MSG_DEBUG, "FT: RRB Action Frame: action=%d sta_addr="
4381 		   MACSTR " target_ap_addr=" MACSTR,
4382 		   action, MAC2STR(sta_addr), MAC2STR(target_ap_addr));
4383 
4384 	if (frame->packet_type == FT_PACKET_REQUEST) {
4385 		wpa_printf(MSG_DEBUG, "FT: FT Packet Type - Request");
4386 
4387 		if (action != 1) {
4388 			wpa_printf(MSG_DEBUG, "FT: Unexpected Action %d in "
4389 				   "RRB Request", action);
4390 			return -1;
4391 		}
4392 
4393 		if (os_memcmp(target_ap_addr, wpa_auth->addr, ETH_ALEN) != 0) {
4394 			wpa_printf(MSG_DEBUG, "FT: Target AP address in the "
4395 				   "RRB Request does not match with own "
4396 				   "address");
4397 			return -1;
4398 		}
4399 
4400 		if (wpa_ft_rrb_rx_request(wpa_auth, frame->ap_address,
4401 					  sta_addr, pos, end - pos) < 0)
4402 			return -1;
4403 	} else if (frame->packet_type == FT_PACKET_RESPONSE) {
4404 		u16 status_code;
4405 
4406 		if (end - pos < 2) {
4407 			wpa_printf(MSG_DEBUG, "FT: Not enough room for status "
4408 				   "code in RRB Response");
4409 			return -1;
4410 		}
4411 		status_code = WPA_GET_LE16(pos);
4412 		pos += 2;
4413 
4414 		wpa_printf(MSG_DEBUG, "FT: FT Packet Type - Response "
4415 			   "(status_code=%d)", status_code);
4416 
4417 		if (wpa_ft_action_send(wpa_auth, sta_addr, start, alen) < 0)
4418 			return -1;
4419 	} else {
4420 		wpa_printf(MSG_DEBUG, "FT: RRB discarded frame with unknown "
4421 			   "packet_type %d", frame->packet_type);
4422 		return -1;
4423 	}
4424 
4425 	if (end > pos) {
4426 		wpa_hexdump(MSG_DEBUG, "FT: Ignore extra data in end",
4427 			    pos, end - pos);
4428 	}
4429 
4430 	return 0;
4431 }
4432 
4433 
4434 void wpa_ft_rrb_oui_rx(struct wpa_authenticator *wpa_auth, const u8 *src_addr,
4435 		       const u8 *dst_addr, u8 oui_suffix, const u8 *data,
4436 		       size_t data_len)
4437 {
4438 	const u8 *auth, *enc;
4439 	size_t alen, elen;
4440 	int no_defer = 0;
4441 
4442 	wpa_printf(MSG_DEBUG, "FT: RRB-OUI received frame from remote AP "
4443 		   MACSTR, MAC2STR(src_addr));
4444 	wpa_printf(MSG_DEBUG, "FT: RRB-OUI frame - oui_suffix=%d", oui_suffix);
4445 	wpa_hexdump(MSG_MSGDUMP, "FT: RRB frame payload", data, data_len);
4446 
4447 	if (is_multicast_ether_addr(src_addr)) {
4448 		wpa_printf(MSG_DEBUG,
4449 			   "FT: RRB-OUI received frame from multicast address "
4450 			   MACSTR, MAC2STR(src_addr));
4451 		return;
4452 	}
4453 
4454 	if (is_multicast_ether_addr(dst_addr)) {
4455 		wpa_printf(MSG_DEBUG,
4456 			   "FT: RRB-OUI received frame from remote AP " MACSTR
4457 			   " to multicast address " MACSTR,
4458 			   MAC2STR(src_addr), MAC2STR(dst_addr));
4459 		no_defer = 1;
4460 	}
4461 
4462 	if (data_len < sizeof(u16)) {
4463 		wpa_printf(MSG_DEBUG, "FT: RRB-OUI frame too short");
4464 		return;
4465 	}
4466 
4467 	alen = WPA_GET_LE16(data);
4468 	if (data_len < sizeof(u16) + alen) {
4469 		wpa_printf(MSG_DEBUG, "FT: RRB-OUI frame too short");
4470 		return;
4471 	}
4472 
4473 	auth = data + sizeof(u16);
4474 	wpa_hexdump(MSG_MSGDUMP, "FT: Authenticated payload", auth, alen);
4475 	enc = data + sizeof(u16) + alen;
4476 	elen = data_len - sizeof(u16) - alen;
4477 	wpa_hexdump(MSG_MSGDUMP, "FT: Encrypted payload", enc, elen);
4478 
4479 	switch (oui_suffix) {
4480 	case FT_PACKET_R0KH_R1KH_PULL:
4481 		wpa_ft_rrb_rx_pull(wpa_auth, src_addr, enc, elen, auth, alen,
4482 				   no_defer);
4483 		break;
4484 	case FT_PACKET_R0KH_R1KH_RESP:
4485 		wpa_ft_rrb_rx_resp(wpa_auth, src_addr, enc, elen, auth, alen,
4486 				   no_defer);
4487 		break;
4488 	case FT_PACKET_R0KH_R1KH_PUSH:
4489 		wpa_ft_rrb_rx_push(wpa_auth, src_addr, enc, elen, auth, alen,
4490 				   no_defer);
4491 		break;
4492 	case FT_PACKET_R0KH_R1KH_SEQ_REQ:
4493 		wpa_ft_rrb_rx_seq_req(wpa_auth, src_addr, enc, elen, auth, alen,
4494 				      no_defer);
4495 		break;
4496 	case FT_PACKET_R0KH_R1KH_SEQ_RESP:
4497 		wpa_ft_rrb_rx_seq_resp(wpa_auth, src_addr, enc, elen, auth,
4498 				       alen, no_defer);
4499 		break;
4500 	}
4501 }
4502 
4503 
4504 static int wpa_ft_generate_pmk_r1(struct wpa_authenticator *wpa_auth,
4505 				  struct wpa_ft_pmk_r0_sa *pmk_r0,
4506 				  struct ft_remote_r1kh *r1kh,
4507 				  const u8 *s1kh_id)
4508 {
4509 	u8 *packet;
4510 	size_t packet_len;
4511 	struct ft_rrb_seq f_seq;
4512 	struct tlv_list push[] = {
4513 		{ .type = FT_RRB_S1KH_ID, .len = ETH_ALEN,
4514 		  .data = s1kh_id },
4515 		{ .type = FT_RRB_PMK_R0_NAME, .len = WPA_PMK_NAME_LEN,
4516 		  .data = pmk_r0->pmk_r0_name },
4517 		{ .type = FT_RRB_LAST_EMPTY, .len = 0, .data = NULL },
4518 	};
4519 	struct tlv_list push_auth[] = {
4520 		{ .type = FT_RRB_SEQ, .len = sizeof(f_seq),
4521 		  .data = (u8 *) &f_seq },
4522 		{ .type = FT_RRB_R0KH_ID,
4523 		  .len = wpa_auth->conf.r0_key_holder_len,
4524 		  .data = wpa_auth->conf.r0_key_holder },
4525 		{ .type = FT_RRB_R1KH_ID, .len = FT_R1KH_ID_LEN,
4526 		  .data = r1kh->id },
4527 		{ .type = FT_RRB_LAST_EMPTY, .len = 0, .data = NULL },
4528 	};
4529 
4530 	if (wpa_ft_new_seq(r1kh->seq, &f_seq) < 0) {
4531 		wpa_printf(MSG_DEBUG, "FT: Failed to get seq num");
4532 		return -1;
4533 	}
4534 
4535 	if (wpa_ft_rrb_build_r0(r1kh->key, sizeof(r1kh->key), push, pmk_r0,
4536 				r1kh->id, s1kh_id, push_auth, wpa_auth->addr,
4537 				FT_PACKET_R0KH_R1KH_PUSH,
4538 				&packet, &packet_len) < 0)
4539 		return -1;
4540 
4541 	wpa_ft_rrb_oui_send(wpa_auth, r1kh->addr, FT_PACKET_R0KH_R1KH_PUSH,
4542 			    packet, packet_len);
4543 
4544 	os_free(packet);
4545 	return 0;
4546 }
4547 
4548 
4549 void wpa_ft_push_pmk_r1(struct wpa_authenticator *wpa_auth, const u8 *addr)
4550 {
4551 	struct wpa_ft_pmk_cache *cache = wpa_auth->ft_pmk_cache;
4552 	struct wpa_ft_pmk_r0_sa *r0, *r0found = NULL;
4553 	struct ft_remote_r1kh *r1kh;
4554 
4555 	if (!wpa_auth->conf.pmk_r1_push)
4556 		return;
4557 	if (!wpa_auth->conf.r1kh_list)
4558 		return;
4559 
4560 	dl_list_for_each(r0, &cache->pmk_r0, struct wpa_ft_pmk_r0_sa, list) {
4561 		if (os_memcmp(r0->spa, addr, ETH_ALEN) == 0) {
4562 			r0found = r0;
4563 			break;
4564 		}
4565 	}
4566 
4567 	r0 = r0found;
4568 	if (r0 == NULL || r0->pmk_r1_pushed)
4569 		return;
4570 	r0->pmk_r1_pushed = 1;
4571 
4572 	wpa_printf(MSG_DEBUG, "FT: Deriving and pushing PMK-R1 keys to R1KHs "
4573 		   "for STA " MACSTR, MAC2STR(addr));
4574 
4575 	for (r1kh = *wpa_auth->conf.r1kh_list; r1kh; r1kh = r1kh->next) {
4576 		if (is_zero_ether_addr(r1kh->addr) ||
4577 		    is_zero_ether_addr(r1kh->id))
4578 			continue;
4579 		if (wpa_ft_rrb_init_r1kh_seq(r1kh) < 0)
4580 			continue;
4581 		wpa_ft_generate_pmk_r1(wpa_auth, r0, r1kh, addr);
4582 	}
4583 }
4584 
4585 #endif /* CONFIG_IEEE80211R_AP */
4586