1 /*
2  * hostapd - IEEE 802.11r - Fast BSS Transition
3  * Copyright (c) 2004-2018, Jouni Malinen <j@w1.fi>
4  *
5  * This software may be distributed under the terms of the BSD license.
6  * See README for more details.
7  */
8 
9 #include "utils/includes.h"
10 
11 #include "utils/common.h"
12 #include "utils/eloop.h"
13 #include "utils/list.h"
14 #include "common/ieee802_11_defs.h"
15 #include "common/ieee802_11_common.h"
16 #include "common/ocv.h"
17 #include "drivers/driver.h"
18 #include "crypto/aes.h"
19 #include "crypto/aes_siv.h"
20 #include "crypto/aes_wrap.h"
21 #include "crypto/sha384.h"
22 #include "crypto/random.h"
23 #include "ap_config.h"
24 #include "ieee802_11.h"
25 #include "wmm.h"
26 #include "wpa_auth.h"
27 #include "wpa_auth_i.h"
28 
29 
30 #ifdef CONFIG_IEEE80211R_AP
31 
32 const unsigned int ftRRBseqTimeout = 10;
33 const unsigned int ftRRBmaxQueueLen = 100;
34 
35 
36 static int wpa_ft_send_rrb_auth_resp(struct wpa_state_machine *sm,
37 				     const u8 *current_ap, const u8 *sta_addr,
38 				     u16 status, const u8 *resp_ies,
39 				     size_t resp_ies_len);
40 static void ft_finish_pull(struct wpa_state_machine *sm);
41 static void wpa_ft_expire_pull(void *eloop_ctx, void *timeout_ctx);
42 static void wpa_ft_rrb_seq_timeout(void *eloop_ctx, void *timeout_ctx);
43 
44 struct tlv_list {
45 	u16 type;
46 	size_t len;
47 	const u8 *data;
48 };
49 
50 
51 /**
52  * wpa_ft_rrb_decrypt - Decrypt FT RRB message
53  * @key: AES-SIV key for AEAD
54  * @key_len: Length of key in octets
55  * @enc: Pointer to encrypted TLVs
56  * @enc_len: Length of encrypted TLVs in octets
57  * @auth: Pointer to authenticated TLVs
58  * @auth_len: Length of authenticated TLVs in octets
59  * @src_addr: MAC address of the frame sender
60  * @type: Vendor-specific subtype of the RRB frame (FT_PACKET_*)
61  * @plain: Pointer to return the pointer to the allocated plaintext buffer;
62  *	needs to be freed by the caller if not NULL;
63  *	will only be returned on success
64  * @plain_len: Pointer to return the length of the allocated plaintext buffer
65  *	in octets
66  * Returns: 0 on success, -1 on error
67  */
wpa_ft_rrb_decrypt(const u8 * key,const size_t key_len,const u8 * enc,size_t enc_len,const u8 * auth,const size_t auth_len,const u8 * src_addr,u8 type,u8 ** plain,size_t * plain_size)68 static int wpa_ft_rrb_decrypt(const u8 *key, const size_t key_len,
69 			      const u8 *enc, size_t enc_len,
70 			      const u8 *auth, const size_t auth_len,
71 			      const u8 *src_addr, u8 type,
72 			      u8 **plain, size_t *plain_size)
73 {
74 	const u8 *ad[3] = { src_addr, auth, &type };
75 	size_t ad_len[3] = { ETH_ALEN, auth_len, sizeof(type) };
76 
77 	wpa_printf(MSG_DEBUG, "FT(RRB): src_addr=" MACSTR " type=%u",
78 		   MAC2STR(src_addr), type);
79 	wpa_hexdump_key(MSG_DEBUG, "FT(RRB): decrypt using key", key, key_len);
80 	wpa_hexdump(MSG_DEBUG, "FT(RRB): encrypted TLVs", enc, enc_len);
81 	wpa_hexdump(MSG_DEBUG, "FT(RRB): authenticated TLVs", auth, auth_len);
82 
83 	if (!key) { /* skip decryption */
84 		*plain = os_memdup(enc, enc_len);
85 		if (enc_len > 0 && !*plain)
86 			goto err;
87 
88 		*plain_size = enc_len;
89 
90 		return 0;
91 	}
92 
93 	*plain = NULL;
94 
95 	/* SIV overhead */
96 	if (enc_len < AES_BLOCK_SIZE)
97 		goto err;
98 
99 	*plain = os_zalloc(enc_len - AES_BLOCK_SIZE);
100 	if (!*plain)
101 		goto err;
102 
103 	if (aes_siv_decrypt(key, key_len, enc, enc_len, 3, ad, ad_len,
104 			    *plain) < 0) {
105 		if (enc_len < AES_BLOCK_SIZE + 2)
106 			goto err;
107 
108 		/* Try to work around Ethernet devices that add extra
109 		 * two octet padding even if the frame is longer than
110 		 * the minimum Ethernet frame. */
111 		enc_len -= 2;
112 		if (aes_siv_decrypt(key, key_len, enc, enc_len, 3, ad, ad_len,
113 				    *plain) < 0)
114 			goto err;
115 	}
116 
117 	*plain_size = enc_len - AES_BLOCK_SIZE;
118 	wpa_hexdump_key(MSG_DEBUG, "FT(RRB): decrypted TLVs",
119 			*plain, *plain_size);
120 	return 0;
121 err:
122 	os_free(*plain);
123 	*plain = NULL;
124 	*plain_size = 0;
125 
126 	wpa_printf(MSG_ERROR, "FT(RRB): Failed to decrypt");
127 
128 	return -1;
129 }
130 
131 
132 /* get first tlv record in packet matching type
133  * @data (decrypted) packet
134  * @return 0 on success else -1
135  */
wpa_ft_rrb_get_tlv(const u8 * plain,size_t plain_len,u16 type,size_t * tlv_len,const u8 ** tlv_data)136 static int wpa_ft_rrb_get_tlv(const u8 *plain, size_t plain_len,
137 			      u16 type, size_t *tlv_len, const u8 **tlv_data)
138 {
139 	const struct ft_rrb_tlv *f;
140 	size_t left;
141 	le16 type16;
142 	size_t len;
143 
144 	left = plain_len;
145 	type16 = host_to_le16(type);
146 
147 	while (left >= sizeof(*f)) {
148 		f = (const struct ft_rrb_tlv *) plain;
149 
150 		left -= sizeof(*f);
151 		plain += sizeof(*f);
152 		len = le_to_host16(f->len);
153 
154 		if (left < len) {
155 			wpa_printf(MSG_DEBUG, "FT: RRB message truncated");
156 			break;
157 		}
158 
159 		if (f->type == type16) {
160 			*tlv_len = len;
161 			*tlv_data = plain;
162 			return 0;
163 		}
164 
165 		left -= len;
166 		plain += len;
167 	}
168 
169 	return -1;
170 }
171 
172 
wpa_ft_rrb_dump(const u8 * plain,const size_t plain_len)173 static void wpa_ft_rrb_dump(const u8 *plain, const size_t plain_len)
174 {
175 	const struct ft_rrb_tlv *f;
176 	size_t left;
177 	size_t len;
178 
179 	left = plain_len;
180 
181 	wpa_printf(MSG_DEBUG, "FT: RRB dump message");
182 	while (left >= sizeof(*f)) {
183 		f = (const struct ft_rrb_tlv *) plain;
184 
185 		left -= sizeof(*f);
186 		plain += sizeof(*f);
187 		len = le_to_host16(f->len);
188 
189 		wpa_printf(MSG_DEBUG, "FT: RRB TLV type = %d, len = %zu",
190 			   le_to_host16(f->type), len);
191 
192 		if (left < len) {
193 			wpa_printf(MSG_DEBUG,
194 				   "FT: RRB message truncated: left %zu bytes, need %zu",
195 				   left, len);
196 			break;
197 		}
198 
199 		wpa_hexdump(MSG_DEBUG, "FT: RRB TLV data", plain, len);
200 
201 		left -= len;
202 		plain += len;
203 	}
204 
205 	if (left > 0)
206 		wpa_hexdump(MSG_DEBUG, "FT: RRB TLV padding", plain, left);
207 
208 	wpa_printf(MSG_DEBUG, "FT: RRB dump message end");
209 }
210 
211 
cmp_int(const void * a,const void * b)212 static int cmp_int(const void *a, const void *b)
213 {
214 	int x, y;
215 
216 	x = *((int *) a);
217 	y = *((int *) b);
218 	return x - y;
219 }
220 
221 
wpa_ft_rrb_get_tlv_vlan(const u8 * plain,const size_t plain_len,struct vlan_description * vlan)222 static int wpa_ft_rrb_get_tlv_vlan(const u8 *plain, const size_t plain_len,
223 				   struct vlan_description *vlan)
224 {
225 	struct ft_rrb_tlv *f;
226 	size_t left;
227 	size_t len;
228 	int taggedidx;
229 	int vlan_id;
230 	int type;
231 
232 	left = plain_len;
233 	taggedidx = 0;
234 	os_memset(vlan, 0, sizeof(*vlan));
235 
236 	while (left >= sizeof(*f)) {
237 		f = (struct ft_rrb_tlv *) plain;
238 
239 		left -= sizeof(*f);
240 		plain += sizeof(*f);
241 
242 		len = le_to_host16(f->len);
243 		type = le_to_host16(f->type);
244 
245 		if (left < len) {
246 			wpa_printf(MSG_DEBUG, "FT: RRB message truncated");
247 			return -1;
248 		}
249 
250 		if (type != FT_RRB_VLAN_UNTAGGED && type != FT_RRB_VLAN_TAGGED)
251 			goto skip;
252 
253 		if (type == FT_RRB_VLAN_UNTAGGED && len != sizeof(le16)) {
254 			wpa_printf(MSG_DEBUG,
255 				   "FT: RRB VLAN_UNTAGGED invalid length");
256 			return -1;
257 		}
258 
259 		if (type == FT_RRB_VLAN_TAGGED && len % sizeof(le16) != 0) {
260 			wpa_printf(MSG_DEBUG,
261 				   "FT: RRB VLAN_TAGGED invalid length");
262 			return -1;
263 		}
264 
265 		while (len >= sizeof(le16)) {
266 			vlan_id = WPA_GET_LE16(plain);
267 			plain += sizeof(le16);
268 			left -= sizeof(le16);
269 			len -= sizeof(le16);
270 
271 			if (vlan_id <= 0 || vlan_id > MAX_VLAN_ID) {
272 				wpa_printf(MSG_DEBUG,
273 					   "FT: RRB VLAN ID invalid %d",
274 					   vlan_id);
275 				continue;
276 			}
277 
278 			if (type == FT_RRB_VLAN_UNTAGGED)
279 				vlan->untagged = vlan_id;
280 
281 			if (type == FT_RRB_VLAN_TAGGED &&
282 			    taggedidx < MAX_NUM_TAGGED_VLAN) {
283 				vlan->tagged[taggedidx] = vlan_id;
284 				taggedidx++;
285 			} else if (type == FT_RRB_VLAN_TAGGED) {
286 				wpa_printf(MSG_DEBUG, "FT: RRB too many VLANs");
287 			}
288 		}
289 
290 	skip:
291 		left -= len;
292 		plain += len;
293 	}
294 
295 	if (taggedidx)
296 		qsort(vlan->tagged, taggedidx, sizeof(int), cmp_int);
297 
298 	vlan->notempty = vlan->untagged || vlan->tagged[0];
299 
300 	return 0;
301 }
302 
303 
wpa_ft_tlv_len(const struct tlv_list * tlvs)304 static size_t wpa_ft_tlv_len(const struct tlv_list *tlvs)
305 {
306 	size_t tlv_len = 0;
307 	int i;
308 
309 	if (!tlvs)
310 		return 0;
311 
312 	for (i = 0; tlvs[i].type != FT_RRB_LAST_EMPTY; i++) {
313 		tlv_len += sizeof(struct ft_rrb_tlv);
314 		tlv_len += tlvs[i].len;
315 	}
316 
317 	return tlv_len;
318 }
319 
320 
wpa_ft_tlv_lin(const struct tlv_list * tlvs,u8 * start,u8 * endpos)321 static size_t wpa_ft_tlv_lin(const struct tlv_list *tlvs, u8 *start,
322 			     u8 *endpos)
323 {
324 	int i;
325 	size_t tlv_len;
326 	struct ft_rrb_tlv *hdr;
327 	u8 *pos;
328 
329 	if (!tlvs)
330 		return 0;
331 
332 	tlv_len = 0;
333 	pos = start;
334 	for (i = 0; tlvs[i].type != FT_RRB_LAST_EMPTY; i++) {
335 		if (tlv_len + sizeof(*hdr) > (size_t) (endpos - start))
336 			return tlv_len;
337 		tlv_len += sizeof(*hdr);
338 		hdr = (struct ft_rrb_tlv *) pos;
339 		hdr->type = host_to_le16(tlvs[i].type);
340 		hdr->len = host_to_le16(tlvs[i].len);
341 		pos = start + tlv_len;
342 
343 		if (tlv_len + tlvs[i].len > (size_t) (endpos - start))
344 			return tlv_len;
345 		if (tlvs[i].len == 0)
346 			continue;
347 		tlv_len += tlvs[i].len;
348 		os_memcpy(pos, tlvs[i].data, tlvs[i].len);
349 		pos = start + tlv_len;
350 	}
351 
352 	return tlv_len;
353 }
354 
355 
wpa_ft_vlan_len(const struct vlan_description * vlan)356 static size_t wpa_ft_vlan_len(const struct vlan_description *vlan)
357 {
358 	size_t tlv_len = 0;
359 	int i;
360 
361 	if (!vlan || !vlan->notempty)
362 		return 0;
363 
364 	if (vlan->untagged) {
365 		tlv_len += sizeof(struct ft_rrb_tlv);
366 		tlv_len += sizeof(le16);
367 	}
368 	if (vlan->tagged[0])
369 		tlv_len += sizeof(struct ft_rrb_tlv);
370 	for (i = 0; i < MAX_NUM_TAGGED_VLAN && vlan->tagged[i]; i++)
371 		tlv_len += sizeof(le16);
372 
373 	return tlv_len;
374 }
375 
376 
wpa_ft_vlan_lin(const struct vlan_description * vlan,u8 * start,u8 * endpos)377 static size_t wpa_ft_vlan_lin(const struct vlan_description *vlan,
378 			      u8 *start, u8 *endpos)
379 {
380 	size_t tlv_len;
381 	int i, len;
382 	struct ft_rrb_tlv *hdr;
383 	u8 *pos = start;
384 
385 	if (!vlan || !vlan->notempty)
386 		return 0;
387 
388 	tlv_len = 0;
389 	if (vlan->untagged) {
390 		tlv_len += sizeof(*hdr);
391 		if (start + tlv_len > endpos)
392 			return tlv_len;
393 		hdr = (struct ft_rrb_tlv *) pos;
394 		hdr->type = host_to_le16(FT_RRB_VLAN_UNTAGGED);
395 		hdr->len = host_to_le16(sizeof(le16));
396 		pos = start + tlv_len;
397 
398 		tlv_len += sizeof(le16);
399 		if (start + tlv_len > endpos)
400 			return tlv_len;
401 		WPA_PUT_LE16(pos, vlan->untagged);
402 		pos = start + tlv_len;
403 	}
404 
405 	if (!vlan->tagged[0])
406 		return tlv_len;
407 
408 	tlv_len += sizeof(*hdr);
409 	if (start + tlv_len > endpos)
410 		return tlv_len;
411 	hdr = (struct ft_rrb_tlv *) pos;
412 	hdr->type = host_to_le16(FT_RRB_VLAN_TAGGED);
413 	len = 0; /* len is computed below */
414 	pos = start + tlv_len;
415 
416 	for (i = 0; i < MAX_NUM_TAGGED_VLAN && vlan->tagged[i]; i++) {
417 		tlv_len += sizeof(le16);
418 		if (start + tlv_len > endpos)
419 			break;
420 		len += sizeof(le16);
421 		WPA_PUT_LE16(pos, vlan->tagged[i]);
422 		pos = start + tlv_len;
423 	}
424 
425 	hdr->len = host_to_le16(len);
426 
427 	return tlv_len;
428 }
429 
430 
wpa_ft_rrb_lin(const struct tlv_list * tlvs1,const struct tlv_list * tlvs2,const struct vlan_description * vlan,u8 ** plain,size_t * plain_len)431 static int wpa_ft_rrb_lin(const struct tlv_list *tlvs1,
432 			  const struct tlv_list *tlvs2,
433 			  const struct vlan_description *vlan,
434 			  u8 **plain, size_t *plain_len)
435 {
436 	u8 *pos, *endpos;
437 	size_t tlv_len;
438 
439 	tlv_len = wpa_ft_tlv_len(tlvs1);
440 	tlv_len += wpa_ft_tlv_len(tlvs2);
441 	tlv_len += wpa_ft_vlan_len(vlan);
442 
443 	*plain_len = tlv_len;
444 	*plain = os_zalloc(tlv_len);
445 	if (!*plain) {
446 		wpa_printf(MSG_ERROR, "FT: Failed to allocate plaintext");
447 		goto err;
448 	}
449 
450 	pos = *plain;
451 	endpos = *plain + tlv_len;
452 	pos += wpa_ft_tlv_lin(tlvs1, pos, endpos);
453 	pos += wpa_ft_tlv_lin(tlvs2, pos, endpos);
454 	pos += wpa_ft_vlan_lin(vlan, pos, endpos);
455 
456 	/* sanity check */
457 	if (pos != endpos) {
458 		wpa_printf(MSG_ERROR, "FT: Length error building RRB");
459 		goto err;
460 	}
461 
462 	return 0;
463 
464 err:
465 	os_free(*plain);
466 	*plain = NULL;
467 	*plain_len = 0;
468 	return -1;
469 }
470 
471 
wpa_ft_rrb_encrypt(const u8 * key,const size_t key_len,const u8 * plain,const size_t plain_len,const u8 * auth,const size_t auth_len,const u8 * src_addr,u8 type,u8 * enc)472 static int wpa_ft_rrb_encrypt(const u8 *key, const size_t key_len,
473 			      const u8 *plain, const size_t plain_len,
474 			      const u8 *auth, const size_t auth_len,
475 			      const u8 *src_addr, u8 type, u8 *enc)
476 {
477 	const u8 *ad[3] = { src_addr, auth, &type };
478 	size_t ad_len[3] = { ETH_ALEN, auth_len, sizeof(type) };
479 
480 	wpa_printf(MSG_DEBUG, "FT(RRB): src_addr=" MACSTR " type=%u",
481 		   MAC2STR(src_addr), type);
482 	wpa_hexdump_key(MSG_DEBUG, "FT(RRB): plaintext message",
483 			plain, plain_len);
484 	wpa_hexdump_key(MSG_DEBUG, "FT(RRB): encrypt using key", key, key_len);
485 	wpa_hexdump(MSG_DEBUG, "FT(RRB): authenticated TLVs", auth, auth_len);
486 
487 	if (!key) {
488 		/* encryption not needed, return plaintext as packet */
489 		os_memcpy(enc, plain, plain_len);
490 	} else if (aes_siv_encrypt(key, key_len, plain, plain_len,
491 				   3, ad, ad_len, enc) < 0) {
492 		wpa_printf(MSG_ERROR, "FT: Failed to encrypt RRB-OUI message");
493 		return -1;
494 	}
495 	wpa_hexdump(MSG_DEBUG, "FT(RRB): encrypted TLVs",
496 		    enc, plain_len + AES_BLOCK_SIZE);
497 
498 	return 0;
499 }
500 
501 
502 /**
503  * wpa_ft_rrb_build - Build and encrypt an FT RRB message
504  * @key: AES-SIV key for AEAD
505  * @key_len: Length of key in octets
506  * @tlvs_enc0: First set of to-be-encrypted TLVs
507  * @tlvs_enc1: Second set of to-be-encrypted TLVs
508  * @tlvs_auth: Set of to-be-authenticated TLVs
509  * @src_addr: MAC address of the frame sender
510  * @type: Vendor-specific subtype of the RRB frame (FT_PACKET_*)
511  * @packet Pointer to return the pointer to the allocated packet buffer;
512  *         needs to be freed by the caller if not null;
513  *         will only be returned on success
514  * @packet_len: Pointer to return the length of the allocated buffer in octets
515  * Returns: 0 on success, -1 on error
516  */
wpa_ft_rrb_build(const u8 * key,const size_t key_len,const struct tlv_list * tlvs_enc0,const struct tlv_list * tlvs_enc1,const struct tlv_list * tlvs_auth,const struct vlan_description * vlan,const u8 * src_addr,u8 type,u8 ** packet,size_t * packet_len)517 static int wpa_ft_rrb_build(const u8 *key, const size_t key_len,
518 			    const struct tlv_list *tlvs_enc0,
519 			    const struct tlv_list *tlvs_enc1,
520 			    const struct tlv_list *tlvs_auth,
521 			    const struct vlan_description *vlan,
522 			    const u8 *src_addr, u8 type,
523 			    u8 **packet, size_t *packet_len)
524 {
525 	u8 *plain = NULL, *auth = NULL, *pos, *tmp;
526 	size_t plain_len = 0, auth_len = 0;
527 	int ret = -1;
528 	size_t pad_len = 0;
529 
530 	*packet = NULL;
531 	if (wpa_ft_rrb_lin(tlvs_enc0, tlvs_enc1, vlan, &plain, &plain_len) < 0)
532 		goto out;
533 
534 	if (wpa_ft_rrb_lin(tlvs_auth, NULL, NULL, &auth, &auth_len) < 0)
535 		goto out;
536 
537 	*packet_len = sizeof(u16) + auth_len + plain_len;
538 	if (key)
539 		*packet_len += AES_BLOCK_SIZE;
540 #define RRB_MIN_MSG_LEN 64
541 	if (*packet_len < RRB_MIN_MSG_LEN) {
542 		pad_len = RRB_MIN_MSG_LEN - *packet_len;
543 		if (pad_len < sizeof(struct ft_rrb_tlv))
544 			pad_len = sizeof(struct ft_rrb_tlv);
545 		wpa_printf(MSG_DEBUG,
546 			   "FT: Pad message to minimum Ethernet frame length (%d --> %d)",
547 			   (int) *packet_len, (int) (*packet_len + pad_len));
548 		*packet_len += pad_len;
549 		tmp = os_realloc(auth, auth_len + pad_len);
550 		if (!tmp)
551 			goto out;
552 		auth = tmp;
553 		pos = auth + auth_len;
554 		WPA_PUT_LE16(pos, FT_RRB_LAST_EMPTY);
555 		pos += 2;
556 		WPA_PUT_LE16(pos, pad_len - sizeof(struct ft_rrb_tlv));
557 		pos += 2;
558 		os_memset(pos, 0, pad_len - sizeof(struct ft_rrb_tlv));
559 		auth_len += pad_len;
560 
561 	}
562 	*packet = os_zalloc(*packet_len);
563 	if (!*packet)
564 		goto out;
565 
566 	pos = *packet;
567 	WPA_PUT_LE16(pos, auth_len);
568 	pos += 2;
569 	os_memcpy(pos, auth, auth_len);
570 	pos += auth_len;
571 	if (wpa_ft_rrb_encrypt(key, key_len, plain, plain_len, auth,
572 			       auth_len, src_addr, type, pos) < 0)
573 		goto out;
574 	wpa_hexdump(MSG_MSGDUMP, "FT: RRB frame payload", *packet, *packet_len);
575 
576 	ret = 0;
577 
578 out:
579 	bin_clear_free(plain, plain_len);
580 	os_free(auth);
581 
582 	if (ret) {
583 		wpa_printf(MSG_ERROR, "FT: Failed to build RRB-OUI message");
584 		os_free(*packet);
585 		*packet = NULL;
586 		*packet_len = 0;
587 	}
588 
589 	return ret;
590 }
591 
592 
593 #define RRB_GET_SRC(srcfield, type, field, txt, checklength) do { \
594 	if (wpa_ft_rrb_get_tlv(srcfield, srcfield##_len, type, \
595 				&f_##field##_len, &f_##field) < 0 || \
596 	    (checklength > 0 && ((size_t) checklength) != f_##field##_len)) { \
597 		wpa_printf(MSG_INFO, "FT: Missing required " #field \
598 			   " in %s from " MACSTR, txt, MAC2STR(src_addr)); \
599 		wpa_ft_rrb_dump(srcfield, srcfield##_len); \
600 		goto out; \
601 	} \
602 } while (0)
603 
604 #define RRB_GET(type, field, txt, checklength) \
605 	RRB_GET_SRC(plain, type, field, txt, checklength)
606 #define RRB_GET_AUTH(type, field, txt, checklength) \
607 	RRB_GET_SRC(auth, type, field, txt, checklength)
608 
609 #define RRB_GET_OPTIONAL_SRC(srcfield, type, field, txt, checklength) do { \
610 	if (wpa_ft_rrb_get_tlv(srcfield, srcfield##_len, type, \
611 				&f_##field##_len, &f_##field) < 0 || \
612 	    (checklength > 0 && ((size_t) checklength) != f_##field##_len)) { \
613 		wpa_printf(MSG_DEBUG, "FT: Missing optional " #field \
614 			   " in %s from " MACSTR, txt, MAC2STR(src_addr)); \
615 		f_##field##_len = 0; \
616 		f_##field = NULL; \
617 	} \
618 } while (0)
619 
620 #define RRB_GET_OPTIONAL(type, field, txt, checklength) \
621 	RRB_GET_OPTIONAL_SRC(plain, type, field, txt, checklength)
622 #define RRB_GET_OPTIONAL_AUTH(type, field, txt, checklength) \
623 	RRB_GET_OPTIONAL_SRC(auth, type, field, txt, checklength)
624 
wpa_ft_rrb_send(struct wpa_authenticator * wpa_auth,const u8 * dst,const u8 * data,size_t data_len)625 static int wpa_ft_rrb_send(struct wpa_authenticator *wpa_auth, const u8 *dst,
626 			   const u8 *data, size_t data_len)
627 {
628 	if (wpa_auth->cb->send_ether == NULL)
629 		return -1;
630 	wpa_printf(MSG_DEBUG, "FT: RRB send to " MACSTR, MAC2STR(dst));
631 	return wpa_auth->cb->send_ether(wpa_auth->cb_ctx, dst, ETH_P_RRB,
632 					data, data_len);
633 }
634 
635 
wpa_ft_rrb_oui_send(struct wpa_authenticator * wpa_auth,const u8 * dst,u8 oui_suffix,const u8 * data,size_t data_len)636 static int wpa_ft_rrb_oui_send(struct wpa_authenticator *wpa_auth,
637 			       const u8 *dst, u8 oui_suffix,
638 			       const u8 *data, size_t data_len)
639 {
640 	if (!wpa_auth->cb->send_oui)
641 		return -1;
642 	wpa_printf(MSG_DEBUG, "FT: RRB-OUI type %u send to " MACSTR " (len=%u)",
643 		   oui_suffix, MAC2STR(dst), (unsigned int) data_len);
644 	return wpa_auth->cb->send_oui(wpa_auth->cb_ctx, dst, oui_suffix, data,
645 				      data_len);
646 }
647 
648 
wpa_ft_action_send(struct wpa_authenticator * wpa_auth,const u8 * dst,const u8 * data,size_t data_len)649 static int wpa_ft_action_send(struct wpa_authenticator *wpa_auth,
650 			      const u8 *dst, const u8 *data, size_t data_len)
651 {
652 	if (wpa_auth->cb->send_ft_action == NULL)
653 		return -1;
654 	return wpa_auth->cb->send_ft_action(wpa_auth->cb_ctx, dst,
655 					    data, data_len);
656 }
657 
658 
wpa_ft_get_psk(struct wpa_authenticator * wpa_auth,const u8 * addr,const u8 * p2p_dev_addr,const u8 * prev_psk)659 static const u8 * wpa_ft_get_psk(struct wpa_authenticator *wpa_auth,
660 				 const u8 *addr, const u8 *p2p_dev_addr,
661 				 const u8 *prev_psk)
662 {
663 	if (wpa_auth->cb->get_psk == NULL)
664 		return NULL;
665 	return wpa_auth->cb->get_psk(wpa_auth->cb_ctx, addr, p2p_dev_addr,
666 				     prev_psk, NULL, NULL);
667 }
668 
669 
670 static struct wpa_state_machine *
wpa_ft_add_sta(struct wpa_authenticator * wpa_auth,const u8 * sta_addr)671 wpa_ft_add_sta(struct wpa_authenticator *wpa_auth, const u8 *sta_addr)
672 {
673 	if (wpa_auth->cb->add_sta == NULL)
674 		return NULL;
675 	return wpa_auth->cb->add_sta(wpa_auth->cb_ctx, sta_addr);
676 }
677 
678 
wpa_ft_set_vlan(struct wpa_authenticator * wpa_auth,const u8 * sta_addr,struct vlan_description * vlan)679 static int wpa_ft_set_vlan(struct wpa_authenticator *wpa_auth,
680 			   const u8 *sta_addr, struct vlan_description *vlan)
681 {
682 	if (!wpa_auth->cb->set_vlan)
683 		return -1;
684 	return wpa_auth->cb->set_vlan(wpa_auth->cb_ctx, sta_addr, vlan);
685 }
686 
687 
wpa_ft_get_vlan(struct wpa_authenticator * wpa_auth,const u8 * sta_addr,struct vlan_description * vlan)688 static int wpa_ft_get_vlan(struct wpa_authenticator *wpa_auth,
689 			   const u8 *sta_addr, struct vlan_description *vlan)
690 {
691 	if (!wpa_auth->cb->get_vlan)
692 		return -1;
693 	return wpa_auth->cb->get_vlan(wpa_auth->cb_ctx, sta_addr, vlan);
694 }
695 
696 
697 static int
wpa_ft_set_identity(struct wpa_authenticator * wpa_auth,const u8 * sta_addr,const u8 * identity,size_t identity_len)698 wpa_ft_set_identity(struct wpa_authenticator *wpa_auth, const u8 *sta_addr,
699 		    const u8 *identity, size_t identity_len)
700 {
701 	if (!wpa_auth->cb->set_identity)
702 		return -1;
703 	return wpa_auth->cb->set_identity(wpa_auth->cb_ctx, sta_addr, identity,
704 					  identity_len);
705 }
706 
707 
708 static size_t
wpa_ft_get_identity(struct wpa_authenticator * wpa_auth,const u8 * sta_addr,const u8 ** buf)709 wpa_ft_get_identity(struct wpa_authenticator *wpa_auth, const u8 *sta_addr,
710 		    const u8 **buf)
711 {
712 	*buf = NULL;
713 	if (!wpa_auth->cb->get_identity)
714 		return 0;
715 	return wpa_auth->cb->get_identity(wpa_auth->cb_ctx, sta_addr, buf);
716 }
717 
718 
719 static int
wpa_ft_set_radius_cui(struct wpa_authenticator * wpa_auth,const u8 * sta_addr,const u8 * radius_cui,size_t radius_cui_len)720 wpa_ft_set_radius_cui(struct wpa_authenticator *wpa_auth, const u8 *sta_addr,
721 		      const u8 *radius_cui, size_t radius_cui_len)
722 {
723 	if (!wpa_auth->cb->set_radius_cui)
724 		return -1;
725 	return wpa_auth->cb->set_radius_cui(wpa_auth->cb_ctx, sta_addr,
726 					    radius_cui, radius_cui_len);
727 }
728 
729 
730 static size_t
wpa_ft_get_radius_cui(struct wpa_authenticator * wpa_auth,const u8 * sta_addr,const u8 ** buf)731 wpa_ft_get_radius_cui(struct wpa_authenticator *wpa_auth, const u8 *sta_addr,
732 		      const u8 **buf)
733 {
734 	*buf = NULL;
735 	if (!wpa_auth->cb->get_radius_cui)
736 		return 0;
737 	return wpa_auth->cb->get_radius_cui(wpa_auth->cb_ctx, sta_addr, buf);
738 }
739 
740 
741 static void
wpa_ft_set_session_timeout(struct wpa_authenticator * wpa_auth,const u8 * sta_addr,int session_timeout)742 wpa_ft_set_session_timeout(struct wpa_authenticator *wpa_auth,
743 			    const u8 *sta_addr, int session_timeout)
744 {
745 	if (!wpa_auth->cb->set_session_timeout)
746 		return;
747 	wpa_auth->cb->set_session_timeout(wpa_auth->cb_ctx, sta_addr,
748 					  session_timeout);
749 }
750 
751 
752 static int
wpa_ft_get_session_timeout(struct wpa_authenticator * wpa_auth,const u8 * sta_addr)753 wpa_ft_get_session_timeout(struct wpa_authenticator *wpa_auth,
754 			    const u8 *sta_addr)
755 {
756 	if (!wpa_auth->cb->get_session_timeout)
757 		return 0;
758 	return wpa_auth->cb->get_session_timeout(wpa_auth->cb_ctx, sta_addr);
759 }
760 
761 
wpa_ft_add_tspec(struct wpa_authenticator * wpa_auth,const u8 * sta_addr,u8 * tspec_ie,size_t tspec_ielen)762 static int wpa_ft_add_tspec(struct wpa_authenticator *wpa_auth,
763 			    const u8 *sta_addr,
764 			    u8 *tspec_ie, size_t tspec_ielen)
765 {
766 	if (wpa_auth->cb->add_tspec == NULL) {
767 		wpa_printf(MSG_DEBUG, "FT: add_tspec is not initialized");
768 		return -1;
769 	}
770 	return wpa_auth->cb->add_tspec(wpa_auth->cb_ctx, sta_addr, tspec_ie,
771 				       tspec_ielen);
772 }
773 
774 
775 #ifdef CONFIG_OCV
wpa_channel_info(struct wpa_authenticator * wpa_auth,struct wpa_channel_info * ci)776 static int wpa_channel_info(struct wpa_authenticator *wpa_auth,
777 			       struct wpa_channel_info *ci)
778 {
779 	if (!wpa_auth->cb->channel_info)
780 		return -1;
781 	return wpa_auth->cb->channel_info(wpa_auth->cb_ctx, ci);
782 }
783 #endif /* CONFIG_OCV */
784 
785 
wpa_write_mdie(struct wpa_auth_config * conf,u8 * buf,size_t len)786 int wpa_write_mdie(struct wpa_auth_config *conf, u8 *buf, size_t len)
787 {
788 	u8 *pos = buf;
789 	u8 capab;
790 	if (len < 2 + sizeof(struct rsn_mdie))
791 		return -1;
792 
793 	*pos++ = WLAN_EID_MOBILITY_DOMAIN;
794 	*pos++ = MOBILITY_DOMAIN_ID_LEN + 1;
795 	os_memcpy(pos, conf->mobility_domain, MOBILITY_DOMAIN_ID_LEN);
796 	pos += MOBILITY_DOMAIN_ID_LEN;
797 	capab = 0;
798 	if (conf->ft_over_ds)
799 		capab |= RSN_FT_CAPAB_FT_OVER_DS;
800 	*pos++ = capab;
801 
802 	return pos - buf;
803 }
804 
805 
wpa_write_ftie(struct wpa_auth_config * conf,int use_sha384,const u8 * r0kh_id,size_t r0kh_id_len,const u8 * anonce,const u8 * snonce,u8 * buf,size_t len,const u8 * subelem,size_t subelem_len)806 int wpa_write_ftie(struct wpa_auth_config *conf, int use_sha384,
807 		   const u8 *r0kh_id, size_t r0kh_id_len,
808 		   const u8 *anonce, const u8 *snonce,
809 		   u8 *buf, size_t len, const u8 *subelem,
810 		   size_t subelem_len)
811 {
812 	u8 *pos = buf, *ielen;
813 	size_t hdrlen = use_sha384 ? sizeof(struct rsn_ftie_sha384) :
814 		sizeof(struct rsn_ftie);
815 
816 	if (len < 2 + hdrlen + 2 + FT_R1KH_ID_LEN + 2 + r0kh_id_len +
817 	    subelem_len)
818 		return -1;
819 
820 	*pos++ = WLAN_EID_FAST_BSS_TRANSITION;
821 	ielen = pos++;
822 
823 	if (use_sha384) {
824 		struct rsn_ftie_sha384 *hdr = (struct rsn_ftie_sha384 *) pos;
825 
826 		os_memset(hdr, 0, sizeof(*hdr));
827 		pos += sizeof(*hdr);
828 		WPA_PUT_LE16(hdr->mic_control, 0);
829 		if (anonce)
830 			os_memcpy(hdr->anonce, anonce, WPA_NONCE_LEN);
831 		if (snonce)
832 			os_memcpy(hdr->snonce, snonce, WPA_NONCE_LEN);
833 	} else {
834 		struct rsn_ftie *hdr = (struct rsn_ftie *) pos;
835 
836 		os_memset(hdr, 0, sizeof(*hdr));
837 		pos += sizeof(*hdr);
838 		WPA_PUT_LE16(hdr->mic_control, 0);
839 		if (anonce)
840 			os_memcpy(hdr->anonce, anonce, WPA_NONCE_LEN);
841 		if (snonce)
842 			os_memcpy(hdr->snonce, snonce, WPA_NONCE_LEN);
843 	}
844 
845 	/* Optional Parameters */
846 	*pos++ = FTIE_SUBELEM_R1KH_ID;
847 	*pos++ = FT_R1KH_ID_LEN;
848 	os_memcpy(pos, conf->r1_key_holder, FT_R1KH_ID_LEN);
849 	pos += FT_R1KH_ID_LEN;
850 
851 	if (r0kh_id) {
852 		*pos++ = FTIE_SUBELEM_R0KH_ID;
853 		*pos++ = r0kh_id_len;
854 		os_memcpy(pos, r0kh_id, r0kh_id_len);
855 		pos += r0kh_id_len;
856 	}
857 
858 	if (subelem) {
859 		os_memcpy(pos, subelem, subelem_len);
860 		pos += subelem_len;
861 	}
862 
863 	*ielen = pos - buf - 2;
864 
865 	return pos - buf;
866 }
867 
868 
869 /* A packet to be handled after seq response */
870 struct ft_remote_item {
871 	struct dl_list list;
872 
873 	u8 nonce[FT_RRB_NONCE_LEN];
874 	struct os_reltime nonce_ts;
875 
876 	u8 src_addr[ETH_ALEN];
877 	u8 *enc;
878 	size_t enc_len;
879 	u8 *auth;
880 	size_t auth_len;
881 	int (*cb)(struct wpa_authenticator *wpa_auth,
882 		  const u8 *src_addr,
883 		  const u8 *enc, size_t enc_len,
884 		  const u8 *auth, size_t auth_len,
885 		  int no_defer);
886 };
887 
888 
wpa_ft_rrb_seq_free(struct ft_remote_item * item)889 static void wpa_ft_rrb_seq_free(struct ft_remote_item *item)
890 {
891 	eloop_cancel_timeout(wpa_ft_rrb_seq_timeout, ELOOP_ALL_CTX, item);
892 	dl_list_del(&item->list);
893 	bin_clear_free(item->enc, item->enc_len);
894 	os_free(item->auth);
895 	os_free(item);
896 }
897 
898 
wpa_ft_rrb_seq_flush(struct wpa_authenticator * wpa_auth,struct ft_remote_seq * rkh_seq,int cb)899 static void wpa_ft_rrb_seq_flush(struct wpa_authenticator *wpa_auth,
900 				 struct ft_remote_seq *rkh_seq, int cb)
901 {
902 	struct ft_remote_item *item, *n;
903 
904 	dl_list_for_each_safe(item, n, &rkh_seq->rx.queue,
905 			      struct ft_remote_item, list) {
906 		if (cb && item->cb)
907 			item->cb(wpa_auth, item->src_addr, item->enc,
908 				 item->enc_len, item->auth, item->auth_len, 1);
909 		wpa_ft_rrb_seq_free(item);
910 	}
911 }
912 
913 
wpa_ft_rrb_seq_timeout(void * eloop_ctx,void * timeout_ctx)914 static void wpa_ft_rrb_seq_timeout(void *eloop_ctx, void *timeout_ctx)
915 {
916 	struct ft_remote_item *item = timeout_ctx;
917 
918 	wpa_ft_rrb_seq_free(item);
919 }
920 
921 
922 static int
wpa_ft_rrb_seq_req(struct wpa_authenticator * wpa_auth,struct ft_remote_seq * rkh_seq,const u8 * src_addr,const u8 * f_r0kh_id,size_t f_r0kh_id_len,const u8 * f_r1kh_id,const u8 * key,size_t key_len,const u8 * enc,size_t enc_len,const u8 * auth,size_t auth_len,int (* cb)(struct wpa_authenticator * wpa_auth,const u8 * src_addr,const u8 * enc,size_t enc_len,const u8 * auth,size_t auth_len,int no_defer))923 wpa_ft_rrb_seq_req(struct wpa_authenticator *wpa_auth,
924 		   struct ft_remote_seq *rkh_seq, const u8 *src_addr,
925 		   const u8 *f_r0kh_id, size_t f_r0kh_id_len,
926 		   const u8 *f_r1kh_id, const u8 *key, size_t key_len,
927 		   const u8 *enc, size_t enc_len,
928 		   const u8 *auth, size_t auth_len,
929 		   int (*cb)(struct wpa_authenticator *wpa_auth,
930 			     const u8 *src_addr,
931 			     const u8 *enc, size_t enc_len,
932 			     const u8 *auth, size_t auth_len,
933 			     int no_defer))
934 {
935 	struct ft_remote_item *item = NULL;
936 	u8 *packet = NULL;
937 	size_t packet_len;
938 	struct tlv_list seq_req_auth[] = {
939 		{ .type = FT_RRB_NONCE, .len = FT_RRB_NONCE_LEN,
940 		  .data = NULL /* to be filled: item->nonce */ },
941 		{ .type = FT_RRB_R0KH_ID, .len = f_r0kh_id_len,
942 		  .data = f_r0kh_id },
943 		{ .type = FT_RRB_R1KH_ID, .len = FT_R1KH_ID_LEN,
944 		  .data = f_r1kh_id },
945 		{ .type = FT_RRB_LAST_EMPTY, .len = 0, .data = NULL },
946 	};
947 
948 	if (dl_list_len(&rkh_seq->rx.queue) >= ftRRBmaxQueueLen) {
949 		wpa_printf(MSG_DEBUG, "FT: Sequence number queue too long");
950 		goto err;
951 	}
952 
953 	wpa_printf(MSG_DEBUG, "FT: Send out sequence number request to " MACSTR,
954 		   MAC2STR(src_addr));
955 	item = os_zalloc(sizeof(*item));
956 	if (!item)
957 		goto err;
958 
959 	os_memcpy(item->src_addr, src_addr, ETH_ALEN);
960 	item->cb = cb;
961 
962 	if (random_get_bytes(item->nonce, FT_RRB_NONCE_LEN) < 0) {
963 		wpa_printf(MSG_DEBUG, "FT: Seq num nonce: out of random bytes");
964 		goto err;
965 	}
966 
967 	if (os_get_reltime(&item->nonce_ts) < 0)
968 		goto err;
969 
970 	if (enc && enc_len > 0) {
971 		item->enc = os_memdup(enc, enc_len);
972 		item->enc_len = enc_len;
973 		if (!item->enc)
974 			goto err;
975 	}
976 
977 	if (auth && auth_len > 0) {
978 		item->auth = os_memdup(auth, auth_len);
979 		item->auth_len = auth_len;
980 		if (!item->auth)
981 			goto err;
982 	}
983 
984 	eloop_register_timeout(ftRRBseqTimeout, 0, wpa_ft_rrb_seq_timeout,
985 			       wpa_auth, item);
986 
987 	seq_req_auth[0].data = item->nonce;
988 
989 	if (wpa_ft_rrb_build(key, key_len, NULL, NULL, seq_req_auth, NULL,
990 			     wpa_auth->addr, FT_PACKET_R0KH_R1KH_SEQ_REQ,
991 			     &packet, &packet_len) < 0) {
992 		item = NULL; /* some other seq resp might still accept this */
993 		goto err;
994 	}
995 
996 	dl_list_add(&rkh_seq->rx.queue, &item->list);
997 
998 	wpa_ft_rrb_oui_send(wpa_auth, src_addr, FT_PACKET_R0KH_R1KH_SEQ_REQ,
999 			    packet, packet_len);
1000 
1001 	os_free(packet);
1002 
1003 	return 0;
1004 err:
1005 	wpa_printf(MSG_DEBUG, "FT: Failed to send sequence number request");
1006 	if (item) {
1007 		os_free(item->auth);
1008 		bin_clear_free(item->enc, item->enc_len);
1009 		os_free(item);
1010 	}
1011 
1012 	return -1;
1013 }
1014 
1015 
1016 #define FT_RRB_SEQ_OK    0
1017 #define FT_RRB_SEQ_DROP  1
1018 #define FT_RRB_SEQ_DEFER 2
1019 
1020 static int
wpa_ft_rrb_seq_chk(struct ft_remote_seq * rkh_seq,const u8 * src_addr,const u8 * enc,size_t enc_len,const u8 * auth,size_t auth_len,const char * msgtype,int no_defer)1021 wpa_ft_rrb_seq_chk(struct ft_remote_seq *rkh_seq, const u8 *src_addr,
1022 		   const u8 *enc, size_t enc_len,
1023 		   const u8 *auth, size_t auth_len,
1024 		   const char *msgtype, int no_defer)
1025 {
1026 	const u8 *f_seq;
1027 	size_t f_seq_len;
1028 	const struct ft_rrb_seq *msg_both;
1029 	u32 msg_seq, msg_off, rkh_off;
1030 	struct os_reltime now;
1031 	unsigned int i;
1032 
1033 	RRB_GET_AUTH(FT_RRB_SEQ, seq, msgtype, sizeof(*msg_both));
1034 	wpa_hexdump(MSG_DEBUG, "FT: sequence number", f_seq, f_seq_len);
1035 	msg_both = (const struct ft_rrb_seq *) f_seq;
1036 
1037 	if (rkh_seq->rx.num_last == 0) {
1038 		/* first packet from remote */
1039 		goto defer;
1040 	}
1041 
1042 	if (le_to_host32(msg_both->dom) != rkh_seq->rx.dom) {
1043 		/* remote might have rebooted */
1044 		goto defer;
1045 	}
1046 
1047 	if (os_get_reltime(&now) == 0) {
1048 		u32 msg_ts_now_remote, msg_ts_off;
1049 		struct os_reltime now_remote;
1050 
1051 		os_reltime_sub(&now, &rkh_seq->rx.time_offset, &now_remote);
1052 		msg_ts_now_remote = now_remote.sec;
1053 		msg_ts_off = le_to_host32(msg_both->ts) -
1054 			(msg_ts_now_remote - ftRRBseqTimeout);
1055 		if (msg_ts_off > 2 * ftRRBseqTimeout)
1056 			goto defer;
1057 	}
1058 
1059 	msg_seq = le_to_host32(msg_both->seq);
1060 	rkh_off = rkh_seq->rx.last[rkh_seq->rx.offsetidx];
1061 	msg_off = msg_seq - rkh_off;
1062 	if (msg_off > 0xC0000000)
1063 		goto out; /* too old message, drop it */
1064 
1065 	if (msg_off <= 0x40000000) {
1066 		for (i = 0; i < rkh_seq->rx.num_last; i++) {
1067 			if (rkh_seq->rx.last[i] == msg_seq)
1068 				goto out; /* duplicate message, drop it */
1069 		}
1070 
1071 		return FT_RRB_SEQ_OK;
1072 	}
1073 
1074 defer:
1075 	if (no_defer)
1076 		goto out;
1077 
1078 	wpa_printf(MSG_DEBUG, "FT: Possibly invalid sequence number in %s from "
1079 		   MACSTR, msgtype, MAC2STR(src_addr));
1080 
1081 	return FT_RRB_SEQ_DEFER;
1082 out:
1083 	wpa_printf(MSG_DEBUG, "FT: Invalid sequence number in %s from " MACSTR,
1084 		   msgtype, MAC2STR(src_addr));
1085 
1086 	return FT_RRB_SEQ_DROP;
1087 }
1088 
1089 
1090 static void
wpa_ft_rrb_seq_accept(struct wpa_authenticator * wpa_auth,struct ft_remote_seq * rkh_seq,const u8 * src_addr,const u8 * auth,size_t auth_len,const char * msgtype)1091 wpa_ft_rrb_seq_accept(struct wpa_authenticator *wpa_auth,
1092 		      struct ft_remote_seq *rkh_seq, const u8 *src_addr,
1093 		      const u8 *auth, size_t auth_len,
1094 		      const char *msgtype)
1095 {
1096 	const u8 *f_seq;
1097 	size_t f_seq_len;
1098 	const struct ft_rrb_seq *msg_both;
1099 	u32 msg_seq, msg_off, min_off, rkh_off;
1100 	int minidx = 0;
1101 	unsigned int i;
1102 
1103 	RRB_GET_AUTH(FT_RRB_SEQ, seq, msgtype, sizeof(*msg_both));
1104 	msg_both = (const struct ft_rrb_seq *) f_seq;
1105 
1106 	msg_seq = le_to_host32(msg_both->seq);
1107 
1108 	if (rkh_seq->rx.num_last < FT_REMOTE_SEQ_BACKLOG) {
1109 		rkh_seq->rx.last[rkh_seq->rx.num_last] = msg_seq;
1110 		rkh_seq->rx.num_last++;
1111 		return;
1112 	}
1113 
1114 	rkh_off = rkh_seq->rx.last[rkh_seq->rx.offsetidx];
1115 	for (i = 0; i < rkh_seq->rx.num_last; i++) {
1116 		msg_off = rkh_seq->rx.last[i] - rkh_off;
1117 		min_off = rkh_seq->rx.last[minidx] - rkh_off;
1118 		if (msg_off < min_off && i != rkh_seq->rx.offsetidx)
1119 			minidx = i;
1120 	}
1121 	rkh_seq->rx.last[rkh_seq->rx.offsetidx] = msg_seq;
1122 	rkh_seq->rx.offsetidx = minidx;
1123 
1124 	return;
1125 out:
1126 	/* RRB_GET_AUTH should never fail here as
1127 	 * wpa_ft_rrb_seq_chk() verified FT_RRB_SEQ presence. */
1128 	wpa_printf(MSG_ERROR, "FT: %s() failed", __func__);
1129 }
1130 
1131 
wpa_ft_new_seq(struct ft_remote_seq * rkh_seq,struct ft_rrb_seq * f_seq)1132 static int wpa_ft_new_seq(struct ft_remote_seq *rkh_seq,
1133 			  struct ft_rrb_seq *f_seq)
1134 {
1135 	struct os_reltime now;
1136 
1137 	if (os_get_reltime(&now) < 0)
1138 		return -1;
1139 
1140 	if (!rkh_seq->tx.dom) {
1141 		if (random_get_bytes((u8 *) &rkh_seq->tx.seq,
1142 				     sizeof(rkh_seq->tx.seq))) {
1143 			wpa_printf(MSG_ERROR,
1144 				   "FT: Failed to get random data for sequence number initialization");
1145 			rkh_seq->tx.seq = now.usec;
1146 		}
1147 		if (random_get_bytes((u8 *) &rkh_seq->tx.dom,
1148 				     sizeof(rkh_seq->tx.dom))) {
1149 			wpa_printf(MSG_ERROR,
1150 				   "FT: Failed to get random data for sequence number initialization");
1151 			rkh_seq->tx.dom = now.usec;
1152 		}
1153 		rkh_seq->tx.dom |= 1;
1154 	}
1155 
1156 	f_seq->dom = host_to_le32(rkh_seq->tx.dom);
1157 	f_seq->seq = host_to_le32(rkh_seq->tx.seq);
1158 	f_seq->ts = host_to_le32(now.sec);
1159 
1160 	rkh_seq->tx.seq++;
1161 
1162 	return 0;
1163 }
1164 
1165 
1166 struct wpa_ft_pmk_r0_sa {
1167 	struct dl_list list;
1168 	u8 pmk_r0[PMK_LEN_MAX];
1169 	size_t pmk_r0_len;
1170 	u8 pmk_r0_name[WPA_PMK_NAME_LEN];
1171 	u8 spa[ETH_ALEN];
1172 	int pairwise; /* Pairwise cipher suite, WPA_CIPHER_* */
1173 	struct vlan_description *vlan;
1174 	os_time_t expiration; /* 0 for no expiration */
1175 	u8 *identity;
1176 	size_t identity_len;
1177 	u8 *radius_cui;
1178 	size_t radius_cui_len;
1179 	os_time_t session_timeout; /* 0 for no expiration */
1180 	/* TODO: radius_class, EAP type */
1181 	int pmk_r1_pushed;
1182 };
1183 
1184 struct wpa_ft_pmk_r1_sa {
1185 	struct dl_list list;
1186 	u8 pmk_r1[PMK_LEN_MAX];
1187 	size_t pmk_r1_len;
1188 	u8 pmk_r1_name[WPA_PMK_NAME_LEN];
1189 	u8 spa[ETH_ALEN];
1190 	int pairwise; /* Pairwise cipher suite, WPA_CIPHER_* */
1191 	struct vlan_description *vlan;
1192 	u8 *identity;
1193 	size_t identity_len;
1194 	u8 *radius_cui;
1195 	size_t radius_cui_len;
1196 	os_time_t session_timeout; /* 0 for no expiration */
1197 	/* TODO: radius_class, EAP type */
1198 };
1199 
1200 struct wpa_ft_pmk_cache {
1201 	struct dl_list pmk_r0; /* struct wpa_ft_pmk_r0_sa */
1202 	struct dl_list pmk_r1; /* struct wpa_ft_pmk_r1_sa */
1203 };
1204 
1205 
1206 static void wpa_ft_expire_pmk_r0(void *eloop_ctx, void *timeout_ctx);
1207 static void wpa_ft_expire_pmk_r1(void *eloop_ctx, void *timeout_ctx);
1208 
1209 
wpa_ft_free_pmk_r0(struct wpa_ft_pmk_r0_sa * r0)1210 static void wpa_ft_free_pmk_r0(struct wpa_ft_pmk_r0_sa *r0)
1211 {
1212 	if (!r0)
1213 		return;
1214 
1215 	dl_list_del(&r0->list);
1216 	eloop_cancel_timeout(wpa_ft_expire_pmk_r0, r0, NULL);
1217 
1218 	os_memset(r0->pmk_r0, 0, PMK_LEN_MAX);
1219 	os_free(r0->vlan);
1220 	os_free(r0->identity);
1221 	os_free(r0->radius_cui);
1222 	os_free(r0);
1223 }
1224 
1225 
wpa_ft_expire_pmk_r0(void * eloop_ctx,void * timeout_ctx)1226 static void wpa_ft_expire_pmk_r0(void *eloop_ctx, void *timeout_ctx)
1227 {
1228 	struct wpa_ft_pmk_r0_sa *r0 = eloop_ctx;
1229 	struct os_reltime now;
1230 	int expires_in;
1231 	int session_timeout;
1232 
1233 	os_get_reltime(&now);
1234 
1235 	if (!r0)
1236 		return;
1237 
1238 	expires_in = r0->expiration - now.sec;
1239 	session_timeout = r0->session_timeout - now.sec;
1240 	/* conditions to remove from cache:
1241 	 * a) r0->expiration is set and hit
1242 	 * -or-
1243 	 * b) r0->session_timeout is set and hit
1244 	 */
1245 	if ((!r0->expiration || expires_in > 0) &&
1246 	    (!r0->session_timeout || session_timeout > 0)) {
1247 		wpa_printf(MSG_ERROR,
1248 			   "FT: %s() called for non-expired entry %p",
1249 			   __func__, r0);
1250 		eloop_cancel_timeout(wpa_ft_expire_pmk_r0, r0, NULL);
1251 		if (r0->expiration && expires_in > 0)
1252 			eloop_register_timeout(expires_in + 1, 0,
1253 					       wpa_ft_expire_pmk_r0, r0, NULL);
1254 		if (r0->session_timeout && session_timeout > 0)
1255 			eloop_register_timeout(session_timeout + 1, 0,
1256 					       wpa_ft_expire_pmk_r0, r0, NULL);
1257 		return;
1258 	}
1259 
1260 	wpa_ft_free_pmk_r0(r0);
1261 }
1262 
1263 
wpa_ft_free_pmk_r1(struct wpa_ft_pmk_r1_sa * r1)1264 static void wpa_ft_free_pmk_r1(struct wpa_ft_pmk_r1_sa *r1)
1265 {
1266 	if (!r1)
1267 		return;
1268 
1269 	dl_list_del(&r1->list);
1270 	eloop_cancel_timeout(wpa_ft_expire_pmk_r1, r1, NULL);
1271 
1272 	os_memset(r1->pmk_r1, 0, PMK_LEN_MAX);
1273 	os_free(r1->vlan);
1274 	os_free(r1->identity);
1275 	os_free(r1->radius_cui);
1276 	os_free(r1);
1277 }
1278 
1279 
wpa_ft_expire_pmk_r1(void * eloop_ctx,void * timeout_ctx)1280 static void wpa_ft_expire_pmk_r1(void *eloop_ctx, void *timeout_ctx)
1281 {
1282 	struct wpa_ft_pmk_r1_sa *r1 = eloop_ctx;
1283 
1284 	wpa_ft_free_pmk_r1(r1);
1285 }
1286 
1287 
wpa_ft_pmk_cache_init(void)1288 struct wpa_ft_pmk_cache * wpa_ft_pmk_cache_init(void)
1289 {
1290 	struct wpa_ft_pmk_cache *cache;
1291 
1292 	cache = os_zalloc(sizeof(*cache));
1293 	if (cache) {
1294 		dl_list_init(&cache->pmk_r0);
1295 		dl_list_init(&cache->pmk_r1);
1296 	}
1297 
1298 	return cache;
1299 }
1300 
1301 
wpa_ft_pmk_cache_deinit(struct wpa_ft_pmk_cache * cache)1302 void wpa_ft_pmk_cache_deinit(struct wpa_ft_pmk_cache *cache)
1303 {
1304 	struct wpa_ft_pmk_r0_sa *r0, *r0prev;
1305 	struct wpa_ft_pmk_r1_sa *r1, *r1prev;
1306 
1307 	dl_list_for_each_safe(r0, r0prev, &cache->pmk_r0,
1308 			      struct wpa_ft_pmk_r0_sa, list)
1309 		wpa_ft_free_pmk_r0(r0);
1310 
1311 	dl_list_for_each_safe(r1, r1prev, &cache->pmk_r1,
1312 			      struct wpa_ft_pmk_r1_sa, list)
1313 		wpa_ft_free_pmk_r1(r1);
1314 
1315 	os_free(cache);
1316 }
1317 
1318 
wpa_ft_store_pmk_r0(struct wpa_authenticator * wpa_auth,const u8 * spa,const u8 * pmk_r0,size_t pmk_r0_len,const u8 * pmk_r0_name,int pairwise,const struct vlan_description * vlan,int expires_in,int session_timeout,const u8 * identity,size_t identity_len,const u8 * radius_cui,size_t radius_cui_len)1319 static int wpa_ft_store_pmk_r0(struct wpa_authenticator *wpa_auth,
1320 			       const u8 *spa, const u8 *pmk_r0,
1321 			       size_t pmk_r0_len,
1322 			       const u8 *pmk_r0_name, int pairwise,
1323 			       const struct vlan_description *vlan,
1324 			       int expires_in, int session_timeout,
1325 			       const u8 *identity, size_t identity_len,
1326 			       const u8 *radius_cui, size_t radius_cui_len)
1327 {
1328 	struct wpa_ft_pmk_cache *cache = wpa_auth->ft_pmk_cache;
1329 	struct wpa_ft_pmk_r0_sa *r0;
1330 	struct os_reltime now;
1331 
1332 	/* TODO: add limit on number of entries in cache */
1333 	os_get_reltime(&now);
1334 
1335 	r0 = os_zalloc(sizeof(*r0));
1336 	if (r0 == NULL)
1337 		return -1;
1338 
1339 	os_memcpy(r0->pmk_r0, pmk_r0, pmk_r0_len);
1340 	r0->pmk_r0_len = pmk_r0_len;
1341 	os_memcpy(r0->pmk_r0_name, pmk_r0_name, WPA_PMK_NAME_LEN);
1342 	os_memcpy(r0->spa, spa, ETH_ALEN);
1343 	r0->pairwise = pairwise;
1344 	if (expires_in > 0)
1345 		r0->expiration = now.sec + expires_in;
1346 	if (vlan && vlan->notempty) {
1347 		r0->vlan = os_zalloc(sizeof(*vlan));
1348 		if (!r0->vlan) {
1349 			bin_clear_free(r0, sizeof(*r0));
1350 			return -1;
1351 		}
1352 		*r0->vlan = *vlan;
1353 	}
1354 	if (identity) {
1355 		r0->identity = os_malloc(identity_len);
1356 		if (r0->identity) {
1357 			os_memcpy(r0->identity, identity, identity_len);
1358 			r0->identity_len = identity_len;
1359 		}
1360 	}
1361 	if (radius_cui) {
1362 		r0->radius_cui = os_malloc(radius_cui_len);
1363 		if (r0->radius_cui) {
1364 			os_memcpy(r0->radius_cui, radius_cui, radius_cui_len);
1365 			r0->radius_cui_len = radius_cui_len;
1366 		}
1367 	}
1368 	if (session_timeout > 0)
1369 		r0->session_timeout = now.sec + session_timeout;
1370 
1371 	dl_list_add(&cache->pmk_r0, &r0->list);
1372 	if (expires_in > 0)
1373 		eloop_register_timeout(expires_in + 1, 0, wpa_ft_expire_pmk_r0,
1374 				       r0, NULL);
1375 	if (session_timeout > 0)
1376 		eloop_register_timeout(session_timeout + 1, 0,
1377 				       wpa_ft_expire_pmk_r0, r0, NULL);
1378 
1379 	return 0;
1380 }
1381 
1382 
wpa_ft_fetch_pmk_r0(struct wpa_authenticator * wpa_auth,const u8 * spa,const u8 * pmk_r0_name,const struct wpa_ft_pmk_r0_sa ** r0_out)1383 static int wpa_ft_fetch_pmk_r0(struct wpa_authenticator *wpa_auth,
1384 			       const u8 *spa, const u8 *pmk_r0_name,
1385 			       const struct wpa_ft_pmk_r0_sa **r0_out)
1386 {
1387 	struct wpa_ft_pmk_cache *cache = wpa_auth->ft_pmk_cache;
1388 	struct wpa_ft_pmk_r0_sa *r0;
1389 	struct os_reltime now;
1390 
1391 	os_get_reltime(&now);
1392 	dl_list_for_each(r0, &cache->pmk_r0, struct wpa_ft_pmk_r0_sa, list) {
1393 		if (os_memcmp(r0->spa, spa, ETH_ALEN) == 0 &&
1394 		    os_memcmp_const(r0->pmk_r0_name, pmk_r0_name,
1395 				    WPA_PMK_NAME_LEN) == 0) {
1396 			*r0_out = r0;
1397 			return 0;
1398 		}
1399 	}
1400 
1401 	*r0_out = NULL;
1402 	return -1;
1403 }
1404 
1405 
wpa_ft_store_pmk_r1(struct wpa_authenticator * wpa_auth,const u8 * spa,const u8 * pmk_r1,size_t pmk_r1_len,const u8 * pmk_r1_name,int pairwise,const struct vlan_description * vlan,int expires_in,int session_timeout,const u8 * identity,size_t identity_len,const u8 * radius_cui,size_t radius_cui_len)1406 static int wpa_ft_store_pmk_r1(struct wpa_authenticator *wpa_auth,
1407 			       const u8 *spa, const u8 *pmk_r1,
1408 			       size_t pmk_r1_len,
1409 			       const u8 *pmk_r1_name, int pairwise,
1410 			       const struct vlan_description *vlan,
1411 			       int expires_in, int session_timeout,
1412 			       const u8 *identity, size_t identity_len,
1413 			       const u8 *radius_cui, size_t radius_cui_len)
1414 {
1415 	struct wpa_ft_pmk_cache *cache = wpa_auth->ft_pmk_cache;
1416 	int max_expires_in = wpa_auth->conf.r1_max_key_lifetime;
1417 	struct wpa_ft_pmk_r1_sa *r1;
1418 	struct os_reltime now;
1419 
1420 	/* TODO: limit on number of entries in cache */
1421 	os_get_reltime(&now);
1422 
1423 	if (max_expires_in && (max_expires_in < expires_in || expires_in == 0))
1424 		expires_in = max_expires_in;
1425 
1426 	r1 = os_zalloc(sizeof(*r1));
1427 	if (r1 == NULL)
1428 		return -1;
1429 
1430 	os_memcpy(r1->pmk_r1, pmk_r1, pmk_r1_len);
1431 	r1->pmk_r1_len = pmk_r1_len;
1432 	os_memcpy(r1->pmk_r1_name, pmk_r1_name, WPA_PMK_NAME_LEN);
1433 	os_memcpy(r1->spa, spa, ETH_ALEN);
1434 	r1->pairwise = pairwise;
1435 	if (vlan && vlan->notempty) {
1436 		r1->vlan = os_zalloc(sizeof(*vlan));
1437 		if (!r1->vlan) {
1438 			bin_clear_free(r1, sizeof(*r1));
1439 			return -1;
1440 		}
1441 		*r1->vlan = *vlan;
1442 	}
1443 	if (identity) {
1444 		r1->identity = os_malloc(identity_len);
1445 		if (r1->identity) {
1446 			os_memcpy(r1->identity, identity, identity_len);
1447 			r1->identity_len = identity_len;
1448 		}
1449 	}
1450 	if (radius_cui) {
1451 		r1->radius_cui = os_malloc(radius_cui_len);
1452 		if (r1->radius_cui) {
1453 			os_memcpy(r1->radius_cui, radius_cui, radius_cui_len);
1454 			r1->radius_cui_len = radius_cui_len;
1455 		}
1456 	}
1457 	if (session_timeout > 0)
1458 		r1->session_timeout = now.sec + session_timeout;
1459 
1460 	dl_list_add(&cache->pmk_r1, &r1->list);
1461 
1462 	if (expires_in > 0)
1463 		eloop_register_timeout(expires_in + 1, 0, wpa_ft_expire_pmk_r1,
1464 				       r1, NULL);
1465 	if (session_timeout > 0)
1466 		eloop_register_timeout(session_timeout + 1, 0,
1467 				       wpa_ft_expire_pmk_r1, r1, NULL);
1468 
1469 	return 0;
1470 }
1471 
1472 
wpa_ft_fetch_pmk_r1(struct wpa_authenticator * wpa_auth,const u8 * spa,const u8 * pmk_r1_name,u8 * pmk_r1,size_t * pmk_r1_len,int * pairwise,struct vlan_description * vlan,const u8 ** identity,size_t * identity_len,const u8 ** radius_cui,size_t * radius_cui_len,int * session_timeout)1473 static int wpa_ft_fetch_pmk_r1(struct wpa_authenticator *wpa_auth,
1474 			       const u8 *spa, const u8 *pmk_r1_name,
1475 			       u8 *pmk_r1, size_t *pmk_r1_len, int *pairwise,
1476 			       struct vlan_description *vlan,
1477 			       const u8 **identity, size_t *identity_len,
1478 			       const u8 **radius_cui, size_t *radius_cui_len,
1479 			       int *session_timeout)
1480 {
1481 	struct wpa_ft_pmk_cache *cache = wpa_auth->ft_pmk_cache;
1482 	struct wpa_ft_pmk_r1_sa *r1;
1483 	struct os_reltime now;
1484 
1485 	os_get_reltime(&now);
1486 
1487 	dl_list_for_each(r1, &cache->pmk_r1, struct wpa_ft_pmk_r1_sa, list) {
1488 		if (os_memcmp(r1->spa, spa, ETH_ALEN) == 0 &&
1489 		    os_memcmp_const(r1->pmk_r1_name, pmk_r1_name,
1490 				    WPA_PMK_NAME_LEN) == 0) {
1491 			os_memcpy(pmk_r1, r1->pmk_r1, r1->pmk_r1_len);
1492 			*pmk_r1_len = r1->pmk_r1_len;
1493 			if (pairwise)
1494 				*pairwise = r1->pairwise;
1495 			if (vlan && r1->vlan)
1496 				*vlan = *r1->vlan;
1497 			if (vlan && !r1->vlan)
1498 				os_memset(vlan, 0, sizeof(*vlan));
1499 			if (identity && identity_len) {
1500 				*identity = r1->identity;
1501 				*identity_len = r1->identity_len;
1502 			}
1503 			if (radius_cui && radius_cui_len) {
1504 				*radius_cui = r1->radius_cui;
1505 				*radius_cui_len = r1->radius_cui_len;
1506 			}
1507 			if (session_timeout && r1->session_timeout > now.sec)
1508 				*session_timeout = r1->session_timeout -
1509 					now.sec;
1510 			else if (session_timeout && r1->session_timeout)
1511 				*session_timeout = 1;
1512 			else if (session_timeout)
1513 				*session_timeout = 0;
1514 			return 0;
1515 		}
1516 	}
1517 
1518 	return -1;
1519 }
1520 
1521 
wpa_ft_rrb_init_r0kh_seq(struct ft_remote_r0kh * r0kh)1522 static int wpa_ft_rrb_init_r0kh_seq(struct ft_remote_r0kh *r0kh)
1523 {
1524 	if (r0kh->seq)
1525 		return 0;
1526 
1527 	r0kh->seq = os_zalloc(sizeof(*r0kh->seq));
1528 	if (!r0kh->seq) {
1529 		wpa_printf(MSG_DEBUG, "FT: Failed to allocate r0kh->seq");
1530 		return -1;
1531 	}
1532 
1533 	dl_list_init(&r0kh->seq->rx.queue);
1534 
1535 	return 0;
1536 }
1537 
1538 
wpa_ft_rrb_lookup_r0kh(struct wpa_authenticator * wpa_auth,const u8 * f_r0kh_id,size_t f_r0kh_id_len,struct ft_remote_r0kh ** r0kh_out,struct ft_remote_r0kh ** r0kh_wildcard)1539 static void wpa_ft_rrb_lookup_r0kh(struct wpa_authenticator *wpa_auth,
1540 				   const u8 *f_r0kh_id, size_t f_r0kh_id_len,
1541 				   struct ft_remote_r0kh **r0kh_out,
1542 				   struct ft_remote_r0kh **r0kh_wildcard)
1543 {
1544 	struct ft_remote_r0kh *r0kh;
1545 
1546 	*r0kh_wildcard = NULL;
1547 	*r0kh_out = NULL;
1548 
1549 	if (wpa_auth->conf.r0kh_list)
1550 		r0kh = *wpa_auth->conf.r0kh_list;
1551 	else
1552 		r0kh = NULL;
1553 	for (; r0kh; r0kh = r0kh->next) {
1554 		if (r0kh->id_len == 1 && r0kh->id[0] == '*')
1555 			*r0kh_wildcard = r0kh;
1556 		if (f_r0kh_id && r0kh->id_len == f_r0kh_id_len &&
1557 		    os_memcmp_const(f_r0kh_id, r0kh->id, f_r0kh_id_len) == 0)
1558 			*r0kh_out = r0kh;
1559 	}
1560 
1561 	if (!*r0kh_out && !*r0kh_wildcard)
1562 		wpa_printf(MSG_DEBUG, "FT: No matching R0KH found");
1563 
1564 	if (*r0kh_out && wpa_ft_rrb_init_r0kh_seq(*r0kh_out) < 0)
1565 		*r0kh_out = NULL;
1566 }
1567 
1568 
wpa_ft_rrb_init_r1kh_seq(struct ft_remote_r1kh * r1kh)1569 static int wpa_ft_rrb_init_r1kh_seq(struct ft_remote_r1kh *r1kh)
1570 {
1571 	if (r1kh->seq)
1572 		return 0;
1573 
1574 	r1kh->seq = os_zalloc(sizeof(*r1kh->seq));
1575 	if (!r1kh->seq) {
1576 		wpa_printf(MSG_DEBUG, "FT: Failed to allocate r1kh->seq");
1577 		return -1;
1578 	}
1579 
1580 	dl_list_init(&r1kh->seq->rx.queue);
1581 
1582 	return 0;
1583 }
1584 
1585 
wpa_ft_rrb_lookup_r1kh(struct wpa_authenticator * wpa_auth,const u8 * f_r1kh_id,struct ft_remote_r1kh ** r1kh_out,struct ft_remote_r1kh ** r1kh_wildcard)1586 static void wpa_ft_rrb_lookup_r1kh(struct wpa_authenticator *wpa_auth,
1587 				   const u8 *f_r1kh_id,
1588 				   struct ft_remote_r1kh **r1kh_out,
1589 				   struct ft_remote_r1kh **r1kh_wildcard)
1590 {
1591 	struct ft_remote_r1kh *r1kh;
1592 
1593 	*r1kh_wildcard = NULL;
1594 	*r1kh_out = NULL;
1595 
1596 	if (wpa_auth->conf.r1kh_list)
1597 		r1kh = *wpa_auth->conf.r1kh_list;
1598 	else
1599 		r1kh = NULL;
1600 	for (; r1kh; r1kh = r1kh->next) {
1601 		if (is_zero_ether_addr(r1kh->addr) &&
1602 		    is_zero_ether_addr(r1kh->id))
1603 			*r1kh_wildcard = r1kh;
1604 		if (f_r1kh_id &&
1605 		    os_memcmp_const(r1kh->id, f_r1kh_id, FT_R1KH_ID_LEN) == 0)
1606 			*r1kh_out = r1kh;
1607 	}
1608 
1609 	if (!*r1kh_out && !*r1kh_wildcard)
1610 		wpa_printf(MSG_DEBUG, "FT: No matching R1KH found");
1611 
1612 	if (*r1kh_out && wpa_ft_rrb_init_r1kh_seq(*r1kh_out) < 0)
1613 		*r1kh_out = NULL;
1614 }
1615 
1616 
wpa_ft_rrb_check_r0kh(struct wpa_authenticator * wpa_auth,const u8 * f_r0kh_id,size_t f_r0kh_id_len)1617 static int wpa_ft_rrb_check_r0kh(struct wpa_authenticator *wpa_auth,
1618 				 const u8 *f_r0kh_id, size_t f_r0kh_id_len)
1619 {
1620 	if (f_r0kh_id_len != wpa_auth->conf.r0_key_holder_len ||
1621 	    os_memcmp_const(f_r0kh_id, wpa_auth->conf.r0_key_holder,
1622 			    f_r0kh_id_len) != 0)
1623 		return -1;
1624 
1625 	return 0;
1626 }
1627 
1628 
wpa_ft_rrb_check_r1kh(struct wpa_authenticator * wpa_auth,const u8 * f_r1kh_id)1629 static int wpa_ft_rrb_check_r1kh(struct wpa_authenticator *wpa_auth,
1630 				 const u8 *f_r1kh_id)
1631 {
1632 	if (os_memcmp_const(f_r1kh_id, wpa_auth->conf.r1_key_holder,
1633 			    FT_R1KH_ID_LEN) != 0)
1634 		return -1;
1635 
1636 	return 0;
1637 }
1638 
1639 
wpa_ft_rrb_del_r0kh(void * eloop_ctx,void * timeout_ctx)1640 static void wpa_ft_rrb_del_r0kh(void *eloop_ctx, void *timeout_ctx)
1641 {
1642 	struct wpa_authenticator *wpa_auth = eloop_ctx;
1643 	struct ft_remote_r0kh *r0kh, *prev = NULL;
1644 
1645 	if (!wpa_auth->conf.r0kh_list)
1646 		return;
1647 
1648 	for (r0kh = *wpa_auth->conf.r0kh_list; r0kh; r0kh = r0kh->next) {
1649 		if (r0kh == timeout_ctx)
1650 			break;
1651 		prev = r0kh;
1652 	}
1653 	if (!r0kh)
1654 		return;
1655 	if (prev)
1656 		prev->next = r0kh->next;
1657 	else
1658 		*wpa_auth->conf.r0kh_list = r0kh->next;
1659 	if (r0kh->seq)
1660 		wpa_ft_rrb_seq_flush(wpa_auth, r0kh->seq, 0);
1661 	os_free(r0kh->seq);
1662 	os_free(r0kh);
1663 }
1664 
1665 
wpa_ft_rrb_r0kh_replenish(struct wpa_authenticator * wpa_auth,struct ft_remote_r0kh * r0kh,int timeout)1666 static void wpa_ft_rrb_r0kh_replenish(struct wpa_authenticator *wpa_auth,
1667 				      struct ft_remote_r0kh *r0kh, int timeout)
1668 {
1669 	if (timeout > 0)
1670 		eloop_replenish_timeout(timeout, 0, wpa_ft_rrb_del_r0kh,
1671 					wpa_auth, r0kh);
1672 }
1673 
1674 
wpa_ft_rrb_r0kh_timeout(struct wpa_authenticator * wpa_auth,struct ft_remote_r0kh * r0kh,int timeout)1675 static void wpa_ft_rrb_r0kh_timeout(struct wpa_authenticator *wpa_auth,
1676 				    struct ft_remote_r0kh *r0kh, int timeout)
1677 {
1678 	eloop_cancel_timeout(wpa_ft_rrb_del_r0kh, wpa_auth, r0kh);
1679 
1680 	if (timeout > 0)
1681 		eloop_register_timeout(timeout, 0, wpa_ft_rrb_del_r0kh,
1682 				       wpa_auth, r0kh);
1683 }
1684 
1685 
1686 static struct ft_remote_r0kh *
wpa_ft_rrb_add_r0kh(struct wpa_authenticator * wpa_auth,struct ft_remote_r0kh * r0kh_wildcard,const u8 * src_addr,const u8 * r0kh_id,size_t id_len,int timeout)1687 wpa_ft_rrb_add_r0kh(struct wpa_authenticator *wpa_auth,
1688 		    struct ft_remote_r0kh *r0kh_wildcard,
1689 		    const u8 *src_addr, const u8 *r0kh_id, size_t id_len,
1690 		    int timeout)
1691 {
1692 	struct ft_remote_r0kh *r0kh;
1693 
1694 	if (!wpa_auth->conf.r0kh_list)
1695 		return NULL;
1696 
1697 	r0kh = os_zalloc(sizeof(*r0kh));
1698 	if (!r0kh)
1699 		return NULL;
1700 
1701 	if (src_addr)
1702 		os_memcpy(r0kh->addr, src_addr, sizeof(r0kh->addr));
1703 
1704 	if (id_len > FT_R0KH_ID_MAX_LEN)
1705 		id_len = FT_R0KH_ID_MAX_LEN;
1706 	os_memcpy(r0kh->id, r0kh_id, id_len);
1707 	r0kh->id_len = id_len;
1708 
1709 	os_memcpy(r0kh->key, r0kh_wildcard->key, sizeof(r0kh->key));
1710 
1711 	r0kh->next = *wpa_auth->conf.r0kh_list;
1712 	*wpa_auth->conf.r0kh_list = r0kh;
1713 
1714 	if (timeout > 0)
1715 		eloop_register_timeout(timeout, 0, wpa_ft_rrb_del_r0kh,
1716 				       wpa_auth, r0kh);
1717 
1718 	if (wpa_ft_rrb_init_r0kh_seq(r0kh) < 0)
1719 		return NULL;
1720 
1721 	return r0kh;
1722 }
1723 
1724 
wpa_ft_rrb_del_r1kh(void * eloop_ctx,void * timeout_ctx)1725 static void wpa_ft_rrb_del_r1kh(void *eloop_ctx, void *timeout_ctx)
1726 {
1727 	struct wpa_authenticator *wpa_auth = eloop_ctx;
1728 	struct ft_remote_r1kh *r1kh, *prev = NULL;
1729 
1730 	if (!wpa_auth->conf.r1kh_list)
1731 		return;
1732 
1733 	for (r1kh = *wpa_auth->conf.r1kh_list; r1kh; r1kh = r1kh->next) {
1734 		if (r1kh == timeout_ctx)
1735 			break;
1736 		prev = r1kh;
1737 	}
1738 	if (!r1kh)
1739 		return;
1740 	if (prev)
1741 		prev->next = r1kh->next;
1742 	else
1743 		*wpa_auth->conf.r1kh_list = r1kh->next;
1744 	if (r1kh->seq)
1745 		wpa_ft_rrb_seq_flush(wpa_auth, r1kh->seq, 0);
1746 	os_free(r1kh->seq);
1747 	os_free(r1kh);
1748 }
1749 
1750 
wpa_ft_rrb_r1kh_replenish(struct wpa_authenticator * wpa_auth,struct ft_remote_r1kh * r1kh,int timeout)1751 static void wpa_ft_rrb_r1kh_replenish(struct wpa_authenticator *wpa_auth,
1752 				      struct ft_remote_r1kh *r1kh, int timeout)
1753 {
1754 	if (timeout > 0)
1755 		eloop_replenish_timeout(timeout, 0, wpa_ft_rrb_del_r1kh,
1756 					wpa_auth, r1kh);
1757 }
1758 
1759 
1760 static struct ft_remote_r1kh *
wpa_ft_rrb_add_r1kh(struct wpa_authenticator * wpa_auth,struct ft_remote_r1kh * r1kh_wildcard,const u8 * src_addr,const u8 * r1kh_id,int timeout)1761 wpa_ft_rrb_add_r1kh(struct wpa_authenticator *wpa_auth,
1762 		    struct ft_remote_r1kh *r1kh_wildcard,
1763 		    const u8 *src_addr, const u8 *r1kh_id, int timeout)
1764 {
1765 	struct ft_remote_r1kh *r1kh;
1766 
1767 	if (!wpa_auth->conf.r1kh_list)
1768 		return NULL;
1769 
1770 	r1kh = os_zalloc(sizeof(*r1kh));
1771 	if (!r1kh)
1772 		return NULL;
1773 
1774 	os_memcpy(r1kh->addr, src_addr, sizeof(r1kh->addr));
1775 	os_memcpy(r1kh->id, r1kh_id, sizeof(r1kh->id));
1776 	os_memcpy(r1kh->key, r1kh_wildcard->key, sizeof(r1kh->key));
1777 	r1kh->next = *wpa_auth->conf.r1kh_list;
1778 	*wpa_auth->conf.r1kh_list = r1kh;
1779 
1780 	if (timeout > 0)
1781 		eloop_register_timeout(timeout, 0, wpa_ft_rrb_del_r1kh,
1782 				       wpa_auth, r1kh);
1783 
1784 	if (wpa_ft_rrb_init_r1kh_seq(r1kh) < 0)
1785 		return NULL;
1786 
1787 	return r1kh;
1788 }
1789 
1790 
wpa_ft_sta_deinit(struct wpa_state_machine * sm)1791 void wpa_ft_sta_deinit(struct wpa_state_machine *sm)
1792 {
1793 	eloop_cancel_timeout(wpa_ft_expire_pull, sm, NULL);
1794 }
1795 
1796 
wpa_ft_deinit_seq(struct wpa_authenticator * wpa_auth)1797 static void wpa_ft_deinit_seq(struct wpa_authenticator *wpa_auth)
1798 {
1799 	struct ft_remote_r0kh *r0kh;
1800 	struct ft_remote_r1kh *r1kh;
1801 
1802 	eloop_cancel_timeout(wpa_ft_rrb_seq_timeout, wpa_auth, ELOOP_ALL_CTX);
1803 
1804 	if (wpa_auth->conf.r0kh_list)
1805 		r0kh = *wpa_auth->conf.r0kh_list;
1806 	else
1807 		r0kh = NULL;
1808 	for (; r0kh; r0kh = r0kh->next) {
1809 		if (!r0kh->seq)
1810 			continue;
1811 		wpa_ft_rrb_seq_flush(wpa_auth, r0kh->seq, 0);
1812 		os_free(r0kh->seq);
1813 		r0kh->seq = NULL;
1814 	}
1815 
1816 	if (wpa_auth->conf.r1kh_list)
1817 		r1kh = *wpa_auth->conf.r1kh_list;
1818 	else
1819 		r1kh = NULL;
1820 	for (; r1kh; r1kh = r1kh->next) {
1821 		if (!r1kh->seq)
1822 			continue;
1823 		wpa_ft_rrb_seq_flush(wpa_auth, r1kh->seq, 0);
1824 		os_free(r1kh->seq);
1825 		r1kh->seq = NULL;
1826 	}
1827 }
1828 
1829 
wpa_ft_deinit_rkh_tmp(struct wpa_authenticator * wpa_auth)1830 static void wpa_ft_deinit_rkh_tmp(struct wpa_authenticator *wpa_auth)
1831 {
1832 	struct ft_remote_r0kh *r0kh, *r0kh_next, *r0kh_prev = NULL;
1833 	struct ft_remote_r1kh *r1kh, *r1kh_next, *r1kh_prev = NULL;
1834 
1835 	if (wpa_auth->conf.r0kh_list)
1836 		r0kh = *wpa_auth->conf.r0kh_list;
1837 	else
1838 		r0kh = NULL;
1839 	while (r0kh) {
1840 		r0kh_next = r0kh->next;
1841 		if (eloop_cancel_timeout(wpa_ft_rrb_del_r0kh, wpa_auth,
1842 					 r0kh) > 0) {
1843 			if (r0kh_prev)
1844 				r0kh_prev->next = r0kh_next;
1845 			else
1846 				*wpa_auth->conf.r0kh_list = r0kh_next;
1847 			os_free(r0kh);
1848 		} else {
1849 			r0kh_prev = r0kh;
1850 		}
1851 		r0kh = r0kh_next;
1852 	}
1853 
1854 	if (wpa_auth->conf.r1kh_list)
1855 		r1kh = *wpa_auth->conf.r1kh_list;
1856 	else
1857 		r1kh = NULL;
1858 	while (r1kh) {
1859 		r1kh_next = r1kh->next;
1860 		if (eloop_cancel_timeout(wpa_ft_rrb_del_r1kh, wpa_auth,
1861 					 r1kh) > 0) {
1862 			if (r1kh_prev)
1863 				r1kh_prev->next = r1kh_next;
1864 			else
1865 				*wpa_auth->conf.r1kh_list = r1kh_next;
1866 			os_free(r1kh);
1867 		} else {
1868 			r1kh_prev = r1kh;
1869 		}
1870 		r1kh = r1kh_next;
1871 	}
1872 }
1873 
1874 
wpa_ft_deinit(struct wpa_authenticator * wpa_auth)1875 void wpa_ft_deinit(struct wpa_authenticator *wpa_auth)
1876 {
1877 	wpa_ft_deinit_seq(wpa_auth);
1878 	wpa_ft_deinit_rkh_tmp(wpa_auth);
1879 }
1880 
1881 
wpa_ft_block_r0kh(struct wpa_authenticator * wpa_auth,const u8 * f_r0kh_id,size_t f_r0kh_id_len)1882 static void wpa_ft_block_r0kh(struct wpa_authenticator *wpa_auth,
1883 			      const u8 *f_r0kh_id, size_t f_r0kh_id_len)
1884 {
1885 	struct ft_remote_r0kh *r0kh, *r0kh_wildcard;
1886 
1887 	if (!wpa_auth->conf.rkh_neg_timeout)
1888 		return;
1889 
1890 	wpa_ft_rrb_lookup_r0kh(wpa_auth, f_r0kh_id, f_r0kh_id_len,
1891 			       &r0kh, &r0kh_wildcard);
1892 
1893 	if (!r0kh_wildcard) {
1894 		/* r0kh removed after neg_timeout and might need re-adding */
1895 		return;
1896 	}
1897 
1898 	wpa_hexdump(MSG_DEBUG, "FT: Blacklist R0KH-ID",
1899 		    f_r0kh_id, f_r0kh_id_len);
1900 
1901 	if (r0kh) {
1902 		wpa_ft_rrb_r0kh_timeout(wpa_auth, r0kh,
1903 					wpa_auth->conf.rkh_neg_timeout);
1904 		os_memset(r0kh->addr, 0, ETH_ALEN);
1905 	} else
1906 		wpa_ft_rrb_add_r0kh(wpa_auth, r0kh_wildcard, NULL, f_r0kh_id,
1907 				    f_r0kh_id_len,
1908 				    wpa_auth->conf.rkh_neg_timeout);
1909 }
1910 
1911 
wpa_ft_expire_pull(void * eloop_ctx,void * timeout_ctx)1912 static void wpa_ft_expire_pull(void *eloop_ctx, void *timeout_ctx)
1913 {
1914 	struct wpa_state_machine *sm = eloop_ctx;
1915 
1916 	wpa_printf(MSG_DEBUG, "FT: Timeout pending pull request for " MACSTR,
1917 		   MAC2STR(sm->addr));
1918 	if (sm->ft_pending_pull_left_retries <= 0)
1919 		wpa_ft_block_r0kh(sm->wpa_auth, sm->r0kh_id, sm->r0kh_id_len);
1920 
1921 	/* cancel multiple timeouts */
1922 	eloop_cancel_timeout(wpa_ft_expire_pull, sm, NULL);
1923 	ft_finish_pull(sm);
1924 }
1925 
1926 
wpa_ft_pull_pmk_r1(struct wpa_state_machine * sm,const u8 * ies,size_t ies_len,const u8 * pmk_r0_name)1927 static int wpa_ft_pull_pmk_r1(struct wpa_state_machine *sm,
1928 			      const u8 *ies, size_t ies_len,
1929 			      const u8 *pmk_r0_name)
1930 {
1931 	struct ft_remote_r0kh *r0kh, *r0kh_wildcard;
1932 	u8 *packet = NULL;
1933 	const u8 *key, *f_r1kh_id = sm->wpa_auth->conf.r1_key_holder;
1934 	size_t packet_len, key_len;
1935 	struct ft_rrb_seq f_seq;
1936 	int tsecs, tusecs, first;
1937 	struct wpabuf *ft_pending_req_ies;
1938 	int r0kh_timeout;
1939 	struct tlv_list req_enc[] = {
1940 		{ .type = FT_RRB_PMK_R0_NAME, .len = WPA_PMK_NAME_LEN,
1941 		  .data = pmk_r0_name },
1942 		{ .type = FT_RRB_S1KH_ID, .len = ETH_ALEN,
1943 		  .data = sm->addr },
1944 		{ .type = FT_RRB_LAST_EMPTY, .len = 0, .data = NULL },
1945 	};
1946 	struct tlv_list req_auth[] = {
1947 		{ .type = FT_RRB_NONCE, .len = FT_RRB_NONCE_LEN,
1948 		  .data = sm->ft_pending_pull_nonce },
1949 		{ .type = FT_RRB_SEQ, .len = sizeof(f_seq),
1950 		  .data = (u8 *) &f_seq },
1951 		{ .type = FT_RRB_R0KH_ID, .len = sm->r0kh_id_len,
1952 		  .data = sm->r0kh_id },
1953 		{ .type = FT_RRB_R1KH_ID, .len = FT_R1KH_ID_LEN,
1954 		  .data = f_r1kh_id },
1955 		{ .type = FT_RRB_LAST_EMPTY, .len = 0, .data = NULL },
1956 	};
1957 
1958 	if (sm->ft_pending_pull_left_retries <= 0)
1959 		return -1;
1960 	first = sm->ft_pending_pull_left_retries ==
1961 		sm->wpa_auth->conf.rkh_pull_retries;
1962 	sm->ft_pending_pull_left_retries--;
1963 
1964 	wpa_ft_rrb_lookup_r0kh(sm->wpa_auth, sm->r0kh_id, sm->r0kh_id_len,
1965 			       &r0kh, &r0kh_wildcard);
1966 
1967 	/* Keep r0kh sufficiently long in the list for seq num check */
1968 	r0kh_timeout = sm->wpa_auth->conf.rkh_pull_timeout / 1000 +
1969 		1 + ftRRBseqTimeout;
1970 	if (r0kh) {
1971 		wpa_ft_rrb_r0kh_replenish(sm->wpa_auth, r0kh, r0kh_timeout);
1972 	} else if (r0kh_wildcard) {
1973 		wpa_printf(MSG_DEBUG, "FT: Using wildcard R0KH-ID");
1974 		/* r0kh->addr: updated by SEQ_RESP and wpa_ft_expire_pull */
1975 		r0kh = wpa_ft_rrb_add_r0kh(sm->wpa_auth, r0kh_wildcard,
1976 					   r0kh_wildcard->addr,
1977 					   sm->r0kh_id, sm->r0kh_id_len,
1978 					   r0kh_timeout);
1979 	}
1980 	if (r0kh == NULL) {
1981 		wpa_hexdump(MSG_DEBUG, "FT: Did not find R0KH-ID",
1982 			    sm->r0kh_id, sm->r0kh_id_len);
1983 		return -1;
1984 	}
1985 	if (is_zero_ether_addr(r0kh->addr)) {
1986 		wpa_hexdump(MSG_DEBUG, "FT: R0KH-ID is blacklisted",
1987 			    sm->r0kh_id, sm->r0kh_id_len);
1988 		return -1;
1989 	}
1990 	if (os_memcmp(r0kh->addr, sm->wpa_auth->addr, ETH_ALEN) == 0) {
1991 		wpa_printf(MSG_DEBUG,
1992 			   "FT: R0KH-ID points to self - no matching key available");
1993 		return -1;
1994 	}
1995 
1996 	key = r0kh->key;
1997 	key_len = sizeof(r0kh->key);
1998 
1999 	wpa_printf(MSG_DEBUG, "FT: Send PMK-R1 pull request to remote R0KH "
2000 		   "address " MACSTR, MAC2STR(r0kh->addr));
2001 
2002 	if (r0kh->seq->rx.num_last == 0) {
2003 		/* A sequence request will be sent out anyway when pull
2004 		 * response is received. Send it out now to avoid one RTT. */
2005 		wpa_ft_rrb_seq_req(sm->wpa_auth, r0kh->seq, r0kh->addr,
2006 				   r0kh->id, r0kh->id_len, f_r1kh_id, key,
2007 				   key_len, NULL, 0, NULL, 0, NULL);
2008 	}
2009 
2010 	if (first &&
2011 	    random_get_bytes(sm->ft_pending_pull_nonce, FT_RRB_NONCE_LEN) < 0) {
2012 		wpa_printf(MSG_DEBUG, "FT: Failed to get random data for "
2013 			   "nonce");
2014 		return -1;
2015 	}
2016 
2017 	if (wpa_ft_new_seq(r0kh->seq, &f_seq) < 0) {
2018 		wpa_printf(MSG_DEBUG, "FT: Failed to get seq num");
2019 		return -1;
2020 	}
2021 
2022 	if (wpa_ft_rrb_build(key, key_len, req_enc, NULL, req_auth, NULL,
2023 			     sm->wpa_auth->addr, FT_PACKET_R0KH_R1KH_PULL,
2024 			     &packet, &packet_len) < 0)
2025 		return -1;
2026 
2027 	ft_pending_req_ies = wpabuf_alloc_copy(ies, ies_len);
2028 	wpabuf_free(sm->ft_pending_req_ies);
2029 	sm->ft_pending_req_ies = ft_pending_req_ies;
2030 	if (!sm->ft_pending_req_ies) {
2031 		os_free(packet);
2032 		return -1;
2033 	}
2034 
2035 	tsecs = sm->wpa_auth->conf.rkh_pull_timeout / 1000;
2036 	tusecs = (sm->wpa_auth->conf.rkh_pull_timeout % 1000) * 1000;
2037 	eloop_register_timeout(tsecs, tusecs, wpa_ft_expire_pull, sm, NULL);
2038 
2039 	wpa_ft_rrb_oui_send(sm->wpa_auth, r0kh->addr, FT_PACKET_R0KH_R1KH_PULL,
2040 			    packet, packet_len);
2041 
2042 	os_free(packet);
2043 
2044 	return 0;
2045 }
2046 
2047 
wpa_ft_store_pmk_fils(struct wpa_state_machine * sm,const u8 * pmk_r0,const u8 * pmk_r0_name)2048 int wpa_ft_store_pmk_fils(struct wpa_state_machine *sm,
2049 			  const u8 *pmk_r0, const u8 *pmk_r0_name)
2050 {
2051 	int expires_in = sm->wpa_auth->conf.r0_key_lifetime;
2052 	struct vlan_description vlan;
2053 	const u8 *identity, *radius_cui;
2054 	size_t identity_len, radius_cui_len;
2055 	int session_timeout;
2056 	size_t pmk_r0_len = wpa_key_mgmt_sha384(sm->wpa_key_mgmt) ?
2057 		SHA384_MAC_LEN : PMK_LEN;
2058 
2059 	if (wpa_ft_get_vlan(sm->wpa_auth, sm->addr, &vlan) < 0) {
2060 		wpa_printf(MSG_DEBUG, "FT: vlan not available for STA " MACSTR,
2061 			   MAC2STR(sm->addr));
2062 		return -1;
2063 	}
2064 
2065 	identity_len = wpa_ft_get_identity(sm->wpa_auth, sm->addr, &identity);
2066 	radius_cui_len = wpa_ft_get_radius_cui(sm->wpa_auth, sm->addr,
2067 					       &radius_cui);
2068 	session_timeout = wpa_ft_get_session_timeout(sm->wpa_auth, sm->addr);
2069 
2070 	return wpa_ft_store_pmk_r0(sm->wpa_auth, sm->addr, pmk_r0, pmk_r0_len,
2071 				   pmk_r0_name, sm->pairwise, &vlan, expires_in,
2072 				   session_timeout, identity, identity_len,
2073 				   radius_cui, radius_cui_len);
2074 }
2075 
2076 
wpa_auth_derive_ptk_ft(struct wpa_state_machine * sm,const u8 * pmk,struct wpa_ptk * ptk)2077 int wpa_auth_derive_ptk_ft(struct wpa_state_machine *sm, const u8 *pmk,
2078 			   struct wpa_ptk *ptk)
2079 {
2080 	u8 pmk_r0[PMK_LEN_MAX], pmk_r0_name[WPA_PMK_NAME_LEN];
2081 	size_t pmk_r0_len = wpa_key_mgmt_sha384(sm->wpa_key_mgmt) ?
2082 		SHA384_MAC_LEN : PMK_LEN;
2083 	size_t pmk_r1_len = pmk_r0_len;
2084 	u8 pmk_r1[PMK_LEN_MAX];
2085 	u8 ptk_name[WPA_PMK_NAME_LEN];
2086 	const u8 *mdid = sm->wpa_auth->conf.mobility_domain;
2087 	const u8 *r0kh = sm->wpa_auth->conf.r0_key_holder;
2088 	size_t r0kh_len = sm->wpa_auth->conf.r0_key_holder_len;
2089 	const u8 *r1kh = sm->wpa_auth->conf.r1_key_holder;
2090 	const u8 *ssid = sm->wpa_auth->conf.ssid;
2091 	size_t ssid_len = sm->wpa_auth->conf.ssid_len;
2092 	int psk_local = sm->wpa_auth->conf.ft_psk_generate_local;
2093 	int expires_in = sm->wpa_auth->conf.r0_key_lifetime;
2094 	struct vlan_description vlan;
2095 	const u8 *identity, *radius_cui;
2096 	size_t identity_len, radius_cui_len;
2097 	int session_timeout;
2098 
2099 	if (sm->xxkey_len == 0) {
2100 		wpa_printf(MSG_DEBUG, "FT: XXKey not available for key "
2101 			   "derivation");
2102 		return -1;
2103 	}
2104 
2105 	if (wpa_ft_get_vlan(sm->wpa_auth, sm->addr, &vlan) < 0) {
2106 		wpa_printf(MSG_DEBUG, "FT: vlan not available for STA " MACSTR,
2107 			   MAC2STR(sm->addr));
2108 		return -1;
2109 	}
2110 
2111 	identity_len = wpa_ft_get_identity(sm->wpa_auth, sm->addr, &identity);
2112 	radius_cui_len = wpa_ft_get_radius_cui(sm->wpa_auth, sm->addr,
2113 					       &radius_cui);
2114 	session_timeout = wpa_ft_get_session_timeout(sm->wpa_auth, sm->addr);
2115 
2116 	if (wpa_derive_pmk_r0(sm->xxkey, sm->xxkey_len, ssid, ssid_len, mdid,
2117 			      r0kh, r0kh_len, sm->addr,
2118 			      pmk_r0, pmk_r0_name,
2119 			      wpa_key_mgmt_sha384(sm->wpa_key_mgmt)) < 0)
2120 		return -1;
2121 	wpa_hexdump_key(MSG_DEBUG, "FT: PMK-R0", pmk_r0, pmk_r0_len);
2122 	wpa_hexdump(MSG_DEBUG, "FT: PMKR0Name", pmk_r0_name, WPA_PMK_NAME_LEN);
2123 	if (!psk_local || !wpa_key_mgmt_ft_psk(sm->wpa_key_mgmt))
2124 		wpa_ft_store_pmk_r0(sm->wpa_auth, sm->addr, pmk_r0, pmk_r0_len,
2125 				    pmk_r0_name,
2126 				    sm->pairwise, &vlan, expires_in,
2127 				    session_timeout, identity, identity_len,
2128 				    radius_cui, radius_cui_len);
2129 
2130 	if (wpa_derive_pmk_r1(pmk_r0, pmk_r0_len, pmk_r0_name, r1kh, sm->addr,
2131 			      pmk_r1, sm->pmk_r1_name) < 0)
2132 		return -1;
2133 	wpa_hexdump_key(MSG_DEBUG, "FT: PMK-R1", pmk_r1, pmk_r1_len);
2134 	wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name", sm->pmk_r1_name,
2135 		    WPA_PMK_NAME_LEN);
2136 	if (!psk_local || !wpa_key_mgmt_ft_psk(sm->wpa_key_mgmt))
2137 		wpa_ft_store_pmk_r1(sm->wpa_auth, sm->addr, pmk_r1, pmk_r1_len,
2138 				    sm->pmk_r1_name, sm->pairwise, &vlan,
2139 				    expires_in, session_timeout, identity,
2140 				    identity_len, radius_cui, radius_cui_len);
2141 
2142 	return wpa_pmk_r1_to_ptk(pmk_r1, pmk_r1_len, sm->SNonce, sm->ANonce,
2143 				 sm->addr, sm->wpa_auth->addr, sm->pmk_r1_name,
2144 				 ptk, ptk_name, sm->wpa_key_mgmt, sm->pairwise);
2145 }
2146 
2147 
wpa_auth_get_seqnum(struct wpa_authenticator * wpa_auth,const u8 * addr,int idx,u8 * seq)2148 static inline int wpa_auth_get_seqnum(struct wpa_authenticator *wpa_auth,
2149 				      const u8 *addr, int idx, u8 *seq)
2150 {
2151 	if (wpa_auth->cb->get_seqnum == NULL)
2152 		return -1;
2153 	return wpa_auth->cb->get_seqnum(wpa_auth->cb_ctx, addr, idx, seq);
2154 }
2155 
2156 
wpa_ft_gtk_subelem(struct wpa_state_machine * sm,size_t * len)2157 static u8 * wpa_ft_gtk_subelem(struct wpa_state_machine *sm, size_t *len)
2158 {
2159 	u8 *subelem;
2160 	struct wpa_group *gsm = sm->group;
2161 	size_t subelem_len, pad_len;
2162 	const u8 *key;
2163 	size_t key_len;
2164 	u8 keybuf[32];
2165 	const u8 *kek;
2166 	size_t kek_len;
2167 
2168 	if (wpa_key_mgmt_fils(sm->wpa_key_mgmt)) {
2169 		kek = sm->PTK.kek2;
2170 		kek_len = sm->PTK.kek2_len;
2171 	} else {
2172 		kek = sm->PTK.kek;
2173 		kek_len = sm->PTK.kek_len;
2174 	}
2175 
2176 	key_len = gsm->GTK_len;
2177 	if (key_len > sizeof(keybuf))
2178 		return NULL;
2179 
2180 	/*
2181 	 * Pad key for AES Key Wrap if it is not multiple of 8 bytes or is less
2182 	 * than 16 bytes.
2183 	 */
2184 	pad_len = key_len % 8;
2185 	if (pad_len)
2186 		pad_len = 8 - pad_len;
2187 	if (key_len + pad_len < 16)
2188 		pad_len += 8;
2189 	if (pad_len && key_len < sizeof(keybuf)) {
2190 		os_memcpy(keybuf, gsm->GTK[gsm->GN - 1], key_len);
2191 		os_memset(keybuf + key_len, 0, pad_len);
2192 		keybuf[key_len] = 0xdd;
2193 		key_len += pad_len;
2194 		key = keybuf;
2195 	} else
2196 		key = gsm->GTK[gsm->GN - 1];
2197 
2198 	/*
2199 	 * Sub-elem ID[1] | Length[1] | Key Info[2] | Key Length[1] | RSC[8] |
2200 	 * Key[5..32].
2201 	 */
2202 	subelem_len = 13 + key_len + 8;
2203 	subelem = os_zalloc(subelem_len);
2204 	if (subelem == NULL)
2205 		return NULL;
2206 
2207 	subelem[0] = FTIE_SUBELEM_GTK;
2208 	subelem[1] = 11 + key_len + 8;
2209 	/* Key ID in B0-B1 of Key Info */
2210 	WPA_PUT_LE16(&subelem[2], gsm->GN & 0x03);
2211 	subelem[4] = gsm->GTK_len;
2212 	wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN, subelem + 5);
2213 	if (aes_wrap(kek, kek_len, key_len / 8, key, subelem + 13)) {
2214 		wpa_printf(MSG_DEBUG,
2215 			   "FT: GTK subelem encryption failed: kek_len=%d",
2216 			   (int) kek_len);
2217 		os_free(subelem);
2218 		return NULL;
2219 	}
2220 
2221 	*len = subelem_len;
2222 	return subelem;
2223 }
2224 
2225 
2226 #ifdef CONFIG_IEEE80211W
wpa_ft_igtk_subelem(struct wpa_state_machine * sm,size_t * len)2227 static u8 * wpa_ft_igtk_subelem(struct wpa_state_machine *sm, size_t *len)
2228 {
2229 	u8 *subelem, *pos;
2230 	struct wpa_group *gsm = sm->group;
2231 	size_t subelem_len;
2232 	const u8 *kek;
2233 	size_t kek_len;
2234 	size_t igtk_len;
2235 
2236 	if (wpa_key_mgmt_fils(sm->wpa_key_mgmt)) {
2237 		kek = sm->PTK.kek2;
2238 		kek_len = sm->PTK.kek2_len;
2239 	} else {
2240 		kek = sm->PTK.kek;
2241 		kek_len = sm->PTK.kek_len;
2242 	}
2243 
2244 	igtk_len = wpa_cipher_key_len(sm->wpa_auth->conf.group_mgmt_cipher);
2245 
2246 	/* Sub-elem ID[1] | Length[1] | KeyID[2] | IPN[6] | Key Length[1] |
2247 	 * Key[16+8] */
2248 	subelem_len = 1 + 1 + 2 + 6 + 1 + igtk_len + 8;
2249 	subelem = os_zalloc(subelem_len);
2250 	if (subelem == NULL)
2251 		return NULL;
2252 
2253 	pos = subelem;
2254 	*pos++ = FTIE_SUBELEM_IGTK;
2255 	*pos++ = subelem_len - 2;
2256 	WPA_PUT_LE16(pos, gsm->GN_igtk);
2257 	pos += 2;
2258 	wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN_igtk, pos);
2259 	pos += 6;
2260 	*pos++ = igtk_len;
2261 	if (aes_wrap(kek, kek_len, igtk_len / 8,
2262 		     gsm->IGTK[gsm->GN_igtk - 4], pos)) {
2263 		wpa_printf(MSG_DEBUG,
2264 			   "FT: IGTK subelem encryption failed: kek_len=%d",
2265 			   (int) kek_len);
2266 		os_free(subelem);
2267 		return NULL;
2268 	}
2269 
2270 	*len = subelem_len;
2271 	return subelem;
2272 }
2273 #endif /* CONFIG_IEEE80211W */
2274 
2275 
wpa_ft_process_rdie(struct wpa_state_machine * sm,u8 * pos,u8 * end,u8 id,u8 descr_count,const u8 * ies,size_t ies_len)2276 static u8 * wpa_ft_process_rdie(struct wpa_state_machine *sm,
2277 				u8 *pos, u8 *end, u8 id, u8 descr_count,
2278 				const u8 *ies, size_t ies_len)
2279 {
2280 	struct ieee802_11_elems parse;
2281 	struct rsn_rdie *rdie;
2282 
2283 	wpa_printf(MSG_DEBUG, "FT: Resource Request: id=%d descr_count=%d",
2284 		   id, descr_count);
2285 	wpa_hexdump(MSG_MSGDUMP, "FT: Resource descriptor IE(s)",
2286 		    ies, ies_len);
2287 
2288 	if (end - pos < (int) sizeof(*rdie)) {
2289 		wpa_printf(MSG_ERROR, "FT: Not enough room for response RDIE");
2290 		return pos;
2291 	}
2292 
2293 	*pos++ = WLAN_EID_RIC_DATA;
2294 	*pos++ = sizeof(*rdie);
2295 	rdie = (struct rsn_rdie *) pos;
2296 	rdie->id = id;
2297 	rdie->descr_count = 0;
2298 	rdie->status_code = host_to_le16(WLAN_STATUS_SUCCESS);
2299 	pos += sizeof(*rdie);
2300 
2301 	if (ieee802_11_parse_elems((u8 *) ies, ies_len, &parse, 1) ==
2302 	    ParseFailed) {
2303 		wpa_printf(MSG_DEBUG, "FT: Failed to parse request IEs");
2304 		rdie->status_code =
2305 			host_to_le16(WLAN_STATUS_UNSPECIFIED_FAILURE);
2306 		return pos;
2307 	}
2308 
2309 	if (parse.wmm_tspec) {
2310 		struct wmm_tspec_element *tspec;
2311 
2312 		if (parse.wmm_tspec_len + 2 < (int) sizeof(*tspec)) {
2313 			wpa_printf(MSG_DEBUG, "FT: Too short WMM TSPEC IE "
2314 				   "(%d)", (int) parse.wmm_tspec_len);
2315 			rdie->status_code =
2316 				host_to_le16(WLAN_STATUS_UNSPECIFIED_FAILURE);
2317 			return pos;
2318 		}
2319 		if (end - pos < (int) sizeof(*tspec)) {
2320 			wpa_printf(MSG_ERROR, "FT: Not enough room for "
2321 				   "response TSPEC");
2322 			rdie->status_code =
2323 				host_to_le16(WLAN_STATUS_UNSPECIFIED_FAILURE);
2324 			return pos;
2325 		}
2326 		tspec = (struct wmm_tspec_element *) pos;
2327 		os_memcpy(tspec, parse.wmm_tspec - 2, sizeof(*tspec));
2328 	}
2329 
2330 #ifdef NEED_AP_MLME
2331 	if (parse.wmm_tspec && sm->wpa_auth->conf.ap_mlme) {
2332 		int res;
2333 
2334 		res = wmm_process_tspec((struct wmm_tspec_element *) pos);
2335 		wpa_printf(MSG_DEBUG, "FT: ADDTS processing result: %d", res);
2336 		if (res == WMM_ADDTS_STATUS_INVALID_PARAMETERS)
2337 			rdie->status_code =
2338 				host_to_le16(WLAN_STATUS_INVALID_PARAMETERS);
2339 		else if (res == WMM_ADDTS_STATUS_REFUSED)
2340 			rdie->status_code =
2341 				host_to_le16(WLAN_STATUS_REQUEST_DECLINED);
2342 		else {
2343 			/* TSPEC accepted; include updated TSPEC in response */
2344 			rdie->descr_count = 1;
2345 			pos += sizeof(struct wmm_tspec_element);
2346 		}
2347 		return pos;
2348 	}
2349 #endif /* NEED_AP_MLME */
2350 
2351 	if (parse.wmm_tspec && !sm->wpa_auth->conf.ap_mlme) {
2352 		int res;
2353 
2354 		res = wpa_ft_add_tspec(sm->wpa_auth, sm->addr, pos,
2355 				       sizeof(struct wmm_tspec_element));
2356 		if (res >= 0) {
2357 			if (res)
2358 				rdie->status_code = host_to_le16(res);
2359 			else {
2360 				/* TSPEC accepted; include updated TSPEC in
2361 				 * response */
2362 				rdie->descr_count = 1;
2363 				pos += sizeof(struct wmm_tspec_element);
2364 			}
2365 			return pos;
2366 		}
2367 	}
2368 
2369 	wpa_printf(MSG_DEBUG, "FT: No supported resource requested");
2370 	rdie->status_code = host_to_le16(WLAN_STATUS_UNSPECIFIED_FAILURE);
2371 	return pos;
2372 }
2373 
2374 
wpa_ft_process_ric(struct wpa_state_machine * sm,u8 * pos,u8 * end,const u8 * ric,size_t ric_len)2375 static u8 * wpa_ft_process_ric(struct wpa_state_machine *sm, u8 *pos, u8 *end,
2376 			       const u8 *ric, size_t ric_len)
2377 {
2378 	const u8 *rpos, *start;
2379 	const struct rsn_rdie *rdie;
2380 
2381 	wpa_hexdump(MSG_MSGDUMP, "FT: RIC Request", ric, ric_len);
2382 
2383 	rpos = ric;
2384 	while (rpos + sizeof(*rdie) < ric + ric_len) {
2385 		if (rpos[0] != WLAN_EID_RIC_DATA || rpos[1] < sizeof(*rdie) ||
2386 		    rpos + 2 + rpos[1] > ric + ric_len)
2387 			break;
2388 		rdie = (const struct rsn_rdie *) (rpos + 2);
2389 		rpos += 2 + rpos[1];
2390 		start = rpos;
2391 
2392 		while (rpos + 2 <= ric + ric_len &&
2393 		       rpos + 2 + rpos[1] <= ric + ric_len) {
2394 			if (rpos[0] == WLAN_EID_RIC_DATA)
2395 				break;
2396 			rpos += 2 + rpos[1];
2397 		}
2398 		pos = wpa_ft_process_rdie(sm, pos, end, rdie->id,
2399 					  rdie->descr_count,
2400 					  start, rpos - start);
2401 	}
2402 
2403 	return pos;
2404 }
2405 
2406 
wpa_sm_write_assoc_resp_ies(struct wpa_state_machine * sm,u8 * pos,size_t max_len,int auth_alg,const u8 * req_ies,size_t req_ies_len)2407 u8 * wpa_sm_write_assoc_resp_ies(struct wpa_state_machine *sm, u8 *pos,
2408 				 size_t max_len, int auth_alg,
2409 				 const u8 *req_ies, size_t req_ies_len)
2410 {
2411 	u8 *end, *mdie, *ftie, *rsnie = NULL, *r0kh_id, *subelem = NULL;
2412 	u8 *fte_mic, *elem_count;
2413 	size_t mdie_len, ftie_len, rsnie_len = 0, r0kh_id_len, subelem_len = 0;
2414 	int res;
2415 	struct wpa_auth_config *conf;
2416 	struct wpa_ft_ies parse;
2417 	u8 *ric_start;
2418 	u8 *anonce, *snonce;
2419 	const u8 *kck;
2420 	size_t kck_len;
2421 	int use_sha384;
2422 
2423 	if (sm == NULL)
2424 		return pos;
2425 
2426 	use_sha384 = wpa_key_mgmt_sha384(sm->wpa_key_mgmt);
2427 	conf = &sm->wpa_auth->conf;
2428 
2429 	if (!wpa_key_mgmt_ft(sm->wpa_key_mgmt))
2430 		return pos;
2431 
2432 	end = pos + max_len;
2433 
2434 	if (auth_alg == WLAN_AUTH_FT ||
2435 	    ((auth_alg == WLAN_AUTH_FILS_SK ||
2436 	      auth_alg == WLAN_AUTH_FILS_SK_PFS ||
2437 	      auth_alg == WLAN_AUTH_FILS_PK) &&
2438 	     (sm->wpa_key_mgmt & (WPA_KEY_MGMT_FT_FILS_SHA256 |
2439 				  WPA_KEY_MGMT_FT_FILS_SHA384)))) {
2440 		if (!sm->pmk_r1_name_valid) {
2441 			wpa_printf(MSG_ERROR,
2442 				   "FT: PMKR1Name is not valid for Assoc Resp RSNE");
2443 			return NULL;
2444 		}
2445 		wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name for Assoc Resp RSNE",
2446 			    sm->pmk_r1_name, WPA_PMK_NAME_LEN);
2447 		/*
2448 		 * RSN (only present if this is a Reassociation Response and
2449 		 * part of a fast BSS transition; or if this is a
2450 		 * (Re)Association Response frame during an FT initial mobility
2451 		 * domain association using FILS)
2452 		 */
2453 		res = wpa_write_rsn_ie(conf, pos, end - pos, sm->pmk_r1_name);
2454 		if (res < 0)
2455 			return NULL;
2456 		rsnie = pos;
2457 		rsnie_len = res;
2458 		pos += res;
2459 	}
2460 
2461 	/* Mobility Domain Information */
2462 	res = wpa_write_mdie(conf, pos, end - pos);
2463 	if (res < 0)
2464 		return NULL;
2465 	mdie = pos;
2466 	mdie_len = res;
2467 	pos += res;
2468 
2469 	/* Fast BSS Transition Information */
2470 	if (auth_alg == WLAN_AUTH_FT) {
2471 		subelem = wpa_ft_gtk_subelem(sm, &subelem_len);
2472 		if (!subelem) {
2473 			wpa_printf(MSG_DEBUG,
2474 				   "FT: Failed to add GTK subelement");
2475 			return NULL;
2476 		}
2477 		r0kh_id = sm->r0kh_id;
2478 		r0kh_id_len = sm->r0kh_id_len;
2479 		anonce = sm->ANonce;
2480 		snonce = sm->SNonce;
2481 #ifdef CONFIG_IEEE80211W
2482 		if (sm->mgmt_frame_prot) {
2483 			u8 *igtk;
2484 			size_t igtk_len;
2485 			u8 *nbuf;
2486 			igtk = wpa_ft_igtk_subelem(sm, &igtk_len);
2487 			if (igtk == NULL) {
2488 				wpa_printf(MSG_DEBUG,
2489 					   "FT: Failed to add IGTK subelement");
2490 				os_free(subelem);
2491 				return NULL;
2492 			}
2493 			nbuf = os_realloc(subelem, subelem_len + igtk_len);
2494 			if (nbuf == NULL) {
2495 				os_free(subelem);
2496 				os_free(igtk);
2497 				return NULL;
2498 			}
2499 			subelem = nbuf;
2500 			os_memcpy(subelem + subelem_len, igtk, igtk_len);
2501 			subelem_len += igtk_len;
2502 			os_free(igtk);
2503 		}
2504 #endif /* CONFIG_IEEE80211W */
2505 #ifdef CONFIG_OCV
2506 		if (wpa_auth_uses_ocv(sm)) {
2507 			struct wpa_channel_info ci;
2508 			u8 *nbuf, *ocipos;
2509 
2510 			if (wpa_channel_info(sm->wpa_auth, &ci) != 0) {
2511 				wpa_printf(MSG_WARNING,
2512 					   "Failed to get channel info for OCI element");
2513 				os_free(subelem);
2514 				return NULL;
2515 			}
2516 
2517 			subelem_len += 2 + OCV_OCI_LEN;
2518 			nbuf = os_realloc(subelem, subelem_len);
2519 			if (!nbuf) {
2520 				os_free(subelem);
2521 				return NULL;
2522 			}
2523 			subelem = nbuf;
2524 
2525 			ocipos = subelem + subelem_len - 2 - OCV_OCI_LEN;
2526 			*ocipos++ = FTIE_SUBELEM_OCI;
2527 			*ocipos++ = OCV_OCI_LEN;
2528 			if (ocv_insert_oci(&ci, &ocipos) < 0) {
2529 				os_free(subelem);
2530 				return NULL;
2531 			}
2532 		}
2533 #endif /* CONFIG_OCV */
2534 	} else {
2535 		r0kh_id = conf->r0_key_holder;
2536 		r0kh_id_len = conf->r0_key_holder_len;
2537 		anonce = NULL;
2538 		snonce = NULL;
2539 	}
2540 	res = wpa_write_ftie(conf, use_sha384, r0kh_id, r0kh_id_len,
2541 			     anonce, snonce, pos, end - pos,
2542 			     subelem, subelem_len);
2543 	os_free(subelem);
2544 	if (res < 0)
2545 		return NULL;
2546 	ftie = pos;
2547 	ftie_len = res;
2548 	pos += res;
2549 
2550 	if (use_sha384) {
2551 		struct rsn_ftie_sha384 *_ftie =
2552 			(struct rsn_ftie_sha384 *) (ftie + 2);
2553 
2554 		fte_mic = _ftie->mic;
2555 		elem_count = &_ftie->mic_control[1];
2556 	} else {
2557 		struct rsn_ftie *_ftie = (struct rsn_ftie *) (ftie + 2);
2558 
2559 		fte_mic = _ftie->mic;
2560 		elem_count = &_ftie->mic_control[1];
2561 	}
2562 	if (auth_alg == WLAN_AUTH_FT)
2563 		*elem_count = 3; /* Information element count */
2564 
2565 	ric_start = pos;
2566 	if (wpa_ft_parse_ies(req_ies, req_ies_len, &parse, use_sha384) == 0
2567 	    && parse.ric) {
2568 		pos = wpa_ft_process_ric(sm, pos, end, parse.ric,
2569 					 parse.ric_len);
2570 		if (auth_alg == WLAN_AUTH_FT)
2571 			*elem_count +=
2572 				ieee802_11_ie_count(ric_start,
2573 						    pos - ric_start);
2574 	}
2575 	if (ric_start == pos)
2576 		ric_start = NULL;
2577 
2578 	if (wpa_key_mgmt_fils(sm->wpa_key_mgmt)) {
2579 		kck = sm->PTK.kck2;
2580 		kck_len = sm->PTK.kck2_len;
2581 	} else {
2582 		kck = sm->PTK.kck;
2583 		kck_len = sm->PTK.kck_len;
2584 	}
2585 	if (auth_alg == WLAN_AUTH_FT &&
2586 	    wpa_ft_mic(kck, kck_len, sm->addr, sm->wpa_auth->addr, 6,
2587 		       mdie, mdie_len, ftie, ftie_len,
2588 		       rsnie, rsnie_len,
2589 		       ric_start, ric_start ? pos - ric_start : 0,
2590 		       fte_mic) < 0) {
2591 		wpa_printf(MSG_DEBUG, "FT: Failed to calculate MIC");
2592 		return NULL;
2593 	}
2594 
2595 	os_free(sm->assoc_resp_ftie);
2596 	sm->assoc_resp_ftie = os_malloc(ftie_len);
2597 	if (!sm->assoc_resp_ftie)
2598 		return NULL;
2599 	os_memcpy(sm->assoc_resp_ftie, ftie, ftie_len);
2600 
2601 	return pos;
2602 }
2603 
2604 
wpa_auth_set_key(struct wpa_authenticator * wpa_auth,int vlan_id,enum wpa_alg alg,const u8 * addr,int idx,u8 * key,size_t key_len)2605 static inline int wpa_auth_set_key(struct wpa_authenticator *wpa_auth,
2606 				   int vlan_id,
2607 				   enum wpa_alg alg, const u8 *addr, int idx,
2608 				   u8 *key, size_t key_len)
2609 {
2610 	if (wpa_auth->cb->set_key == NULL)
2611 		return -1;
2612 	return wpa_auth->cb->set_key(wpa_auth->cb_ctx, vlan_id, alg, addr, idx,
2613 				     key, key_len);
2614 }
2615 
2616 
wpa_ft_install_ptk(struct wpa_state_machine * sm)2617 void wpa_ft_install_ptk(struct wpa_state_machine *sm)
2618 {
2619 	enum wpa_alg alg;
2620 	int klen;
2621 
2622 	/* MLME-SETKEYS.request(PTK) */
2623 	alg = wpa_cipher_to_alg(sm->pairwise);
2624 	klen = wpa_cipher_key_len(sm->pairwise);
2625 	if (!wpa_cipher_valid_pairwise(sm->pairwise)) {
2626 		wpa_printf(MSG_DEBUG, "FT: Unknown pairwise alg 0x%x - skip "
2627 			   "PTK configuration", sm->pairwise);
2628 		return;
2629 	}
2630 
2631 	if (sm->tk_already_set) {
2632 		/* Must avoid TK reconfiguration to prevent clearing of TX/RX
2633 		 * PN in the driver */
2634 		wpa_printf(MSG_DEBUG,
2635 			   "FT: Do not re-install same PTK to the driver");
2636 		return;
2637 	}
2638 
2639 	/* FIX: add STA entry to kernel/driver here? The set_key will fail
2640 	 * most likely without this.. At the moment, STA entry is added only
2641 	 * after association has been completed. This function will be called
2642 	 * again after association to get the PTK configured, but that could be
2643 	 * optimized by adding the STA entry earlier.
2644 	 */
2645 	if (wpa_auth_set_key(sm->wpa_auth, 0, alg, sm->addr, 0,
2646 			     sm->PTK.tk, klen))
2647 		return;
2648 
2649 	/* FIX: MLME-SetProtection.Request(TA, Tx_Rx) */
2650 	sm->pairwise_set = TRUE;
2651 	sm->tk_already_set = TRUE;
2652 }
2653 
2654 
2655 /* Derive PMK-R1 from PSK, check all available PSK */
wpa_ft_psk_pmk_r1(struct wpa_state_machine * sm,const u8 * req_pmk_r1_name,u8 * out_pmk_r1,int * out_pairwise,struct vlan_description * out_vlan,const u8 ** out_identity,size_t * out_identity_len,const u8 ** out_radius_cui,size_t * out_radius_cui_len,int * out_session_timeout)2656 static int wpa_ft_psk_pmk_r1(struct wpa_state_machine *sm,
2657 			     const u8 *req_pmk_r1_name,
2658 			     u8 *out_pmk_r1, int *out_pairwise,
2659 			     struct vlan_description *out_vlan,
2660 			     const u8 **out_identity, size_t *out_identity_len,
2661 			     const u8 **out_radius_cui,
2662 			     size_t *out_radius_cui_len,
2663 			     int *out_session_timeout)
2664 {
2665 	const u8 *pmk = NULL;
2666 	u8 pmk_r0[PMK_LEN], pmk_r0_name[WPA_PMK_NAME_LEN];
2667 	u8 pmk_r1[PMK_LEN], pmk_r1_name[WPA_PMK_NAME_LEN];
2668 	struct wpa_authenticator *wpa_auth = sm->wpa_auth;
2669 	const u8 *mdid = wpa_auth->conf.mobility_domain;
2670 	const u8 *r0kh = sm->r0kh_id;
2671 	size_t r0kh_len = sm->r0kh_id_len;
2672 	const u8 *r1kh = wpa_auth->conf.r1_key_holder;
2673 	const u8 *ssid = wpa_auth->conf.ssid;
2674 	size_t ssid_len = wpa_auth->conf.ssid_len;
2675 	int pairwise;
2676 
2677 	pairwise = sm->pairwise;
2678 
2679 	for (;;) {
2680 		pmk = wpa_ft_get_psk(wpa_auth, sm->addr, sm->p2p_dev_addr,
2681 				     pmk);
2682 		if (pmk == NULL)
2683 			break;
2684 
2685 		if (wpa_derive_pmk_r0(pmk, PMK_LEN, ssid, ssid_len, mdid, r0kh,
2686 				      r0kh_len, sm->addr,
2687 				      pmk_r0, pmk_r0_name, 0) < 0 ||
2688 		    wpa_derive_pmk_r1(pmk_r0, PMK_LEN, pmk_r0_name, r1kh,
2689 				      sm->addr, pmk_r1, pmk_r1_name) < 0 ||
2690 		    os_memcmp_const(pmk_r1_name, req_pmk_r1_name,
2691 				    WPA_PMK_NAME_LEN) != 0)
2692 			continue;
2693 
2694 		/* We found a PSK that matches the requested pmk_r1_name */
2695 		wpa_printf(MSG_DEBUG,
2696 			   "FT: Found PSK to generate PMK-R1 locally");
2697 		os_memcpy(out_pmk_r1, pmk_r1, PMK_LEN);
2698 		if (out_pairwise)
2699 			*out_pairwise = pairwise;
2700 		os_memcpy(sm->PMK, pmk, PMK_LEN);
2701 		sm->pmk_len = PMK_LEN;
2702 		if (out_vlan &&
2703 		    wpa_ft_get_vlan(sm->wpa_auth, sm->addr, out_vlan) < 0) {
2704 			wpa_printf(MSG_DEBUG, "FT: vlan not available for STA "
2705 				   MACSTR, MAC2STR(sm->addr));
2706 			return -1;
2707 		}
2708 
2709 		if (out_identity && out_identity_len) {
2710 			*out_identity_len = wpa_ft_get_identity(
2711 				sm->wpa_auth, sm->addr, out_identity);
2712 		}
2713 
2714 		if (out_radius_cui && out_radius_cui_len) {
2715 			*out_radius_cui_len = wpa_ft_get_radius_cui(
2716 				sm->wpa_auth, sm->addr, out_radius_cui);
2717 		}
2718 
2719 		if (out_session_timeout) {
2720 			*out_session_timeout = wpa_ft_get_session_timeout(
2721 				sm->wpa_auth, sm->addr);
2722 		}
2723 
2724 		return 0;
2725 	}
2726 
2727 	wpa_printf(MSG_DEBUG,
2728 		   "FT: Did not find PSK to generate PMK-R1 locally");
2729 	return -1;
2730 }
2731 
2732 
2733 /* Detect the configuration the station asked for.
2734  * Required to detect FT-PSK and pairwise cipher.
2735  */
wpa_ft_set_key_mgmt(struct wpa_state_machine * sm,struct wpa_ft_ies * parse)2736 static int wpa_ft_set_key_mgmt(struct wpa_state_machine *sm,
2737 			       struct wpa_ft_ies *parse)
2738 {
2739 	int key_mgmt, ciphers;
2740 
2741 	if (sm->wpa_key_mgmt)
2742 		return 0;
2743 
2744 	key_mgmt = parse->key_mgmt & sm->wpa_auth->conf.wpa_key_mgmt;
2745 	if (!key_mgmt) {
2746 		wpa_printf(MSG_DEBUG, "FT: Invalid key mgmt (0x%x) from "
2747 			   MACSTR, parse->key_mgmt, MAC2STR(sm->addr));
2748 		return -1;
2749 	}
2750 	if (key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X)
2751 		sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_IEEE8021X;
2752 #ifdef CONFIG_SHA384
2753 	else if (key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X_SHA384)
2754 		sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_IEEE8021X_SHA384;
2755 #endif /* CONFIG_SHA384 */
2756 	else if (key_mgmt & WPA_KEY_MGMT_FT_PSK)
2757 		sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_PSK;
2758 #ifdef CONFIG_FILS
2759 	else if (key_mgmt & WPA_KEY_MGMT_FT_FILS_SHA256)
2760 		sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_FILS_SHA256;
2761 	else if (key_mgmt & WPA_KEY_MGMT_FT_FILS_SHA384)
2762 		sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_FILS_SHA384;
2763 #endif /* CONFIG_FILS */
2764 	ciphers = parse->pairwise_cipher & sm->wpa_auth->conf.rsn_pairwise;
2765 	if (!ciphers) {
2766 		wpa_printf(MSG_DEBUG, "FT: Invalid pairwise cipher (0x%x) from "
2767 			   MACSTR,
2768 			   parse->pairwise_cipher, MAC2STR(sm->addr));
2769 		return -1;
2770 	}
2771 	sm->pairwise = wpa_pick_pairwise_cipher(ciphers, 0);
2772 
2773 	return 0;
2774 }
2775 
2776 
wpa_ft_local_derive_pmk_r1(struct wpa_authenticator * wpa_auth,struct wpa_state_machine * sm,const u8 * r0kh_id,size_t r0kh_id_len,const u8 * req_pmk_r0_name,const u8 * req_pmk_r1_name,u8 * out_pmk_r1,int * out_pairwise,struct vlan_description * vlan,const u8 ** identity,size_t * identity_len,const u8 ** radius_cui,size_t * radius_cui_len,int * out_session_timeout)2777 static int wpa_ft_local_derive_pmk_r1(struct wpa_authenticator *wpa_auth,
2778 				      struct wpa_state_machine *sm,
2779 				      const u8 *r0kh_id, size_t r0kh_id_len,
2780 				      const u8 *req_pmk_r0_name,
2781 				      const u8 *req_pmk_r1_name,
2782 				      u8 *out_pmk_r1, int *out_pairwise,
2783 				      struct vlan_description *vlan,
2784 				      const u8 **identity, size_t *identity_len,
2785 				      const u8 **radius_cui,
2786 				      size_t *radius_cui_len,
2787 				      int *out_session_timeout)
2788 {
2789 	struct wpa_auth_config *conf = &wpa_auth->conf;
2790 	const struct wpa_ft_pmk_r0_sa *r0;
2791 	u8 pmk_r1_name[WPA_PMK_NAME_LEN];
2792 	int expires_in = 0;
2793 	int session_timeout = 0;
2794 	struct os_reltime now;
2795 
2796 	if (conf->r0_key_holder_len != r0kh_id_len ||
2797 	    os_memcmp(conf->r0_key_holder, r0kh_id, conf->r0_key_holder_len) !=
2798 	    0)
2799 		return -1; /* not our R0KH-ID */
2800 
2801 	wpa_printf(MSG_DEBUG, "FT: STA R0KH-ID matching local configuration");
2802 	if (wpa_ft_fetch_pmk_r0(sm->wpa_auth, sm->addr, req_pmk_r0_name, &r0) <
2803 	    0)
2804 		return -1; /* no matching PMKR0Name in local cache */
2805 
2806 	wpa_printf(MSG_DEBUG, "FT: Requested PMKR0Name found in local cache");
2807 
2808 	if (wpa_derive_pmk_r1(r0->pmk_r0, r0->pmk_r0_len, r0->pmk_r0_name,
2809 			      conf->r1_key_holder,
2810 			      sm->addr, out_pmk_r1, pmk_r1_name) < 0)
2811 		return -1;
2812 	wpa_hexdump_key(MSG_DEBUG, "FT: PMK-R1", out_pmk_r1, r0->pmk_r0_len);
2813 	wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name", pmk_r1_name, WPA_PMK_NAME_LEN);
2814 
2815 	os_get_reltime(&now);
2816 	if (r0->expiration)
2817 		expires_in = r0->expiration - now.sec;
2818 
2819 	if (r0->session_timeout)
2820 		session_timeout = r0->session_timeout - now.sec;
2821 
2822 	wpa_ft_store_pmk_r1(wpa_auth, sm->addr, out_pmk_r1, r0->pmk_r0_len,
2823 			    pmk_r1_name,
2824 			    sm->pairwise, r0->vlan, expires_in, session_timeout,
2825 			    r0->identity, r0->identity_len,
2826 			    r0->radius_cui, r0->radius_cui_len);
2827 
2828 	*out_pairwise = sm->pairwise;
2829 	if (vlan) {
2830 		if (r0->vlan)
2831 			*vlan = *r0->vlan;
2832 		else
2833 			os_memset(vlan, 0, sizeof(*vlan));
2834 	}
2835 
2836 	if (identity && identity_len) {
2837 		*identity = r0->identity;
2838 		*identity_len = r0->identity_len;
2839 	}
2840 
2841 	if (radius_cui && radius_cui_len) {
2842 		*radius_cui = r0->radius_cui;
2843 		*radius_cui_len = r0->radius_cui_len;
2844 	}
2845 
2846 	*out_session_timeout = session_timeout;
2847 
2848 	return 0;
2849 }
2850 
2851 
wpa_ft_process_auth_req(struct wpa_state_machine * sm,const u8 * ies,size_t ies_len,u8 ** resp_ies,size_t * resp_ies_len)2852 static int wpa_ft_process_auth_req(struct wpa_state_machine *sm,
2853 				   const u8 *ies, size_t ies_len,
2854 				   u8 **resp_ies, size_t *resp_ies_len)
2855 {
2856 	struct rsn_mdie *mdie;
2857 	u8 pmk_r1[PMK_LEN_MAX], pmk_r1_name[WPA_PMK_NAME_LEN];
2858 	u8 ptk_name[WPA_PMK_NAME_LEN];
2859 	struct wpa_auth_config *conf;
2860 	struct wpa_ft_ies parse;
2861 	size_t buflen;
2862 	int ret;
2863 	u8 *pos, *end;
2864 	int pairwise, session_timeout = 0;
2865 	struct vlan_description vlan;
2866 	const u8 *identity, *radius_cui;
2867 	size_t identity_len = 0, radius_cui_len = 0;
2868 	int use_sha384;
2869 	size_t pmk_r1_len;
2870 
2871 	*resp_ies = NULL;
2872 	*resp_ies_len = 0;
2873 
2874 	sm->pmk_r1_name_valid = 0;
2875 	conf = &sm->wpa_auth->conf;
2876 
2877 	wpa_hexdump(MSG_DEBUG, "FT: Received authentication frame IEs",
2878 		    ies, ies_len);
2879 
2880 	if (wpa_ft_parse_ies(ies, ies_len, &parse, -1)) {
2881 		wpa_printf(MSG_DEBUG, "FT: Failed to parse FT IEs");
2882 		return WLAN_STATUS_UNSPECIFIED_FAILURE;
2883 	}
2884 	use_sha384 = wpa_key_mgmt_sha384(parse.key_mgmt);
2885 	pmk_r1_len = use_sha384 ? SHA384_MAC_LEN : PMK_LEN;
2886 
2887 	mdie = (struct rsn_mdie *) parse.mdie;
2888 	if (mdie == NULL || parse.mdie_len < sizeof(*mdie) ||
2889 	    os_memcmp(mdie->mobility_domain,
2890 		      sm->wpa_auth->conf.mobility_domain,
2891 		      MOBILITY_DOMAIN_ID_LEN) != 0) {
2892 		wpa_printf(MSG_DEBUG, "FT: Invalid MDIE");
2893 		return WLAN_STATUS_INVALID_MDIE;
2894 	}
2895 
2896 	if (use_sha384) {
2897 		struct rsn_ftie_sha384 *ftie;
2898 
2899 		ftie = (struct rsn_ftie_sha384 *) parse.ftie;
2900 		if (!ftie || parse.ftie_len < sizeof(*ftie)) {
2901 			wpa_printf(MSG_DEBUG, "FT: Invalid FTIE");
2902 			return WLAN_STATUS_INVALID_FTIE;
2903 		}
2904 
2905 		os_memcpy(sm->SNonce, ftie->snonce, WPA_NONCE_LEN);
2906 	} else {
2907 		struct rsn_ftie *ftie;
2908 
2909 		ftie = (struct rsn_ftie *) parse.ftie;
2910 		if (!ftie || parse.ftie_len < sizeof(*ftie)) {
2911 			wpa_printf(MSG_DEBUG, "FT: Invalid FTIE");
2912 			return WLAN_STATUS_INVALID_FTIE;
2913 		}
2914 
2915 		os_memcpy(sm->SNonce, ftie->snonce, WPA_NONCE_LEN);
2916 	}
2917 
2918 	if (parse.r0kh_id == NULL) {
2919 		wpa_printf(MSG_DEBUG, "FT: Invalid FTIE - no R0KH-ID");
2920 		return WLAN_STATUS_INVALID_FTIE;
2921 	}
2922 
2923 	wpa_hexdump(MSG_DEBUG, "FT: STA R0KH-ID",
2924 		    parse.r0kh_id, parse.r0kh_id_len);
2925 	os_memcpy(sm->r0kh_id, parse.r0kh_id, parse.r0kh_id_len);
2926 	sm->r0kh_id_len = parse.r0kh_id_len;
2927 
2928 	if (parse.rsn_pmkid == NULL) {
2929 		wpa_printf(MSG_DEBUG, "FT: No PMKID in RSNIE");
2930 		return WLAN_STATUS_INVALID_PMKID;
2931 	}
2932 
2933 	if (wpa_ft_set_key_mgmt(sm, &parse) < 0)
2934 		return WLAN_STATUS_UNSPECIFIED_FAILURE;
2935 
2936 	wpa_hexdump(MSG_DEBUG, "FT: Requested PMKR0Name",
2937 		    parse.rsn_pmkid, WPA_PMK_NAME_LEN);
2938 	if (wpa_derive_pmk_r1_name(parse.rsn_pmkid,
2939 				   sm->wpa_auth->conf.r1_key_holder, sm->addr,
2940 				   pmk_r1_name, use_sha384) < 0)
2941 		return WLAN_STATUS_UNSPECIFIED_FAILURE;
2942 	wpa_hexdump(MSG_DEBUG, "FT: Derived requested PMKR1Name",
2943 		    pmk_r1_name, WPA_PMK_NAME_LEN);
2944 
2945 	if (conf->ft_psk_generate_local &&
2946 	    wpa_key_mgmt_ft_psk(sm->wpa_key_mgmt)) {
2947 		if (wpa_ft_psk_pmk_r1(sm, pmk_r1_name, pmk_r1, &pairwise,
2948 				      &vlan, &identity, &identity_len,
2949 				      &radius_cui, &radius_cui_len,
2950 				      &session_timeout) < 0)
2951 			return WLAN_STATUS_INVALID_PMKID;
2952 		wpa_printf(MSG_DEBUG,
2953 			   "FT: Generated PMK-R1 for FT-PSK locally");
2954 	} else if (wpa_ft_fetch_pmk_r1(sm->wpa_auth, sm->addr, pmk_r1_name,
2955 				       pmk_r1, &pmk_r1_len, &pairwise, &vlan,
2956 				       &identity, &identity_len, &radius_cui,
2957 				       &radius_cui_len, &session_timeout) < 0) {
2958 		wpa_printf(MSG_DEBUG,
2959 			   "FT: No PMK-R1 available in local cache for the requested PMKR1Name");
2960 		if (wpa_ft_local_derive_pmk_r1(sm->wpa_auth, sm,
2961 					       parse.r0kh_id, parse.r0kh_id_len,
2962 					       parse.rsn_pmkid,
2963 					       pmk_r1_name, pmk_r1, &pairwise,
2964 					       &vlan, &identity, &identity_len,
2965 					       &radius_cui, &radius_cui_len,
2966 					       &session_timeout) == 0) {
2967 			wpa_printf(MSG_DEBUG,
2968 				   "FT: Generated PMK-R1 based on local PMK-R0");
2969 			goto pmk_r1_derived;
2970 		}
2971 
2972 		if (wpa_ft_pull_pmk_r1(sm, ies, ies_len, parse.rsn_pmkid) < 0) {
2973 			wpa_printf(MSG_DEBUG,
2974 				   "FT: Did not have matching PMK-R1 and either unknown or blocked R0KH-ID or NAK from R0KH");
2975 			return WLAN_STATUS_INVALID_PMKID;
2976 		}
2977 
2978 		return -1; /* Status pending */
2979 	} else {
2980 		wpa_printf(MSG_DEBUG, "FT: Found PMKR1Name from local cache");
2981 	}
2982 
2983 pmk_r1_derived:
2984 	wpa_hexdump_key(MSG_DEBUG, "FT: Selected PMK-R1", pmk_r1, pmk_r1_len);
2985 	sm->pmk_r1_name_valid = 1;
2986 	os_memcpy(sm->pmk_r1_name, pmk_r1_name, WPA_PMK_NAME_LEN);
2987 
2988 	if (random_get_bytes(sm->ANonce, WPA_NONCE_LEN)) {
2989 		wpa_printf(MSG_DEBUG, "FT: Failed to get random data for "
2990 			   "ANonce");
2991 		return WLAN_STATUS_UNSPECIFIED_FAILURE;
2992 	}
2993 
2994 	wpa_hexdump(MSG_DEBUG, "FT: Received SNonce",
2995 		    sm->SNonce, WPA_NONCE_LEN);
2996 	wpa_hexdump(MSG_DEBUG, "FT: Generated ANonce",
2997 		    sm->ANonce, WPA_NONCE_LEN);
2998 
2999 	if (wpa_pmk_r1_to_ptk(pmk_r1, pmk_r1_len, sm->SNonce, sm->ANonce,
3000 			      sm->addr, sm->wpa_auth->addr, pmk_r1_name,
3001 			      &sm->PTK, ptk_name, sm->wpa_key_mgmt,
3002 			      pairwise) < 0)
3003 		return WLAN_STATUS_UNSPECIFIED_FAILURE;
3004 
3005 	sm->pairwise = pairwise;
3006 	sm->PTK_valid = TRUE;
3007 	sm->tk_already_set = FALSE;
3008 	wpa_ft_install_ptk(sm);
3009 
3010 	if (wpa_ft_set_vlan(sm->wpa_auth, sm->addr, &vlan) < 0) {
3011 		wpa_printf(MSG_DEBUG, "FT: Failed to configure VLAN");
3012 		return WLAN_STATUS_UNSPECIFIED_FAILURE;
3013 	}
3014 	if (wpa_ft_set_identity(sm->wpa_auth, sm->addr,
3015 				identity, identity_len) < 0 ||
3016 	    wpa_ft_set_radius_cui(sm->wpa_auth, sm->addr,
3017 				  radius_cui, radius_cui_len) < 0) {
3018 		wpa_printf(MSG_DEBUG, "FT: Failed to configure identity/CUI");
3019 		return WLAN_STATUS_UNSPECIFIED_FAILURE;
3020 	}
3021 	wpa_ft_set_session_timeout(sm->wpa_auth, sm->addr, session_timeout);
3022 
3023 	buflen = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) +
3024 		2 + FT_R1KH_ID_LEN + 200;
3025 	*resp_ies = os_zalloc(buflen);
3026 	if (*resp_ies == NULL)
3027 		goto fail;
3028 
3029 	pos = *resp_ies;
3030 	end = *resp_ies + buflen;
3031 
3032 	ret = wpa_write_rsn_ie(conf, pos, end - pos, parse.rsn_pmkid);
3033 	if (ret < 0)
3034 		goto fail;
3035 	pos += ret;
3036 
3037 	ret = wpa_write_mdie(conf, pos, end - pos);
3038 	if (ret < 0)
3039 		goto fail;
3040 	pos += ret;
3041 
3042 	ret = wpa_write_ftie(conf, use_sha384, parse.r0kh_id, parse.r0kh_id_len,
3043 			     sm->ANonce, sm->SNonce, pos, end - pos, NULL, 0);
3044 	if (ret < 0)
3045 		goto fail;
3046 	pos += ret;
3047 
3048 	*resp_ies_len = pos - *resp_ies;
3049 
3050 	return WLAN_STATUS_SUCCESS;
3051 fail:
3052 	os_free(*resp_ies);
3053 	*resp_ies = NULL;
3054 	return WLAN_STATUS_UNSPECIFIED_FAILURE;
3055 }
3056 
3057 
wpa_ft_process_auth(struct wpa_state_machine * sm,const u8 * bssid,u16 auth_transaction,const u8 * ies,size_t ies_len,void (* cb)(void * ctx,const u8 * dst,const u8 * bssid,u16 auth_transaction,u16 status,const u8 * ies,size_t ies_len),void * ctx)3058 void wpa_ft_process_auth(struct wpa_state_machine *sm, const u8 *bssid,
3059 			 u16 auth_transaction, const u8 *ies, size_t ies_len,
3060 			 void (*cb)(void *ctx, const u8 *dst, const u8 *bssid,
3061 				    u16 auth_transaction, u16 status,
3062 				    const u8 *ies, size_t ies_len),
3063 			 void *ctx)
3064 {
3065 	u16 status;
3066 	u8 *resp_ies;
3067 	size_t resp_ies_len;
3068 	int res;
3069 
3070 	if (sm == NULL) {
3071 		wpa_printf(MSG_DEBUG, "FT: Received authentication frame, but "
3072 			   "WPA SM not available");
3073 		return;
3074 	}
3075 
3076 	wpa_printf(MSG_DEBUG, "FT: Received authentication frame: STA=" MACSTR
3077 		   " BSSID=" MACSTR " transaction=%d",
3078 		   MAC2STR(sm->addr), MAC2STR(bssid), auth_transaction);
3079 	sm->ft_pending_cb = cb;
3080 	sm->ft_pending_cb_ctx = ctx;
3081 	sm->ft_pending_auth_transaction = auth_transaction;
3082 	sm->ft_pending_pull_left_retries = sm->wpa_auth->conf.rkh_pull_retries;
3083 	res = wpa_ft_process_auth_req(sm, ies, ies_len, &resp_ies,
3084 				      &resp_ies_len);
3085 	if (res < 0) {
3086 		wpa_printf(MSG_DEBUG, "FT: Callback postponed until response is available");
3087 		return;
3088 	}
3089 	status = res;
3090 
3091 	wpa_printf(MSG_DEBUG, "FT: FT authentication response: dst=" MACSTR
3092 		   " auth_transaction=%d status=%d",
3093 		   MAC2STR(sm->addr), auth_transaction + 1, status);
3094 	wpa_hexdump(MSG_DEBUG, "FT: Response IEs", resp_ies, resp_ies_len);
3095 	cb(ctx, sm->addr, bssid, auth_transaction + 1, status,
3096 	   resp_ies, resp_ies_len);
3097 	os_free(resp_ies);
3098 }
3099 
3100 
wpa_ft_validate_reassoc(struct wpa_state_machine * sm,const u8 * ies,size_t ies_len)3101 u16 wpa_ft_validate_reassoc(struct wpa_state_machine *sm, const u8 *ies,
3102 			    size_t ies_len)
3103 {
3104 	struct wpa_ft_ies parse;
3105 	struct rsn_mdie *mdie;
3106 	u8 mic[WPA_EAPOL_KEY_MIC_MAX_LEN];
3107 	size_t mic_len = 16;
3108 	unsigned int count;
3109 	const u8 *kck;
3110 	size_t kck_len;
3111 	int use_sha384;
3112 	const u8 *anonce, *snonce, *fte_mic;
3113 	u8 fte_elem_count;
3114 
3115 	if (sm == NULL)
3116 		return WLAN_STATUS_UNSPECIFIED_FAILURE;
3117 
3118 	use_sha384 = wpa_key_mgmt_sha384(sm->wpa_key_mgmt);
3119 
3120 	wpa_hexdump(MSG_DEBUG, "FT: Reassoc Req IEs", ies, ies_len);
3121 
3122 	if (wpa_ft_parse_ies(ies, ies_len, &parse, use_sha384) < 0) {
3123 		wpa_printf(MSG_DEBUG, "FT: Failed to parse FT IEs");
3124 		return WLAN_STATUS_UNSPECIFIED_FAILURE;
3125 	}
3126 
3127 	if (parse.rsn == NULL) {
3128 		wpa_printf(MSG_DEBUG, "FT: No RSNIE in Reassoc Req");
3129 		return WLAN_STATUS_UNSPECIFIED_FAILURE;
3130 	}
3131 
3132 	if (parse.rsn_pmkid == NULL) {
3133 		wpa_printf(MSG_DEBUG, "FT: No PMKID in RSNIE");
3134 		return WLAN_STATUS_INVALID_PMKID;
3135 	}
3136 
3137 	if (os_memcmp_const(parse.rsn_pmkid, sm->pmk_r1_name, WPA_PMK_NAME_LEN)
3138 	    != 0) {
3139 		wpa_printf(MSG_DEBUG, "FT: PMKID in Reassoc Req did not match "
3140 			   "with the PMKR1Name derived from auth request");
3141 		return WLAN_STATUS_INVALID_PMKID;
3142 	}
3143 
3144 	mdie = (struct rsn_mdie *) parse.mdie;
3145 	if (mdie == NULL || parse.mdie_len < sizeof(*mdie) ||
3146 	    os_memcmp(mdie->mobility_domain,
3147 		      sm->wpa_auth->conf.mobility_domain,
3148 		      MOBILITY_DOMAIN_ID_LEN) != 0) {
3149 		wpa_printf(MSG_DEBUG, "FT: Invalid MDIE");
3150 		return WLAN_STATUS_INVALID_MDIE;
3151 	}
3152 
3153 	if (use_sha384) {
3154 		struct rsn_ftie_sha384 *ftie;
3155 
3156 		ftie = (struct rsn_ftie_sha384 *) parse.ftie;
3157 		if (ftie == NULL || parse.ftie_len < sizeof(*ftie)) {
3158 			wpa_printf(MSG_DEBUG, "FT: Invalid FTIE");
3159 			return WLAN_STATUS_INVALID_FTIE;
3160 		}
3161 
3162 		anonce = ftie->anonce;
3163 		snonce = ftie->snonce;
3164 		fte_elem_count = ftie->mic_control[1];
3165 		fte_mic = ftie->mic;
3166 	} else {
3167 		struct rsn_ftie *ftie;
3168 
3169 		ftie = (struct rsn_ftie *) parse.ftie;
3170 		if (ftie == NULL || parse.ftie_len < sizeof(*ftie)) {
3171 			wpa_printf(MSG_DEBUG, "FT: Invalid FTIE");
3172 			return WLAN_STATUS_INVALID_FTIE;
3173 		}
3174 
3175 		anonce = ftie->anonce;
3176 		snonce = ftie->snonce;
3177 		fte_elem_count = ftie->mic_control[1];
3178 		fte_mic = ftie->mic;
3179 	}
3180 
3181 	if (os_memcmp(snonce, sm->SNonce, WPA_NONCE_LEN) != 0) {
3182 		wpa_printf(MSG_DEBUG, "FT: SNonce mismatch in FTIE");
3183 		wpa_hexdump(MSG_DEBUG, "FT: Received SNonce",
3184 			    snonce, WPA_NONCE_LEN);
3185 		wpa_hexdump(MSG_DEBUG, "FT: Expected SNonce",
3186 			    sm->SNonce, WPA_NONCE_LEN);
3187 		return WLAN_STATUS_INVALID_FTIE;
3188 	}
3189 
3190 	if (os_memcmp(anonce, sm->ANonce, WPA_NONCE_LEN) != 0) {
3191 		wpa_printf(MSG_DEBUG, "FT: ANonce mismatch in FTIE");
3192 		wpa_hexdump(MSG_DEBUG, "FT: Received ANonce",
3193 			    anonce, WPA_NONCE_LEN);
3194 		wpa_hexdump(MSG_DEBUG, "FT: Expected ANonce",
3195 			    sm->ANonce, WPA_NONCE_LEN);
3196 		return WLAN_STATUS_INVALID_FTIE;
3197 	}
3198 
3199 
3200 	if (parse.r0kh_id == NULL) {
3201 		wpa_printf(MSG_DEBUG, "FT: No R0KH-ID subelem in FTIE");
3202 		return WLAN_STATUS_INVALID_FTIE;
3203 	}
3204 
3205 	if (parse.r0kh_id_len != sm->r0kh_id_len ||
3206 	    os_memcmp_const(parse.r0kh_id, sm->r0kh_id, parse.r0kh_id_len) != 0)
3207 	{
3208 		wpa_printf(MSG_DEBUG, "FT: R0KH-ID in FTIE did not match with "
3209 			   "the current R0KH-ID");
3210 		wpa_hexdump(MSG_DEBUG, "FT: R0KH-ID in FTIE",
3211 			    parse.r0kh_id, parse.r0kh_id_len);
3212 		wpa_hexdump(MSG_DEBUG, "FT: The current R0KH-ID",
3213 			    sm->r0kh_id, sm->r0kh_id_len);
3214 		return WLAN_STATUS_INVALID_FTIE;
3215 	}
3216 
3217 	if (parse.r1kh_id == NULL) {
3218 		wpa_printf(MSG_DEBUG, "FT: No R1KH-ID subelem in FTIE");
3219 		return WLAN_STATUS_INVALID_FTIE;
3220 	}
3221 
3222 	if (os_memcmp_const(parse.r1kh_id, sm->wpa_auth->conf.r1_key_holder,
3223 			    FT_R1KH_ID_LEN) != 0) {
3224 		wpa_printf(MSG_DEBUG, "FT: Unknown R1KH-ID used in "
3225 			   "ReassocReq");
3226 		wpa_hexdump(MSG_DEBUG, "FT: R1KH-ID in FTIE",
3227 			    parse.r1kh_id, FT_R1KH_ID_LEN);
3228 		wpa_hexdump(MSG_DEBUG, "FT: Expected R1KH-ID",
3229 			    sm->wpa_auth->conf.r1_key_holder, FT_R1KH_ID_LEN);
3230 		return WLAN_STATUS_INVALID_FTIE;
3231 	}
3232 
3233 	if (parse.rsn_pmkid == NULL ||
3234 	    os_memcmp_const(parse.rsn_pmkid, sm->pmk_r1_name, WPA_PMK_NAME_LEN))
3235 	{
3236 		wpa_printf(MSG_DEBUG, "FT: No matching PMKR1Name (PMKID) in "
3237 			   "RSNIE (pmkid=%d)", !!parse.rsn_pmkid);
3238 		return WLAN_STATUS_INVALID_PMKID;
3239 	}
3240 
3241 	count = 3;
3242 	if (parse.ric)
3243 		count += ieee802_11_ie_count(parse.ric, parse.ric_len);
3244 	if (fte_elem_count != count) {
3245 		wpa_printf(MSG_DEBUG, "FT: Unexpected IE count in MIC "
3246 			   "Control: received %u expected %u",
3247 			   fte_elem_count, count);
3248 		return WLAN_STATUS_UNSPECIFIED_FAILURE;
3249 	}
3250 
3251 	if (wpa_key_mgmt_fils(sm->wpa_key_mgmt)) {
3252 		kck = sm->PTK.kck2;
3253 		kck_len = sm->PTK.kck2_len;
3254 	} else {
3255 		kck = sm->PTK.kck;
3256 		kck_len = sm->PTK.kck_len;
3257 	}
3258 	if (wpa_ft_mic(kck, kck_len, sm->addr, sm->wpa_auth->addr, 5,
3259 		       parse.mdie - 2, parse.mdie_len + 2,
3260 		       parse.ftie - 2, parse.ftie_len + 2,
3261 		       parse.rsn - 2, parse.rsn_len + 2,
3262 		       parse.ric, parse.ric_len,
3263 		       mic) < 0) {
3264 		wpa_printf(MSG_DEBUG, "FT: Failed to calculate MIC");
3265 		return WLAN_STATUS_UNSPECIFIED_FAILURE;
3266 	}
3267 
3268 	if (os_memcmp_const(mic, fte_mic, mic_len) != 0) {
3269 		wpa_printf(MSG_DEBUG, "FT: Invalid MIC in FTIE");
3270 		wpa_printf(MSG_DEBUG, "FT: addr=" MACSTR " auth_addr=" MACSTR,
3271 			   MAC2STR(sm->addr), MAC2STR(sm->wpa_auth->addr));
3272 		wpa_hexdump(MSG_MSGDUMP, "FT: Received MIC",
3273 			    fte_mic, mic_len);
3274 		wpa_hexdump(MSG_MSGDUMP, "FT: Calculated MIC", mic, mic_len);
3275 		wpa_hexdump(MSG_MSGDUMP, "FT: MDIE",
3276 			    parse.mdie - 2, parse.mdie_len + 2);
3277 		wpa_hexdump(MSG_MSGDUMP, "FT: FTIE",
3278 			    parse.ftie - 2, parse.ftie_len + 2);
3279 		wpa_hexdump(MSG_MSGDUMP, "FT: RSN",
3280 			    parse.rsn - 2, parse.rsn_len + 2);
3281 		return WLAN_STATUS_INVALID_FTIE;
3282 	}
3283 
3284 #ifdef CONFIG_OCV
3285 	if (wpa_auth_uses_ocv(sm)) {
3286 		struct wpa_channel_info ci;
3287 		int tx_chanwidth;
3288 		int tx_seg1_idx;
3289 
3290 		if (wpa_channel_info(sm->wpa_auth, &ci) != 0) {
3291 			wpa_printf(MSG_WARNING,
3292 				   "Failed to get channel info to validate received OCI in (Re)Assoc Request");
3293 			return WLAN_STATUS_UNSPECIFIED_FAILURE;
3294 		}
3295 
3296 		if (get_sta_tx_parameters(sm,
3297 					  channel_width_to_int(ci.chanwidth),
3298 					  ci.seg1_idx, &tx_chanwidth,
3299 					  &tx_seg1_idx) < 0)
3300 			return WLAN_STATUS_UNSPECIFIED_FAILURE;
3301 
3302 		if (ocv_verify_tx_params(parse.oci, parse.oci_len, &ci,
3303 					 tx_chanwidth, tx_seg1_idx) != 0) {
3304 			wpa_printf(MSG_WARNING, "%s", ocv_errorstr);
3305 			return WLAN_STATUS_UNSPECIFIED_FAILURE;
3306 		}
3307 	}
3308 #endif /* CONFIG_OCV */
3309 
3310 	return WLAN_STATUS_SUCCESS;
3311 }
3312 
3313 
wpa_ft_action_rx(struct wpa_state_machine * sm,const u8 * data,size_t len)3314 int wpa_ft_action_rx(struct wpa_state_machine *sm, const u8 *data, size_t len)
3315 {
3316 	const u8 *sta_addr, *target_ap;
3317 	const u8 *ies;
3318 	size_t ies_len;
3319 	u8 action;
3320 	struct ft_rrb_frame *frame;
3321 
3322 	if (sm == NULL)
3323 		return -1;
3324 
3325 	/*
3326 	 * data: Category[1] Action[1] STA_Address[6] Target_AP_Address[6]
3327 	 * FT Request action frame body[variable]
3328 	 */
3329 
3330 	if (len < 14) {
3331 		wpa_printf(MSG_DEBUG, "FT: Too short FT Action frame "
3332 			   "(len=%lu)", (unsigned long) len);
3333 		return -1;
3334 	}
3335 
3336 	action = data[1];
3337 	sta_addr = data + 2;
3338 	target_ap = data + 8;
3339 	ies = data + 14;
3340 	ies_len = len - 14;
3341 
3342 	wpa_printf(MSG_DEBUG, "FT: Received FT Action frame (STA=" MACSTR
3343 		   " Target AP=" MACSTR " Action=%d)",
3344 		   MAC2STR(sta_addr), MAC2STR(target_ap), action);
3345 
3346 	if (os_memcmp(sta_addr, sm->addr, ETH_ALEN) != 0) {
3347 		wpa_printf(MSG_DEBUG, "FT: Mismatch in FT Action STA address: "
3348 			   "STA=" MACSTR " STA-Address=" MACSTR,
3349 			   MAC2STR(sm->addr), MAC2STR(sta_addr));
3350 		return -1;
3351 	}
3352 
3353 	/*
3354 	 * Do some sanity checking on the target AP address (not own and not
3355 	 * broadcast. This could be extended to filter based on a list of known
3356 	 * APs in the MD (if such a list were configured).
3357 	 */
3358 	if ((target_ap[0] & 0x01) ||
3359 	    os_memcmp(target_ap, sm->wpa_auth->addr, ETH_ALEN) == 0) {
3360 		wpa_printf(MSG_DEBUG, "FT: Invalid Target AP in FT Action "
3361 			   "frame");
3362 		return -1;
3363 	}
3364 
3365 	wpa_hexdump(MSG_MSGDUMP, "FT: Action frame body", ies, ies_len);
3366 
3367 	if (!sm->wpa_auth->conf.ft_over_ds) {
3368 		wpa_printf(MSG_DEBUG, "FT: Over-DS option disabled - reject");
3369 		return -1;
3370 	}
3371 
3372 	/* RRB - Forward action frame to the target AP */
3373 	frame = os_malloc(sizeof(*frame) + len);
3374 	if (frame == NULL)
3375 		return -1;
3376 	frame->frame_type = RSN_REMOTE_FRAME_TYPE_FT_RRB;
3377 	frame->packet_type = FT_PACKET_REQUEST;
3378 	frame->action_length = host_to_le16(len);
3379 	os_memcpy(frame->ap_address, sm->wpa_auth->addr, ETH_ALEN);
3380 	os_memcpy(frame + 1, data, len);
3381 
3382 	wpa_ft_rrb_send(sm->wpa_auth, target_ap, (u8 *) frame,
3383 			sizeof(*frame) + len);
3384 	os_free(frame);
3385 
3386 	return 0;
3387 }
3388 
3389 
wpa_ft_rrb_rx_request_cb(void * ctx,const u8 * dst,const u8 * bssid,u16 auth_transaction,u16 resp,const u8 * ies,size_t ies_len)3390 static void wpa_ft_rrb_rx_request_cb(void *ctx, const u8 *dst, const u8 *bssid,
3391 				     u16 auth_transaction, u16 resp,
3392 				     const u8 *ies, size_t ies_len)
3393 {
3394 	struct wpa_state_machine *sm = ctx;
3395 	wpa_printf(MSG_DEBUG, "FT: Over-the-DS RX request cb for " MACSTR,
3396 		   MAC2STR(sm->addr));
3397 	wpa_ft_send_rrb_auth_resp(sm, sm->ft_pending_current_ap, sm->addr,
3398 				  WLAN_STATUS_SUCCESS, ies, ies_len);
3399 }
3400 
3401 
wpa_ft_rrb_rx_request(struct wpa_authenticator * wpa_auth,const u8 * current_ap,const u8 * sta_addr,const u8 * body,size_t len)3402 static int wpa_ft_rrb_rx_request(struct wpa_authenticator *wpa_auth,
3403 				 const u8 *current_ap, const u8 *sta_addr,
3404 				 const u8 *body, size_t len)
3405 {
3406 	struct wpa_state_machine *sm;
3407 	u16 status;
3408 	u8 *resp_ies;
3409 	size_t resp_ies_len;
3410 	int res;
3411 
3412 	sm = wpa_ft_add_sta(wpa_auth, sta_addr);
3413 	if (sm == NULL) {
3414 		wpa_printf(MSG_DEBUG, "FT: Failed to add new STA based on "
3415 			   "RRB Request");
3416 		return -1;
3417 	}
3418 
3419 	wpa_hexdump(MSG_MSGDUMP, "FT: RRB Request Frame body", body, len);
3420 
3421 	sm->ft_pending_cb = wpa_ft_rrb_rx_request_cb;
3422 	sm->ft_pending_cb_ctx = sm;
3423 	os_memcpy(sm->ft_pending_current_ap, current_ap, ETH_ALEN);
3424 	sm->ft_pending_pull_left_retries = sm->wpa_auth->conf.rkh_pull_retries;
3425 	res = wpa_ft_process_auth_req(sm, body, len, &resp_ies,
3426 				      &resp_ies_len);
3427 	if (res < 0) {
3428 		wpa_printf(MSG_DEBUG, "FT: No immediate response available - wait for pull response");
3429 		return 0;
3430 	}
3431 	status = res;
3432 
3433 	res = wpa_ft_send_rrb_auth_resp(sm, current_ap, sta_addr, status,
3434 					resp_ies, resp_ies_len);
3435 	os_free(resp_ies);
3436 	return res;
3437 }
3438 
3439 
wpa_ft_send_rrb_auth_resp(struct wpa_state_machine * sm,const u8 * current_ap,const u8 * sta_addr,u16 status,const u8 * resp_ies,size_t resp_ies_len)3440 static int wpa_ft_send_rrb_auth_resp(struct wpa_state_machine *sm,
3441 				     const u8 *current_ap, const u8 *sta_addr,
3442 				     u16 status, const u8 *resp_ies,
3443 				     size_t resp_ies_len)
3444 {
3445 	struct wpa_authenticator *wpa_auth = sm->wpa_auth;
3446 	size_t rlen;
3447 	struct ft_rrb_frame *frame;
3448 	u8 *pos;
3449 
3450 	wpa_printf(MSG_DEBUG, "FT: RRB authentication response: STA=" MACSTR
3451 		   " CurrentAP=" MACSTR " status=%d",
3452 		   MAC2STR(sm->addr), MAC2STR(current_ap), status);
3453 	wpa_hexdump(MSG_DEBUG, "FT: Response IEs", resp_ies, resp_ies_len);
3454 
3455 	/* RRB - Forward action frame response to the Current AP */
3456 
3457 	/*
3458 	 * data: Category[1] Action[1] STA_Address[6] Target_AP_Address[6]
3459 	 * Status_Code[2] FT Request action frame body[variable]
3460 	 */
3461 	rlen = 2 + 2 * ETH_ALEN + 2 + resp_ies_len;
3462 
3463 	frame = os_malloc(sizeof(*frame) + rlen);
3464 	if (frame == NULL)
3465 		return -1;
3466 	frame->frame_type = RSN_REMOTE_FRAME_TYPE_FT_RRB;
3467 	frame->packet_type = FT_PACKET_RESPONSE;
3468 	frame->action_length = host_to_le16(rlen);
3469 	os_memcpy(frame->ap_address, wpa_auth->addr, ETH_ALEN);
3470 	pos = (u8 *) (frame + 1);
3471 	*pos++ = WLAN_ACTION_FT;
3472 	*pos++ = 2; /* Action: Response */
3473 	os_memcpy(pos, sta_addr, ETH_ALEN);
3474 	pos += ETH_ALEN;
3475 	os_memcpy(pos, wpa_auth->addr, ETH_ALEN);
3476 	pos += ETH_ALEN;
3477 	WPA_PUT_LE16(pos, status);
3478 	pos += 2;
3479 	if (resp_ies)
3480 		os_memcpy(pos, resp_ies, resp_ies_len);
3481 
3482 	wpa_ft_rrb_send(wpa_auth, current_ap, (u8 *) frame,
3483 			sizeof(*frame) + rlen);
3484 	os_free(frame);
3485 
3486 	return 0;
3487 }
3488 
3489 
wpa_ft_rrb_build_r0(const u8 * key,const size_t key_len,const struct tlv_list * tlvs,const struct wpa_ft_pmk_r0_sa * pmk_r0,const u8 * r1kh_id,const u8 * s1kh_id,const struct tlv_list * tlv_auth,const u8 * src_addr,u8 type,u8 ** packet,size_t * packet_len)3490 static int wpa_ft_rrb_build_r0(const u8 *key, const size_t key_len,
3491 			       const struct tlv_list *tlvs,
3492 			       const struct wpa_ft_pmk_r0_sa *pmk_r0,
3493 			       const u8 *r1kh_id, const u8 *s1kh_id,
3494 			       const struct tlv_list *tlv_auth,
3495 			       const u8 *src_addr, u8 type,
3496 			       u8 **packet, size_t *packet_len)
3497 {
3498 	u8 pmk_r1[PMK_LEN_MAX];
3499 	size_t pmk_r1_len = pmk_r0->pmk_r0_len;
3500 	u8 pmk_r1_name[WPA_PMK_NAME_LEN];
3501 	u8 f_pairwise[sizeof(le16)];
3502 	u8 f_expires_in[sizeof(le16)];
3503 	u8 f_session_timeout[sizeof(le32)];
3504 	int expires_in;
3505 	int session_timeout;
3506 	struct os_reltime now;
3507 	int ret;
3508 	struct tlv_list sess_tlv[] = {
3509 		{ .type = FT_RRB_PMK_R1, .len = pmk_r1_len,
3510 		  .data = pmk_r1 },
3511 		{ .type = FT_RRB_PMK_R1_NAME, .len = sizeof(pmk_r1_name),
3512 		  .data = pmk_r1_name },
3513 		{ .type = FT_RRB_PAIRWISE, .len = sizeof(f_pairwise),
3514 		  .data = f_pairwise },
3515 		{ .type = FT_RRB_EXPIRES_IN, .len = sizeof(f_expires_in),
3516 		  .data = f_expires_in },
3517 		{ .type = FT_RRB_IDENTITY, .len = pmk_r0->identity_len,
3518 		  .data = pmk_r0->identity },
3519 		{ .type = FT_RRB_RADIUS_CUI, .len = pmk_r0->radius_cui_len,
3520 		  .data = pmk_r0->radius_cui },
3521 		{ .type = FT_RRB_SESSION_TIMEOUT,
3522 		  .len = sizeof(f_session_timeout),
3523 		  .data = f_session_timeout },
3524 		{ .type = FT_RRB_LAST_EMPTY, .len = 0, .data = NULL },
3525 	};
3526 
3527 	if (wpa_derive_pmk_r1(pmk_r0->pmk_r0, pmk_r0->pmk_r0_len,
3528 			      pmk_r0->pmk_r0_name, r1kh_id,
3529 			      s1kh_id, pmk_r1, pmk_r1_name) < 0)
3530 		return -1;
3531 	wpa_hexdump_key(MSG_DEBUG, "FT: PMK-R1 (for peer AP)",
3532 			pmk_r1, pmk_r1_len);
3533 	wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name (for peer AP)",
3534 		    pmk_r1_name, WPA_PMK_NAME_LEN);
3535 	WPA_PUT_LE16(f_pairwise, pmk_r0->pairwise);
3536 
3537 	os_get_reltime(&now);
3538 	if (pmk_r0->expiration > now.sec)
3539 		expires_in = pmk_r0->expiration - now.sec;
3540 	else if (pmk_r0->expiration)
3541 		expires_in = 1;
3542 	else
3543 		expires_in = 0;
3544 	WPA_PUT_LE16(f_expires_in, expires_in);
3545 
3546 	if (pmk_r0->session_timeout > now.sec)
3547 		session_timeout = pmk_r0->session_timeout - now.sec;
3548 	else if (pmk_r0->session_timeout)
3549 		session_timeout = 1;
3550 	else
3551 		session_timeout = 0;
3552 	WPA_PUT_LE32(f_session_timeout, session_timeout);
3553 
3554 	ret = wpa_ft_rrb_build(key, key_len, tlvs, sess_tlv, tlv_auth,
3555 			       pmk_r0->vlan, src_addr, type,
3556 			       packet, packet_len);
3557 
3558 	os_memset(pmk_r1, 0, sizeof(pmk_r1));
3559 
3560 	return ret;
3561 }
3562 
3563 
wpa_ft_rrb_rx_pull(struct wpa_authenticator * wpa_auth,const u8 * src_addr,const u8 * enc,size_t enc_len,const u8 * auth,size_t auth_len,int no_defer)3564 static int wpa_ft_rrb_rx_pull(struct wpa_authenticator *wpa_auth,
3565 			      const u8 *src_addr,
3566 			      const u8 *enc, size_t enc_len,
3567 			      const u8 *auth, size_t auth_len,
3568 			      int no_defer)
3569 {
3570 	const char *msgtype = "pull request";
3571 	u8 *plain = NULL, *packet = NULL;
3572 	size_t plain_len = 0, packet_len = 0;
3573 	struct ft_remote_r1kh *r1kh, *r1kh_wildcard;
3574 	const u8 *key;
3575 	size_t key_len;
3576 	int seq_ret;
3577 	const u8 *f_nonce, *f_r0kh_id, *f_r1kh_id, *f_s1kh_id, *f_pmk_r0_name;
3578 	size_t f_nonce_len, f_r0kh_id_len, f_r1kh_id_len, f_s1kh_id_len;
3579 	size_t f_pmk_r0_name_len;
3580 	const struct wpa_ft_pmk_r0_sa *r0;
3581 	int ret;
3582 	struct tlv_list resp[2];
3583 	struct tlv_list resp_auth[5];
3584 	struct ft_rrb_seq f_seq;
3585 
3586 	wpa_printf(MSG_DEBUG, "FT: Received PMK-R1 pull");
3587 
3588 	RRB_GET_AUTH(FT_RRB_R0KH_ID, r0kh_id, msgtype, -1);
3589 	wpa_hexdump(MSG_DEBUG, "FT: R0KH-ID", f_r0kh_id, f_r0kh_id_len);
3590 
3591 	if (wpa_ft_rrb_check_r0kh(wpa_auth, f_r0kh_id, f_r0kh_id_len)) {
3592 		wpa_printf(MSG_DEBUG, "FT: R0KH-ID mismatch");
3593 		goto out;
3594 	}
3595 
3596 	RRB_GET_AUTH(FT_RRB_R1KH_ID, r1kh_id, msgtype, FT_R1KH_ID_LEN);
3597 	wpa_printf(MSG_DEBUG, "FT: R1KH-ID=" MACSTR, MAC2STR(f_r1kh_id));
3598 
3599 	wpa_ft_rrb_lookup_r1kh(wpa_auth, f_r1kh_id, &r1kh, &r1kh_wildcard);
3600 	if (r1kh) {
3601 		key = r1kh->key;
3602 		key_len = sizeof(r1kh->key);
3603 	} else if (r1kh_wildcard) {
3604 		wpa_printf(MSG_DEBUG, "FT: Using wildcard R1KH-ID");
3605 		key = r1kh_wildcard->key;
3606 		key_len = sizeof(r1kh_wildcard->key);
3607 	} else {
3608 		goto out;
3609 	}
3610 
3611 	RRB_GET_AUTH(FT_RRB_NONCE, nonce, "pull request", FT_RRB_NONCE_LEN);
3612 	wpa_hexdump(MSG_DEBUG, "FT: nonce", f_nonce, f_nonce_len);
3613 
3614 	seq_ret = FT_RRB_SEQ_DROP;
3615 	if (r1kh)
3616 		seq_ret = wpa_ft_rrb_seq_chk(r1kh->seq, src_addr, enc, enc_len,
3617 					     auth, auth_len, msgtype, no_defer);
3618 	if (!no_defer && r1kh_wildcard &&
3619 	    (!r1kh || os_memcmp(r1kh->addr, src_addr, ETH_ALEN) != 0)) {
3620 		/* wildcard: r1kh-id unknown or changed addr -> do a seq req */
3621 		seq_ret = FT_RRB_SEQ_DEFER;
3622 	}
3623 
3624 	if (seq_ret == FT_RRB_SEQ_DROP)
3625 		goto out;
3626 
3627 	if (wpa_ft_rrb_decrypt(key, key_len, enc, enc_len, auth, auth_len,
3628 			       src_addr, FT_PACKET_R0KH_R1KH_PULL,
3629 			       &plain, &plain_len) < 0)
3630 		goto out;
3631 
3632 	if (!r1kh)
3633 		r1kh = wpa_ft_rrb_add_r1kh(wpa_auth, r1kh_wildcard, src_addr,
3634 					   f_r1kh_id,
3635 					   wpa_auth->conf.rkh_pos_timeout);
3636 	if (!r1kh)
3637 		goto out;
3638 
3639 	if (seq_ret == FT_RRB_SEQ_DEFER) {
3640 		wpa_ft_rrb_seq_req(wpa_auth, r1kh->seq, src_addr, f_r0kh_id,
3641 				   f_r0kh_id_len, f_r1kh_id, key, key_len,
3642 				   enc, enc_len, auth, auth_len,
3643 				   &wpa_ft_rrb_rx_pull);
3644 		goto out;
3645 	}
3646 
3647 	wpa_ft_rrb_seq_accept(wpa_auth, r1kh->seq, src_addr, auth, auth_len,
3648 			      msgtype);
3649 	wpa_ft_rrb_r1kh_replenish(wpa_auth, r1kh,
3650 				  wpa_auth->conf.rkh_pos_timeout);
3651 
3652 	RRB_GET(FT_RRB_PMK_R0_NAME, pmk_r0_name, msgtype, WPA_PMK_NAME_LEN);
3653 	wpa_hexdump(MSG_DEBUG, "FT: PMKR0Name", f_pmk_r0_name,
3654 		    f_pmk_r0_name_len);
3655 
3656 	RRB_GET(FT_RRB_S1KH_ID, s1kh_id, msgtype, ETH_ALEN);
3657 	wpa_printf(MSG_DEBUG, "FT: S1KH-ID=" MACSTR, MAC2STR(f_s1kh_id));
3658 
3659 	if (wpa_ft_new_seq(r1kh->seq, &f_seq) < 0) {
3660 		wpa_printf(MSG_DEBUG, "FT: Failed to get seq num");
3661 		goto out;
3662 	}
3663 
3664 	resp[0].type = FT_RRB_S1KH_ID;
3665 	resp[0].len = f_s1kh_id_len;
3666 	resp[0].data = f_s1kh_id;
3667 	resp[1].type = FT_RRB_LAST_EMPTY;
3668 	resp[1].len = 0;
3669 	resp[1].data = NULL;
3670 
3671 	resp_auth[0].type = FT_RRB_NONCE;
3672 	resp_auth[0].len = f_nonce_len;
3673 	resp_auth[0].data = f_nonce;
3674 	resp_auth[1].type = FT_RRB_SEQ;
3675 	resp_auth[1].len = sizeof(f_seq);
3676 	resp_auth[1].data = (u8 *) &f_seq;
3677 	resp_auth[2].type = FT_RRB_R0KH_ID;
3678 	resp_auth[2].len = f_r0kh_id_len;
3679 	resp_auth[2].data = f_r0kh_id;
3680 	resp_auth[3].type = FT_RRB_R1KH_ID;
3681 	resp_auth[3].len = f_r1kh_id_len;
3682 	resp_auth[3].data = f_r1kh_id;
3683 	resp_auth[4].type = FT_RRB_LAST_EMPTY;
3684 	resp_auth[4].len = 0;
3685 	resp_auth[4].data = NULL;
3686 
3687 	if (wpa_ft_fetch_pmk_r0(wpa_auth, f_s1kh_id, f_pmk_r0_name, &r0) < 0) {
3688 		wpa_printf(MSG_DEBUG, "FT: No matching PMK-R0-Name found");
3689 		ret = wpa_ft_rrb_build(key, key_len, resp, NULL, resp_auth,
3690 				       NULL, wpa_auth->addr,
3691 				       FT_PACKET_R0KH_R1KH_RESP,
3692 				       &packet, &packet_len);
3693 	} else {
3694 		ret = wpa_ft_rrb_build_r0(key, key_len, resp, r0, f_r1kh_id,
3695 					  f_s1kh_id, resp_auth, wpa_auth->addr,
3696 					  FT_PACKET_R0KH_R1KH_RESP,
3697 					  &packet, &packet_len);
3698 	}
3699 
3700 	if (!ret)
3701 		wpa_ft_rrb_oui_send(wpa_auth, src_addr,
3702 				    FT_PACKET_R0KH_R1KH_RESP, packet,
3703 				    packet_len);
3704 
3705 out:
3706 	os_free(plain);
3707 	os_free(packet);
3708 
3709 	return 0;
3710 }
3711 
3712 
3713 /* @returns  0 on success
3714  *          -1 on error
3715  *          -2 if FR_RRB_PAIRWISE is missing
3716  */
wpa_ft_rrb_rx_r1(struct wpa_authenticator * wpa_auth,const u8 * src_addr,u8 type,const u8 * enc,size_t enc_len,const u8 * auth,size_t auth_len,const char * msgtype,u8 * s1kh_id_out,int (* cb)(struct wpa_authenticator * wpa_auth,const u8 * src_addr,const u8 * enc,size_t enc_len,const u8 * auth,size_t auth_len,int no_defer))3717 static int wpa_ft_rrb_rx_r1(struct wpa_authenticator *wpa_auth,
3718 			    const u8 *src_addr, u8 type,
3719 			    const u8 *enc, size_t enc_len,
3720 			    const u8 *auth, size_t auth_len,
3721 			    const char *msgtype, u8 *s1kh_id_out,
3722 			    int (*cb)(struct wpa_authenticator *wpa_auth,
3723 				      const u8 *src_addr,
3724 				      const u8 *enc, size_t enc_len,
3725 				      const u8 *auth, size_t auth_len,
3726 				      int no_defer))
3727 {
3728 	u8 *plain = NULL;
3729 	size_t plain_len = 0;
3730 	struct ft_remote_r0kh *r0kh, *r0kh_wildcard;
3731 	const u8 *key;
3732 	size_t key_len;
3733 	int seq_ret;
3734 	const u8 *f_r1kh_id, *f_s1kh_id, *f_r0kh_id;
3735 	const u8 *f_pmk_r1_name, *f_pairwise, *f_pmk_r1;
3736 	const u8 *f_expires_in;
3737 	size_t f_r1kh_id_len, f_s1kh_id_len, f_r0kh_id_len;
3738 	const u8 *f_identity, *f_radius_cui;
3739 	const u8 *f_session_timeout;
3740 	size_t f_pmk_r1_name_len, f_pairwise_len, f_pmk_r1_len;
3741 	size_t f_expires_in_len;
3742 	size_t f_identity_len, f_radius_cui_len;
3743 	size_t f_session_timeout_len;
3744 	int pairwise;
3745 	int ret = -1;
3746 	int expires_in;
3747 	int session_timeout;
3748 	struct vlan_description vlan;
3749 	size_t pmk_r1_len;
3750 
3751 	RRB_GET_AUTH(FT_RRB_R0KH_ID, r0kh_id, msgtype, -1);
3752 	wpa_hexdump(MSG_DEBUG, "FT: R0KH-ID", f_r0kh_id, f_r0kh_id_len);
3753 
3754 	RRB_GET_AUTH(FT_RRB_R1KH_ID, r1kh_id, msgtype, FT_R1KH_ID_LEN);
3755 	wpa_printf(MSG_DEBUG, "FT: R1KH-ID=" MACSTR, MAC2STR(f_r1kh_id));
3756 
3757 	if (wpa_ft_rrb_check_r1kh(wpa_auth, f_r1kh_id)) {
3758 		wpa_printf(MSG_DEBUG, "FT: R1KH-ID mismatch");
3759 		goto out;
3760 	}
3761 
3762 	wpa_ft_rrb_lookup_r0kh(wpa_auth, f_r0kh_id, f_r0kh_id_len, &r0kh,
3763 			       &r0kh_wildcard);
3764 	if (r0kh) {
3765 		key = r0kh->key;
3766 		key_len = sizeof(r0kh->key);
3767 	} else if (r0kh_wildcard) {
3768 		wpa_printf(MSG_DEBUG, "FT: Using wildcard R0KH-ID");
3769 		key = r0kh_wildcard->key;
3770 		key_len = sizeof(r0kh_wildcard->key);
3771 	} else {
3772 		goto out;
3773 	}
3774 
3775 	seq_ret = FT_RRB_SEQ_DROP;
3776 	if (r0kh) {
3777 		seq_ret = wpa_ft_rrb_seq_chk(r0kh->seq, src_addr, enc, enc_len,
3778 					     auth, auth_len, msgtype,
3779 					     cb ? 0 : 1);
3780 	}
3781 	if (cb && r0kh_wildcard &&
3782 	    (!r0kh || os_memcmp(r0kh->addr, src_addr, ETH_ALEN) != 0)) {
3783 		/* wildcard: r0kh-id unknown or changed addr -> do a seq req */
3784 		seq_ret = FT_RRB_SEQ_DEFER;
3785 	}
3786 
3787 	if (seq_ret == FT_RRB_SEQ_DROP)
3788 		goto out;
3789 
3790 	if (wpa_ft_rrb_decrypt(key, key_len, enc, enc_len, auth, auth_len,
3791 			       src_addr, type, &plain, &plain_len) < 0)
3792 		goto out;
3793 
3794 	if (!r0kh)
3795 		r0kh = wpa_ft_rrb_add_r0kh(wpa_auth, r0kh_wildcard, src_addr,
3796 					   f_r0kh_id, f_r0kh_id_len,
3797 					   wpa_auth->conf.rkh_pos_timeout);
3798 	if (!r0kh)
3799 		goto out;
3800 
3801 	if (seq_ret == FT_RRB_SEQ_DEFER) {
3802 		wpa_ft_rrb_seq_req(wpa_auth, r0kh->seq, src_addr, f_r0kh_id,
3803 				   f_r0kh_id_len, f_r1kh_id, key, key_len,
3804 				   enc, enc_len, auth, auth_len, cb);
3805 		goto out;
3806 	}
3807 
3808 	wpa_ft_rrb_seq_accept(wpa_auth, r0kh->seq, src_addr, auth, auth_len,
3809 			      msgtype);
3810 	wpa_ft_rrb_r0kh_replenish(wpa_auth, r0kh,
3811 				  wpa_auth->conf.rkh_pos_timeout);
3812 
3813 	RRB_GET(FT_RRB_S1KH_ID, s1kh_id, msgtype, ETH_ALEN);
3814 	wpa_printf(MSG_DEBUG, "FT: S1KH-ID=" MACSTR, MAC2STR(f_s1kh_id));
3815 
3816 	if (s1kh_id_out)
3817 		os_memcpy(s1kh_id_out, f_s1kh_id, ETH_ALEN);
3818 
3819 	ret = -2;
3820 	RRB_GET(FT_RRB_PAIRWISE, pairwise, msgtype, sizeof(le16));
3821 	wpa_hexdump(MSG_DEBUG, "FT: pairwise", f_pairwise, f_pairwise_len);
3822 
3823 	ret = -1;
3824 	RRB_GET(FT_RRB_PMK_R1_NAME, pmk_r1_name, msgtype, WPA_PMK_NAME_LEN);
3825 	wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name",
3826 		    f_pmk_r1_name, WPA_PMK_NAME_LEN);
3827 
3828 	pmk_r1_len = PMK_LEN;
3829 	if (wpa_ft_rrb_get_tlv(plain, plain_len, FT_RRB_PMK_R1, &f_pmk_r1_len,
3830 			       &f_pmk_r1) == 0 &&
3831 	    (f_pmk_r1_len == PMK_LEN || f_pmk_r1_len == SHA384_MAC_LEN))
3832 		pmk_r1_len = f_pmk_r1_len;
3833 	RRB_GET(FT_RRB_PMK_R1, pmk_r1, msgtype, pmk_r1_len);
3834 	wpa_hexdump_key(MSG_DEBUG, "FT: PMK-R1", f_pmk_r1, pmk_r1_len);
3835 
3836 	pairwise = WPA_GET_LE16(f_pairwise);
3837 
3838 	RRB_GET_OPTIONAL(FT_RRB_EXPIRES_IN, expires_in, msgtype,
3839 			 sizeof(le16));
3840 	if (f_expires_in)
3841 		expires_in = WPA_GET_LE16(f_expires_in);
3842 	else
3843 		expires_in = 0;
3844 
3845 	wpa_printf(MSG_DEBUG, "FT: PMK-R1 %s - expires_in=%d", msgtype,
3846 		   expires_in);
3847 
3848 	if (wpa_ft_rrb_get_tlv_vlan(plain, plain_len, &vlan) < 0) {
3849 		wpa_printf(MSG_DEBUG, "FT: Cannot parse vlan");
3850 		wpa_ft_rrb_dump(plain, plain_len);
3851 		goto out;
3852 	}
3853 
3854 	wpa_printf(MSG_DEBUG, "FT: vlan %d%s",
3855 		   le_to_host16(vlan.untagged), vlan.tagged[0] ? "+" : "");
3856 
3857 	RRB_GET_OPTIONAL(FT_RRB_IDENTITY, identity, msgtype, -1);
3858 	if (f_identity)
3859 		wpa_hexdump_ascii(MSG_DEBUG, "FT: Identity", f_identity,
3860 				  f_identity_len);
3861 
3862 	RRB_GET_OPTIONAL(FT_RRB_RADIUS_CUI, radius_cui, msgtype, -1);
3863 	if (f_radius_cui)
3864 		wpa_hexdump_ascii(MSG_DEBUG, "FT: CUI", f_radius_cui,
3865 				  f_radius_cui_len);
3866 
3867 	RRB_GET_OPTIONAL(FT_RRB_SESSION_TIMEOUT, session_timeout, msgtype,
3868 			 sizeof(le32));
3869 	if (f_session_timeout)
3870 		session_timeout = WPA_GET_LE32(f_session_timeout);
3871 	else
3872 		session_timeout = 0;
3873 	wpa_printf(MSG_DEBUG, "FT: session_timeout %d", session_timeout);
3874 
3875 	if (wpa_ft_store_pmk_r1(wpa_auth, f_s1kh_id, f_pmk_r1, pmk_r1_len,
3876 				f_pmk_r1_name,
3877 				pairwise, &vlan, expires_in, session_timeout,
3878 				f_identity, f_identity_len, f_radius_cui,
3879 				f_radius_cui_len) < 0)
3880 		goto out;
3881 
3882 	ret = 0;
3883 out:
3884 	if (plain) {
3885 		os_memset(plain, 0, plain_len);
3886 		os_free(plain);
3887 	}
3888 
3889 	return ret;
3890 
3891 }
3892 
3893 
ft_finish_pull(struct wpa_state_machine * sm)3894 static void ft_finish_pull(struct wpa_state_machine *sm)
3895 {
3896 	int res;
3897 	u8 *resp_ies;
3898 	size_t resp_ies_len;
3899 	u16 status;
3900 
3901 	if (!sm->ft_pending_cb || !sm->ft_pending_req_ies)
3902 		return;
3903 
3904 	res = wpa_ft_process_auth_req(sm, wpabuf_head(sm->ft_pending_req_ies),
3905 				      wpabuf_len(sm->ft_pending_req_ies),
3906 				      &resp_ies, &resp_ies_len);
3907 	if (res < 0) {
3908 		/* this loop is broken by ft_pending_pull_left_retries */
3909 		wpa_printf(MSG_DEBUG,
3910 			   "FT: Callback postponed until response is available");
3911 		return;
3912 	}
3913 	wpabuf_free(sm->ft_pending_req_ies);
3914 	sm->ft_pending_req_ies = NULL;
3915 	status = res;
3916 	wpa_printf(MSG_DEBUG, "FT: Postponed auth callback result for " MACSTR
3917 		   " - status %u", MAC2STR(sm->addr), status);
3918 
3919 	sm->ft_pending_cb(sm->ft_pending_cb_ctx, sm->addr, sm->wpa_auth->addr,
3920 			  sm->ft_pending_auth_transaction + 1, status,
3921 			  resp_ies, resp_ies_len);
3922 	os_free(resp_ies);
3923 }
3924 
3925 
3926 struct ft_get_sta_ctx {
3927 	const u8 *nonce;
3928 	const u8 *s1kh_id;
3929 	struct wpa_state_machine *sm;
3930 };
3931 
3932 
ft_get_sta_cb(struct wpa_state_machine * sm,void * ctx)3933 static int ft_get_sta_cb(struct wpa_state_machine *sm, void *ctx)
3934 {
3935 	struct ft_get_sta_ctx *info = ctx;
3936 
3937 	if ((info->s1kh_id &&
3938 	     os_memcmp(info->s1kh_id, sm->addr, ETH_ALEN) != 0) ||
3939 	    os_memcmp(info->nonce, sm->ft_pending_pull_nonce,
3940 		      FT_RRB_NONCE_LEN) != 0 ||
3941 	    sm->ft_pending_cb == NULL || sm->ft_pending_req_ies == NULL)
3942 		return 0;
3943 
3944 	info->sm = sm;
3945 
3946 	return 1;
3947 }
3948 
3949 
wpa_ft_rrb_rx_resp(struct wpa_authenticator * wpa_auth,const u8 * src_addr,const u8 * enc,size_t enc_len,const u8 * auth,size_t auth_len,int no_defer)3950 static int wpa_ft_rrb_rx_resp(struct wpa_authenticator *wpa_auth,
3951 			      const u8 *src_addr,
3952 			      const u8 *enc, size_t enc_len,
3953 			      const u8 *auth, size_t auth_len,
3954 			      int no_defer)
3955 {
3956 	const char *msgtype = "pull response";
3957 	int nak, ret = -1;
3958 	struct ft_get_sta_ctx ctx;
3959 	u8 s1kh_id[ETH_ALEN];
3960 	const u8 *f_nonce;
3961 	size_t f_nonce_len;
3962 
3963 	wpa_printf(MSG_DEBUG, "FT: Received PMK-R1 pull response");
3964 
3965 	RRB_GET_AUTH(FT_RRB_NONCE, nonce, msgtype, FT_RRB_NONCE_LEN);
3966 	wpa_hexdump(MSG_DEBUG, "FT: nonce", f_nonce, f_nonce_len);
3967 
3968 	os_memset(&ctx, 0, sizeof(ctx));
3969 	ctx.nonce = f_nonce;
3970 	if (!wpa_auth_for_each_sta(wpa_auth, ft_get_sta_cb, &ctx)) {
3971 		/* nonce not found */
3972 		wpa_printf(MSG_DEBUG, "FT: Invalid nonce");
3973 		return -1;
3974 	}
3975 
3976 	ret = wpa_ft_rrb_rx_r1(wpa_auth, src_addr, FT_PACKET_R0KH_R1KH_RESP,
3977 			       enc, enc_len, auth, auth_len, msgtype, s1kh_id,
3978 			       no_defer ? NULL : &wpa_ft_rrb_rx_resp);
3979 	if (ret == -2) {
3980 		ret = 0;
3981 		nak = 1;
3982 	} else {
3983 		nak = 0;
3984 	}
3985 	if (ret < 0)
3986 		return -1;
3987 
3988 	ctx.s1kh_id = s1kh_id;
3989 	if (wpa_auth_for_each_sta(wpa_auth, ft_get_sta_cb, &ctx)) {
3990 		wpa_printf(MSG_DEBUG,
3991 			   "FT: Response to a pending pull request for " MACSTR,
3992 			   MAC2STR(ctx.sm->addr));
3993 		eloop_cancel_timeout(wpa_ft_expire_pull, ctx.sm, NULL);
3994 		if (nak)
3995 			ctx.sm->ft_pending_pull_left_retries = 0;
3996 		ft_finish_pull(ctx.sm);
3997 	}
3998 
3999 out:
4000 	return ret;
4001 }
4002 
4003 
wpa_ft_rrb_rx_push(struct wpa_authenticator * wpa_auth,const u8 * src_addr,const u8 * enc,size_t enc_len,const u8 * auth,size_t auth_len,int no_defer)4004 static int wpa_ft_rrb_rx_push(struct wpa_authenticator *wpa_auth,
4005 			      const u8 *src_addr,
4006 			      const u8 *enc, size_t enc_len,
4007 			      const u8 *auth, size_t auth_len, int no_defer)
4008 {
4009 	const char *msgtype = "push";
4010 
4011 	wpa_printf(MSG_DEBUG, "FT: Received PMK-R1 push");
4012 
4013 	if (wpa_ft_rrb_rx_r1(wpa_auth, src_addr, FT_PACKET_R0KH_R1KH_PUSH,
4014 			     enc, enc_len, auth, auth_len, msgtype, NULL,
4015 			     no_defer ? NULL : wpa_ft_rrb_rx_push) < 0)
4016 		return -1;
4017 
4018 	return 0;
4019 }
4020 
4021 
wpa_ft_rrb_rx_seq(struct wpa_authenticator * wpa_auth,const u8 * src_addr,int type,const u8 * enc,size_t enc_len,const u8 * auth,size_t auth_len,struct ft_remote_seq ** rkh_seq,u8 ** key,size_t * key_len,struct ft_remote_r0kh ** r0kh_out,struct ft_remote_r1kh ** r1kh_out,struct ft_remote_r0kh ** r0kh_wildcard_out,struct ft_remote_r1kh ** r1kh_wildcard_out)4022 static int wpa_ft_rrb_rx_seq(struct wpa_authenticator *wpa_auth,
4023 			     const u8 *src_addr, int type,
4024 			     const u8 *enc, size_t enc_len,
4025 			     const u8 *auth, size_t auth_len,
4026 			     struct ft_remote_seq **rkh_seq,
4027 			     u8 **key, size_t *key_len,
4028 			     struct ft_remote_r0kh **r0kh_out,
4029 			     struct ft_remote_r1kh **r1kh_out,
4030 			     struct ft_remote_r0kh **r0kh_wildcard_out,
4031 			     struct ft_remote_r1kh **r1kh_wildcard_out)
4032 {
4033 	struct ft_remote_r0kh *r0kh = NULL;
4034 	struct ft_remote_r1kh *r1kh = NULL;
4035 	const u8 *f_r0kh_id, *f_r1kh_id;
4036 	size_t f_r0kh_id_len, f_r1kh_id_len;
4037 	int to_r0kh, to_r1kh;
4038 	u8 *plain = NULL;
4039 	size_t plain_len = 0;
4040 	struct ft_remote_r0kh *r0kh_wildcard;
4041 	struct ft_remote_r1kh *r1kh_wildcard;
4042 
4043 	RRB_GET_AUTH(FT_RRB_R0KH_ID, r0kh_id, "seq", -1);
4044 	RRB_GET_AUTH(FT_RRB_R1KH_ID, r1kh_id, "seq", FT_R1KH_ID_LEN);
4045 
4046 	to_r0kh = !wpa_ft_rrb_check_r0kh(wpa_auth, f_r0kh_id, f_r0kh_id_len);
4047 	to_r1kh = !wpa_ft_rrb_check_r1kh(wpa_auth, f_r1kh_id);
4048 
4049 	if (to_r0kh && to_r1kh) {
4050 		wpa_printf(MSG_DEBUG, "FT: seq - local R0KH-ID and R1KH-ID");
4051 		goto out;
4052 	}
4053 
4054 	if (!to_r0kh && !to_r1kh) {
4055 		wpa_printf(MSG_DEBUG, "FT: seq - remote R0KH-ID and R1KH-ID");
4056 		goto out;
4057 	}
4058 
4059 	if (!to_r0kh) {
4060 		wpa_ft_rrb_lookup_r0kh(wpa_auth, f_r0kh_id, f_r0kh_id_len,
4061 				       &r0kh, &r0kh_wildcard);
4062 		if (!r0kh_wildcard &&
4063 		    (!r0kh || os_memcmp(r0kh->addr, src_addr, ETH_ALEN) != 0)) {
4064 			wpa_hexdump(MSG_DEBUG, "FT: Did not find R0KH-ID",
4065 				    f_r0kh_id, f_r0kh_id_len);
4066 			goto out;
4067 		}
4068 		if (r0kh) {
4069 			*key = r0kh->key;
4070 			*key_len = sizeof(r0kh->key);
4071 		} else {
4072 			*key = r0kh_wildcard->key;
4073 			*key_len = sizeof(r0kh_wildcard->key);
4074 		}
4075 	}
4076 
4077 	if (!to_r1kh) {
4078 		wpa_ft_rrb_lookup_r1kh(wpa_auth, f_r1kh_id, &r1kh,
4079 				       &r1kh_wildcard);
4080 		if (!r1kh_wildcard &&
4081 		    (!r1kh || os_memcmp(r1kh->addr, src_addr, ETH_ALEN) != 0)) {
4082 			wpa_hexdump(MSG_DEBUG, "FT: Did not find R1KH-ID",
4083 				    f_r1kh_id, FT_R1KH_ID_LEN);
4084 			goto out;
4085 		}
4086 		if (r1kh) {
4087 			*key = r1kh->key;
4088 			*key_len = sizeof(r1kh->key);
4089 		} else {
4090 			*key = r1kh_wildcard->key;
4091 			*key_len = sizeof(r1kh_wildcard->key);
4092 		}
4093 	}
4094 
4095 	if (wpa_ft_rrb_decrypt(*key, *key_len, enc, enc_len, auth, auth_len,
4096 			       src_addr, type, &plain, &plain_len) < 0)
4097 		goto out;
4098 
4099 	os_free(plain);
4100 
4101 	if (!to_r0kh) {
4102 		if (!r0kh)
4103 			r0kh = wpa_ft_rrb_add_r0kh(wpa_auth, r0kh_wildcard,
4104 						   src_addr, f_r0kh_id,
4105 						   f_r0kh_id_len,
4106 						   ftRRBseqTimeout);
4107 		if (!r0kh)
4108 			goto out;
4109 
4110 		wpa_ft_rrb_r0kh_replenish(wpa_auth, r0kh, ftRRBseqTimeout);
4111 		*rkh_seq = r0kh->seq;
4112 		if (r0kh_out)
4113 			*r0kh_out = r0kh;
4114 		if (r0kh_wildcard_out)
4115 			*r0kh_wildcard_out = r0kh_wildcard;
4116 	}
4117 
4118 	if (!to_r1kh) {
4119 		if (!r1kh)
4120 			r1kh = wpa_ft_rrb_add_r1kh(wpa_auth, r1kh_wildcard,
4121 						   src_addr, f_r1kh_id,
4122 						   ftRRBseqTimeout);
4123 		if (!r1kh)
4124 			goto out;
4125 
4126 		wpa_ft_rrb_r1kh_replenish(wpa_auth, r1kh, ftRRBseqTimeout);
4127 		*rkh_seq = r1kh->seq;
4128 		if (r1kh_out)
4129 			*r1kh_out = r1kh;
4130 		if (r1kh_wildcard_out)
4131 			*r1kh_wildcard_out = r1kh_wildcard;
4132 	}
4133 
4134 	return 0;
4135 out:
4136 	return -1;
4137 }
4138 
4139 
wpa_ft_rrb_rx_seq_req(struct wpa_authenticator * wpa_auth,const u8 * src_addr,const u8 * enc,size_t enc_len,const u8 * auth,size_t auth_len,int no_defer)4140 static int wpa_ft_rrb_rx_seq_req(struct wpa_authenticator *wpa_auth,
4141 				 const u8 *src_addr,
4142 				 const u8 *enc, size_t enc_len,
4143 				 const u8 *auth, size_t auth_len,
4144 				 int no_defer)
4145 {
4146 	int ret = -1;
4147 	struct ft_rrb_seq f_seq;
4148 	const u8 *f_nonce, *f_r0kh_id, *f_r1kh_id;
4149 	size_t f_nonce_len, f_r0kh_id_len, f_r1kh_id_len;
4150 	struct ft_remote_seq *rkh_seq = NULL;
4151 	u8 *packet = NULL, *key = NULL;
4152 	size_t packet_len = 0, key_len = 0;
4153 	struct tlv_list seq_resp_auth[5];
4154 
4155 	wpa_printf(MSG_DEBUG, "FT: Received sequence number request");
4156 
4157 	if (wpa_ft_rrb_rx_seq(wpa_auth, src_addr, FT_PACKET_R0KH_R1KH_SEQ_REQ,
4158 			      enc, enc_len, auth, auth_len, &rkh_seq, &key,
4159 			      &key_len, NULL, NULL, NULL, NULL) < 0)
4160 		goto out;
4161 
4162 	RRB_GET_AUTH(FT_RRB_NONCE, nonce, "seq request", FT_RRB_NONCE_LEN);
4163 	wpa_hexdump(MSG_DEBUG, "FT: seq request - nonce", f_nonce, f_nonce_len);
4164 
4165 	RRB_GET_AUTH(FT_RRB_R0KH_ID, r0kh_id, "seq", -1);
4166 	RRB_GET_AUTH(FT_RRB_R1KH_ID, r1kh_id, "seq", FT_R1KH_ID_LEN);
4167 
4168 	if (wpa_ft_new_seq(rkh_seq, &f_seq) < 0) {
4169 		wpa_printf(MSG_DEBUG, "FT: Failed to get seq num");
4170 		goto out;
4171 	}
4172 
4173 	seq_resp_auth[0].type = FT_RRB_NONCE;
4174 	seq_resp_auth[0].len = f_nonce_len;
4175 	seq_resp_auth[0].data = f_nonce;
4176 	seq_resp_auth[1].type = FT_RRB_SEQ;
4177 	seq_resp_auth[1].len = sizeof(f_seq);
4178 	seq_resp_auth[1].data = (u8 *) &f_seq;
4179 	seq_resp_auth[2].type = FT_RRB_R0KH_ID;
4180 	seq_resp_auth[2].len = f_r0kh_id_len;
4181 	seq_resp_auth[2].data = f_r0kh_id;
4182 	seq_resp_auth[3].type = FT_RRB_R1KH_ID;
4183 	seq_resp_auth[3].len = FT_R1KH_ID_LEN;
4184 	seq_resp_auth[3].data = f_r1kh_id;
4185 	seq_resp_auth[4].type = FT_RRB_LAST_EMPTY;
4186 	seq_resp_auth[4].len = 0;
4187 	seq_resp_auth[4].data = NULL;
4188 
4189 	if (wpa_ft_rrb_build(key, key_len, NULL, NULL, seq_resp_auth, NULL,
4190 			     wpa_auth->addr, FT_PACKET_R0KH_R1KH_SEQ_RESP,
4191 			     &packet, &packet_len) < 0)
4192 		goto out;
4193 
4194 	wpa_ft_rrb_oui_send(wpa_auth, src_addr,
4195 			    FT_PACKET_R0KH_R1KH_SEQ_RESP, packet,
4196 			    packet_len);
4197 
4198 out:
4199 	os_free(packet);
4200 
4201 	return ret;
4202 }
4203 
4204 
wpa_ft_rrb_rx_seq_resp(struct wpa_authenticator * wpa_auth,const u8 * src_addr,const u8 * enc,size_t enc_len,const u8 * auth,size_t auth_len,int no_defer)4205 static int wpa_ft_rrb_rx_seq_resp(struct wpa_authenticator *wpa_auth,
4206 				  const u8 *src_addr,
4207 				  const u8 *enc, size_t enc_len,
4208 				  const u8 *auth, size_t auth_len,
4209 				  int no_defer)
4210 {
4211 	u8 *key = NULL;
4212 	size_t key_len = 0;
4213 	struct ft_remote_r0kh *r0kh = NULL, *r0kh_wildcard = NULL;
4214 	struct ft_remote_r1kh *r1kh = NULL, *r1kh_wildcard = NULL;
4215 	const u8 *f_nonce, *f_seq;
4216 	size_t f_nonce_len, f_seq_len;
4217 	struct ft_remote_seq *rkh_seq = NULL;
4218 	struct ft_remote_item *item;
4219 	struct os_reltime now, now_remote;
4220 	int seq_ret, found;
4221 	const struct ft_rrb_seq *msg_both;
4222 	u32 msg_dom, msg_seq;
4223 
4224 	wpa_printf(MSG_DEBUG, "FT: Received sequence number response");
4225 
4226 	if (wpa_ft_rrb_rx_seq(wpa_auth, src_addr, FT_PACKET_R0KH_R1KH_SEQ_RESP,
4227 			      enc, enc_len, auth, auth_len, &rkh_seq, &key,
4228 			      &key_len, &r0kh, &r1kh, &r0kh_wildcard,
4229 			      &r1kh_wildcard) < 0)
4230 		goto out;
4231 
4232 	RRB_GET_AUTH(FT_RRB_NONCE, nonce, "seq response", FT_RRB_NONCE_LEN);
4233 	wpa_hexdump(MSG_DEBUG, "FT: seq response - nonce", f_nonce,
4234 		    f_nonce_len);
4235 
4236 	found = 0;
4237 	dl_list_for_each(item, &rkh_seq->rx.queue, struct ft_remote_item,
4238 			 list) {
4239 		if (os_memcmp_const(f_nonce, item->nonce,
4240 				    FT_RRB_NONCE_LEN) != 0 ||
4241 		    os_get_reltime(&now) < 0 ||
4242 		    os_reltime_expired(&now, &item->nonce_ts, ftRRBseqTimeout))
4243 			continue;
4244 
4245 		found = 1;
4246 		break;
4247 	}
4248 	if (!found) {
4249 		wpa_printf(MSG_DEBUG, "FT: seq response - bad nonce");
4250 		goto out;
4251 	}
4252 
4253 	if (r0kh) {
4254 		wpa_ft_rrb_r0kh_replenish(wpa_auth, r0kh,
4255 					  wpa_auth->conf.rkh_pos_timeout);
4256 		if (r0kh_wildcard)
4257 			os_memcpy(r0kh->addr, src_addr, ETH_ALEN);
4258 	}
4259 
4260 	if (r1kh) {
4261 		wpa_ft_rrb_r1kh_replenish(wpa_auth, r1kh,
4262 					  wpa_auth->conf.rkh_pos_timeout);
4263 		if (r1kh_wildcard)
4264 			os_memcpy(r1kh->addr, src_addr, ETH_ALEN);
4265 	}
4266 
4267 	seq_ret = wpa_ft_rrb_seq_chk(rkh_seq, src_addr, enc, enc_len, auth,
4268 				     auth_len, "seq response", 1);
4269 	if (seq_ret == FT_RRB_SEQ_OK) {
4270 		wpa_printf(MSG_DEBUG, "FT: seq response - valid seq number");
4271 		wpa_ft_rrb_seq_accept(wpa_auth, rkh_seq, src_addr, auth,
4272 				      auth_len, "seq response");
4273 	} else {
4274 		wpa_printf(MSG_DEBUG, "FT: seq response - reset seq number");
4275 
4276 		RRB_GET_AUTH(FT_RRB_SEQ, seq, "seq response",
4277 			     sizeof(*msg_both));
4278 		msg_both = (const struct ft_rrb_seq *) f_seq;
4279 
4280 		msg_dom = le_to_host32(msg_both->dom);
4281 		msg_seq = le_to_host32(msg_both->seq);
4282 		now_remote.sec = le_to_host32(msg_both->ts);
4283 		now_remote.usec = 0;
4284 
4285 		rkh_seq->rx.num_last = 2;
4286 		rkh_seq->rx.dom = msg_dom;
4287 		rkh_seq->rx.offsetidx = 0;
4288 		/* Accept some older, possibly cached packets as well */
4289 		rkh_seq->rx.last[0] = msg_seq - FT_REMOTE_SEQ_BACKLOG -
4290 			dl_list_len(&rkh_seq->rx.queue);
4291 		rkh_seq->rx.last[1] = msg_seq;
4292 
4293 		/* local time - offset = remote time
4294 		 * <=> local time - remote time = offset */
4295 		os_reltime_sub(&now, &now_remote, &rkh_seq->rx.time_offset);
4296 	}
4297 
4298 	wpa_ft_rrb_seq_flush(wpa_auth, rkh_seq, 1);
4299 
4300 	return 0;
4301 out:
4302 	return -1;
4303 }
4304 
4305 
wpa_ft_rrb_rx(struct wpa_authenticator * wpa_auth,const u8 * src_addr,const u8 * data,size_t data_len)4306 int wpa_ft_rrb_rx(struct wpa_authenticator *wpa_auth, const u8 *src_addr,
4307 		  const u8 *data, size_t data_len)
4308 {
4309 	struct ft_rrb_frame *frame;
4310 	u16 alen;
4311 	const u8 *pos, *end, *start;
4312 	u8 action;
4313 	const u8 *sta_addr, *target_ap_addr;
4314 
4315 	wpa_printf(MSG_DEBUG, "FT: RRB received frame from remote AP " MACSTR,
4316 		   MAC2STR(src_addr));
4317 
4318 	if (data_len < sizeof(*frame)) {
4319 		wpa_printf(MSG_DEBUG, "FT: Too short RRB frame (data_len=%lu)",
4320 			   (unsigned long) data_len);
4321 		return -1;
4322 	}
4323 
4324 	pos = data;
4325 	frame = (struct ft_rrb_frame *) pos;
4326 	pos += sizeof(*frame);
4327 
4328 	alen = le_to_host16(frame->action_length);
4329 	wpa_printf(MSG_DEBUG, "FT: RRB frame - frame_type=%d packet_type=%d "
4330 		   "action_length=%d ap_address=" MACSTR,
4331 		   frame->frame_type, frame->packet_type, alen,
4332 		   MAC2STR(frame->ap_address));
4333 
4334 	if (frame->frame_type != RSN_REMOTE_FRAME_TYPE_FT_RRB) {
4335 		/* Discard frame per IEEE Std 802.11r-2008, 11A.10.3 */
4336 		wpa_printf(MSG_DEBUG, "FT: RRB discarded frame with "
4337 			   "unrecognized type %d", frame->frame_type);
4338 		return -1;
4339 	}
4340 
4341 	if (alen > data_len - sizeof(*frame)) {
4342 		wpa_printf(MSG_DEBUG, "FT: RRB frame too short for action "
4343 			   "frame");
4344 		return -1;
4345 	}
4346 
4347 	wpa_hexdump(MSG_MSGDUMP, "FT: RRB - FT Action frame", pos, alen);
4348 
4349 	if (alen < 1 + 1 + 2 * ETH_ALEN) {
4350 		wpa_printf(MSG_DEBUG, "FT: Too short RRB frame (not enough "
4351 			   "room for Action Frame body); alen=%lu",
4352 			   (unsigned long) alen);
4353 		return -1;
4354 	}
4355 	start = pos;
4356 	end = pos + alen;
4357 
4358 	if (*pos != WLAN_ACTION_FT) {
4359 		wpa_printf(MSG_DEBUG, "FT: Unexpected Action frame category "
4360 			   "%d", *pos);
4361 		return -1;
4362 	}
4363 
4364 	pos++;
4365 	action = *pos++;
4366 	sta_addr = pos;
4367 	pos += ETH_ALEN;
4368 	target_ap_addr = pos;
4369 	pos += ETH_ALEN;
4370 	wpa_printf(MSG_DEBUG, "FT: RRB Action Frame: action=%d sta_addr="
4371 		   MACSTR " target_ap_addr=" MACSTR,
4372 		   action, MAC2STR(sta_addr), MAC2STR(target_ap_addr));
4373 
4374 	if (frame->packet_type == FT_PACKET_REQUEST) {
4375 		wpa_printf(MSG_DEBUG, "FT: FT Packet Type - Request");
4376 
4377 		if (action != 1) {
4378 			wpa_printf(MSG_DEBUG, "FT: Unexpected Action %d in "
4379 				   "RRB Request", action);
4380 			return -1;
4381 		}
4382 
4383 		if (os_memcmp(target_ap_addr, wpa_auth->addr, ETH_ALEN) != 0) {
4384 			wpa_printf(MSG_DEBUG, "FT: Target AP address in the "
4385 				   "RRB Request does not match with own "
4386 				   "address");
4387 			return -1;
4388 		}
4389 
4390 		if (wpa_ft_rrb_rx_request(wpa_auth, frame->ap_address,
4391 					  sta_addr, pos, end - pos) < 0)
4392 			return -1;
4393 	} else if (frame->packet_type == FT_PACKET_RESPONSE) {
4394 		u16 status_code;
4395 
4396 		if (end - pos < 2) {
4397 			wpa_printf(MSG_DEBUG, "FT: Not enough room for status "
4398 				   "code in RRB Response");
4399 			return -1;
4400 		}
4401 		status_code = WPA_GET_LE16(pos);
4402 		pos += 2;
4403 
4404 		wpa_printf(MSG_DEBUG, "FT: FT Packet Type - Response "
4405 			   "(status_code=%d)", status_code);
4406 
4407 		if (wpa_ft_action_send(wpa_auth, sta_addr, start, alen) < 0)
4408 			return -1;
4409 	} else {
4410 		wpa_printf(MSG_DEBUG, "FT: RRB discarded frame with unknown "
4411 			   "packet_type %d", frame->packet_type);
4412 		return -1;
4413 	}
4414 
4415 	if (end > pos) {
4416 		wpa_hexdump(MSG_DEBUG, "FT: Ignore extra data in end",
4417 			    pos, end - pos);
4418 	}
4419 
4420 	return 0;
4421 }
4422 
4423 
wpa_ft_rrb_oui_rx(struct wpa_authenticator * wpa_auth,const u8 * src_addr,const u8 * dst_addr,u8 oui_suffix,const u8 * data,size_t data_len)4424 void wpa_ft_rrb_oui_rx(struct wpa_authenticator *wpa_auth, const u8 *src_addr,
4425 		       const u8 *dst_addr, u8 oui_suffix, const u8 *data,
4426 		       size_t data_len)
4427 {
4428 	const u8 *auth, *enc;
4429 	size_t alen, elen;
4430 	int no_defer = 0;
4431 
4432 	wpa_printf(MSG_DEBUG, "FT: RRB-OUI received frame from remote AP "
4433 		   MACSTR, MAC2STR(src_addr));
4434 	wpa_printf(MSG_DEBUG, "FT: RRB-OUI frame - oui_suffix=%d", oui_suffix);
4435 	wpa_hexdump(MSG_MSGDUMP, "FT: RRB frame payload", data, data_len);
4436 
4437 	if (is_multicast_ether_addr(src_addr)) {
4438 		wpa_printf(MSG_DEBUG,
4439 			   "FT: RRB-OUI received frame from multicast address "
4440 			   MACSTR, MAC2STR(src_addr));
4441 		return;
4442 	}
4443 
4444 	if (is_multicast_ether_addr(dst_addr)) {
4445 		wpa_printf(MSG_DEBUG,
4446 			   "FT: RRB-OUI received frame from remote AP " MACSTR
4447 			   " to multicast address " MACSTR,
4448 			   MAC2STR(src_addr), MAC2STR(dst_addr));
4449 		no_defer = 1;
4450 	}
4451 
4452 	if (data_len < sizeof(u16)) {
4453 		wpa_printf(MSG_DEBUG, "FT: RRB-OUI frame too short");
4454 		return;
4455 	}
4456 
4457 	alen = WPA_GET_LE16(data);
4458 	if (data_len < sizeof(u16) + alen) {
4459 		wpa_printf(MSG_DEBUG, "FT: RRB-OUI frame too short");
4460 		return;
4461 	}
4462 
4463 	auth = data + sizeof(u16);
4464 	wpa_hexdump(MSG_MSGDUMP, "FT: Authenticated payload", auth, alen);
4465 	enc = data + sizeof(u16) + alen;
4466 	elen = data_len - sizeof(u16) - alen;
4467 	wpa_hexdump(MSG_MSGDUMP, "FT: Encrypted payload", enc, elen);
4468 
4469 	switch (oui_suffix) {
4470 	case FT_PACKET_R0KH_R1KH_PULL:
4471 		wpa_ft_rrb_rx_pull(wpa_auth, src_addr, enc, elen, auth, alen,
4472 				   no_defer);
4473 		break;
4474 	case FT_PACKET_R0KH_R1KH_RESP:
4475 		wpa_ft_rrb_rx_resp(wpa_auth, src_addr, enc, elen, auth, alen,
4476 				   no_defer);
4477 		break;
4478 	case FT_PACKET_R0KH_R1KH_PUSH:
4479 		wpa_ft_rrb_rx_push(wpa_auth, src_addr, enc, elen, auth, alen,
4480 				   no_defer);
4481 		break;
4482 	case FT_PACKET_R0KH_R1KH_SEQ_REQ:
4483 		wpa_ft_rrb_rx_seq_req(wpa_auth, src_addr, enc, elen, auth, alen,
4484 				      no_defer);
4485 		break;
4486 	case FT_PACKET_R0KH_R1KH_SEQ_RESP:
4487 		wpa_ft_rrb_rx_seq_resp(wpa_auth, src_addr, enc, elen, auth,
4488 				       alen, no_defer);
4489 		break;
4490 	}
4491 }
4492 
4493 
wpa_ft_generate_pmk_r1(struct wpa_authenticator * wpa_auth,struct wpa_ft_pmk_r0_sa * pmk_r0,struct ft_remote_r1kh * r1kh,const u8 * s1kh_id)4494 static int wpa_ft_generate_pmk_r1(struct wpa_authenticator *wpa_auth,
4495 				  struct wpa_ft_pmk_r0_sa *pmk_r0,
4496 				  struct ft_remote_r1kh *r1kh,
4497 				  const u8 *s1kh_id)
4498 {
4499 	u8 *packet;
4500 	size_t packet_len;
4501 	struct ft_rrb_seq f_seq;
4502 	struct tlv_list push[] = {
4503 		{ .type = FT_RRB_S1KH_ID, .len = ETH_ALEN,
4504 		  .data = s1kh_id },
4505 		{ .type = FT_RRB_PMK_R0_NAME, .len = WPA_PMK_NAME_LEN,
4506 		  .data = pmk_r0->pmk_r0_name },
4507 		{ .type = FT_RRB_LAST_EMPTY, .len = 0, .data = NULL },
4508 	};
4509 	struct tlv_list push_auth[] = {
4510 		{ .type = FT_RRB_SEQ, .len = sizeof(f_seq),
4511 		  .data = (u8 *) &f_seq },
4512 		{ .type = FT_RRB_R0KH_ID,
4513 		  .len = wpa_auth->conf.r0_key_holder_len,
4514 		  .data = wpa_auth->conf.r0_key_holder },
4515 		{ .type = FT_RRB_R1KH_ID, .len = FT_R1KH_ID_LEN,
4516 		  .data = r1kh->id },
4517 		{ .type = FT_RRB_LAST_EMPTY, .len = 0, .data = NULL },
4518 	};
4519 
4520 	if (wpa_ft_new_seq(r1kh->seq, &f_seq) < 0) {
4521 		wpa_printf(MSG_DEBUG, "FT: Failed to get seq num");
4522 		return -1;
4523 	}
4524 
4525 	if (wpa_ft_rrb_build_r0(r1kh->key, sizeof(r1kh->key), push, pmk_r0,
4526 				r1kh->id, s1kh_id, push_auth, wpa_auth->addr,
4527 				FT_PACKET_R0KH_R1KH_PUSH,
4528 				&packet, &packet_len) < 0)
4529 		return -1;
4530 
4531 	wpa_ft_rrb_oui_send(wpa_auth, r1kh->addr, FT_PACKET_R0KH_R1KH_PUSH,
4532 			    packet, packet_len);
4533 
4534 	os_free(packet);
4535 	return 0;
4536 }
4537 
4538 
wpa_ft_push_pmk_r1(struct wpa_authenticator * wpa_auth,const u8 * addr)4539 void wpa_ft_push_pmk_r1(struct wpa_authenticator *wpa_auth, const u8 *addr)
4540 {
4541 	struct wpa_ft_pmk_cache *cache = wpa_auth->ft_pmk_cache;
4542 	struct wpa_ft_pmk_r0_sa *r0, *r0found = NULL;
4543 	struct ft_remote_r1kh *r1kh;
4544 
4545 	if (!wpa_auth->conf.pmk_r1_push)
4546 		return;
4547 	if (!wpa_auth->conf.r1kh_list)
4548 		return;
4549 
4550 	dl_list_for_each(r0, &cache->pmk_r0, struct wpa_ft_pmk_r0_sa, list) {
4551 		if (os_memcmp(r0->spa, addr, ETH_ALEN) == 0) {
4552 			r0found = r0;
4553 			break;
4554 		}
4555 	}
4556 
4557 	r0 = r0found;
4558 	if (r0 == NULL || r0->pmk_r1_pushed)
4559 		return;
4560 	r0->pmk_r1_pushed = 1;
4561 
4562 	wpa_printf(MSG_DEBUG, "FT: Deriving and pushing PMK-R1 keys to R1KHs "
4563 		   "for STA " MACSTR, MAC2STR(addr));
4564 
4565 	for (r1kh = *wpa_auth->conf.r1kh_list; r1kh; r1kh = r1kh->next) {
4566 		if (is_zero_ether_addr(r1kh->addr) ||
4567 		    is_zero_ether_addr(r1kh->id))
4568 			continue;
4569 		if (wpa_ft_rrb_init_r1kh_seq(r1kh) < 0)
4570 			continue;
4571 		wpa_ft_generate_pmk_r1(wpa_auth, r0, r1kh, addr);
4572 	}
4573 }
4574 
4575 #endif /* CONFIG_IEEE80211R_AP */
4576