1/*
2 * hostapd - IEEE 802.11r - Fast BSS Transition
3 * Copyright (c) 2004-2015, Jouni Malinen <j@w1.fi>
4 *
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
7 */
8
9#include "utils/includes.h"
10
11#include "utils/common.h"
12#include "utils/eloop.h"
13#include "utils/list.h"
14#include "common/ieee802_11_defs.h"
15#include "common/ieee802_11_common.h"
16#include "crypto/aes.h"
17#include "crypto/aes_siv.h"
18#include "crypto/aes_wrap.h"
19#include "crypto/random.h"
20#include "ap_config.h"
21#include "ieee802_11.h"
22#include "wmm.h"
23#include "wpa_auth.h"
24#include "wpa_auth_i.h"
25
26
27#ifdef CONFIG_IEEE80211R_AP
28
29const unsigned int ftRRBseqTimeout = 10;
30const unsigned int ftRRBmaxQueueLen = 100;
31
32
33static int wpa_ft_send_rrb_auth_resp(struct wpa_state_machine *sm,
34				     const u8 *current_ap, const u8 *sta_addr,
35				     u16 status, const u8 *resp_ies,
36				     size_t resp_ies_len);
37static void ft_finish_pull(struct wpa_state_machine *sm);
38static void wpa_ft_expire_pull(void *eloop_ctx, void *timeout_ctx);
39static void wpa_ft_rrb_seq_timeout(void *eloop_ctx, void *timeout_ctx);
40
41struct tlv_list {
42	u16 type;
43	size_t len;
44	const u8 *data;
45};
46
47
48/**
49 * wpa_ft_rrb_decrypt - Decrypt FT RRB message
50 * @key: AES-SIV key for AEAD
51 * @key_len: Length of key in octets
52 * @enc: Pointer to encrypted TLVs
53 * @enc_len: Length of encrypted TLVs in octets
54 * @auth: Pointer to authenticated TLVs
55 * @auth_len: Length of authenticated TLVs in octets
56 * @src_addr: MAC address of the frame sender
57 * @type: Vendor-specific subtype of the RRB frame (FT_PACKET_*)
58 * @plain: Pointer to return the pointer to the allocated plaintext buffer;
59 *	needs to be freed by the caller if not NULL;
60 *	will only be returned on success
61 * @plain_len: Pointer to return the length of the allocated plaintext buffer
62 *	in octets
63 * Returns: 0 on success, -1 on error
64 */
65static int wpa_ft_rrb_decrypt(const u8 *key, const size_t key_len,
66			      const u8 *enc, const size_t enc_len,
67			      const u8 *auth, const size_t auth_len,
68			      const u8 *src_addr, u8 type,
69			      u8 **plain, size_t *plain_size)
70{
71	const u8 *ad[3] = { src_addr, auth, &type };
72	size_t ad_len[3] = { ETH_ALEN, auth_len, sizeof(type) };
73
74	wpa_hexdump_key(MSG_DEBUG, "FT(RRB): decrypt using key", key, key_len);
75
76	if (!key) { /* skip decryption */
77		*plain = os_memdup(enc, enc_len);
78		if (enc_len > 0 && !*plain)
79			goto err;
80
81		*plain_size = enc_len;
82
83		return 0;
84	}
85
86	*plain = NULL;
87
88	/* SIV overhead */
89	if (enc_len < AES_BLOCK_SIZE)
90		goto err;
91
92	*plain = os_zalloc(enc_len - AES_BLOCK_SIZE);
93	if (!*plain)
94		goto err;
95
96	if (aes_siv_decrypt(key, key_len, enc, enc_len, 3, ad, ad_len,
97			    *plain) < 0)
98		goto err;
99
100	*plain_size = enc_len - AES_BLOCK_SIZE;
101	wpa_hexdump_key(MSG_DEBUG, "FT(RRB): decrypted TLVs",
102			*plain, *plain_size);
103	return 0;
104err:
105	os_free(*plain);
106	*plain = NULL;
107	*plain_size = 0;
108
109	wpa_printf(MSG_ERROR, "FT(RRB): Failed to decrypt");
110
111	return -1;
112}
113
114
115/* get first tlv record in packet matching type
116 * @data (decrypted) packet
117 * @return 0 on success else -1
118 */
119static int wpa_ft_rrb_get_tlv(const u8 *plain, size_t plain_len,
120			      u16 type, size_t *tlv_len, const u8 **tlv_data)
121{
122	const struct ft_rrb_tlv *f;
123	size_t left;
124	le16 type16;
125	size_t len;
126
127	left = plain_len;
128	type16 = host_to_le16(type);
129
130	while (left >= sizeof(*f)) {
131		f = (const struct ft_rrb_tlv *) plain;
132
133		left -= sizeof(*f);
134		plain += sizeof(*f);
135		len = le_to_host16(f->len);
136
137		if (left < len) {
138			wpa_printf(MSG_DEBUG, "FT: RRB message truncated");
139			break;
140		}
141
142		if (f->type == type16) {
143			*tlv_len = len;
144			*tlv_data = plain;
145			return 0;
146		}
147
148		left -= len;
149		plain += len;
150	}
151
152	return -1;
153}
154
155
156static void wpa_ft_rrb_dump(const u8 *plain, const size_t plain_len)
157{
158	const struct ft_rrb_tlv *f;
159	size_t left;
160	size_t len;
161
162	left = plain_len;
163
164	wpa_printf(MSG_DEBUG, "FT: RRB dump message");
165	while (left >= sizeof(*f)) {
166		f = (const struct ft_rrb_tlv *) plain;
167
168		left -= sizeof(*f);
169		plain += sizeof(*f);
170		len = le_to_host16(f->len);
171
172		wpa_printf(MSG_DEBUG, "FT: RRB TLV type = %d, len = %zu",
173			   le_to_host16(f->type), len);
174
175		if (left < len) {
176			wpa_printf(MSG_DEBUG,
177				   "FT: RRB message truncated: left %zu bytes, need %zu",
178				   left, len);
179			break;
180		}
181
182		wpa_hexdump(MSG_DEBUG, "FT: RRB TLV data", plain, len);
183
184		left -= len;
185		plain += len;
186	}
187
188	if (left > 0)
189		wpa_hexdump(MSG_DEBUG, "FT: RRB TLV padding", plain, left);
190
191	wpa_printf(MSG_DEBUG, "FT: RRB dump message end");
192}
193
194
195static size_t wpa_ft_tlv_len(const struct tlv_list *tlvs)
196{
197	size_t tlv_len = 0;
198	int i;
199
200	if (!tlvs)
201		return 0;
202
203	for (i = 0; tlvs[i].type != FT_RRB_LAST_EMPTY; i++) {
204		tlv_len += sizeof(struct ft_rrb_tlv);
205		tlv_len += tlvs[i].len;
206	}
207
208	return tlv_len;
209}
210
211
212static size_t wpa_ft_tlv_lin(const struct tlv_list *tlvs, u8 *start,
213			     u8 *endpos)
214{
215	int i;
216	size_t tlv_len;
217	struct ft_rrb_tlv *hdr;
218	u8 *pos;
219
220	if (!tlvs)
221		return 0;
222
223	tlv_len = 0;
224	pos = start;
225	for (i = 0; tlvs[i].type != FT_RRB_LAST_EMPTY; i++) {
226		if (tlv_len + sizeof(*hdr) > (size_t) (endpos - start))
227			return tlv_len;
228		tlv_len += sizeof(*hdr);
229		hdr = (struct ft_rrb_tlv *) pos;
230		hdr->type = host_to_le16(tlvs[i].type);
231		hdr->len = host_to_le16(tlvs[i].len);
232		pos = start + tlv_len;
233
234		if (tlv_len + tlvs[i].len > (size_t) (endpos - start))
235			return tlv_len;
236		tlv_len += tlvs[i].len;
237		os_memcpy(pos, tlvs[i].data, tlvs[i].len);
238		pos = start + tlv_len;
239	}
240
241	return tlv_len;
242}
243
244
245static int wpa_ft_rrb_lin(const struct tlv_list *tlvs1,
246			  const struct tlv_list *tlvs2,
247			  u8 **plain, size_t *plain_len)
248{
249	u8 *pos, *endpos;
250	size_t tlv_len;
251
252	tlv_len = wpa_ft_tlv_len(tlvs1);
253	tlv_len += wpa_ft_tlv_len(tlvs2);
254
255	*plain_len = tlv_len;
256	*plain = os_zalloc(tlv_len);
257	if (!*plain) {
258		wpa_printf(MSG_ERROR, "FT: Failed to allocate plaintext");
259		goto err;
260	}
261
262	pos = *plain;
263	endpos = *plain + tlv_len;
264	pos += wpa_ft_tlv_lin(tlvs1, pos, endpos);
265	pos += wpa_ft_tlv_lin(tlvs2, pos, endpos);
266
267	/* sanity check */
268	if (pos != endpos) {
269		wpa_printf(MSG_ERROR, "FT: Length error building RRB");
270		goto err;
271	}
272
273	return 0;
274
275err:
276	os_free(*plain);
277	*plain = NULL;
278	*plain_len = 0;
279	return -1;
280}
281
282
283static int wpa_ft_rrb_encrypt(const u8 *key, const size_t key_len,
284			      const u8 *plain, const size_t plain_len,
285			      const u8 *auth, const size_t auth_len,
286			      const u8 *src_addr, u8 type, u8 *enc)
287{
288	const u8 *ad[3] = { src_addr, auth, &type };
289	size_t ad_len[3] = { ETH_ALEN, auth_len, sizeof(type) };
290
291	wpa_hexdump_key(MSG_DEBUG, "FT(RRB): plaintext message",
292			plain, plain_len);
293	wpa_hexdump_key(MSG_DEBUG, "FT(RRB): encrypt using key", key, key_len);
294
295	if (!key) {
296		/* encryption not needed, return plaintext as packet */
297		os_memcpy(enc, plain, plain_len);
298	} else if (aes_siv_encrypt(key, key_len, plain, plain_len,
299				   3, ad, ad_len, enc) < 0) {
300		wpa_printf(MSG_ERROR, "FT: Failed to encrypt RRB-OUI message");
301		return -1;
302	}
303
304	return 0;
305}
306
307
308/**
309 * wpa_ft_rrb_build - Build and encrypt an FT RRB message
310 * @key: AES-SIV key for AEAD
311 * @key_len: Length of key in octets
312 * @tlvs_enc0: First set of to-be-encrypted TLVs
313 * @tlvs_enc1: Second set of to-be-encrypted TLVs
314 * @tlvs_auth: Set of to-be-authenticated TLVs
315 * @src_addr: MAC address of the frame sender
316 * @type: Vendor-specific subtype of the RRB frame (FT_PACKET_*)
317 * @packet Pointer to return the pointer to the allocated packet buffer;
318 *         needs to be freed by the caller if not null;
319 *         will only be returned on success
320 * @packet_len: Pointer to return the length of the allocated buffer in octets
321 * Returns: 0 on success, -1 on error
322 */
323static int wpa_ft_rrb_build(const u8 *key, const size_t key_len,
324			    const struct tlv_list *tlvs_enc0,
325			    const struct tlv_list *tlvs_enc1,
326			    const struct tlv_list *tlvs_auth,
327			    const u8 *src_addr, u8 type,
328			    u8 **packet, size_t *packet_len)
329{
330	u8 *plain = NULL, *auth = NULL, *pos;
331	size_t plain_len = 0, auth_len = 0;
332	int ret = -1;
333
334	if (wpa_ft_rrb_lin(tlvs_enc0, tlvs_enc1, &plain, &plain_len) < 0)
335		goto out;
336
337	if (wpa_ft_rrb_lin(tlvs_auth, NULL, &auth, &auth_len) < 0)
338		goto out;
339
340	*packet_len = sizeof(u16) + auth_len + plain_len;
341	if (key)
342		*packet_len += AES_BLOCK_SIZE;
343	*packet = os_zalloc(*packet_len);
344	if (!*packet)
345		goto out;
346
347	pos = *packet;
348	WPA_PUT_LE16(pos, auth_len);
349	pos += 2;
350	os_memcpy(pos, auth, auth_len);
351	pos += auth_len;
352	if (wpa_ft_rrb_encrypt(key, key_len, plain, plain_len, auth,
353			       auth_len, src_addr, type, pos) < 0)
354		goto out;
355
356	ret = 0;
357
358out:
359	bin_clear_free(plain, plain_len);
360	os_free(auth);
361
362	if (ret) {
363		wpa_printf(MSG_ERROR, "FT: Failed to build RRB-OUI message");
364		os_free(*packet);
365		*packet = NULL;
366		*packet_len = 0;
367	}
368
369	return ret;
370}
371
372
373#define RRB_GET_SRC(srcfield, type, field, txt, checklength) do { \
374	if (wpa_ft_rrb_get_tlv(srcfield, srcfield##_len, type, \
375				&f_##field##_len, &f_##field) < 0 || \
376	    (checklength > 0 && ((size_t) checklength) != f_##field##_len)) { \
377		wpa_printf(MSG_INFO, "FT: Missing required " #field \
378			   " in %s from " MACSTR, txt, MAC2STR(src_addr)); \
379		wpa_ft_rrb_dump(srcfield, srcfield##_len); \
380		goto out; \
381	} \
382} while (0)
383
384#define RRB_GET(type, field, txt, checklength) \
385	RRB_GET_SRC(plain, type, field, txt, checklength)
386#define RRB_GET_AUTH(type, field, txt, checklength) \
387	RRB_GET_SRC(auth, type, field, txt, checklength)
388
389#define RRB_GET_OPTIONAL_SRC(srcfield, type, field, txt, checklength) do { \
390	if (wpa_ft_rrb_get_tlv(srcfield, srcfield##_len, type, \
391				&f_##field##_len, &f_##field) < 0 || \
392	    (checklength > 0 && ((size_t) checklength) != f_##field##_len)) { \
393		wpa_printf(MSG_DEBUG, "FT: Missing optional " #field \
394			   " in %s from " MACSTR, txt, MAC2STR(src_addr)); \
395		f_##field##_len = 0; \
396		f_##field = NULL; \
397	} \
398} while (0)
399
400#define RRB_GET_OPTIONAL(type, field, txt, checklength) \
401	RRB_GET_OPTIONAL_SRC(plain, type, field, txt, checklength)
402#define RRB_GET_OPTIONAL_AUTH(type, field, txt, checklength) \
403	RRB_GET_OPTIONAL_SRC(auth, type, field, txt, checklength)
404
405static int wpa_ft_rrb_send(struct wpa_authenticator *wpa_auth, const u8 *dst,
406			   const u8 *data, size_t data_len)
407{
408	if (wpa_auth->cb->send_ether == NULL)
409		return -1;
410	wpa_printf(MSG_DEBUG, "FT: RRB send to " MACSTR, MAC2STR(dst));
411	return wpa_auth->cb->send_ether(wpa_auth->cb_ctx, dst, ETH_P_RRB,
412					data, data_len);
413}
414
415
416static int wpa_ft_rrb_oui_send(struct wpa_authenticator *wpa_auth,
417			       const u8 *dst, u8 oui_suffix,
418			       const u8 *data, size_t data_len)
419{
420	if (!wpa_auth->cb->send_oui)
421		return -1;
422	wpa_printf(MSG_DEBUG, "FT: RRB-OUI type %u send to " MACSTR,
423		   oui_suffix, MAC2STR(dst));
424	return wpa_auth->cb->send_oui(wpa_auth->cb_ctx, dst, oui_suffix, data,
425				      data_len);
426}
427
428
429static int wpa_ft_action_send(struct wpa_authenticator *wpa_auth,
430			      const u8 *dst, const u8 *data, size_t data_len)
431{
432	if (wpa_auth->cb->send_ft_action == NULL)
433		return -1;
434	return wpa_auth->cb->send_ft_action(wpa_auth->cb_ctx, dst,
435					    data, data_len);
436}
437
438
439static const u8 * wpa_ft_get_psk(struct wpa_authenticator *wpa_auth,
440				 const u8 *addr, const u8 *p2p_dev_addr,
441				 const u8 *prev_psk)
442{
443	if (wpa_auth->cb->get_psk == NULL)
444		return NULL;
445	return wpa_auth->cb->get_psk(wpa_auth->cb_ctx, addr, p2p_dev_addr,
446				     prev_psk, NULL);
447}
448
449
450static struct wpa_state_machine *
451wpa_ft_add_sta(struct wpa_authenticator *wpa_auth, const u8 *sta_addr)
452{
453	if (wpa_auth->cb->add_sta == NULL)
454		return NULL;
455	return wpa_auth->cb->add_sta(wpa_auth->cb_ctx, sta_addr);
456}
457
458
459static int wpa_ft_add_tspec(struct wpa_authenticator *wpa_auth,
460			    const u8 *sta_addr,
461			    u8 *tspec_ie, size_t tspec_ielen)
462{
463	if (wpa_auth->cb->add_tspec == NULL) {
464		wpa_printf(MSG_DEBUG, "FT: add_tspec is not initialized");
465		return -1;
466	}
467	return wpa_auth->cb->add_tspec(wpa_auth->cb_ctx, sta_addr, tspec_ie,
468				       tspec_ielen);
469}
470
471
472int wpa_write_mdie(struct wpa_auth_config *conf, u8 *buf, size_t len)
473{
474	u8 *pos = buf;
475	u8 capab;
476	if (len < 2 + sizeof(struct rsn_mdie))
477		return -1;
478
479	*pos++ = WLAN_EID_MOBILITY_DOMAIN;
480	*pos++ = MOBILITY_DOMAIN_ID_LEN + 1;
481	os_memcpy(pos, conf->mobility_domain, MOBILITY_DOMAIN_ID_LEN);
482	pos += MOBILITY_DOMAIN_ID_LEN;
483	capab = 0;
484	if (conf->ft_over_ds)
485		capab |= RSN_FT_CAPAB_FT_OVER_DS;
486	*pos++ = capab;
487
488	return pos - buf;
489}
490
491
492int wpa_write_ftie(struct wpa_auth_config *conf, const u8 *r0kh_id,
493		   size_t r0kh_id_len,
494		   const u8 *anonce, const u8 *snonce,
495		   u8 *buf, size_t len, const u8 *subelem,
496		   size_t subelem_len)
497{
498	u8 *pos = buf, *ielen;
499	struct rsn_ftie *hdr;
500
501	if (len < 2 + sizeof(*hdr) + 2 + FT_R1KH_ID_LEN + 2 + r0kh_id_len +
502	    subelem_len)
503		return -1;
504
505	*pos++ = WLAN_EID_FAST_BSS_TRANSITION;
506	ielen = pos++;
507
508	hdr = (struct rsn_ftie *) pos;
509	os_memset(hdr, 0, sizeof(*hdr));
510	pos += sizeof(*hdr);
511	WPA_PUT_LE16(hdr->mic_control, 0);
512	if (anonce)
513		os_memcpy(hdr->anonce, anonce, WPA_NONCE_LEN);
514	if (snonce)
515		os_memcpy(hdr->snonce, snonce, WPA_NONCE_LEN);
516
517	/* Optional Parameters */
518	*pos++ = FTIE_SUBELEM_R1KH_ID;
519	*pos++ = FT_R1KH_ID_LEN;
520	os_memcpy(pos, conf->r1_key_holder, FT_R1KH_ID_LEN);
521	pos += FT_R1KH_ID_LEN;
522
523	if (r0kh_id) {
524		*pos++ = FTIE_SUBELEM_R0KH_ID;
525		*pos++ = r0kh_id_len;
526		os_memcpy(pos, r0kh_id, r0kh_id_len);
527		pos += r0kh_id_len;
528	}
529
530	if (subelem) {
531		os_memcpy(pos, subelem, subelem_len);
532		pos += subelem_len;
533	}
534
535	*ielen = pos - buf - 2;
536
537	return pos - buf;
538}
539
540
541/* A packet to be handled after seq response */
542struct ft_remote_item {
543	struct dl_list list;
544
545	u8 nonce[FT_RRB_NONCE_LEN];
546	struct os_reltime nonce_ts;
547
548	u8 src_addr[ETH_ALEN];
549	u8 *enc;
550	size_t enc_len;
551	u8 *auth;
552	size_t auth_len;
553	int (*cb)(struct wpa_authenticator *wpa_auth,
554		  const u8 *src_addr,
555		  const u8 *enc, size_t enc_len,
556		  const u8 *auth, size_t auth_len,
557		  int no_defer);
558};
559
560
561static void wpa_ft_rrb_seq_free(struct ft_remote_item *item)
562{
563	eloop_cancel_timeout(wpa_ft_rrb_seq_timeout, ELOOP_ALL_CTX, item);
564	dl_list_del(&item->list);
565	bin_clear_free(item->enc, item->enc_len);
566	os_free(item->auth);
567	os_free(item);
568}
569
570
571static void wpa_ft_rrb_seq_flush(struct wpa_authenticator *wpa_auth,
572				 struct ft_remote_seq *rkh_seq, int cb)
573{
574	struct ft_remote_item *item, *n;
575
576	dl_list_for_each_safe(item, n, &rkh_seq->rx.queue,
577			      struct ft_remote_item, list) {
578		if (cb && item->cb)
579			item->cb(wpa_auth, item->src_addr, item->enc,
580				 item->enc_len, item->auth, item->auth_len, 1);
581		wpa_ft_rrb_seq_free(item);
582	}
583}
584
585
586static void wpa_ft_rrb_seq_timeout(void *eloop_ctx, void *timeout_ctx)
587{
588	struct ft_remote_item *item = timeout_ctx;
589
590	wpa_ft_rrb_seq_free(item);
591}
592
593
594static int
595wpa_ft_rrb_seq_req(struct wpa_authenticator *wpa_auth,
596		   struct ft_remote_seq *rkh_seq, const u8 *src_addr,
597		   const u8 *f_r0kh_id, size_t f_r0kh_id_len,
598		   const u8 *f_r1kh_id, const u8 *key, size_t key_len,
599		   const u8 *enc, size_t enc_len,
600		   const u8 *auth, size_t auth_len,
601		   int (*cb)(struct wpa_authenticator *wpa_auth,
602			     const u8 *src_addr,
603			     const u8 *enc, size_t enc_len,
604			     const u8 *auth, size_t auth_len,
605			     int no_defer))
606{
607	struct ft_remote_item *item = NULL;
608	u8 *packet = NULL;
609	size_t packet_len;
610	struct tlv_list seq_req_auth[] = {
611		{ .type = FT_RRB_NONCE, .len = FT_RRB_NONCE_LEN,
612		  .data = NULL /* to be filled: item->nonce */ },
613		{ .type = FT_RRB_R0KH_ID, .len = f_r0kh_id_len,
614		  .data = f_r0kh_id },
615		{ .type = FT_RRB_R1KH_ID, .len = FT_R1KH_ID_LEN,
616		  .data = f_r1kh_id },
617		{ .type = FT_RRB_LAST_EMPTY, .len = 0, .data = NULL },
618	};
619
620	if (dl_list_len(&rkh_seq->rx.queue) >= ftRRBmaxQueueLen) {
621		wpa_printf(MSG_DEBUG, "FT: Sequence number queue too long");
622		goto err;
623	}
624
625	item = os_zalloc(sizeof(*item));
626	if (!item)
627		goto err;
628
629	os_memcpy(item->src_addr, src_addr, ETH_ALEN);
630	item->cb = cb;
631
632	if (random_get_bytes(item->nonce, FT_RRB_NONCE_LEN) < 0) {
633		wpa_printf(MSG_DEBUG, "FT: Seq num nonce: out of random bytes");
634		goto err;
635	}
636
637	if (os_get_reltime(&item->nonce_ts) < 0)
638		goto err;
639
640	if (enc && enc_len > 0) {
641		item->enc = os_memdup(enc, enc_len);
642		item->enc_len = enc_len;
643		if (!item->enc)
644			goto err;
645	}
646
647	if (auth && auth_len > 0) {
648		item->auth = os_memdup(auth, auth_len);
649		item->auth_len = auth_len;
650		if (!item->auth)
651			goto err;
652	}
653
654	eloop_register_timeout(ftRRBseqTimeout, 0, wpa_ft_rrb_seq_timeout,
655			       wpa_auth, item);
656
657	seq_req_auth[0].data = item->nonce;
658
659	if (wpa_ft_rrb_build(key, key_len, NULL, NULL, seq_req_auth,
660			     wpa_auth->addr, FT_PACKET_R0KH_R1KH_SEQ_REQ,
661			     &packet, &packet_len) < 0) {
662		item = NULL; /* some other seq resp might still accept this */
663		goto err;
664	}
665
666	dl_list_add(&rkh_seq->rx.queue, &item->list);
667
668	wpa_ft_rrb_oui_send(wpa_auth, src_addr, FT_PACKET_R0KH_R1KH_SEQ_REQ,
669			    packet, packet_len);
670
671	os_free(packet);
672
673	return 0;
674err:
675	wpa_printf(MSG_DEBUG, "FT: Failed to send sequence number request");
676	if (item) {
677		os_free(item->auth);
678		bin_clear_free(item->enc, item->enc_len);
679		os_free(item);
680	}
681
682	return -1;
683}
684
685
686#define FT_RRB_SEQ_OK    0
687#define FT_RRB_SEQ_DROP  1
688#define FT_RRB_SEQ_DEFER 2
689
690static int
691wpa_ft_rrb_seq_chk(struct ft_remote_seq *rkh_seq, const u8 *src_addr,
692		   const u8 *enc, size_t enc_len,
693		   const u8 *auth, size_t auth_len,
694		   const char *msgtype, int no_defer)
695{
696	const u8 *f_seq;
697	size_t f_seq_len;
698	const struct ft_rrb_seq *msg_both;
699	u32 msg_seq, msg_off, rkh_off;
700	struct os_reltime now;
701	unsigned int i;
702
703	RRB_GET_AUTH(FT_RRB_SEQ, seq, msgtype, sizeof(*msg_both));
704	wpa_hexdump(MSG_DEBUG, "FT: sequence number", f_seq, f_seq_len);
705	msg_both = (const struct ft_rrb_seq *) f_seq;
706
707	if (rkh_seq->rx.num_last == 0) {
708		/* first packet from remote */
709		goto defer;
710	}
711
712	if (le_to_host32(msg_both->dom) != rkh_seq->rx.dom) {
713		/* remote might have rebooted */
714		goto defer;
715	}
716
717	if (os_get_reltime(&now) == 0) {
718		u32 msg_ts_now_remote, msg_ts_off;
719		struct os_reltime now_remote;
720
721		os_reltime_sub(&now, &rkh_seq->rx.time_offset, &now_remote);
722		msg_ts_now_remote = now_remote.sec;
723		msg_ts_off = le_to_host32(msg_both->ts) -
724			(msg_ts_now_remote - ftRRBseqTimeout);
725		if (msg_ts_off > 2 * ftRRBseqTimeout)
726			goto defer;
727	}
728
729	msg_seq = le_to_host32(msg_both->seq);
730	rkh_off = rkh_seq->rx.last[rkh_seq->rx.offsetidx];
731	msg_off = msg_seq - rkh_off;
732	if (msg_off > 0xC0000000)
733		goto out; /* too old message, drop it */
734
735	if (msg_off <= 0x40000000) {
736		for (i = 0; i < rkh_seq->rx.num_last; i++) {
737			if (rkh_seq->rx.last[i] == msg_seq)
738				goto out; /* duplicate message, drop it */
739		}
740
741		return FT_RRB_SEQ_OK;
742	}
743
744defer:
745	if (no_defer)
746		goto out;
747
748	wpa_printf(MSG_DEBUG, "FT: Possibly invalid sequence number in %s from "
749		   MACSTR, msgtype, MAC2STR(src_addr));
750
751	return FT_RRB_SEQ_DEFER;
752out:
753	wpa_printf(MSG_DEBUG, "FT: Invalid sequence number in %s from " MACSTR,
754		   msgtype, MAC2STR(src_addr));
755
756	return FT_RRB_SEQ_DROP;
757}
758
759
760static void
761wpa_ft_rrb_seq_accept(struct wpa_authenticator *wpa_auth,
762		      struct ft_remote_seq *rkh_seq, const u8 *src_addr,
763		      const u8 *auth, size_t auth_len,
764		      const char *msgtype)
765{
766	const u8 *f_seq;
767	size_t f_seq_len;
768	const struct ft_rrb_seq *msg_both;
769	u32 msg_seq, msg_off, min_off, rkh_off;
770	int minidx = 0;
771	unsigned int i;
772
773	RRB_GET_AUTH(FT_RRB_SEQ, seq, msgtype, sizeof(*msg_both));
774	msg_both = (const struct ft_rrb_seq *) f_seq;
775
776	msg_seq = le_to_host32(msg_both->seq);
777
778	if (rkh_seq->rx.num_last < FT_REMOTE_SEQ_BACKLOG) {
779		rkh_seq->rx.last[rkh_seq->rx.num_last] = msg_seq;
780		rkh_seq->rx.num_last++;
781		return;
782	}
783
784	rkh_off = rkh_seq->rx.last[rkh_seq->rx.offsetidx];
785	for (i = 0; i < rkh_seq->rx.num_last; i++) {
786		msg_off = rkh_seq->rx.last[i] - rkh_off;
787		min_off = rkh_seq->rx.last[minidx] - rkh_off;
788		if (msg_off < min_off && i != rkh_seq->rx.offsetidx)
789			minidx = i;
790	}
791	rkh_seq->rx.last[rkh_seq->rx.offsetidx] = msg_seq;
792	rkh_seq->rx.offsetidx = minidx;
793
794	return;
795out:
796	/* RRB_GET_AUTH should never fail here as
797	 * wpa_ft_rrb_seq_chk() verified FT_RRB_SEQ presence. */
798	wpa_printf(MSG_ERROR, "FT: %s() failed", __func__);
799}
800
801
802static int wpa_ft_new_seq(struct ft_remote_seq *rkh_seq,
803			  struct ft_rrb_seq *f_seq)
804{
805	struct os_reltime now;
806
807	if (os_get_reltime(&now) < 0)
808		return -1;
809
810	if (!rkh_seq->tx.dom) {
811		if (random_get_bytes((u8 *) &rkh_seq->tx.seq,
812				     sizeof(rkh_seq->tx.seq))) {
813			wpa_printf(MSG_ERROR,
814				   "FT: Failed to get random data for sequence number initialization");
815			rkh_seq->tx.seq = now.usec;
816		}
817		if (random_get_bytes((u8 *) &rkh_seq->tx.dom,
818				     sizeof(rkh_seq->tx.dom))) {
819			wpa_printf(MSG_ERROR,
820				   "FT: Failed to get random data for sequence number initialization");
821			rkh_seq->tx.dom = now.usec;
822		}
823		rkh_seq->tx.dom |= 1;
824	}
825
826	f_seq->dom = host_to_le32(rkh_seq->tx.dom);
827	f_seq->seq = host_to_le32(rkh_seq->tx.seq);
828	f_seq->ts = host_to_le32(now.sec);
829
830	rkh_seq->tx.seq++;
831
832	return 0;
833}
834
835
836struct wpa_ft_pmk_r0_sa {
837	struct wpa_ft_pmk_r0_sa *next;
838	u8 pmk_r0[PMK_LEN];
839	u8 pmk_r0_name[WPA_PMK_NAME_LEN];
840	u8 spa[ETH_ALEN];
841	int pairwise; /* Pairwise cipher suite, WPA_CIPHER_* */
842	/* TODO: expiration, identity, radius_class, EAP type, VLAN ID */
843	int pmk_r1_pushed;
844};
845
846struct wpa_ft_pmk_r1_sa {
847	struct wpa_ft_pmk_r1_sa *next;
848	u8 pmk_r1[PMK_LEN];
849	u8 pmk_r1_name[WPA_PMK_NAME_LEN];
850	u8 spa[ETH_ALEN];
851	int pairwise; /* Pairwise cipher suite, WPA_CIPHER_* */
852	/* TODO: expiration, identity, radius_class, EAP type, VLAN ID */
853};
854
855struct wpa_ft_pmk_cache {
856	struct wpa_ft_pmk_r0_sa *pmk_r0;
857	struct wpa_ft_pmk_r1_sa *pmk_r1;
858};
859
860struct wpa_ft_pmk_cache * wpa_ft_pmk_cache_init(void)
861{
862	struct wpa_ft_pmk_cache *cache;
863
864	cache = os_zalloc(sizeof(*cache));
865
866	return cache;
867}
868
869
870void wpa_ft_pmk_cache_deinit(struct wpa_ft_pmk_cache *cache)
871{
872	struct wpa_ft_pmk_r0_sa *r0, *r0prev;
873	struct wpa_ft_pmk_r1_sa *r1, *r1prev;
874
875	r0 = cache->pmk_r0;
876	while (r0) {
877		r0prev = r0;
878		r0 = r0->next;
879		os_memset(r0prev->pmk_r0, 0, PMK_LEN);
880		os_free(r0prev);
881	}
882
883	r1 = cache->pmk_r1;
884	while (r1) {
885		r1prev = r1;
886		r1 = r1->next;
887		os_memset(r1prev->pmk_r1, 0, PMK_LEN);
888		os_free(r1prev);
889	}
890
891	os_free(cache);
892}
893
894
895int wpa_ft_store_pmk_r0(struct wpa_authenticator *wpa_auth,
896			const u8 *spa, const u8 *pmk_r0,
897			const u8 *pmk_r0_name, int pairwise)
898{
899	struct wpa_ft_pmk_cache *cache = wpa_auth->ft_pmk_cache;
900	struct wpa_ft_pmk_r0_sa *r0;
901
902	/* TODO: add expiration and limit on number of entries in cache */
903
904	r0 = os_zalloc(sizeof(*r0));
905	if (r0 == NULL)
906		return -1;
907
908	os_memcpy(r0->pmk_r0, pmk_r0, PMK_LEN);
909	os_memcpy(r0->pmk_r0_name, pmk_r0_name, WPA_PMK_NAME_LEN);
910	os_memcpy(r0->spa, spa, ETH_ALEN);
911	r0->pairwise = pairwise;
912
913	r0->next = cache->pmk_r0;
914	cache->pmk_r0 = r0;
915
916	return 0;
917}
918
919
920static int wpa_ft_fetch_pmk_r0(struct wpa_authenticator *wpa_auth,
921			       const u8 *spa, const u8 *pmk_r0_name,
922			       const struct wpa_ft_pmk_r0_sa **r0_out)
923{
924	struct wpa_ft_pmk_cache *cache = wpa_auth->ft_pmk_cache;
925	struct wpa_ft_pmk_r0_sa *r0;
926
927	r0 = cache->pmk_r0;
928	while (r0) {
929		if (os_memcmp(r0->spa, spa, ETH_ALEN) == 0 &&
930		    os_memcmp_const(r0->pmk_r0_name, pmk_r0_name,
931				    WPA_PMK_NAME_LEN) == 0) {
932			*r0_out = r0;
933			return 0;
934		}
935
936		r0 = r0->next;
937	}
938
939	*r0_out = NULL;
940	return -1;
941}
942
943
944static int wpa_ft_store_pmk_r1(struct wpa_authenticator *wpa_auth,
945			       const u8 *spa, const u8 *pmk_r1,
946			       const u8 *pmk_r1_name, int pairwise)
947{
948	struct wpa_ft_pmk_cache *cache = wpa_auth->ft_pmk_cache;
949	struct wpa_ft_pmk_r1_sa *r1;
950
951	/* TODO: add expiration and limit on number of entries in cache */
952
953	r1 = os_zalloc(sizeof(*r1));
954	if (r1 == NULL)
955		return -1;
956
957	os_memcpy(r1->pmk_r1, pmk_r1, PMK_LEN);
958	os_memcpy(r1->pmk_r1_name, pmk_r1_name, WPA_PMK_NAME_LEN);
959	os_memcpy(r1->spa, spa, ETH_ALEN);
960	r1->pairwise = pairwise;
961
962	r1->next = cache->pmk_r1;
963	cache->pmk_r1 = r1;
964
965	return 0;
966}
967
968
969static int wpa_ft_fetch_pmk_r1(struct wpa_authenticator *wpa_auth,
970			       const u8 *spa, const u8 *pmk_r1_name,
971			       u8 *pmk_r1, int *pairwise)
972{
973	struct wpa_ft_pmk_cache *cache = wpa_auth->ft_pmk_cache;
974	struct wpa_ft_pmk_r1_sa *r1;
975
976	r1 = cache->pmk_r1;
977	while (r1) {
978		if (os_memcmp(r1->spa, spa, ETH_ALEN) == 0 &&
979		    os_memcmp_const(r1->pmk_r1_name, pmk_r1_name,
980				    WPA_PMK_NAME_LEN) == 0) {
981			os_memcpy(pmk_r1, r1->pmk_r1, PMK_LEN);
982			if (pairwise)
983				*pairwise = r1->pairwise;
984			return 0;
985		}
986
987		r1 = r1->next;
988	}
989
990	return -1;
991}
992
993
994static int wpa_ft_rrb_init_r0kh_seq(struct ft_remote_r0kh *r0kh)
995{
996	if (r0kh->seq)
997		return 0;
998
999	r0kh->seq = os_zalloc(sizeof(*r0kh->seq));
1000	if (!r0kh->seq) {
1001		wpa_printf(MSG_DEBUG, "FT: Failed to allocate r0kh->seq");
1002		return -1;
1003	}
1004
1005	dl_list_init(&r0kh->seq->rx.queue);
1006
1007	return 0;
1008}
1009
1010
1011static void wpa_ft_rrb_lookup_r0kh(struct wpa_authenticator *wpa_auth,
1012				   const u8 *f_r0kh_id, size_t f_r0kh_id_len,
1013				   struct ft_remote_r0kh **r0kh_out,
1014				   struct ft_remote_r0kh **r0kh_wildcard)
1015{
1016	struct ft_remote_r0kh *r0kh;
1017
1018	*r0kh_wildcard = NULL;
1019	*r0kh_out = NULL;
1020
1021	if (wpa_auth->conf.r0kh_list)
1022		r0kh = *wpa_auth->conf.r0kh_list;
1023	else
1024		r0kh = NULL;
1025	for (; r0kh; r0kh = r0kh->next) {
1026		if (r0kh->id_len == 1 && r0kh->id[0] == '*')
1027			*r0kh_wildcard = r0kh;
1028		if (f_r0kh_id && r0kh->id_len == f_r0kh_id_len &&
1029		    os_memcmp_const(f_r0kh_id, r0kh->id, f_r0kh_id_len) == 0)
1030			*r0kh_out = r0kh;
1031	}
1032
1033	if (!*r0kh_out && !*r0kh_wildcard)
1034		wpa_printf(MSG_DEBUG, "FT: No matching R0KH found");
1035
1036	if (*r0kh_out && wpa_ft_rrb_init_r0kh_seq(*r0kh_out) < 0)
1037		*r0kh_out = NULL;
1038}
1039
1040
1041static int wpa_ft_rrb_init_r1kh_seq(struct ft_remote_r1kh *r1kh)
1042{
1043	if (r1kh->seq)
1044		return 0;
1045
1046	r1kh->seq = os_zalloc(sizeof(*r1kh->seq));
1047	if (!r1kh->seq) {
1048		wpa_printf(MSG_DEBUG, "FT: Failed to allocate r1kh->seq");
1049		return -1;
1050	}
1051
1052	dl_list_init(&r1kh->seq->rx.queue);
1053
1054	return 0;
1055}
1056
1057
1058static void wpa_ft_rrb_lookup_r1kh(struct wpa_authenticator *wpa_auth,
1059				   const u8 *f_r1kh_id,
1060				   struct ft_remote_r1kh **r1kh_out,
1061				   struct ft_remote_r1kh **r1kh_wildcard)
1062{
1063	struct ft_remote_r1kh *r1kh;
1064
1065	*r1kh_wildcard = NULL;
1066	*r1kh_out = NULL;
1067
1068	if (wpa_auth->conf.r1kh_list)
1069		r1kh = *wpa_auth->conf.r1kh_list;
1070	else
1071		r1kh = NULL;
1072	for (; r1kh; r1kh = r1kh->next) {
1073		if (is_zero_ether_addr(r1kh->addr) &&
1074		    is_zero_ether_addr(r1kh->id))
1075			*r1kh_wildcard = r1kh;
1076		if (f_r1kh_id &&
1077		    os_memcmp_const(r1kh->id, f_r1kh_id, FT_R1KH_ID_LEN) == 0)
1078			*r1kh_out = r1kh;
1079	}
1080
1081	if (!*r1kh_out && !*r1kh_wildcard)
1082		wpa_printf(MSG_DEBUG, "FT: No matching R1KH found");
1083
1084	if (*r1kh_out && wpa_ft_rrb_init_r1kh_seq(*r1kh_out) < 0)
1085		*r1kh_out = NULL;
1086}
1087
1088
1089static int wpa_ft_rrb_check_r0kh(struct wpa_authenticator *wpa_auth,
1090				 const u8 *f_r0kh_id, size_t f_r0kh_id_len)
1091{
1092	if (f_r0kh_id_len != wpa_auth->conf.r0_key_holder_len ||
1093	    os_memcmp_const(f_r0kh_id, wpa_auth->conf.r0_key_holder,
1094			    f_r0kh_id_len) != 0)
1095		return -1;
1096
1097	return 0;
1098}
1099
1100
1101static int wpa_ft_rrb_check_r1kh(struct wpa_authenticator *wpa_auth,
1102				 const u8 *f_r1kh_id)
1103{
1104	if (os_memcmp_const(f_r1kh_id, wpa_auth->conf.r1_key_holder,
1105			    FT_R1KH_ID_LEN) != 0)
1106		return -1;
1107
1108	return 0;
1109}
1110
1111
1112static void wpa_ft_rrb_del_r0kh(void *eloop_ctx, void *timeout_ctx)
1113{
1114	struct wpa_authenticator *wpa_auth = eloop_ctx;
1115	struct ft_remote_r0kh *r0kh, *prev = NULL;
1116
1117	if (!wpa_auth->conf.r0kh_list)
1118		return;
1119
1120	for (r0kh = *wpa_auth->conf.r0kh_list; r0kh; r0kh = r0kh->next) {
1121		if (r0kh == timeout_ctx)
1122			break;
1123		prev = r0kh;
1124	}
1125	if (!r0kh)
1126		return;
1127	if (prev)
1128		prev->next = r0kh->next;
1129	else
1130		*wpa_auth->conf.r0kh_list = r0kh->next;
1131	if (r0kh->seq)
1132		wpa_ft_rrb_seq_flush(wpa_auth, r0kh->seq, 0);
1133	os_free(r0kh->seq);
1134	os_free(r0kh);
1135}
1136
1137
1138static void wpa_ft_rrb_r0kh_replenish(struct wpa_authenticator *wpa_auth,
1139				      struct ft_remote_r0kh *r0kh, int timeout)
1140{
1141	if (timeout > 0)
1142		eloop_replenish_timeout(timeout, 0, wpa_ft_rrb_del_r0kh,
1143					wpa_auth, r0kh);
1144}
1145
1146
1147static void wpa_ft_rrb_r0kh_timeout(struct wpa_authenticator *wpa_auth,
1148				    struct ft_remote_r0kh *r0kh, int timeout)
1149{
1150	eloop_cancel_timeout(wpa_ft_rrb_del_r0kh, wpa_auth, r0kh);
1151
1152	if (timeout > 0)
1153		eloop_register_timeout(timeout, 0, wpa_ft_rrb_del_r0kh,
1154				       wpa_auth, r0kh);
1155}
1156
1157
1158static struct ft_remote_r0kh *
1159wpa_ft_rrb_add_r0kh(struct wpa_authenticator *wpa_auth,
1160		    struct ft_remote_r0kh *r0kh_wildcard,
1161		    const u8 *src_addr, const u8 *r0kh_id, size_t id_len,
1162		    int timeout)
1163{
1164	struct ft_remote_r0kh *r0kh;
1165
1166	if (!wpa_auth->conf.r0kh_list)
1167		return NULL;
1168
1169	r0kh = os_zalloc(sizeof(*r0kh));
1170	if (!r0kh)
1171		return NULL;
1172
1173	if (src_addr)
1174		os_memcpy(r0kh->addr, src_addr, sizeof(r0kh->addr));
1175
1176	if (id_len > FT_R0KH_ID_MAX_LEN)
1177		id_len = FT_R0KH_ID_MAX_LEN;
1178	os_memcpy(r0kh->id, r0kh_id, id_len);
1179	r0kh->id_len = id_len;
1180
1181	os_memcpy(r0kh->key, r0kh_wildcard->key, sizeof(r0kh->key));
1182
1183	r0kh->next = *wpa_auth->conf.r0kh_list;
1184	*wpa_auth->conf.r0kh_list = r0kh;
1185
1186	if (timeout > 0)
1187		eloop_register_timeout(timeout, 0, wpa_ft_rrb_del_r0kh,
1188				       wpa_auth, r0kh);
1189
1190	if (wpa_ft_rrb_init_r0kh_seq(r0kh) < 0)
1191		return NULL;
1192
1193	return r0kh;
1194}
1195
1196
1197static void wpa_ft_rrb_del_r1kh(void *eloop_ctx, void *timeout_ctx)
1198{
1199	struct wpa_authenticator *wpa_auth = eloop_ctx;
1200	struct ft_remote_r1kh *r1kh, *prev = NULL;
1201
1202	if (!wpa_auth->conf.r1kh_list)
1203		return;
1204
1205	for (r1kh = *wpa_auth->conf.r1kh_list; r1kh; r1kh = r1kh->next) {
1206		if (r1kh == timeout_ctx)
1207			break;
1208		prev = r1kh;
1209	}
1210	if (!r1kh)
1211		return;
1212	if (prev)
1213		prev->next = r1kh->next;
1214	else
1215		*wpa_auth->conf.r1kh_list = r1kh->next;
1216	if (r1kh->seq)
1217		wpa_ft_rrb_seq_flush(wpa_auth, r1kh->seq, 0);
1218	os_free(r1kh->seq);
1219	os_free(r1kh);
1220}
1221
1222
1223static void wpa_ft_rrb_r1kh_replenish(struct wpa_authenticator *wpa_auth,
1224				      struct ft_remote_r1kh *r1kh, int timeout)
1225{
1226	if (timeout > 0)
1227		eloop_replenish_timeout(timeout, 0, wpa_ft_rrb_del_r1kh,
1228					wpa_auth, r1kh);
1229}
1230
1231
1232static struct ft_remote_r1kh *
1233wpa_ft_rrb_add_r1kh(struct wpa_authenticator *wpa_auth,
1234		    struct ft_remote_r1kh *r1kh_wildcard,
1235		    const u8 *src_addr, const u8 *r1kh_id, int timeout)
1236{
1237	struct ft_remote_r1kh *r1kh;
1238
1239	if (!wpa_auth->conf.r1kh_list)
1240		return NULL;
1241
1242	r1kh = os_zalloc(sizeof(*r1kh));
1243	if (!r1kh)
1244		return NULL;
1245
1246	os_memcpy(r1kh->addr, src_addr, sizeof(r1kh->addr));
1247	os_memcpy(r1kh->id, r1kh_id, sizeof(r1kh->id));
1248	os_memcpy(r1kh->key, r1kh_wildcard->key, sizeof(r1kh->key));
1249	r1kh->next = *wpa_auth->conf.r1kh_list;
1250	*wpa_auth->conf.r1kh_list = r1kh;
1251
1252	if (timeout > 0)
1253		eloop_register_timeout(timeout, 0, wpa_ft_rrb_del_r1kh,
1254				       wpa_auth, r1kh);
1255
1256	if (wpa_ft_rrb_init_r1kh_seq(r1kh) < 0)
1257		return NULL;
1258
1259	return r1kh;
1260}
1261
1262
1263void wpa_ft_sta_deinit(struct wpa_state_machine *sm)
1264{
1265	eloop_cancel_timeout(wpa_ft_expire_pull, sm, NULL);
1266}
1267
1268
1269static void wpa_ft_deinit_seq(struct wpa_authenticator *wpa_auth)
1270{
1271	struct ft_remote_r0kh *r0kh;
1272	struct ft_remote_r1kh *r1kh;
1273
1274	eloop_cancel_timeout(wpa_ft_rrb_seq_timeout, wpa_auth, ELOOP_ALL_CTX);
1275
1276	if (wpa_auth->conf.r0kh_list)
1277		r0kh = *wpa_auth->conf.r0kh_list;
1278	else
1279		r0kh = NULL;
1280	for (; r0kh; r0kh = r0kh->next) {
1281		if (!r0kh->seq)
1282			continue;
1283		wpa_ft_rrb_seq_flush(wpa_auth, r0kh->seq, 0);
1284		os_free(r0kh->seq);
1285		r0kh->seq = NULL;
1286	}
1287
1288	if (wpa_auth->conf.r1kh_list)
1289		r1kh = *wpa_auth->conf.r1kh_list;
1290	else
1291		r1kh = NULL;
1292	for (; r1kh; r1kh = r1kh->next) {
1293		if (!r1kh->seq)
1294			continue;
1295		wpa_ft_rrb_seq_flush(wpa_auth, r1kh->seq, 0);
1296		os_free(r1kh->seq);
1297		r1kh->seq = NULL;
1298	}
1299}
1300
1301
1302static void wpa_ft_deinit_rkh_tmp(struct wpa_authenticator *wpa_auth)
1303{
1304	struct ft_remote_r0kh *r0kh, *r0kh_next, *r0kh_prev = NULL;
1305	struct ft_remote_r1kh *r1kh, *r1kh_next, *r1kh_prev = NULL;
1306
1307	if (wpa_auth->conf.r0kh_list)
1308		r0kh = *wpa_auth->conf.r0kh_list;
1309	else
1310		r0kh = NULL;
1311	while (r0kh) {
1312		r0kh_next = r0kh->next;
1313		if (eloop_cancel_timeout(wpa_ft_rrb_del_r0kh, wpa_auth,
1314					 r0kh) > 0) {
1315			if (r0kh_prev)
1316				r0kh_prev->next = r0kh_next;
1317			else
1318				*wpa_auth->conf.r0kh_list = r0kh_next;
1319			os_free(r0kh);
1320		} else {
1321			r0kh_prev = r0kh;
1322		}
1323		r0kh = r0kh_next;
1324	}
1325
1326	if (wpa_auth->conf.r1kh_list)
1327		r1kh = *wpa_auth->conf.r1kh_list;
1328	else
1329		r1kh = NULL;
1330	while (r1kh) {
1331		r1kh_next = r1kh->next;
1332		if (eloop_cancel_timeout(wpa_ft_rrb_del_r1kh, wpa_auth,
1333					 r1kh) > 0) {
1334			if (r1kh_prev)
1335				r1kh_prev->next = r1kh_next;
1336			else
1337				*wpa_auth->conf.r1kh_list = r1kh_next;
1338			os_free(r1kh);
1339		} else {
1340			r1kh_prev = r1kh;
1341		}
1342		r1kh = r1kh_next;
1343	}
1344}
1345
1346
1347void wpa_ft_deinit(struct wpa_authenticator *wpa_auth)
1348{
1349	wpa_ft_deinit_seq(wpa_auth);
1350	wpa_ft_deinit_rkh_tmp(wpa_auth);
1351}
1352
1353
1354static void wpa_ft_block_r0kh(struct wpa_authenticator *wpa_auth,
1355			      const u8 *f_r0kh_id, size_t f_r0kh_id_len)
1356{
1357	struct ft_remote_r0kh *r0kh, *r0kh_wildcard;
1358
1359	if (!wpa_auth->conf.rkh_neg_timeout)
1360		return;
1361
1362	wpa_ft_rrb_lookup_r0kh(wpa_auth, f_r0kh_id, f_r0kh_id_len,
1363			       &r0kh, &r0kh_wildcard);
1364
1365	if (!r0kh_wildcard) {
1366		/* r0kh removed after neg_timeout and might need re-adding */
1367		return;
1368	}
1369
1370	wpa_hexdump(MSG_DEBUG, "FT: Blacklist R0KH-ID",
1371		    f_r0kh_id, f_r0kh_id_len);
1372
1373	if (r0kh) {
1374		wpa_ft_rrb_r0kh_timeout(wpa_auth, r0kh,
1375					wpa_auth->conf.rkh_neg_timeout);
1376		os_memset(r0kh->addr, 0, ETH_ALEN);
1377	} else
1378		wpa_ft_rrb_add_r0kh(wpa_auth, r0kh_wildcard, NULL, f_r0kh_id,
1379				    f_r0kh_id_len,
1380				    wpa_auth->conf.rkh_neg_timeout);
1381}
1382
1383
1384static void wpa_ft_expire_pull(void *eloop_ctx, void *timeout_ctx)
1385{
1386	struct wpa_state_machine *sm = eloop_ctx;
1387
1388	wpa_printf(MSG_DEBUG, "FT: Timeout pending pull request for " MACSTR,
1389		   MAC2STR(sm->addr));
1390	if (sm->ft_pending_pull_left_retries <= 0)
1391		wpa_ft_block_r0kh(sm->wpa_auth, sm->r0kh_id, sm->r0kh_id_len);
1392
1393	/* cancel multiple timeouts */
1394	eloop_cancel_timeout(wpa_ft_expire_pull, sm, NULL);
1395	ft_finish_pull(sm);
1396}
1397
1398
1399static int wpa_ft_pull_pmk_r1(struct wpa_state_machine *sm,
1400			      const u8 *ies, size_t ies_len,
1401			      const u8 *pmk_r0_name)
1402{
1403	struct ft_remote_r0kh *r0kh, *r0kh_wildcard;
1404	u8 *packet = NULL;
1405	const u8 *key, *f_r1kh_id = sm->wpa_auth->conf.r1_key_holder;
1406	size_t packet_len, key_len;
1407	struct ft_rrb_seq f_seq;
1408	int tsecs, tusecs, first;
1409	struct wpabuf *ft_pending_req_ies;
1410	int r0kh_timeout;
1411	struct tlv_list req_enc[] = {
1412		{ .type = FT_RRB_PMK_R0_NAME, .len = WPA_PMK_NAME_LEN,
1413		  .data = pmk_r0_name },
1414		{ .type = FT_RRB_S1KH_ID, .len = ETH_ALEN,
1415		  .data = sm->addr },
1416		{ .type = FT_RRB_LAST_EMPTY, .len = 0, .data = NULL },
1417	};
1418	struct tlv_list req_auth[] = {
1419		{ .type = FT_RRB_NONCE, .len = FT_RRB_NONCE_LEN,
1420		  .data = sm->ft_pending_pull_nonce },
1421		{ .type = FT_RRB_SEQ, .len = sizeof(f_seq),
1422		  .data = (u8 *) &f_seq },
1423		{ .type = FT_RRB_R0KH_ID, .len = sm->r0kh_id_len,
1424		  .data = sm->r0kh_id },
1425		{ .type = FT_RRB_R1KH_ID, .len = FT_R1KH_ID_LEN,
1426		  .data = f_r1kh_id },
1427		{ .type = FT_RRB_LAST_EMPTY, .len = 0, .data = NULL },
1428	};
1429
1430	if (sm->ft_pending_pull_left_retries <= 0)
1431		return -1;
1432	first = sm->ft_pending_pull_left_retries ==
1433		sm->wpa_auth->conf.rkh_pull_retries;
1434	sm->ft_pending_pull_left_retries--;
1435
1436	wpa_ft_rrb_lookup_r0kh(sm->wpa_auth, sm->r0kh_id, sm->r0kh_id_len,
1437			       &r0kh, &r0kh_wildcard);
1438
1439	/* Keep r0kh sufficiently long in the list for seq num check */
1440	r0kh_timeout = sm->wpa_auth->conf.rkh_pull_timeout / 1000 +
1441		1 + ftRRBseqTimeout;
1442	if (r0kh) {
1443		wpa_ft_rrb_r0kh_replenish(sm->wpa_auth, r0kh, r0kh_timeout);
1444	} else if (r0kh_wildcard) {
1445		wpa_printf(MSG_DEBUG, "FT: Using wildcard R0KH-ID");
1446		/* r0kh->addr: updated by SEQ_RESP and wpa_ft_expire_pull */
1447		r0kh = wpa_ft_rrb_add_r0kh(sm->wpa_auth, r0kh_wildcard,
1448					   r0kh_wildcard->addr,
1449					   sm->r0kh_id, sm->r0kh_id_len,
1450					   r0kh_timeout);
1451	}
1452	if (r0kh == NULL) {
1453		wpa_hexdump(MSG_DEBUG, "FT: Did not find R0KH-ID",
1454			    sm->r0kh_id, sm->r0kh_id_len);
1455		return -1;
1456	}
1457	if (is_zero_ether_addr(r0kh->addr)) {
1458		wpa_hexdump(MSG_DEBUG, "FT: R0KH-ID is blacklisted",
1459			    sm->r0kh_id, sm->r0kh_id_len);
1460		return -1;
1461	}
1462
1463	key = r0kh->key;
1464	key_len = sizeof(r0kh->key);
1465
1466	wpa_printf(MSG_DEBUG, "FT: Send PMK-R1 pull request to remote R0KH "
1467		   "address " MACSTR, MAC2STR(r0kh->addr));
1468
1469	if (r0kh->seq->rx.num_last == 0) {
1470		/* A sequence request will be sent out anyway when pull
1471		 * response is received. Send it out now to avoid one RTT. */
1472		wpa_ft_rrb_seq_req(sm->wpa_auth, r0kh->seq, r0kh->addr,
1473				   r0kh->id, r0kh->id_len, f_r1kh_id, key,
1474				   key_len, NULL, 0, NULL, 0, NULL);
1475	}
1476
1477	if (first &&
1478	    random_get_bytes(sm->ft_pending_pull_nonce, FT_RRB_NONCE_LEN) < 0) {
1479		wpa_printf(MSG_DEBUG, "FT: Failed to get random data for "
1480			   "nonce");
1481		return -1;
1482	}
1483
1484	if (wpa_ft_new_seq(r0kh->seq, &f_seq) < 0) {
1485		wpa_printf(MSG_DEBUG, "FT: Failed to get seq num");
1486		return -1;
1487	}
1488
1489	if (wpa_ft_rrb_build(key, key_len, req_enc, NULL, req_auth,
1490			     sm->wpa_auth->addr, FT_PACKET_R0KH_R1KH_PULL,
1491			     &packet, &packet_len) < 0)
1492		return -1;
1493
1494	ft_pending_req_ies = wpabuf_alloc_copy(ies, ies_len);
1495	wpabuf_free(sm->ft_pending_req_ies);
1496	sm->ft_pending_req_ies = ft_pending_req_ies;
1497	if (!sm->ft_pending_req_ies) {
1498		os_free(packet);
1499		return -1;
1500	}
1501
1502	tsecs = sm->wpa_auth->conf.rkh_pull_timeout / 1000;
1503	tusecs = (sm->wpa_auth->conf.rkh_pull_timeout % 1000) * 1000;
1504	eloop_register_timeout(tsecs, tusecs, wpa_ft_expire_pull, sm, NULL);
1505
1506	wpa_ft_rrb_oui_send(sm->wpa_auth, r0kh->addr, FT_PACKET_R0KH_R1KH_PULL,
1507			    packet, packet_len);
1508
1509	os_free(packet);
1510
1511	return 0;
1512}
1513
1514
1515int wpa_auth_derive_ptk_ft(struct wpa_state_machine *sm, const u8 *pmk,
1516			   struct wpa_ptk *ptk)
1517{
1518	u8 pmk_r0[PMK_LEN], pmk_r0_name[WPA_PMK_NAME_LEN];
1519	u8 pmk_r1[PMK_LEN];
1520	u8 ptk_name[WPA_PMK_NAME_LEN];
1521	const u8 *mdid = sm->wpa_auth->conf.mobility_domain;
1522	const u8 *r0kh = sm->wpa_auth->conf.r0_key_holder;
1523	size_t r0kh_len = sm->wpa_auth->conf.r0_key_holder_len;
1524	const u8 *r1kh = sm->wpa_auth->conf.r1_key_holder;
1525	const u8 *ssid = sm->wpa_auth->conf.ssid;
1526	size_t ssid_len = sm->wpa_auth->conf.ssid_len;
1527	int psk_local = sm->wpa_auth->conf.ft_psk_generate_local;
1528
1529	if (sm->xxkey_len == 0) {
1530		wpa_printf(MSG_DEBUG, "FT: XXKey not available for key "
1531			   "derivation");
1532		return -1;
1533	}
1534
1535	if (wpa_derive_pmk_r0(sm->xxkey, sm->xxkey_len, ssid, ssid_len, mdid,
1536			      r0kh, r0kh_len, sm->addr,
1537			      pmk_r0, pmk_r0_name) < 0)
1538		return -1;
1539	wpa_hexdump_key(MSG_DEBUG, "FT: PMK-R0", pmk_r0, PMK_LEN);
1540	wpa_hexdump(MSG_DEBUG, "FT: PMKR0Name", pmk_r0_name, WPA_PMK_NAME_LEN);
1541	if (!psk_local || !wpa_key_mgmt_ft_psk(sm->wpa_key_mgmt))
1542		wpa_ft_store_pmk_r0(sm->wpa_auth, sm->addr, pmk_r0, pmk_r0_name,
1543				    sm->pairwise);
1544
1545	if (wpa_derive_pmk_r1(pmk_r0, pmk_r0_name, r1kh, sm->addr,
1546			      pmk_r1, sm->pmk_r1_name) < 0)
1547		return -1;
1548	wpa_hexdump_key(MSG_DEBUG, "FT: PMK-R1", pmk_r1, PMK_LEN);
1549	wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name", sm->pmk_r1_name,
1550		    WPA_PMK_NAME_LEN);
1551	if (!psk_local || !wpa_key_mgmt_ft_psk(sm->wpa_key_mgmt))
1552		wpa_ft_store_pmk_r1(sm->wpa_auth, sm->addr, pmk_r1,
1553				    sm->pmk_r1_name, sm->pairwise);
1554
1555	return wpa_pmk_r1_to_ptk(pmk_r1, sm->SNonce, sm->ANonce, sm->addr,
1556				 sm->wpa_auth->addr, sm->pmk_r1_name,
1557				 ptk, ptk_name, sm->wpa_key_mgmt, sm->pairwise);
1558}
1559
1560
1561static inline int wpa_auth_get_seqnum(struct wpa_authenticator *wpa_auth,
1562				      const u8 *addr, int idx, u8 *seq)
1563{
1564	if (wpa_auth->cb->get_seqnum == NULL)
1565		return -1;
1566	return wpa_auth->cb->get_seqnum(wpa_auth->cb_ctx, addr, idx, seq);
1567}
1568
1569
1570static u8 * wpa_ft_gtk_subelem(struct wpa_state_machine *sm, size_t *len)
1571{
1572	u8 *subelem;
1573	struct wpa_group *gsm = sm->group;
1574	size_t subelem_len, pad_len;
1575	const u8 *key;
1576	size_t key_len;
1577	u8 keybuf[32];
1578
1579	key_len = gsm->GTK_len;
1580	if (key_len > sizeof(keybuf))
1581		return NULL;
1582
1583	/*
1584	 * Pad key for AES Key Wrap if it is not multiple of 8 bytes or is less
1585	 * than 16 bytes.
1586	 */
1587	pad_len = key_len % 8;
1588	if (pad_len)
1589		pad_len = 8 - pad_len;
1590	if (key_len + pad_len < 16)
1591		pad_len += 8;
1592	if (pad_len && key_len < sizeof(keybuf)) {
1593		os_memcpy(keybuf, gsm->GTK[gsm->GN - 1], key_len);
1594		os_memset(keybuf + key_len, 0, pad_len);
1595		keybuf[key_len] = 0xdd;
1596		key_len += pad_len;
1597		key = keybuf;
1598	} else
1599		key = gsm->GTK[gsm->GN - 1];
1600
1601	/*
1602	 * Sub-elem ID[1] | Length[1] | Key Info[2] | Key Length[1] | RSC[8] |
1603	 * Key[5..32].
1604	 */
1605	subelem_len = 13 + key_len + 8;
1606	subelem = os_zalloc(subelem_len);
1607	if (subelem == NULL)
1608		return NULL;
1609
1610	subelem[0] = FTIE_SUBELEM_GTK;
1611	subelem[1] = 11 + key_len + 8;
1612	/* Key ID in B0-B1 of Key Info */
1613	WPA_PUT_LE16(&subelem[2], gsm->GN & 0x03);
1614	subelem[4] = gsm->GTK_len;
1615	wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN, subelem + 5);
1616	if (aes_wrap(sm->PTK.kek, sm->PTK.kek_len, key_len / 8, key,
1617		     subelem + 13)) {
1618		os_free(subelem);
1619		return NULL;
1620	}
1621
1622	*len = subelem_len;
1623	return subelem;
1624}
1625
1626
1627#ifdef CONFIG_IEEE80211W
1628static u8 * wpa_ft_igtk_subelem(struct wpa_state_machine *sm, size_t *len)
1629{
1630	u8 *subelem, *pos;
1631	struct wpa_group *gsm = sm->group;
1632	size_t subelem_len;
1633
1634	/* Sub-elem ID[1] | Length[1] | KeyID[2] | IPN[6] | Key Length[1] |
1635	 * Key[16+8] */
1636	subelem_len = 1 + 1 + 2 + 6 + 1 + WPA_IGTK_LEN + 8;
1637	subelem = os_zalloc(subelem_len);
1638	if (subelem == NULL)
1639		return NULL;
1640
1641	pos = subelem;
1642	*pos++ = FTIE_SUBELEM_IGTK;
1643	*pos++ = subelem_len - 2;
1644	WPA_PUT_LE16(pos, gsm->GN_igtk);
1645	pos += 2;
1646	wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN_igtk, pos);
1647	pos += 6;
1648	*pos++ = WPA_IGTK_LEN;
1649	if (aes_wrap(sm->PTK.kek, sm->PTK.kek_len, WPA_IGTK_LEN / 8,
1650		     gsm->IGTK[gsm->GN_igtk - 4], pos)) {
1651		os_free(subelem);
1652		return NULL;
1653	}
1654
1655	*len = subelem_len;
1656	return subelem;
1657}
1658#endif /* CONFIG_IEEE80211W */
1659
1660
1661static u8 * wpa_ft_process_rdie(struct wpa_state_machine *sm,
1662				u8 *pos, u8 *end, u8 id, u8 descr_count,
1663				const u8 *ies, size_t ies_len)
1664{
1665	struct ieee802_11_elems parse;
1666	struct rsn_rdie *rdie;
1667
1668	wpa_printf(MSG_DEBUG, "FT: Resource Request: id=%d descr_count=%d",
1669		   id, descr_count);
1670	wpa_hexdump(MSG_MSGDUMP, "FT: Resource descriptor IE(s)",
1671		    ies, ies_len);
1672
1673	if (end - pos < (int) sizeof(*rdie)) {
1674		wpa_printf(MSG_ERROR, "FT: Not enough room for response RDIE");
1675		return pos;
1676	}
1677
1678	*pos++ = WLAN_EID_RIC_DATA;
1679	*pos++ = sizeof(*rdie);
1680	rdie = (struct rsn_rdie *) pos;
1681	rdie->id = id;
1682	rdie->descr_count = 0;
1683	rdie->status_code = host_to_le16(WLAN_STATUS_SUCCESS);
1684	pos += sizeof(*rdie);
1685
1686	if (ieee802_11_parse_elems((u8 *) ies, ies_len, &parse, 1) ==
1687	    ParseFailed) {
1688		wpa_printf(MSG_DEBUG, "FT: Failed to parse request IEs");
1689		rdie->status_code =
1690			host_to_le16(WLAN_STATUS_UNSPECIFIED_FAILURE);
1691		return pos;
1692	}
1693
1694	if (parse.wmm_tspec) {
1695		struct wmm_tspec_element *tspec;
1696
1697		if (parse.wmm_tspec_len + 2 < (int) sizeof(*tspec)) {
1698			wpa_printf(MSG_DEBUG, "FT: Too short WMM TSPEC IE "
1699				   "(%d)", (int) parse.wmm_tspec_len);
1700			rdie->status_code =
1701				host_to_le16(WLAN_STATUS_UNSPECIFIED_FAILURE);
1702			return pos;
1703		}
1704		if (end - pos < (int) sizeof(*tspec)) {
1705			wpa_printf(MSG_ERROR, "FT: Not enough room for "
1706				   "response TSPEC");
1707			rdie->status_code =
1708				host_to_le16(WLAN_STATUS_UNSPECIFIED_FAILURE);
1709			return pos;
1710		}
1711		tspec = (struct wmm_tspec_element *) pos;
1712		os_memcpy(tspec, parse.wmm_tspec - 2, sizeof(*tspec));
1713	}
1714
1715#ifdef NEED_AP_MLME
1716	if (parse.wmm_tspec && sm->wpa_auth->conf.ap_mlme) {
1717		int res;
1718
1719		res = wmm_process_tspec((struct wmm_tspec_element *) pos);
1720		wpa_printf(MSG_DEBUG, "FT: ADDTS processing result: %d", res);
1721		if (res == WMM_ADDTS_STATUS_INVALID_PARAMETERS)
1722			rdie->status_code =
1723				host_to_le16(WLAN_STATUS_INVALID_PARAMETERS);
1724		else if (res == WMM_ADDTS_STATUS_REFUSED)
1725			rdie->status_code =
1726				host_to_le16(WLAN_STATUS_REQUEST_DECLINED);
1727		else {
1728			/* TSPEC accepted; include updated TSPEC in response */
1729			rdie->descr_count = 1;
1730			pos += sizeof(struct wmm_tspec_element);
1731		}
1732		return pos;
1733	}
1734#endif /* NEED_AP_MLME */
1735
1736	if (parse.wmm_tspec && !sm->wpa_auth->conf.ap_mlme) {
1737		int res;
1738
1739		res = wpa_ft_add_tspec(sm->wpa_auth, sm->addr, pos,
1740				       sizeof(struct wmm_tspec_element));
1741		if (res >= 0) {
1742			if (res)
1743				rdie->status_code = host_to_le16(res);
1744			else {
1745				/* TSPEC accepted; include updated TSPEC in
1746				 * response */
1747				rdie->descr_count = 1;
1748				pos += sizeof(struct wmm_tspec_element);
1749			}
1750			return pos;
1751		}
1752	}
1753
1754	wpa_printf(MSG_DEBUG, "FT: No supported resource requested");
1755	rdie->status_code = host_to_le16(WLAN_STATUS_UNSPECIFIED_FAILURE);
1756	return pos;
1757}
1758
1759
1760static u8 * wpa_ft_process_ric(struct wpa_state_machine *sm, u8 *pos, u8 *end,
1761			       const u8 *ric, size_t ric_len)
1762{
1763	const u8 *rpos, *start;
1764	const struct rsn_rdie *rdie;
1765
1766	wpa_hexdump(MSG_MSGDUMP, "FT: RIC Request", ric, ric_len);
1767
1768	rpos = ric;
1769	while (rpos + sizeof(*rdie) < ric + ric_len) {
1770		if (rpos[0] != WLAN_EID_RIC_DATA || rpos[1] < sizeof(*rdie) ||
1771		    rpos + 2 + rpos[1] > ric + ric_len)
1772			break;
1773		rdie = (const struct rsn_rdie *) (rpos + 2);
1774		rpos += 2 + rpos[1];
1775		start = rpos;
1776
1777		while (rpos + 2 <= ric + ric_len &&
1778		       rpos + 2 + rpos[1] <= ric + ric_len) {
1779			if (rpos[0] == WLAN_EID_RIC_DATA)
1780				break;
1781			rpos += 2 + rpos[1];
1782		}
1783		pos = wpa_ft_process_rdie(sm, pos, end, rdie->id,
1784					  rdie->descr_count,
1785					  start, rpos - start);
1786	}
1787
1788	return pos;
1789}
1790
1791
1792u8 * wpa_sm_write_assoc_resp_ies(struct wpa_state_machine *sm, u8 *pos,
1793				 size_t max_len, int auth_alg,
1794				 const u8 *req_ies, size_t req_ies_len)
1795{
1796	u8 *end, *mdie, *ftie, *rsnie = NULL, *r0kh_id, *subelem = NULL;
1797	size_t mdie_len, ftie_len, rsnie_len = 0, r0kh_id_len, subelem_len = 0;
1798	int res;
1799	struct wpa_auth_config *conf;
1800	struct rsn_ftie *_ftie;
1801	struct wpa_ft_ies parse;
1802	u8 *ric_start;
1803	u8 *anonce, *snonce;
1804
1805	if (sm == NULL)
1806		return pos;
1807
1808	conf = &sm->wpa_auth->conf;
1809
1810	if (!wpa_key_mgmt_ft(sm->wpa_key_mgmt))
1811		return pos;
1812
1813	end = pos + max_len;
1814
1815	if (auth_alg == WLAN_AUTH_FT) {
1816		/*
1817		 * RSN (only present if this is a Reassociation Response and
1818		 * part of a fast BSS transition)
1819		 */
1820		res = wpa_write_rsn_ie(conf, pos, end - pos, sm->pmk_r1_name);
1821		if (res < 0)
1822			return pos;
1823		rsnie = pos;
1824		rsnie_len = res;
1825		pos += res;
1826	}
1827
1828	/* Mobility Domain Information */
1829	res = wpa_write_mdie(conf, pos, end - pos);
1830	if (res < 0)
1831		return pos;
1832	mdie = pos;
1833	mdie_len = res;
1834	pos += res;
1835
1836	/* Fast BSS Transition Information */
1837	if (auth_alg == WLAN_AUTH_FT) {
1838		subelem = wpa_ft_gtk_subelem(sm, &subelem_len);
1839		r0kh_id = sm->r0kh_id;
1840		r0kh_id_len = sm->r0kh_id_len;
1841		anonce = sm->ANonce;
1842		snonce = sm->SNonce;
1843#ifdef CONFIG_IEEE80211W
1844		if (sm->mgmt_frame_prot) {
1845			u8 *igtk;
1846			size_t igtk_len;
1847			u8 *nbuf;
1848			igtk = wpa_ft_igtk_subelem(sm, &igtk_len);
1849			if (igtk == NULL) {
1850				os_free(subelem);
1851				return pos;
1852			}
1853			nbuf = os_realloc(subelem, subelem_len + igtk_len);
1854			if (nbuf == NULL) {
1855				os_free(subelem);
1856				os_free(igtk);
1857				return pos;
1858			}
1859			subelem = nbuf;
1860			os_memcpy(subelem + subelem_len, igtk, igtk_len);
1861			subelem_len += igtk_len;
1862			os_free(igtk);
1863		}
1864#endif /* CONFIG_IEEE80211W */
1865	} else {
1866		r0kh_id = conf->r0_key_holder;
1867		r0kh_id_len = conf->r0_key_holder_len;
1868		anonce = NULL;
1869		snonce = NULL;
1870	}
1871	res = wpa_write_ftie(conf, r0kh_id, r0kh_id_len, anonce, snonce, pos,
1872			     end - pos, subelem, subelem_len);
1873	os_free(subelem);
1874	if (res < 0)
1875		return pos;
1876	ftie = pos;
1877	ftie_len = res;
1878	pos += res;
1879
1880	_ftie = (struct rsn_ftie *) (ftie + 2);
1881	if (auth_alg == WLAN_AUTH_FT)
1882		_ftie->mic_control[1] = 3; /* Information element count */
1883
1884	ric_start = pos;
1885	if (wpa_ft_parse_ies(req_ies, req_ies_len, &parse) == 0 && parse.ric) {
1886		pos = wpa_ft_process_ric(sm, pos, end, parse.ric,
1887					 parse.ric_len);
1888		if (auth_alg == WLAN_AUTH_FT)
1889			_ftie->mic_control[1] +=
1890				ieee802_11_ie_count(ric_start,
1891						    pos - ric_start);
1892	}
1893	if (ric_start == pos)
1894		ric_start = NULL;
1895
1896	if (auth_alg == WLAN_AUTH_FT &&
1897	    wpa_ft_mic(sm->PTK.kck, sm->PTK.kck_len, sm->addr,
1898		       sm->wpa_auth->addr, 6,
1899		       mdie, mdie_len, ftie, ftie_len,
1900		       rsnie, rsnie_len,
1901		       ric_start, ric_start ? pos - ric_start : 0,
1902		       _ftie->mic) < 0)
1903		wpa_printf(MSG_DEBUG, "FT: Failed to calculate MIC");
1904
1905	os_free(sm->assoc_resp_ftie);
1906	sm->assoc_resp_ftie = os_malloc(ftie_len);
1907	if (sm->assoc_resp_ftie)
1908		os_memcpy(sm->assoc_resp_ftie, ftie, ftie_len);
1909
1910	return pos;
1911}
1912
1913
1914static inline int wpa_auth_set_key(struct wpa_authenticator *wpa_auth,
1915				   int vlan_id,
1916				   enum wpa_alg alg, const u8 *addr, int idx,
1917				   u8 *key, size_t key_len)
1918{
1919	if (wpa_auth->cb->set_key == NULL)
1920		return -1;
1921	return wpa_auth->cb->set_key(wpa_auth->cb_ctx, vlan_id, alg, addr, idx,
1922				     key, key_len);
1923}
1924
1925
1926void wpa_ft_install_ptk(struct wpa_state_machine *sm)
1927{
1928	enum wpa_alg alg;
1929	int klen;
1930
1931	/* MLME-SETKEYS.request(PTK) */
1932	alg = wpa_cipher_to_alg(sm->pairwise);
1933	klen = wpa_cipher_key_len(sm->pairwise);
1934	if (!wpa_cipher_valid_pairwise(sm->pairwise)) {
1935		wpa_printf(MSG_DEBUG, "FT: Unknown pairwise alg 0x%x - skip "
1936			   "PTK configuration", sm->pairwise);
1937		return;
1938	}
1939
1940	if (sm->tk_already_set) {
1941		/* Must avoid TK reconfiguration to prevent clearing of TX/RX
1942		 * PN in the driver */
1943		wpa_printf(MSG_DEBUG,
1944			   "FT: Do not re-install same PTK to the driver");
1945		return;
1946	}
1947
1948	/* FIX: add STA entry to kernel/driver here? The set_key will fail
1949	 * most likely without this.. At the moment, STA entry is added only
1950	 * after association has been completed. This function will be called
1951	 * again after association to get the PTK configured, but that could be
1952	 * optimized by adding the STA entry earlier.
1953	 */
1954	if (wpa_auth_set_key(sm->wpa_auth, 0, alg, sm->addr, 0,
1955			     sm->PTK.tk, klen))
1956		return;
1957
1958	/* FIX: MLME-SetProtection.Request(TA, Tx_Rx) */
1959	sm->pairwise_set = TRUE;
1960	sm->tk_already_set = TRUE;
1961}
1962
1963
1964/* Derive PMK-R1 from PSK, check all available PSK */
1965static int wpa_ft_psk_pmk_r1(struct wpa_state_machine *sm,
1966			     const u8 *req_pmk_r1_name,
1967			     u8 *out_pmk_r1, int *out_pairwise)
1968{
1969	const u8 *pmk = NULL;
1970	u8 pmk_r0[PMK_LEN], pmk_r0_name[WPA_PMK_NAME_LEN];
1971	u8 pmk_r1[PMK_LEN], pmk_r1_name[WPA_PMK_NAME_LEN];
1972	struct wpa_authenticator *wpa_auth = sm->wpa_auth;
1973	const u8 *mdid = wpa_auth->conf.mobility_domain;
1974	const u8 *r0kh = sm->r0kh_id;
1975	size_t r0kh_len = sm->r0kh_id_len;
1976	const u8 *r1kh = wpa_auth->conf.r1_key_holder;
1977	const u8 *ssid = wpa_auth->conf.ssid;
1978	size_t ssid_len = wpa_auth->conf.ssid_len;
1979	int pairwise;
1980
1981	pairwise = sm->pairwise;
1982
1983	for (;;) {
1984		pmk = wpa_ft_get_psk(wpa_auth, sm->addr, sm->p2p_dev_addr,
1985				     pmk);
1986		if (pmk == NULL)
1987			break;
1988
1989		if (wpa_derive_pmk_r0(pmk, PMK_LEN, ssid, ssid_len, mdid, r0kh,
1990				      r0kh_len, sm->addr,
1991				      pmk_r0, pmk_r0_name) < 0 ||
1992		    wpa_derive_pmk_r1(pmk_r0, pmk_r0_name, r1kh, sm->addr,
1993				      pmk_r1, pmk_r1_name) < 0 ||
1994		    os_memcmp_const(pmk_r1_name, req_pmk_r1_name,
1995				    WPA_PMK_NAME_LEN) != 0)
1996			continue;
1997
1998		/* We found a PSK that matches the requested pmk_r1_name */
1999		wpa_printf(MSG_DEBUG,
2000			   "FT: Found PSK to generate PMK-R1 locally");
2001		os_memcpy(out_pmk_r1, pmk_r1, PMK_LEN);
2002		if (out_pairwise)
2003			*out_pairwise = pairwise;
2004		return 0;
2005	}
2006
2007	wpa_printf(MSG_DEBUG,
2008		   "FT: Did not find PSK to generate PMK-R1 locally");
2009	return -1;
2010}
2011
2012
2013/* Detect the configuration the station asked for.
2014 * Required to detect FT-PSK and pairwise cipher.
2015 */
2016static int wpa_ft_set_key_mgmt(struct wpa_state_machine *sm,
2017			       struct wpa_ft_ies *parse)
2018{
2019	int key_mgmt, ciphers;
2020
2021	if (sm->wpa_key_mgmt)
2022		return 0;
2023
2024	key_mgmt = parse->key_mgmt & sm->wpa_auth->conf.wpa_key_mgmt;
2025	if (!key_mgmt) {
2026		wpa_printf(MSG_DEBUG, "FT: Invalid key mgmt (0x%x) from "
2027			   MACSTR, parse->key_mgmt, MAC2STR(sm->addr));
2028		return -1;
2029	}
2030	if (key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X)
2031		sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_IEEE8021X;
2032	else if (key_mgmt & WPA_KEY_MGMT_FT_PSK)
2033		sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_PSK;
2034#ifdef CONFIG_FILS
2035	else if (key_mgmt & WPA_KEY_MGMT_FT_FILS_SHA256)
2036		sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_FILS_SHA256;
2037	else if (key_mgmt & WPA_KEY_MGMT_FT_FILS_SHA384)
2038		sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_FILS_SHA384;
2039#endif /* CONFIG_FILS */
2040	ciphers = parse->pairwise_cipher & sm->wpa_auth->conf.rsn_pairwise;
2041	if (!ciphers) {
2042		wpa_printf(MSG_DEBUG, "FT: Invalid pairwise cipher (0x%x) from "
2043			   MACSTR,
2044			   parse->pairwise_cipher, MAC2STR(sm->addr));
2045		return -1;
2046	}
2047	sm->pairwise = wpa_pick_pairwise_cipher(ciphers, 0);
2048
2049	return 0;
2050}
2051
2052
2053static int wpa_ft_process_auth_req(struct wpa_state_machine *sm,
2054				   const u8 *ies, size_t ies_len,
2055				   u8 **resp_ies, size_t *resp_ies_len)
2056{
2057	struct rsn_mdie *mdie;
2058	struct rsn_ftie *ftie;
2059	u8 pmk_r1[PMK_LEN], pmk_r1_name[WPA_PMK_NAME_LEN];
2060	u8 ptk_name[WPA_PMK_NAME_LEN];
2061	struct wpa_auth_config *conf;
2062	struct wpa_ft_ies parse;
2063	size_t buflen;
2064	int ret;
2065	u8 *pos, *end;
2066	int pairwise;
2067
2068	*resp_ies = NULL;
2069	*resp_ies_len = 0;
2070
2071	sm->pmk_r1_name_valid = 0;
2072	conf = &sm->wpa_auth->conf;
2073
2074	wpa_hexdump(MSG_DEBUG, "FT: Received authentication frame IEs",
2075		    ies, ies_len);
2076
2077	if (wpa_ft_parse_ies(ies, ies_len, &parse) < 0) {
2078		wpa_printf(MSG_DEBUG, "FT: Failed to parse FT IEs");
2079		return WLAN_STATUS_UNSPECIFIED_FAILURE;
2080	}
2081
2082	mdie = (struct rsn_mdie *) parse.mdie;
2083	if (mdie == NULL || parse.mdie_len < sizeof(*mdie) ||
2084	    os_memcmp(mdie->mobility_domain,
2085		      sm->wpa_auth->conf.mobility_domain,
2086		      MOBILITY_DOMAIN_ID_LEN) != 0) {
2087		wpa_printf(MSG_DEBUG, "FT: Invalid MDIE");
2088		return WLAN_STATUS_INVALID_MDIE;
2089	}
2090
2091	ftie = (struct rsn_ftie *) parse.ftie;
2092	if (ftie == NULL || parse.ftie_len < sizeof(*ftie)) {
2093		wpa_printf(MSG_DEBUG, "FT: Invalid FTIE");
2094		return WLAN_STATUS_INVALID_FTIE;
2095	}
2096
2097	os_memcpy(sm->SNonce, ftie->snonce, WPA_NONCE_LEN);
2098
2099	if (parse.r0kh_id == NULL) {
2100		wpa_printf(MSG_DEBUG, "FT: Invalid FTIE - no R0KH-ID");
2101		return WLAN_STATUS_INVALID_FTIE;
2102	}
2103
2104	wpa_hexdump(MSG_DEBUG, "FT: STA R0KH-ID",
2105		    parse.r0kh_id, parse.r0kh_id_len);
2106	os_memcpy(sm->r0kh_id, parse.r0kh_id, parse.r0kh_id_len);
2107	sm->r0kh_id_len = parse.r0kh_id_len;
2108
2109	if (parse.rsn_pmkid == NULL) {
2110		wpa_printf(MSG_DEBUG, "FT: No PMKID in RSNIE");
2111		return WLAN_STATUS_INVALID_PMKID;
2112	}
2113
2114	if (wpa_ft_set_key_mgmt(sm, &parse) < 0)
2115		return WLAN_STATUS_UNSPECIFIED_FAILURE;
2116
2117	wpa_hexdump(MSG_DEBUG, "FT: Requested PMKR0Name",
2118		    parse.rsn_pmkid, WPA_PMK_NAME_LEN);
2119	if (wpa_derive_pmk_r1_name(parse.rsn_pmkid,
2120				   sm->wpa_auth->conf.r1_key_holder, sm->addr,
2121				   pmk_r1_name) < 0)
2122		return WLAN_STATUS_UNSPECIFIED_FAILURE;
2123	wpa_hexdump(MSG_DEBUG, "FT: Derived requested PMKR1Name",
2124		    pmk_r1_name, WPA_PMK_NAME_LEN);
2125
2126	if (conf->ft_psk_generate_local &&
2127	    wpa_key_mgmt_ft_psk(sm->wpa_key_mgmt)) {
2128		if (wpa_ft_psk_pmk_r1(sm, pmk_r1_name, pmk_r1, &pairwise) < 0)
2129			return WLAN_STATUS_INVALID_PMKID;
2130	} else if (wpa_ft_fetch_pmk_r1(sm->wpa_auth, sm->addr, pmk_r1_name,
2131				       pmk_r1, &pairwise) < 0) {
2132		if (wpa_ft_pull_pmk_r1(sm, ies, ies_len, parse.rsn_pmkid) < 0) {
2133			wpa_printf(MSG_DEBUG,
2134				   "FT: Did not have matching PMK-R1 and either unknown or blocked R0KH-ID or NAK from R0KH");
2135			return WLAN_STATUS_INVALID_PMKID;
2136		}
2137
2138		return -1; /* Status pending */
2139	}
2140
2141	wpa_hexdump_key(MSG_DEBUG, "FT: Selected PMK-R1", pmk_r1, PMK_LEN);
2142	sm->pmk_r1_name_valid = 1;
2143	os_memcpy(sm->pmk_r1_name, pmk_r1_name, WPA_PMK_NAME_LEN);
2144
2145	if (random_get_bytes(sm->ANonce, WPA_NONCE_LEN)) {
2146		wpa_printf(MSG_DEBUG, "FT: Failed to get random data for "
2147			   "ANonce");
2148		return WLAN_STATUS_UNSPECIFIED_FAILURE;
2149	}
2150
2151	wpa_hexdump(MSG_DEBUG, "FT: Received SNonce",
2152		    sm->SNonce, WPA_NONCE_LEN);
2153	wpa_hexdump(MSG_DEBUG, "FT: Generated ANonce",
2154		    sm->ANonce, WPA_NONCE_LEN);
2155
2156	if (wpa_pmk_r1_to_ptk(pmk_r1, sm->SNonce, sm->ANonce, sm->addr,
2157			      sm->wpa_auth->addr, pmk_r1_name,
2158			      &sm->PTK, ptk_name, sm->wpa_key_mgmt,
2159			      pairwise) < 0)
2160		return WLAN_STATUS_UNSPECIFIED_FAILURE;
2161
2162	sm->pairwise = pairwise;
2163	sm->PTK_valid = TRUE;
2164	sm->tk_already_set = FALSE;
2165	wpa_ft_install_ptk(sm);
2166
2167	buflen = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) +
2168		2 + FT_R1KH_ID_LEN + 200;
2169	*resp_ies = os_zalloc(buflen);
2170	if (*resp_ies == NULL)
2171		goto fail;
2172
2173	pos = *resp_ies;
2174	end = *resp_ies + buflen;
2175
2176	ret = wpa_write_rsn_ie(conf, pos, end - pos, parse.rsn_pmkid);
2177	if (ret < 0)
2178		goto fail;
2179	pos += ret;
2180
2181	ret = wpa_write_mdie(conf, pos, end - pos);
2182	if (ret < 0)
2183		goto fail;
2184	pos += ret;
2185
2186	ret = wpa_write_ftie(conf, parse.r0kh_id, parse.r0kh_id_len,
2187			     sm->ANonce, sm->SNonce, pos, end - pos, NULL, 0);
2188	if (ret < 0)
2189		goto fail;
2190	pos += ret;
2191
2192	*resp_ies_len = pos - *resp_ies;
2193
2194	return WLAN_STATUS_SUCCESS;
2195fail:
2196	os_free(*resp_ies);
2197	*resp_ies = NULL;
2198	return WLAN_STATUS_UNSPECIFIED_FAILURE;
2199}
2200
2201
2202void wpa_ft_process_auth(struct wpa_state_machine *sm, const u8 *bssid,
2203			 u16 auth_transaction, const u8 *ies, size_t ies_len,
2204			 void (*cb)(void *ctx, const u8 *dst, const u8 *bssid,
2205				    u16 auth_transaction, u16 status,
2206				    const u8 *ies, size_t ies_len),
2207			 void *ctx)
2208{
2209	u16 status;
2210	u8 *resp_ies;
2211	size_t resp_ies_len;
2212	int res;
2213
2214	if (sm == NULL) {
2215		wpa_printf(MSG_DEBUG, "FT: Received authentication frame, but "
2216			   "WPA SM not available");
2217		return;
2218	}
2219
2220	wpa_printf(MSG_DEBUG, "FT: Received authentication frame: STA=" MACSTR
2221		   " BSSID=" MACSTR " transaction=%d",
2222		   MAC2STR(sm->addr), MAC2STR(bssid), auth_transaction);
2223	sm->ft_pending_cb = cb;
2224	sm->ft_pending_cb_ctx = ctx;
2225	sm->ft_pending_auth_transaction = auth_transaction;
2226	sm->ft_pending_pull_left_retries = sm->wpa_auth->conf.rkh_pull_retries;
2227	res = wpa_ft_process_auth_req(sm, ies, ies_len, &resp_ies,
2228				      &resp_ies_len);
2229	if (res < 0) {
2230		wpa_printf(MSG_DEBUG, "FT: Callback postponed until response is available");
2231		return;
2232	}
2233	status = res;
2234
2235	wpa_printf(MSG_DEBUG, "FT: FT authentication response: dst=" MACSTR
2236		   " auth_transaction=%d status=%d",
2237		   MAC2STR(sm->addr), auth_transaction + 1, status);
2238	wpa_hexdump(MSG_DEBUG, "FT: Response IEs", resp_ies, resp_ies_len);
2239	cb(ctx, sm->addr, bssid, auth_transaction + 1, status,
2240	   resp_ies, resp_ies_len);
2241	os_free(resp_ies);
2242}
2243
2244
2245u16 wpa_ft_validate_reassoc(struct wpa_state_machine *sm, const u8 *ies,
2246			    size_t ies_len)
2247{
2248	struct wpa_ft_ies parse;
2249	struct rsn_mdie *mdie;
2250	struct rsn_ftie *ftie;
2251	u8 mic[WPA_EAPOL_KEY_MIC_MAX_LEN];
2252	size_t mic_len = 16;
2253	unsigned int count;
2254
2255	if (sm == NULL)
2256		return WLAN_STATUS_UNSPECIFIED_FAILURE;
2257
2258	wpa_hexdump(MSG_DEBUG, "FT: Reassoc Req IEs", ies, ies_len);
2259
2260	if (wpa_ft_parse_ies(ies, ies_len, &parse) < 0) {
2261		wpa_printf(MSG_DEBUG, "FT: Failed to parse FT IEs");
2262		return WLAN_STATUS_UNSPECIFIED_FAILURE;
2263	}
2264
2265	if (parse.rsn == NULL) {
2266		wpa_printf(MSG_DEBUG, "FT: No RSNIE in Reassoc Req");
2267		return WLAN_STATUS_UNSPECIFIED_FAILURE;
2268	}
2269
2270	if (parse.rsn_pmkid == NULL) {
2271		wpa_printf(MSG_DEBUG, "FT: No PMKID in RSNIE");
2272		return WLAN_STATUS_INVALID_PMKID;
2273	}
2274
2275	if (os_memcmp_const(parse.rsn_pmkid, sm->pmk_r1_name, WPA_PMK_NAME_LEN)
2276	    != 0) {
2277		wpa_printf(MSG_DEBUG, "FT: PMKID in Reassoc Req did not match "
2278			   "with the PMKR1Name derived from auth request");
2279		return WLAN_STATUS_INVALID_PMKID;
2280	}
2281
2282	mdie = (struct rsn_mdie *) parse.mdie;
2283	if (mdie == NULL || parse.mdie_len < sizeof(*mdie) ||
2284	    os_memcmp(mdie->mobility_domain,
2285		      sm->wpa_auth->conf.mobility_domain,
2286		      MOBILITY_DOMAIN_ID_LEN) != 0) {
2287		wpa_printf(MSG_DEBUG, "FT: Invalid MDIE");
2288		return WLAN_STATUS_INVALID_MDIE;
2289	}
2290
2291	ftie = (struct rsn_ftie *) parse.ftie;
2292	if (ftie == NULL || parse.ftie_len < sizeof(*ftie)) {
2293		wpa_printf(MSG_DEBUG, "FT: Invalid FTIE");
2294		return WLAN_STATUS_INVALID_FTIE;
2295	}
2296
2297	if (os_memcmp(ftie->snonce, sm->SNonce, WPA_NONCE_LEN) != 0) {
2298		wpa_printf(MSG_DEBUG, "FT: SNonce mismatch in FTIE");
2299		wpa_hexdump(MSG_DEBUG, "FT: Received SNonce",
2300			    ftie->snonce, WPA_NONCE_LEN);
2301		wpa_hexdump(MSG_DEBUG, "FT: Expected SNonce",
2302			    sm->SNonce, WPA_NONCE_LEN);
2303		return WLAN_STATUS_INVALID_FTIE;
2304	}
2305
2306	if (os_memcmp(ftie->anonce, sm->ANonce, WPA_NONCE_LEN) != 0) {
2307		wpa_printf(MSG_DEBUG, "FT: ANonce mismatch in FTIE");
2308		wpa_hexdump(MSG_DEBUG, "FT: Received ANonce",
2309			    ftie->anonce, WPA_NONCE_LEN);
2310		wpa_hexdump(MSG_DEBUG, "FT: Expected ANonce",
2311			    sm->ANonce, WPA_NONCE_LEN);
2312		return WLAN_STATUS_INVALID_FTIE;
2313	}
2314
2315
2316	if (parse.r0kh_id == NULL) {
2317		wpa_printf(MSG_DEBUG, "FT: No R0KH-ID subelem in FTIE");
2318		return WLAN_STATUS_INVALID_FTIE;
2319	}
2320
2321	if (parse.r0kh_id_len != sm->r0kh_id_len ||
2322	    os_memcmp_const(parse.r0kh_id, sm->r0kh_id, parse.r0kh_id_len) != 0)
2323	{
2324		wpa_printf(MSG_DEBUG, "FT: R0KH-ID in FTIE did not match with "
2325			   "the current R0KH-ID");
2326		wpa_hexdump(MSG_DEBUG, "FT: R0KH-ID in FTIE",
2327			    parse.r0kh_id, parse.r0kh_id_len);
2328		wpa_hexdump(MSG_DEBUG, "FT: The current R0KH-ID",
2329			    sm->r0kh_id, sm->r0kh_id_len);
2330		return WLAN_STATUS_INVALID_FTIE;
2331	}
2332
2333	if (parse.r1kh_id == NULL) {
2334		wpa_printf(MSG_DEBUG, "FT: No R1KH-ID subelem in FTIE");
2335		return WLAN_STATUS_INVALID_FTIE;
2336	}
2337
2338	if (os_memcmp_const(parse.r1kh_id, sm->wpa_auth->conf.r1_key_holder,
2339			    FT_R1KH_ID_LEN) != 0) {
2340		wpa_printf(MSG_DEBUG, "FT: Unknown R1KH-ID used in "
2341			   "ReassocReq");
2342		wpa_hexdump(MSG_DEBUG, "FT: R1KH-ID in FTIE",
2343			    parse.r1kh_id, FT_R1KH_ID_LEN);
2344		wpa_hexdump(MSG_DEBUG, "FT: Expected R1KH-ID",
2345			    sm->wpa_auth->conf.r1_key_holder, FT_R1KH_ID_LEN);
2346		return WLAN_STATUS_INVALID_FTIE;
2347	}
2348
2349	if (parse.rsn_pmkid == NULL ||
2350	    os_memcmp_const(parse.rsn_pmkid, sm->pmk_r1_name, WPA_PMK_NAME_LEN))
2351	{
2352		wpa_printf(MSG_DEBUG, "FT: No matching PMKR1Name (PMKID) in "
2353			   "RSNIE (pmkid=%d)", !!parse.rsn_pmkid);
2354		return WLAN_STATUS_INVALID_PMKID;
2355	}
2356
2357	count = 3;
2358	if (parse.ric)
2359		count += ieee802_11_ie_count(parse.ric, parse.ric_len);
2360	if (ftie->mic_control[1] != count) {
2361		wpa_printf(MSG_DEBUG, "FT: Unexpected IE count in MIC "
2362			   "Control: received %u expected %u",
2363			   ftie->mic_control[1], count);
2364		return WLAN_STATUS_UNSPECIFIED_FAILURE;
2365	}
2366
2367	if (wpa_ft_mic(sm->PTK.kck, sm->PTK.kck_len, sm->addr,
2368		       sm->wpa_auth->addr, 5,
2369		       parse.mdie - 2, parse.mdie_len + 2,
2370		       parse.ftie - 2, parse.ftie_len + 2,
2371		       parse.rsn - 2, parse.rsn_len + 2,
2372		       parse.ric, parse.ric_len,
2373		       mic) < 0) {
2374		wpa_printf(MSG_DEBUG, "FT: Failed to calculate MIC");
2375		return WLAN_STATUS_UNSPECIFIED_FAILURE;
2376	}
2377
2378	if (os_memcmp_const(mic, ftie->mic, mic_len) != 0) {
2379		wpa_printf(MSG_DEBUG, "FT: Invalid MIC in FTIE");
2380		wpa_printf(MSG_DEBUG, "FT: addr=" MACSTR " auth_addr=" MACSTR,
2381			   MAC2STR(sm->addr), MAC2STR(sm->wpa_auth->addr));
2382		wpa_hexdump(MSG_MSGDUMP, "FT: Received MIC",
2383			    ftie->mic, mic_len);
2384		wpa_hexdump(MSG_MSGDUMP, "FT: Calculated MIC", mic, mic_len);
2385		wpa_hexdump(MSG_MSGDUMP, "FT: MDIE",
2386			    parse.mdie - 2, parse.mdie_len + 2);
2387		wpa_hexdump(MSG_MSGDUMP, "FT: FTIE",
2388			    parse.ftie - 2, parse.ftie_len + 2);
2389		wpa_hexdump(MSG_MSGDUMP, "FT: RSN",
2390			    parse.rsn - 2, parse.rsn_len + 2);
2391		return WLAN_STATUS_INVALID_FTIE;
2392	}
2393
2394	return WLAN_STATUS_SUCCESS;
2395}
2396
2397
2398int wpa_ft_action_rx(struct wpa_state_machine *sm, const u8 *data, size_t len)
2399{
2400	const u8 *sta_addr, *target_ap;
2401	const u8 *ies;
2402	size_t ies_len;
2403	u8 action;
2404	struct ft_rrb_frame *frame;
2405
2406	if (sm == NULL)
2407		return -1;
2408
2409	/*
2410	 * data: Category[1] Action[1] STA_Address[6] Target_AP_Address[6]
2411	 * FT Request action frame body[variable]
2412	 */
2413
2414	if (len < 14) {
2415		wpa_printf(MSG_DEBUG, "FT: Too short FT Action frame "
2416			   "(len=%lu)", (unsigned long) len);
2417		return -1;
2418	}
2419
2420	action = data[1];
2421	sta_addr = data + 2;
2422	target_ap = data + 8;
2423	ies = data + 14;
2424	ies_len = len - 14;
2425
2426	wpa_printf(MSG_DEBUG, "FT: Received FT Action frame (STA=" MACSTR
2427		   " Target AP=" MACSTR " Action=%d)",
2428		   MAC2STR(sta_addr), MAC2STR(target_ap), action);
2429
2430	if (os_memcmp(sta_addr, sm->addr, ETH_ALEN) != 0) {
2431		wpa_printf(MSG_DEBUG, "FT: Mismatch in FT Action STA address: "
2432			   "STA=" MACSTR " STA-Address=" MACSTR,
2433			   MAC2STR(sm->addr), MAC2STR(sta_addr));
2434		return -1;
2435	}
2436
2437	/*
2438	 * Do some sanity checking on the target AP address (not own and not
2439	 * broadcast. This could be extended to filter based on a list of known
2440	 * APs in the MD (if such a list were configured).
2441	 */
2442	if ((target_ap[0] & 0x01) ||
2443	    os_memcmp(target_ap, sm->wpa_auth->addr, ETH_ALEN) == 0) {
2444		wpa_printf(MSG_DEBUG, "FT: Invalid Target AP in FT Action "
2445			   "frame");
2446		return -1;
2447	}
2448
2449	wpa_hexdump(MSG_MSGDUMP, "FT: Action frame body", ies, ies_len);
2450
2451	if (!sm->wpa_auth->conf.ft_over_ds) {
2452		wpa_printf(MSG_DEBUG, "FT: Over-DS option disabled - reject");
2453		return -1;
2454	}
2455
2456	/* RRB - Forward action frame to the target AP */
2457	frame = os_malloc(sizeof(*frame) + len);
2458	if (frame == NULL)
2459		return -1;
2460	frame->frame_type = RSN_REMOTE_FRAME_TYPE_FT_RRB;
2461	frame->packet_type = FT_PACKET_REQUEST;
2462	frame->action_length = host_to_le16(len);
2463	os_memcpy(frame->ap_address, sm->wpa_auth->addr, ETH_ALEN);
2464	os_memcpy(frame + 1, data, len);
2465
2466	wpa_ft_rrb_send(sm->wpa_auth, target_ap, (u8 *) frame,
2467			sizeof(*frame) + len);
2468	os_free(frame);
2469
2470	return 0;
2471}
2472
2473
2474static void wpa_ft_rrb_rx_request_cb(void *ctx, const u8 *dst, const u8 *bssid,
2475				     u16 auth_transaction, u16 resp,
2476				     const u8 *ies, size_t ies_len)
2477{
2478	struct wpa_state_machine *sm = ctx;
2479	wpa_printf(MSG_DEBUG, "FT: Over-the-DS RX request cb for " MACSTR,
2480		   MAC2STR(sm->addr));
2481	wpa_ft_send_rrb_auth_resp(sm, sm->ft_pending_current_ap, sm->addr,
2482				  WLAN_STATUS_SUCCESS, ies, ies_len);
2483}
2484
2485
2486static int wpa_ft_rrb_rx_request(struct wpa_authenticator *wpa_auth,
2487				 const u8 *current_ap, const u8 *sta_addr,
2488				 const u8 *body, size_t len)
2489{
2490	struct wpa_state_machine *sm;
2491	u16 status;
2492	u8 *resp_ies;
2493	size_t resp_ies_len;
2494	int res;
2495
2496	sm = wpa_ft_add_sta(wpa_auth, sta_addr);
2497	if (sm == NULL) {
2498		wpa_printf(MSG_DEBUG, "FT: Failed to add new STA based on "
2499			   "RRB Request");
2500		return -1;
2501	}
2502
2503	wpa_hexdump(MSG_MSGDUMP, "FT: RRB Request Frame body", body, len);
2504
2505	sm->ft_pending_cb = wpa_ft_rrb_rx_request_cb;
2506	sm->ft_pending_cb_ctx = sm;
2507	os_memcpy(sm->ft_pending_current_ap, current_ap, ETH_ALEN);
2508	sm->ft_pending_pull_left_retries = sm->wpa_auth->conf.rkh_pull_retries;
2509	res = wpa_ft_process_auth_req(sm, body, len, &resp_ies,
2510				      &resp_ies_len);
2511	if (res < 0) {
2512		wpa_printf(MSG_DEBUG, "FT: No immediate response available - wait for pull response");
2513		return 0;
2514	}
2515	status = res;
2516
2517	res = wpa_ft_send_rrb_auth_resp(sm, current_ap, sta_addr, status,
2518					resp_ies, resp_ies_len);
2519	os_free(resp_ies);
2520	return res;
2521}
2522
2523
2524static int wpa_ft_send_rrb_auth_resp(struct wpa_state_machine *sm,
2525				     const u8 *current_ap, const u8 *sta_addr,
2526				     u16 status, const u8 *resp_ies,
2527				     size_t resp_ies_len)
2528{
2529	struct wpa_authenticator *wpa_auth = sm->wpa_auth;
2530	size_t rlen;
2531	struct ft_rrb_frame *frame;
2532	u8 *pos;
2533
2534	wpa_printf(MSG_DEBUG, "FT: RRB authentication response: STA=" MACSTR
2535		   " CurrentAP=" MACSTR " status=%d",
2536		   MAC2STR(sm->addr), MAC2STR(current_ap), status);
2537	wpa_hexdump(MSG_DEBUG, "FT: Response IEs", resp_ies, resp_ies_len);
2538
2539	/* RRB - Forward action frame response to the Current AP */
2540
2541	/*
2542	 * data: Category[1] Action[1] STA_Address[6] Target_AP_Address[6]
2543	 * Status_Code[2] FT Request action frame body[variable]
2544	 */
2545	rlen = 2 + 2 * ETH_ALEN + 2 + resp_ies_len;
2546
2547	frame = os_malloc(sizeof(*frame) + rlen);
2548	if (frame == NULL)
2549		return -1;
2550	frame->frame_type = RSN_REMOTE_FRAME_TYPE_FT_RRB;
2551	frame->packet_type = FT_PACKET_RESPONSE;
2552	frame->action_length = host_to_le16(rlen);
2553	os_memcpy(frame->ap_address, wpa_auth->addr, ETH_ALEN);
2554	pos = (u8 *) (frame + 1);
2555	*pos++ = WLAN_ACTION_FT;
2556	*pos++ = 2; /* Action: Response */
2557	os_memcpy(pos, sta_addr, ETH_ALEN);
2558	pos += ETH_ALEN;
2559	os_memcpy(pos, wpa_auth->addr, ETH_ALEN);
2560	pos += ETH_ALEN;
2561	WPA_PUT_LE16(pos, status);
2562	pos += 2;
2563	if (resp_ies)
2564		os_memcpy(pos, resp_ies, resp_ies_len);
2565
2566	wpa_ft_rrb_send(wpa_auth, current_ap, (u8 *) frame,
2567			sizeof(*frame) + rlen);
2568	os_free(frame);
2569
2570	return 0;
2571}
2572
2573
2574static int wpa_ft_rrb_build_r0(const u8 *key, const size_t key_len,
2575			       const struct tlv_list *tlvs,
2576			       const struct wpa_ft_pmk_r0_sa *pmk_r0,
2577			       const u8 *r1kh_id, const u8 *s1kh_id,
2578			       const struct tlv_list *tlv_auth,
2579			       const u8 *src_addr, u8 type,
2580			       u8 **packet, size_t *packet_len)
2581{
2582	u8 pmk_r1[PMK_LEN];
2583	u8 pmk_r1_name[WPA_PMK_NAME_LEN];
2584	u8 f_pairwise[sizeof(le16)];
2585	int ret;
2586	struct tlv_list sess_tlv[] = {
2587		{ .type = FT_RRB_PMK_R1, .len = sizeof(pmk_r1),
2588		  .data = pmk_r1 },
2589		{ .type = FT_RRB_PMK_R1_NAME, .len = sizeof(pmk_r1_name),
2590		  .data = pmk_r1_name },
2591		{ .type = FT_RRB_PAIRWISE, .len = sizeof(f_pairwise),
2592		  .data = f_pairwise },
2593		{ .type = FT_RRB_LAST_EMPTY, .len = 0, .data = NULL },
2594	};
2595
2596	if (!pmk_r0)
2597		return wpa_ft_rrb_build(key, key_len, tlvs, NULL, tlv_auth,
2598					src_addr, type, packet, packet_len);
2599
2600	if (wpa_derive_pmk_r1(pmk_r0->pmk_r0, pmk_r0->pmk_r0_name, r1kh_id,
2601			      s1kh_id, pmk_r1, pmk_r1_name) < 0)
2602		return -1;
2603	wpa_hexdump_key(MSG_DEBUG, "FT: PMK-R1", pmk_r1, PMK_LEN);
2604	wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name", pmk_r1_name, WPA_PMK_NAME_LEN);
2605	WPA_PUT_LE16(f_pairwise, pmk_r0->pairwise);
2606
2607	ret = wpa_ft_rrb_build(key, key_len, tlvs, sess_tlv, tlv_auth,
2608			       src_addr, type, packet, packet_len);
2609
2610	os_memset(pmk_r1, 0, sizeof(pmk_r1));
2611
2612	return ret;
2613}
2614
2615
2616static int wpa_ft_rrb_rx_pull(struct wpa_authenticator *wpa_auth,
2617			      const u8 *src_addr,
2618			      const u8 *enc, size_t enc_len,
2619			      const u8 *auth, size_t auth_len,
2620			      int no_defer)
2621{
2622	const char *msgtype = "pull request";
2623	u8 *plain = NULL, *packet = NULL;
2624	size_t plain_len = 0, packet_len = 0;
2625	struct ft_remote_r1kh *r1kh, *r1kh_wildcard;
2626	const u8 *key;
2627	size_t key_len;
2628	int seq_ret;
2629	const u8 *f_nonce, *f_r0kh_id, *f_r1kh_id, *f_s1kh_id, *f_pmk_r0_name;
2630	size_t f_nonce_len, f_r0kh_id_len, f_r1kh_id_len, f_s1kh_id_len;
2631	size_t f_pmk_r0_name_len;
2632	const struct wpa_ft_pmk_r0_sa *r0;
2633	int ret;
2634	struct tlv_list resp[2];
2635	struct tlv_list resp_auth[5];
2636	struct ft_rrb_seq f_seq;
2637
2638	wpa_printf(MSG_DEBUG, "FT: Received PMK-R1 pull");
2639
2640	RRB_GET_AUTH(FT_RRB_R0KH_ID, r0kh_id, msgtype, -1);
2641	wpa_hexdump(MSG_DEBUG, "FT: R0KH-ID", f_r0kh_id, f_r0kh_id_len);
2642
2643	if (wpa_ft_rrb_check_r0kh(wpa_auth, f_r0kh_id, f_r0kh_id_len)) {
2644		wpa_printf(MSG_DEBUG, "FT: R0KH-ID mismatch");
2645		goto out;
2646	}
2647
2648	RRB_GET_AUTH(FT_RRB_R1KH_ID, r1kh_id, msgtype, FT_R1KH_ID_LEN);
2649	wpa_printf(MSG_DEBUG, "FT: R1KH-ID=" MACSTR, MAC2STR(f_r1kh_id));
2650
2651	wpa_ft_rrb_lookup_r1kh(wpa_auth, f_r1kh_id, &r1kh, &r1kh_wildcard);
2652	if (r1kh) {
2653		key = r1kh->key;
2654		key_len = sizeof(r1kh->key);
2655	} else if (r1kh_wildcard) {
2656		wpa_printf(MSG_DEBUG, "FT: Using wildcard R1KH-ID");
2657		key = r1kh_wildcard->key;
2658		key_len = sizeof(r1kh_wildcard->key);
2659	} else {
2660		goto out;
2661	}
2662
2663	RRB_GET_AUTH(FT_RRB_NONCE, nonce, "pull request", FT_RRB_NONCE_LEN);
2664	wpa_hexdump(MSG_DEBUG, "FT: nonce", f_nonce, f_nonce_len);
2665
2666	seq_ret = FT_RRB_SEQ_DROP;
2667	if (r1kh)
2668		seq_ret = wpa_ft_rrb_seq_chk(r1kh->seq, src_addr, enc, enc_len,
2669					     auth, auth_len, msgtype, no_defer);
2670	if (!no_defer && r1kh_wildcard &&
2671	    (!r1kh || os_memcmp(r1kh->addr, src_addr, ETH_ALEN) != 0)) {
2672		/* wildcard: r1kh-id unknown or changed addr -> do a seq req */
2673		seq_ret = FT_RRB_SEQ_DEFER;
2674	}
2675
2676	if (seq_ret == FT_RRB_SEQ_DROP)
2677		goto out;
2678
2679	if (wpa_ft_rrb_decrypt(key, key_len, enc, enc_len, auth, auth_len,
2680			       src_addr, FT_PACKET_R0KH_R1KH_PULL,
2681			       &plain, &plain_len) < 0)
2682		goto out;
2683
2684	if (!r1kh)
2685		r1kh = wpa_ft_rrb_add_r1kh(wpa_auth, r1kh_wildcard, src_addr,
2686					   f_r1kh_id,
2687					   wpa_auth->conf.rkh_pos_timeout);
2688	if (!r1kh)
2689		goto out;
2690
2691	if (seq_ret == FT_RRB_SEQ_DEFER) {
2692		wpa_ft_rrb_seq_req(wpa_auth, r1kh->seq, src_addr, f_r0kh_id,
2693				   f_r0kh_id_len, f_r1kh_id, key, key_len,
2694				   enc, enc_len, auth, auth_len,
2695				   &wpa_ft_rrb_rx_pull);
2696		goto out;
2697	}
2698
2699	wpa_ft_rrb_seq_accept(wpa_auth, r1kh->seq, src_addr, auth, auth_len,
2700			      msgtype);
2701	wpa_ft_rrb_r1kh_replenish(wpa_auth, r1kh,
2702				  wpa_auth->conf.rkh_pos_timeout);
2703
2704	RRB_GET(FT_RRB_PMK_R0_NAME, pmk_r0_name, msgtype, WPA_PMK_NAME_LEN);
2705	wpa_hexdump(MSG_DEBUG, "FT: PMKR0Name", f_pmk_r0_name,
2706		    f_pmk_r0_name_len);
2707
2708	RRB_GET(FT_RRB_S1KH_ID, s1kh_id, msgtype, ETH_ALEN);
2709	wpa_printf(MSG_DEBUG, "FT: S1KH-ID=" MACSTR, MAC2STR(f_s1kh_id));
2710
2711	if (wpa_ft_new_seq(r1kh->seq, &f_seq) < 0) {
2712		wpa_printf(MSG_DEBUG, "FT: Failed to get seq num");
2713		goto out;
2714	}
2715
2716	resp[0].type = FT_RRB_S1KH_ID;
2717	resp[0].len = f_s1kh_id_len;
2718	resp[0].data = f_s1kh_id;
2719	resp[1].type = FT_RRB_LAST_EMPTY;
2720	resp[1].len = 0;
2721	resp[1].data = NULL;
2722
2723	resp_auth[0].type = FT_RRB_NONCE;
2724	resp_auth[0].len = f_nonce_len;
2725	resp_auth[0].data = f_nonce;
2726	resp_auth[1].type = FT_RRB_SEQ;
2727	resp_auth[1].len = sizeof(f_seq);
2728	resp_auth[1].data = (u8 *) &f_seq;
2729	resp_auth[2].type = FT_RRB_R0KH_ID;
2730	resp_auth[2].len = f_r0kh_id_len;
2731	resp_auth[2].data = f_r0kh_id;
2732	resp_auth[3].type = FT_RRB_R1KH_ID;
2733	resp_auth[3].len = f_r1kh_id_len;
2734	resp_auth[3].data = f_r1kh_id;
2735	resp_auth[4].type = FT_RRB_LAST_EMPTY;
2736	resp_auth[4].len = 0;
2737	resp_auth[4].data = NULL;
2738
2739	if (wpa_ft_fetch_pmk_r0(wpa_auth, f_s1kh_id, f_pmk_r0_name, &r0) < 0)
2740		wpa_printf(MSG_DEBUG, "FT: No matching PMK-R0-Name found");
2741
2742	ret = wpa_ft_rrb_build_r0(key, key_len, resp, r0, f_r1kh_id, f_s1kh_id,
2743				  resp_auth, wpa_auth->addr,
2744				  FT_PACKET_R0KH_R1KH_RESP,
2745				  &packet, &packet_len);
2746
2747	if (!ret)
2748		wpa_ft_rrb_oui_send(wpa_auth, src_addr,
2749				    FT_PACKET_R0KH_R1KH_RESP, packet,
2750				    packet_len);
2751
2752out:
2753	os_free(plain);
2754	os_free(packet);
2755
2756	return 0;
2757}
2758
2759
2760/* @returns  0 on success
2761 *          -1 on error
2762 *          -2 if FR_RRB_PAIRWISE is missing
2763 */
2764static int wpa_ft_rrb_rx_r1(struct wpa_authenticator *wpa_auth,
2765			    const u8 *src_addr, u8 type,
2766			    const u8 *enc, size_t enc_len,
2767			    const u8 *auth, size_t auth_len,
2768			    const char *msgtype, u8 *s1kh_id_out,
2769			    int (*cb)(struct wpa_authenticator *wpa_auth,
2770				      const u8 *src_addr,
2771				      const u8 *enc, size_t enc_len,
2772				      const u8 *auth, size_t auth_len,
2773				      int no_defer))
2774{
2775	u8 *plain = NULL;
2776	size_t plain_len = 0;
2777	struct ft_remote_r0kh *r0kh, *r0kh_wildcard;
2778	const u8 *key;
2779	size_t key_len;
2780	int seq_ret;
2781	const u8 *f_r1kh_id, *f_s1kh_id, *f_r0kh_id;
2782	const u8 *f_pmk_r1_name, *f_pairwise, *f_pmk_r1;
2783	size_t f_r1kh_id_len, f_s1kh_id_len, f_r0kh_id_len;
2784	size_t f_pmk_r1_name_len, f_pairwise_len, f_pmk_r1_len;
2785	int pairwise;
2786	int ret = -1;
2787
2788	RRB_GET_AUTH(FT_RRB_R0KH_ID, r0kh_id, msgtype, -1);
2789	wpa_hexdump(MSG_DEBUG, "FT: R0KH-ID", f_r0kh_id, f_r0kh_id_len);
2790
2791	RRB_GET_AUTH(FT_RRB_R1KH_ID, r1kh_id, msgtype, FT_R1KH_ID_LEN);
2792	wpa_printf(MSG_DEBUG, "FT: R1KH-ID=" MACSTR, MAC2STR(f_r1kh_id));
2793
2794	if (wpa_ft_rrb_check_r1kh(wpa_auth, f_r1kh_id)) {
2795		wpa_printf(MSG_DEBUG, "FT: R1KH-ID mismatch");
2796		goto out;
2797	}
2798
2799	wpa_ft_rrb_lookup_r0kh(wpa_auth, f_r0kh_id, f_r0kh_id_len, &r0kh,
2800			       &r0kh_wildcard);
2801	if (r0kh) {
2802		key = r0kh->key;
2803		key_len = sizeof(r0kh->key);
2804	} else if (r0kh_wildcard) {
2805		wpa_printf(MSG_DEBUG, "FT: Using wildcard R0KH-ID");
2806		key = r0kh_wildcard->key;
2807		key_len = sizeof(r0kh_wildcard->key);
2808	} else {
2809		goto out;
2810	}
2811
2812	seq_ret = FT_RRB_SEQ_DROP;
2813	if (r0kh) {
2814		seq_ret = wpa_ft_rrb_seq_chk(r0kh->seq, src_addr, enc, enc_len,
2815					     auth, auth_len, msgtype,
2816					     cb ? 0 : 1);
2817	}
2818	if (cb && r0kh_wildcard &&
2819	    (!r0kh || os_memcmp(r0kh->addr, src_addr, ETH_ALEN) != 0)) {
2820		/* wildcard: r0kh-id unknown or changed addr -> do a seq req */
2821		seq_ret = FT_RRB_SEQ_DEFER;
2822	}
2823
2824	if (seq_ret == FT_RRB_SEQ_DROP)
2825		goto out;
2826
2827	if (wpa_ft_rrb_decrypt(key, key_len, enc, enc_len, auth, auth_len,
2828			       src_addr, type, &plain, &plain_len) < 0)
2829		goto out;
2830
2831	if (!r0kh)
2832		r0kh = wpa_ft_rrb_add_r0kh(wpa_auth, r0kh_wildcard, src_addr,
2833					   f_r0kh_id, f_r0kh_id_len,
2834					   wpa_auth->conf.rkh_pos_timeout);
2835	if (!r0kh)
2836		goto out;
2837
2838	if (seq_ret == FT_RRB_SEQ_DEFER) {
2839		wpa_ft_rrb_seq_req(wpa_auth, r0kh->seq, src_addr, f_r0kh_id,
2840				   f_r0kh_id_len, f_r1kh_id, key, key_len,
2841				   enc, enc_len, auth, auth_len, cb);
2842		goto out;
2843	}
2844
2845	wpa_ft_rrb_seq_accept(wpa_auth, r0kh->seq, src_addr, auth, auth_len,
2846			      msgtype);
2847	wpa_ft_rrb_r0kh_replenish(wpa_auth, r0kh,
2848				  wpa_auth->conf.rkh_pos_timeout);
2849
2850	RRB_GET(FT_RRB_S1KH_ID, s1kh_id, msgtype, ETH_ALEN);
2851	wpa_printf(MSG_DEBUG, "FT: S1KH-ID=" MACSTR, MAC2STR(f_s1kh_id));
2852
2853	if (s1kh_id_out)
2854		os_memcpy(s1kh_id_out, f_s1kh_id, ETH_ALEN);
2855
2856	ret = -2;
2857	RRB_GET(FT_RRB_PAIRWISE, pairwise, msgtype, sizeof(le16));
2858	wpa_hexdump(MSG_DEBUG, "FT: pairwise", f_pairwise, f_pairwise_len);
2859
2860	ret = -1;
2861	RRB_GET(FT_RRB_PMK_R1_NAME, pmk_r1_name, msgtype, WPA_PMK_NAME_LEN);
2862	wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name",
2863		    f_pmk_r1_name, WPA_PMK_NAME_LEN);
2864
2865	RRB_GET(FT_RRB_PMK_R1, pmk_r1, msgtype, PMK_LEN);
2866	wpa_hexdump_key(MSG_DEBUG, "FT: PMK-R1", f_pmk_r1, PMK_LEN);
2867
2868	pairwise = WPA_GET_LE16(f_pairwise);
2869
2870	if (wpa_ft_store_pmk_r1(wpa_auth, f_s1kh_id, f_pmk_r1, f_pmk_r1_name,
2871				pairwise) < 0)
2872		goto out;
2873
2874	ret = 0;
2875out:
2876	if (plain) {
2877		os_memset(plain, 0, plain_len);
2878		os_free(plain);
2879	}
2880
2881	return ret;
2882
2883}
2884
2885
2886static void ft_finish_pull(struct wpa_state_machine *sm)
2887{
2888	int res;
2889	u8 *resp_ies;
2890	size_t resp_ies_len;
2891	u16 status;
2892
2893	if (!sm->ft_pending_cb || !sm->ft_pending_req_ies)
2894		return;
2895
2896	res = wpa_ft_process_auth_req(sm, wpabuf_head(sm->ft_pending_req_ies),
2897				      wpabuf_len(sm->ft_pending_req_ies),
2898				      &resp_ies, &resp_ies_len);
2899	if (res < 0) {
2900		/* this loop is broken by ft_pending_pull_left_retries */
2901		wpa_printf(MSG_DEBUG,
2902			   "FT: Callback postponed until response is available");
2903		return;
2904	}
2905	wpabuf_free(sm->ft_pending_req_ies);
2906	sm->ft_pending_req_ies = NULL;
2907	status = res;
2908	wpa_printf(MSG_DEBUG, "FT: Postponed auth callback result for " MACSTR
2909		   " - status %u", MAC2STR(sm->addr), status);
2910
2911	sm->ft_pending_cb(sm->ft_pending_cb_ctx, sm->addr, sm->wpa_auth->addr,
2912			  sm->ft_pending_auth_transaction + 1, status,
2913			  resp_ies, resp_ies_len);
2914	os_free(resp_ies);
2915}
2916
2917
2918struct ft_get_sta_ctx {
2919	const u8 *nonce;
2920	const u8 *s1kh_id;
2921	struct wpa_state_machine *sm;
2922};
2923
2924
2925static int ft_get_sta_cb(struct wpa_state_machine *sm, void *ctx)
2926{
2927	struct ft_get_sta_ctx *info = ctx;
2928
2929	if ((info->s1kh_id &&
2930	     os_memcmp(info->s1kh_id, sm->addr, ETH_ALEN) != 0) ||
2931	    os_memcmp(info->nonce, sm->ft_pending_pull_nonce,
2932		      FT_RRB_NONCE_LEN) != 0 ||
2933	    sm->ft_pending_cb == NULL || sm->ft_pending_req_ies == NULL)
2934		return 0;
2935
2936	info->sm = sm;
2937
2938	return 1;
2939}
2940
2941
2942static int wpa_ft_rrb_rx_resp(struct wpa_authenticator *wpa_auth,
2943			      const u8 *src_addr,
2944			      const u8 *enc, size_t enc_len,
2945			      const u8 *auth, size_t auth_len,
2946			      int no_defer)
2947{
2948	const char *msgtype = "pull response";
2949	int nak, ret = -1;
2950	struct ft_get_sta_ctx ctx;
2951	u8 s1kh_id[ETH_ALEN];
2952	const u8 *f_nonce;
2953	size_t f_nonce_len;
2954
2955	wpa_printf(MSG_DEBUG, "FT: Received PMK-R1 pull response");
2956
2957	RRB_GET_AUTH(FT_RRB_NONCE, nonce, msgtype, FT_RRB_NONCE_LEN);
2958	wpa_hexdump(MSG_DEBUG, "FT: nonce", f_nonce, f_nonce_len);
2959
2960	os_memset(&ctx, 0, sizeof(ctx));
2961	ctx.nonce = f_nonce;
2962	if (!wpa_auth_for_each_sta(wpa_auth, ft_get_sta_cb, &ctx)) {
2963		/* nonce not found */
2964		wpa_printf(MSG_DEBUG, "FT: Invalid nonce");
2965		return -1;
2966	}
2967
2968	ret = wpa_ft_rrb_rx_r1(wpa_auth, src_addr, FT_PACKET_R0KH_R1KH_RESP,
2969			       enc, enc_len, auth, auth_len, msgtype, s1kh_id,
2970			       no_defer ? NULL : &wpa_ft_rrb_rx_resp);
2971	if (ret == -2) {
2972		ret = 0;
2973		nak = 1;
2974	} else {
2975		nak = 0;
2976	}
2977	if (ret < 0)
2978		return -1;
2979
2980	ctx.s1kh_id = s1kh_id;
2981	if (wpa_auth_for_each_sta(wpa_auth, ft_get_sta_cb, &ctx)) {
2982		wpa_printf(MSG_DEBUG,
2983			   "FT: Response to a pending pull request for " MACSTR,
2984			   MAC2STR(ctx.sm->addr));
2985		eloop_cancel_timeout(wpa_ft_expire_pull, ctx.sm, NULL);
2986		if (nak)
2987			ctx.sm->ft_pending_pull_left_retries = 0;
2988		ft_finish_pull(ctx.sm);
2989	}
2990
2991out:
2992	return ret;
2993}
2994
2995
2996static int wpa_ft_rrb_rx_push(struct wpa_authenticator *wpa_auth,
2997			      const u8 *src_addr,
2998			      const u8 *enc, size_t enc_len,
2999			      const u8 *auth, size_t auth_len, int no_defer)
3000{
3001	const char *msgtype = "push";
3002
3003	wpa_printf(MSG_DEBUG, "FT: Received PMK-R1 push");
3004
3005	if (wpa_ft_rrb_rx_r1(wpa_auth, src_addr, FT_PACKET_R0KH_R1KH_PUSH,
3006			     enc, enc_len, auth, auth_len, msgtype, NULL,
3007			     no_defer ? NULL : wpa_ft_rrb_rx_push) < 0)
3008		return -1;
3009
3010	return 0;
3011}
3012
3013
3014static int wpa_ft_rrb_rx_seq(struct wpa_authenticator *wpa_auth,
3015			     const u8 *src_addr, int type,
3016			     const u8 *enc, size_t enc_len,
3017			     const u8 *auth, size_t auth_len,
3018			     struct ft_remote_seq **rkh_seq,
3019			     u8 **key, size_t *key_len,
3020			     struct ft_remote_r0kh **r0kh_out,
3021			     struct ft_remote_r1kh **r1kh_out,
3022			     struct ft_remote_r0kh **r0kh_wildcard_out,
3023			     struct ft_remote_r1kh **r1kh_wildcard_out)
3024{
3025	struct ft_remote_r0kh *r0kh = NULL;
3026	struct ft_remote_r1kh *r1kh = NULL;
3027	const u8 *f_r0kh_id, *f_r1kh_id;
3028	size_t f_r0kh_id_len, f_r1kh_id_len;
3029	int to_r0kh, to_r1kh;
3030	u8 *plain = NULL;
3031	size_t plain_len = 0;
3032	struct ft_remote_r0kh *r0kh_wildcard;
3033	struct ft_remote_r1kh *r1kh_wildcard;
3034
3035	RRB_GET_AUTH(FT_RRB_R0KH_ID, r0kh_id, "seq", -1);
3036	RRB_GET_AUTH(FT_RRB_R1KH_ID, r1kh_id, "seq", FT_R1KH_ID_LEN);
3037
3038	to_r0kh = !wpa_ft_rrb_check_r0kh(wpa_auth, f_r0kh_id, f_r0kh_id_len);
3039	to_r1kh = !wpa_ft_rrb_check_r1kh(wpa_auth, f_r1kh_id);
3040
3041	if (to_r0kh && to_r1kh) {
3042		wpa_printf(MSG_DEBUG, "FT: seq - local R0KH-ID and R1KH-ID");
3043		goto out;
3044	}
3045
3046	if (!to_r0kh && !to_r1kh) {
3047		wpa_printf(MSG_DEBUG, "FT: seq - remote R0KH-ID and R1KH-ID");
3048		goto out;
3049	}
3050
3051	if (!to_r0kh) {
3052		wpa_ft_rrb_lookup_r0kh(wpa_auth, f_r0kh_id, f_r0kh_id_len,
3053				       &r0kh, &r0kh_wildcard);
3054		if (!r0kh_wildcard &&
3055		    (!r0kh || os_memcmp(r0kh->addr, src_addr, ETH_ALEN) != 0)) {
3056			wpa_hexdump(MSG_DEBUG, "FT: Did not find R0KH-ID",
3057				    f_r0kh_id, f_r0kh_id_len);
3058			goto out;
3059		}
3060		if (r0kh) {
3061			*key = r0kh->key;
3062			*key_len = sizeof(r0kh->key);
3063		} else {
3064			*key = r0kh_wildcard->key;
3065			*key_len = sizeof(r0kh_wildcard->key);
3066		}
3067	}
3068
3069	if (!to_r1kh) {
3070		wpa_ft_rrb_lookup_r1kh(wpa_auth, f_r1kh_id, &r1kh,
3071				       &r1kh_wildcard);
3072		if (!r1kh_wildcard &&
3073		    (!r1kh || os_memcmp(r1kh->addr, src_addr, ETH_ALEN) != 0)) {
3074			wpa_hexdump(MSG_DEBUG, "FT: Did not find R1KH-ID",
3075				    f_r1kh_id, FT_R1KH_ID_LEN);
3076			goto out;
3077		}
3078		if (r1kh) {
3079			*key = r1kh->key;
3080			*key_len = sizeof(r1kh->key);
3081		} else {
3082			*key = r1kh_wildcard->key;
3083			*key_len = sizeof(r1kh_wildcard->key);
3084		}
3085	}
3086
3087	if (wpa_ft_rrb_decrypt(*key, *key_len, enc, enc_len, auth, auth_len,
3088			       src_addr, type, &plain, &plain_len) < 0)
3089		goto out;
3090
3091	os_free(plain);
3092
3093	if (!to_r0kh) {
3094		if (!r0kh)
3095			r0kh = wpa_ft_rrb_add_r0kh(wpa_auth, r0kh_wildcard,
3096						   src_addr, f_r0kh_id,
3097						   f_r0kh_id_len,
3098						   ftRRBseqTimeout);
3099		if (!r0kh)
3100			goto out;
3101
3102		wpa_ft_rrb_r0kh_replenish(wpa_auth, r0kh, ftRRBseqTimeout);
3103		*rkh_seq = r0kh->seq;
3104		if (r0kh_out)
3105			*r0kh_out = r0kh;
3106		if (r0kh_wildcard_out)
3107			*r0kh_wildcard_out = r0kh_wildcard;
3108	}
3109
3110	if (!to_r1kh) {
3111		if (!r1kh)
3112			r1kh = wpa_ft_rrb_add_r1kh(wpa_auth, r1kh_wildcard,
3113						   src_addr, f_r1kh_id,
3114						   ftRRBseqTimeout);
3115		if (!r1kh)
3116			goto out;
3117
3118		wpa_ft_rrb_r1kh_replenish(wpa_auth, r1kh, ftRRBseqTimeout);
3119		*rkh_seq = r1kh->seq;
3120		if (r1kh_out)
3121			*r1kh_out = r1kh;
3122		if (r1kh_wildcard_out)
3123			*r1kh_wildcard_out = r1kh_wildcard;
3124	}
3125
3126	return 0;
3127out:
3128	return -1;
3129}
3130
3131
3132static int wpa_ft_rrb_rx_seq_req(struct wpa_authenticator *wpa_auth,
3133				 const u8 *src_addr,
3134				 const u8 *enc, size_t enc_len,
3135				 const u8 *auth, size_t auth_len,
3136				 int no_defer)
3137{
3138	int ret = -1;
3139	struct ft_rrb_seq f_seq;
3140	const u8 *f_nonce, *f_r0kh_id, *f_r1kh_id;
3141	size_t f_nonce_len, f_r0kh_id_len, f_r1kh_id_len;
3142	struct ft_remote_seq *rkh_seq = NULL;
3143	u8 *packet = NULL, *key = NULL;
3144	size_t packet_len = 0, key_len = 0;
3145	struct tlv_list seq_resp_auth[5];
3146
3147	wpa_printf(MSG_DEBUG, "FT: Received sequence number request");
3148
3149	if (wpa_ft_rrb_rx_seq(wpa_auth, src_addr, FT_PACKET_R0KH_R1KH_SEQ_REQ,
3150			      enc, enc_len, auth, auth_len, &rkh_seq, &key,
3151			      &key_len, NULL, NULL, NULL, NULL) < 0)
3152		goto out;
3153
3154	RRB_GET_AUTH(FT_RRB_NONCE, nonce, "seq request", FT_RRB_NONCE_LEN);
3155	wpa_hexdump(MSG_DEBUG, "FT: seq request - nonce", f_nonce, f_nonce_len);
3156
3157	RRB_GET_AUTH(FT_RRB_R0KH_ID, r0kh_id, "seq", -1);
3158	RRB_GET_AUTH(FT_RRB_R1KH_ID, r1kh_id, "seq", FT_R1KH_ID_LEN);
3159
3160	if (wpa_ft_new_seq(rkh_seq, &f_seq) < 0) {
3161		wpa_printf(MSG_DEBUG, "FT: Failed to get seq num");
3162		goto out;
3163	}
3164
3165	seq_resp_auth[0].type = FT_RRB_NONCE;
3166	seq_resp_auth[0].len = f_nonce_len;
3167	seq_resp_auth[0].data = f_nonce;
3168	seq_resp_auth[1].type = FT_RRB_SEQ;
3169	seq_resp_auth[1].len = sizeof(f_seq);
3170	seq_resp_auth[1].data = (u8 *) &f_seq;
3171	seq_resp_auth[2].type = FT_RRB_R0KH_ID;
3172	seq_resp_auth[2].len = f_r0kh_id_len;
3173	seq_resp_auth[2].data = f_r0kh_id;
3174	seq_resp_auth[3].type = FT_RRB_R1KH_ID;
3175	seq_resp_auth[3].len = FT_R1KH_ID_LEN;
3176	seq_resp_auth[3].data = f_r1kh_id;
3177	seq_resp_auth[4].type = FT_RRB_LAST_EMPTY;
3178	seq_resp_auth[4].len = 0;
3179	seq_resp_auth[4].data = NULL;
3180
3181	if (wpa_ft_rrb_build(key, key_len, NULL, NULL, seq_resp_auth,
3182			     wpa_auth->addr, FT_PACKET_R0KH_R1KH_SEQ_RESP,
3183			     &packet, &packet_len) < 0)
3184		goto out;
3185
3186	wpa_ft_rrb_oui_send(wpa_auth, src_addr,
3187			    FT_PACKET_R0KH_R1KH_SEQ_RESP, packet,
3188			    packet_len);
3189
3190out:
3191	os_free(packet);
3192
3193	return ret;
3194}
3195
3196
3197static int wpa_ft_rrb_rx_seq_resp(struct wpa_authenticator *wpa_auth,
3198				  const u8 *src_addr,
3199				  const u8 *enc, size_t enc_len,
3200				  const u8 *auth, size_t auth_len,
3201				  int no_defer)
3202{
3203	u8 *key = NULL;
3204	size_t key_len = 0;
3205	struct ft_remote_r0kh *r0kh = NULL, *r0kh_wildcard = NULL;
3206	struct ft_remote_r1kh *r1kh = NULL, *r1kh_wildcard = NULL;
3207	const u8 *f_nonce, *f_seq;
3208	size_t f_nonce_len, f_seq_len;
3209	struct ft_remote_seq *rkh_seq = NULL;
3210	struct ft_remote_item *item;
3211	struct os_reltime now, now_remote;
3212	int seq_ret, found;
3213	const struct ft_rrb_seq *msg_both;
3214	u32 msg_dom, msg_seq;
3215
3216	wpa_printf(MSG_DEBUG, "FT: Received sequence number response");
3217
3218	if (wpa_ft_rrb_rx_seq(wpa_auth, src_addr, FT_PACKET_R0KH_R1KH_SEQ_RESP,
3219			      enc, enc_len, auth, auth_len, &rkh_seq, &key,
3220			      &key_len, &r0kh, &r1kh, &r0kh_wildcard,
3221			      &r1kh_wildcard) < 0)
3222		goto out;
3223
3224	RRB_GET_AUTH(FT_RRB_NONCE, nonce, "seq response", FT_RRB_NONCE_LEN);
3225	wpa_hexdump(MSG_DEBUG, "FT: seq response - nonce", f_nonce,
3226		    f_nonce_len);
3227
3228	found = 0;
3229	dl_list_for_each(item, &rkh_seq->rx.queue, struct ft_remote_item,
3230			 list) {
3231		if (os_memcmp_const(f_nonce, item->nonce,
3232				    FT_RRB_NONCE_LEN) != 0 ||
3233		    os_get_reltime(&now) < 0 ||
3234		    os_reltime_expired(&now, &item->nonce_ts, ftRRBseqTimeout))
3235			continue;
3236
3237		found = 1;
3238		break;
3239	}
3240	if (!found) {
3241		wpa_printf(MSG_DEBUG, "FT: seq response - bad nonce");
3242		goto out;
3243	}
3244
3245	if (r0kh) {
3246		wpa_ft_rrb_r0kh_replenish(wpa_auth, r0kh,
3247					  wpa_auth->conf.rkh_pos_timeout);
3248		if (r0kh_wildcard)
3249			os_memcpy(r0kh->addr, src_addr, ETH_ALEN);
3250	}
3251
3252	if (r1kh) {
3253		wpa_ft_rrb_r1kh_replenish(wpa_auth, r1kh,
3254					  wpa_auth->conf.rkh_pos_timeout);
3255		if (r1kh_wildcard)
3256			os_memcpy(r1kh->addr, src_addr, ETH_ALEN);
3257	}
3258
3259	seq_ret = wpa_ft_rrb_seq_chk(rkh_seq, src_addr, enc, enc_len, auth,
3260				     auth_len, "seq response", 1);
3261	if (seq_ret == FT_RRB_SEQ_OK) {
3262		wpa_printf(MSG_DEBUG, "FT: seq response - valid seq number");
3263		wpa_ft_rrb_seq_accept(wpa_auth, rkh_seq, src_addr, auth,
3264				      auth_len, "seq response");
3265	} else {
3266		wpa_printf(MSG_DEBUG, "FT: seq response - reset seq number");
3267
3268		RRB_GET_AUTH(FT_RRB_SEQ, seq, "seq response",
3269			     sizeof(*msg_both));
3270		msg_both = (const struct ft_rrb_seq *) f_seq;
3271
3272		msg_dom = le_to_host32(msg_both->dom);
3273		msg_seq = le_to_host32(msg_both->seq);
3274		now_remote.sec = le_to_host32(msg_both->ts);
3275		now_remote.usec = 0;
3276
3277		rkh_seq->rx.num_last = 2;
3278		rkh_seq->rx.dom = msg_dom;
3279		rkh_seq->rx.offsetidx = 0;
3280		/* Accept some older, possibly cached packets as well */
3281		rkh_seq->rx.last[0] = msg_seq - FT_REMOTE_SEQ_BACKLOG -
3282			dl_list_len(&rkh_seq->rx.queue);
3283		rkh_seq->rx.last[1] = msg_seq;
3284
3285		/* local time - offset = remote time
3286		 * <=> local time - remote time = offset */
3287		os_reltime_sub(&now, &now_remote, &rkh_seq->rx.time_offset);
3288	}
3289
3290	wpa_ft_rrb_seq_flush(wpa_auth, rkh_seq, 1);
3291
3292	return 0;
3293out:
3294	return -1;
3295}
3296
3297
3298int wpa_ft_rrb_rx(struct wpa_authenticator *wpa_auth, const u8 *src_addr,
3299		  const u8 *data, size_t data_len)
3300{
3301	struct ft_rrb_frame *frame;
3302	u16 alen;
3303	const u8 *pos, *end, *start;
3304	u8 action;
3305	const u8 *sta_addr, *target_ap_addr;
3306
3307	wpa_printf(MSG_DEBUG, "FT: RRB received frame from remote AP " MACSTR,
3308		   MAC2STR(src_addr));
3309
3310	if (data_len < sizeof(*frame)) {
3311		wpa_printf(MSG_DEBUG, "FT: Too short RRB frame (data_len=%lu)",
3312			   (unsigned long) data_len);
3313		return -1;
3314	}
3315
3316	pos = data;
3317	frame = (struct ft_rrb_frame *) pos;
3318	pos += sizeof(*frame);
3319
3320	alen = le_to_host16(frame->action_length);
3321	wpa_printf(MSG_DEBUG, "FT: RRB frame - frame_type=%d packet_type=%d "
3322		   "action_length=%d ap_address=" MACSTR,
3323		   frame->frame_type, frame->packet_type, alen,
3324		   MAC2STR(frame->ap_address));
3325
3326	if (frame->frame_type != RSN_REMOTE_FRAME_TYPE_FT_RRB) {
3327		/* Discard frame per IEEE Std 802.11r-2008, 11A.10.3 */
3328		wpa_printf(MSG_DEBUG, "FT: RRB discarded frame with "
3329			   "unrecognized type %d", frame->frame_type);
3330		return -1;
3331	}
3332
3333	if (alen > data_len - sizeof(*frame)) {
3334		wpa_printf(MSG_DEBUG, "FT: RRB frame too short for action "
3335			   "frame");
3336		return -1;
3337	}
3338
3339	wpa_hexdump(MSG_MSGDUMP, "FT: RRB - FT Action frame", pos, alen);
3340
3341	if (alen < 1 + 1 + 2 * ETH_ALEN) {
3342		wpa_printf(MSG_DEBUG, "FT: Too short RRB frame (not enough "
3343			   "room for Action Frame body); alen=%lu",
3344			   (unsigned long) alen);
3345		return -1;
3346	}
3347	start = pos;
3348	end = pos + alen;
3349
3350	if (*pos != WLAN_ACTION_FT) {
3351		wpa_printf(MSG_DEBUG, "FT: Unexpected Action frame category "
3352			   "%d", *pos);
3353		return -1;
3354	}
3355
3356	pos++;
3357	action = *pos++;
3358	sta_addr = pos;
3359	pos += ETH_ALEN;
3360	target_ap_addr = pos;
3361	pos += ETH_ALEN;
3362	wpa_printf(MSG_DEBUG, "FT: RRB Action Frame: action=%d sta_addr="
3363		   MACSTR " target_ap_addr=" MACSTR,
3364		   action, MAC2STR(sta_addr), MAC2STR(target_ap_addr));
3365
3366	if (frame->packet_type == FT_PACKET_REQUEST) {
3367		wpa_printf(MSG_DEBUG, "FT: FT Packet Type - Request");
3368
3369		if (action != 1) {
3370			wpa_printf(MSG_DEBUG, "FT: Unexpected Action %d in "
3371				   "RRB Request", action);
3372			return -1;
3373		}
3374
3375		if (os_memcmp(target_ap_addr, wpa_auth->addr, ETH_ALEN) != 0) {
3376			wpa_printf(MSG_DEBUG, "FT: Target AP address in the "
3377				   "RRB Request does not match with own "
3378				   "address");
3379			return -1;
3380		}
3381
3382		if (wpa_ft_rrb_rx_request(wpa_auth, frame->ap_address,
3383					  sta_addr, pos, end - pos) < 0)
3384			return -1;
3385	} else if (frame->packet_type == FT_PACKET_RESPONSE) {
3386		u16 status_code;
3387
3388		if (end - pos < 2) {
3389			wpa_printf(MSG_DEBUG, "FT: Not enough room for status "
3390				   "code in RRB Response");
3391			return -1;
3392		}
3393		status_code = WPA_GET_LE16(pos);
3394		pos += 2;
3395
3396		wpa_printf(MSG_DEBUG, "FT: FT Packet Type - Response "
3397			   "(status_code=%d)", status_code);
3398
3399		if (wpa_ft_action_send(wpa_auth, sta_addr, start, alen) < 0)
3400			return -1;
3401	} else {
3402		wpa_printf(MSG_DEBUG, "FT: RRB discarded frame with unknown "
3403			   "packet_type %d", frame->packet_type);
3404		return -1;
3405	}
3406
3407	if (end > pos) {
3408		wpa_hexdump(MSG_DEBUG, "FT: Ignore extra data in end",
3409			    pos, end - pos);
3410	}
3411
3412	return 0;
3413}
3414
3415
3416void wpa_ft_rrb_oui_rx(struct wpa_authenticator *wpa_auth, const u8 *src_addr,
3417		       const u8 *dst_addr, u8 oui_suffix, const u8 *data,
3418		       size_t data_len)
3419{
3420	const u8 *auth, *enc;
3421	size_t alen, elen;
3422	int no_defer = 0;
3423
3424	wpa_printf(MSG_DEBUG, "FT: RRB-OUI received frame from remote AP "
3425		   MACSTR, MAC2STR(src_addr));
3426	wpa_printf(MSG_DEBUG, "FT: RRB-OUI frame - oui_suffix=%d", oui_suffix);
3427
3428	if (is_multicast_ether_addr(src_addr)) {
3429		wpa_printf(MSG_DEBUG,
3430			   "FT: RRB-OUI received frame from multicast address "
3431			   MACSTR, MAC2STR(src_addr));
3432		return;
3433	}
3434
3435	if (is_multicast_ether_addr(dst_addr)) {
3436		wpa_printf(MSG_DEBUG,
3437			   "FT: RRB-OUI received frame from remote AP " MACSTR
3438			   " to multicast address " MACSTR,
3439			   MAC2STR(src_addr), MAC2STR(dst_addr));
3440		no_defer = 1;
3441	}
3442
3443	if (data_len < sizeof(u16)) {
3444		wpa_printf(MSG_DEBUG, "FT: RRB-OUI frame too short");
3445		return;
3446	}
3447
3448	alen = WPA_GET_LE16(data);
3449	if (data_len < sizeof(u16) + alen) {
3450		wpa_printf(MSG_DEBUG, "FT: RRB-OUI frame too short");
3451		return;
3452	}
3453
3454	auth = data + sizeof(u16);
3455	enc = data + sizeof(u16) + alen;
3456	elen = data_len - sizeof(u16) - alen;
3457
3458	switch (oui_suffix) {
3459	case FT_PACKET_R0KH_R1KH_PULL:
3460		wpa_ft_rrb_rx_pull(wpa_auth, src_addr, enc, elen, auth, alen,
3461				   no_defer);
3462		break;
3463	case FT_PACKET_R0KH_R1KH_RESP:
3464		wpa_ft_rrb_rx_resp(wpa_auth, src_addr, enc, elen, auth, alen,
3465				   no_defer);
3466		break;
3467	case FT_PACKET_R0KH_R1KH_PUSH:
3468		wpa_ft_rrb_rx_push(wpa_auth, src_addr, enc, elen, auth, alen,
3469				   no_defer);
3470		break;
3471	case FT_PACKET_R0KH_R1KH_SEQ_REQ:
3472		wpa_ft_rrb_rx_seq_req(wpa_auth, src_addr, enc, elen, auth, alen,
3473				      no_defer);
3474		break;
3475	case FT_PACKET_R0KH_R1KH_SEQ_RESP:
3476		wpa_ft_rrb_rx_seq_resp(wpa_auth, src_addr, enc, elen, auth,
3477				       alen, no_defer);
3478		break;
3479	}
3480}
3481
3482
3483static int wpa_ft_generate_pmk_r1(struct wpa_authenticator *wpa_auth,
3484				  struct wpa_ft_pmk_r0_sa *pmk_r0,
3485				  struct ft_remote_r1kh *r1kh,
3486				  const u8 *s1kh_id)
3487{
3488	u8 *packet;
3489	size_t packet_len;
3490	struct ft_rrb_seq f_seq;
3491	struct tlv_list push[] = {
3492		{ .type = FT_RRB_S1KH_ID, .len = ETH_ALEN,
3493		  .data = s1kh_id },
3494		{ .type = FT_RRB_PMK_R0_NAME, .len = WPA_PMK_NAME_LEN,
3495		  .data = pmk_r0->pmk_r0_name },
3496		{ .type = FT_RRB_LAST_EMPTY, .len = 0, .data = NULL },
3497	};
3498	struct tlv_list push_auth[] = {
3499		{ .type = FT_RRB_SEQ, .len = sizeof(f_seq),
3500		  .data = (u8 *) &f_seq },
3501		{ .type = FT_RRB_R0KH_ID,
3502		  .len = wpa_auth->conf.r0_key_holder_len,
3503		  .data = wpa_auth->conf.r0_key_holder },
3504		{ .type = FT_RRB_R1KH_ID, .len = FT_R1KH_ID_LEN,
3505		  .data = r1kh->id },
3506		{ .type = FT_RRB_LAST_EMPTY, .len = 0, .data = NULL },
3507	};
3508
3509	if (wpa_ft_new_seq(r1kh->seq, &f_seq) < 0) {
3510		wpa_printf(MSG_DEBUG, "FT: Failed to get seq num");
3511		return -1;
3512	}
3513
3514	if (wpa_ft_rrb_build_r0(r1kh->key, sizeof(r1kh->key), push, pmk_r0,
3515				r1kh->id, s1kh_id, push_auth, wpa_auth->addr,
3516				FT_PACKET_R0KH_R1KH_PUSH,
3517				&packet, &packet_len) < 0)
3518		return -1;
3519
3520	wpa_ft_rrb_oui_send(wpa_auth, r1kh->addr, FT_PACKET_R0KH_R1KH_PUSH,
3521			    packet, packet_len);
3522
3523	os_free(packet);
3524	return 0;
3525}
3526
3527
3528void wpa_ft_push_pmk_r1(struct wpa_authenticator *wpa_auth, const u8 *addr)
3529{
3530	struct wpa_ft_pmk_r0_sa *r0;
3531	struct ft_remote_r1kh *r1kh;
3532
3533	if (!wpa_auth->conf.pmk_r1_push)
3534		return;
3535	if (!wpa_auth->conf.r1kh_list)
3536		return;
3537
3538	r0 = wpa_auth->ft_pmk_cache->pmk_r0;
3539	while (r0) {
3540		if (os_memcmp(r0->spa, addr, ETH_ALEN) == 0)
3541			break;
3542		r0 = r0->next;
3543	}
3544
3545	if (r0 == NULL || r0->pmk_r1_pushed)
3546		return;
3547	r0->pmk_r1_pushed = 1;
3548
3549	wpa_printf(MSG_DEBUG, "FT: Deriving and pushing PMK-R1 keys to R1KHs "
3550		   "for STA " MACSTR, MAC2STR(addr));
3551
3552	for (r1kh = *wpa_auth->conf.r1kh_list; r1kh; r1kh = r1kh->next) {
3553		if (is_zero_ether_addr(r1kh->addr) ||
3554		    is_zero_ether_addr(r1kh->id))
3555			continue;
3556		if (wpa_ft_rrb_init_r1kh_seq(r1kh) < 0)
3557			continue;
3558		wpa_ft_generate_pmk_r1(wpa_auth, r0, r1kh, addr);
3559	}
3560}
3561
3562#endif /* CONFIG_IEEE80211R_AP */
3563