Lines Matching +full:mic +full:- +full:pos
2 * hostapd - IEEE 802.11r - Fast BSS Transition
3 * Copyright (c) 2004-2018, Jouni Malinen <j@w1.fi>
58 * wpa_ft_rrb_decrypt - Decrypt FT RRB message
59 * @key: AES-SIV key for AEAD
66 * @type: Vendor-specific subtype of the RRB frame (FT_PACKET_*)
72 * Returns: 0 on success, -1 on error
105 *plain = os_zalloc(enc_len - AES_BLOCK_SIZE);
117 enc_len -= 2;
123 *plain_size = enc_len - AES_BLOCK_SIZE;
134 return -1;
140 * @return 0 on success else -1
156 left -= sizeof(*f);
158 len = le_to_host16(f->len);
165 if (f->type == type16) {
171 left -= len;
175 return -1;
191 left -= sizeof(*f);
193 len = le_to_host16(f->len);
196 le_to_host16(f->type), len);
207 left -= len;
224 return x - y;
245 left -= sizeof(*f);
248 len = le_to_host16(f->len);
249 type = le_to_host16(f->type);
253 return -1;
262 return -1;
268 return -1;
274 left -= sizeof(le16);
275 len -= sizeof(le16);
285 vlan->untagged = vlan_id;
289 vlan->tagged[taggedidx] = vlan_id;
297 left -= len;
302 qsort(vlan->tagged, taggedidx, sizeof(int), cmp_int);
304 vlan->notempty = vlan->untagged || vlan->tagged[0];
333 u8 *pos;
339 pos = start;
341 if (tlv_len + sizeof(*hdr) > (size_t) (endpos - start))
344 hdr = (struct ft_rrb_tlv *) pos;
345 hdr->type = host_to_le16(tlvs[i].type);
346 hdr->len = host_to_le16(tlvs[i].len);
347 pos = start + tlv_len;
349 if (tlv_len + tlvs[i].len > (size_t) (endpos - start))
354 os_memcpy(pos, tlvs[i].data, tlvs[i].len);
355 pos = start + tlv_len;
367 if (!vlan || !vlan->notempty)
370 if (vlan->untagged) {
374 if (vlan->tagged[0])
376 for (i = 0; i < MAX_NUM_TAGGED_VLAN && vlan->tagged[i]; i++)
389 u8 *pos = start;
391 if (!vlan || !vlan->notempty)
395 if (vlan->untagged) {
399 hdr = (struct ft_rrb_tlv *) pos;
400 hdr->type = host_to_le16(FT_RRB_VLAN_UNTAGGED);
401 hdr->len = host_to_le16(sizeof(le16));
402 pos = start + tlv_len;
407 WPA_PUT_LE16(pos, vlan->untagged);
408 pos = start + tlv_len;
411 if (!vlan->tagged[0])
417 hdr = (struct ft_rrb_tlv *) pos;
418 hdr->type = host_to_le16(FT_RRB_VLAN_TAGGED);
420 pos = start + tlv_len;
422 for (i = 0; i < MAX_NUM_TAGGED_VLAN && vlan->tagged[i]; i++) {
427 WPA_PUT_LE16(pos, vlan->tagged[i]);
428 pos = start + tlv_len;
431 hdr->len = host_to_le16(len);
442 u8 *pos, *endpos;
456 pos = *plain;
458 pos += wpa_ft_tlv_lin(tlvs1, pos, endpos);
459 pos += wpa_ft_tlv_lin(tlvs2, pos, endpos);
460 pos += wpa_ft_vlan_lin(vlan, pos, endpos);
463 if (pos != endpos) {
474 return -1;
498 wpa_printf(MSG_ERROR, "FT: Failed to encrypt RRB-OUI message");
499 return -1;
509 * wpa_ft_rrb_build - Build and encrypt an FT RRB message
510 * @key: AES-SIV key for AEAD
512 * @tlvs_enc0: First set of to-be-encrypted TLVs
513 * @tlvs_enc1: Second set of to-be-encrypted TLVs
514 * @tlvs_auth: Set of to-be-authenticated TLVs
516 * @type: Vendor-specific subtype of the RRB frame (FT_PACKET_*)
521 * Returns: 0 on success, -1 on error
531 u8 *plain = NULL, *auth = NULL, *pos, *tmp;
533 int ret = -1;
548 pad_len = RRB_MIN_MSG_LEN - *packet_len;
552 "FT: Pad message to minimum Ethernet frame length (%d --> %d)",
559 pos = auth + auth_len;
560 WPA_PUT_LE16(pos, FT_RRB_LAST_EMPTY);
561 pos += 2;
562 WPA_PUT_LE16(pos, pad_len - sizeof(struct ft_rrb_tlv));
563 pos += 2;
564 os_memset(pos, 0, pad_len - sizeof(struct ft_rrb_tlv));
572 pos = *packet;
573 WPA_PUT_LE16(pos, auth_len);
574 pos += 2;
575 os_memcpy(pos, auth, auth_len);
576 pos += auth_len;
578 auth_len, src_addr, type, pos) < 0)
589 wpa_printf(MSG_ERROR, "FT: Failed to build RRB-OUI message");
634 if (wpa_auth->cb->send_ether == NULL)
635 return -1;
637 return wpa_auth->cb->send_ether(wpa_auth->cb_ctx, dst, ETH_P_RRB,
646 if (!wpa_auth->cb->send_oui)
647 return -1;
648 wpa_printf(MSG_DEBUG, "FT: RRB-OUI type %u send to " MACSTR " (len=%u)",
650 return wpa_auth->cb->send_oui(wpa_auth->cb_ctx, dst, oui_suffix, data,
658 if (wpa_auth->cb->send_ft_action == NULL)
659 return -1;
660 return wpa_auth->cb->send_ft_action(wpa_auth->cb_ctx, dst,
669 if (wpa_auth->cb->get_psk == NULL)
671 return wpa_auth->cb->get_psk(wpa_auth->cb_ctx, addr, p2p_dev_addr,
679 if (wpa_auth->cb->add_sta == NULL)
681 return wpa_auth->cb->add_sta(wpa_auth->cb_ctx, sta_addr);
688 if (!wpa_auth->cb->set_vlan)
689 return -1;
690 return wpa_auth->cb->set_vlan(wpa_auth->cb_ctx, sta_addr, vlan);
697 if (!wpa_auth->cb->get_vlan)
698 return -1;
699 return wpa_auth->cb->get_vlan(wpa_auth->cb_ctx, sta_addr, vlan);
707 if (!wpa_auth->cb->set_identity)
708 return -1;
709 return wpa_auth->cb->set_identity(wpa_auth->cb_ctx, sta_addr, identity,
719 if (!wpa_auth->cb->get_identity)
721 return wpa_auth->cb->get_identity(wpa_auth->cb_ctx, sta_addr, buf);
729 if (!wpa_auth->cb->set_radius_cui)
730 return -1;
731 return wpa_auth->cb->set_radius_cui(wpa_auth->cb_ctx, sta_addr,
741 if (!wpa_auth->cb->get_radius_cui)
743 return wpa_auth->cb->get_radius_cui(wpa_auth->cb_ctx, sta_addr, buf);
751 if (!wpa_auth->cb->set_session_timeout)
753 wpa_auth->cb->set_session_timeout(wpa_auth->cb_ctx, sta_addr,
762 if (!wpa_auth->cb->get_session_timeout)
764 return wpa_auth->cb->get_session_timeout(wpa_auth->cb_ctx, sta_addr);
772 if (wpa_auth->cb->add_tspec == NULL) {
774 return -1;
776 return wpa_auth->cb->add_tspec(wpa_auth->cb_ctx, sta_addr, tspec_ie,
785 if (!wpa_auth->cb->channel_info)
786 return -1;
787 return wpa_auth->cb->channel_info(wpa_auth->cb_ctx, ci);
794 u8 *pos = buf;
797 return -1;
799 *pos++ = WLAN_EID_MOBILITY_DOMAIN;
800 *pos++ = MOBILITY_DOMAIN_ID_LEN + 1;
801 os_memcpy(pos, conf->mobility_domain, MOBILITY_DOMAIN_ID_LEN);
802 pos += MOBILITY_DOMAIN_ID_LEN;
804 if (conf->ft_over_ds)
806 *pos++ = capab;
808 return pos - buf;
818 u8 *pos = buf, *ielen;
838 return -1;
840 *pos++ = WLAN_EID_FAST_BSS_TRANSITION;
841 ielen = pos++;
845 struct rsn_ftie_sha512 *hdr = (struct rsn_ftie_sha512 *) pos;
848 pos += sizeof(*hdr);
850 WPA_PUT_LE16(hdr->mic_control, mic_control);
852 os_memcpy(hdr->anonce, anonce, WPA_NONCE_LEN);
854 os_memcpy(hdr->snonce, snonce, WPA_NONCE_LEN);
858 struct rsn_ftie_sha384 *hdr = (struct rsn_ftie_sha384 *) pos;
861 pos += sizeof(*hdr);
863 WPA_PUT_LE16(hdr->mic_control, mic_control);
865 os_memcpy(hdr->anonce, anonce, WPA_NONCE_LEN);
867 os_memcpy(hdr->snonce, snonce, WPA_NONCE_LEN);
869 struct rsn_ftie *hdr = (struct rsn_ftie *) pos;
872 pos += sizeof(*hdr);
874 WPA_PUT_LE16(hdr->mic_control, mic_control);
876 os_memcpy(hdr->anonce, anonce, WPA_NONCE_LEN);
878 os_memcpy(hdr->snonce, snonce, WPA_NONCE_LEN);
882 *pos++ = FTIE_SUBELEM_R1KH_ID;
883 *pos++ = FT_R1KH_ID_LEN;
884 os_memcpy(pos, conf->r1_key_holder, FT_R1KH_ID_LEN);
885 pos += FT_R1KH_ID_LEN;
888 *pos++ = FTIE_SUBELEM_R0KH_ID;
889 *pos++ = r0kh_id_len;
890 os_memcpy(pos, r0kh_id, r0kh_id_len);
891 pos += r0kh_id_len;
895 os_memcpy(pos, subelem, subelem_len);
896 pos += subelem_len;
899 *ielen = pos - buf - 2;
901 return pos - buf;
928 dl_list_del(&item->list);
929 bin_clear_free(item->enc, item->enc_len);
930 os_free(item->auth);
940 dl_list_for_each_safe(item, n, &rkh_seq->rx.queue,
942 if (cb && item->cb)
943 item->cb(wpa_auth, item->src_addr, item->enc,
944 item->enc_len, item->auth, item->auth_len, 1);
976 .data = NULL /* to be filled: item->nonce */ },
984 if (dl_list_len(&rkh_seq->rx.queue) >= ftRRBmaxQueueLen) {
991 MAC2STR(wpa_auth->addr), MAC2STR(src_addr));
996 os_memcpy(item->src_addr, src_addr, ETH_ALEN);
997 item->cb = cb;
999 if (random_get_bytes(item->nonce, FT_RRB_NONCE_LEN) < 0) {
1004 if (os_get_reltime(&item->nonce_ts) < 0)
1008 item->enc = os_memdup(enc, enc_len);
1009 item->enc_len = enc_len;
1010 if (!item->enc)
1015 item->auth = os_memdup(auth, auth_len);
1016 item->auth_len = auth_len;
1017 if (!item->auth)
1024 seq_req_auth[0].data = item->nonce;
1027 wpa_auth->addr, FT_PACKET_R0KH_R1KH_SEQ_REQ,
1033 dl_list_add(&rkh_seq->rx.queue, &item->list);
1044 os_free(item->auth);
1045 bin_clear_free(item->enc, item->enc_len);
1049 return -1;
1074 if (rkh_seq->rx.num_last == 0) {
1079 if (le_to_host32(msg_both->dom) != rkh_seq->rx.dom) {
1088 os_reltime_sub(&now, &rkh_seq->rx.time_offset, &now_remote);
1090 msg_ts_off = le_to_host32(msg_both->ts) -
1091 (msg_ts_now_remote - ftRRBseqTimeout);
1096 msg_seq = le_to_host32(msg_both->seq);
1097 rkh_off = rkh_seq->rx.last[rkh_seq->rx.offsetidx];
1098 msg_off = msg_seq - rkh_off;
1103 for (i = 0; i < rkh_seq->rx.num_last; i++) {
1104 if (rkh_seq->rx.last[i] == msg_seq)
1143 msg_seq = le_to_host32(msg_both->seq);
1145 if (rkh_seq->rx.num_last < FT_REMOTE_SEQ_BACKLOG) {
1146 rkh_seq->rx.last[rkh_seq->rx.num_last] = msg_seq;
1147 rkh_seq->rx.num_last++;
1151 rkh_off = rkh_seq->rx.last[rkh_seq->rx.offsetidx];
1152 for (i = 0; i < rkh_seq->rx.num_last; i++) {
1153 msg_off = rkh_seq->rx.last[i] - rkh_off;
1154 min_off = rkh_seq->rx.last[minidx] - rkh_off;
1155 if (msg_off < min_off && i != rkh_seq->rx.offsetidx)
1158 rkh_seq->rx.last[rkh_seq->rx.offsetidx] = msg_seq;
1159 rkh_seq->rx.offsetidx = minidx;
1175 return -1;
1177 if (!rkh_seq->tx.dom) {
1178 if (random_get_bytes((u8 *) &rkh_seq->tx.seq,
1179 sizeof(rkh_seq->tx.seq))) {
1182 rkh_seq->tx.seq = now.usec;
1184 if (random_get_bytes((u8 *) &rkh_seq->tx.dom,
1185 sizeof(rkh_seq->tx.dom))) {
1188 rkh_seq->tx.dom = now.usec;
1190 rkh_seq->tx.dom |= 1;
1193 f_seq->dom = host_to_le32(rkh_seq->tx.dom);
1194 f_seq->seq = host_to_le32(rkh_seq->tx.seq);
1195 f_seq->ts = host_to_le32(now.sec);
1197 rkh_seq->tx.seq++;
1252 dl_list_del(&r0->list);
1255 os_memset(r0->pmk_r0, 0, PMK_LEN_MAX);
1256 os_free(r0->vlan);
1257 os_free(r0->identity);
1258 os_free(r0->radius_cui);
1275 expires_in = r0->expiration - now.sec;
1276 session_timeout = r0->session_timeout - now.sec;
1278 * a) r0->expiration is set and hit
1279 * -or-
1280 * b) r0->session_timeout is set and hit
1282 if ((!r0->expiration || expires_in > 0) &&
1283 (!r0->session_timeout || session_timeout > 0)) {
1285 "FT: %s() called for non-expired entry %p",
1288 if (r0->expiration && expires_in > 0)
1291 if (r0->session_timeout && session_timeout > 0)
1306 dl_list_del(&r1->list);
1309 os_memset(r1->pmk_r1, 0, PMK_LEN_MAX);
1310 os_free(r1->vlan);
1311 os_free(r1->identity);
1312 os_free(r1->radius_cui);
1331 dl_list_init(&cache->pmk_r0);
1332 dl_list_init(&cache->pmk_r1);
1344 dl_list_for_each_safe(r0, r0prev, &cache->pmk_r0,
1348 dl_list_for_each_safe(r1, r1prev, &cache->pmk_r1,
1365 struct wpa_ft_pmk_cache *cache = wpa_auth->ft_pmk_cache;
1374 return -1;
1376 os_memcpy(r0->pmk_r0, pmk_r0, pmk_r0_len);
1377 r0->pmk_r0_len = pmk_r0_len;
1378 os_memcpy(r0->pmk_r0_name, pmk_r0_name, WPA_PMK_NAME_LEN);
1379 os_memcpy(r0->spa, spa, ETH_ALEN);
1380 r0->pairwise = pairwise;
1382 r0->expiration = now.sec + expires_in;
1383 if (vlan && vlan->notempty) {
1384 r0->vlan = os_zalloc(sizeof(*vlan));
1385 if (!r0->vlan) {
1387 return -1;
1389 *r0->vlan = *vlan;
1392 r0->identity = os_malloc(identity_len);
1393 if (r0->identity) {
1394 os_memcpy(r0->identity, identity, identity_len);
1395 r0->identity_len = identity_len;
1399 r0->radius_cui = os_malloc(radius_cui_len);
1400 if (r0->radius_cui) {
1401 os_memcpy(r0->radius_cui, radius_cui, radius_cui_len);
1402 r0->radius_cui_len = radius_cui_len;
1406 r0->session_timeout = now.sec + session_timeout;
1408 dl_list_add(&cache->pmk_r0, &r0->list);
1424 struct wpa_ft_pmk_cache *cache = wpa_auth->ft_pmk_cache;
1429 dl_list_for_each(r0, &cache->pmk_r0, struct wpa_ft_pmk_r0_sa, list) {
1430 if (ether_addr_equal(r0->spa, spa) &&
1431 os_memcmp_const(r0->pmk_r0_name, pmk_r0_name,
1439 return -1;
1452 struct wpa_ft_pmk_cache *cache = wpa_auth->ft_pmk_cache;
1453 int max_expires_in = wpa_auth->conf.r1_max_key_lifetime;
1465 return -1;
1467 os_memcpy(r1->pmk_r1, pmk_r1, pmk_r1_len);
1468 r1->pmk_r1_len = pmk_r1_len;
1469 os_memcpy(r1->pmk_r1_name, pmk_r1_name, WPA_PMK_NAME_LEN);
1470 os_memcpy(r1->spa, spa, ETH_ALEN);
1471 r1->pairwise = pairwise;
1472 if (vlan && vlan->notempty) {
1473 r1->vlan = os_zalloc(sizeof(*vlan));
1474 if (!r1->vlan) {
1476 return -1;
1478 *r1->vlan = *vlan;
1481 r1->identity = os_malloc(identity_len);
1482 if (r1->identity) {
1483 os_memcpy(r1->identity, identity, identity_len);
1484 r1->identity_len = identity_len;
1488 r1->radius_cui = os_malloc(radius_cui_len);
1489 if (r1->radius_cui) {
1490 os_memcpy(r1->radius_cui, radius_cui, radius_cui_len);
1491 r1->radius_cui_len = radius_cui_len;
1495 r1->session_timeout = now.sec + session_timeout;
1497 dl_list_add(&cache->pmk_r1, &r1->list);
1518 struct wpa_ft_pmk_cache *cache = wpa_auth->ft_pmk_cache;
1524 dl_list_for_each(r1, &cache->pmk_r1, struct wpa_ft_pmk_r1_sa, list) {
1525 if (ether_addr_equal(r1->spa, spa) &&
1526 os_memcmp_const(r1->pmk_r1_name, pmk_r1_name,
1528 os_memcpy(pmk_r1, r1->pmk_r1, r1->pmk_r1_len);
1529 *pmk_r1_len = r1->pmk_r1_len;
1531 *pairwise = r1->pairwise;
1532 if (vlan && r1->vlan)
1533 *vlan = *r1->vlan;
1534 if (vlan && !r1->vlan)
1537 *identity = r1->identity;
1538 *identity_len = r1->identity_len;
1541 *radius_cui = r1->radius_cui;
1542 *radius_cui_len = r1->radius_cui_len;
1544 if (session_timeout && r1->session_timeout > now.sec)
1545 *session_timeout = r1->session_timeout -
1547 else if (session_timeout && r1->session_timeout)
1555 return -1;
1561 if (r0kh->seq)
1564 r0kh->seq = os_zalloc(sizeof(*r0kh->seq));
1565 if (!r0kh->seq) {
1566 wpa_printf(MSG_DEBUG, "FT: Failed to allocate r0kh->seq");
1567 return -1;
1570 dl_list_init(&r0kh->seq->rx.queue);
1586 if (wpa_auth->conf.r0kh_list)
1587 r0kh = *wpa_auth->conf.r0kh_list;
1590 for (; r0kh; r0kh = r0kh->next) {
1591 if (r0kh->id_len == 1 && r0kh->id[0] == '*')
1593 if (f_r0kh_id && r0kh->id_len == f_r0kh_id_len &&
1594 os_memcmp_const(f_r0kh_id, r0kh->id, f_r0kh_id_len) == 0)
1608 if (r1kh->seq)
1611 r1kh->seq = os_zalloc(sizeof(*r1kh->seq));
1612 if (!r1kh->seq) {
1613 wpa_printf(MSG_DEBUG, "FT: Failed to allocate r1kh->seq");
1614 return -1;
1617 dl_list_init(&r1kh->seq->rx.queue);
1633 if (wpa_auth->conf.r1kh_list)
1634 r1kh = *wpa_auth->conf.r1kh_list;
1637 for (; r1kh; r1kh = r1kh->next) {
1638 if (is_zero_ether_addr(r1kh->addr) &&
1639 is_zero_ether_addr(r1kh->id))
1642 os_memcmp_const(r1kh->id, f_r1kh_id, FT_R1KH_ID_LEN) == 0)
1657 if (f_r0kh_id_len != wpa_auth->conf.r0_key_holder_len ||
1658 os_memcmp_const(f_r0kh_id, wpa_auth->conf.r0_key_holder,
1660 return -1;
1669 if (os_memcmp_const(f_r1kh_id, wpa_auth->conf.r1_key_holder,
1671 return -1;
1682 if (!wpa_auth->conf.r0kh_list)
1685 for (r0kh = *wpa_auth->conf.r0kh_list; r0kh; r0kh = r0kh->next) {
1693 prev->next = r0kh->next;
1695 *wpa_auth->conf.r0kh_list = r0kh->next;
1696 if (r0kh->seq)
1697 wpa_ft_rrb_seq_flush(wpa_auth, r0kh->seq, 0);
1698 os_free(r0kh->seq);
1731 if (!wpa_auth->conf.r0kh_list)
1739 os_memcpy(r0kh->addr, src_addr, sizeof(r0kh->addr));
1743 os_memcpy(r0kh->id, r0kh_id, id_len);
1744 r0kh->id_len = id_len;
1746 os_memcpy(r0kh->key, r0kh_wildcard->key, sizeof(r0kh->key));
1748 r0kh->next = *wpa_auth->conf.r0kh_list;
1749 *wpa_auth->conf.r0kh_list = r0kh;
1767 if (!wpa_auth->conf.r1kh_list)
1770 for (r1kh = *wpa_auth->conf.r1kh_list; r1kh; r1kh = r1kh->next) {
1778 prev->next = r1kh->next;
1780 *wpa_auth->conf.r1kh_list = r1kh->next;
1781 if (r1kh->seq)
1782 wpa_ft_rrb_seq_flush(wpa_auth, r1kh->seq, 0);
1783 os_free(r1kh->seq);
1804 if (!wpa_auth->conf.r1kh_list)
1811 os_memcpy(r1kh->addr, src_addr, sizeof(r1kh->addr));
1812 os_memcpy(r1kh->id, r1kh_id, sizeof(r1kh->id));
1813 os_memcpy(r1kh->key, r1kh_wildcard->key, sizeof(r1kh->key));
1814 r1kh->next = *wpa_auth->conf.r1kh_list;
1815 *wpa_auth->conf.r1kh_list = r1kh;
1841 if (wpa_auth->conf.r0kh_list)
1842 r0kh = *wpa_auth->conf.r0kh_list;
1845 for (; r0kh; r0kh = r0kh->next) {
1846 if (!r0kh->seq)
1848 wpa_ft_rrb_seq_flush(wpa_auth, r0kh->seq, 0);
1849 os_free(r0kh->seq);
1850 r0kh->seq = NULL;
1853 if (wpa_auth->conf.r1kh_list)
1854 r1kh = *wpa_auth->conf.r1kh_list;
1857 for (; r1kh; r1kh = r1kh->next) {
1858 if (!r1kh->seq)
1860 wpa_ft_rrb_seq_flush(wpa_auth, r1kh->seq, 0);
1861 os_free(r1kh->seq);
1862 r1kh->seq = NULL;
1872 if (wpa_auth->conf.r0kh_list)
1873 r0kh = *wpa_auth->conf.r0kh_list;
1877 r0kh_next = r0kh->next;
1881 r0kh_prev->next = r0kh_next;
1883 *wpa_auth->conf.r0kh_list = r0kh_next;
1891 if (wpa_auth->conf.r1kh_list)
1892 r1kh = *wpa_auth->conf.r1kh_list;
1896 r1kh_next = r1kh->next;
1900 r1kh_prev->next = r1kh_next;
1902 *wpa_auth->conf.r1kh_list = r1kh_next;
1924 if (!wpa_auth->conf.rkh_neg_timeout)
1931 /* r0kh removed after neg_timeout and might need re-adding */
1935 wpa_hexdump(MSG_DEBUG, "FT: Temporarily block R0KH-ID",
1940 wpa_auth->conf.rkh_neg_timeout);
1941 os_memset(r0kh->addr, 0, ETH_ALEN);
1945 wpa_auth->conf.rkh_neg_timeout);
1954 MAC2STR(sm->addr));
1955 if (sm->ft_pending_pull_left_retries <= 0)
1956 wpa_ft_block_r0kh(sm->wpa_auth, sm->r0kh_id, sm->r0kh_id_len);
1970 const u8 *key, *f_r1kh_id = sm->wpa_auth->conf.r1_key_holder;
1980 .data = sm->addr },
1985 .data = sm->ft_pending_pull_nonce },
1988 { .type = FT_RRB_R0KH_ID, .len = sm->r0kh_id_len,
1989 .data = sm->r0kh_id },
1995 if (sm->ft_pending_pull_left_retries <= 0)
1996 return -1;
1997 first = sm->ft_pending_pull_left_retries ==
1998 sm->wpa_auth->conf.rkh_pull_retries;
1999 sm->ft_pending_pull_left_retries--;
2001 wpa_ft_rrb_lookup_r0kh(sm->wpa_auth, sm->r0kh_id, sm->r0kh_id_len,
2005 r0kh_timeout = sm->wpa_auth->conf.rkh_pull_timeout / 1000 +
2008 wpa_ft_rrb_r0kh_replenish(sm->wpa_auth, r0kh, r0kh_timeout);
2010 wpa_printf(MSG_DEBUG, "FT: Using wildcard R0KH-ID");
2011 /* r0kh->addr: updated by SEQ_RESP and wpa_ft_expire_pull */
2012 r0kh = wpa_ft_rrb_add_r0kh(sm->wpa_auth, r0kh_wildcard,
2013 r0kh_wildcard->addr,
2014 sm->r0kh_id, sm->r0kh_id_len,
2018 wpa_hexdump(MSG_DEBUG, "FT: Did not find R0KH-ID",
2019 sm->r0kh_id, sm->r0kh_id_len);
2020 return -1;
2022 if (is_zero_ether_addr(r0kh->addr)) {
2023 wpa_hexdump(MSG_DEBUG, "FT: R0KH-ID is temporarily blocked",
2024 sm->r0kh_id, sm->r0kh_id_len);
2025 return -1;
2027 if (ether_addr_equal(r0kh->addr, sm->wpa_auth->addr)) {
2029 "FT: R0KH-ID points to self - no matching key available");
2030 return -1;
2033 key = r0kh->key;
2034 key_len = sizeof(r0kh->key);
2036 if (r0kh->seq->rx.num_last == 0) {
2039 wpa_ft_rrb_seq_req(sm->wpa_auth, r0kh->seq, r0kh->addr,
2040 r0kh->id, r0kh->id_len, f_r1kh_id, key,
2044 wpa_printf(MSG_DEBUG, "FT: Send PMK-R1 pull request from " MACSTR
2046 MAC2STR(sm->wpa_auth->addr), MAC2STR(r0kh->addr));
2049 random_get_bytes(sm->ft_pending_pull_nonce, FT_RRB_NONCE_LEN) < 0) {
2052 return -1;
2055 if (wpa_ft_new_seq(r0kh->seq, &f_seq) < 0) {
2057 return -1;
2061 sm->wpa_auth->addr, FT_PACKET_R0KH_R1KH_PULL,
2063 return -1;
2066 wpabuf_free(sm->ft_pending_req_ies);
2067 sm->ft_pending_req_ies = ft_pending_req_ies;
2068 if (!sm->ft_pending_req_ies) {
2070 return -1;
2073 tsecs = sm->wpa_auth->conf.rkh_pull_timeout / 1000;
2074 tusecs = (sm->wpa_auth->conf.rkh_pull_timeout % 1000) * 1000;
2077 wpa_ft_rrb_oui_send(sm->wpa_auth, r0kh->addr, FT_PACKET_R0KH_R1KH_PULL,
2089 int expires_in = sm->wpa_auth->conf.r0_key_lifetime;
2094 size_t pmk_r0_len = wpa_key_mgmt_sha384(sm->wpa_key_mgmt) ?
2097 if (wpa_ft_get_vlan(sm->wpa_auth, sm->addr, &vlan) < 0) {
2099 MAC2STR(sm->addr));
2100 return -1;
2103 identity_len = wpa_ft_get_identity(sm->wpa_auth, sm->addr, &identity);
2104 radius_cui_len = wpa_ft_get_radius_cui(sm->wpa_auth, sm->addr,
2106 session_timeout = wpa_ft_get_session_timeout(sm->wpa_auth, sm->addr);
2108 return wpa_ft_store_pmk_r0(sm->wpa_auth, sm->addr, pmk_r0, pmk_r0_len,
2109 pmk_r0_name, sm->pairwise, &vlan, expires_in,
2121 const u8 *mdid = sm->wpa_auth->conf.mobility_domain;
2122 const u8 *r0kh = sm->wpa_auth->conf.r0_key_holder;
2123 size_t r0kh_len = sm->wpa_auth->conf.r0_key_holder_len;
2124 const u8 *r1kh = sm->wpa_auth->conf.r1_key_holder;
2125 const u8 *ssid = sm->wpa_auth->conf.ssid;
2126 size_t ssid_len = sm->wpa_auth->conf.ssid_len;
2130 if (sm->wpa_key_mgmt == WPA_KEY_MGMT_FT_SAE_EXT_KEY &&
2131 (sm->xxkey_len == SHA256_MAC_LEN ||
2132 sm->xxkey_len == SHA384_MAC_LEN ||
2133 sm->xxkey_len == SHA512_MAC_LEN))
2134 pmk_r0_len = sm->xxkey_len;
2135 else if (wpa_key_mgmt_sha384(sm->wpa_key_mgmt))
2141 if (sm->xxkey_len > 0) {
2142 mpmk = sm->xxkey;
2143 mpmk_len = sm->xxkey_len;
2144 } else if (sm->pmksa) {
2145 mpmk = sm->pmksa->pmk;
2146 mpmk_len = sm->pmksa->pmk_len;
2150 return -1;
2154 r0kh, r0kh_len, sm->addr,
2156 sm->wpa_key_mgmt) < 0 ||
2157 wpa_derive_pmk_r1(pmk_r0, pmk_r0_len, pmk_r0_name, r1kh, sm->addr,
2158 pmk_r1, sm->pmk_r1_name) < 0)
2159 return -1;
2161 return wpa_pmk_r1_to_ptk(pmk_r1, pmk_r1_len, sm->SNonce, sm->ANonce,
2162 sm->addr, sm->wpa_auth->addr, sm->pmk_r1_name,
2163 ptk, ptk_name, sm->wpa_key_mgmt, sm->pairwise,
2172 int psk_local = sm->wpa_auth->conf.ft_psk_generate_local;
2173 int expires_in = sm->wpa_auth->conf.r0_key_lifetime;
2179 if (psk_local && wpa_key_mgmt_ft_psk(sm->wpa_key_mgmt))
2182 if (wpa_ft_get_vlan(sm->wpa_auth, sm->addr, &vlan) < 0) {
2184 MAC2STR(sm->addr));
2188 identity_len = wpa_ft_get_identity(sm->wpa_auth, sm->addr, &identity);
2189 radius_cui_len = wpa_ft_get_radius_cui(sm->wpa_auth, sm->addr,
2191 session_timeout = wpa_ft_get_session_timeout(sm->wpa_auth, sm->addr);
2194 wpa_ft_store_pmk_r0(sm->wpa_auth, sm->addr, pmk_r0, key_len,
2196 sm->pairwise, &vlan, expires_in,
2199 wpa_ft_store_pmk_r1(sm->wpa_auth, sm->addr, pmk_r1, key_len,
2200 sm->pmk_r1_name, sm->pairwise, &vlan,
2209 if (wpa_auth->cb->get_seqnum == NULL)
2210 return -1;
2211 return wpa_auth->cb->get_seqnum(wpa_auth->cb_ctx, addr, idx, seq);
2218 struct wpa_auth_config *conf = &sm->wpa_auth->conf;
2219 struct wpa_group *gsm = sm->group;
2227 if (wpa_key_mgmt_fils(sm->wpa_key_mgmt)) {
2228 kek = sm->PTK.kek2;
2229 kek_len = sm->PTK.kek2_len;
2231 kek = sm->PTK.kek;
2232 kek_len = sm->PTK.kek_len;
2235 key_len = gsm->GTK_len;
2245 pad_len = 8 - pad_len;
2249 os_memcpy(keybuf, gsm->GTK[gsm->GN - 1], key_len);
2250 if (conf->disable_gtk ||
2251 sm->wpa_key_mgmt == WPA_KEY_MGMT_OSEN) {
2263 } else if (conf->disable_gtk || sm->wpa_key_mgmt == WPA_KEY_MGMT_OSEN) {
2272 key = gsm->GTK[gsm->GN - 1];
2276 * Sub-elem ID[1] | Length[1] | Key Info[2] | Key Length[1] | RSC[8] |
2286 /* Key ID in B0-B1 of Key Info */
2287 WPA_PUT_LE16(&subelem[2], gsm->GN & 0x03);
2288 subelem[4] = gsm->GTK_len;
2289 wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN, subelem + 5);
2307 u8 *subelem, *pos;
2308 struct wpa_auth_config *conf = &sm->wpa_auth->conf;
2309 struct wpa_group *gsm = sm->group;
2316 if (wpa_key_mgmt_fils(sm->wpa_key_mgmt)) {
2317 kek = sm->PTK.kek2;
2318 kek_len = sm->PTK.kek2_len;
2320 kek = sm->PTK.kek;
2321 kek_len = sm->PTK.kek_len;
2324 igtk_len = wpa_cipher_key_len(sm->wpa_auth->conf.group_mgmt_cipher);
2326 /* Sub-elem ID[1] | Length[1] | KeyID[2] | IPN[6] | Key Length[1] |
2333 pos = subelem;
2334 *pos++ = FTIE_SUBELEM_IGTK;
2335 *pos++ = subelem_len - 2;
2336 WPA_PUT_LE16(pos, gsm->GN_igtk);
2337 pos += 2;
2338 wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN_igtk, pos);
2339 pos += 6;
2340 *pos++ = igtk_len;
2341 igtk = gsm->IGTK[gsm->GN_igtk - 4];
2342 if (conf->disable_gtk || sm->wpa_key_mgmt == WPA_KEY_MGMT_OSEN) {
2353 if (aes_wrap(kek, kek_len, igtk_len / 8, igtk, pos)) {
2368 u8 *subelem, *pos;
2369 struct wpa_authenticator *wpa_auth = sm->wpa_auth;
2370 struct wpa_group *gsm = wpa_auth->group;
2377 if (wpa_key_mgmt_fils(sm->wpa_key_mgmt)) {
2378 kek = sm->PTK.kek2;
2379 kek_len = sm->PTK.kek2_len;
2381 kek = sm->PTK.kek;
2382 kek_len = sm->PTK.kek_len;
2385 bigtk_len = wpa_cipher_key_len(wpa_auth->conf.group_mgmt_cipher);
2387 /* Sub-elem ID[1] | Length[1] | KeyID[2] | BIPN[6] | Key Length[1] |
2394 pos = subelem;
2395 *pos++ = FTIE_SUBELEM_BIGTK;
2396 *pos++ = subelem_len - 2;
2397 WPA_PUT_LE16(pos, gsm->GN_bigtk);
2398 pos += 2;
2399 wpa_auth_get_seqnum(wpa_auth, NULL, gsm->GN_bigtk, pos);
2400 pos += 6;
2401 *pos++ = bigtk_len;
2402 bigtk = gsm->BIGTK[gsm->GN_bigtk - 6];
2403 if (sm->wpa_key_mgmt == WPA_KEY_MGMT_OSEN) {
2414 if (aes_wrap(kek, kek_len, bigtk_len / 8, bigtk, pos)) {
2428 u8 *pos, u8 *end, u8 id, u8 descr_count,
2439 if (end - pos < (int) sizeof(*rdie)) {
2441 return pos;
2444 *pos++ = WLAN_EID_RIC_DATA;
2445 *pos++ = sizeof(*rdie);
2446 rdie = (struct rsn_rdie *) pos;
2447 rdie->id = id;
2448 rdie->descr_count = 0;
2449 rdie->status_code = host_to_le16(WLAN_STATUS_SUCCESS);
2450 pos += sizeof(*rdie);
2455 rdie->status_code =
2457 return pos;
2466 rdie->status_code =
2468 return pos;
2470 if (end - pos < (int) sizeof(*tspec)) {
2473 rdie->status_code =
2475 return pos;
2477 tspec = (struct wmm_tspec_element *) pos;
2478 os_memcpy(tspec, parse.wmm_tspec - 2, sizeof(*tspec));
2482 if (parse.wmm_tspec && sm->wpa_auth->conf.ap_mlme) {
2485 res = wmm_process_tspec((struct wmm_tspec_element *) pos);
2488 rdie->status_code =
2491 rdie->status_code =
2495 rdie->descr_count = 1;
2496 pos += sizeof(struct wmm_tspec_element);
2498 return pos;
2502 if (parse.wmm_tspec && !sm->wpa_auth->conf.ap_mlme) {
2505 res = wpa_ft_add_tspec(sm->wpa_auth, sm->addr, pos,
2509 rdie->status_code = host_to_le16(res);
2513 rdie->descr_count = 1;
2514 pos += sizeof(struct wmm_tspec_element);
2516 return pos;
2521 rdie->status_code = host_to_le16(WLAN_STATUS_UNSPECIFIED_FAILURE);
2522 return pos;
2526 static u8 * wpa_ft_process_ric(struct wpa_state_machine *sm, u8 *pos, u8 *end,
2549 pos = wpa_ft_process_rdie(sm, pos, end, rdie->id,
2550 rdie->descr_count,
2551 start, rpos - start);
2554 return pos;
2558 u8 * wpa_sm_write_assoc_resp_ies(struct wpa_state_machine *sm, u8 *pos,
2579 return pos;
2581 conf = &sm->wpa_auth->conf;
2583 if (!wpa_key_mgmt_ft(sm->wpa_key_mgmt))
2584 return pos;
2586 end = pos + max_len;
2590 sm->wpa_auth->conf.rsne_override_ft_set) {
2592 "TESTING: RSNE FT override for MIC calculation");
2593 rsnie = sm->wpa_auth->conf.rsne_override_ft;
2594 rsnie_len = sm->wpa_auth->conf.rsne_override_ft_len;
2595 if (end - pos < (long int) rsnie_len)
2596 return pos;
2597 os_memcpy(pos, rsnie, rsnie_len);
2598 rsnie = pos;
2599 pos += rsnie_len;
2600 if (rsnie_len > PMKID_LEN && sm->pmk_r1_name_valid) {
2605 if (rsnie[rsnie_len - 1 - idx] != 0xff)
2609 os_memcpy(&rsnie[rsnie_len - PMKID_LEN],
2610 sm->pmk_r1_name, WPA_PMK_NAME_LEN);
2618 (sm->wpa_key_mgmt & (WPA_KEY_MGMT_FT_FILS_SHA256 |
2620 if (!sm->pmk_r1_name_valid) {
2626 sm->pmk_r1_name, WPA_PMK_NAME_LEN);
2633 res = wpa_write_rsn_ie(conf, pos, end - pos, sm->pmk_r1_name);
2636 rsnie = pos;
2638 pos += res;
2642 res = wpa_write_mdie(conf, pos, end - pos);
2645 mdie = pos;
2647 pos += res;
2657 r0kh_id = sm->r0kh_id;
2658 r0kh_id_len = sm->r0kh_id_len;
2659 anonce = sm->ANonce;
2660 snonce = sm->SNonce;
2661 if (sm->mgmt_frame_prot) {
2683 if (sm->mgmt_frame_prot && conf->beacon_prot) {
2711 if (wpa_channel_info(sm->wpa_auth, &ci) != 0) {
2718 if (conf->oci_freq_override_ft_assoc) {
2720 "TEST: Override OCI frequency %d -> %u MHz",
2722 conf->oci_freq_override_ft_assoc);
2723 ci.frequency = conf->oci_freq_override_ft_assoc;
2735 ocipos = subelem + subelem_len - 2 - OCV_OCI_LEN;
2745 r0kh_id = conf->r0_key_holder;
2746 r0kh_id_len = conf->r0_key_holder_len;
2751 (conf->sae_pwe == SAE_PWE_HASH_TO_ELEMENT ||
2752 conf->sae_pwe == SAE_PWE_BOTH);
2754 if (sm->wpa_auth->conf.ft_rsnxe_used) {
2755 rsnxe_used = sm->wpa_auth->conf.ft_rsnxe_used == 1;
2760 key_len = sm->xxkey_len;
2762 key_len = sm->pmk_r1_len;
2763 if (!key_len && sm->wpa_key_mgmt == WPA_KEY_MGMT_FT_SAE_EXT_KEY &&
2764 sm->wpa_auth->cb->get_psk) {
2767 if (sm->wpa_auth->cb->get_psk(sm->wpa_auth->cb_ctx,
2768 sm->addr, sm->p2p_dev_addr,
2772 res = wpa_write_ftie(conf, sm->wpa_key_mgmt, key_len,
2774 anonce, snonce, pos, end - pos,
2779 ftie = pos;
2781 pos += res;
2783 if (sm->wpa_key_mgmt == WPA_KEY_MGMT_FT_SAE_EXT_KEY &&
2788 fte_mic = _ftie->mic;
2789 elem_count = &_ftie->mic_control[1];
2790 } else if ((sm->wpa_key_mgmt == WPA_KEY_MGMT_FT_SAE_EXT_KEY &&
2792 wpa_key_mgmt_sha384(sm->wpa_key_mgmt)) {
2796 fte_mic = _ftie->mic;
2797 elem_count = &_ftie->mic_control[1];
2801 fte_mic = _ftie->mic;
2802 elem_count = &_ftie->mic_control[1];
2807 ric_start = pos;
2809 sm->wpa_key_mgmt, false) == 0 && parse.ric) {
2810 pos = wpa_ft_process_ric(sm, pos, end, parse.ric,
2815 pos - ric_start);
2817 if (ric_start == pos)
2823 res = wpa_write_rsnxe(&sm->wpa_auth->conf, rsnxe,
2826 pos = NULL;
2833 sm->wpa_auth->conf.rsnxe_override_ft_set) {
2835 "TESTING: RSNXE FT override for MIC calculation");
2836 rsnxe = sm->wpa_auth->conf.rsnxe_override_ft;
2837 rsnxe_len = sm->wpa_auth->conf.rsnxe_override_ft_len;
2843 if (wpa_key_mgmt_fils(sm->wpa_key_mgmt)) {
2844 kck = sm->PTK.kck2;
2845 kck_len = sm->PTK.kck2_len;
2847 kck = sm->PTK.kck;
2848 kck_len = sm->PTK.kck_len;
2851 wpa_ft_mic(sm->wpa_key_mgmt, kck, kck_len,
2852 sm->addr, sm->wpa_auth->addr, 6,
2855 ric_start, ric_start ? pos - ric_start : 0,
2859 wpa_printf(MSG_DEBUG, "FT: Failed to calculate MIC");
2860 pos = NULL;
2864 os_free(sm->assoc_resp_ftie);
2865 sm->assoc_resp_ftie = os_malloc(ftie_len);
2866 if (!sm->assoc_resp_ftie) {
2867 pos = NULL;
2870 os_memcpy(sm->assoc_resp_ftie, ftie, ftie_len);
2874 return pos;
2884 if (wpa_auth->cb->set_key == NULL)
2885 return -1;
2886 return wpa_auth->cb->set_key(wpa_auth->cb_ctx, vlan_id, alg, addr, idx,
2897 if (!wpa_auth->cb->set_ltf_keyseed)
2898 return -1;
2899 return wpa_auth->cb->set_ltf_keyseed(wpa_auth->cb_ctx, peer_addr,
2908 if (!wpa_auth->cb->add_sta_ft)
2909 return -1;
2910 return wpa_auth->cb->add_sta_ft(wpa_auth->cb_ctx, addr);
2919 /* MLME-SETKEYS.request(PTK) */
2920 alg = wpa_cipher_to_alg(sm->pairwise);
2921 klen = wpa_cipher_key_len(sm->pairwise);
2922 if (!wpa_cipher_valid_pairwise(sm->pairwise)) {
2923 wpa_printf(MSG_DEBUG, "FT: Unknown pairwise alg 0x%x - skip "
2924 "PTK configuration", sm->pairwise);
2928 if (sm->tk_already_set) {
2932 "FT: Do not re-install same PTK to the driver");
2937 wpa_auth_add_sta_ft(sm->wpa_auth, sm->addr);
2945 if (wpa_auth_set_key(sm->wpa_auth, 0, alg, sm->addr, sm->keyidx_active,
2946 sm->PTK.tk, klen, KEY_FLAG_PAIRWISE_RX_TX))
2950 if (sm->wpa_auth->conf.secure_ltf &&
2951 ieee802_11_rsnx_capab(sm->rsnxe, WLAN_RSNX_CAPAB_SECURE_LTF) &&
2952 wpa_auth_set_ltf_keyseed(sm->wpa_auth, sm->addr,
2953 sm->PTK.ltf_keyseed,
2954 sm->PTK.ltf_keyseed_len)) {
2961 /* FIX: MLME-SetProtection.Request(TA, Tx_Rx) */
2962 sm->pairwise_set = true;
2963 sm->tk_already_set = true;
2965 wpa_auth_store_ptksa(sm->wpa_auth, sm->addr, sm->pairwise,
2966 dot11RSNAConfigPMKLifetime, &sm->PTK);
2970 /* Derive PMK-R1 from PSK, check all available PSK */
2983 struct wpa_authenticator *wpa_auth = sm->wpa_auth;
2984 const u8 *mdid = wpa_auth->conf.mobility_domain;
2985 const u8 *r0kh = sm->r0kh_id;
2986 size_t r0kh_len = sm->r0kh_id_len;
2987 const u8 *r1kh = wpa_auth->conf.r1_key_holder;
2988 const u8 *ssid = wpa_auth->conf.ssid;
2989 size_t ssid_len = wpa_auth->conf.ssid_len;
2992 pairwise = sm->pairwise;
2995 pmk = wpa_ft_get_psk(wpa_auth, sm->addr, sm->p2p_dev_addr,
3001 r0kh_len, sm->addr,
3005 sm->addr, pmk_r1, pmk_r1_name) < 0 ||
3012 "FT: Found PSK to generate PMK-R1 locally");
3016 os_memcpy(sm->PMK, pmk, PMK_LEN);
3017 sm->pmk_len = PMK_LEN;
3019 wpa_ft_get_vlan(sm->wpa_auth, sm->addr, out_vlan) < 0) {
3021 MACSTR, MAC2STR(sm->addr));
3022 return -1;
3027 sm->wpa_auth, sm->addr, out_identity);
3032 sm->wpa_auth, sm->addr, out_radius_cui);
3037 sm->wpa_auth, sm->addr);
3044 "FT: Did not find PSK to generate PMK-R1 locally");
3045 return -1;
3050 * Required to detect FT-PSK and pairwise cipher.
3057 if (sm->wpa_key_mgmt)
3060 key_mgmt = parse->key_mgmt & sm->wpa_auth->conf.wpa_key_mgmt;
3063 MACSTR, parse->key_mgmt, MAC2STR(sm->addr));
3064 return -1;
3067 sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_IEEE8021X;
3070 sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_IEEE8021X_SHA384;
3073 sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_PSK;
3076 sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_FILS_SHA256;
3078 sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_FILS_SHA384;
3080 ciphers = parse->pairwise_cipher & sm->wpa_auth->conf.rsn_pairwise;
3084 parse->pairwise_cipher, MAC2STR(sm->addr));
3085 return -1;
3087 sm->pairwise = wpa_pick_pairwise_cipher(ciphers, 0);
3106 struct wpa_auth_config *conf = &wpa_auth->conf;
3112 if (conf->r0_key_holder_len != r0kh_id_len ||
3113 os_memcmp(conf->r0_key_holder, r0kh_id, conf->r0_key_holder_len) !=
3115 return -1; /* not our R0KH-ID */
3117 wpa_printf(MSG_DEBUG, "FT: STA R0KH-ID matching local configuration");
3118 if (wpa_ft_fetch_pmk_r0(sm->wpa_auth, sm->addr, req_pmk_r0_name, &r0) <
3120 return -1; /* no matching PMKR0Name in local cache */
3124 if (wpa_derive_pmk_r1(r0->pmk_r0, r0->pmk_r0_len, r0->pmk_r0_name,
3125 conf->r1_key_holder,
3126 sm->addr, out_pmk_r1, out_pmk_r1_name) < 0)
3127 return -1;
3130 if (r0->expiration)
3131 expires_in = r0->expiration - now.sec;
3133 if (r0->session_timeout)
3134 session_timeout = r0->session_timeout - now.sec;
3136 wpa_ft_store_pmk_r1(wpa_auth, sm->addr, out_pmk_r1, r0->pmk_r0_len,
3138 sm->pairwise, r0->vlan, expires_in, session_timeout,
3139 r0->identity, r0->identity_len,
3140 r0->radius_cui, r0->radius_cui_len);
3142 *out_pairwise = sm->pairwise;
3144 if (r0->vlan)
3145 *vlan = *r0->vlan;
3151 *identity = r0->identity;
3152 *identity_len = r0->identity_len;
3156 *radius_cui = r0->radius_cui;
3157 *radius_cui_len = r0->radius_cui_len;
3162 *pmk_r1_len = r0->pmk_r0_len;
3179 u8 *pos, *end;
3190 sm->pmk_r1_name_valid = 0;
3191 conf = &sm->wpa_auth->conf;
3203 os_memcmp(mdie->mobility_domain,
3204 sm->wpa_auth->conf.mobility_domain,
3218 wpa_printf(MSG_DEBUG, "FT: Invalid FTIE - no R0KH-ID");
3223 wpa_hexdump(MSG_DEBUG, "FT: STA R0KH-ID",
3225 os_memcpy(sm->r0kh_id, parse.r0kh_id, parse.r0kh_id_len);
3226 sm->r0kh_id_len = parse.r0kh_id_len;
3240 if (conf->ft_psk_generate_local &&
3241 wpa_key_mgmt_ft_psk(sm->wpa_key_mgmt)) {
3243 sm->wpa_auth->conf.r1_key_holder,
3244 sm->addr, pmk_r1_name, PMK_LEN) < 0)
3255 "FT: Generated PMK-R1 for FT-PSK locally");
3259 /* Need to test all possible hash algorithms for FT-SAE-EXT-KEY since
3270 sm->wpa_auth->conf.r1_key_holder,
3271 sm->addr, pmk_r1_name, len) < 0)
3274 if (wpa_ft_fetch_pmk_r1(sm->wpa_auth, sm->addr, pmk_r1_name,
3287 "FT: No PMK-R1 available in local cache for the requested PMKR1Name");
3288 if (wpa_ft_local_derive_pmk_r1(sm->wpa_auth, sm,
3296 "FT: Generated PMK-R1 based on local PMK-R0");
3302 "FT: Did not have matching PMK-R1 and either unknown or blocked R0KH-ID or NAK from R0KH");
3307 retval = -1; /* Status pending */
3311 wpa_hexdump_key(MSG_DEBUG, "FT: Selected PMK-R1", pmk_r1, pmk_r1_len);
3312 sm->pmk_r1_name_valid = 1;
3313 os_memcpy(sm->pmk_r1_name, pmk_r1_name, WPA_PMK_NAME_LEN);
3314 os_memcpy(sm->pmk_r1, pmk_r1, pmk_r1_len);
3315 sm->pmk_r1_len = pmk_r1_len;
3317 if (random_get_bytes(sm->ANonce, WPA_NONCE_LEN)) {
3323 /* Now that we know the correct PMK-R1 length and as such, the length
3324 * of the MIC field, fetch the SNonce. */
3335 os_memcpy(sm->SNonce, ftie->snonce, WPA_NONCE_LEN);
3346 os_memcpy(sm->SNonce, ftie->snonce, WPA_NONCE_LEN);
3357 os_memcpy(sm->SNonce, ftie->snonce, WPA_NONCE_LEN);
3361 sm->SNonce, WPA_NONCE_LEN);
3363 sm->ANonce, WPA_NONCE_LEN);
3365 if (sm->wpa_auth->conf.force_kdk_derivation ||
3366 (sm->wpa_auth->conf.secure_ltf &&
3367 ieee802_11_rsnx_capab(sm->rsnxe, WLAN_RSNX_CAPAB_SECURE_LTF)))
3372 if (wpa_pmk_r1_to_ptk(pmk_r1, pmk_r1_len, sm->SNonce, sm->ANonce,
3373 sm->addr, sm->wpa_auth->addr, pmk_r1_name,
3374 &sm->PTK, ptk_name, parse.key_mgmt,
3379 if (sm->wpa_auth->conf.secure_ltf &&
3380 ieee802_11_rsnx_capab(sm->rsnxe, WLAN_RSNX_CAPAB_SECURE_LTF) &&
3381 wpa_ltf_keyseed(&sm->PTK, parse.key_mgmt, pairwise)) {
3387 sm->pairwise = pairwise;
3388 sm->PTK_valid = true;
3389 sm->tk_already_set = false;
3392 if (wpa_ft_set_vlan(sm->wpa_auth, sm->addr, &vlan) < 0) {
3396 if (wpa_ft_set_identity(sm->wpa_auth, sm->addr,
3398 wpa_ft_set_radius_cui(sm->wpa_auth, sm->addr,
3403 wpa_ft_set_session_timeout(sm->wpa_auth, sm->addr, session_timeout);
3411 pos = *resp_ies;
3414 ret = wpa_write_rsn_ie(conf, pos, end - pos, parse.rsn_pmkid);
3417 pos += ret;
3419 ret = wpa_write_mdie(conf, pos, end - pos);
3422 pos += ret;
3426 sm->ANonce, sm->SNonce, pos, end - pos, NULL, 0,
3430 pos += ret;
3432 *resp_ies_len = pos - *resp_ies;
3465 MAC2STR(sm->addr), MAC2STR(sm->wpa_auth->addr),
3467 sm->ft_pending_cb = cb;
3468 sm->ft_pending_cb_ctx = ctx;
3469 sm->ft_pending_auth_transaction = auth_transaction;
3470 sm->ft_pending_pull_left_retries = sm->wpa_auth->conf.rkh_pull_retries;
3481 MAC2STR(sm->addr), auth_transaction + 1, status,
3484 cb(ctx, sm->addr, auth_transaction + 1, status, resp_ies, resp_ies_len);
3494 u8 mic[WPA_EAPOL_KEY_MIC_MAX_LEN];
3505 conf = &sm->wpa_auth->conf;
3509 if (wpa_ft_parse_ies(ies, ies_len, &parse, sm->wpa_key_mgmt,
3526 if (os_memcmp_const(parse.rsn_pmkid, sm->pmk_r1_name, WPA_PMK_NAME_LEN)
3536 os_memcmp(mdie->mobility_domain, conf->mobility_domain,
3543 if (sm->wpa_key_mgmt == WPA_KEY_MGMT_FT_SAE_EXT_KEY &&
3544 sm->pmk_r1_len == SHA512_MAC_LEN)
3546 else if ((sm->wpa_key_mgmt == WPA_KEY_MGMT_FT_SAE_EXT_KEY &&
3547 sm->pmk_r1_len == SHA384_MAC_LEN) ||
3548 wpa_key_mgmt_sha384(sm->wpa_key_mgmt))
3562 if (os_memcmp(parse.fte_snonce, sm->SNonce, WPA_NONCE_LEN) != 0) {
3567 sm->SNonce, WPA_NONCE_LEN);
3572 if (os_memcmp(parse.fte_anonce, sm->ANonce, WPA_NONCE_LEN) != 0) {
3577 sm->ANonce, WPA_NONCE_LEN);
3583 wpa_printf(MSG_DEBUG, "FT: No R0KH-ID subelem in FTIE");
3588 if (parse.r0kh_id_len != sm->r0kh_id_len ||
3589 os_memcmp_const(parse.r0kh_id, sm->r0kh_id, parse.r0kh_id_len) != 0)
3591 wpa_printf(MSG_DEBUG, "FT: R0KH-ID in FTIE did not match with "
3592 "the current R0KH-ID");
3593 wpa_hexdump(MSG_DEBUG, "FT: R0KH-ID in FTIE",
3595 wpa_hexdump(MSG_DEBUG, "FT: The current R0KH-ID",
3596 sm->r0kh_id, sm->r0kh_id_len);
3602 wpa_printf(MSG_DEBUG, "FT: No R1KH-ID subelem in FTIE");
3607 if (os_memcmp_const(parse.r1kh_id, conf->r1_key_holder,
3609 wpa_printf(MSG_DEBUG, "FT: Unknown R1KH-ID used in "
3611 wpa_hexdump(MSG_DEBUG, "FT: R1KH-ID in FTIE",
3613 wpa_hexdump(MSG_DEBUG, "FT: Expected R1KH-ID",
3614 conf->r1_key_holder, FT_R1KH_ID_LEN);
3620 os_memcmp_const(parse.rsn_pmkid, sm->pmk_r1_name, WPA_PMK_NAME_LEN))
3634 wpa_printf(MSG_DEBUG, "FT: Unexpected IE count in MIC "
3640 if (wpa_key_mgmt_fils(sm->wpa_key_mgmt)) {
3641 kck = sm->PTK.kck2;
3642 kck_len = sm->PTK.kck2_len;
3644 kck = sm->PTK.kck;
3645 kck_len = sm->PTK.kck_len;
3647 if (wpa_ft_mic(sm->wpa_key_mgmt, kck, kck_len,
3648 sm->addr, sm->wpa_auth->addr, 5,
3649 parse.mdie - 2, parse.mdie_len + 2,
3650 parse.ftie - 2, parse.ftie_len + 2,
3651 parse.rsn - 2, parse.rsn_len + 2,
3653 parse.rsnxe ? parse.rsnxe - 2 : NULL,
3656 mic) < 0) {
3657 wpa_printf(MSG_DEBUG, "FT: Failed to calculate MIC");
3661 if (os_memcmp_const(mic, parse.fte_mic, mic_len) != 0) {
3662 wpa_printf(MSG_DEBUG, "FT: Invalid MIC in FTIE");
3664 MAC2STR(sm->addr), MAC2STR(sm->wpa_auth->addr));
3665 wpa_hexdump(MSG_MSGDUMP, "FT: Received MIC",
3667 wpa_hexdump(MSG_MSGDUMP, "FT: Calculated MIC", mic, mic_len);
3669 parse.mdie - 2, parse.mdie_len + 2);
3671 parse.ftie - 2, parse.ftie_len + 2);
3673 parse.rsn - 2, parse.rsn_len + 2);
3675 parse.rsnxe ? parse.rsnxe - 2 : NULL,
3682 (conf->sae_pwe == SAE_PWE_HASH_TO_ELEMENT ||
3683 conf->sae_pwe == SAE_PWE_BOTH) &&
3687 retval = -1; /* discard request */
3698 if (wpa_channel_info(sm->wpa_auth, &ci) != 0) {
3719 if (sm->wpa_auth->conf.msg_ctx)
3720 wpa_msg(sm->wpa_auth->conf.msg_ctx, MSG_INFO,
3722 " frame=ft-reassoc-req error=%s",
3723 MAC2STR(sm->addr), ocv_errorstr);
3746 return -1;
3756 return -1;
3763 ies_len = len - 14;
3769 if (!ether_addr_equal(sta_addr, sm->addr)) {
3771 "STA=" MACSTR " STA-Address=" MACSTR,
3772 MAC2STR(sm->addr), MAC2STR(sta_addr));
3773 return -1;
3782 ether_addr_equal(target_ap, sm->wpa_auth->addr)) {
3785 return -1;
3790 if (!sm->wpa_auth->conf.ft_over_ds) {
3791 wpa_printf(MSG_DEBUG, "FT: Over-DS option disabled - reject");
3792 return -1;
3795 /* RRB - Forward action frame to the target AP */
3798 return -1;
3799 frame->frame_type = RSN_REMOTE_FRAME_TYPE_FT_RRB;
3800 frame->packet_type = FT_PACKET_REQUEST;
3801 frame->action_length = host_to_le16(len);
3802 os_memcpy(frame->ap_address, sm->wpa_auth->addr, ETH_ALEN);
3805 wpa_ft_rrb_send(sm->wpa_auth, target_ap, (u8 *) frame,
3818 wpa_printf(MSG_DEBUG, "FT: Over-the-DS RX request cb for " MACSTR,
3819 MAC2STR(sm->addr));
3820 wpa_ft_send_rrb_auth_resp(sm, sm->ft_pending_current_ap, sm->addr,
3839 return -1;
3844 sm->ft_pending_cb = wpa_ft_rrb_rx_request_cb;
3845 sm->ft_pending_cb_ctx = sm;
3846 os_memcpy(sm->ft_pending_current_ap, current_ap, ETH_ALEN);
3847 sm->ft_pending_pull_left_retries = sm->wpa_auth->conf.rkh_pull_retries;
3851 wpa_printf(MSG_DEBUG, "FT: No immediate response available - wait for pull response");
3868 struct wpa_authenticator *wpa_auth = sm->wpa_auth;
3871 u8 *pos;
3875 MAC2STR(sm->addr), MAC2STR(current_ap), status,
3879 /* RRB - Forward action frame response to the Current AP */
3889 return -1;
3890 frame->frame_type = RSN_REMOTE_FRAME_TYPE_FT_RRB;
3891 frame->packet_type = FT_PACKET_RESPONSE;
3892 frame->action_length = host_to_le16(rlen);
3893 os_memcpy(frame->ap_address, wpa_auth->addr, ETH_ALEN);
3894 pos = (u8 *) (frame + 1);
3895 *pos++ = WLAN_ACTION_FT;
3896 *pos++ = 2; /* Action: Response */
3897 os_memcpy(pos, sta_addr, ETH_ALEN);
3898 pos += ETH_ALEN;
3899 os_memcpy(pos, wpa_auth->addr, ETH_ALEN);
3900 pos += ETH_ALEN;
3901 WPA_PUT_LE16(pos, status);
3902 pos += 2;
3904 os_memcpy(pos, resp_ies, resp_ies_len);
3923 size_t pmk_r1_len = pmk_r0->pmk_r0_len;
3941 { .type = FT_RRB_IDENTITY, .len = pmk_r0->identity_len,
3942 .data = pmk_r0->identity },
3943 { .type = FT_RRB_RADIUS_CUI, .len = pmk_r0->radius_cui_len,
3944 .data = pmk_r0->radius_cui },
3951 wpa_printf(MSG_DEBUG, "FT: Derive PMK-R1 for peer AP");
3952 if (wpa_derive_pmk_r1(pmk_r0->pmk_r0, pmk_r0->pmk_r0_len,
3953 pmk_r0->pmk_r0_name, r1kh_id,
3955 return -1;
3956 WPA_PUT_LE16(f_pairwise, pmk_r0->pairwise);
3959 if (pmk_r0->expiration > now.sec)
3960 expires_in = pmk_r0->expiration - now.sec;
3961 else if (pmk_r0->expiration)
3967 if (pmk_r0->session_timeout > now.sec)
3968 session_timeout = pmk_r0->session_timeout - now.sec;
3969 else if (pmk_r0->session_timeout)
3976 pmk_r0->vlan, src_addr, type,
4007 wpa_printf(MSG_DEBUG, "FT: Received PMK-R1 pull");
4009 RRB_GET_AUTH(FT_RRB_R0KH_ID, r0kh_id, msgtype, -1);
4010 wpa_hexdump(MSG_DEBUG, "FT: R0KH-ID", f_r0kh_id, f_r0kh_id_len);
4013 wpa_printf(MSG_DEBUG, "FT: R0KH-ID mismatch");
4018 wpa_printf(MSG_DEBUG, "FT: R1KH-ID=" MACSTR, MAC2STR(f_r1kh_id));
4022 key = r1kh->key;
4023 key_len = sizeof(r1kh->key);
4025 wpa_printf(MSG_DEBUG, "FT: Using wildcard R1KH-ID");
4026 key = r1kh_wildcard->key;
4027 key_len = sizeof(r1kh_wildcard->key);
4037 seq_ret = wpa_ft_rrb_seq_chk(r1kh->seq, src_addr, enc, enc_len,
4040 (!r1kh || !ether_addr_equal(r1kh->addr, src_addr))) {
4041 /* wildcard: r1kh-id unknown or changed addr -> do a seq req */
4056 wpa_auth->conf.rkh_pos_timeout);
4061 wpa_ft_rrb_seq_req(wpa_auth, r1kh->seq, src_addr, f_r0kh_id,
4068 wpa_ft_rrb_seq_accept(wpa_auth, r1kh->seq, src_addr, auth, auth_len,
4071 wpa_auth->conf.rkh_pos_timeout);
4078 wpa_printf(MSG_DEBUG, "FT: S1KH-ID=" MACSTR, MAC2STR(f_s1kh_id));
4080 if (wpa_ft_new_seq(r1kh->seq, &f_seq) < 0) {
4085 wpa_printf(MSG_DEBUG, "FT: Send PMK-R1 pull response from " MACSTR
4087 MAC2STR(wpa_auth->addr), MAC2STR(src_addr));
4113 wpa_printf(MSG_DEBUG, "FT: No matching PMK-R0-Name found");
4115 NULL, wpa_auth->addr,
4120 f_s1kh_id, resp_auth, wpa_auth->addr,
4139 * -1 on error
4140 * -2 if FR_RRB_PAIRWISE is missing
4170 int ret = -1;
4176 RRB_GET_AUTH(FT_RRB_R0KH_ID, r0kh_id, msgtype, -1);
4177 wpa_hexdump(MSG_DEBUG, "FT: R0KH-ID", f_r0kh_id, f_r0kh_id_len);
4180 wpa_printf(MSG_DEBUG, "FT: R1KH-ID=" MACSTR, MAC2STR(f_r1kh_id));
4183 wpa_printf(MSG_DEBUG, "FT: R1KH-ID mismatch");
4190 key = r0kh->key;
4191 key_len = sizeof(r0kh->key);
4193 wpa_printf(MSG_DEBUG, "FT: Using wildcard R0KH-ID");
4194 key = r0kh_wildcard->key;
4195 key_len = sizeof(r0kh_wildcard->key);
4202 seq_ret = wpa_ft_rrb_seq_chk(r0kh->seq, src_addr, enc, enc_len,
4207 (!r0kh || !ether_addr_equal(r0kh->addr, src_addr))) {
4208 /* wildcard: r0kh-id unknown or changed addr -> do a seq req */
4222 wpa_auth->conf.rkh_pos_timeout);
4227 wpa_ft_rrb_seq_req(wpa_auth, r0kh->seq, src_addr, f_r0kh_id,
4233 wpa_ft_rrb_seq_accept(wpa_auth, r0kh->seq, src_addr, auth, auth_len,
4236 wpa_auth->conf.rkh_pos_timeout);
4239 wpa_printf(MSG_DEBUG, "FT: S1KH-ID=" MACSTR, MAC2STR(f_s1kh_id));
4244 ret = -2;
4248 ret = -1;
4260 wpa_hexdump_key(MSG_DEBUG, "FT: PMK-R1", f_pmk_r1, pmk_r1_len);
4271 wpa_printf(MSG_DEBUG, "FT: PMK-R1 %s - expires_in=%d", msgtype,
4283 RRB_GET_OPTIONAL(FT_RRB_IDENTITY, identity, msgtype, -1);
4288 RRB_GET_OPTIONAL(FT_RRB_RADIUS_CUI, radius_cui, msgtype, -1);
4324 if (!sm->ft_pending_cb || !sm->ft_pending_req_ies)
4327 res = wpa_ft_process_auth_req(sm, wpabuf_head(sm->ft_pending_req_ies),
4328 wpabuf_len(sm->ft_pending_req_ies),
4336 wpabuf_free(sm->ft_pending_req_ies);
4337 sm->ft_pending_req_ies = NULL;
4340 " - status %u", MAC2STR(sm->addr), status);
4342 sm->ft_pending_cb(sm->ft_pending_cb_ctx, sm->addr,
4343 sm->ft_pending_auth_transaction + 1, status,
4360 if ((info->s1kh_id &&
4361 !ether_addr_equal(info->s1kh_id, sm->addr)) ||
4362 os_memcmp(info->nonce, sm->ft_pending_pull_nonce,
4364 sm->ft_pending_cb == NULL || sm->ft_pending_req_ies == NULL)
4367 info->sm = sm;
4380 int nak, ret = -1;
4386 wpa_printf(MSG_DEBUG, "FT: Received PMK-R1 pull response");
4396 return -1;
4402 if (ret == -2) {
4409 return -1;
4415 MAC2STR(ctx.sm->addr));
4418 ctx.sm->ft_pending_pull_left_retries = 0;
4434 wpa_printf(MSG_DEBUG, "FT: Received PMK-R1 push");
4439 return -1;
4466 RRB_GET_AUTH(FT_RRB_R0KH_ID, r0kh_id, "seq", -1);
4473 wpa_printf(MSG_DEBUG, "FT: seq - local R0KH-ID and R1KH-ID");
4478 wpa_printf(MSG_DEBUG, "FT: seq - remote R0KH-ID and R1KH-ID");
4486 (!r0kh || !ether_addr_equal(r0kh->addr, src_addr))) {
4487 wpa_hexdump(MSG_DEBUG, "FT: Did not find R0KH-ID",
4492 *key = r0kh->key;
4493 *key_len = sizeof(r0kh->key);
4495 *key = r0kh_wildcard->key;
4496 *key_len = sizeof(r0kh_wildcard->key);
4504 (!r1kh || !ether_addr_equal(r1kh->addr, src_addr))) {
4505 wpa_hexdump(MSG_DEBUG, "FT: Did not find R1KH-ID",
4510 *key = r1kh->key;
4511 *key_len = sizeof(r1kh->key);
4513 *key = r1kh_wildcard->key;
4514 *key_len = sizeof(r1kh_wildcard->key);
4534 *rkh_seq = r0kh->seq;
4550 *rkh_seq = r1kh->seq;
4559 return -1;
4569 int ret = -1;
4586 wpa_hexdump(MSG_DEBUG, "FT: seq request - nonce", f_nonce, f_nonce_len);
4588 RRB_GET_AUTH(FT_RRB_R0KH_ID, r0kh_id, "seq", -1);
4598 MAC2STR(wpa_auth->addr), MAC2STR(src_addr));
4617 wpa_auth->addr, FT_PACKET_R0KH_R1KH_SEQ_RESP,
4660 wpa_hexdump(MSG_DEBUG, "FT: seq response - nonce", f_nonce,
4664 dl_list_for_each(item, &rkh_seq->rx.queue, struct ft_remote_item,
4666 if (os_memcmp_const(f_nonce, item->nonce,
4669 os_reltime_expired(&now, &item->nonce_ts, ftRRBseqTimeout))
4676 wpa_printf(MSG_DEBUG, "FT: seq response - bad nonce");
4682 wpa_auth->conf.rkh_pos_timeout);
4684 os_memcpy(r0kh->addr, src_addr, ETH_ALEN);
4689 wpa_auth->conf.rkh_pos_timeout);
4691 os_memcpy(r1kh->addr, src_addr, ETH_ALEN);
4697 wpa_printf(MSG_DEBUG, "FT: seq response - valid seq number");
4701 wpa_printf(MSG_DEBUG, "FT: seq response - reset seq number");
4707 msg_dom = le_to_host32(msg_both->dom);
4708 msg_seq = le_to_host32(msg_both->seq);
4709 now_remote.sec = le_to_host32(msg_both->ts);
4712 rkh_seq->rx.num_last = 2;
4713 rkh_seq->rx.dom = msg_dom;
4714 rkh_seq->rx.offsetidx = 0;
4716 rkh_seq->rx.last[0] = msg_seq - FT_REMOTE_SEQ_BACKLOG -
4717 dl_list_len(&rkh_seq->rx.queue);
4718 rkh_seq->rx.last[1] = msg_seq;
4720 /* local time - offset = remote time
4721 * <=> local time - remote time = offset */
4722 os_reltime_sub(&now, &now_remote, &rkh_seq->rx.time_offset);
4729 return -1;
4738 const u8 *pos, *end, *start;
4748 return -1;
4751 pos = data;
4752 frame = (struct ft_rrb_frame *) pos;
4753 pos += sizeof(*frame);
4755 alen = le_to_host16(frame->action_length);
4756 wpa_printf(MSG_DEBUG, "FT: RRB frame - frame_type=%d packet_type=%d "
4758 frame->frame_type, frame->packet_type, alen,
4759 MAC2STR(frame->ap_address));
4761 if (frame->frame_type != RSN_REMOTE_FRAME_TYPE_FT_RRB) {
4762 /* Discard frame per IEEE Std 802.11r-2008, 11A.10.3 */
4764 "unrecognized type %d", frame->frame_type);
4765 return -1;
4768 if (alen > data_len - sizeof(*frame)) {
4771 return -1;
4774 wpa_hexdump(MSG_MSGDUMP, "FT: RRB - FT Action frame", pos, alen);
4780 return -1;
4782 start = pos;
4783 end = pos + alen;
4785 if (*pos != WLAN_ACTION_FT) {
4787 "%d", *pos);
4788 return -1;
4791 pos++;
4792 action = *pos++;
4793 sta_addr = pos;
4794 pos += ETH_ALEN;
4795 target_ap_addr = pos;
4796 pos += ETH_ALEN;
4801 if (frame->packet_type == FT_PACKET_REQUEST) {
4802 wpa_printf(MSG_DEBUG, "FT: FT Packet Type - Request");
4807 return -1;
4810 if (!ether_addr_equal(target_ap_addr, wpa_auth->addr)) {
4814 return -1;
4817 if (wpa_ft_rrb_rx_request(wpa_auth, frame->ap_address,
4818 sta_addr, pos, end - pos) < 0)
4819 return -1;
4820 } else if (frame->packet_type == FT_PACKET_RESPONSE) {
4823 if (end - pos < 2) {
4826 return -1;
4828 status_code = WPA_GET_LE16(pos);
4830 wpa_printf(MSG_DEBUG, "FT: FT Packet Type - Response "
4834 return -1;
4837 "packet_type %d", frame->packet_type);
4838 return -1;
4853 wpa_printf(MSG_DEBUG, "FT: RRB-OUI(" MACSTR
4856 MAC2STR(wpa_auth->addr), MAC2STR(src_addr), oui_suffix,
4862 "FT: RRB-OUI received frame from multicast address "
4871 wpa_printf(MSG_DEBUG, "FT: RRB-OUI frame too short");
4877 wpa_printf(MSG_DEBUG, "FT: RRB-OUI frame too short");
4884 elen = data_len - sizeof(u16) - alen;
4924 .data = pmk_r0->pmk_r0_name },
4931 .len = wpa_auth->conf.r0_key_holder_len,
4932 .data = wpa_auth->conf.r0_key_holder },
4934 .data = r1kh->id },
4938 if (wpa_ft_new_seq(r1kh->seq, &f_seq) < 0) {
4940 return -1;
4943 wpa_printf(MSG_DEBUG, "FT: Send PMK-R1 push from " MACSTR
4945 MAC2STR(wpa_auth->addr), MAC2STR(r1kh->addr));
4947 if (wpa_ft_rrb_build_r0(r1kh->key, sizeof(r1kh->key), push, pmk_r0,
4948 r1kh->id, s1kh_id, push_auth, wpa_auth->addr,
4951 return -1;
4953 wpa_ft_rrb_oui_send(wpa_auth, r1kh->addr, FT_PACKET_R0KH_R1KH_PUSH,
4963 struct wpa_ft_pmk_cache *cache = wpa_auth->ft_pmk_cache;
4967 if (!wpa_auth->conf.pmk_r1_push)
4969 if (!wpa_auth->conf.r1kh_list)
4972 dl_list_for_each(r0, &cache->pmk_r0, struct wpa_ft_pmk_r0_sa, list) {
4973 if (ether_addr_equal(r0->spa, addr)) {
4980 if (r0 == NULL || r0->pmk_r1_pushed)
4982 r0->pmk_r1_pushed = 1;
4984 wpa_printf(MSG_DEBUG, "FT: Deriving and pushing PMK-R1 keys to R1KHs "
4987 for (r1kh = *wpa_auth->conf.r1kh_list; r1kh; r1kh = r1kh->next) {
4988 if (is_zero_ether_addr(r1kh->addr) ||
4989 is_zero_ether_addr(r1kh->id))