00001
00016 #include "includes.h"
00017
00018 #include "common.h"
00019 #include "wpa.h"
00020 #include "wpa_i.h"
00021 #include "wpa_ie.h"
00022 #include "aes_wrap.h"
00023 #include "ieee802_11_defs.h"
00024 #include "ieee802_11_common.h"
00025
00026 #ifdef CONFIG_IEEE80211R
00027
00028 int wpa_derive_ptk_ft(struct wpa_sm *sm, const unsigned char *src_addr,
00029 const struct wpa_eapol_key *key,
00030 struct wpa_ptk *ptk, size_t ptk_len)
00031 {
00032 u8 pmk_r1_name[WPA_PMK_NAME_LEN];
00033 u8 ptk_name[WPA_PMK_NAME_LEN];
00034 const u8 *anonce = key->key_nonce;
00035
00036 if (sm->xxkey_len == 0) {
00037 wpa_printf(MSG_DEBUG, "FT: XXKey not available for key "
00038 "derivation");
00039 return -1;
00040 }
00041
00042 wpa_derive_pmk_r0(sm->xxkey, sm->xxkey_len, sm->ssid,
00043 sm->ssid_len, sm->mobility_domain,
00044 sm->r0kh_id, sm->r0kh_id_len, sm->own_addr,
00045 sm->pmk_r0, sm->pmk_r0_name);
00046 wpa_hexdump_key(MSG_DEBUG, "FT: PMK-R0", sm->pmk_r0, PMK_LEN);
00047 wpa_hexdump(MSG_DEBUG, "FT: PMKR0Name",
00048 sm->pmk_r0_name, WPA_PMK_NAME_LEN);
00049 wpa_derive_pmk_r1(sm->pmk_r0, sm->pmk_r0_name, sm->r1kh_id,
00050 sm->own_addr, sm->pmk_r1, pmk_r1_name);
00051 wpa_hexdump_key(MSG_DEBUG, "FT: PMK-R1", sm->pmk_r1, PMK_LEN);
00052 wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name", pmk_r1_name, WPA_PMK_NAME_LEN);
00053 wpa_pmk_r1_to_ptk(sm->pmk_r1, sm->snonce, anonce, sm->own_addr,
00054 sm->bssid, pmk_r1_name,
00055 (u8 *) ptk, ptk_len, ptk_name);
00056 wpa_hexdump_key(MSG_DEBUG, "FT: PTK", (u8 *) ptk, ptk_len);
00057 wpa_hexdump(MSG_DEBUG, "FT: PTKName", ptk_name, WPA_PMK_NAME_LEN);
00058
00059 return 0;
00060 }
00061
00062
00073 int wpa_sm_set_ft_params(struct wpa_sm *sm, const u8 *mobility_domain,
00074 const u8 *r0kh_id, size_t r0kh_id_len,
00075 const u8 *r1kh_id)
00076 {
00077 if (sm && mobility_domain) {
00078 wpa_hexdump(MSG_DEBUG, "FT: Mobility domain",
00079 mobility_domain, MOBILITY_DOMAIN_ID_LEN);
00080 os_memcpy(sm->mobility_domain, mobility_domain,
00081 MOBILITY_DOMAIN_ID_LEN);
00082 } else if (sm)
00083 os_memset(sm->mobility_domain, 0, MOBILITY_DOMAIN_ID_LEN);
00084
00085 if (sm && r0kh_id) {
00086 if (r0kh_id_len > FT_R0KH_ID_MAX_LEN)
00087 return -1;
00088 wpa_hexdump(MSG_DEBUG, "FT: R0KH-ID", r0kh_id, r0kh_id_len);
00089 os_memcpy(sm->r0kh_id, r0kh_id, r0kh_id_len);
00090 sm->r0kh_id_len = r0kh_id_len;
00091 } else if (sm) {
00092
00093
00094
00095
00096
00097
00098 }
00099
00100 if (sm && r1kh_id) {
00101 wpa_hexdump(MSG_DEBUG, "FT: R1KH-ID", r1kh_id, FT_R1KH_ID_LEN);
00102 os_memcpy(sm->r1kh_id, r1kh_id, FT_R1KH_ID_LEN);
00103 } else if (sm)
00104 os_memset(sm->r1kh_id, 0, FT_R1KH_ID_LEN);
00105
00106 return 0;
00107 }
00108
00109
00125 static u8 * wpa_ft_gen_req_ies(struct wpa_sm *sm, size_t *len,
00126 const u8 *anonce, const u8 *pmk_name,
00127 const u8 *kck, const u8 *target_ap,
00128 const u8 *ric_ies, size_t ric_ies_len)
00129 {
00130 size_t buf_len;
00131 u8 *buf, *pos, *ftie_len, *ftie_pos;
00132 struct rsn_mdie *mdie;
00133 struct rsn_ftie *ftie;
00134 struct rsn_ie_hdr *rsnie;
00135 u16 capab;
00136
00137 sm->ft_completed = 0;
00138
00139 buf_len = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) +
00140 2 + sm->r0kh_id_len + ric_ies_len + 100;
00141 buf = os_zalloc(buf_len);
00142 if (buf == NULL)
00143 return NULL;
00144 pos = buf;
00145
00146
00147 rsnie = (struct rsn_ie_hdr *) pos;
00148 rsnie->elem_id = WLAN_EID_RSN;
00149 WPA_PUT_LE16(rsnie->version, RSN_VERSION);
00150 pos = (u8 *) (rsnie + 1);
00151
00152
00153 if (sm->group_cipher == WPA_CIPHER_CCMP)
00154 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_CCMP);
00155 else if (sm->group_cipher == WPA_CIPHER_TKIP)
00156 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_TKIP);
00157 else {
00158 wpa_printf(MSG_WARNING, "FT: Invalid group cipher (%d)",
00159 sm->group_cipher);
00160 os_free(buf);
00161 return NULL;
00162 }
00163 pos += RSN_SELECTOR_LEN;
00164
00165
00166 WPA_PUT_LE16(pos, 1);
00167 pos += 2;
00168
00169
00170 if (sm->pairwise_cipher == WPA_CIPHER_CCMP)
00171 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_CCMP);
00172 else if (sm->pairwise_cipher == WPA_CIPHER_TKIP)
00173 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_TKIP);
00174 else {
00175 wpa_printf(MSG_WARNING, "FT: Invalid pairwise cipher (%d)",
00176 sm->pairwise_cipher);
00177 os_free(buf);
00178 return NULL;
00179 }
00180 pos += RSN_SELECTOR_LEN;
00181
00182
00183 WPA_PUT_LE16(pos, 1);
00184 pos += 2;
00185
00186
00187 if (sm->key_mgmt == WPA_KEY_MGMT_FT_IEEE8021X)
00188 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_802_1X);
00189 else if (sm->key_mgmt == WPA_KEY_MGMT_FT_PSK)
00190 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_PSK);
00191 else {
00192 wpa_printf(MSG_WARNING, "FT: Invalid key management type (%d)",
00193 sm->key_mgmt);
00194 os_free(buf);
00195 return NULL;
00196 }
00197 pos += RSN_SELECTOR_LEN;
00198
00199
00200 capab = 0;
00201 #ifdef CONFIG_IEEE80211W
00202 if (sm->mgmt_group_cipher == WPA_CIPHER_AES_128_CMAC)
00203 capab |= WPA_CAPABILITY_MFPC;
00204 #endif
00205 WPA_PUT_LE16(pos, capab);
00206 pos += 2;
00207
00208
00209 WPA_PUT_LE16(pos, 1);
00210 pos += 2;
00211
00212
00213 os_memcpy(pos, pmk_name, WPA_PMK_NAME_LEN);
00214 pos += WPA_PMK_NAME_LEN;
00215
00216 #ifdef CONFIG_IEEE80211W
00217 if (sm->mgmt_group_cipher == WPA_CIPHER_AES_128_CMAC) {
00218
00219 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_AES_128_CMAC);
00220 pos += RSN_SELECTOR_LEN;
00221 }
00222 #endif
00223
00224 rsnie->len = (pos - (u8 *) rsnie) - 2;
00225
00226
00227 *pos++ = WLAN_EID_MOBILITY_DOMAIN;
00228 *pos++ = sizeof(*mdie);
00229 mdie = (struct rsn_mdie *) pos;
00230 pos += sizeof(*mdie);
00231 os_memcpy(mdie->mobility_domain, sm->mobility_domain,
00232 MOBILITY_DOMAIN_ID_LEN);
00233 mdie->ft_capab = 0;
00234
00235
00236 ftie_pos = pos;
00237 *pos++ = WLAN_EID_FAST_BSS_TRANSITION;
00238 ftie_len = pos++;
00239 ftie = (struct rsn_ftie *) pos;
00240 pos += sizeof(*ftie);
00241 os_memcpy(ftie->snonce, sm->snonce, WPA_NONCE_LEN);
00242 if (anonce)
00243 os_memcpy(ftie->anonce, anonce, WPA_NONCE_LEN);
00244
00245 *pos++ = FTIE_SUBELEM_R0KH_ID;
00246 *pos++ = sm->r0kh_id_len;
00247 os_memcpy(pos, sm->r0kh_id, sm->r0kh_id_len);
00248 pos += sm->r0kh_id_len;
00249 *ftie_len = pos - ftie_len - 1;
00250
00251 if (ric_ies) {
00252
00253 os_memcpy(pos, ric_ies, ric_ies_len);
00254 pos += ric_ies_len;
00255 }
00256
00257 if (kck) {
00258
00259
00260
00261
00262
00263
00264
00265
00266
00267
00268
00269
00270 ftie->mic_control[1] = 3 + ieee802_11_ie_count(ric_ies,
00271 ric_ies_len);
00272 if (wpa_ft_mic(kck, sm->own_addr, target_ap, 5,
00273 ((u8 *) mdie) - 2, 2 + sizeof(*mdie),
00274 ftie_pos, 2 + *ftie_len,
00275 (u8 *) rsnie, 2 + rsnie->len, ric_ies,
00276 ric_ies_len, ftie->mic) < 0) {
00277 wpa_printf(MSG_INFO, "FT: Failed to calculate MIC");
00278 os_free(buf);
00279 return NULL;
00280 }
00281 }
00282
00283 *len = pos - buf;
00284
00285 return buf;
00286 }
00287
00288
00289 struct wpa_ft_ies {
00290 const u8 *mdie;
00291 size_t mdie_len;
00292 const u8 *ftie;
00293 size_t ftie_len;
00294 const u8 *r1kh_id;
00295 const u8 *gtk;
00296 size_t gtk_len;
00297 const u8 *r0kh_id;
00298 size_t r0kh_id_len;
00299 const u8 *rsn;
00300 size_t rsn_len;
00301 const u8 *rsn_pmkid;
00302 const u8 *tie;
00303 size_t tie_len;
00304 const u8 *igtk;
00305 size_t igtk_len;
00306 const u8 *ric;
00307 size_t ric_len;
00308 };
00309
00310
00311 static int wpa_ft_parse_ftie(const u8 *ie, size_t ie_len,
00312 struct wpa_ft_ies *parse)
00313 {
00314 const u8 *end, *pos;
00315
00316 parse->ftie = ie;
00317 parse->ftie_len = ie_len;
00318
00319 pos = ie + sizeof(struct rsn_ftie);
00320 end = ie + ie_len;
00321
00322 while (pos + 2 <= end && pos + 2 + pos[1] <= end) {
00323 switch (pos[0]) {
00324 case FTIE_SUBELEM_R1KH_ID:
00325 if (pos[1] != FT_R1KH_ID_LEN) {
00326 wpa_printf(MSG_DEBUG, "FT: Invalid R1KH-ID "
00327 "length in FTIE: %d", pos[1]);
00328 return -1;
00329 }
00330 parse->r1kh_id = pos + 2;
00331 break;
00332 case FTIE_SUBELEM_GTK:
00333 parse->gtk = pos + 2;
00334 parse->gtk_len = pos[1];
00335 break;
00336 case FTIE_SUBELEM_R0KH_ID:
00337 if (pos[1] < 1 || pos[1] > FT_R0KH_ID_MAX_LEN) {
00338 wpa_printf(MSG_DEBUG, "FT: Invalid R0KH-ID "
00339 "length in FTIE: %d", pos[1]);
00340 return -1;
00341 }
00342 parse->r0kh_id = pos + 2;
00343 parse->r0kh_id_len = pos[1];
00344 break;
00345 #ifdef CONFIG_IEEE80211W
00346 case FTIE_SUBELEM_IGTK:
00347 parse->igtk = pos + 2;
00348 parse->igtk_len = pos[1];
00349 break;
00350 #endif
00351 }
00352
00353 pos += 2 + pos[1];
00354 }
00355
00356 return 0;
00357 }
00358
00359
00360 static int wpa_ft_parse_ies(const u8 *ies, size_t ies_len,
00361 struct wpa_ft_ies *parse)
00362 {
00363 const u8 *end, *pos;
00364 struct wpa_ie_data data;
00365 int ret;
00366 const struct rsn_ftie *ftie;
00367 int prot_ie_count = 0;
00368
00369 os_memset(parse, 0, sizeof(*parse));
00370 if (ies == NULL)
00371 return 0;
00372
00373 pos = ies;
00374 end = ies + ies_len;
00375 while (pos + 2 <= end && pos + 2 + pos[1] <= end) {
00376 switch (pos[0]) {
00377 case WLAN_EID_RSN:
00378 parse->rsn = pos + 2;
00379 parse->rsn_len = pos[1];
00380 ret = wpa_parse_wpa_ie_rsn(parse->rsn - 2,
00381 parse->rsn_len + 2,
00382 &data);
00383 if (ret < 0) {
00384 wpa_printf(MSG_DEBUG, "FT: Failed to parse "
00385 "RSN IE: %d", ret);
00386 return -1;
00387 }
00388 if (data.num_pmkid == 1 && data.pmkid)
00389 parse->rsn_pmkid = data.pmkid;
00390 break;
00391 case WLAN_EID_MOBILITY_DOMAIN:
00392 parse->mdie = pos + 2;
00393 parse->mdie_len = pos[1];
00394 break;
00395 case WLAN_EID_FAST_BSS_TRANSITION:
00396 if (pos[1] < sizeof(*ftie))
00397 return -1;
00398 ftie = (const struct rsn_ftie *) (pos + 2);
00399 prot_ie_count = ftie->mic_control[1];
00400 if (wpa_ft_parse_ftie(pos + 2, pos[1], parse) < 0)
00401 return -1;
00402 break;
00403 case WLAN_EID_TIMEOUT_INTERVAL:
00404 parse->tie = pos + 2;
00405 parse->tie_len = pos[1];
00406 break;
00407 case WLAN_EID_RIC_DATA:
00408 if (parse->ric == NULL)
00409 parse->ric = pos;
00410 }
00411
00412 pos += 2 + pos[1];
00413 }
00414
00415 if (prot_ie_count == 0)
00416 return 0;
00417
00418
00419
00420
00421
00422 if (parse->rsn)
00423 prot_ie_count--;
00424 if (parse->mdie)
00425 prot_ie_count--;
00426 if (parse->ftie)
00427 prot_ie_count--;
00428 if (parse->tie)
00429 prot_ie_count--;
00430 if (prot_ie_count < 0) {
00431 wpa_printf(MSG_DEBUG, "FT: Some required IEs not included in "
00432 "the protected IE count");
00433 return -1;
00434 }
00435
00436 if (prot_ie_count == 0 && parse->ric) {
00437 wpa_printf(MSG_DEBUG, "FT: RIC IE(s) in the frame, but not "
00438 "included in protected IE count");
00439 return -1;
00440 }
00441
00442
00443 pos = parse->ric;
00444 while (pos && pos + 2 <= end && pos + 2 + pos[1] <= end &&
00445 prot_ie_count) {
00446 prot_ie_count--;
00447 pos += 2 + pos[1];
00448 }
00449 parse->ric_len = pos - parse->ric;
00450 if (prot_ie_count) {
00451 wpa_printf(MSG_DEBUG, "FT: %d protected IEs missing from "
00452 "frame", (int) prot_ie_count);
00453 return -1;
00454 }
00455
00456 return 0;
00457 }
00458
00459
00460 static int wpa_ft_install_ptk(struct wpa_sm *sm, const u8 *bssid)
00461 {
00462 int keylen;
00463 wpa_alg alg;
00464 u8 null_rsc[6] = { 0, 0, 0, 0, 0, 0 };
00465
00466 wpa_printf(MSG_DEBUG, "FT: Installing PTK to the driver.");
00467
00468 switch (sm->pairwise_cipher) {
00469 case WPA_CIPHER_CCMP:
00470 alg = WPA_ALG_CCMP;
00471 keylen = 16;
00472 break;
00473 case WPA_CIPHER_TKIP:
00474 alg = WPA_ALG_TKIP;
00475 keylen = 32;
00476 break;
00477 default:
00478 wpa_printf(MSG_WARNING, "FT: Unsupported pairwise cipher %d",
00479 sm->pairwise_cipher);
00480 return -1;
00481 }
00482
00483 if (wpa_sm_set_key(sm, alg, bssid, 0, 1, null_rsc,
00484 sizeof(null_rsc), (u8 *) sm->ptk.tk1, keylen) < 0) {
00485 wpa_printf(MSG_WARNING, "FT: Failed to set PTK to the driver");
00486 return -1;
00487 }
00488
00489 return 0;
00490 }
00491
00492
00499 int wpa_ft_prepare_auth_request(struct wpa_sm *sm)
00500 {
00501 u8 *ft_ies;
00502 size_t ft_ies_len;
00503
00504
00505 if (os_get_random(sm->snonce, WPA_NONCE_LEN)) {
00506 wpa_printf(MSG_INFO, "FT: Failed to generate a new SNonce");
00507 return -1;
00508 }
00509
00510 ft_ies = wpa_ft_gen_req_ies(sm, &ft_ies_len, NULL, sm->pmk_r0_name,
00511 NULL, sm->bssid, NULL, 0);
00512 if (ft_ies) {
00513 wpa_sm_update_ft_ies(sm, sm->mobility_domain,
00514 ft_ies, ft_ies_len);
00515 os_free(ft_ies);
00516 }
00517
00518 return 0;
00519 }
00520
00521
00522 int wpa_ft_process_response(struct wpa_sm *sm, const u8 *ies, size_t ies_len,
00523 int ft_action, const u8 *target_ap,
00524 const u8 *ric_ies, size_t ric_ies_len)
00525 {
00526 u8 *ft_ies;
00527 size_t ft_ies_len, ptk_len;
00528 struct wpa_ft_ies parse;
00529 struct rsn_mdie *mdie;
00530 struct rsn_ftie *ftie;
00531 u8 ptk_name[WPA_PMK_NAME_LEN];
00532 int ret;
00533 const u8 *bssid;
00534
00535 wpa_hexdump(MSG_DEBUG, "FT: Response IEs", ies, ies_len);
00536 wpa_hexdump(MSG_DEBUG, "FT: RIC IEs", ric_ies, ric_ies_len);
00537
00538 if (ft_action) {
00539 if (!sm->over_the_ds_in_progress) {
00540 wpa_printf(MSG_DEBUG, "FT: No over-the-DS in progress "
00541 "- drop FT Action Response");
00542 return -1;
00543 }
00544
00545 if (os_memcmp(target_ap, sm->target_ap, ETH_ALEN) != 0) {
00546 wpa_printf(MSG_DEBUG, "FT: No over-the-DS in progress "
00547 "with this Target AP - drop FT Action "
00548 "Response");
00549 return -1;
00550 }
00551 }
00552
00553 if (sm->key_mgmt != WPA_KEY_MGMT_FT_IEEE8021X &&
00554 sm->key_mgmt != WPA_KEY_MGMT_FT_PSK) {
00555 wpa_printf(MSG_DEBUG, "FT: Reject FT IEs since FT is not "
00556 "enabled for this connection");
00557 return -1;
00558 }
00559
00560 if (wpa_ft_parse_ies(ies, ies_len, &parse) < 0) {
00561 wpa_printf(MSG_DEBUG, "FT: Failed to parse IEs");
00562 return -1;
00563 }
00564
00565 mdie = (struct rsn_mdie *) parse.mdie;
00566 if (mdie == NULL || parse.mdie_len < sizeof(*mdie) ||
00567 os_memcmp(mdie->mobility_domain, sm->mobility_domain,
00568 MOBILITY_DOMAIN_ID_LEN) != 0) {
00569 wpa_printf(MSG_DEBUG, "FT: Invalid MDIE");
00570 return -1;
00571 }
00572
00573 ftie = (struct rsn_ftie *) parse.ftie;
00574 if (ftie == NULL || parse.ftie_len < sizeof(*ftie)) {
00575 wpa_printf(MSG_DEBUG, "FT: Invalid FTIE");
00576 return -1;
00577 }
00578
00579 if (parse.r0kh_id == NULL) {
00580 wpa_printf(MSG_DEBUG, "FT: No R0KH-ID subelem in FTIE");
00581 return -1;
00582 }
00583
00584 if (parse.r0kh_id_len != sm->r0kh_id_len ||
00585 os_memcmp(parse.r0kh_id, sm->r0kh_id, parse.r0kh_id_len) != 0) {
00586 wpa_printf(MSG_DEBUG, "FT: R0KH-ID in FTIE did not match with "
00587 "the current R0KH-ID");
00588 wpa_hexdump(MSG_DEBUG, "FT: R0KH-ID in FTIE",
00589 parse.r0kh_id, parse.r0kh_id_len);
00590 wpa_hexdump(MSG_DEBUG, "FT: The current R0KH-ID",
00591 sm->r0kh_id, sm->r0kh_id_len);
00592 return -1;
00593 }
00594
00595 if (parse.r1kh_id == NULL) {
00596 wpa_printf(MSG_DEBUG, "FT: No R1KH-ID subelem in FTIE");
00597 return -1;
00598 }
00599
00600 if (parse.rsn_pmkid == NULL ||
00601 os_memcmp(parse.rsn_pmkid, sm->pmk_r0_name, WPA_PMK_NAME_LEN)) {
00602 wpa_printf(MSG_DEBUG, "FT: No matching PMKR0Name (PMKID) in "
00603 "RSNIE");
00604 return -1;
00605 }
00606
00607 os_memcpy(sm->r1kh_id, parse.r1kh_id, FT_R1KH_ID_LEN);
00608 wpa_hexdump(MSG_DEBUG, "FT: R1KH-ID", sm->r1kh_id, FT_R1KH_ID_LEN);
00609 wpa_hexdump(MSG_DEBUG, "FT: SNonce", sm->snonce, WPA_NONCE_LEN);
00610 wpa_hexdump(MSG_DEBUG, "FT: ANonce", ftie->anonce, WPA_NONCE_LEN);
00611 wpa_derive_pmk_r1(sm->pmk_r0, sm->pmk_r0_name, sm->r1kh_id,
00612 sm->own_addr, sm->pmk_r1, sm->pmk_r1_name);
00613 wpa_hexdump_key(MSG_DEBUG, "FT: PMK-R1", sm->pmk_r1, PMK_LEN);
00614 wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name",
00615 sm->pmk_r1_name, WPA_PMK_NAME_LEN);
00616
00617 bssid = target_ap;
00618 ptk_len = sm->pairwise_cipher == WPA_CIPHER_CCMP ? 48 : 64;
00619 wpa_pmk_r1_to_ptk(sm->pmk_r1, sm->snonce, ftie->anonce, sm->own_addr,
00620 bssid, sm->pmk_r1_name,
00621 (u8 *) &sm->ptk, ptk_len, ptk_name);
00622 wpa_hexdump_key(MSG_DEBUG, "FT: PTK",
00623 (u8 *) &sm->ptk, ptk_len);
00624 wpa_hexdump(MSG_DEBUG, "FT: PTKName", ptk_name, WPA_PMK_NAME_LEN);
00625
00626 ft_ies = wpa_ft_gen_req_ies(sm, &ft_ies_len, ftie->anonce,
00627 sm->pmk_r1_name, sm->ptk.kck, bssid,
00628 ric_ies, ric_ies_len);
00629 if (ft_ies) {
00630 wpa_sm_update_ft_ies(sm, sm->mobility_domain,
00631 ft_ies, ft_ies_len);
00632 os_free(ft_ies);
00633 }
00634
00635 ret = wpa_ft_install_ptk(sm, bssid);
00636
00637 if (ret == 0) {
00638 sm->ft_completed = 1;
00639 if (ft_action) {
00640
00641
00642
00643 os_memcpy(sm->bssid, target_ap, ETH_ALEN);
00644 }
00645 }
00646
00647 return ret;
00648 }
00649
00650
00651 int wpa_ft_is_completed(struct wpa_sm *sm)
00652 {
00653 if (sm == NULL)
00654 return 0;
00655
00656 if (sm->key_mgmt != WPA_KEY_MGMT_FT_IEEE8021X &&
00657 sm->key_mgmt != WPA_KEY_MGMT_FT_PSK)
00658 return 0;
00659
00660 return sm->ft_completed;
00661 }
00662
00663
00664 static int wpa_ft_process_gtk_subelem(struct wpa_sm *sm, const u8 *gtk_elem,
00665 size_t gtk_elem_len)
00666 {
00667 u8 gtk[32];
00668 int keyidx;
00669 wpa_alg alg;
00670 size_t gtk_len, keylen, rsc_len;
00671
00672 if (gtk_elem == NULL) {
00673 wpa_printf(MSG_DEBUG, "FT: No GTK included in FTIE");
00674 return 0;
00675 }
00676
00677 wpa_hexdump_key(MSG_DEBUG, "FT: Received GTK in Reassoc Resp",
00678 gtk_elem, gtk_elem_len);
00679
00680 if (gtk_elem_len < 10 + 24 || (gtk_elem_len - 10) % 8 ||
00681 gtk_elem_len - 18 > sizeof(gtk)) {
00682 wpa_printf(MSG_DEBUG, "FT: Invalid GTK sub-elem "
00683 "length %lu", (unsigned long) gtk_elem_len);
00684 return -1;
00685 }
00686 gtk_len = gtk_elem_len - 18;
00687 if (aes_unwrap(sm->ptk.kek, gtk_len / 8, gtk_elem + 10, gtk)) {
00688 wpa_printf(MSG_WARNING, "FT: AES unwrap failed - could not "
00689 "decrypt GTK");
00690 return -1;
00691 }
00692
00693 switch (sm->group_cipher) {
00694 case WPA_CIPHER_CCMP:
00695 keylen = 16;
00696 rsc_len = 6;
00697 alg = WPA_ALG_CCMP;
00698 break;
00699 case WPA_CIPHER_TKIP:
00700 keylen = 32;
00701 rsc_len = 6;
00702 alg = WPA_ALG_TKIP;
00703 break;
00704 case WPA_CIPHER_WEP104:
00705 keylen = 13;
00706 rsc_len = 0;
00707 alg = WPA_ALG_WEP;
00708 break;
00709 case WPA_CIPHER_WEP40:
00710 keylen = 5;
00711 rsc_len = 0;
00712 alg = WPA_ALG_WEP;
00713 break;
00714 default:
00715 wpa_printf(MSG_WARNING, "WPA: Unsupported Group Cipher %d",
00716 sm->group_cipher);
00717 return -1;
00718 }
00719
00720 if (gtk_len < keylen) {
00721 wpa_printf(MSG_DEBUG, "FT: Too short GTK in FTIE");
00722 return -1;
00723 }
00724
00725
00726
00727 keyidx = gtk_elem[0] & 0x03;
00728
00729 if (gtk_elem[1] != keylen) {
00730 wpa_printf(MSG_DEBUG, "FT: GTK length mismatch: received %d "
00731 "negotiated %lu",
00732 gtk_elem[1], (unsigned long) keylen);
00733 return -1;
00734 }
00735
00736 wpa_hexdump_key(MSG_DEBUG, "FT: GTK from Reassoc Resp", gtk, keylen);
00737 if (wpa_sm_set_key(sm, alg, (u8 *) "\xff\xff\xff\xff\xff\xff",
00738 keyidx, 0, gtk_elem + 2, rsc_len, gtk, keylen) <
00739 0) {
00740 wpa_printf(MSG_WARNING, "WPA: Failed to set GTK to the "
00741 "driver.");
00742 return -1;
00743 }
00744
00745 return 0;
00746 }
00747
00748
00749 #ifdef CONFIG_IEEE80211W
00750 static int wpa_ft_process_igtk_subelem(struct wpa_sm *sm, const u8 *igtk_elem,
00751 size_t igtk_elem_len)
00752 {
00753 u8 igtk[WPA_IGTK_LEN];
00754 u16 keyidx;
00755
00756 if (sm->mgmt_group_cipher != WPA_CIPHER_AES_128_CMAC)
00757 return 0;
00758
00759 if (igtk_elem == NULL) {
00760 wpa_printf(MSG_DEBUG, "FT: No IGTK included in FTIE");
00761 return 0;
00762 }
00763
00764 wpa_hexdump_key(MSG_DEBUG, "FT: Received IGTK in Reassoc Resp",
00765 igtk_elem, igtk_elem_len);
00766
00767 if (igtk_elem_len != 2 + 6 + 1 + WPA_IGTK_LEN + 8) {
00768 wpa_printf(MSG_DEBUG, "FT: Invalid IGTK sub-elem "
00769 "length %lu", (unsigned long) igtk_elem_len);
00770 return -1;
00771 }
00772 if (igtk_elem[8] != WPA_IGTK_LEN) {
00773 wpa_printf(MSG_DEBUG, "FT: Invalid IGTK sub-elem Key Length "
00774 "%d", igtk_elem[8]);
00775 return -1;
00776 }
00777
00778 if (aes_unwrap(sm->ptk.kek, WPA_IGTK_LEN / 8, igtk_elem + 9, igtk)) {
00779 wpa_printf(MSG_WARNING, "FT: AES unwrap failed - could not "
00780 "decrypt IGTK");
00781 return -1;
00782 }
00783
00784
00785
00786 keyidx = WPA_GET_LE16(igtk_elem);
00787
00788 wpa_hexdump_key(MSG_DEBUG, "FT: IGTK from Reassoc Resp", igtk,
00789 WPA_IGTK_LEN);
00790 if (wpa_sm_set_key(sm, WPA_ALG_IGTK, (u8 *) "\xff\xff\xff\xff\xff\xff",
00791 keyidx, 0, igtk_elem + 2, 6, igtk, WPA_IGTK_LEN) <
00792 0) {
00793 wpa_printf(MSG_WARNING, "WPA: Failed to set IGTK to the "
00794 "driver.");
00795 return -1;
00796 }
00797
00798 return 0;
00799 }
00800 #endif
00801
00802
00803 int wpa_ft_validate_reassoc_resp(struct wpa_sm *sm, const u8 *ies,
00804 size_t ies_len, const u8 *src_addr)
00805 {
00806 struct wpa_ft_ies parse;
00807 struct rsn_mdie *mdie;
00808 struct rsn_ftie *ftie;
00809 size_t count;
00810 u8 mic[16];
00811
00812 wpa_hexdump(MSG_DEBUG, "FT: Response IEs", ies, ies_len);
00813
00814 if (sm->key_mgmt != WPA_KEY_MGMT_FT_IEEE8021X &&
00815 sm->key_mgmt != WPA_KEY_MGMT_FT_PSK) {
00816 wpa_printf(MSG_DEBUG, "FT: Reject FT IEs since FT is not "
00817 "enabled for this connection");
00818 return -1;
00819 }
00820
00821 if (wpa_ft_parse_ies(ies, ies_len, &parse) < 0) {
00822 wpa_printf(MSG_DEBUG, "FT: Failed to parse IEs");
00823 return -1;
00824 }
00825
00826 mdie = (struct rsn_mdie *) parse.mdie;
00827 if (mdie == NULL || parse.mdie_len < sizeof(*mdie) ||
00828 os_memcmp(mdie->mobility_domain, sm->mobility_domain,
00829 MOBILITY_DOMAIN_ID_LEN) != 0) {
00830 wpa_printf(MSG_DEBUG, "FT: Invalid MDIE");
00831 return -1;
00832 }
00833
00834 ftie = (struct rsn_ftie *) parse.ftie;
00835 if (ftie == NULL || parse.ftie_len < sizeof(*ftie)) {
00836 wpa_printf(MSG_DEBUG, "FT: Invalid FTIE");
00837 return -1;
00838 }
00839
00840 if (parse.r0kh_id == NULL) {
00841 wpa_printf(MSG_DEBUG, "FT: No R0KH-ID subelem in FTIE");
00842 return -1;
00843 }
00844
00845 if (parse.r0kh_id_len != sm->r0kh_id_len ||
00846 os_memcmp(parse.r0kh_id, sm->r0kh_id, parse.r0kh_id_len) != 0) {
00847 wpa_printf(MSG_DEBUG, "FT: R0KH-ID in FTIE did not match with "
00848 "the current R0KH-ID");
00849 wpa_hexdump(MSG_DEBUG, "FT: R0KH-ID in FTIE",
00850 parse.r0kh_id, parse.r0kh_id_len);
00851 wpa_hexdump(MSG_DEBUG, "FT: The current R0KH-ID",
00852 sm->r0kh_id, sm->r0kh_id_len);
00853 return -1;
00854 }
00855
00856 if (parse.r1kh_id == NULL) {
00857 wpa_printf(MSG_DEBUG, "FT: No R1KH-ID subelem in FTIE");
00858 return -1;
00859 }
00860
00861 if (os_memcmp(parse.r1kh_id, sm->r1kh_id, FT_R1KH_ID_LEN) != 0) {
00862 wpa_printf(MSG_DEBUG, "FT: Unknown R1KH-ID used in "
00863 "ReassocResp");
00864 return -1;
00865 }
00866
00867 if (parse.rsn_pmkid == NULL ||
00868 os_memcmp(parse.rsn_pmkid, sm->pmk_r1_name, WPA_PMK_NAME_LEN)) {
00869 wpa_printf(MSG_DEBUG, "FT: No matching PMKR1Name (PMKID) in "
00870 "RSNIE (pmkid=%d)", !!parse.rsn_pmkid);
00871 return -1;
00872 }
00873
00874 count = 3;
00875 if (parse.tie)
00876 count++;
00877
00878 if (wpa_ft_mic(sm->ptk.kck, sm->own_addr, src_addr, 6,
00879 parse.mdie - 2, parse.mdie_len + 2,
00880 parse.ftie - 2, parse.ftie_len + 2,
00881 parse.rsn - 2, parse.rsn_len + 2,
00882 parse.ric, parse.ric_len,
00883 mic) < 0) {
00884 wpa_printf(MSG_DEBUG, "FT: Failed to calculate MIC");
00885 return -1;
00886 }
00887
00888 if (os_memcmp(mic, ftie->mic, 16) != 0) {
00889 wpa_printf(MSG_DEBUG, "FT: Invalid MIC in FTIE");
00890 wpa_hexdump(MSG_MSGDUMP, "FT: Received MIC", ftie->mic, 16);
00891 wpa_hexdump(MSG_MSGDUMP, "FT: Calculated MIC", mic, 16);
00892 return -1;
00893 }
00894
00895 if (wpa_ft_process_gtk_subelem(sm, parse.gtk, parse.gtk_len) < 0)
00896 return -1;
00897
00898 #ifdef CONFIG_IEEE80211W
00899 if (wpa_ft_process_igtk_subelem(sm, parse.igtk, parse.igtk_len) < 0)
00900 return -1;
00901 #endif
00902
00903 if (parse.ric) {
00904 wpa_hexdump(MSG_MSGDUMP, "FT: RIC Response",
00905 parse.ric, parse.ric_len);
00906
00907 }
00908
00909 return 0;
00910 }
00911
00912
00919 int wpa_ft_start_over_ds(struct wpa_sm *sm, const u8 *target_ap)
00920 {
00921 u8 *ft_ies;
00922 size_t ft_ies_len;
00923
00924 wpa_printf(MSG_DEBUG, "FT: Request over-the-DS with " MACSTR,
00925 MAC2STR(target_ap));
00926
00927
00928 if (os_get_random(sm->snonce, WPA_NONCE_LEN)) {
00929 wpa_printf(MSG_INFO, "FT: Failed to generate a new SNonce");
00930 return -1;
00931 }
00932
00933 ft_ies = wpa_ft_gen_req_ies(sm, &ft_ies_len, NULL, sm->pmk_r0_name,
00934 NULL, target_ap, NULL, 0);
00935 if (ft_ies) {
00936 sm->over_the_ds_in_progress = 1;
00937 os_memcpy(sm->target_ap, target_ap, ETH_ALEN);
00938 wpa_sm_send_ft_action(sm, 1, target_ap, ft_ies, ft_ies_len);
00939 os_free(ft_ies);
00940 }
00941
00942 return 0;
00943 }
00944
00945 #endif
00946
1.6.1
