2 * WPA Supplicant - IEEE 802.11r - Fast BSS Transition
3 * Copyright (c) 2006-2007, Jouni Malinen <j@w1.fi>
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation.
9 * Alternatively, this software may be distributed under the terms of BSD
12 * See README and COPYING for more details.
18 #include "crypto/aes_wrap.h"
19 #include "common/ieee802_11_defs.h"
20 #include "common/ieee802_11_common.h"
25 #ifdef CONFIG_IEEE80211R
48 static int wpa_ft_parse_ies(const u8 *ies, size_t ies_len,
49 struct wpa_ft_ies *parse);
52 int wpa_derive_ptk_ft(struct wpa_sm *sm, const unsigned char *src_addr,
53 const struct wpa_eapol_key *key,
54 struct wpa_ptk *ptk, size_t ptk_len)
56 u8 ptk_name[WPA_PMK_NAME_LEN];
57 const u8 *anonce = key->key_nonce;
59 if (sm->xxkey_len == 0) {
60 wpa_printf(MSG_DEBUG, "FT: XXKey not available for key "
65 wpa_derive_pmk_r0(sm->xxkey, sm->xxkey_len, sm->ssid,
66 sm->ssid_len, sm->mobility_domain,
67 sm->r0kh_id, sm->r0kh_id_len, sm->own_addr,
68 sm->pmk_r0, sm->pmk_r0_name);
69 wpa_hexdump_key(MSG_DEBUG, "FT: PMK-R0", sm->pmk_r0, PMK_LEN);
70 wpa_hexdump(MSG_DEBUG, "FT: PMKR0Name",
71 sm->pmk_r0_name, WPA_PMK_NAME_LEN);
72 wpa_derive_pmk_r1(sm->pmk_r0, sm->pmk_r0_name, sm->r1kh_id,
73 sm->own_addr, sm->pmk_r1, sm->pmk_r1_name);
74 wpa_hexdump_key(MSG_DEBUG, "FT: PMK-R1", sm->pmk_r1, PMK_LEN);
75 wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name", sm->pmk_r1_name,
77 wpa_pmk_r1_to_ptk(sm->pmk_r1, sm->snonce, anonce, sm->own_addr,
78 sm->bssid, sm->pmk_r1_name,
79 (u8 *) ptk, ptk_len, ptk_name);
80 wpa_hexdump_key(MSG_DEBUG, "FT: PTK", (u8 *) ptk, ptk_len);
81 wpa_hexdump(MSG_DEBUG, "FT: PTKName", ptk_name, WPA_PMK_NAME_LEN);
88 * wpa_sm_set_ft_params - Set FT (IEEE 802.11r) parameters
89 * @sm: Pointer to WPA state machine data from wpa_sm_init()
90 * @ies: Association Response IEs or %NULL to clear FT parameters
91 * @ies_len: Length of ies buffer in octets
92 * Returns: 0 on success, -1 on failure
94 int wpa_sm_set_ft_params(struct wpa_sm *sm, const u8 *ies, size_t ies_len)
101 if (wpa_ft_parse_ies(ies, ies_len, &ft) < 0)
104 if (ft.mdie && ft.mdie_len < MOBILITY_DOMAIN_ID_LEN + 1)
108 wpa_hexdump(MSG_DEBUG, "FT: Mobility domain",
109 ft.mdie, MOBILITY_DOMAIN_ID_LEN);
110 os_memcpy(sm->mobility_domain, ft.mdie,
111 MOBILITY_DOMAIN_ID_LEN);
112 sm->mdie_ft_capab = ft.mdie[MOBILITY_DOMAIN_ID_LEN];
113 wpa_printf(MSG_DEBUG, "FT: Capability and Policy: 0x%02x",
116 os_memset(sm->mobility_domain, 0, MOBILITY_DOMAIN_ID_LEN);
119 wpa_hexdump(MSG_DEBUG, "FT: R0KH-ID",
120 ft.r0kh_id, ft.r0kh_id_len);
121 os_memcpy(sm->r0kh_id, ft.r0kh_id, ft.r0kh_id_len);
122 sm->r0kh_id_len = ft.r0kh_id_len;
124 /* FIX: When should R0KH-ID be cleared? We need to keep the
125 * old R0KH-ID in order to be able to use this during FT. */
127 * os_memset(sm->r0kh_id, 0, FT_R0KH_ID_LEN);
128 * sm->r0kh_id_len = 0;
133 wpa_hexdump(MSG_DEBUG, "FT: R1KH-ID",
134 ft.r1kh_id, FT_R1KH_ID_LEN);
135 os_memcpy(sm->r1kh_id, ft.r1kh_id, FT_R1KH_ID_LEN);
137 os_memset(sm->r1kh_id, 0, FT_R1KH_ID_LEN);
139 os_free(sm->assoc_resp_ies);
140 sm->assoc_resp_ies = os_malloc(ft.mdie_len + 2 + ft.ftie_len + 2);
141 if (sm->assoc_resp_ies) {
142 u8 *pos = sm->assoc_resp_ies;
144 os_memcpy(pos, ft.mdie - 2, ft.mdie_len + 2);
145 pos += ft.mdie_len + 2;
148 os_memcpy(pos, ft.ftie - 2, ft.ftie_len + 2);
149 pos += ft.ftie_len + 2;
151 sm->assoc_resp_ies_len = pos - sm->assoc_resp_ies;
152 wpa_hexdump(MSG_DEBUG, "FT: Stored MDIE and FTIE from "
153 "(Re)Association Response",
154 sm->assoc_resp_ies, sm->assoc_resp_ies_len);
162 * wpa_ft_gen_req_ies - Generate FT (IEEE 802.11r) IEs for Auth/ReAssoc Request
163 * @sm: Pointer to WPA state machine data from wpa_sm_init()
164 * @len: Buffer for returning the length of the IEs
165 * @anonce: ANonce or %NULL if not yet available
166 * @pmk_name: PMKR0Name or PMKR1Name to be added into the RSN IE PMKID List
167 * @kck: 128-bit KCK for MIC or %NULL if no MIC is used
168 * @target_ap: Target AP address
169 * @ric_ies: Optional IE(s), e.g., WMM TSPEC(s), for RIC-Request or %NULL
170 * @ric_ies_len: Length of ric_ies buffer in octets
171 * @ap_mdie: Mobility Domain IE from the target AP
172 * Returns: Pointer to buffer with IEs or %NULL on failure
174 * Caller is responsible for freeing the returned buffer with os_free();
176 static u8 * wpa_ft_gen_req_ies(struct wpa_sm *sm, size_t *len,
177 const u8 *anonce, const u8 *pmk_name,
178 const u8 *kck, const u8 *target_ap,
179 const u8 *ric_ies, size_t ric_ies_len,
183 u8 *buf, *pos, *ftie_len, *ftie_pos;
184 struct rsn_mdie *mdie;
185 struct rsn_ftie *ftie;
186 struct rsn_ie_hdr *rsnie;
189 sm->ft_completed = 0;
191 buf_len = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) +
192 2 + sm->r0kh_id_len + ric_ies_len + 100;
193 buf = os_zalloc(buf_len);
198 /* RSNIE[PMKR0Name/PMKR1Name] */
199 rsnie = (struct rsn_ie_hdr *) pos;
200 rsnie->elem_id = WLAN_EID_RSN;
201 WPA_PUT_LE16(rsnie->version, RSN_VERSION);
202 pos = (u8 *) (rsnie + 1);
204 /* Group Suite Selector */
205 if (sm->group_cipher == WPA_CIPHER_CCMP)
206 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_CCMP);
207 else if (sm->group_cipher == WPA_CIPHER_TKIP)
208 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_TKIP);
210 wpa_printf(MSG_WARNING, "FT: Invalid group cipher (%d)",
215 pos += RSN_SELECTOR_LEN;
217 /* Pairwise Suite Count */
218 WPA_PUT_LE16(pos, 1);
221 /* Pairwise Suite List */
222 if (sm->pairwise_cipher == WPA_CIPHER_CCMP)
223 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_CCMP);
224 else if (sm->pairwise_cipher == WPA_CIPHER_TKIP)
225 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_TKIP);
227 wpa_printf(MSG_WARNING, "FT: Invalid pairwise cipher (%d)",
228 sm->pairwise_cipher);
232 pos += RSN_SELECTOR_LEN;
234 /* Authenticated Key Management Suite Count */
235 WPA_PUT_LE16(pos, 1);
238 /* Authenticated Key Management Suite List */
239 if (sm->key_mgmt == WPA_KEY_MGMT_FT_IEEE8021X)
240 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_802_1X);
241 else if (sm->key_mgmt == WPA_KEY_MGMT_FT_PSK)
242 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_PSK);
244 wpa_printf(MSG_WARNING, "FT: Invalid key management type (%d)",
249 pos += RSN_SELECTOR_LEN;
251 /* RSN Capabilities */
253 #ifdef CONFIG_IEEE80211W
254 if (sm->mgmt_group_cipher == WPA_CIPHER_AES_128_CMAC)
255 capab |= WPA_CAPABILITY_MFPC;
256 #endif /* CONFIG_IEEE80211W */
257 WPA_PUT_LE16(pos, capab);
261 WPA_PUT_LE16(pos, 1);
264 /* PMKID List [PMKR0Name/PMKR1Name] */
265 os_memcpy(pos, pmk_name, WPA_PMK_NAME_LEN);
266 pos += WPA_PMK_NAME_LEN;
268 #ifdef CONFIG_IEEE80211W
269 if (sm->mgmt_group_cipher == WPA_CIPHER_AES_128_CMAC) {
270 /* Management Group Cipher Suite */
271 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_AES_128_CMAC);
272 pos += RSN_SELECTOR_LEN;
274 #endif /* CONFIG_IEEE80211W */
276 rsnie->len = (pos - (u8 *) rsnie) - 2;
279 *pos++ = WLAN_EID_MOBILITY_DOMAIN;
280 *pos++ = sizeof(*mdie);
281 mdie = (struct rsn_mdie *) pos;
282 pos += sizeof(*mdie);
283 os_memcpy(mdie->mobility_domain, sm->mobility_domain,
284 MOBILITY_DOMAIN_ID_LEN);
285 mdie->ft_capab = ap_mdie && ap_mdie[1] >= 3 ? ap_mdie[4] :
288 /* FTIE[SNonce, [R1KH-ID,] R0KH-ID ] */
290 *pos++ = WLAN_EID_FAST_BSS_TRANSITION;
292 ftie = (struct rsn_ftie *) pos;
293 pos += sizeof(*ftie);
294 os_memcpy(ftie->snonce, sm->snonce, WPA_NONCE_LEN);
296 os_memcpy(ftie->anonce, anonce, WPA_NONCE_LEN);
298 /* R1KH-ID sub-element in third FT message */
299 *pos++ = FTIE_SUBELEM_R1KH_ID;
300 *pos++ = FT_R1KH_ID_LEN;
301 os_memcpy(pos, sm->r1kh_id, FT_R1KH_ID_LEN);
302 pos += FT_R1KH_ID_LEN;
304 /* R0KH-ID sub-element */
305 *pos++ = FTIE_SUBELEM_R0KH_ID;
306 *pos++ = sm->r0kh_id_len;
307 os_memcpy(pos, sm->r0kh_id, sm->r0kh_id_len);
308 pos += sm->r0kh_id_len;
309 *ftie_len = pos - ftie_len - 1;
313 os_memcpy(pos, ric_ies, ric_ies_len);
319 * IEEE Std 802.11r-2008, 11A.8.4
320 * MIC shall be calculated over:
321 * non-AP STA MAC address
322 * Target AP MAC address
323 * Transaction seq number (5 for ReassocReq, 3 otherwise)
326 * FTIE (with MIC field set to 0)
327 * RIC-Request (if present)
329 /* Information element count */
330 ftie->mic_control[1] = 3 + ieee802_11_ie_count(ric_ies,
332 if (wpa_ft_mic(kck, sm->own_addr, target_ap, 5,
333 ((u8 *) mdie) - 2, 2 + sizeof(*mdie),
334 ftie_pos, 2 + *ftie_len,
335 (u8 *) rsnie, 2 + rsnie->len, ric_ies,
336 ric_ies_len, ftie->mic) < 0) {
337 wpa_printf(MSG_INFO, "FT: Failed to calculate MIC");
349 static int wpa_ft_parse_ftie(const u8 *ie, size_t ie_len,
350 struct wpa_ft_ies *parse)
355 parse->ftie_len = ie_len;
357 pos = ie + sizeof(struct rsn_ftie);
360 while (pos + 2 <= end && pos + 2 + pos[1] <= end) {
362 case FTIE_SUBELEM_R1KH_ID:
363 if (pos[1] != FT_R1KH_ID_LEN) {
364 wpa_printf(MSG_DEBUG, "FT: Invalid R1KH-ID "
365 "length in FTIE: %d", pos[1]);
368 parse->r1kh_id = pos + 2;
370 case FTIE_SUBELEM_GTK:
371 parse->gtk = pos + 2;
372 parse->gtk_len = pos[1];
374 case FTIE_SUBELEM_R0KH_ID:
375 if (pos[1] < 1 || pos[1] > FT_R0KH_ID_MAX_LEN) {
376 wpa_printf(MSG_DEBUG, "FT: Invalid R0KH-ID "
377 "length in FTIE: %d", pos[1]);
380 parse->r0kh_id = pos + 2;
381 parse->r0kh_id_len = pos[1];
383 #ifdef CONFIG_IEEE80211W
384 case FTIE_SUBELEM_IGTK:
385 parse->igtk = pos + 2;
386 parse->igtk_len = pos[1];
388 #endif /* CONFIG_IEEE80211W */
398 static int wpa_ft_parse_ies(const u8 *ies, size_t ies_len,
399 struct wpa_ft_ies *parse)
402 struct wpa_ie_data data;
404 const struct rsn_ftie *ftie;
405 int prot_ie_count = 0;
407 os_memset(parse, 0, sizeof(*parse));
413 while (pos + 2 <= end && pos + 2 + pos[1] <= end) {
416 parse->rsn = pos + 2;
417 parse->rsn_len = pos[1];
418 ret = wpa_parse_wpa_ie_rsn(parse->rsn - 2,
422 wpa_printf(MSG_DEBUG, "FT: Failed to parse "
426 if (data.num_pmkid == 1 && data.pmkid)
427 parse->rsn_pmkid = data.pmkid;
429 case WLAN_EID_MOBILITY_DOMAIN:
430 parse->mdie = pos + 2;
431 parse->mdie_len = pos[1];
433 case WLAN_EID_FAST_BSS_TRANSITION:
434 if (pos[1] < sizeof(*ftie))
436 ftie = (const struct rsn_ftie *) (pos + 2);
437 prot_ie_count = ftie->mic_control[1];
438 if (wpa_ft_parse_ftie(pos + 2, pos[1], parse) < 0)
441 case WLAN_EID_TIMEOUT_INTERVAL:
442 parse->tie = pos + 2;
443 parse->tie_len = pos[1];
445 case WLAN_EID_RIC_DATA:
446 if (parse->ric == NULL)
453 if (prot_ie_count == 0)
454 return 0; /* no MIC */
457 * Check that the protected IE count matches with IEs included in the
468 if (prot_ie_count < 0) {
469 wpa_printf(MSG_DEBUG, "FT: Some required IEs not included in "
470 "the protected IE count");
474 if (prot_ie_count == 0 && parse->ric) {
475 wpa_printf(MSG_DEBUG, "FT: RIC IE(s) in the frame, but not "
476 "included in protected IE count");
480 /* Determine the end of the RIC IE(s) */
482 while (pos && pos + 2 <= end && pos + 2 + pos[1] <= end &&
487 parse->ric_len = pos - parse->ric;
489 wpa_printf(MSG_DEBUG, "FT: %d protected IEs missing from "
490 "frame", (int) prot_ie_count);
498 static int wpa_ft_install_ptk(struct wpa_sm *sm, const u8 *bssid)
502 u8 null_rsc[6] = { 0, 0, 0, 0, 0, 0 };
504 wpa_printf(MSG_DEBUG, "FT: Installing PTK to the driver.");
506 switch (sm->pairwise_cipher) {
507 case WPA_CIPHER_CCMP:
511 case WPA_CIPHER_TKIP:
516 wpa_printf(MSG_WARNING, "FT: Unsupported pairwise cipher %d",
517 sm->pairwise_cipher);
521 if (wpa_sm_set_key(sm, alg, bssid, 0, 1, null_rsc,
522 sizeof(null_rsc), (u8 *) sm->ptk.tk1, keylen) < 0) {
523 wpa_printf(MSG_WARNING, "FT: Failed to set PTK to the driver");
532 * wpa_ft_prepare_auth_request - Generate over-the-air auth request
533 * @sm: Pointer to WPA state machine data from wpa_sm_init()
534 * @mdie: Target AP MDIE
535 * Returns: 0 on success, -1 on failure
537 int wpa_ft_prepare_auth_request(struct wpa_sm *sm, const u8 *mdie)
542 /* Generate a new SNonce */
543 if (os_get_random(sm->snonce, WPA_NONCE_LEN)) {
544 wpa_printf(MSG_INFO, "FT: Failed to generate a new SNonce");
548 ft_ies = wpa_ft_gen_req_ies(sm, &ft_ies_len, NULL, sm->pmk_r0_name,
549 NULL, sm->bssid, NULL, 0, mdie);
551 wpa_sm_update_ft_ies(sm, sm->mobility_domain,
560 int wpa_ft_process_response(struct wpa_sm *sm, const u8 *ies, size_t ies_len,
561 int ft_action, const u8 *target_ap,
562 const u8 *ric_ies, size_t ric_ies_len)
565 size_t ft_ies_len, ptk_len;
566 struct wpa_ft_ies parse;
567 struct rsn_mdie *mdie;
568 struct rsn_ftie *ftie;
569 u8 ptk_name[WPA_PMK_NAME_LEN];
573 wpa_hexdump(MSG_DEBUG, "FT: Response IEs", ies, ies_len);
574 wpa_hexdump(MSG_DEBUG, "FT: RIC IEs", ric_ies, ric_ies_len);
577 if (!sm->over_the_ds_in_progress) {
578 wpa_printf(MSG_DEBUG, "FT: No over-the-DS in progress "
579 "- drop FT Action Response");
583 if (os_memcmp(target_ap, sm->target_ap, ETH_ALEN) != 0) {
584 wpa_printf(MSG_DEBUG, "FT: No over-the-DS in progress "
585 "with this Target AP - drop FT Action "
591 if (sm->key_mgmt != WPA_KEY_MGMT_FT_IEEE8021X &&
592 sm->key_mgmt != WPA_KEY_MGMT_FT_PSK) {
593 wpa_printf(MSG_DEBUG, "FT: Reject FT IEs since FT is not "
594 "enabled for this connection");
598 if (wpa_ft_parse_ies(ies, ies_len, &parse) < 0) {
599 wpa_printf(MSG_DEBUG, "FT: Failed to parse IEs");
603 mdie = (struct rsn_mdie *) parse.mdie;
604 if (mdie == NULL || parse.mdie_len < sizeof(*mdie) ||
605 os_memcmp(mdie->mobility_domain, sm->mobility_domain,
606 MOBILITY_DOMAIN_ID_LEN) != 0) {
607 wpa_printf(MSG_DEBUG, "FT: Invalid MDIE");
611 ftie = (struct rsn_ftie *) parse.ftie;
612 if (ftie == NULL || parse.ftie_len < sizeof(*ftie)) {
613 wpa_printf(MSG_DEBUG, "FT: Invalid FTIE");
617 if (os_memcmp(ftie->snonce, sm->snonce, WPA_NONCE_LEN) != 0) {
618 wpa_printf(MSG_DEBUG, "FT: SNonce mismatch in FTIE");
619 wpa_hexdump(MSG_DEBUG, "FT: Received SNonce",
620 ftie->snonce, WPA_NONCE_LEN);
621 wpa_hexdump(MSG_DEBUG, "FT: Expected SNonce",
622 sm->snonce, WPA_NONCE_LEN);
626 if (parse.r0kh_id == NULL) {
627 wpa_printf(MSG_DEBUG, "FT: No R0KH-ID subelem in FTIE");
631 if (parse.r0kh_id_len != sm->r0kh_id_len ||
632 os_memcmp(parse.r0kh_id, sm->r0kh_id, parse.r0kh_id_len) != 0) {
633 wpa_printf(MSG_DEBUG, "FT: R0KH-ID in FTIE did not match with "
634 "the current R0KH-ID");
635 wpa_hexdump(MSG_DEBUG, "FT: R0KH-ID in FTIE",
636 parse.r0kh_id, parse.r0kh_id_len);
637 wpa_hexdump(MSG_DEBUG, "FT: The current R0KH-ID",
638 sm->r0kh_id, sm->r0kh_id_len);
642 if (parse.r1kh_id == NULL) {
643 wpa_printf(MSG_DEBUG, "FT: No R1KH-ID subelem in FTIE");
647 if (parse.rsn_pmkid == NULL ||
648 os_memcmp(parse.rsn_pmkid, sm->pmk_r0_name, WPA_PMK_NAME_LEN)) {
649 wpa_printf(MSG_DEBUG, "FT: No matching PMKR0Name (PMKID) in "
654 os_memcpy(sm->r1kh_id, parse.r1kh_id, FT_R1KH_ID_LEN);
655 wpa_hexdump(MSG_DEBUG, "FT: R1KH-ID", sm->r1kh_id, FT_R1KH_ID_LEN);
656 wpa_hexdump(MSG_DEBUG, "FT: SNonce", sm->snonce, WPA_NONCE_LEN);
657 wpa_hexdump(MSG_DEBUG, "FT: ANonce", ftie->anonce, WPA_NONCE_LEN);
658 os_memcpy(sm->anonce, ftie->anonce, WPA_NONCE_LEN);
659 wpa_derive_pmk_r1(sm->pmk_r0, sm->pmk_r0_name, sm->r1kh_id,
660 sm->own_addr, sm->pmk_r1, sm->pmk_r1_name);
661 wpa_hexdump_key(MSG_DEBUG, "FT: PMK-R1", sm->pmk_r1, PMK_LEN);
662 wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name",
663 sm->pmk_r1_name, WPA_PMK_NAME_LEN);
666 ptk_len = sm->pairwise_cipher == WPA_CIPHER_CCMP ? 48 : 64;
667 wpa_pmk_r1_to_ptk(sm->pmk_r1, sm->snonce, ftie->anonce, sm->own_addr,
668 bssid, sm->pmk_r1_name,
669 (u8 *) &sm->ptk, ptk_len, ptk_name);
670 wpa_hexdump_key(MSG_DEBUG, "FT: PTK",
671 (u8 *) &sm->ptk, ptk_len);
672 wpa_hexdump(MSG_DEBUG, "FT: PTKName", ptk_name, WPA_PMK_NAME_LEN);
674 ft_ies = wpa_ft_gen_req_ies(sm, &ft_ies_len, ftie->anonce,
675 sm->pmk_r1_name, sm->ptk.kck, bssid,
676 ric_ies, ric_ies_len,
677 parse.mdie ? parse.mdie - 2 : NULL);
679 wpa_sm_update_ft_ies(sm, sm->mobility_domain,
684 wpa_sm_mark_authenticated(sm, bssid);
685 ret = wpa_ft_install_ptk(sm, bssid);
688 * Some drivers do not support key configuration when we are
689 * not associated with the target AP. Work around this by
690 * trying again after the following reassociation gets
693 wpa_printf(MSG_DEBUG, "FT: Failed to set PTK prior to "
694 "association - try again after reassociation");
695 sm->set_ptk_after_assoc = 1;
697 sm->set_ptk_after_assoc = 0;
699 sm->ft_completed = 1;
702 * The caller is expected trigger re-association with the
705 os_memcpy(sm->bssid, target_ap, ETH_ALEN);
712 int wpa_ft_is_completed(struct wpa_sm *sm)
717 if (sm->key_mgmt != WPA_KEY_MGMT_FT_IEEE8021X &&
718 sm->key_mgmt != WPA_KEY_MGMT_FT_PSK)
721 return sm->ft_completed;
725 static int wpa_ft_process_gtk_subelem(struct wpa_sm *sm, const u8 *gtk_elem,
731 size_t gtk_len, keylen, rsc_len;
733 if (gtk_elem == NULL) {
734 wpa_printf(MSG_DEBUG, "FT: No GTK included in FTIE");
738 wpa_hexdump_key(MSG_DEBUG, "FT: Received GTK in Reassoc Resp",
739 gtk_elem, gtk_elem_len);
741 if (gtk_elem_len < 11 + 24 || (gtk_elem_len - 11) % 8 ||
742 gtk_elem_len - 19 > sizeof(gtk)) {
743 wpa_printf(MSG_DEBUG, "FT: Invalid GTK sub-elem "
744 "length %lu", (unsigned long) gtk_elem_len);
747 gtk_len = gtk_elem_len - 19;
748 if (aes_unwrap(sm->ptk.kek, gtk_len / 8, gtk_elem + 11, gtk)) {
749 wpa_printf(MSG_WARNING, "FT: AES unwrap failed - could not "
754 switch (sm->group_cipher) {
755 case WPA_CIPHER_CCMP:
760 case WPA_CIPHER_TKIP:
765 case WPA_CIPHER_WEP104:
770 case WPA_CIPHER_WEP40:
776 wpa_printf(MSG_WARNING, "WPA: Unsupported Group Cipher %d",
781 if (gtk_len < keylen) {
782 wpa_printf(MSG_DEBUG, "FT: Too short GTK in FTIE");
786 /* Key Info[2] | Key Length[1] | RSC[8] | Key[5..32]. */
788 keyidx = WPA_GET_LE16(gtk_elem) & 0x03;
790 if (gtk_elem[2] != keylen) {
791 wpa_printf(MSG_DEBUG, "FT: GTK length mismatch: received %d "
793 gtk_elem[2], (unsigned long) keylen);
797 wpa_hexdump_key(MSG_DEBUG, "FT: GTK from Reassoc Resp", gtk, keylen);
798 if (wpa_sm_set_key(sm, alg, (u8 *) "\xff\xff\xff\xff\xff\xff",
799 keyidx, 0, gtk_elem + 3, rsc_len, gtk, keylen) <
801 wpa_printf(MSG_WARNING, "WPA: Failed to set GTK to the "
810 #ifdef CONFIG_IEEE80211W
811 static int wpa_ft_process_igtk_subelem(struct wpa_sm *sm, const u8 *igtk_elem,
812 size_t igtk_elem_len)
814 u8 igtk[WPA_IGTK_LEN];
817 if (sm->mgmt_group_cipher != WPA_CIPHER_AES_128_CMAC)
820 if (igtk_elem == NULL) {
821 wpa_printf(MSG_DEBUG, "FT: No IGTK included in FTIE");
825 wpa_hexdump_key(MSG_DEBUG, "FT: Received IGTK in Reassoc Resp",
826 igtk_elem, igtk_elem_len);
828 if (igtk_elem_len != 2 + 6 + 1 + WPA_IGTK_LEN + 8) {
829 wpa_printf(MSG_DEBUG, "FT: Invalid IGTK sub-elem "
830 "length %lu", (unsigned long) igtk_elem_len);
833 if (igtk_elem[8] != WPA_IGTK_LEN) {
834 wpa_printf(MSG_DEBUG, "FT: Invalid IGTK sub-elem Key Length "
839 if (aes_unwrap(sm->ptk.kek, WPA_IGTK_LEN / 8, igtk_elem + 9, igtk)) {
840 wpa_printf(MSG_WARNING, "FT: AES unwrap failed - could not "
845 /* KeyID[2] | IPN[6] | Key Length[1] | Key[16+8] */
847 keyidx = WPA_GET_LE16(igtk_elem);
849 wpa_hexdump_key(MSG_DEBUG, "FT: IGTK from Reassoc Resp", igtk,
851 if (wpa_sm_set_key(sm, WPA_ALG_IGTK, (u8 *) "\xff\xff\xff\xff\xff\xff",
852 keyidx, 0, igtk_elem + 2, 6, igtk, WPA_IGTK_LEN) <
854 wpa_printf(MSG_WARNING, "WPA: Failed to set IGTK to the "
861 #endif /* CONFIG_IEEE80211W */
864 int wpa_ft_validate_reassoc_resp(struct wpa_sm *sm, const u8 *ies,
865 size_t ies_len, const u8 *src_addr)
867 struct wpa_ft_ies parse;
868 struct rsn_mdie *mdie;
869 struct rsn_ftie *ftie;
873 wpa_hexdump(MSG_DEBUG, "FT: Response IEs", ies, ies_len);
875 if (sm->key_mgmt != WPA_KEY_MGMT_FT_IEEE8021X &&
876 sm->key_mgmt != WPA_KEY_MGMT_FT_PSK) {
877 wpa_printf(MSG_DEBUG, "FT: Reject FT IEs since FT is not "
878 "enabled for this connection");
882 if (wpa_ft_parse_ies(ies, ies_len, &parse) < 0) {
883 wpa_printf(MSG_DEBUG, "FT: Failed to parse IEs");
887 mdie = (struct rsn_mdie *) parse.mdie;
888 if (mdie == NULL || parse.mdie_len < sizeof(*mdie) ||
889 os_memcmp(mdie->mobility_domain, sm->mobility_domain,
890 MOBILITY_DOMAIN_ID_LEN) != 0) {
891 wpa_printf(MSG_DEBUG, "FT: Invalid MDIE");
895 ftie = (struct rsn_ftie *) parse.ftie;
896 if (ftie == NULL || parse.ftie_len < sizeof(*ftie)) {
897 wpa_printf(MSG_DEBUG, "FT: Invalid FTIE");
901 if (os_memcmp(ftie->snonce, sm->snonce, WPA_NONCE_LEN) != 0) {
902 wpa_printf(MSG_DEBUG, "FT: SNonce mismatch in FTIE");
903 wpa_hexdump(MSG_DEBUG, "FT: Received SNonce",
904 ftie->snonce, WPA_NONCE_LEN);
905 wpa_hexdump(MSG_DEBUG, "FT: Expected SNonce",
906 sm->snonce, WPA_NONCE_LEN);
910 if (os_memcmp(ftie->anonce, sm->anonce, WPA_NONCE_LEN) != 0) {
911 wpa_printf(MSG_DEBUG, "FT: ANonce mismatch in FTIE");
912 wpa_hexdump(MSG_DEBUG, "FT: Received ANonce",
913 ftie->anonce, WPA_NONCE_LEN);
914 wpa_hexdump(MSG_DEBUG, "FT: Expected ANonce",
915 sm->anonce, WPA_NONCE_LEN);
919 if (parse.r0kh_id == NULL) {
920 wpa_printf(MSG_DEBUG, "FT: No R0KH-ID subelem in FTIE");
924 if (parse.r0kh_id_len != sm->r0kh_id_len ||
925 os_memcmp(parse.r0kh_id, sm->r0kh_id, parse.r0kh_id_len) != 0) {
926 wpa_printf(MSG_DEBUG, "FT: R0KH-ID in FTIE did not match with "
927 "the current R0KH-ID");
928 wpa_hexdump(MSG_DEBUG, "FT: R0KH-ID in FTIE",
929 parse.r0kh_id, parse.r0kh_id_len);
930 wpa_hexdump(MSG_DEBUG, "FT: The current R0KH-ID",
931 sm->r0kh_id, sm->r0kh_id_len);
935 if (parse.r1kh_id == NULL) {
936 wpa_printf(MSG_DEBUG, "FT: No R1KH-ID subelem in FTIE");
940 if (os_memcmp(parse.r1kh_id, sm->r1kh_id, FT_R1KH_ID_LEN) != 0) {
941 wpa_printf(MSG_DEBUG, "FT: Unknown R1KH-ID used in "
946 if (parse.rsn_pmkid == NULL ||
947 os_memcmp(parse.rsn_pmkid, sm->pmk_r1_name, WPA_PMK_NAME_LEN)) {
948 wpa_printf(MSG_DEBUG, "FT: No matching PMKR1Name (PMKID) in "
949 "RSNIE (pmkid=%d)", !!parse.rsn_pmkid);
956 if (ftie->mic_control[1] != count) {
957 wpa_printf(MSG_DEBUG, "FT: Unexpected IE count in MIC "
958 "Control: received %u expected %u",
959 ftie->mic_control[1], count);
963 if (wpa_ft_mic(sm->ptk.kck, sm->own_addr, src_addr, 6,
964 parse.mdie - 2, parse.mdie_len + 2,
965 parse.ftie - 2, parse.ftie_len + 2,
966 parse.rsn - 2, parse.rsn_len + 2,
967 parse.ric, parse.ric_len,
969 wpa_printf(MSG_DEBUG, "FT: Failed to calculate MIC");
973 if (os_memcmp(mic, ftie->mic, 16) != 0) {
974 wpa_printf(MSG_DEBUG, "FT: Invalid MIC in FTIE");
975 wpa_hexdump(MSG_MSGDUMP, "FT: Received MIC", ftie->mic, 16);
976 wpa_hexdump(MSG_MSGDUMP, "FT: Calculated MIC", mic, 16);
980 if (wpa_ft_process_gtk_subelem(sm, parse.gtk, parse.gtk_len) < 0)
983 #ifdef CONFIG_IEEE80211W
984 if (wpa_ft_process_igtk_subelem(sm, parse.igtk, parse.igtk_len) < 0)
986 #endif /* CONFIG_IEEE80211W */
988 if (sm->set_ptk_after_assoc) {
989 wpa_printf(MSG_DEBUG, "FT: Try to set PTK again now that we "
991 if (wpa_ft_install_ptk(sm, src_addr) < 0)
993 sm->set_ptk_after_assoc = 0;
997 wpa_hexdump(MSG_MSGDUMP, "FT: RIC Response",
998 parse.ric, parse.ric_len);
999 /* TODO: parse response and inform driver about results */
1007 * wpa_ft_start_over_ds - Generate over-the-DS auth request
1008 * @sm: Pointer to WPA state machine data from wpa_sm_init()
1009 * @target_ap: Target AP Address
1010 * @mdie: Mobility Domain IE from the target AP
1011 * Returns: 0 on success, -1 on failure
1013 int wpa_ft_start_over_ds(struct wpa_sm *sm, const u8 *target_ap,
1019 wpa_printf(MSG_DEBUG, "FT: Request over-the-DS with " MACSTR,
1020 MAC2STR(target_ap));
1022 /* Generate a new SNonce */
1023 if (os_get_random(sm->snonce, WPA_NONCE_LEN)) {
1024 wpa_printf(MSG_INFO, "FT: Failed to generate a new SNonce");
1028 ft_ies = wpa_ft_gen_req_ies(sm, &ft_ies_len, NULL, sm->pmk_r0_name,
1029 NULL, target_ap, NULL, 0, mdie);
1031 sm->over_the_ds_in_progress = 1;
1032 os_memcpy(sm->target_ap, target_ap, ETH_ALEN);
1033 wpa_sm_send_ft_action(sm, 1, target_ap, ft_ies, ft_ies_len);
1040 #endif /* CONFIG_IEEE80211R */