automake build system

[mech_eap.orig] / src / ap / wpa_auth_ft.c

diff --git a/src/ap/wpa_auth_ft.c b/src/ap/wpa_auth_ft.c
index 11bb88a..c9871d9 100644 (file)
--- a/src/ap/wpa_auth_ft.c
+++ b/src/ap/wpa_auth_ft.c
@@ -55,6 +55,7 @@ static int wpa_ft_rrb_send(struct wpa_authenticator *wpa_auth, const u8 *dst,
 {
        if (wpa_auth->cb.send_ether == NULL)
                return -1;
+       wpa_printf(MSG_DEBUG, "FT: RRB send to " MACSTR, MAC2STR(dst));
        return wpa_auth->cb.send_ether(wpa_auth->cb.ctx, dst, ETH_P_RRB,
                                       data, data_len);
 }
@@ -97,11 +98,11 @@ int wpa_write_mdie(struct wpa_auth_config *conf, u8 *buf, size_t len)
 }
 
 
-static int wpa_write_ftie(struct wpa_auth_config *conf, const u8 *r0kh_id,
-                         size_t r0kh_id_len,
-                         const u8 *anonce, const u8 *snonce,
-                         u8 *buf, size_t len, const u8 *subelem,
-                         size_t subelem_len)
+int wpa_write_ftie(struct wpa_auth_config *conf, const u8 *r0kh_id,
+                  size_t r0kh_id_len,
+                  const u8 *anonce, const u8 *snonce,
+                  u8 *buf, size_t len, const u8 *subelem,
+                  size_t subelem_len)
 {
        u8 *pos = buf, *ielen;
        struct rsn_ftie *hdr;
@@ -356,7 +357,7 @@ int wpa_auth_derive_ptk_ft(struct wpa_state_machine *sm, const u8 *pmk,
                           struct wpa_ptk *ptk, size_t ptk_len)
 {
        u8 pmk_r0[PMK_LEN], pmk_r0_name[WPA_PMK_NAME_LEN];
-       u8 pmk_r1[PMK_LEN], pmk_r1_name[WPA_PMK_NAME_LEN];
+       u8 pmk_r1[PMK_LEN];
        u8 ptk_name[WPA_PMK_NAME_LEN];
        const u8 *mdid = sm->wpa_auth->conf.mobility_domain;
        const u8 *r0kh = sm->wpa_auth->conf.r0_key_holder;
@@ -380,14 +381,15 @@ int wpa_auth_derive_ptk_ft(struct wpa_state_machine *sm, const u8 *pmk,
                            sm->pairwise);
 
        wpa_derive_pmk_r1(pmk_r0, pmk_r0_name, r1kh, sm->addr,
-                         pmk_r1, pmk_r1_name);
+                         pmk_r1, sm->pmk_r1_name);
        wpa_hexdump_key(MSG_DEBUG, "FT: PMK-R1", pmk_r1, PMK_LEN);
-       wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name", pmk_r1_name, WPA_PMK_NAME_LEN);
-       wpa_ft_store_pmk_r1(sm->wpa_auth, sm->addr, pmk_r1, pmk_r1_name,
+       wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name", sm->pmk_r1_name,
+                   WPA_PMK_NAME_LEN);
+       wpa_ft_store_pmk_r1(sm->wpa_auth, sm->addr, pmk_r1, sm->pmk_r1_name,
                            sm->pairwise);
 
        wpa_pmk_r1_to_ptk(pmk_r1, sm->SNonce, sm->ANonce, sm->addr,
-                         sm->wpa_auth->addr, pmk_r1_name,
+                         sm->wpa_auth->addr, sm->pmk_r1_name,
                          (u8 *) ptk, ptk_len, ptk_name);
        wpa_hexdump_key(MSG_DEBUG, "FT: PTK", (u8 *) ptk, ptk_len);
        wpa_hexdump(MSG_DEBUG, "FT: PTKName", ptk_name, WPA_PMK_NAME_LEN);
@@ -437,20 +439,21 @@ static u8 * wpa_ft_gtk_subelem(struct wpa_state_machine *sm, size_t *len)
                key = gsm->GTK[gsm->GN - 1];
 
        /*
-        * Sub-elem ID[1] | Length[1] | Key Info[1] | Key Length[1] | RSC[8] |
+        * Sub-elem ID[1] | Length[1] | Key Info[2] | Key Length[1] | RSC[8] |
         * Key[5..32].
         */
-       subelem_len = 12 + key_len + 8;
+       subelem_len = 13 + key_len + 8;
        subelem = os_zalloc(subelem_len);
        if (subelem == NULL)
                return NULL;
 
        subelem[0] = FTIE_SUBELEM_GTK;
-       subelem[1] = 10 + key_len + 8;
-       subelem[2] = gsm->GN & 0x03; /* Key ID in B0-B1 of Key Info */
-       subelem[3] = gsm->GTK_len;
-       wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN, subelem + 4);
-       if (aes_wrap(sm->PTK.kek, key_len / 8, key, subelem + 12)) {
+       subelem[1] = 11 + key_len + 8;
+       /* Key ID in B0-B1 of Key Info */
+       WPA_PUT_LE16(&subelem[2], gsm->GN & 0x03);
+       subelem[4] = gsm->GTK_len;
+       wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN, subelem + 5);
+       if (aes_wrap(sm->PTK.kek, key_len / 8, key, subelem + 13)) {
                os_free(subelem);
                return NULL;
        }
@@ -605,13 +608,14 @@ u8 * wpa_sm_write_assoc_resp_ies(struct wpa_state_machine *sm, u8 *pos,
                                 size_t max_len, int auth_alg,
                                 const u8 *req_ies, size_t req_ies_len)
 {
-       u8 *end, *mdie, *ftie, *rsnie, *r0kh_id, *subelem = NULL;
-       size_t mdie_len, ftie_len, rsnie_len, r0kh_id_len, subelem_len = 0;
+       u8 *end, *mdie, *ftie, *rsnie = NULL, *r0kh_id, *subelem = NULL;
+       size_t mdie_len, ftie_len, rsnie_len = 0, r0kh_id_len, subelem_len = 0;
        int res;
        struct wpa_auth_config *conf;
        struct rsn_ftie *_ftie;
        struct wpa_ft_ies parse;
        u8 *ric_start;
+       u8 *anonce, *snonce;
 
        if (sm == NULL)
                return pos;
@@ -624,13 +628,18 @@ u8 * wpa_sm_write_assoc_resp_ies(struct wpa_state_machine *sm, u8 *pos,
 
        end = pos + max_len;
 
-       /* RSN */
-       res = wpa_write_rsn_ie(conf, pos, end - pos, sm->pmk_r1_name);
-       if (res < 0)
-               return pos;
-       rsnie = pos;
-       rsnie_len = res;
-       pos += res;
+       if (auth_alg == WLAN_AUTH_FT) {
+               /*
+                * RSN (only present if this is a Reassociation Response and
+                * part of a fast BSS transition)
+                */
+               res = wpa_write_rsn_ie(conf, pos, end - pos, sm->pmk_r1_name);
+               if (res < 0)
+                       return pos;
+               rsnie = pos;
+               rsnie_len = res;
+               pos += res;
+       }
 
        /* Mobility Domain Information */
        res = wpa_write_mdie(conf, pos, end - pos);
@@ -645,6 +654,8 @@ u8 * wpa_sm_write_assoc_resp_ies(struct wpa_state_machine *sm, u8 *pos,
                subelem = wpa_ft_gtk_subelem(sm, &subelem_len);
                r0kh_id = sm->r0kh_id;
                r0kh_id_len = sm->r0kh_id_len;
+               anonce = sm->ANonce;
+               snonce = sm->SNonce;
 #ifdef CONFIG_IEEE80211W
                if (sm->mgmt_frame_prot) {
                        u8 *igtk;
@@ -670,8 +681,10 @@ u8 * wpa_sm_write_assoc_resp_ies(struct wpa_state_machine *sm, u8 *pos,
        } else {
                r0kh_id = conf->r0_key_holder;
                r0kh_id_len = conf->r0_key_holder_len;
+               anonce = NULL;
+               snonce = NULL;
        }
-       res = wpa_write_ftie(conf, r0kh_id, r0kh_id_len, NULL, NULL, pos,
+       res = wpa_write_ftie(conf, r0kh_id, r0kh_id_len, anonce, snonce, pos,
                             end - pos, subelem, subelem_len);
        os_free(subelem);
        if (res < 0)
@@ -680,19 +693,28 @@ u8 * wpa_sm_write_assoc_resp_ies(struct wpa_state_machine *sm, u8 *pos,
        ftie_len = res;
        pos += res;
 
+       os_free(sm->assoc_resp_ftie);
+       sm->assoc_resp_ftie = os_malloc(ftie_len);
+       if (sm->assoc_resp_ftie)
+               os_memcpy(sm->assoc_resp_ftie, ftie, ftie_len);
+
        _ftie = (struct rsn_ftie *) (ftie + 2);
-       _ftie->mic_control[1] = 3; /* Information element count */
+       if (auth_alg == WLAN_AUTH_FT)
+               _ftie->mic_control[1] = 3; /* Information element count */
 
        ric_start = pos;
        if (wpa_ft_parse_ies(req_ies, req_ies_len, &parse) == 0 && parse.ric) {
                pos = wpa_ft_process_ric(pos, end, parse.ric, parse.ric_len);
-               _ftie->mic_control[1] += ieee802_11_ie_count(ric_start,
-                                                            pos - ric_start);
+               if (auth_alg == WLAN_AUTH_FT)
+                       _ftie->mic_control[1] +=
+                               ieee802_11_ie_count(ric_start,
+                                                   pos - ric_start);
        }
        if (ric_start == pos)
                ric_start = NULL;
 
-       if (wpa_ft_mic(sm->PTK.kck, sm->addr, sm->wpa_auth->addr, 6,
+       if (auth_alg == WLAN_AUTH_FT &&
+           wpa_ft_mic(sm->PTK.kck, sm->addr, sm->wpa_auth->addr, 6,
                       mdie, mdie_len, ftie, ftie_len,
                       rsnie, rsnie_len,
                       ric_start, ric_start ? pos - ric_start : 0,
@@ -1078,6 +1100,7 @@ u16 wpa_ft_validate_reassoc(struct wpa_state_machine *sm, const u8 *ies,
        struct rsn_mdie *mdie;
        struct rsn_ftie *ftie;
        u8 mic[16];
+       unsigned int count;
 
        if (sm == NULL)
                return WLAN_STATUS_UNSPECIFIED_FAILURE;
@@ -1121,6 +1144,74 @@ u16 wpa_ft_validate_reassoc(struct wpa_state_machine *sm, const u8 *ies,
                return WLAN_STATUS_INVALID_FTIE;
        }
 
+       if (os_memcmp(ftie->snonce, sm->SNonce, WPA_NONCE_LEN) != 0) {
+               wpa_printf(MSG_DEBUG, "FT: SNonce mismatch in FTIE");
+               wpa_hexdump(MSG_DEBUG, "FT: Received SNonce",
+                           ftie->snonce, WPA_NONCE_LEN);
+               wpa_hexdump(MSG_DEBUG, "FT: Expected SNonce",
+                           sm->SNonce, WPA_NONCE_LEN);
+               return -1;
+       }
+
+       if (os_memcmp(ftie->anonce, sm->ANonce, WPA_NONCE_LEN) != 0) {
+               wpa_printf(MSG_DEBUG, "FT: ANonce mismatch in FTIE");
+               wpa_hexdump(MSG_DEBUG, "FT: Received ANonce",
+                           ftie->anonce, WPA_NONCE_LEN);
+               wpa_hexdump(MSG_DEBUG, "FT: Expected ANonce",
+                           sm->ANonce, WPA_NONCE_LEN);
+               return -1;
+       }
+
+
+       if (parse.r0kh_id == NULL) {
+               wpa_printf(MSG_DEBUG, "FT: No R0KH-ID subelem in FTIE");
+               return -1;
+       }
+
+       if (parse.r0kh_id_len != sm->r0kh_id_len ||
+           os_memcmp(parse.r0kh_id, sm->r0kh_id, parse.r0kh_id_len) != 0) {
+               wpa_printf(MSG_DEBUG, "FT: R0KH-ID in FTIE did not match with "
+                          "the current R0KH-ID");
+               wpa_hexdump(MSG_DEBUG, "FT: R0KH-ID in FTIE",
+                           parse.r0kh_id, parse.r0kh_id_len);
+               wpa_hexdump(MSG_DEBUG, "FT: The current R0KH-ID",
+                           sm->r0kh_id, sm->r0kh_id_len);
+               return -1;
+       }
+
+       if (parse.r1kh_id == NULL) {
+               wpa_printf(MSG_DEBUG, "FT: No R1KH-ID subelem in FTIE");
+               return -1;
+       }
+
+       if (os_memcmp(parse.r1kh_id, sm->wpa_auth->conf.r1_key_holder,
+                     FT_R1KH_ID_LEN) != 0) {
+               wpa_printf(MSG_DEBUG, "FT: Unknown R1KH-ID used in "
+                          "ReassocReq");
+               wpa_hexdump(MSG_DEBUG, "FT: R1KH-ID in FTIE",
+                           parse.r1kh_id, FT_R1KH_ID_LEN);
+               wpa_hexdump(MSG_DEBUG, "FT: Expected R1KH-ID",
+                           sm->wpa_auth->conf.r1_key_holder, FT_R1KH_ID_LEN);
+               return -1;
+       }
+
+       if (parse.rsn_pmkid == NULL ||
+           os_memcmp(parse.rsn_pmkid, sm->pmk_r1_name, WPA_PMK_NAME_LEN)) {
+               wpa_printf(MSG_DEBUG, "FT: No matching PMKR1Name (PMKID) in "
+                          "RSNIE (pmkid=%d)", !!parse.rsn_pmkid);
+               return -1;
+       }
+
+       count = 3;
+       if (parse.ric)
+               count++;
+       if (ftie->mic_control[1] != count) {
+               wpa_printf(MSG_DEBUG, "FT: Unexpected IE count in MIC "
+                          "Control: received %u expected %u",
+                          ftie->mic_control[1], count);
+               return -1;
+       }
+
        if (wpa_ft_mic(sm->PTK.kck, sm->addr, sm->wpa_auth->addr, 5,
                       parse.mdie - 2, parse.mdie_len + 2,
                       parse.ftie - 2, parse.ftie_len + 2,
@@ -1227,7 +1318,6 @@ static int wpa_ft_rrb_rx_request(struct wpa_authenticator *wpa_auth,
                           "RRB Request");
                return -1;
        }
-       sm->ft_over_ds = 1;
 
        wpa_hexdump(MSG_MSGDUMP, "FT: RRB Request Frame body", body, len);
 
@@ -1342,7 +1432,7 @@ static int wpa_ft_rrb_rx_pull(struct wpa_authenticator *wpa_auth,
        wpa_hexdump_key(MSG_DEBUG, "FT: PMK-R1", r.pmk_r1, PMK_LEN);
        wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name", r.pmk_r1_name,
                    WPA_PMK_NAME_LEN);
-       r.pairwise = pairwise;
+       r.pairwise = host_to_le16(pairwise);
 
        if (aes_wrap(r1kh->key, (FT_R0KH_R1KH_RESP_DATA_LEN + 7) / 8,
                     r.nonce, resp.nonce) < 0) {
@@ -1645,7 +1735,7 @@ static void wpa_ft_generate_pmk_r1(struct wpa_authenticator *wpa_auth,
                    WPA_PMK_NAME_LEN);
        os_get_time(&now);
        WPA_PUT_LE32(f.timestamp, now.sec);
-       f.pairwise = pairwise;
+       f.pairwise = host_to_le16(pairwise);
        if (aes_wrap(r1kh->key, (FT_R0KH_R1KH_PUSH_DATA_LEN + 7) / 8,
                     f.timestamp, frame.timestamp) < 0)
                return;